Bug #3555

segvs since r28570

Added by Aaron Patterson almost 5 years ago. Updated about 4 years ago.

[ruby-core:31169]
Status:Closed
Priority:Normal
Assignee:Narihiro Nakamura
ruby -v:ruby 1.9.3dev (2010-07-09 trunk 28592) [x86_64-darwin10.3.1] Backport:

Description

=begin
I'm seeing segv's when running the rails tests since r28570. r28569 does not segv.

I've attached the trace left from Ruby as well as a gdb backtrace. I will attempt to reduce the problem in the mean time.

r28570 seems to be a pure ruby change, so ruby should not segv. I hope we can fix the root cause rather than revert r28570.
=end

rubybt.txt Magnifier (1.65 KB) Aaron Patterson, 07/10/2010 07:12 AM

gdbbt.txt Magnifier (8.78 KB) Aaron Patterson, 07/10/2010 07:12 AM

History

#1 Updated by Aaron Patterson almost 5 years ago

=begin
On Sat, Jul 10, 2010 at 07:12:22AM +0900, Aaron Patterson wrote:

Bug #3555: segvs since r28570
http://redmine.ruby-lang.org/issues/show/3555

Author: Aaron Patterson
Status: Open, Priority: Normal
ruby -v: ruby 1.9.3dev (2010-07-09 trunk 28592) [x86_64-darwin10.3.1]

I'm seeing segv's when running the rails tests since r28570. r28569 does not segv.

I've attached the trace left from Ruby as well as a gdb backtrace. I will attempt to reduce the problem in the mean time.

r28570 seems to be a pure ruby change, so ruby should not segv. I hope we can fix the root cause rather than revert r28570.

I forgot:

Steps to reproduce:

$ git clone http://github.com/rails/rails.git
$ cd rails
$ gem install bundler --pre
$ bundle install
$ cd activerecord
$ rake test_sqlite3

or

$ ruby -w -I"lib:test:test/connections/native_sqlite3" \
"test/cases/adapter_test.rb"

--
Aaron Patterson
http://tenderlovemaking.com/

Attachment: (unnamed)
=end

#2 Updated by Yusuke Endoh almost 5 years ago

=begin
Hi,

2010/7/10 Aaron Patterson aaron@tenderlovemaking.com:

On Sat, Jul 10, 2010 at 07:12:22AM +0900, Aaron Patterson wrote:

Bug #3555: segvs since r28570
http://redmine.ruby-lang.org/issues/show/3555

Author: Aaron Patterson
Status: Open, Priority: Normal
ruby -v: ruby 1.9.3dev (2010-07-09 trunk 28592) [x86_64-darwin10.3.1]

I'm seeing segv's when running the rails tests since r28570. ?r28569 does not segv.

I've attached the trace left from Ruby as well as a gdb backtrace. ?I will attempt to reduce the problem in the mean time.

r28570 seems to be a pure ruby change, so ruby should not segv. ?I hope we can fix the root cause rather than revert r28570.

I forgot:

Steps to reproduce:

$ git clone http://github.com/rails/rails.git
$ cd rails
$ gem install bundler --pre
$ bundle install
$ cd activerecord
$ rake test_sqlite3

Unfortunately, works for me with r28620 [i686-linux].

http://www.atdot.net/sp/view/oh7g5l

--
Yusuke Endoh mame@tsg.ne.jp
=end

#3 Updated by Aaron Patterson almost 5 years ago

=begin
On Mon, Jul 12, 2010 at 11:29:32PM +0900, Yusuke Endoh wrote:

Issue #3555 has been updated by Yusuke Endoh.

Hi,

2010/7/10 Aaron Patterson aaron@tenderlovemaking.com:

On Sat, Jul 10, 2010 at 07:12:22AM +0900, Aaron Patterson wrote:

Bug #3555: segvs since r28570
http://redmine.ruby-lang.org/issues/show/3555

Author: Aaron Patterson
Status: Open, Priority: Normal
ruby -v: ruby 1.9.3dev (2010-07-09 trunk 28592) [x86_64-darwin10.3.1]

I'm seeing segv's when running the rails tests since r28570. ?r28569 does not segv.

