Project

General

Profile

Bug #11352

Sample code Garbage collection dies with an address is T_NONE

Added by fgifford (Frank Gifford) about 4 years ago. Updated almost 4 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Target version:
-
ruby -v:
2.2.2p95
[ruby-core:69969]

Files

crash.rb (4.53 KB) crash.rb Sample crash file fgifford (Frank Gifford), 07/14/2015 08:15 PM
crash_out (9.48 KB) crash_out ./crash.rb > crash_out 2>&1 fgifford (Frank Gifford), 07/14/2015 08:15 PM

Related issues

Related to Ruby master - Bug #7466: Hashの大きさによってHash#keysでvalueが返ることがあるClosed11/29/2012Actions
Related to Ruby master - Bug #11411: Crash in rb_gc_mark() during Rails app boot with GC.stress=1ClosedActions

Associated revisions

Revision aab3599d
Added by nobu (Nobuyoshi Nakada) about 4 years ago

vm.c: fix mark with rewinding cfp

  • vm.c (m_core_hash_merge_ptr): copy the arguments to the machine stack before rewinding the control frame pointer and leaving the arguments outside valid region of the value stack. [ruby-core:69969] [Bug #11352]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51263 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

Revision 51263
Added by nobu (Nobuyoshi Nakada) about 4 years ago

vm.c: fix mark with rewinding cfp

  • vm.c (m_core_hash_merge_ptr): copy the arguments to the machine stack before rewinding the control frame pointer and leaving the arguments outside valid region of the value stack. [ruby-core:69969] [Bug #11352]

Revision 51263
Added by nobu (Nobuyoshi Nakada) about 4 years ago

vm.c: fix mark with rewinding cfp

  • vm.c (m_core_hash_merge_ptr): copy the arguments to the machine stack before rewinding the control frame pointer and leaving the arguments outside valid region of the value stack. [ruby-core:69969] [Bug #11352]

Revision 51263
Added by nobu (Nobuyoshi Nakada) about 4 years ago

vm.c: fix mark with rewinding cfp

  • vm.c (m_core_hash_merge_ptr): copy the arguments to the machine stack before rewinding the control frame pointer and leaving the arguments outside valid region of the value stack. [ruby-core:69969] [Bug #11352]

Revision 51263
Added by nobu (Nobuyoshi Nakada) about 4 years ago

vm.c: fix mark with rewinding cfp

  • vm.c (m_core_hash_merge_ptr): copy the arguments to the machine stack before rewinding the control frame pointer and leaving the arguments outside valid region of the value stack. [ruby-core:69969] [Bug #11352]

Revision 51263
Added by nobu (Nobuyoshi Nakada) about 4 years ago

vm.c: fix mark with rewinding cfp

  • vm.c (m_core_hash_merge_ptr): copy the arguments to the machine stack before rewinding the control frame pointer and leaving the arguments outside valid region of the value stack. [ruby-core:69969] [Bug #11352]

Revision b3e9fce0
Added by nobu (Nobuyoshi Nakada) about 4 years ago

vm.c: fix mark with rewinding cfp

  • vm.c (REWIND_CFP): keep the arguments region inside the valid value stack. [ruby-core:69969] [Bug #11352]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51264 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

Revision 51264
Added by nobu (Nobuyoshi Nakada) about 4 years ago

vm.c: fix mark with rewinding cfp

  • vm.c (REWIND_CFP): keep the arguments region inside the valid value stack. [ruby-core:69969] [Bug #11352]

Revision 51264
Added by nobu (Nobuyoshi Nakada) about 4 years ago

vm.c: fix mark with rewinding cfp

  • vm.c (REWIND_CFP): keep the arguments region inside the valid value stack. [ruby-core:69969] [Bug #11352]

Revision 51264
Added by nobu (Nobuyoshi Nakada) about 4 years ago

vm.c: fix mark with rewinding cfp

  • vm.c (REWIND_CFP): keep the arguments region inside the valid value stack. [ruby-core:69969] [Bug #11352]

Revision 51264
Added by nobu (Nobuyoshi Nakada) about 4 years ago

vm.c: fix mark with rewinding cfp

  • vm.c (REWIND_CFP): keep the arguments region inside the valid value stack. [ruby-core:69969] [Bug #11352]

Revision 51264
Added by nobu (Nobuyoshi Nakada) about 4 years ago

vm.c: fix mark with rewinding cfp

  • vm.c (REWIND_CFP): keep the arguments region inside the valid value stack. [ruby-core:69969] [Bug #11352]

Revision e49c2e35
Added by nagachika (Tomoyuki Chikanaga) almost 4 years ago

merge revision(s) 51263,51264: [Backport #11352]

    * vm.c (m_core_hash_merge_ptr): copy the arguments to the machine
      stack before rewinding the control frame pointer and leaving the
      arguments outside valid region of the value stack.
      [ruby-core:69969] [Bug #11352]

