Bug #12507
closedrandom SEGV in kernel.system when called with long parametre list
Description
Hello.
kernel.system randomly SEGV when called with long parametre list. list length
that causes SEGV (or other error) varies from system to system, and to a lesser
extent, from one run to another.
Here is how to reproduce:
#! /usr/bin/env ruby
# encoding: utf-8
# vim: se ts=2 sw=2 et:
[#[4, 4],[4,2],
[35, 17], [14, 4], [30, 3], [17, 10], [4, 2], [10, 5], [14, 3]
].each do |li|
len, incr = li
cmd=[ '/bin/true' ]
arg='a' * len + ' '
puts "======== #{arg}(#{len}) #{incr}"
3000.times do |i|
print "\r#{i} #{cmd.length} "
break unless system *cmd
cmd += (arg * incr).split ' '
end
puts ''
end
The fatal iteration varies between runs of the code. On
slow machines, (my raspberry pi 3), this code fails
for [4, 4], while my i7 laptop prefers to SEGV for [14,4].
Is this a timing issue ?
Affected ruby seem to be only 2.2 series. I could not reproduce
the behavior on 2.1 or 2.3 ruby. all rubies are installed with rvm.
Here is the list of affected systems I have access to:
- OSX El Capitan
- ruby 2.2.1p85 (2015-02-26 revision 49769) [x86_64-darwin14]
- ruby 2.2.5p319 (2016-04-26 revision 54774) [x86_64-darwin15]
- Ubuntu Gnu/Linux 14.04.4
- ruby 2.2.0p0 (2014-12-25 revision 49005) [x86_64-linux]
- ruby 2.2.3p173 (2015-08-18 revision 51636) [x86_64-linux]
- ruby 2.2.4p230 (2015-12-16 revision 53155) [x86_64-linux]
- ruby 2.2.5p319 (2016-04-26 revision 54774) [x86_64-linux]
- Raspian 8.0
- ruby 2.2.0p0 (2014-12-25 revision 49005) [armv6l-linux-eabihf] .Was compiled under Raspbian 7
- ruby 2.2.4p230 (2015-12-16 revision 53155) [armv6l-linux-eabihf]
- ruby 2.2.5p319 (2016-04-26 revision 54774) [armv7l-linux-eabihf]
Output could be this
moi@meduseld:~$ /tmp/a
======== aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa (35) 17
2999 50984
======== aaaaaaaaaaaaaa (14) 4
139 557 /tmp/a:14: [BUG] Segmentation fault at 0x00616161616191
ruby 2.2.5p319 (2016-04-26 revision 54774) [x86_64-linux]
-- Control frame information -----------------------------------------------
c:0007 p:---- s:0580 e:000579 CFUNC :system
c:0006 p:0033 s:0020 e:000019 BLOCK /tmp/a:14 [FINISH]
c:0005 p:---- s:0017 e:000016 CFUNC :times
c:0004 p:0064 s:0014 e:000013 BLOCK /tmp/a:12 [FINISH]
c:0003 p:---- s:0007 e:000006 CFUNC :each
c:0002 p:0020 s:0004 E:002360 EVAL /tmp/a:7 [FINISH]
c:0001 p:0000 s:0002 E:002660 TOP [FINISH]
-- Ruby level backtrace information ----------------------------------------
/tmp/a:7:in `<main>'
/tmp/a:7:in `each'
/tmp/a:12:in `block in <main>'
/tmp/a:12:in `times'
/tmp/a:14:in `block (2 levels) in <main>'
/tmp/a:14:in `system'
-- Machine register context ------------------------------------------------
RIP: 0x00007fc40509c354 RBP: 0x0000000000000000 RSP: 0x00007ffe460a44d0
RAX: 0x0000000000a72eb0 RBX: 0x00000000009ff5d0 RCX: 0x0000000000000085
RDX: 0x0000616161616161 RDI: 0x0000000001288b50 RSI: 0x0000000000000c41
R8: 0x0000000000000000 R9: 0x000000000000003f R10: 0x00007fc404c37a70
R11: 0x0000000000000000 R12: 0x0000000000000c41 R13: 0x00007fc4050e7356
R14: 0x0000000001288b50 R15: 0x0000000001288b28 EFL: 0x0000000000010246
-- C level backtrace information -------------------------------------------
/home/moi/.rvm/rubies/ruby-2.2.5/bin/../lib/libruby.so.2.2(rb_vm_bugreport+0x51f) [0x7fc4050a6f7f] vm_dump.c:693
/home/moi/.rvm/rubies/ruby-2.2.5/bin/../lib/libruby.so.2.2(rb_bug_context+0xcb) [0x7fc404f3a17b] error.c:425
/home/moi/.rvm/rubies/ruby-2.2.5/bin/../lib/libruby.so.2.2(sigsegv+0x3e) [0x7fc40501ba5e] signal.c:879
/lib/x86_64-linux-gnu/libc.so.6 [0x7fc404b2dcb0]
/home/moi/.rvm/rubies/ruby-2.2.5/bin/../lib/libruby.so.2.2(rb_check_funcall+0x144) [0x7fc40509c354] vm_method.c:652
/home/moi/.rvm/rubies/ruby-2.2.5/bin/../lib/libruby.so.2.2(rb_convert_type+0x5d) [0x7fc404fa7ffd] object.c:2619
/home/moi/.rvm/rubies/ruby-2.2.5/bin/../lib/libruby.so.2.2(rb_string_value+0x32) [0x7fc405032c72] string.c:1685
/home/moi/.rvm/rubies/ruby-2.2.5/bin/../lib/libruby.so.2.2(rb_string_value_cstr+0x13) [0x7fc405036743] string.c:1738
/home/moi/.rvm/rubies/ruby-2.2.5/bin/../lib/libruby.so.2.2(rb_exec_fillarg+0x560) [0x7fc404fd1b50] process.c:2212
/home/moi/.rvm/rubies/ruby-2.2.5/bin/../lib/libruby.so.2.2(rb_execarg_init+0x1d7) [0x7fc404fd1db7] process.c:2268
/home/moi/.rvm/rubies/ruby-2.2.5/bin/../lib/libruby.so.2.2(rb_execarg_new+0x55) [0x7fc404fd1f35] process.c:2246
/home/moi/.rvm/rubies/ruby-2.2.5/bin/../lib/libruby.so.2.2(rb_f_system+0x3d) [0x7fc404fd3cdd] process.c:3935
/home/moi/.rvm/rubies/ruby-2.2.5/bin/../lib/libruby.so.2.2(vm_call_cfunc+0x11e) [0x7fc40508ef5e] vm_insnhelper.c:1380
/home/moi/.rvm/rubies/ruby-2.2.5/bin/../lib/libruby.so.2.2(vm_exec_core+0x2613) [0x7fc405096f83] insns.def:1070
/home/moi/.rvm/rubies/ruby-2.2.5/bin/../lib/libruby.so.2.2(vm_exec+0x82) [0x7fc40509a592] vm.c:1440
/home/moi/.rvm/rubies/ruby-2.2.5/bin/../lib/libruby.so.2.2(rb_yield+0x497) [0x7fc4050a1717] vm.c:818
/home/moi/.rvm/rubies/ruby-2.2.5/bin/../lib/libruby.so.2.2(int_dotimes+0x3e) [0x7fc404f9a4de] numeric.c:3868
/home/moi/.rvm/rubies/ruby-2.2.5/bin/../lib/libruby.so.2.2(vm_call_cfunc+0x11e) [0x7fc40508ef5e] vm_insnhelper.c:1380
