Bug #548

segmentetion fault by socket connection

Added by Narihiro Nakamura almost 7 years ago. Updated about 4 years ago.

Status:Closed
Priority:Normal
Assignee:-
ruby -v: Backport:

Description

=begin
以下のコードでSEGVが発生するようです。

require 'socket'
GC.stress = true
@server = TCPServer.new("localhost", 12345)
pid = fork{ loop{ @server.accept } }
100.times{ s = TCPSocket.new("localhost", 12345); s.puts("foo\n") }
Process.kill "KILL", pid

== 実行
nari@nari-laptop ~/s/r/ruby-trunk> ./ruby -v s.rb
ruby 1.9.0 (2008-09-07 revision 18718) [i686-linux]
s.rb:3: [BUG] Segmentation fault
ruby 1.9.0 (2008-09-07 revision 18718) [i686-linux]

-- control frame ----------
c:0003 p:0051 s:0007 b:0007 l:000006 d:000006 TOP s.rb:3
c:0002 p:---- s:0004 b:0004 l:000003 d:000003 FINISH :private_class_method
c:0001 p:0000 s:0002 b:0002 l:000001 d:000001 TOP :17


s.rb:3: [BUG] object allocation during garbage collection phase
ruby 1.9.0 (2008-09-07 revision 18718) [i686-linux]

-- control frame ----------
c:0003 p:0051 s:0007 b:0007 l:000006 d:000006 TOP s.rb:3
c:0002 p:---- s:0004 b:0004 l:000003 d:000003 FINISH :private_class_method
c:0001 p:0000 s:0002 b:0002 l:000001 d:000001 TOP :17


DBG> : "s.rb:3:in `'"
-- backtrace of native function call (Use addr2line) --
0x810f0c4
0x813668c
0x81366fb
0x8064abc
0x811890c
0x811897e
0x8118b02
0x810151a
0x810f099
0x813668c
0x81366fb
0x80d0711
0xb7fd0440
0x8063b38
0x8063e29
0x8063ed4
0x80640e6
0x8064bae
0x80d62e8
0x80d63b9
0x80d6412
0x80f8c55
0x8102a82
0x810935a
0x8109581
0x805cbdf
0x805e422
0x805b6b0
0xb7e05450
0x805b5e1


fish: Job 1, './ruby -v s.rb' terminated by signal SIGABRT (Abort)

== v1.9.0-3だと大丈夫のようです
nari@nari-laptop ~/s/r/v1_9_0_3> ./ruby -v s.rb
ruby 1.9.0 (2008-07-25 revision 18218) [i686-linux]

== 補足としてバックトレスなど
(gdb) r s.rb
The program being debugged has been started already.
Start it from the beginning? (y or n) y
Starting program: /home/nari/source/ruby/ruby-trunk/ruby s.rb
[Thread debugging using libthread_db enabled]
[New Thread 0xb7d626b0 (LWP 23385)]
[New Thread 0xb7b5fb90 (LWP 23398)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb7d626b0 (LWP 23385)]
gc_mark (objspace=0x818b500, ptr=11648, lev=1) at gc.c:1272
1272 if (obj->as.basic.flags == 0) return; /* free cell */
(gdb) s.rb:4: [BUG] Segmentation fault
ruby 1.9.0 (2008-09-07 revision 18718) [i686-linux]

-- control frame ----------
c:0010 p:---- s:0020 b:0020 l:000019 d:000019 CFUNC :accept
c:0009 p:0010 s:0017 b:0017 l:000006 d:000016 BLOCK s.rb:4
c:0008 p:---- s:0017 b:0017 l:000016 d:000016 FINISH :remove_const
c:0007 p:---- s:0015 b:0015 l:000014 d:000014 CFUNC :loop
c:0006 p:0009 s:0012 b:0012 l:000006 d:000011 BLOCK s.rb:4
c:0005 p:---- s:0012 b:0012 l:000011 d:000011 FINISH :initialize
c:0004 p:---- s:0010 b:0010 l:000009 d:000009 CFUNC :fork
c:0003 p:0060 s:0007 b:0007 l:000006 d:000006 TOP s.rb:4
c:0002 p:---- s:0004 b:0004 l:000003 d:000003 FINISH :private_class_method
c:0001 p:0000 s:0002 b:0002 l:000001 d:000001 TOP :17


s.rb:4: [BUG] object allocation during garbage collection phase
ruby 1.9.0 (2008-09-07 revision 18718) [i686-linux]

-- control frame ----------
c:0010 p:---- s:0020 b:0020 l:000019 d:000019 CFUNC :accept
c:0009 p:0010 s:0017 b:0017 l:000006 d:000016 BLOCK s.rb:4
c:0008 p:---- s:0017 b:0017 l:000016 d:000016 FINISH :remove_const
c:0007 p:---- s:0015 b:0015 l:000014 d:000014 CFUNC :loop
c:0006 p:0009 s:0012 b:0012 l:000006 d:000011 BLOCK s.rb:4
c:0005 p:---- s:0012 b:0012 l:000011 d:000011 FINISH :initialize
c:0004 p:---- s:0010 b:0010 l:000009 d:000009 CFUNC :fork
c:0003 p:0060 s:0007 b:0007 l:000006 d:000006 TOP s.rb:4
c:0002 p:---- s:0004 b:0004 l:000003 d:000003 FINISH :private_class_method
c:0001 p:0000 s:0002 b:0002 l:000001 d:000001 TOP :17


DBG> : "s.rb:4:in accept'"
DBG> : "s.rb:4:in
block (2 levels) in '"
DBG> : "s.rb:4:in loop'"
DBG> : "s.rb:4:in
block in '"
DBG> : "s.rb:4:in fork'"
DBG> : "s.rb:4:in
'"
-- backtrace of native function call (Use addr2line) --
0x810f0c4
0x813668c
0x81366fb
0x8064abc
0x811890c
0x811897e
0x8118b02
0x810151a
0x810f099
0x813668c
0x81366fb
0x80d0711
0xb7f45440
0x8063b38
0x8063e29
0x8063ed4
0x80640e6
0x8064bae
0x811040c
0x8113276
0xb7f3c268
0xb7f3c62f
0x810240a
0x810425b
0x810935a
0x8109917
0x810a068
0x805c8c2
0x8100e7b
0x810240a
0x810425b
0x810935a
0x8109917
0x8109d3b
0x805c701
0x80a486e
0x810240a
0x810425b
0x810935a
0x8109581
0x805cbdf
0x805e422
0x805b6b0
0xb7d7a450
0x805b5e1


(gdb) bt
#0 gc_mark (objspace=0x818b500, ptr=11648, lev=1) at gc.c:1272
#1 0x08063b38 in gc_mark_children (objspace=0x818b500, ptr=136457180, lev=1) at gc.c:1514
#2 0x080ff01f in rb_thread_mark (ptr=0x819f758) at vm.c:1536
#3 0x0806386a in gc_mark_children (objspace=0x818b500, ptr=135982200, lev=1) at gc.c:1496
#4 0x080fef11 in vm_mark_each_thread_func (key=135982200, value=0, dummy=0) at vm.c:1373
#5 0x080d5dd5 in st_foreach (table=0x8209b50, func=0x80fef00 , arg=0) at st.c:623
#6 0x080ff322 in rb_vm_mark (ptr=0x819f4d8) at vm.c:1396
#7 0x0806386a in gc_mark_children (objspace=0x818b500, ptr=135982220, lev=1) at gc.c:1496
#8 0x080640cd in garbage_collect (objspace=0x818b500) at gc.c:1969
#9 0x08064bae in vm_xmalloc (objspace=0x818b500, size=11648) at gc.c:553
#10 0x0811040c in rb_fd_init (fds=0xbfd72794) at thread.c:1919
#11 0x08113276 in rb_thread_wait_fd_rw (fd=7, read=0) at thread.c:2158
#12 0x081132f0 in rb_thread_fd_writable (fd=7) at thread.c:2187
#13 0x0806b504 in io_fwrite (str=136473560, fptr=0x8250730) at io.c:795
#14 0x08070746 in io_write (io=, str=136473560) at io.c:882
#15 0x0810af98 in vm_call0 (th=0x819f758, klass=136039760, recv=136457180, id=5552, oid=0, argc=1, argv=0xbfd728a0, body=0x81bc184, nosuper=0) at vm_eval.c:75
#16 0x08101804 in rb_funcall (recv=, mid=5552, n=1) at vm_eval.c:260
#17 0x0806ac29 in rb_io_write (io=136457180, str=136473560) at io.c:891
#18 0x0806cd0b in rb_io_puts (argc=1, argv=0xb7b60040, out=136457180) at io.c:5333
#19 0x080ffce4 in call_cfunc (func=0x806cca0 , recv=136457180, len=1, argc=11648, argv=0xb7b60040) at vm_insnhelper.c:288
#20 0x0810240a in vm_call_method (th=0x819f758, cfp=0xb7bdfeb8, num=1, blockptr=0x1, flag=0, id=5720, mn=0x81bc7c4, recv=136457180, klass=136420740) at vm_insnhelper.c:378
#21 0x0810425b in vm_eval (th=0x819f758, initial=) at insns.def:999
#22 0x0810935a in vm_eval_body (th=0x819f758) at vm.c:1062
#23 0x08109917 in invoke_block_from_c (th=0x819f758, block=0xb7bdff74, self=136106680, argc=1, argv=0xbfd72fd0, blockptr=0x0, cref=0x0) at vm.c:474
#24 0x08109cf7 in rb_yield (val=1) at vm.c:504
#25 0x0807c291 in int_dotimes (num=201) at numeric.c:3004
#26 0x0810240a in vm_call_method (th=0x819f758, cfp=0xb7bdff60, num=0, blockptr=0xb7bdff75, flag=0, id=3224, mn=0x81c6e40, recv=201, klass=136080260)
at vm_insnhelper.c:378
#27 0x0810425b in vm_eval (th=0x819f758, initial=) at insns.def:999
#28 0x0810935a in vm_eval_body (th=0x819f758) at vm.c:1062
#29 0x08109581 in rb_iseq_eval (iseqval=135931500) at vm.c:1267
#30 0x0805cbdf in ruby_exec_node (n=0x81a266c, file=0x0) at eval.c:216
#31 0x0805e422 in ruby_run_node (n=0x81a266c) at eval.c:244
#32 0x0805b6b0 in main (argc=2, argv=0xbfd73774) at main.c:34
(gdb)
=end

History

#1 Updated by Yukihiro Matsumoto almost 7 years ago

=begin
うちでは再現しませんね。同じi686-linuxなのに。
-vの出力revision 18218はかなり古いですが、これは単にmake upしていないだけでしょうか。trunk最新ですか?
また、実行はmake installした状態で行っていますか?
=end

#2 Updated by Narihiro Nakamura almost 7 years ago

  • Status changed from Open to Closed

=begin
中村です。

すみません。単に make install し忘れていました。。。
私の環境でも make install すると再現しなくなりました。
お騒がせしました。以後気をつけます。。。
=end

Also available in: Atom PDF