    * vm.c (REWIND_CFP): keep the arguments region inside the valid
      value stack.  [ruby-core:69969] [Bug #11352]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_2@51521 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

Revision 51521
Added by nagachika (Tomoyuki Chikanaga) almost 4 years ago

merge revision(s) 51263,51264: [Backport #11352]

* vm.c (m_core_hash_merge_ptr): copy the arguments to the machine
  stack before rewinding the control frame pointer and leaving the
  arguments outside valid region of the value stack.
  [ruby-core:69969] [Bug #11352]

* vm.c (REWIND_CFP): keep the arguments region inside the valid
  value stack.  [ruby-core:69969] [Bug #11352]

Revision 59f1eaaf
Added by usa (Usaku NAKAMURA) almost 4 years ago

merge revision(s) 51263,51264: [Backport #11352]

    * vm.c (m_core_hash_merge_ptr): copy the arguments to the machine
      stack before rewinding the control frame pointer and leaving the
      arguments outside valid region of the value stack.
      [ruby-core:69969] [Bug #11352]

    * vm.c (REWIND_CFP): keep the arguments region inside the valid
      value stack.  [ruby-core:69969] [Bug #11352]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_1@51601 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

Revision 51601
Added by usa (Usaku NAKAMURA) almost 4 years ago

merge revision(s) 51263,51264: [Backport #11352]

* vm.c (m_core_hash_merge_ptr): copy the arguments to the machine
  stack before rewinding the control frame pointer and leaving the
  arguments outside valid region of the value stack.
  [ruby-core:69969] [Bug #11352]

* vm.c (REWIND_CFP): keep the arguments region inside the valid
  value stack.  [ruby-core:69969] [Bug #11352]

History

Updated by fgifford (Frank Gifford) about 4 years ago

  • File crash.rb crash.rb added
  • File crash_out crash_out added
  • Subject changed from Sample code Garbage collection dies with a to Sample code Garbage collection dies with an address is T_NONE
  • ruby -v set to 2.2.2p95

 ./crash.rb
./crash.rb:5: [BUG] rb_gc_mark(): 0x85e344c is T_NONE
ruby 2.2.2p95 (2015-04-13 revision 50295) [i686-linux]

I was able to create a crash.rb file (attached) that would generate a crash. Essentially, we create a large hash of 131 entries in a method and then discard it. Having 130 entries did not seem to make the crash happen. The crash happens right away.

This was first noticed for sure in 2.1.3, it probably exists in 2.1.6 and I verified it here with 2.2.2p95

I believe this may be related to other bugs such as 10803, 10827, and 10163.

Updated by wanabe (_ wanabe) about 4 years ago

ruby -e 'puts "GC.stress = true; {", *(1..128).map {|i| "#{i} => 0," }, "129 => [],", "130 => [],", "131 => [],", "}"' | ruby

It causes similer [BUG] on ruby 2.2.2p95 (2015-04-13 revision 50295) [x86_64-darwin14] and ruby 2.3.0dev (2015-07-15 trunk 51015) [x86_64-darwin14].
I guess hash.length should be >= 131, and 129th (and also 130th and 131st ?) item of hash should be a target of GC.

#3

Updated by nobu (Nobuyoshi Nakada) about 4 years ago

  • Related to Bug #7466: Hashの大きさによってHash#keysでvalueが返ることがある added

Updated by nobu (Nobuyoshi Nakada) about 4 years ago

  • Backport changed from 2.0.0: UNKNOWN, 2.1: UNKNOWN, 2.2: UNKNOWN to 2.0.0: WONTFIX, 2.1: REQUIRED, 2.2: REQUIRED
#5

Updated by nobu (Nobuyoshi Nakada) about 4 years ago

  • Status changed from Open to Closed

Applied in changeset r51263.


vm.c: fix mark with rewinding cfp

  • vm.c (m_core_hash_merge_ptr): copy the arguments to the machine stack before rewinding the control frame pointer and leaving the arguments outside valid region of the value stack. [ruby-core:69969] [Bug #11352]
#6

Updated by wanabe (_ wanabe) almost 4 years ago

  • Related to Bug #11411: Crash in rb_gc_mark() during Rails app boot with GC.stress=1 added

Updated by nagachika (Tomoyuki Chikanaga) almost 4 years ago

  • Backport changed from 2.0.0: WONTFIX, 2.1: REQUIRED, 2.2: REQUIRED to 2.0.0: WONTFIX, 2.1: REQUIRED, 2.2: DONE

Backported into ruby_2_2 branch at r51521.

#8

Updated by usa (Usaku NAKAMURA) almost 4 years ago

  • Backport changed from 2.0.0: WONTFIX, 2.1: REQUIRED, 2.2: DONE to 2.0.0: WONTFIX, 2.1: DONE, 2.2: DONE

ruby_2_1 r51601 merged revision(s) 51263,51264.

Also available in: Atom PDF