/home/moi/.rvm/rubies/ruby-2.2.5/bin/../lib/libruby.so.2.2(vm_exec_core+0x12f8) [0x7fc405095c68] insns.def:1040
/home/moi/.rvm/rubies/ruby-2.2.5/bin/../lib/libruby.so.2.2(vm_exec+0x82) [0x7fc40509a592] vm.c:1440
/home/moi/.rvm/rubies/ruby-2.2.5/bin/../lib/libruby.so.2.2(rb_yield+0x497) [0x7fc4050a1717] vm.c:818
/home/moi/.rvm/rubies/ruby-2.2.5/bin/../lib/libruby.so.2.2(rb_ary_each+0x52) [0x7fc404eeba42] array.c:1814
/home/moi/.rvm/rubies/ruby-2.2.5/bin/../lib/libruby.so.2.2(vm_call_cfunc+0x11e) [0x7fc40508ef5e] vm_insnhelper.c:1380
/home/moi/.rvm/rubies/ruby-2.2.5/bin/../lib/libruby.so.2.2(vm_call_method+0x11e) [0x7fc4050a53be] vm_insnhelper.c:1689
/home/moi/.rvm/rubies/ruby-2.2.5/bin/../lib/libruby.so.2.2(vm_exec_core+0x12f8) [0x7fc405095c68] insns.def:1040
/home/moi/.rvm/rubies/ruby-2.2.5/bin/../lib/libruby.so.2.2(vm_exec+0x82) [0x7fc40509a592] vm.c:1440
/home/moi/.rvm/rubies/ruby-2.2.5/bin/../lib/libruby.so.2.2(rb_iseq_eval_main+0x1f3) [0x7fc40509bbe3] vm.c:1685
/home/moi/.rvm/rubies/ruby-2.2.5/bin/../lib/libruby.so.2.2(ruby_exec_internal+0xc4) [0x7fc404f3f8f4] eval.c:254
/home/moi/.rvm/rubies/ruby-2.2.5/bin/../lib/libruby.so.2.2(ruby_exec_node+0x1d) [0x7fc404f41add] eval.c:319
/home/moi/.rvm/rubies/ruby-2.2.5/bin/../lib/libruby.so.2.2(ruby_run_node+0x1c) [0x7fc404f4434c] eval.c:311
/home/moi/.rvm/rubies/ruby-2.2.5/bin/ruby(main+0x4b) [0x40087b] main.c:36
-- Other runtime information -----------------------------------------------
* Loaded script: /tmp/a
* Loaded features:
0 enumerator.so
1 rational.so
2 complex.so
3 /home/moi/.rvm/rubies/ruby-2.2.5/lib/ruby/2.2.0/x86_64-linux/enc/encdb.so
4 /home/moi/.rvm/rubies/ruby-2.2.5/lib/ruby/2.2.0/x86_64-linux/enc/trans/transdb.so
5 /home/moi/.rvm/rubies/ruby-2.2.5/lib/ruby/2.2.0/unicode_normalize.rb
6 /home/moi/.rvm/rubies/ruby-2.2.5/lib/ruby/2.2.0/x86_64-linux/rbconfig.rb
7 thread.rb
8 /home/moi/.rvm/rubies/ruby-2.2.5/lib/ruby/2.2.0/x86_64-linux/thread.so
9 /home/moi/.rvm/rubies/ruby-2.2.5/lib/ruby/site_ruby/2.2.0/rubygems/compatibility.rb
10 /home/moi/.rvm/rubies/ruby-2.2.5/lib/ruby/site_ruby/2.2.0/rubygems/defaults.rb
11 /home/moi/.rvm/rubies/ruby-2.2.5/lib/ruby/site_ruby/2.2.0/rubygems/deprecate.rb
12 /home/moi/.rvm/rubies/ruby-2.2.5/lib/ruby/site_ruby/2.2.0/rubygems/errors.rb
13 /home/moi/.rvm/rubies/ruby-2.2.5/lib/ruby/site_ruby/2.2.0/rubygems/version.rb
14 /home/moi/.rvm/rubies/ruby-2.2.5/lib/ruby/site_ruby/2.2.0/rubygems/requirement.rb
15 /home/moi/.rvm/rubies/ruby-2.2.5/lib/ruby/site_ruby/2.2.0/rubygems/platform.rb
16 /home/moi/.rvm/rubies/ruby-2.2.5/lib/ruby/site_ruby/2.2.0/rubygems/basic_specification.rb
17 /home/moi/.rvm/rubies/ruby-2.2.5/lib/ruby/site_ruby/2.2.0/rubygems/stub_specification.rb
18 /home/moi/.rvm/rubies/ruby-2.2.5/lib/ruby/site_ruby/2.2.0/rubygems/util/stringio.rb
19 /home/moi/.rvm/rubies/ruby-2.2.5/lib/ruby/site_ruby/2.2.0/rubygems/specification.rb
20 /home/moi/.rvm/rubies/ruby-2.2.5/lib/ruby/site_ruby/2.2.0/rubygems/exceptions.rb
21 /home/moi/.rvm/rubies/ruby-2.2.5/lib/ruby/site_ruby/2.2.0/rubygems/core_ext/kernel_gem.rb
22 /home/moi/.rvm/rubies/ruby-2.2.5/lib/ruby/2.2.0/monitor.rb
23 /home/moi/.rvm/rubies/ruby-2.2.5/lib/ruby/site_ruby/2.2.0/rubygems/core_ext/kernel_require.rb
24 /home/moi/.rvm/rubies/ruby-2.2.5/lib/ruby/site_ruby/2.2.0/rubygems.rb
* Process memory map:
00400000-00401000 r-xp 00000000 fc:02 555460565 /home/moi/.rvm/rubies/ruby-2.2.5/bin/ruby
00600000-00601000 r--p 00000000 fc:02 555460565 /home/moi/.rvm/rubies/ruby-2.2.5/bin/ruby
00601000-00602000 rw-p 00001000 fc:02 555460565 /home/moi/.rvm/rubies/ruby-2.2.5/bin/ruby
009fe000-06e67000 rw-p 00000000 00:00 0 [heap]
7fc4027f1000-7fc4029b3000 r--s 00000000 fc:02 806357505 /lib/x86_64-linux-gnu/libc-2.19.so
7fc4029b3000-7fc4036a6000 r--s 00000000 fc:02 807891100 /home/moi/.rvm/rubies/ruby-2.2.5/lib/libruby.so.2.2.0
7fc4036a6000-7fc4036bc000 r-xp 00000000 fc:02 805308844 /lib/x86_64-linux-gnu/libgcc_s.so.1
7fc4036bc000-7fc4038bb000 ---p 00016000 fc:02 805308844 /lib/x86_64-linux-gnu/libgcc_s.so.1
7fc4038bb000-7fc4038bc000 rw-p 00015000 fc:02 805308844 /lib/x86_64-linux-gnu/libgcc_s.so.1
7fc4038bc000-7fc4038bf000 r-xp 00000000 fc:02 269819652 /home/moi/.rvm/rubies/ruby-2.2.5/lib/ruby/2.2.0/x86_64-linux/thread.so
7fc4038bf000-7fc403abf000 ---p 00003000 fc:02 269819652 /home/moi/.rvm/rubies/ruby-2.2.5/lib/ruby/2.2.0/x86_64-linux/thread.so
7fc403abf000-7fc403ac0000 r--p 00003000 fc:02 269819652 /home/moi/.rvm/rubies/ruby-2.2.5/lib/ruby/2.2.0/x86_64-linux/thread.so
7fc403ac0000-7fc403ac1000 rw-p 00004000 fc:02 269819652 /home/moi/.rvm/rubies/ruby-2.2.5/lib/ruby/2.2.0/x86_64-linux/thread.so
7fc403ac1000-7fc403ac3000 r-xp 00000000 fc:02 806167023 /home/moi/.rvm/rubies/ruby-2.2.5/lib/ruby/2.2.0/x86_64-linux/enc/trans/transdb.so
7fc403ac3000-7fc403cc3000 ---p 00002000 fc:02 806167023 /home/moi/.rvm/rubies/ruby-2.2.5/lib/ruby/2.2.0/x86_64-linux/enc/trans/transdb.so
7fc403cc3000-7fc403cc4000 r--p 00002000 fc:02 806167023 /home/moi/.rvm/rubies/ruby-2.2.5/lib/ruby/2.2.0/x86_64-linux/enc/trans/transdb.so
7fc403cc4000-7fc403cc5000 rw-p 00003000 fc:02 806167023 /home/moi/.rvm/rubies/ruby-2.2.5/lib/ruby/2.2.0/x86_64-linux/enc/trans/transdb.so
7fc403cc5000-7fc403cc7000 r-xp 00000000 fc:02 538538881 /home/moi/.rvm/rubies/ruby-2.2.5/lib/ruby/2.2.0/x86_64-linux/enc/encdb.so
7fc403cc7000-7fc403ec6000 ---p 00002000 fc:02 538538881 /home/moi/.rvm/rubies/ruby-2.2.5/lib/ruby/2.2.0/x86_64-linux/enc/encdb.so
7fc403ec6000-7fc403ec7000 r--p 00001000 fc:02 538538881 /home/moi/.rvm/rubies/ruby-2.2.5/lib/ruby/2.2.0/x86_64-linux/enc/encdb.so
7fc403ec7000-7fc403ec8000 rw-p 00002000 fc:02 538538881 /home/moi/.rvm/rubies/ruby-2.2.5/lib/ruby/2.2.0/x86_64-linux/enc/encdb.so
7fc403ec8000-7fc404196000 r--p 00000000 fc:02 537242510 /usr/lib/locale/locale-archive
7fc404196000-7fc40429b000 r-xp 00000000 fc:02 806357486 /lib/x86_64-linux-gnu/libm-2.19.so
7fc40429b000-7fc40449a000 ---p 00105000 fc:02 806357486 /lib/x86_64-linux-gnu/libm-2.19.so
7fc40449a000-7fc40449b000 r--p 00104000 fc:02 806357486 /lib/x86_64-linux-gnu/libm-2.19.so
7fc40449b000-7fc40449c000 rw-p 00105000 fc:02 806357486 /lib/x86_64-linux-gnu/libm-2.19.so
7fc40449c000-7fc4044a5000 r-xp 00000000 fc:02 806357489 /lib/x86_64-linux-gnu/libcrypt-2.19.so
7fc4044a5000-7fc4046a5000 ---p 00009000 fc:02 806357489 /lib/x86_64-linux-gnu/libcrypt-2.19.so
7fc4046a5000-7fc4046a6000 r--p 00009000 fc:02 806357489 /lib/x86_64-linux-gnu/libcrypt-2.19.so
7fc4046a6000-7fc4046a7000 rw-p 0000a000 fc:02 806357489 /lib/x86_64-linux-gnu/libcrypt-2.19.so
7fc4046a7000-7fc4046d5000 rw-p 00000000 00:00 0
7fc4046d5000-7fc4046d8000 r-xp 00000000 fc:02 806357488 /lib/x86_64-linux-gnu/libdl-2.19.so
7fc4046d8000-7fc4048d7000 ---p 00003000 fc:02 806357488 /lib/x86_64-linux-gnu/libdl-2.19.so
7fc4048d7000-7fc4048d8000 r--p 00002000 fc:02 806357488 /lib/x86_64-linux-gnu/libdl-2.19.so
7fc4048d8000-7fc4048d9000 rw-p 00003000 fc:02 806357488 /lib/x86_64-linux-gnu/libdl-2.19.so
7fc4048d9000-7fc4048f2000 r-xp 00000000 fc:02 806357495 /lib/x86_64-linux-gnu/libpthread-2.19.so
7fc4048f2000-7fc404af1000 ---p 00019000 fc:02 806357495 /lib/x86_64-linux-gnu/libpthread-2.19.so
7fc404af1000-7fc404af2000 r--p 00018000 fc:02 806357495 /lib/x86_64-linux-gnu/libpthread-2.19.so
7fc404af2000-7fc404af3000 rw-p 00019000 fc:02 806357495 /lib/x86_64-linux-gnu/libpthread-2.19.so
7fc404af3000-7fc404af7000 rw-p 00000000 00:00 0
7fc404af7000-7fc404cb1000 r-xp 00000000 fc:02 806357505 /lib/x86_64-linux-gnu/libc-2.19.so
7fc404cb1000-7fc404eb1000 ---p 001ba000 fc:02 806357505 /lib/x86_64-linux-gnu/libc-2.19.so
7fc404eb1000-7fc404eb5000 r--p 001ba000 fc:02 806357505 /lib/x86_64-linux-gnu/libc-2.19.so
7fc404eb5000-7fc404eb7000 rw-p 001be000 fc:02 806357505 /lib/x86_64-linux-gnu/libc-2.19.so
7fc404eb7000-7fc404ebc000 rw-p 00000000 00:00 0
7fc404ebc000-7fc405180000 r-xp 00000000 fc:02 807891100 /home/moi/.rvm/rubies/ruby-2.2.5/lib/libruby.so.2.2.0
7fc405180000-7fc405380000 ---p 002c4000 fc:02 807891100 /home/moi/.rvm/rubies/ruby-2.2.5/lib/libruby.so.2.2.0
7fc405380000-7fc405385000 r--p 002c4000 fc:02 807891100 /home/moi/.rvm/rubies/ruby-2.2.5/lib/libruby.so.2.2.0
7fc405385000-7fc405388000 rw-p 002c9000 fc:02 807891100 /home/moi/.rvm/rubies/ruby-2.2.5/lib/libruby.so.2.2.0
7fc405388000-7fc40539a000 rw-p 00000000 00:00 0
7fc40539a000-7fc4053bd000 r-xp 00000000 fc:02 806357496 /lib/x86_64-linux-gnu/ld-2.19.so
7fc40548d000-7fc405594000 rw-p 00000000 00:00 0
7fc405594000-7fc4055b6000 r--s 00000000 fc:02 555460565 /home/moi/.rvm/rubies/ruby-2.2.5/bin/ruby
7fc4055b6000-7fc4055b7000 ---p 00000000 00:00 0
7fc4055b7000-7fc4055bc000 rw-p 00000000 00:00 0 [stack:15986]
7fc4055bc000-7fc4055bd000 r--p 00022000 fc:02 806357496 /lib/x86_64-linux-gnu/ld-2.19.so
7fc4055bd000-7fc4055be000 rw-p 00023000 fc:02 806357496 /lib/x86_64-linux-gnu/ld-2.19.so
7fc4055be000-7fc4055bf000 rw-p 00000000 00:00 0
7ffe458a9000-7ffe460a8000 rw-p 00000000 00:00 0
7ffe46181000-7ffe46183000 r-xp 00000000 00:00 0 [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]
[NOTE]
You may have encountered a bug in the Ruby interpreter or extension libraries.
Bug reports are welcome.
For details: http://www.ruby-lang.org/bugreport.html
Abandon (core dumped)
or that
moi@meduseld:~$ /tmp/a
======== aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa (35) 17
2999 50984
======== aaaaaaaaaaaaaa (14) 4
134 537 /tmp/a:14:in `system': string contains null byte (ArgumentError)
from /tmp/a:14:in `block (2 levels) in <main>'
from /tmp/a:12:in `times'
from /tmp/a:12:in `block in <main>'
from /tmp/a:7:in `each'
from /tmp/a:7:in `<main>'
Updated by hsbt (Hiroshi SHIBATA) about 8 years ago
- Assignee deleted (
core)
Updated by wanabe (_ wanabe) over 7 years ago
The issue can be reproduced with old trunk, r45357 ... r51492.
So I think it is a GC issue of ALLOCV_N, similar to [Bug #11418].
Updated by wanabe (_ wanabe) over 7 years ago
- Related to Bug #11418: spawn segfaults added
Updated by nobu (Nobuyoshi Nakada) over 7 years ago
- Related to deleted (Bug #11418: spawn segfaults)
Updated by nobu (Nobuyoshi Nakada) over 7 years ago
- Is duplicate of Bug #11418: spawn segfaults added
Updated by nobu (Nobuyoshi Nakada) over 7 years ago
- Status changed from Open to Closed