From: xkernigh@... Date: 2017-09-06T19:29:00+00:00 Subject: [ruby-core:82681] [Ruby trunk Bug#13875] segfault in Enumerable#zip after GC Issue #13875 has been reported by kernigh (George Koehler). ---------------------------------------- Bug #13875: segfault in Enumerable#zip after GC https://bugs.ruby-lang.org/issues/13875 * Author: kernigh (George Koehler) * Status: Open * Priority: Normal * Assignee: * Target version: * ruby -v: ruby 2.5.0dev (2017-09-06 trunk 59764) [x86_64-openbsd6.1] * Backport: 2.2: UNKNOWN, 2.3: UNKNOWN, 2.4: UNKNOWN ---------------------------------------- There is a chance of segmentation fault in Enumerable#zip after garbage collection. This script reproduces the crash. ```ruby GC.stress = true up = 1.upto(10) down = 10.downto(1) up.zip(down) {|a, b| a + b == 11 or fail 'oops'} ``` ``` $ ruby crash.rb crash.rb:5: [BUG] Segmentation fault at 0x0000000000000000 ruby 2.5.0dev (2017-09-06 trunk 59764) [x86_64-openbsd6.1] -- Control frame information ----------------------------------------------- c:0006 p:---- s:0023 e:000021 IFUNC c:0005 p:---- s:0019 e:000018 CFUNC :upto c:0004 p:---- s:0016 e:000015 CFUNC :each c:0003 p:---- s:0013 e:000012 CFUNC :zip c:0002 p:0045 s:0008 E:000590 EVAL crash.rb:5 [FINISH] c:0001 p:0000 s:0003 E:0004f0 (none) [FINISH] -- Ruby level backtrace information ---------------------------------------- crash.rb:5:in `
' crash.rb:5:in `zip' crash.rb:5:in `each' crash.rb:5:in `upto' -- Other runtime information ----------------------------------------------- * Loaded script: crash.rb * Loaded features: 0 enumerator.so 1 thread.rb 2 rational.so 3 complex.so 4 /home/kernigh/prefix/lib/ruby/2.5.0/x86_64-openbsd6.1/enc/encdb.so 5 /home/kernigh/prefix/lib/ruby/2.5.0/x86_64-openbsd6.1/enc/trans/transdb.so 6 /home/kernigh/prefix/lib/ruby/2.5.0/x86_64-openbsd6.1/rbconfig.rb 7 /home/kernigh/prefix/lib/ruby/2.5.0/rubygems/compatibility.rb 8 /home/kernigh/prefix/lib/ruby/2.5.0/rubygems/defaults.rb 9 /home/kernigh/prefix/lib/ruby/2.5.0/rubygems/deprecate.rb 10 /home/kernigh/prefix/lib/ruby/2.5.0/rubygems/errors.rb 11 /home/kernigh/prefix/lib/ruby/2.5.0/rubygems/version.rb 12 /home/kernigh/prefix/lib/ruby/2.5.0/rubygems/requirement.rb 13 /home/kernigh/prefix/lib/ruby/2.5.0/rubygems/platform.rb 14 /home/kernigh/prefix/lib/ruby/2.5.0/rubygems/basic_specification.rb 15 /home/kernigh/prefix/lib/ruby/2.5.0/rubygems/stub_specification.rb 16 /home/kernigh/prefix/lib/ruby/2.5.0/rubygems/util/list.rb 17 /home/kernigh/prefix/lib/ruby/2.5.0/x86_64-openbsd6.1/stringio.so 18 /home/kernigh/prefix/lib/ruby/2.5.0/rubygems/specification.rb 19 /home/kernigh/prefix/lib/ruby/2.5.0/rubygems/exceptions.rb 20 /home/kernigh/prefix/lib/ruby/2.5.0/rubygems/dependency.rb 21 /home/kernigh/prefix/lib/ruby/2.5.0/rubygems/core_ext/kernel_gem.rb 22 /home/kernigh/prefix/lib/ruby/2.5.0/monitor.rb 23 /home/kernigh/prefix/lib/ruby/2.5.0/rubygems/core_ext/kernel_require.rb 24 /home/kernigh/prefix/lib/ruby/2.5.0/rubygems.rb 25 /home/kernigh/prefix/lib/ruby/2.5.0/rubygems/path_support.rb [NOTE] You may have encountered a bug in the Ruby interpreter or extension libraries. Bug reports are welcome. For details: http://www.ruby-lang.org/bugreport.html Abort trap (core dumped) $ gdb ruby ruby.core GNU gdb 6.3 Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "amd64-unknown-openbsd6.1"... Core was generated by `ruby'. Program terminated with signal 6, Aborted. Reading symbols from /usr/lib/libpthread.so.23.0...done. Loaded symbols for /usr/lib/libpthread.so.23.0 Loaded symbols for /home/kernigh/prefix/bin/ruby Reading symbols from /usr/lib/libm.so.10.0...done. Loaded symbols for /usr/lib/libm.so.10.0 Symbols already loaded for /usr/lib/libpthread.so.23.0 Reading symbols from /usr/lib/libc.so.89.3...done. Loaded symbols for /usr/lib/libc.so.89.3 Reading symbols from /usr/libexec/ld.so...done. Loaded symbols for /usr/libexec/ld.so Reading symbols from /home/kernigh/prefix/lib/ruby/2.5.0/x86_64-openbsd6.1/enc/encdb.so...done. Loaded symbols for /home/kernigh/prefix/lib/ruby/2.5.0/x86_64-openbsd6.1/enc/encdb.so Reading symbols from /home/kernigh/prefix/lib/ruby/2.5.0/x86_64-openbsd6.1/enc/trans/transdb.so...done. Loaded symbols for /home/kernigh/prefix/lib/ruby/2.5.0/x86_64-openbsd6.1/enc/trans/transdb.so Reading symbols from /home/kernigh/prefix/lib/ruby/2.5.0/x86_64-openbsd6.1/stringio.so...done. Loaded symbols for /home/kernigh/prefix/lib/ruby/2.5.0/x86_64-openbsd6.1/stringio.so #0 0x00001fdd990d45fa in thrkill () at {standard input}:5 5 {standard input}: No such file or directory. in {standard input} (gdb) bt #0 0x00001fdd990d45fa in thrkill () at {standard input}:5 #1 0x00001fdd9912a549 in *_libc_abort () at /usr/src/lib/libc/stdlib/abort.c:52 #2 0x00001fdaa5b0abe1 in rb_bug_context (ctx=0x1fdcb77b1c80, fmt=0x1fdaa5c5a905 "Segmentation fault at %p") at ../ruby/error.c:511 #3 0x00001fdaa5a01bc6 in sigsegv (sig=11, info=0x1fdcb77b1d70, ctx=0x1fdcb77b1c80) at ../ruby/signal.c:932 #4 #5 rb_id_table_lookup (tbl=0x0, id=152, valp=0x7f7ffffdfd30) at id_table.c:131 #6 0x00001fdaa5a85f54 in vm_respond_to (th=0x1fdd2e063800, klass=35034836138920, obj=35034836139360, id=3137, priv=1) at vm_method.c:182 #7 0x00001fdaa5a877a6 in rb_check_funcall_default (recv=35034836139360, mid=3137, argc=0, argv=0x0, def=52) at vm_eval.c:347 #8 0x00001fdaa5974198 in rb_check_convert_type_with_id (val=35034836139360, type=7, tname=0x1fdaa5c3b9ad "Array", method=3137) at ../ruby/object.c:2891 #9 0x00001fdaa5a70251 in vm_callee_setup_block_arg (th=0x1fdd2e063800, calling=0x7f7ffffdff60, ci=Variable "ci" is not available. ) at vm_insnhelper.c:2563 #10 0x00001fdaa5a7dcd9 in rb_yield_force_blockarg (values=Variable "values" is not available. ) at vm_insnhelper.c:2626 #11 0x00001fdaa5afd562 in zip_i (val=Variable "val" is not available. ) at ../ruby/enum.c:59 #12 0x00001fdaa5a6b18f in vm_yield_with_cfunc (th=0x1fdd2e063800, captured=0x1fdda3995f88, self=35035751942480, argc=1, argv=0x7f7ffffe0120, ---Type to continue, or q to quit--- block_handler=Variable "block_handler" is not available. ) at vm_insnhelper.c:2532 #13 0x00001fdaa5a7d8e1 in rb_yield (val=Variable "val" is not available. ) at ../ruby/vm.c:1057 #14 0x00001fdaa595fc61 in int_upto (from=3, to=21) at ../ruby/numeric.c:4884 #15 0x00001fdaa5a7fbfe in vm_call0_body (th=0x1fdd2e063800, calling=Variable "calling" is not available. ) at vm_eval.c:86 #16 0x00001fdaa5a8ab0c in iterate_method (obj=Variable "obj" is not available. ) at vm_eval.c:59 #17 0x00001fdaa5a73053 in rb_iterate0 ( it_proc=0x1fdaa5a8aa10 , data1=140187732411696, ifunc=0x0, th=0x1fdd2e063800) at vm_eval.c:1129 #18 0x00001fdaa5a734eb in rb_block_call (obj=Variable "obj" is not available. ) at vm_eval.c:1161 #19 0x00001fdaa5a7fbfe in vm_call0_body (th=0x1fdd2e063800, calling=Variable "calling" is not available. ) at vm_eval.c:86 #20 0x00001fdaa5a8ab0c in iterate_method (obj=Variable "obj" is not available. ) at vm_eval.c:59 #21 0x00001fdaa5a73053 in rb_iterate0 ( it_proc=0x1fdaa5a8aa10 , data1=140187732412640, ifunc=0x1fdd2ef67d88, th=0x1fdd2e063800) at vm_eval.c:1129 #22 0x00001fdaa5a734eb in rb_block_call (obj=Variable "obj" is not available. ) at vm_eval.c:1161 #23 0x00001fdaa5afacb0 in enum_zip (argc=1, argv=Variable "argv" is not available. ) at ../ruby/enum.c:2664 #24 0x00001fdaa5a6d681 in vm_call_cfunc_with_frame (th=0x1fdd2e063800, reg_cfp=0x1fdda3995fa0, calling=Variable "calling" is not available. ) at vm_insnhelper.c:1903 #25 0x00001fdaa5a8c164 in vm_call_method_each_type (th=0x1fdd2e063800, cfp=0x1fdda3995fa0, calling=0x7f7ffffe0e70, ci=0x1fdd52984f70, cc=0x1fdda51bc178) at vm_insnhelper.c:1919 ---Type to continue, or q to quit--- #26 0x00001fdaa5a8d4ae in vm_call_general (th=0x1fdd2e063800, reg_cfp=0x1fdda3995fa0, calling=0x7f7ffffe0e70, ci=0x1fdd52984f70, cc=0x1fdda51bc178) at vm_insnhelper.c:2367 #27 0x00001fdaa5a76701 in vm_exec_core (th=0x1fdd2e063800, initial=Variable "initial" is not available. ) at insns.def:789 #28 0x00001fdaa5a7b505 in vm_exec (th=0x1fdd2e063800) at ../ruby/vm.c:1793 #29 0x00001fdaa590319d in ruby_exec_internal (n=0x1fdd658c9990) at ../ruby/eval.c:246 #30 0x00001fdaa59073e0 in ruby_run_node (n=Variable "n" is not available. ) at ../ruby/eval.c:310 #31 0x00001fdaa59015b4 in main (argc=2, argv=0x7f7ffffe11f8) at ../ruby/main.c:42 Current language: auto; currently asm (gdb) ``` -- https://bugs.ruby-lang.org/ Unsubscribe: