From: XrXr@... Date: 2020-03-13T14:27:18+00:00 Subject: [ruby-core:97484] [Ruby master Bug#16689] [BUG] try to mark T_NONE object Issue #16689 has been updated by alanwu (Alan Wu). The repro also crashes on a [recent master](https://github.com/ruby/ruby/commit/de15a26e9e297c9cc3171b1d40ef7776ca5838df). It looks like a hash somewhere is corrupted? ``` -- C level backtrace information ------------------------------------------- ~/tip-de15a26/bin/ruby(rb_vm_bugreport+0xde6) [0x55ccbe087d96] vm_dump.c:763 ~/tip-de15a26/bin/ruby(rb_bug+0xe4) [0x55ccbdea41a3] error.c:659 ~/tip-de15a26/bin/ruby(gc_mark_ptr+0x19d) [0x55ccbdec4d5d] gc.c:5270 ~/tip-de15a26/bin/ruby(mark_keyvalue+0x41) [0x55ccbdec6291] gc.c:5301 ~/tip-de15a26/bin/ruby(apply_functor+0x13) [0x55ccbdff15a3] st.c:1565 ~/tip-de15a26/bin/ruby(rb_st_foreach) st.c:1475 ~/tip-de15a26/bin/ruby(mark_hash+0xf) [0x55ccbdec5b17] gc.c:4942 ~/tip-de15a26/bin/ruby(gc_mark_children) gc.c:5491 ~/tip-de15a26/bin/ruby(gc_mark_stacked_objects+0x31) [0x55ccbdec734d] gc.c:5612 ~/tip-de15a26/bin/ruby(gc_mark_stacked_objects_all) gc.c:5652 ~/tip-de15a26/bin/ruby(gc_marks_rest) gc.c:6552 ~/tip-de15a26/bin/ruby(gc_marks+0x8) [0x55ccbdec88d8] gc.c:6611 ~/tip-de15a26/bin/ruby(gc_start) gc.c:7396 ~/tip-de15a26/bin/ruby(garbage_collect_with_gvl+0x90) [0x55ccbdec8d70] gc.c:7293 ~/tip-de15a26/bin/ruby(objspace_malloc_fixup+0x17) [0x55ccbdecf1ab] gc.c:9865 ~/tip-de15a26/bin/ruby(ruby_xmalloc) gc.c:9905 ``` ---------------------------------------- Bug #16689: [BUG] try to mark T_NONE object https://bugs.ruby-lang.org/issues/16689#change-84632 * Author: byroot (Jean Boussier) * Status: Open * Priority: Normal * ruby -v: ruby 2.7.0p0 (2019-12-25 revision 647ee6f091) * Backport: 2.5: UNKNOWN, 2.6: UNKNOWN, 2.7: UNKNOWN ---------------------------------------- This kinds of superseeds https://bugs.ruby-lang.org/issues/16682. I'm now able to trigger what I believe to be the true root cause, without having any active TracePoint. This crash happen very reliably (over 50% of the cases) when booting our application with 2.7.0p0. Repro script: https://github.com/Shopify/ruby-repro It crashes after a semi-random amount of iterations. It also crashes on the current ruby-core master. ``` ruby/2.7.0/json/common.rb:156: [BUG] try to mark T_NONE object ruby 2.7.0p0 (2019-12-25 revision 647ee6f091) [x86_64-darwin19] -- Crash Report log information -------------------------------------------- See Crash Report log file under the one of following: * ~/Library/Logs/DiagnosticReports * /Library/Logs/DiagnosticReports for more details. Don't forget to include the above Crash Report log file in bug reports. -- Control frame information ----------------------------------------------- c:0006 p:---- s:0026 e:000025 CFUNC :parse c:0005 p:0033 s:0022 e:000021 METHOD ~/.rubies/ruby-2.7.0/lib/ruby/2.7.0/json/common.rb:156 c:0004 p:0042 s:0016 e:000013 BLOCK crash.rb:30 [FINISH] c:0003 p:---- s:0011 e:000010 CFUNC :loop c:0002 p:0041 s:0007 E:0008c8 EVAL crash.rb:28 [FINISH] c:0001 p:0000 s:0003 E:0014a0 (none) [FINISH] -- Ruby level backtrace information ---------------------------------------- crash.rb:28:in `
