From: "HParker (Adam Hess) via ruby-core" Date: 2023-11-08T06:55:47+00:00 Subject: [ruby-core:115305] [Ruby master Bug#19992] Seemingly GC causes double free for regparse Issue #19992 has been updated by HParker (Adam Hess). Updated! let me know how it looks. I just used the reproduction script directly as the test. ---------------------------------------- Bug #19992: Seemingly GC causes double free for regparse https://bugs.ruby-lang.org/issues/19992#change-105222 * Author: mtasaka (Mamoru Tasaka) * Status: Open * Priority: Normal * ruby -v: ruby 3.3.0dev (2023-11-07 master ced84beb25) [x86_64-linux] * Backport: 3.0: UNKNOWN, 3.1: UNKNOWN, 3.2: UNKNOWN ---------------------------------------- Using ruby3.3.0dev (now I've tried commit:ced84beb2518d173988bb92c6d96aa854a35abe6 ), trying to execute rubygem-addressable 2.8.5 ( https://github.com/sporkmonger/addressable/releases/tag/addressable-2.8.5 ) testsuite causes ruby segfault: ``` $ LC_ALL=C.UTF-8 rspec -I. spec/ Could not load native IDN implementation. ........................................................................................................................................................................................................................................................................................................................................................................./usr/share/gems/gems/rspec-core-3.12.2/lib/rspec/core/example_group.rb:530: [BUG] Segmentation fault at 0x00005618a54262ba ruby 3.3.0dev (2023-11-07 master ced84beb25) [x86_64-linux] -- Control frame information ----------------------------------------------- c:0022 p:0009 s:0108 e:000107 METHOD /usr/share/gems/gems/rspec-core-3.12.2/lib/rspec/core/example_group.rb:530 c:0021 p:0004 s:0104 e:000102 BLOCK /usr/share/gems/gems/rspec-core-3.12.2/lib/rspec/core/example_group.rb:536 c:0020 p:0015 s:0099 e:000098 BLOCK /usr/share/gems/gems/rspec-core-3.12.2/lib/rspec/core/example_group.rb:702 [FINISH] c:0019 p:---- s:0095 e:000094 CFUNC :each c:0018 p:0007 s:0091 e:000090 METHOD /usr/share/gems/gems/rspec-core-3.12.2/lib/rspec/core/example_group.rb:701 c:0017 p:0006 s:0086 e:000085 METHOD /usr/share/gems/gems/rspec-core-3.12.2/lib/rspec/core/example_group.rb:535 c:0016 p:0026 s:0081 e:000079 METHOD /usr/share/gems/gems/rspec-core-3.12.2/lib/rspec/core/example_group.rb:556 c:0015 p:0046 s:0075 e:000074 METHOD /usr/share/gems/gems/rspec-core-3.12.2/lib/rspec/core/example_group.rb:606 c:0014 p:0007 s:0066 e:000065 BLOCK /usr/share/gems/gems/rspec-core-3.12.2/lib/rspec/core/runner.rb:121 [FINISH] c:0013 p:---- s:0062 e:000061 CFUNC :map c:0012 p:0030 s:0058 e:000057 BLOCK /usr/share/gems/gems/rspec-core-3.12.2/lib/rspec/core/runner.rb:121 c:0011 p:0026 s:0055 e:000054 METHOD /usr/share/gems/gems/rspec-core-3.12.2/lib/rspec/core/configuration.rb:2070 c:0010 p:0007 s:0051 e:000050 BLOCK /usr/share/gems/gems/rspec-core-3.12.2/lib/rspec/core/runner.rb:116 c:0009 p:0009 s:0047 e:000046 METHOD /usr/share/gems/gems/rspec-core-3.12.2/lib/rspec/core/reporter.rb:74 c:0008 p:0019 s:0042 e:000041 METHOD /usr/share/gems/gems/rspec-core-3.12.2/lib/rspec/core/runner.rb:115 c:0007 p:0035 s:0035 e:000034 METHOD /usr/share/gems/gems/rspec-core-3.12.2/lib/rspec/core/runner.rb:89 c:0006 p:0058 s:0029 e:000028 METHOD /usr/share/gems/gems/rspec-core-3.12.2/lib/rspec/core/runner.rb:71 c:0005 p:0013 s:0021 e:000020 METHOD /usr/share/gems/gems/rspec-core-3.12.2/lib/rspec/core/runner.rb:45 c:0004 p:0010 s:0016 e:000015 TOP /usr/share/gems/gems/rspec-core-3.12.2/exe/rspec:4 [FINISH] c:0003 p:---- s:0013 e:000012 CFUNC :load c:0002 p:0078 s:0008 E:001e80 EVAL /usr/bin/rspec:25 [FINISH] c:0001 p:0000 s:0003 E:000730 DUMMY [FINISH] -- Ruby level backtrace information ---------------------------------------- /usr/bin/rspec:25:in `
' /usr/bin/rspec:25:in `load' /usr/share/gems/gems/rspec-core-3.12.2/exe/rspec:4:in `' /usr/share/gems/gems/rspec-core-3.12.2/lib/rspec/core/runner.rb:45:in `invoke' /usr/share/gems/gems/rspec-core-3.12.2/lib/rspec/core/runner.rb:71:in `run' /usr/share/gems/gems/rspec-core-3.12.2/lib/rspec/core/runner.rb:89:in `run' /usr/share/gems/gems/rspec-core-3.12.2/lib/rspec/core/runner.rb:115:in `run_specs' /usr/share/gems/gems/rspec-core-3.12.2/lib/rspec/core/reporter.rb:74:in `report' /usr/share/gems/gems/rspec-core-3.12.2/lib/rspec/core/runner.rb:116:in `block in run_specs' /usr/share/gems/gems/rspec-core-3.12.2/lib/rspec/core/configuration.rb:2070:in `with_suite_hooks' /usr/share/gems/gems/rspec-core-3.12.2/lib/rspec/core/runner.rb:121:in `block (2 levels) in run_specs' /usr/share/gems/gems/rspec-core-3.12.2/lib/rspec/core/runner.rb:121:in `map' /usr/share/gems/gems/rspec-core-3.12.2/lib/rspec/core/runner.rb:121:in `block (3 levels) in run_specs' /usr/share/gems/gems/rspec-core-3.12.2/lib/rspec/core/example_group.rb:606:in `run' /usr/share/gems/gems/rspec-core-3.12.2/lib/rspec/core/example_group.rb:556:in `run_before_context_hooks' /usr/share/gems/gems/rspec-core-3.12.2/lib/rspec/core/example_group.rb:535:in `store_before_context_ivars' /usr/share/gems/gems/rspec-core-3.12.2/lib/rspec/core/example_group.rb:701:in `each_instance_variable_for_example' /usr/share/gems/gems/rspec-core-3.12.2/lib/rspec/core/example_group.rb:701:in `each' /usr/share/gems/gems/rspec-core-3.12.2/lib/rspec/core/example_group.rb:702:in `block in each_instance_variable_for_example' /usr/share/gems/gems/rspec-core-3.12.2/lib/rspec/core/example_group.rb:536:in `block in store_before_context_ivars' /usr/share/gems/gems/rspec-core-3.12.2/lib/rspec/core/example_group.rb:530:in `before_context_ivars' -- Threading information --------------------------------------------------- Total ractor count: 1 Ruby thread count for this ractor: 2 -- Machine register context ------------------------------------------------ RIP: 0x00007fe976ebc8e5 RBP: 0x00007ffd7d6c5e80 RSP: 0x00007ffd7d6c5e50 RAX: 0x00007fe9771d5720 RBX: 0xffffffffffffff18 RCX: 0x0000000000000000 RDX: 0x0000000000000000 RDI: 0x00005618a54262c2 RSI: 0x0000561dc49e21a0 R8: 0x0000000561dc49e2 R9: 0x0000000000000007 R10: 0x0000561dc49e2b60 R11: 0x0000000000000000 R12: 0x0000561dc49e21d0 R13: 0x00005618a54262b2 R14: 0x0000000000000001 R15: 0x0000561dc49e2090 EFL: 0x0000000000010206 -- C level backtrace information ------------------------------------------- /lib64/libruby.so.3.3(rb_print_backtrace+0x21) [0x7fe9772750a1] /usr/src/debug/ruby-3.3.0~20231107.1312gitced84beb25-183.fc40.283.x86_64/vm_dump.c:812 /lib64/libruby.so.3.3(rb_vm_bugreport+0x9aa) [0x7fe977277f2a] /usr/src/debug/ruby-3.3.0~20231107.1312gitced84beb25-183.fc40.283.x86_64/vm_dump.c:1143 /lib64/libruby.so.3.3(rb_bug_for_fatal_signal+0x110) [0x7fe9770d4420] /usr/src/debug/ruby-3.3.0~20231107.1312gitced84beb25-183.fc40.283.x86_64/error.c:1065 /lib64/libruby.so.3.3(sigsegv+0x56) [0x7fe9771ec576] /usr/src/debug/ruby-3.3.0~20231107.1312gitced84beb25-183.fc40.283.x86_64/signal.c:920 /lib64/libc.so.6(__restore_rt+0x0) [0x7fe976e5b990] /lib64/libc.so.6(free+0x25) [0x7fe976ebc8e5] /lib64/libruby.so.3.3(i_free_name_entry+0x19) [0x7fe9771d5739] /usr/src/debug/ruby-3.3.0~20231107.1312gitced84beb25-183.fc40.283.x86_64/regparse.c:521 /lib64/libruby.so.3.3(rb_st_foreach+0x85) [0x7fe9771eddd5] /usr/src/debug/ruby-3.3.0~20231107.1312gitced84beb25-183.fc40.283.x86_64/hash.c:870 /lib64/libruby.so.3.3(onig_names_free+0x27) [0x7fe9771da0c7] /usr/src/debug/ruby-3.3.0~20231107.1312gitced84beb25-183.fc40.283.x86_64/regparse.c:534 /lib64/libruby.so.3.3(onig_free+0x1a) [0x7fe9771cb86a] /usr/src/debug/ruby-3.3.0~20231107.1312gitced84beb25-183.fc40.283.x86_64/regcomp.c:5682 /lib64/libruby.so.3.3(obj_free.lto_priv.0+0x3d2) [0x7fe9770ec122] /usr/src/debug/ruby-3.3.0~20231107.1312gitced84beb25-183.fc40.283.x86_64/gc.c:3611 /lib64/libruby.so.3.3(gc_sweep_page.constprop.0+0x168) [0x7fe9772e9058] /usr/src/debug/ruby-3.3.0~20231107.1312gitced84beb25-183.fc40.283.x86_64/gc.c:5538 /lib64/libruby.so.3.3(gc_sweep_step.lto_priv.0+0xf3) [0x7fe9770ea023] /usr/src/debug/ruby-3.3.0~20231107.1312gitced84beb25-183.fc40.283.x86_64/gc.c:5905 /lib64/libruby.so.3.3(gc_continue+0x34b) [0x7fe9770f249b] /usr/src/debug/ruby-3.3.0~20231107.1312gitced84beb25-183.fc40.283.x86_64/gc.c:5977 /lib64/libruby.so.3.3(newobj_alloc+0x2de) [0x7fe9770f28be] /usr/src/debug/ruby-3.3.0~20231107.1312gitced84beb25-183.fc40.283.x86_64/gc.c:2500 /lib64/libruby.so.3.3(rb_wb_protected_newobj_of+0x74) [0x7fe9770f31a4] /usr/src/debug/ruby-3.3.0~20231107.1312gitced84beb25-183.fc40.283.x86_64/gc.c:2919 /lib64/libruby.so.3.3(rb_hash_new+0x3c) [0x7fe9770ff19c] /usr/src/debug/ruby-3.3.0~20231107.1312gitced84beb25-183.fc40.283.x86_64/hash.c:1432 /lib64/libruby.so.3.3(vm_exec_core.lto_priv.0+0x30da) [0x7fe97725dffa] /usr/src/debug/ruby-3.3.0~20231107.1312gitced84beb25-183.fc40.283.x86_64/redhat-linux-build/insns.def:545 /lib64/libruby.so.3.3(rb_vm_exec+0x17d) [0x7fe97727348d] /usr/src/debug/ruby-3.3.0~20231107.1312gitced84beb25-183.fc40.283.x86_64/vm.c:2472 /lib64/libruby.so.3.3(rb_yield+0x77) [0x7fe977260707] /usr/src/debug/ruby-3.3.0~20231107.1312gitced84beb25-183.fc40.283.x86_64/vm.c:1622 /lib64/libruby.so.3.3(rb_ary_each+0x44) [0x7fe977062474] /usr/src/debug/ruby-3.3.0~20231107.1312gitced84beb25-183.fc40.283.x86_64/array.c:2532 /lib64/libruby.so.3.3(vm_call_cfunc_with_frame_+0x117) [0x7fe977253b27] /usr/src/debug/ruby-3.3.0~20231107.1312gitced84beb25-183.fc40.283.x86_64/vm_insnhelper.c:3503 /lib64/libruby.so.3.3(vm_sendish+0xb1) [0x7fe9772560a1] /usr/src/debug/ruby-3.3.0~20231107.1312gitced84beb25-183.fc40.283.x86_64/vm_insnhelper.c:5585 /lib64/libruby.so.3.3(vm_exec_core.lto_priv.0+0x1f7f) [0x7fe97725ce9f] /usr/src/debug/ruby-3.3.0~20231107.1312gitced84beb25-183.fc40.283.x86_64/redhat-linux-build/insns.def:802 /lib64/libruby.so.3.3(rb_vm_exec+0x17d) [0x7fe97727348d] /usr/src/debug/ruby-3.3.0~20231107.1312gitced84beb25-183.fc40.283.x86_64/vm.c:2472 /lib64/libruby.so.3.3(rb_yield+0x77) [0x7fe977260707] /usr/src/debug/ruby-3.3.0~20231107.1312gitced84beb25-183.fc40.283.x86_64/vm.c:1622 /lib64/libruby.so.3.3(rb_ary_collect.lto_priv.0+0x5c) [0x7fe9770626cc] /usr/src/debug/ruby-3.3.0~20231107.1312gitced84beb25-183.fc40.283.x86_64/array.c:3624 /lib64/libruby.so.3.3(vm_call_cfunc_with_frame_+0x117) [0x7fe977253b27] /usr/src/debug/ruby-3.3.0~20231107.1312gitced84beb25-183.fc40.283.x86_64/vm_insnhelper.c:3503 /lib64/libruby.so.3.3(vm_sendish+0xb1) [0x7fe9772560a1] /usr/src/debug/ruby-3.3.0~20231107.1312gitced84beb25-183.fc40.283.x86_64/vm_insnhelper.c:5585 /lib64/libruby.so.3.3(vm_exec_core.lto_priv.0+0x1f7f) [0x7fe97725ce9f] /usr/src/debug/ruby-3.3.0~20231107.1312gitced84beb25-183.fc40.283.x86_64/redhat-linux-build/insns.def:802 /lib64/libruby.so.3.3(rb_vm_exec+0x17d) [0x7fe97727348d] /usr/src/debug/ruby-3.3.0~20231107.1312gitced84beb25-183.fc40.283.x86_64/vm.c:2472 /lib64/libruby.so.3.3(rb_load_internal+0x73) [0x7fe977134a63] /usr/src/debug/ruby-3.3.0~20231107.1312gitced84beb25-183.fc40.283.x86_64/load.c:800 /lib64/libruby.so.3.3(rb_f_load+0xad) [0x7fe977134d4d] /usr/src/debug/ruby-3.3.0~20231107.1312gitced84beb25-183.fc40.283.x86_64/load.c:875 /lib64/libruby.so.3.3(vm_call_cfunc_with_frame_+0x117) [0x7fe977253b27] /usr/src/debug/ruby-3.3.0~20231107.1312gitced84beb25-183.fc40.283.x86_64/vm_insnhelper.c:3503 /lib64/libruby.so.3.3(vm_exec_core.lto_priv.0+0x16c) [0x7fe97725b08c] /usr/src/debug/ruby-3.3.0~20231107.1312gitced84beb25-183.fc40.283.x86_64/vm_insnhelper.c:5581 /lib64/libruby.so.3.3(rb_vm_exec+0x17d) [0x7fe97727348d] /usr/src/debug/ruby-3.3.0~20231107.1312gitced84beb25-183.fc40.283.x86_64/vm.c:2472 /lib64/libruby.so.3.3(rb_ec_exec_node+0xaa) [0x7fe9770dba9a] /usr/src/debug/ruby-3.3.0~20231107.1312gitced84beb25-183.fc40.283.x86_64/eval.c:287 /lib64/libruby.so.3.3(ruby_run_node+0x93) [0x7fe9770dda53] /usr/src/debug/ruby-3.3.0~20231107.1312gitced84beb25-183.fc40.283.x86_64/eval.c:328 /usr/bin/ruby-mri(0x561dc3276197) [0x561dc3276197] /lib64/libc.so.6(__libc_start_call_main+0x7a) [0x7fe976e4514a] /lib64/libc.so.6(__libc_start_main+0x8b) [0x7fe976e4520b] /usr/bin/ruby-mri(_start+0x25) [0x561dc32761e5] /usr/src/debug/ruby-3.3.0~20231107.1312gitced84beb25-183.fc40.283.x86_64/main.c:59 -- Other runtime information ----------------------------------------------- * Process memory map: 561dc3275000-561dc3276000 r--p 00000000 08:08 6714104 /usr/bin/ruby-mri 561dc3276000-561dc3277000 r-xp 00001000 08:08 6714104 /usr/bin/ruby-mri 561dc3277000-561dc3278000 r--p 00002000 08:08 6714104 /usr/bin/ruby-mri 561dc3278000-561dc3279000 r--p 00002000 08:08 6714104 /usr/bin/ruby-mri 561dc3279000-561dc327a000 rw-p 00003000 08:08 6714104 /usr/bin/ruby-mri 561dc34c1000-561dc58f8000 rw-p 00000000 00:00 0 [heap] 7fe94a000000-7fe94bf6a000 r--s 00000000 08:08 6789556 /usr/lib/debug/usr/lib64/libruby.so.3.3.0-3.3.0~20231107.1312gitced84beb25-183.fc40.283.x86_64.debug 7fe94c000000-7fe94c021000 rw-p 00000000 00:00 0 7fe94c021000-7fe950000000 ---p 00000000 00:00 0 7fe952000000-7fe953f6a000 r--s 00000000 08:08 6789556 /usr/lib/debug/usr/lib64/libruby.so.3.3.0-3.3.0~20231107.1312gitced84beb25-183.fc40.283.x86_64.debug 7fe954000000-7fe954021000 rw-p 00000000 00:00 0 7fe954021000-7fe958000000 ---p 00000000 00:00 0 7fe959600000-7fe959851000 r--s 00000000 08:08 6707607 /usr/lib64/libc.so.6 7fe959a00000-7fe959f64000 r--s 00000000 08:08 6788707 /usr/lib64/libruby.so.3.3.0 7fe959f8f000-7fe959f90000 ---p 00000000 00:00 0 7fe959f90000-7fe95a7f0000 rw-p 00000000 00:00 0 7fe95aaa0000-7fe95ac40000 rw-p 00000000 00:00 0 7fe95ac49000-7fe95ac4d000 r--p 00000000 08:08 6708025 /usr/lib64/libnss_resolve.so.2 7fe95ac4d000-7fe95ac69000 r-xp 00004000 08:08 6708025 /usr/lib64/libnss_resolve.so.2 7fe95ac69000-7fe95ac71000 r--p 00020000 08:08 6708025 /usr/lib64/libnss_resolve.so.2 7fe95ac71000-7fe95ac72000 r--p 00027000 08:08 6708025 /usr/lib64/libnss_resolve.so.2 7fe95ac72000-7fe95ac73000 rw-p 00028000 08:08 6708025 /usr/lib64/libnss_resolve.so.2 7fe95ac73000-7fe95ac78000 r--p 00000000 08:08 6708024 /usr/lib64/libnss_myhostname.so.2 7fe95ac78000-7fe95ac8d000 r-xp 00005000 08:08 6708024 /usr/lib64/libnss_myhostname.so.2 7fe95ac8d000-7fe95ac99000 r--p 0001a000 08:08 6708024 /usr/lib64/libnss_myhostname.so.2 7fe95ac99000-7fe95ac9e000 r--p 00025000 08:08 6708024 /usr/lib64/libnss_myhostname.so.2 7fe95ac9e000-7fe95ac9f000 rw-p 0002a000 08:08 6708024 /usr/lib64/libnss_myhostname.so.2 7fe95ac9f000-7fe95aca0000 ---p 00000000 00:00 0 7fe95aca0000-7fe95b040000 rw-p 00000000 00:00 0 7fe95b050000-7fe95b410000 rw-p 00000000 00:00 0 7fe95b41f000-7fe95b421000 r--p 00000000 08:08 6714089 /usr/lib64/libyaml-0.so.2.0.9 7fe95b421000-7fe95b43a000 r-xp 00002000 08:08 6714089 /usr/lib64/libyaml-0.so.2.0.9 7fe95b43a000-7fe95b43e000 r--p 0001b000 08:08 6714089 /usr/lib64/libyaml-0.so.2.0.9 7fe95b43e000-7fe95b43f000 r--p 0001e000 08:08 6714089 /usr/lib64/libyaml-0.so.2.0.9 7fe95b43f000-7fe95b570000 rw-p 00000000 00:00 0 7fe95b571000-7fe95b574000 r--p 00000000 08:08 6789373 /usr/lib64/gems/ruby/bigdecimal-3.1.5/bigdecimal.so 7fe95b574000-7fe95b588000 r-xp 00003000 08:08 6789373 /usr/lib64/gems/ruby/bigdecimal-3.1.5/bigdecimal.so 7fe95b588000-7fe95b58b000 r--p 00017000 08:08 6789373 /usr/lib64/gems/ruby/bigdecimal-3.1.5/bigdecimal.so 7fe95b58b000-7fe95b58c000 r--p 0001a000 08:08 6789373 /usr/lib64/gems/ruby/bigdecimal-3.1.5/bigdecimal.so 7fe95b58c000-7fe95b58d000 rw-p 0001b000 08:08 6789373 /usr/lib64/gems/ruby/bigdecimal-3.1.5/bigdecimal.so 7fe95b58d000-7fe95b591000 r--p 00000000 08:08 6788798 /usr/lib64/ruby/zlib.so 7fe95b591000-7fe95b59b000 r-xp 00004000 08:08 6788798 /usr/lib64/ruby/zlib.so 7fe95b59b000-7fe95b59e000 r--p 0000e000 08:08 6788798 /usr/lib64/ruby/zlib.so 7fe95b59e000-7fe95b59f000 r--p 00010000 08:08 6788798 /usr/lib64/ruby/zlib.so 7fe95b59f000-7fe95b5c0000 rw-p 00000000 00:00 0 7fe95b5ce000-7fe95b5d5000 r--p 00000000 08:08 6788794 /usr/lib64/ruby/socket.so 7fe95b5d5000-7fe95b5f7000 r-xp 00007000 08:08 6788794 /usr/lib64/ruby/socket.so 7fe95b5f7000-7fe95b5fe000 r--p 00029000 08:08 6788794 /usr/lib64/ruby/socket.so 7fe95b5fe000-7fe95b5ff000 r--p 00030000 08:08 6788794 /usr/lib64/ruby/socket.so 7fe95b5ff000-7fe95b600000 rw-p 00031000 08:08 6788794 /usr/lib64/ruby/socket.so 7fe95b600000-7fe95b780000 rw-p 00000000 00:00 0 7fe95b790000-7fe95b8a0000 rw-p 00000000 00:00 0 7fe95b8a6000-7fe95b8a8000 r--p 00000000 08:08 6707981 /usr/lib64/libcap.so.2.48 7fe95b8a8000-7fe95b8ac000 r-xp 00002000 08:08 6707981 /usr/lib64/libcap.so.2.48 7fe95b8ac000-7fe95b8ae000 r--p 00006000 08:08 6707981 /usr/lib64/libcap.so.2.48 7fe95b8ae000-7fe95b8af000 r--p 00007000 08:08 6707981 /usr/lib64/libcap.so.2.48 7fe95b8af000-7fe95b8b0000 rw-p 00008000 08:08 6707981 /usr/lib64/libcap.so.2.48 7fe95b8b0000-7fe95b940000 rw-p 00000000 00:00 0 7fe95b940000-7fe95b945000 r--s 00000000 08:08 6789371 /usr/lib/debug/usr/bin/ruby-mri-3.3.0~20231107.1312gitced84beb25-183.fc40.283.x86_64.debug 7fe95b945000-7fe95b947000 r--p 00000000 08:08 6788795 /usr/lib64/ruby/stringio.so 7fe95b947000-7fe95b94c000 r-xp 00002000 08:08 6788795 /usr/lib64/ruby/stringio.so 7fe95b94c000-7fe95b94e000 r--p 00007000 08:08 6788795 /usr/lib64/ruby/stringio.so 7fe95b94e000-7fe95b94f000 r--p 00008000 08:08 6788795 /usr/lib64/ruby/stringio.so 7fe95b94f000-7fe95ba10000 rw-p 00000000 00:00 0 7fe95ba10000-7fe95ba15000 r--s 00000000 08:08 6789371 /usr/lib/debug/usr/bin/ruby-mri-3.3.0~20231107.1312gitced84beb25-183.fc40.283.x86_64.debug 7fe95ba15000-7fe95ba16000 r--p 00000000 08:08 6788784 /usr/lib64/ruby/io/wait.so 7fe95ba16000-7fe95ba17000 r-xp 00001000 08:08 6788784 /usr/lib64/ruby/io/wait.so 7fe95ba17000-7fe95ba18000 r--p 00002000 08:08 6788784 /usr/lib64/ruby/io/wait.so 7fe95ba18000-7fe95ba19000 r--p 00002000 08:08 6788784 /usr/lib64/ruby/io/wait.so 7fe95ba19000-7fe95ba1a000 rw-p 00000000 00:00 0 7fe95ba1a000-7fe95ba1b000 r--p 00000000 08:08 6788779 /usr/lib64/ruby/erb/escape.so 7fe95ba1b000-7fe95ba1c000 r-xp 00001000 08:08 6788779 /usr/lib64/ruby/erb/escape.so 7fe95ba1c000-7fe95ba1d000 r--p 00002000 08:08 6788779 /usr/lib64/ruby/erb/escape.so 7fe95ba1d000-7fe95ba1e000 r--p 00002000 08:08 6788779 /usr/lib64/ruby/erb/escape.so 7fe95ba1e000-7fe95ba1f000 rw-p 00000000 00:00 0 7fe95ba1f000-7fe95ba20000 ---p 00000000 00:00 0 7fe95ba20000-7fe95bac1000 rw-p 00000000 00:00 0 7fe95bac1000-7fe95bac2000 ---p 00000000 00:00 0 7fe95bac2000-7fe95bb63000 rw-p 00000000 00:00 0 7fe95bb63000-7fe95bb64000 ---p 00000000 00:00 0 7fe95bb64000-7fe95bc05000 rw-p 00000000 00:00 0 7fe95bc05000-7fe95bc06000 ---p 00000000 00:00 0 7fe95bc06000-7fe95bca7000 rw-p 00000000 00:00 0 7fe95bca7000-7fe95bca8000 ---p 00000000 00:00 0 7fe95bca8000-7fe95bd49000 rw-p 00000000 00:00 0 7fe95bd49000-7fe95bd4a000 ---p 00000000 00:00 0 7fe95bd4a000-7fe95bdeb000 rw-p 00000000 00:00 0 7fe95bdeb000-7fe95bdec000 ---p 00000000 00:00 0 7fe95bdec000-7fe95be8d000 rw-p 00000000 00:00 0 7fe95be8d000-7fe95be8e000 ---p 00000000 00:00 0 7fe95be8e000-7fe95bf2f000 rw-p 00000000 00:00 0 7fe95bf2f000-7fe95bf30000 ---p 00000000 00:00 0 7fe95bf30000-7fe95bfd1000 rw-p 00000000 00:00 0 7fe95bfd1000-7fe95bfd2000 ---p 00000000 00:00 0 7fe95bfd2000-7fe95c073000 rw-p 00000000 00:00 0 7fe95c073000-7fe95c074000 ---p 00000000 00:00 0 7fe95c074000-7fe95c115000 rw-p 00000000 00:00 0 7fe95c115000-7fe95c116000 ---p 00000000 00:00 0 7fe95c116000-7fe95c1b7000 rw-p 00000000 00:00 0 7fe95c1b7000-7fe95c1b8000 ---p 00000000 00:00 0 7fe95c1b8000-7fe95c259000 rw-p 00000000 00:00 0 7fe95c259000-7fe95c25a000 ---p 00000000 00:00 0 7fe95c25a000-7fe95c2fb000 rw-p 00000000 00:00 0 7fe95c2fb000-7fe95c2fc000 ---p 00000000 00:00 0 7fe95c2fc000-7fe95c39d000 rw-p 00000000 00:00 0 7fe95c39d000-7fe95c39e000 ---p 00000000 00:00 0 7fe95c39e000-7fe95c43f000 rw-p 00000000 00:00 0 7fe95c43f000-7fe95c440000 ---p 00000000 00:00 0 7fe95c440000-7fe95c4e1000 rw-p 00000000 00:00 0 7fe95c4e1000-7fe95c4e2000 ---p 00000000 00:00 0 7fe95c4e2000-7fe95c583000 rw-p 00000000 00:00 0 7fe95c583000-7fe95c584000 ---p 00000000 00:00 0 7fe95c584000-7fe95c625000 rw-p 00000000 00:00 0 7fe95c625000-7fe95c626000 ---p 00000000 00:00 0 7fe95c626000-7fe95c6c7000 rw-p 00000000 00:00 0 7fe95c6c7000-7fe95c6c8000 ---p 00000000 00:00 0 7fe95c6c8000-7fe95c769000 rw-p 00000000 00:00 0 7fe95c769000-7fe95c76a000 ---p 00000000 00:00 0 7fe95c76a000-7fe95c80b000 rw-p 00000000 00:00 0 7fe95c80b000-7fe95c80c000 ---p 00000000 00:00 0 7fe95c80c000-7fe95c8ad000 rw-p 00000000 00:00 0 7fe95c8ad000-7fe95c8ae000 ---p 00000000 00:00 0 7fe95c8ae000-7fe95c94f000 rw-p 00000000 00:00 0 7fe95c94f000-7fe95c950000 ---p 00000000 00:00 0 7fe95c950000-7fe95c9f1000 rw-p 00000000 00:00 0 7fe95c9f1000-7fe95c9f2000 ---p 00000000 00:00 0 7fe95c9f2000-7fe95ca93000 rw-p 00000000 00:00 0 7fe95ca93000-7fe95ca94000 ---p 00000000 00:00 0 7fe95ca94000-7fe95cb35000 rw-p 00000000 00:00 0 7fe95cb35000-7fe95cb36000 ---p 00000000 00:00 0 7fe95cb36000-7fe95cbd7000 rw-p 00000000 00:00 0 7fe95cbd7000-7fe95cbd8000 ---p 00000000 00:00 0 7fe95cbd8000-7fe95cc79000 rw-p 00000000 00:00 0 7fe95cc79000-7fe95cc7a000 ---p 00000000 00:00 0 7fe95cc7a000-7fe95cd1b000 rw-p 00000000 00:00 0 7fe95cd1b000-7fe95cd1c000 ---p 00000000 00:00 0 7fe95cd1c000-7fe95cdbd000 rw-p 00000000 00:00 0 7fe95cdbd000-7fe95cdbe000 ---p 00000000 00:00 0 7fe95cdbe000-7fe95ce5f000 rw-p 00000000 00:00 0 7fe95ce5f000-7fe95ce60000 ---p 00000000 00:00 0 7fe95ce60000-7fe95d6b0000 rw-p 00000000 00:00 0 7fe95d6b0000-7fe95d6b2000 r--p 00000000 08:08 6788796 /usr/lib64/ruby/strscan.so 7fe95d6b2000-7fe95d6b5000 r-xp 00002000 08:08 6788796 /usr/lib64/ruby/strscan.so 7fe95d6b5000-7fe95d6b6000 r--p 00005000 08:08 6788796 /usr/lib64/ruby/strscan.so 7fe95d6b6000-7fe95d6b7000 r--p 00006000 08:08 6788796 /usr/lib64/ruby/strscan.so 7fe95d6b7000-7fe95d6b8000 rw-p 00000000 00:00 0 7fe95d6b8000-7fe95d6ba000 r--p 00000000 08:08 6788708 /usr/lib64/ruby/cgi/escape.so 7fe95d6ba000-7fe95d6bc000 r-xp 00002000 08:08 6788708 /usr/lib64/ruby/cgi/escape.so 7fe95d6bc000-7fe95d6bd000 r--p 00004000 08:08 6788708 /usr/lib64/ruby/cgi/escape.so 7fe95d6bd000-7fe95d6be000 r--p 00004000 08:08 6788708 /usr/lib64/ruby/cgi/escape.so 7fe95d6be000-7fe976abf000 rw-p 00000000 00:00 0 7fe976ac2000-7fe976ac6000 r--s 00000000 08:08 6714104 /usr/bin/ruby-mri 7fe976ac6000-7fe976ac9000 r--p 00000000 08:08 6714117 /usr/lib64/gems/ruby/psych-5.1.1.1/psych.so 7fe976ac9000-7fe976acd000 r-xp 00003000 08:08 6714117 /usr/lib64/gems/ruby/psych-5.1.1.1/psych.so 7fe976acd000-7fe976ace000 r--p 00007000 08:08 6714117 /usr/lib64/gems/ruby/psych-5.1.1.1/psych.so 7fe976ace000-7fe976acf000 r--p 00008000 08:08 6714117 /usr/lib64/gems/ruby/psych-5.1.1.1/psych.so 7fe976acf000-7fe976b30000 rw-p 00000000 00:00 0 7fe976b32000-7fe976b33000 r--p 00000000 08:08 6788785 /usr/lib64/ruby/monitor.so 7fe976b33000-7fe976b34000 r-xp 00001000 08:08 6788785 /usr/lib64/ruby/monitor.so 7fe976b34000-7fe976b35000 r--p 00002000 08:08 6788785 /usr/lib64/ruby/monitor.so 7fe976b35000-7fe976b36000 r--p 00002000 08:08 6788785 /usr/lib64/ruby/monitor.so 7fe976b36000-7fe976b37000 rw-p 00000000 00:00 0 7fe976b37000-7fe976b38000 r--p 00000000 08:08 6788765 /usr/lib64/ruby/enc/trans/transdb.so 7fe976b38000-7fe976b39000 r-xp 00001000 08:08 6788765 /usr/lib64/ruby/enc/trans/transdb.so 7fe976b39000-7fe976b3a000 r--p 00002000 08:08 6788765 /usr/lib64/ruby/enc/trans/transdb.so 7fe976b3a000-7fe976b3b000 r--p 00002000 08:08 6788765 /usr/lib64/ruby/enc/trans/transdb.so 7fe976b3b000-7fe976c3d000 rw-p 00000000 00:00 0 7fe976c3d000-7fe976c96000 r--p 00000000 08:08 6707590 /usr/lib/locale/C.utf8/LC_CTYPE 7fe976c96000-7fe976ca6000 r--p 00000000 08:08 6707610 /usr/lib64/libm.so.6 7fe976ca6000-7fe976d1c000 r-xp 00010000 08:08 6707610 /usr/lib64/libm.so.6 7fe976d1c000-7fe976d76000 r--p 00086000 08:08 6707610 /usr/lib64/libm.so.6 7fe976d76000-7fe976d77000 r--p 000df000 08:08 6707610 /usr/lib64/libm.so.6 7fe976d77000-7fe976d78000 rw-p 000e0000 08:08 6707610 /usr/lib64/libm.so.6 7fe976d78000-7fe976d89000 r--p 00000000 08:08 6707959 /usr/lib64/libgmp.so.10.4.1 7fe976d89000-7fe976e05000 r-xp 00011000 08:08 6707959 /usr/lib64/libgmp.so.10.4.1 7fe976e05000-7fe976e1a000 r--p 0008d000 08:08 6707959 /usr/lib64/libgmp.so.10.4.1 7fe976e1a000-7fe976e1c000 r--p 000a1000 08:08 6707959 /usr/lib64/libgmp.so.10.4.1 7fe976e1c000-7fe976e1d000 rw-p 000a3000 08:08 6707959 /usr/lib64/libgmp.so.10.4.1 7fe976e1d000-7fe976e43000 r--p 00000000 08:08 6707607 /usr/lib64/libc.so.6 7fe976e43000-7fe976fa4000 r-xp 00026000 08:08 6707607 /usr/lib64/libc.so.6 7fe976fa4000-7fe976ff2000 r--p 00187000 08:08 6707607 /usr/lib64/libc.so.6 7fe976ff2000-7fe976ff6000 r--p 001d4000 08:08 6707607 /usr/lib64/libc.so.6 7fe976ff6000-7fe976ff8000 rw-p 001d8000 08:08 6707607 /usr/lib64/libc.so.6 7fe976ff8000-7fe977000000 rw-p 00000000 00:00 0 7fe977000000-7fe977049000 r--p 00000000 08:08 6788707 /usr/lib64/libruby.so.3.3.0 7fe977049000-7fe9773bf000 r-xp 00049000 08:08 6788707 /usr/lib64/libruby.so.3.3.0 7fe9773bf000-7fe977527000 r--p 003bf000 08:08 6788707 /usr/lib64/libruby.so.3.3.0 7fe977527000-7fe977540000 r--p 00526000 08:08 6788707 /usr/lib64/libruby.so.3.3.0 7fe977540000-7fe977541000 rw-p 0053f000 08:08 6788707 /usr/lib64/libruby.so.3.3.0 7fe977541000-7fe977556000 rw-p 00000000 00:00 0 7fe977559000-7fe97755a000 r--p 00000000 08:08 6788722 /usr/lib64/ruby/enc/encdb.so 7fe97755a000-7fe97755b000 r-xp 00001000 08:08 6788722 /usr/lib64/ruby/enc/encdb.so 7fe97755b000-7fe97755c000 r--p 00002000 08:08 6788722 /usr/lib64/ruby/enc/encdb.so 7fe97755c000-7fe97755d000 r--p 00002000 08:08 6788722 /usr/lib64/ruby/enc/encdb.so 7fe97755d000-7fe97755e000 rw-p 00000000 00:00 0 7fe97755e000-7fe977565000 r--s 00000000 08:08 6707673 /usr/lib64/gconv/gconv-modules.cache 7fe977565000-7fe977568000 rw-p 00000000 00:00 0 7fe977568000-7fe97756b000 r--p 00000000 08:08 6706024 /usr/lib64/libgcc_s-13-20231011.so.1 7fe97756b000-7fe977586000 r-xp 00003000 08:08 6706024 /usr/lib64/libgcc_s-13-20231011.so.1 7fe977586000-7fe97758a000 r--p 0001e000 08:08 6706024 /usr/lib64/libgcc_s-13-20231011.so.1 7fe97758a000-7fe97758b000 r--p 00021000 08:08 6706024 /usr/lib64/libgcc_s-13-20231011.so.1 7fe97758b000-7fe97758e000 rw-p 00000000 00:00 0 7fe97758e000-7fe977590000 r--p 00000000 08:08 6707999 /usr/lib64/libcrypt.so.2.0.0 7fe977590000-7fe9775a4000 r-xp 00002000 08:08 6707999 /usr/lib64/libcrypt.so.2.0.0 7fe9775a4000-7fe9775bd000 r--p 00016000 08:08 6707999 /usr/lib64/libcrypt.so.2.0.0 7fe9775bd000-7fe9775be000 r--p 0002e000 08:08 6707999 /usr/lib64/libcrypt.so.2.0.0 7fe9775be000-7fe9775c7000 rw-p 00000000 00:00 0 7fe9775c7000-7fe9775ca000 r--p 00000000 08:08 6707836 /usr/lib64/libz.so.1.2.13 7fe9775ca000-7fe9775d9000 r-xp 00003000 08:08 6707836 /usr/lib64/libz.so.1.2.13 7fe9775d9000-7fe9775df000 r--p 00012000 08:08 6707836 /usr/lib64/libz.so.1.2.13 7fe9775df000-7fe9775e0000 r--p 00018000 08:08 6707836 /usr/lib64/libz.so.1.2.13 7fe9775e0000-7fe9775e3000 rw-p 00000000 00:00 0 7fe9775e6000-7fe9775e7000 r--p 00000000 08:08 6707604 /usr/lib64/ld-linux-x86-64.so.2 7fe9775e7000-7fe97760e000 r-xp 00001000 08:08 6707604 /usr/lib64/ld-linux-x86-64.so.2 7fe97760e000-7fe977618000 r--p 00028000 08:08 6707604 /usr/lib64/ld-linux-x86-64.so.2 7fe977618000-7fe97761a000 r--p 00031000 08:08 6707604 /usr/lib64/ld-linux-x86-64.so.2 7fe97761a000-7fe97761c000 rw-p 00033000 08:08 6707604 /usr/lib64/ld-linux-x86-64.so.2 7ffd7cec9000-7ffd7d6c8000 rw-p 00000000 00:00 0 [stack] 7ffd7d7c9000-7ffd7d7cd000 r--p 00000000 00:00 0 [vvar] 7ffd7d7cd000-7ffd7d7cf000 r-xp 00000000 00:00 0 [vdso] ffffffffff600000-ffffffffff601000 --xp 00000000 00:00 0 [vsyscall] Aborted (core dumped) ``` Looks like running testsuite brings about GC for ruby regex and it seems to cause segfault. valgrind says: ``` ==93== Invalid free() / delete / delete[] / realloc() ==93== at 0x4845B2C: free (vg_replace_malloc.c:985) ==93== by 0x4A2E738: i_free_name_entry (regparse.c:521) ==93== by 0x4A46DD4: UnknownInlinedFun (hash.c:870) ==93== by 0x4A46DD4: UnknownInlinedFun (st.c:1516) ==93== by 0x4A46DD4: rb_st_foreach (st.c:1613) ==93== by 0x4A330C6: UnknownInlinedFun (regparse.c:534) ==93== by 0x4A330C6: onig_names_free (regparse.c:545) ==93== by 0x4A24869: UnknownInlinedFun (regcomp.c:5682) ==93== by 0x4A24869: onig_free (regcomp.c:5679) ==93== by 0x4945121: obj_free.lto_priv.0 (gc.c:3611) ==93== by 0x4B42057: UnknownInlinedFun (gc.c:5538) ==93== by 0x4B42057: gc_sweep_page.constprop.0 (gc.c:5623) ==93== by 0x4943022: gc_sweep_step.lto_priv.0 (gc.c:5905) ==93== by 0x494B49A: UnknownInlinedFun (gc.c:5977) ==93== by 0x494B49A: gc_continue (gc.c:2488) ==93== by 0x494B8BD: UnknownInlinedFun (gc.c:2500) ==93== by 0x494B8BD: UnknownInlinedFun (gc.c:2715) ==93== by 0x494B8BD: newobj_alloc (gc.c:2816) ==93== by 0x494C1A3: UnknownInlinedFun (gc.c:2919) ==93== by 0x494C1A3: UnknownInlinedFun (gc.c:2936) ==93== by 0x494C1A3: rb_wb_protected_newobj_of (gc.c:2951) ==93== by 0x495819B: UnknownInlinedFun (hash.c:1432) ==93== by 0x495819B: UnknownInlinedFun (hash.c:1443) ==93== by 0x495819B: rb_hash_new (hash.c:1457) ==93== Address 0x223e3ec0 is 0 bytes inside a block of size 6 free'd ==93== at 0x4845B2C: free (vg_replace_malloc.c:985) ==93== by 0x4A2E738: i_free_name_entry (regparse.c:521) ==93== by 0x4A46DD4: UnknownInlinedFun (hash.c:870) ==93== by 0x4A46DD4: UnknownInlinedFun (st.c:1516) ==93== by 0x4A46DD4: rb_st_foreach (st.c:1613) ==93== by 0x4A330C6: UnknownInlinedFun (regparse.c:534) ==93== by 0x4A330C6: onig_names_free (regparse.c:545) ==93== by 0x4A24869: UnknownInlinedFun (regcomp.c:5682) ==93== by 0x4A24869: onig_free (regcomp.c:5679) ==93== by 0x4945121: obj_free.lto_priv.0 (gc.c:3611) ==93== by 0x4B42057: UnknownInlinedFun (gc.c:5538) ==93== by 0x4B42057: gc_sweep_page.constprop.0 (gc.c:5623) ==93== by 0x4943022: gc_sweep_step.lto_priv.0 (gc.c:5905) ==93== by 0x494B49A: UnknownInlinedFun (gc.c:5977) ==93== by 0x494B49A: gc_continue (gc.c:2488) ==93== by 0x494B8BD: UnknownInlinedFun (gc.c:2500) ==93== by 0x494B8BD: UnknownInlinedFun (gc.c:2715) ==93== by 0x494B8BD: newobj_alloc (gc.c:2816) ==93== by 0x494C1A3: UnknownInlinedFun (gc.c:2919) ==93== by 0x494C1A3: UnknownInlinedFun (gc.c:2936) ==93== by 0x494C1A3: rb_wb_protected_newobj_of (gc.c:2951) ==93== by 0x495819B: UnknownInlinedFun (hash.c:1432) ==93== by 0x495819B: UnknownInlinedFun (hash.c:1443) ==93== by 0x495819B: rb_hash_new (hash.c:1457) ==93== Block was alloc'd at ==93== at 0x484280F: malloc (vg_replace_malloc.c:442) ==93== by 0x4A3AFA9: UnknownInlinedFun (regparse.c:287) ==93== by 0x4A3AFA9: UnknownInlinedFun (regparse.c:887) ==93== by 0x4A3AFA9: UnknownInlinedFun (regparse.c:5150) ==93== by 0x4A3AFA9: parse_exp (regparse.c:6227) ==93== by 0x4A3B1E6: parse_branch (regparse.c:6585) ==93== by 0x4A3B477: parse_subexp (regparse.c:6646) ==93== by 0x4A39C1A: UnknownInlinedFun (regparse.c:5074) ==93== by 0x4A39C1A: parse_exp (regparse.c:6227) ==93== by 0x4A3B2D4: parse_branch (regparse.c:6598) ==93== by 0x4A3B396: parse_subexp (regparse.c:6631) ==93== by 0x4A3B5DD: UnknownInlinedFun (regparse.c:6680) ==93== by 0x4A3B5DD: onig_parse_make_tree (regparse.c:6725) ==93== by 0x4A24B5E: onig_compile_ruby (regcomp.c:5866) ==93== by 0x4A18AA7: UnknownInlinedFun (re.c:876) ==93== by 0x4A18AA7: UnknownInlinedFun (re.c:900) ==93== by 0x4A18AA7: rb_reg_initialize (re.c:3265) ==93== by 0x4A18D0C: rb_reg_initialize_str (re.c:3299) ==93== by 0x4A18E0E: rb_reg_init_str (re.c:3334) ``` so looks like this is double-free. Currently I am unable to create minimum reproducer. -- https://bugs.ruby-lang.org/ ______________________________________________ ruby-core mailing list -- ruby-core@ml.ruby-lang.org To unsubscribe send an email to ruby-core-leave@ml.ruby-lang.org ruby-core info -- https://ml.ruby-lang.org/mailman3/postorius/lists/ruby-core.ml.ruby-lang.org/