Bug #12950
closedirb: 'input-method.rb:151: [BUG] Segmentation fault' / 'malloc(): smallbin double linked list corrupted'
Description
i'm getting stuff liek this:
/usr/lib/ruby/2.3.0/irb/input-method.rb:151: [BUG] Segmentation fault at 0x00000000000000
ruby 2.3.1p112 (2016-04-26 revision 54768) [x86_64-linux]
and this:
*** Error in `/usr/bin/ruby': malloc(): smallbin double linked list corrupted: 0x0000564c509fa040 ***
randomly on rails console. it seems readline-related.
i managed to reproduce by repeating commands until crash occurred, logs attached.
Files
Updated by AYGHOR (pu pu) almost 8 years ago
- Subject changed from readline-related segfaults to irb: 'input-method.rb:151: [BUG] Segmentation fault' / 'malloc(): smallbin double linked list corrupted'
Updated by AYGHOR (pu pu) almost 8 years ago
oh yea, my readline version: readline-6.3.008
Updated by AYGHOR (pu pu) almost 8 years ago
actually i just got:
*** Error in `/usr/bin/ruby': malloc(): smallbin double linked list corrupted: 0x0000560f0e10b090 ***
from just hitting CTRL+C a few tiems on rails console. could reproduce too, log attached.
Updated by AYGHOR (pu pu) almost 8 years ago
Copy of actually i just got:
*** Error in `irb': malloc(): smallbin double linked list corrupted: 0x0000556762bac3d0 ***
on plain irb, no rails. log attached
Updated by nobu (Nobuyoshi Nakada) almost 8 years ago
- Status changed from Open to Feedback
I can't reproduce it with recent 2.3 and libreadline6-6.3-8ubuntu8.
Could you try 2.3.2?
Updated by AYGHOR (pu pu) almost 8 years ago
ok i traced down the problem to this line on my .inputrc
set enable-keypad on
i couldnt reproduce the issue after commenting it out. tested about ten tiems commenting/uncommenting and it was consistent.
inputrc attached.
Updated by AYGHOR (pu pu) almost 8 years ago
Nobuyoshi Nakada wrote:
I can't reproduce it with recent 2.3 and libreadline6-6.3-8ubuntu8.
Could you try 2.3.2?
in a few days, yes
Updated by AYGHOR (pu pu) almost 8 years ago
dota? =op dota? =op wrote:
Nobuyoshi Nakada wrote:
I can't reproduce it with recent 2.3 and libreadline6-6.3-8ubuntu8.
Could you try 2.3.2?in a few days, yes
it does happen on 2.3.2 too:
ruby 2.3.2p217 (2016-11-15 revision 56796) [x86_64-linux]
Updated by nobu (Nobuyoshi Nakada) almost 8 years ago
dota? =op dota? =op wrote:
ok i traced down the problem to this line on my .inputrc
set enable-keypad on
I could reproduce it by the inputrc with recent 2.3 and trunk.
And libreadline7 seems same.
-- Machine register context ------------------------------------------------
RIP: 0x00007fab18d798c5 RBP: 0x000000000000001b RSP: 0x00007ffd38e95040
RAX: 0x0000000000000001 RBX: 0x000055f7ad3c96d0 RCX: 0x0000000000000000
RDX: 0x0000000000000000 RDI: 0x00000000ffffffff RSI: 0x0000000000000000
R8: 0x000055f7ad4868b0 R9: 0x0000000000000001 R10: 0x000055f7ad4848b0
R11: 0x00007fab190beb58 R12: 0x0000000000000000 R13: 0x0000000000000001
R14: 0x00000000acff2c01 R15: 0x000055f7acff2cd0 EFL: 0x0000000000010202
-- C level backtrace information -------------------------------------------
libruby.so.2.3(rb_vm_bugreport+0x4e8) [0x7fab192afa88] vm_dump.c:692
libruby.so.2.3(rb_bug_context+0xd4) [0x7fab19141034] error.c:435
libruby.so.2.3(sigsegv+0x3e) [0x7fab1921d4ce] signal.c:890
/lib/x86_64-linux-gnu/libc.so.6 [0x7fab18d32860]
/lib/x86_64-linux-gnu/libc.so.6(_IO_file_overflow@@GLIBC_2.2.5+0x45) [0x7fab18d798c5] fileops.c:864
/lib/x86_64-linux-gnu/libc.so.6(putc+0xdb) [0x7fab18d74e0b] putc.c:29
/lib/x86_64-linux-gnu/libtinfo.so.5(tputs+0x9b) [0x7fab17351bfb]
/lib/x86_64-linux-gnu/libreadline.so.6(rl_prep_terminal+0x2f5) [0x7fab1757e0f5]
/lib/x86_64-linux-gnu/libreadline.so.6(readline+0x31) [0x7fab17579501]
libruby.so.2.3(rb_protect+0xfb) [0x7fab1914a1bb] eval.c:883
readline.so(readline_readline+0x257) [0x7fab177afe07] readline.c:495
libruby.so.2.3(vm_call_cfunc+0x101) [0x7fab1929c741] vm_insnhelper.c:1642
libruby.so.2.3(vm_exec_core+0x1289) [0x7fab192a0f39] insns.def:994
libruby.so.2.3(vm_exec+0x7f) [0x7fab192a61cf] vm.c:1650
libruby.so.2.3(invoke_block_from_c_0+0x2dd) [0x7fab192a6f1d] vm.c:921
libruby.so.2.3(vm_invoke_proc+0xc3) [0x7fab192a6ff3] vm.c:996
libruby.so.2.3(vm_call_opt_call+0xa4) [0x7fab192a7c14] vm.c:1072
libruby.so.2.3(vm_exec_core+0x1289) [0x7fab192a0f39] insns.def:994
libruby.so.2.3(vm_exec+0x7f) [0x7fab192a61cf] vm.c:1650
libruby.so.2.3(loop_i+0x313) [0x7fab192abd73] vm.c:921
libruby.so.2.3(rb_rescue2+0xbe) [0x7fab19149eee] eval.c:815
libruby.so.2.3(vm_call_cfunc+0x101) [0x7fab1929c741] vm_insnhelper.c:1642
libruby.so.2.3(vm_call_method_each_type+0x5e) [0x7fab192a7cee] vm_insnhelper.c:2026
libruby.so.2.3(vm_call_method+0xe3) [0x7fab192a8243] vm_insnhelper.c:2176
libruby.so.2.3(vm_exec_core+0x11b8) [0x7fab192a0e68] insns.def:963
libruby.so.2.3(vm_exec+0x7f) [0x7fab192a61cf] vm.c:1650
libruby.so.2.3(invoke_block_from_c_0+0x2dd) [0x7fab192a6f1d] vm.c:921
libruby.so.2.3(catch_i+0x54) [0x7fab192a7374] vm.c:988
libruby.so.2.3(rb_catch_protect+0xaa) [0x7fab1929d1da] vm_eval.c:2016
libruby.so.2.3(rb_catch_obj+0xe) [0x7fab1929d2be] vm_eval.c:1995
libruby.so.2.3(rb_f_catch+0x2e) [0x7fab1929d36e] vm_eval.c:1981
libruby.so.2.3(vm_call_cfunc+0x101) [0x7fab1929c741] vm_insnhelper.c:1642
libruby.so.2.3(vm_call_method_each_type+0x5e) [0x7fab192a7cee] vm_insnhelper.c:2026
libruby.so.2.3(vm_call_method+0xe3) [0x7fab192a8243] vm_insnhelper.c:2176
libruby.so.2.3(vm_exec_core+0x11b8) [0x7fab192a0e68] insns.def:963
libruby.so.2.3(vm_exec+0x7f) [0x7fab192a61cf] vm.c:1650
libruby.so.2.3(invoke_block_from_c_0+0x2dd) [0x7fab192a6f1d] vm.c:921
libruby.so.2.3(catch_i+0x54) [0x7fab192a7374] vm.c:988
libruby.so.2.3(rb_catch_protect+0xaa) [0x7fab1929d1da] vm_eval.c:2016
libruby.so.2.3(rb_catch_obj+0xe) [0x7fab1929d2be] vm_eval.c:1995
libruby.so.2.3(rb_f_catch+0x2e) [0x7fab1929d36e] vm_eval.c:1981
libruby.so.2.3(vm_call_cfunc+0x101) [0x7fab1929c741] vm_insnhelper.c:1642
libruby.so.2.3(vm_call_method_each_type+0x5e) [0x7fab192a7cee] vm_insnhelper.c:2026
libruby.so.2.3(vm_call_method+0xe3) [0x7fab192a8243] vm_insnhelper.c:2176
libruby.so.2.3(vm_exec_core+0x11b8) [0x7fab192a0e68] insns.def:963
libruby.so.2.3(vm_exec+0x7f) [0x7fab192a61cf] vm.c:1650
libruby.so.2.3(ruby_exec_internal+0xbd) [0x7fab191472dd] eval.c:245
libruby.so.2.3(ruby_exec_node+0x1d) [0x7fab1914943d] eval.c:310
libruby.so.2.3(ruby_run_node+0x1e) [0x7fab1914bd5e] eval.c:302
ruby(main+0x4b) [0x55f7abf048eb] main.c:36
Updated by wanabe (_ wanabe) almost 8 years ago
after r42402, Readline.input in IRB::ReadlineInputMethod#gets causes "Too many open files - dup (Errno::EMFILE)".
after r43439, the method causes SEGV.
Everything goes well without set enable-keypad on
with any commits.
Updated by wanabe (_ wanabe) almost 8 years ago
- Related to Bug #8644: valgrind error in a readline test added
Updated by wanabe (_ wanabe) almost 8 years ago
- Related to Bug #8749: Readline.readline stops STDOUT? added
Updated by wanabe (_ wanabe) almost 8 years ago
- Related to Bug #9040: Readline duplicate file descriptors but doesn't close them added
Updated by wanabe (_ wanabe) almost 8 years ago
_ wanabe wrote:
after r42402, Readline.input in IRB::ReadlineInputMethod#gets causes "Too many open files - dup (Errno::EMFILE)".
Sorry, it is not reproduced on real console. I have confirmed it on PTY.spawn only.
Ctrl-c doesn't affect irb until r42528, at least on the terminal of my environment.
Updated by wanabe (_ wanabe) almost 8 years ago
Umm, I guess the issue may be readine's and this can be reproduced without ruby.
#include <stdio.h>
#include <readline/readline.h>
int main() {
FILE *fp;
rl_outstream = NULL;
while(1) {
fp = fdopen(dup(fileno(stdout)), "w");
if (rl_outstream) fclose(rl_outstream);
rl_outstream = fp;
readline(">");
}
return 0;
}
Above code causes SEGV when you press return.
It looks like the same as this issue and seems to be related the difference of rl_outstream and _rl_out_stream.
I read readline-6.3 and imagine the flow: (http://git.savannah.gnu.org/cgit/readline.git/commit/?id=a73b98f779b388a5d0624e02e8bb187246e3e396)
readline() calls rl_prep_terminal() before readline_internal().
rl_prep_terminal() calls _rl_control_keypad()
-> tputs() -> _rl_output_character_function(c)
-> putc (c, _rl_out_stream);
.
readline_internal() sets _rl_out_stream = rl_outstream;
in readline_internal_setup().
So, readline() outputs string keypad-start code to old _rl_out_stream.
Updated by jeremyevans0 (Jeremy Evans) over 5 years ago
- Status changed from Feedback to Third Party's Issue