' crash.rb:28:in `loop' crash.rb:30:in `block in
' ~/.rubies/ruby-2.7.0/lib/ruby/2.7.0/json/common.rb:156:in `parse' ~/.rubies/ruby-2.7.0/lib/ruby/2.7.0/json/common.rb:156:in `parse' -- C level backtrace information ------------------------------------------- ~/.rubies/ruby-2.7.0/bin/ruby(rb_vm_bugreport+0x96) [0x1057dd1f6] ~/.rubies/ruby-2.7.0/bin/ruby(rb_bug+0xcc) [0x1057e9b86] ~/.rubies/ruby-2.7.0/bin/ruby(gc_mark_ptr+0x17a) [0x10563b72a] ~/.rubies/ruby-2.7.0/bin/ruby(mark_keyvalue+0x49) [0x10563c4d9] ~/.rubies/ruby-2.7.0/bin/ruby(st_general_foreach+0xa9) [0x105747389] ~/.rubies/ruby-2.7.0/bin/ruby(rb_st_foreach+0x33) [0x105747a53] ~/.rubies/ruby-2.7.0/bin/ruby(gc_mark_children+0x8e8) [0x105631078] ~/.rubies/ruby-2.7.0/bin/ruby(gc_mark_stacked_objects_incremental+0x9e) [0x105639e0e] ~/.rubies/ruby-2.7.0/bin/ruby(newobj_slowpath+0x50f) [0x105636e9f] ~/.rubies/ruby-2.7.0/bin/ruby(newobj_slowpath_wb_protected+0x14) [0x105636964] ~/.rubies/ruby-2.7.0/bin/ruby(rb_str_buf_new+0x1e) [0x10575314e] ~/.rubies/ruby-2.7.0/lib/ruby/2.7.0/x86_64-darwin19/json/ext/parser.bundle(JSON_parse_string+0x35) [0x109082e35] ~/.rubies/ruby-2.7.0/lib/ruby/2.7.0/x86_64-darwin19/json/ext/parser.bundle(JSON_parse_value+0x437) [0x109081487] ~/.rubies/ruby-2.7.0/lib/ruby/2.7.0/x86_64-darwin19/json/ext/parser.bundle(JSON_parse_value+0xee7) [0x109081f37] ~/.rubies/ruby-2.7.0/lib/ruby/2.7.0/x86_64-darwin19/json/ext/parser.bundle(JSON_parse_value+0xee7) [0x109081f37] ~/.rubies/ruby-2.7.0/lib/ruby/2.7.0/x86_64-darwin19/json/ext/parser.bundle(JSON_parse_value+0xee7) [0x109081f37] ~/.rubies/ruby-2.7.0/lib/ruby/2.7.0/x86_64-darwin19/json/ext/parser.bundle(JSON_parse_value+0xee7) [0x109081f37] ~/.rubies/ruby-2.7.0/lib/ruby/2.7.0/x86_64-darwin19/json/ext/parser.bundle(JSON_parse_value+0xee7) [0x109081f37] ~/.rubies/ruby-2.7.0/lib/ruby/2.7.0/x86_64-darwin19/json/ext/parser.bundle(JSON_parse_value+0xee7) [0x109081f37] ~/.rubies/ruby-2.7.0/lib/ruby/2.7.0/x86_64-darwin19/json/ext/parser.bundle(JSON_parse_value+0xee7) [0x109081f37] ~/.rubies/ruby-2.7.0/lib/ruby/2.7.0/x86_64-darwin19/json/ext/parser.bundle(cParser_parse+0x142) [0x109080c62] ~/.rubies/ruby-2.7.0/bin/ruby(vm_call_cfunc+0x170) [0x1057ce220] ~/.rubies/ruby-2.7.0/bin/ruby(vm_exec_core+0x38df) [0x1057b40af] ~/.rubies/ruby-2.7.0/bin/ruby(rb_vm_exec+0xadc) [0x1057c903c] ~/.rubies/ruby-2.7.0/bin/ruby(loop_i+0x29) [0x1057d8f99] ~/.rubies/ruby-2.7.0/bin/ruby(rb_vrescue2+0x114) [0x10561b024] ~/.rubies/ruby-2.7.0/bin/ruby(rb_rescue2+0x7b) [0x10561aeeb] ~/.rubies/ruby-2.7.0/bin/ruby(vm_call_cfunc+0x170) [0x1057ce220] ~/.rubies/ruby-2.7.0/bin/ruby(vm_exec_core+0x3782) [0x1057b3f52] ~/.rubies/ruby-2.7.0/bin/ruby(rb_vm_exec+0xadc) [0x1057c903c] ~/.rubies/ruby-2.7.0/bin/ruby(rb_ec_exec_node+0xc6) [0x10561a5a6] ~/.rubies/ruby-2.7.0/bin/ruby(ruby_run_node+0x55) [0x10561a485] ~/.rubies/ruby-2.7.0/bin/ruby(main+0x5d) [0x105571c9d] ``` -- https://bugs.ruby-lang.org/ Unsubscribe: