From: Yusuke Endoh <mame@...>
Date: 2011-07-24T21:09:36+09:00
Subject: [ruby-core:38449] [Ruby 1.9 - Bug #5047] Segfault (most likely involving require)


Issue #5047 has been updated by Yusuke Endoh.

File 5047.patch added
Assignee changed from Hiroshi Nakamura to Koichi Sasada

I probably managed to fix this issue.
Could anyone try the attached patch?
ko1: May I commit it?


This problem is caused by the combination of the wrong design
of Method class and lack of YARV method entry marking, with
obfuscated by conservative GC and Fiber's machine stack...

Each method has struct rb_method_entry_t.  The struct is free'd
when its method is removed, except the method is "live" (i.e.,
method being now executed).
To prevent live rb_method_entry_t from being free'd, YARV
traverses the YARV stack and marks each live rb_method_entry_t
at GC marking phase.
However, when the method is BMETHOD (i.e., Method#call), the
system does not work correctly because rb_method_entry_t is
embedded in the internal structure of Method class (i.e.,
struct METHOD).  The rb_method_entry_t is free'd when the Method
object is GC'd, even if the YARV attempts to prevent it.

My patch separates rb_method_entry_t from struct METHOD,

 struct METHOD {
     VALUE recv;
     VALUE rclass;
     ID id;
-    rb_method_entry_t me;
+    rb_method_entry_t *me;
 };

and marks them explicitly at each marking phase.

I tried to create a small test for this issue, but didn't
succeeded because of conservative GC.


The following is Japanese translation.

���������������������������������������������������������������������������������������������������
������������

���������struct METHOD ������ rb_method_entry_t ���������������������������������
���������
rb_method_entry_t ��� YARV ��������������������������������������� free ���������
������������������������struct METHOD ������������������������������������Method ������
������������������������������������������������ free ������������������������������������������
��������������������������������������� mark ���������������������������������������������������
���������
rb_method_entry_t ��������������������������������������� malloc ������������������
���������������������������������

������������������������������������������������conservative GC ��������������� Method
������������������������������������������������������

rb_method_entry_t ���������������������������������������������������������������������
������������������������������

-- 
Yusuke Endoh <mame@tsg.ne.jp>
----------------------------------------
Bug #5047: Segfault (most likely involving require)
http://redmine.ruby-lang.org/issues/5047

Author: Jack Christensen
Status: Assigned
Priority: High
Assignee: Koichi Sasada
Category: core
Target version: 1.9.3
ruby -v: -


Rails application randomly segfaults when running rspec. It will segfault about 80% of the time before any specs run. It seems to be related to requiring files. If it succeeds in getting to any specs it will run all of them without segfaulting.

The catalyst for the segfault seems to be the prawn gem. I have tested several rails applications where adding prawn to the Gemfile crashes them. However, there need to be certain other gems in place as well.

<pre>
source 'http://rubygems.org'

gem 'rails', '3.1.0.rc4'

gem 'tiny_tds'
gem 'activerecord-sqlserver-adapter', :git => 'git://github.com/rails-sqlserver/activerecord-sqlserver-adapter.git'

group :test do
  gem 'rspec-rails', '>= 2.6.0'
end

gem "prawn"
</pre>

This Gemfile will crash most of the time when running bundle exec rspec spec. If I replace the tiny_tds and activerecord-sql-server-adapter with sqlite3 it does not crash. But I do not believe the fault is with the SQL server gems as in my other rails projects I am using the pg gem and they also crash.

Another interesting point is the order of the Gemfile matters. If I move the prawn gem to the top of the Gemfile the segfaults do not occur.

The crashes occur at multiple locations, but the most most common is: activesupport-3.1.0.rc4/lib/active_support/dependencies.rb:237.

I've put a whole stack dump below.

<pre>
/usr/local/lib/ruby/gems/1.9.1/gems/activesupport-3.1.0.rc4/lib/active_support/dependencies.rb:237: [BUG] Segmentation fault
ruby 1.9.2p290 (2011-07-09 revision 32553) [x86_64-linux]

-- control frame ----------
c:0042 p:---- s:0143 b:0143 l:000142 d:000142 CFUNC  :require
c:0041 p:0012 s:0139 b:0139 l:000131 d:000138 BLOCK  /usr/local/lib/ruby/gems/1.9.1/gems/activesupport-3.1.0.rc4/lib/active_support/dependencies.rb:237
c:0040 p:0054 s:0137 b:0137 l:000136 d:000136 METHOD /usr/local/lib/ruby/gems/1.9.1/gems/activesupport-3.1.0.rc4/lib/active_support/dependencies.rb:225
c:0039 p:0013 s:0132 b:0132 l:000131 d:000131 METHOD /usr/local/lib/ruby/gems/1.9.1/gems/activesupport-3.1.0.rc4/lib/active_support/dependencies.rb:237
c:0038 p:0119 s:0127 b:0127 l:000126 d:000126 TOP    /usr/local/lib/ruby/gems/1.9.1/gems/rspec-mocks-2.6.0/lib/rspec/mocks/framework.rb:14
c:0037 p:---- s:0125 b:0125 l:000124 d:000124 FINISH
c:0036 p:---- s:0123 b:0123 l:000122 d:000122 CFUNC  :require
c:0035 p:0012 s:0119 b:0119 l:000111 d:000118 BLOCK  /usr/local/lib/ruby/gems/1.9.1/gems/activesupport-3.1.0.rc4/lib/active_support/dependencies.rb:237
c:0034 p:0054 s:0117 b:0117 l:000116 d:000116 METHOD /usr/local/lib/ruby/gems/1.9.1/gems/activesupport-3.1.0.rc4/lib/active_support/dependencies.rb:225
c:0033 p:0013 s:0112 b:0112 l:000111 d:000111 METHOD /usr/local/lib/ruby/gems/1.9.1/gems/activesupport-3.1.0.rc4/lib/active_support/dependencies.rb:237
c:0032 p:0011 s:0107 b:0107 l:000106 d:000106 TOP    /usr/local/lib/ruby/gems/1.9.1/gems/rspec-mocks-2.6.0/lib/rspec/mocks.rb:1
c:0031 p:---- s:0105 b:0105 l:000104 d:000104 FINISH
c:0030 p:---- s:0103 b:0103 l:000102 d:000102 CFUNC  :require
c:0029 p:0012 s:0099 b:0099 l:000091 d:000098 BLOCK  /usr/local/lib/ruby/gems/1.9.1/gems/activesupport-3.1.0.rc4/lib/active_support/dependencies.rb:237
c:0028 p:0054 s:0097 b:0097 l:000096 d:000096 METHOD /usr/local/lib/ruby/gems/1.9.1/gems/activesupport-3.1.0.rc4/lib/active_support/dependencies.rb:225
c:0027 p:0013 s:0092 b:0092 l:000091 d:000091 METHOD /usr/local/lib/ruby/gems/1.9.1/gems/activesupport-3.1.0.rc4/lib/active_support/dependencies.rb:237
c:0026 p:0011 s:0087 b:0087 l:000086 d:000086 TOP    /usr/local/lib/ruby/gems/1.9.1/gems/rspec-core-2.6.4/lib/rspec/core/mocking/with_rspec.rb:1
c:0025 p:---- s:0085 b:0085 l:000084 d:000084 FINISH
c:0024 p:---- s:0083 b:0083 l:000082 d:000082 CFUNC  :require
c:0023 p:0012 s:0079 b:0079 l:000071 d:000078 BLOCK  /usr/local/lib/ruby/gems/1.9.1/gems/activesupport-3.1.0.rc4/lib/active_support/dependencies.rb:237
c:0022 p:0054 s:0077 b:0077 l:000076 d:000076 METHOD /usr/local/lib/ruby/gems/1.9.1/gems/activesupport-3.1.0.rc4/lib/active_support/dependencies.rb:225
c:0021 p:0013 s:0072 b:0072 l:000071 d:000071 METHOD /usr/local/lib/ruby/gems/1.9.1/gems/activesupport-3.1.0.rc4/lib/active_support/dependencies.rb:237
c:0020 p:0186 s:0067 b:0067 l:000066 d:000066 METHOD /usr/local/lib/ruby/gems/1.9.1/gems/rspec-core-2.6.4/lib/rspec/core/configuration.rb:176
c:0019 p:0016 s:0063 b:0062 l:000061 d:000061 METHOD /usr/local/lib/ruby/gems/1.9.1/gems/rspec-core-2.6.4/lib/rspec/core/configuration.rb:135
c:0018 p:0013 s:0058 b:0058 l:000051 d:000057 BLOCK  /home/jackc/work/segfault/spec/spec_helper.rb:18
c:0017 p:0062 s:0055 b:0055 l:000054 d:000054 METHOD /usr/local/lib/ruby/gems/1.9.1/gems/rspec-core-2.6.4/lib/rspec/core.rb:79
c:0016 p:0125 s:0052 b:0052 l:000051 d:000051 TOP    /home/jackc/work/segfault/spec/spec_helper.rb:10
c:0015 p:---- s:0050 b:0050 l:000049 d:000049 FINISH
c:0014 p:---- s:0048 b:0048 l:000047 d:000047 CFUNC  :require
c:0013 p:0011 s:0044 b:0044 l:000043 d:000043 TOP    /home/jackc/work/segfault/spec/controllers/application_controller_spec.rb:1
c:0012 p:---- s:0042 b:0042 l:000041 d:000041 FINISH
c:0011 p:---- s:0040 b:0040 l:000039 d:000039 CFUNC  :load
c:0010 p:0025 s:0036 b:0036 l:000027 d:000035 BLOCK  /usr/local/lib/ruby/gems/1.9.1/gems/rspec-core-2.6.4/lib/rspec/core/configuration.rb:419
c:0009 p:---- s:0033 b:0033 l:000032 d:000032 FINISH
c:0008 p:---- s:0031 b:0031 l:000030 d:000030 CFUNC  :map
c:0007 p:0017 s:0028 b:0028 l:000027 d:000027 METHOD /usr/local/lib/ruby/gems/1.9.1/gems/rspec-core-2.6.4/lib/rspec/core/configuration.rb:419
c:0006 p:0074 s:0025 b:0025 l:000024 d:000024 METHOD /usr/local/lib/ruby/gems/1.9.1/gems/rspec-core-2.6.4/lib/rspec/core/command_line.rb:18
c:0005 p:0055 s:0020 b:0020 l:000019 d:000019 METHOD /usr/local/lib/ruby/gems/1.9.1/gems/rspec-core-2.6.4/lib/rspec/core/runner.rb:80
c:0004 p:0101 s:0014 b:0014 l:000013 d:000013 METHOD /usr/local/lib/ruby/gems/1.9.1/gems/rspec-core-2.6.4/lib/rspec/core/runner.rb:69
c:0003 p:0021 s:0007 b:0006 l:002108 d:000005 BLOCK  /usr/local/lib/ruby/gems/1.9.1/gems/rspec-core-2.6.4/lib/rspec/core/runner.rb:11
c:0002 p:---- s:0004 b:0004 l:000003 d:000003 FINISH
c:0001 p:0000 s:0002 b:0002 l:000688 d:000688 TOP
---------------------------
-- Ruby level backtrace information ----------------------------------------
/usr/local/lib/ruby/gems/1.9.1/gems/rspec-core-2.6.4/lib/rspec/core/runner.rb:11:in `block in autorun'
/usr/local/lib/ruby/gems/1.9.1/gems/rspec-core-2.6.4/lib/rspec/core/runner.rb:69:in `run'
/usr/local/lib/ruby/gems/1.9.1/gems/rspec-core-2.6.4/lib/rspec/core/runner.rb:80:in `run_in_process'
/usr/local/lib/ruby/gems/1.9.1/gems/rspec-core-2.6.4/lib/rspec/core/command_line.rb:18:in `run'
/usr/local/lib/ruby/gems/1.9.1/gems/rspec-core-2.6.4/lib/rspec/core/configuration.rb:419:in `load_spec_files'
/usr/local/lib/ruby/gems/1.9.1/gems/rspec-core-2.6.4/lib/rspec/core/configuration.rb:419:in `map'
/usr/local/lib/ruby/gems/1.9.1/gems/rspec-core-2.6.4/lib/rspec/core/configuration.rb:419:in `block in load_spec_files'
/usr/local/lib/ruby/gems/1.9.1/gems/rspec-core-2.6.4/lib/rspec/core/configuration.rb:419:in `load'
/home/jackc/work/segfault/spec/controllers/application_controller_spec.rb:1:in `<top (required)>'
/home/jackc/work/segfault/spec/controllers/application_controller_spec.rb:1:in `require'
/home/jackc/work/segfault/spec/spec_helper.rb:10:in `<top (required)>'
/usr/local/lib/ruby/gems/1.9.1/gems/rspec-core-2.6.4/lib/rspec/core.rb:79:in `configure'
/home/jackc/work/segfault/spec/spec_helper.rb:18:in `block in <top (required)>'
/usr/local/lib/ruby/gems/1.9.1/gems/rspec-core-2.6.4/lib/rspec/core/configuration.rb:135:in `mock_with'
/usr/local/lib/ruby/gems/1.9.1/gems/rspec-core-2.6.4/lib/rspec/core/configuration.rb:176:in `mock_framework='
/usr/local/lib/ruby/gems/1.9.1/gems/activesupport-3.1.0.rc4/lib/active_support/dependencies.rb:237:in `require'
/usr/local/lib/ruby/gems/1.9.1/gems/activesupport-3.1.0.rc4/lib/active_support/dependencies.rb:225:in `load_dependency'
/usr/local/lib/ruby/gems/1.9.1/gems/activesupport-3.1.0.rc4/lib/active_support/dependencies.rb:237:in `block in require'
/usr/local/lib/ruby/gems/1.9.1/gems/activesupport-3.1.0.rc4/lib/active_support/dependencies.rb:237:in `require'
/usr/local/lib/ruby/gems/1.9.1/gems/rspec-core-2.6.4/lib/rspec/core/mocking/with_rspec.rb:1:in `<top (required)>'
/usr/local/lib/ruby/gems/1.9.1/gems/activesupport-3.1.0.rc4/lib/active_support/dependencies.rb:237:in `require'
/usr/local/lib/ruby/gems/1.9.1/gems/activesupport-3.1.0.rc4/lib/active_support/dependencies.rb:225:in `load_dependency'
/usr/local/lib/ruby/gems/1.9.1/gems/activesupport-3.1.0.rc4/lib/active_support/dependencies.rb:237:in `block in require'
/usr/local/lib/ruby/gems/1.9.1/gems/activesupport-3.1.0.rc4/lib/active_support/dependencies.rb:237:in `require'
/usr/local/lib/ruby/gems/1.9.1/gems/rspec-mocks-2.6.0/lib/rspec/mocks.rb:1:in `<top (required)>'
/usr/local/lib/ruby/gems/1.9.1/gems/activesupport-3.1.0.rc4/lib/active_support/dependencies.rb:237:in `require'
/usr/local/lib/ruby/gems/1.9.1/gems/activesupport-3.1.0.rc4/lib/active_support/dependencies.rb:225:in `load_dependency'
/usr/local/lib/ruby/gems/1.9.1/gems/activesupport-3.1.0.rc4/lib/active_support/dependencies.rb:237:in `block in require'
/usr/local/lib/ruby/gems/1.9.1/gems/activesupport-3.1.0.rc4/lib/active_support/dependencies.rb:237:in `require'
/usr/local/lib/ruby/gems/1.9.1/gems/rspec-mocks-2.6.0/lib/rspec/mocks/framework.rb:14:in `<top (required)>'
/usr/local/lib/ruby/gems/1.9.1/gems/activesupport-3.1.0.rc4/lib/active_support/dependencies.rb:237:in `require'
/usr/local/lib/ruby/gems/1.9.1/gems/activesupport-3.1.0.rc4/lib/active_support/dependencies.rb:225:in `load_dependency'
/usr/local/lib/ruby/gems/1.9.1/gems/activesupport-3.1.0.rc4/lib/active_support/dependencies.rb:237:in `block in require'
/usr/local/lib/ruby/gems/1.9.1/gems/activesupport-3.1.0.rc4/lib/active_support/dependencies.rb:237:in `require'

-- C level backtrace information -------------------------------------------
/usr/local/bin/ruby(rb_vm_bugreport+0x9e) [0x523b6e]
/usr/local/bin/ruby() [0x565508]
/usr/local/bin/ruby(rb_bug+0xb1) [0x5656a1]
/usr/local/bin/ruby() [0x4b2ca8]
/lib/libpthread.so.0(+0xf8f0) [0x7fa523e988f0]
/usr/local/bin/ruby(st_free_table+0x43) [0x4bbb33]
/usr/local/bin/ruby() [0x426cf5]
/usr/local/bin/ruby() [0x4277ed]
/usr/local/bin/ruby() [0x4c0562]
/usr/local/bin/ruby(rb_usascii_str_new+0x13) [0x4c0683]
/usr/local/bin/ruby(rb_file_expand_path+0x42) [0x5706c2]
/usr/local/bin/ruby() [0x56a63a]
/usr/local/bin/ruby(rb_require_safe+0x25d) [0x56aa8d]
/usr/local/bin/ruby() [0x51307f]
/usr/local/bin/ruby() [0x5168c1]
/usr/local/bin/ruby() [0x519499]
/usr/local/bin/ruby(rb_iseq_eval+0x1ee) [0x519aee]
/usr/local/bin/ruby() [0x569a08]
/usr/local/bin/ruby(rb_require_safe+0x647) [0x56ae77]
/usr/local/bin/ruby() [0x51307f]
/usr/local/bin/ruby() [0x5168c1]
/usr/local/bin/ruby() [0x519499]
/usr/local/bin/ruby(rb_iseq_eval+0x1ee) [0x519aee]
/usr/local/bin/ruby() [0x569a08]
/usr/local/bin/ruby(rb_require_safe+0x647) [0x56ae77]
/usr/local/bin/ruby() [0x51307f]
/usr/local/bin/ruby() [0x5168c1]
/usr/local/bin/ruby() [0x519499]
/usr/local/bin/ruby(rb_iseq_eval+0x1ee) [0x519aee]
/usr/local/bin/ruby() [0x569a08]
/usr/local/bin/ruby(rb_require_safe+0x647) [0x56ae77]
/usr/local/bin/ruby() [0x51307f]
/usr/local/bin/ruby() [0x5168c1]
/usr/local/bin/ruby() [0x519499]
/usr/local/bin/ruby(rb_iseq_eval+0x1ee) [0x519aee]
/usr/local/bin/ruby() [0x569a08]
/usr/local/bin/ruby(rb_require_safe+0x647) [0x56ae77]
/usr/local/bin/ruby() [0x51307f]
/usr/local/bin/ruby() [0x515546]
/usr/local/bin/ruby() [0x519499]
/usr/local/bin/ruby(rb_iseq_eval+0x1ee) [0x519aee]
/usr/local/bin/ruby() [0x569a08]
/usr/local/bin/ruby() [0x569b6b]
/usr/local/bin/ruby() [0x51307f]
/usr/local/bin/ruby() [0x515546]
/usr/local/bin/ruby() [0x519499]
/usr/local/bin/ruby(rb_yield+0x66) [0x521d56]
/usr/local/bin/ruby() [0x53ac15]
/usr/local/bin/ruby() [0x51307f]
/usr/local/bin/ruby() [0x515546]
/usr/local/bin/ruby() [0x519499]
/usr/local/bin/ruby(rb_vm_invoke_proc+0x9f) [0x51c38f]
/usr/local/bin/ruby(rb_exec_end_proc+0x238) [0x41c5b8]
/usr/local/bin/ruby() [0x41c684]
/usr/local/bin/ruby(ruby_cleanup+0x12d) [0x41c7fd]
/usr/local/bin/ruby(ruby_run_node+0x3d) [0x41cb0d]
/usr/local/bin/ruby(main+0x49) [0x419c49]
/lib/libc.so.6(__libc_start_main+0xfd) [0x7fa52325cc4d]
/usr/local/bin/ruby() [0x419b39]

[NOTE]
You may have encountered a bug in the Ruby interpreter or extension libraries.
Bug reports are welcome.
For details: http://www.ruby-lang.org/bugreport.html

Aborted
</pre>

I've attached the minimal rails test app I could get to fail below.


-- 
http://redmine.ruby-lang.org