I've attached the trace left from Ruby as well as a gdb backtrace. ?I will attempt to reduce the problem in the mean time.

r28570 seems to be a pure ruby change, so ruby should not segv. ?I hope we can fix the root cause rather than revert r28570.

I forgot:

Steps to reproduce:

$ git clone http://github.com/rails/rails.git
$ cd rails
$ gem install bundler --pre
$ bundle install
$ cd activerecord
$ rake test_sqlite3

Unfortunately, works for me with r28620 [i686-linux].

http://www.atdot.net/sp/view/oh7g5l

I've been able to reduce the problem to this:

ruby -e'GC.stress = true; $-w = true; require "rubygems"; require "yaml"'

http://atdot.net/sp/view/w6gg5l

I will continue to reduce further.

--
Aaron Patterson
http://tenderlovemaking.com/

Attachment: (unnamed)
=end

#4 Updated by Run Paint Run Run almost 5 years ago

=begin
Just to confirm:

run@paint:~ → ruby -e'GC.stress = true; $-w = true; require "rubygems"; require "yaml"'
/usr/local/lib/ruby/1.9.1/rubygems.rb:1062: warning: method redefined; discarding old gem
internal:gem_prelude:15: warning: previous definition of gem was here
/usr/local/lib/ruby/1.9.1/rubygems/source_index.rb:360: warning: assigned but unused variable - name
/usr/local/lib/ruby/1.9.1/rubygems/specification.rb:674: warning: assigned but unused variable - default_value
/usr/local/lib/ruby/1.9.1/rubygems/specification.rb:706: warning: assigned but unused variable - yaml
/usr/local/lib/ruby/1.9.1/rubygems/custom_require.rb:7: warning: loading in progress, circular require considered harmful - /usr/local/lib/ruby/1.9.1/rubygems.rb
from -e:1:in <main>'
from -e:1:in
require'
from /usr/local/lib/ruby/1.9.1/rubygems.rb:1119:in <top (required)>'
from /usr/local/lib/ruby/1.9.1/rubygems.rb:1119:in
require'
from /usr/local/lib/ruby/1.9.1/rubygems/custom_require.rb:7:in <top (required)>'
from /usr/local/lib/ruby/1.9.1/rubygems/custom_require.rb:7:in
require'
*** glibc detected *** ruby: malloc(): smallbin double linked list corrupted: 0x09165618 ***
======= Backtrace: =========
/lib/tls/i686/cmov/libc.so.6(+0x6b591)[0x3c3591]
/lib/tls/i686/cmov/libc.so.6(+0x6e710)[0x3c6710]
/lib/tls/i686/cmov/libc.so.6(libc_malloc+0x5c)[0x3c7f9c]
ruby[0x8197b4e]
ruby[0x8198352]
ruby[0x81982ff]
ruby[0x8198675]
ruby[0x814e745]
ruby[0x8159c11]
ruby[0x815b347]
ruby[0x815f996]
ruby(rb_yield+0x50)[0x8160d90]
ruby[0x817920a]
ruby[0x8159c11]
ruby[0x815bfb8]
ruby[0x815f996]
ruby(rb_iseq_eval+0x126)[0x815fec6]
ruby[0x81a455f]
ruby(rb_require_safe+0x54a)[0x81a5bda]
ruby[0x8159c11]
ruby[0x815bfb8]
ruby[0x815f996]
ruby(rb_iseq_eval_main+0x1c7)[0x815fd67]
ruby[0x805e5e2]
ruby(ruby_run_node+0x32)[0x805fe02]
ruby(main+0x5a)[0x805d81a]
/lib/tls/i686/cmov/libc.so.6(
libc_start_main+0xe6)[0x36ebd6]
ruby[0x805d721]
======= Memory map: ========
00270000-00279000 r-xp 00000000 08:01 276341 /lib/tls/i686/cmov/libcrypt-2.11.1.so
00279000-0027a000 r--p 00008000 08:01 276341 /lib/tls/i686/cmov/libcrypt-2.11.1.so
0027a000-0027b000 rw-p 00009000 08:01 276341 /lib/tls/i686/cmov/libcrypt-2.11.1.so
0027b000-002a2000 rw-p 00000000 00:00 0
00358000-004ab000 r-xp 00000000 08:01 266196 /lib/tls/i686/cmov/libc-2.11.1.so
004ab000-004ac000 ---p 00153000 08:01 266196 /lib/tls/i686/cmov/libc-2.11.1.so
004ac000-004ae000 r--p 00153000 08:01 266196 /lib/tls/i686/cmov/libc-2.11.1.so
004ae000-004af000 rw-p 00155000 08:01 266196 /lib/tls/i686/cmov/libc-2.11.1.so
004af000-004b2000 rw-p 00000000 00:00 0
0055c000-00579000 r-xp 00000000 08:01 678 /lib/libgcc_s.so.1
00579000-0057a000 r--p 0001c000 08:01 678 /lib/libgcc_s.so.1
0057a000-0057b000 rw-p 0001d000 08:01 678 /lib/libgcc_s.so.1
00711000-0072c000 r-xp 00000000 08:01 44106 /lib/ld-2.11.1.so
0072c000-0072d000 r--p 0001a000 08:01 44106 /lib/ld-2.11.1.so
0072d000-0072e000 rw-p 0001b000 08:01 44106 /lib/ld-2.11.1.so
00870000-00872000 r-xp 00000000 08:01 276342 /lib/tls/i686/cmov/libdl-2.11.1.so
00872000-00873000 r--p 00001000 08:01 276342 /lib/tls/i686/cmov/libdl-2.11.1.so
00873000-00874000 rw-p 00002000 08:01 276342 /lib/tls/i686/cmov/libdl-2.11.1.so
008f6000-008f8000 r-xp 00000000 08:01 289176 /usr/local/lib/ruby/1.9.1/i686-linux/enc/trans/transdb.so
008f8000-008f9000 r--p 00001000 08:01 289176 /usr/local/lib/ruby/1.9.1/i686-linux/enc/trans/transdb.so
008f9000-008fa000 rw-p 00002000 08:01 289176 /usr/local/lib/ruby/1.9.1/i686-linux/enc/trans/transdb.so
00919000-0092e000 r-xp 00000000 08:01 312380 /lib/tls/i686/cmov/libpthread-2.11.1.so
0092e000-0092f000 r--p 00014000 08:01 312380 /lib/tls/i686/cmov/libpthread-2.11.1.so
0092f000-00930000 rw-p 00015000 08:01 312380 /lib/tls/i686/cmov/libpthread-2.11.1.so
00930000-00932000 rw-p 00000000 00:00 0
009a5000-009a7000 r-xp 00000000 08:01 280285 /usr/local/lib/ruby/1.9.1/i686-linux/etc.so
009a7000-009a8000 r--p 00001000 08:01 280285 /usr/local/lib/ruby/1.9.1/i686-linux/etc.so
009a8000-009a9000 rw-p 00002000 08:01 280285 /usr/local/lib/ruby/1.9.1/i686-linux/etc.so
00ac3000-00ac4000 r-xp 00000000 00:00 0 [vdso]
00d8e000-00d90000 r-xp 00000000 08:01 270954 /usr/local/lib/ruby/1.9.1/i686-linux/enc/encdb.so
00d90000-00d91000 r--p 00001000 08:01 270954 /usr/local/lib/ruby/1.9.1/i686-linux/enc/encdb.so
00d91000-00d92000 rw-p 00002000 08:01 270954 /usr/local/lib/ruby/1.9.1/i686-linux/enc/encdb.so
00f30000-00f54000 r-xp 00000000 08:01 276343 /lib/tls/i686/cmov/libm-2.11.1.so
00f54000-00f55000 r--p 00023000 08:01 276343 /lib/tls/i686/cmov/libm-2.11.1.so
00f55000-00f56000 rw-p 00024000 08:01 276343 /lib/tls/i686/cmov/libm-2.11.1.so
00f82000-00f89000 r-xp 00000000 08:01 312382 /lib/tls/i686/cmov/librt-2.11.1.so
00f89000-00f8a000 r--p 00006000 08:01 312382 /lib/tls/i686/cmov/librt-2.11.1.so
00f8a000-00f8b000 rw-p 00007000 08:01 312382 /lib/tls/i686/cmov/librt-2.11.1.so
08048000-08214000 r-xp 00000000 08:01 264007 /usr/local/bin/ruby
08214000-08215000 r--p 001cb000 08:01 264007 /usr/local/bin/ruby
08215000-08216000 rw-p 001cc000 08:01 264007 /usr/local/bin/ruby
08216000-08223000 rw-p 00000000 00:00 0
090e3000-092d0000 rw-p 00000000 00:00 0 [heap]
b7700000-b7721000 rw-p 00000000 00:00 0
b7721000-b7800000 ---p 00000000 00:00 0
b781c000-b789d000 rw-p 00000000 00:00 0
b789d000-b78dc000 r--p 00000000 08:01 613559 /usr/lib/locale/en_GB.utf8/LC_CTYPE
b78dc000-b78df000 rw-p 00000000 00:00 0
b78eb000-b78ec000 ---p 00000000 00:00 0
b78ec000-b78ef000 rw-p 00000000 00:00 0
b78ef000-b78f6000 r--s 00000000 08:01 427947 /usr/lib/gconv/gconv-modules.cache
b78f6000-b78f8000 rw-p 00000000 00:00 0
bfbe6000-bfbfb000 rw-p 00000000 00:00 0 [stack]
Aborted
run@paint:~ → ruby -v
ruby 1.9.3dev (2010-07-12 trunk 28620) [i686-linux]
=end

#5 Updated by Nobuyoshi Nakada almost 5 years ago

=begin
Hi,

At Tue, 13 Jul 2010 04:11:32 +0900,
Run Paint Run Run wrote in :

run@paint:~ → ruby -e'GC.stress = true; $-w = true; require "rubygems"; require "yaml"'

I could reproduce it on trunk, but not on 1.9.2 with or without
backporting r28570. So I suspect it is related to lazy-sweep
now.

Also,

At Thu, 8 Jul 2010 02:57:59 +0900,
Roger Pack wrote in :

C:/installs/ruby_trunk_installed/lib/ruby/gems/1.9.1/specifications/rdoc-data-2.5.1.gemspec:18:
[BUG] gc_sweep(): unknown data type 0x0(0x230bd19)

This might be caused by the same bug. 0x230bd19 is a Fixnum in
normal, so it can't be This seems heap_slot is broken/discarded.

--
Nobu Nakada

=end

#6 Updated by Narihiro Nakamura almost 5 years ago

=begin
Hi,

2010年7月13日7:14 Nobuyoshi Nakada nobu@ruby-lang.org:

Hi,

At Tue, 13 Jul 2010 04:11:32 +0900,
Run Paint Run Run wrote in :

run@paint:~ → ruby -e'GC.stress = true; $-w = true; require "rubygems"; require "yaml"'

I could reproduce it on trunk, but not on 1.9.2 with or without
backporting r28570. So I suspect it is related to lazy-sweep
now.

I'll check the lazy-sweep on trunk.

Also,

At Thu, 8 Jul 2010 02:57:59 +0900,
Roger Pack wrote in :

C:/installs/ruby_trunk_installed/lib/ruby/gems/1.9.1/specifications/rdoc-data-2.5.1.gemspec:18:
[BUG] gc_sweep(): unknown data type 0x0(0x230bd19)

This might be caused by the same bug. 0x230bd19 is a Fixnum in
normal, so it can't be This seems heap_slot is broken/discarded.

Nobu Nakada

--
Narihiro Nakamura (nari)

=end

#7 Updated by Yusuke Endoh almost 5 years ago

  • Status changed from Open to Assigned
  • Assignee set to Narihiro Nakamura
  • Target version set to 2.0.0

=begin
I agree with Nobu. I set the target to 1.9.x.
If anyone succeeds to reproduce this with 1.9.2, please notify us.

--
Yusuke Endoh mame@tsg.ne.jp
=end

#8 Updated by Narihiro Nakamura almost 5 years ago

=begin
I found memory error on trunk:

$ cat /tmp/t.rb
require "/tmp/f.rb"

module Kernel
def require
end
GC.start
GC.stress = true
10.times{ "a".dup }
end

$ cat /tmp/f.rb
require "/tmp/t"

$ valgrind ./ruby /tmp/f.rb

==11321== Memcheck, a memory error detector
==11321== Copyright (C) 2002-2009, and GNU GPL'd, by Julian Seward et al.
==11321== Using Valgrind-3.6.0.SVN-Debian and LibVEX; rerun with -h for copyright info
==11321== Command: ./ruby /tmp/f.rb
==11321==
==11321== Invalid write of size 1
==11321== at 0x814AF5D: rb_thread_mark (vm.c:1651)
==11321== by 0x8065905: gc_mark_children (gc.c:1752)
==11321== by 0x80654A2: gc_mark (gc.c:1546)
==11321== by 0x80654DC: rb_gc_mark (gc.c:1552)
==11321== by 0x814AB63: vm_mark_each_thread_func (vm.c:1475)
==11321== by 0x80F0D2D: st_foreach (st.c:747)
==11321== by 0x814ABD0: rb_vm_mark (vm.c:1498)
==11321== by 0x8065905: gc_mark_children (gc.c:1752)
==11321== by 0x80654A2: gc_mark (gc.c:1546)
==11321== by 0x80654DC: rb_gc_mark (gc.c:1552)
==11321== by 0x8066DB5: gc_marks (gc.c:2340)
==11321== by 0x806662D: gc_lazy_sweep (gc.c:2067)
==11321== Address 0x43928e4 is 4 bytes inside a block of size 20 free'd
==11321== at 0x4024B3A: free (vg_replace_malloc.c:366)
==11321== by 0x8064203: vm_xfree (gc.c:752)
==11321== by 0x806435A: ruby_xfree (gc.c:800)
==11321== by 0x8142E70: rb_free_method_entry (vm_method.c:185)
==11321== by 0x8142DAC: rb_sweep_method_entry (vm_method.c:151)
==11321== by 0x8066304: after_gc_sweep (gc.c:2020)
==11321== by 0x8066622: gc_lazy_sweep (gc.c:2065)
==11321== by 0x80649A6: rb_newobj_from_heap (gc.c:1044)
==11321== by 0x8064A5F: rb_newobj (gc.c:1128)
==11321== by 0x80F1EF6: str_alloc (string.c:378)
==11321== by 0x80F3CF2: rb_str_resurrect (string.c:901)
==11321== by 0x813D7C1: vm_exec_core (insns.def:379)
==11321==
==11321==
==11321== HEAP SUMMARY:
==11321== in use at exit: 384,939 bytes in 14,320 blocks
==11321== total heap usage: 16,121 allocs, 1,801 frees, 1,528,828 bytes allocated
==11321==
==11321== LEAK SUMMARY:
==11321== definitely lost: 46,603 bytes in 1,639 blocks
==11321== indirectly lost: 198,711 bytes in 7,706 blocks
==11321== possibly lost: 164 bytes in 7 blocks
==11321== still reachable: 139,461 bytes in 4,968 blocks
==11321== suppressed: 0 bytes in 0 blocks
==11321== Rerun with --leak-check=full to see details of leaked memory
==11321==
==11321== For counts of detected and suppressed errors, rerun with: -v
==11321== ERROR SUMMARY: 2 errors from 1 contexts (suppressed: 29 from 10)

I will fix it.

=end

#9 Updated by Anonymous almost 5 years ago

  • Status changed from Assigned to Closed
  • % Done changed from 0 to 100

=begin
This issue was solved with changeset r28689.
Aaron, thank you for reporting this issue.
Your contribution to Ruby is greatly appreciated.
May Ruby be with you.

=end

#10 Updated by Aaron Patterson almost 5 years ago

=begin
On Tue, Jul 20, 2010 at 01:47:09PM +0900, Narihiro Nakamura wrote:

Issue #3555 has been updated by Narihiro Nakamura.

I found memory error on trunk:

$ cat /tmp/t.rb
require "/tmp/f.rb"

module Kernel
def require
end
GC.start
GC.stress = true
10.times{ "a".dup }
end

$ cat /tmp/f.rb
require "/tmp/t"

$ valgrind ./ruby /tmp/f.rb

[snip]

I will fix it.

Thanks Nakamura!

--
Aaron Patterson
http://tenderlovemaking.com/

Attachment: (unnamed)
=end

Also available in: Atom PDF