Bug #8326

Running Redmine unter Ruby 2.0.0 produces an "Illegal instruction(coredump)" under AIX 7.1

Added by Werner Novak about 2 years ago. Updated over 1 year ago.

[ruby-core:54583]
Status:Open
Priority:Normal
Assignee:Yutaka Kanemoto
ruby -v:ruby 2.0.0p0 (2013-02-24 revision 39474) [powerpc-aix6.1.0.0] Backport:1.9.3: REQUIRED, 2.0.0: REQUIRED

Description

We compiled Ruby under AIX 7.1 and everthing work fine throughout testing, but when we install Redmine 2.3.0 an go through the normal navigation, we can reproduce the following error by only clicking multiple links consecutively in the administration.

#>dbx /opt/pware/ruby/2.0.0/bin/ruby core
Type 'help' for help.
[using memory image in core]
reading symbolic information ...

Illegal instruction (illegal opcode) in . at 0x0 ($t8)
warning: Unable to access address 0x0 from core
(dbx) where
.() at 0x0
st_lookup(table = 0xd40c0708, key = 24, value = 0x1bd78365), line 414 in "st.c"
unnamed block in rb_method_entry_get_without_cache(klass = 3557309396, id = 624245420, defined_class_ptr = 0x24098d30), line 182 in "vm_method.c"
rb_method_entry_get_without_cache(klass = 3557309396, id = 624245420, defined_class_ptr = 0x24098d30), line 182 in "vm_method.c"
vm_search_method(ci = 0x20596bd4, recv = 624186940), line 858 in "vm_insnhelper.c"
unnamed block in vm_exec_core(th = (nil), initial = 0), line 2534 in "insns.def"
vm_exec_core(th = (nil), initial = 0), line 2534 in "insns.def"
unnamed block in vm_exec(th = 0x2311cc58), line 1175 in "vm.c"
unnamed block in vm_exec(th = 0x2311cc58), line 1175 in "vm.c"
unnamed block in vm_exec(th = 0x2311cc58), line 1175 in "vm.c"
vm_exec(th = 0x2311cc58), line 1175 in "vm.c"
vm_invoke_proc(th = 0x2311cc58, proc = 0x22e59108, self = 594118620, defined_class = 550801940, argc = 0, argv = 0x21d85144, blockptr = (nil)), line 648 in "vm.c"
thread_start_func_2(th = 0x2311cc58, stack_start = (nil)), line 503 in "thread.c"
unnamed block in thread_start_func_1(th_ptr = (nil)), line 724 in "thread_pthread.c"
thread_start_func_1(th_ptr = (nil)), line 724 in "thread_pthread.c"
(dbx)

I can deliver the coredump also, but it has 92mb (zipped 22mb) !!

Additional Infos:
Environment:
Redmine version 2.3.0.stable
Ruby version 2.0.0 (powerpc-aix6.1.0.0)
Rails version 3.2.13
Environment production
Database adapter SQLite
Redmine plugins:
redmine_ldap_sync 2.0.0.devel

OS Infos:
#> oslevel -s
7100-02-02-1316
#> rpm -qa
libiconv-1.14-321
libconfuse-2.7-321
expat-2.1.0-321
unzip-5.51-1
lsof-4.61-3
zlib-1.2.7-321
nrpe-2.14-321
texinfo-4.13a-321
readline-6.2-321
bzip2-1.0.6-321
gettext-0.10.40-8
gmond-3.4.0-321
gdbm-1.10-321
gmp-5.0.5-321
file-5.14-321
sqlite-3.7.15.2-321
libffi-3.0.11-321
pkg-config-0.25-321
pcre-8.31-321
libtool-2.4.2-321
AIX-rpm-7.1.2.15-6
apr-1.4.6-321
nagios-plugins-1.4.16-321
openssl-1.0.1e-321
libidn-1.26-321
perl-5.16.3-321
neon-0.29.6-321
db-5.3.21-321
openldap-2.4.33-321
apr-util-1.5.1-321
httpd-2.4.4-321
coreutils-8.5-321
tcl-8.5.13-321
tk-8.5.13-321
Python-2.7.3-321
subversion-1.7.9-321
libxml2-2.9.0-321
xz-5.0.4-321
libxslt-1.1.28-321
libgcrypt-1.5.0-321
libgpg-error-1.10-321
samba-3.6.12-321
ruby-2.0.0-321
libssh2-1.4.3-321
curl-7.29.0-321

All modules wher compiled with:
IBM XL C/C++ for AIX, V10.1
Version: 10.01.0000.0017

sbr_mark_locations_array.png (6.49 KB) Kaustubh D, 11/11/2013 05:00 PM


Related issues

Related to Backport200 - Backport #8325: Running Redmine unter Ruby 2.0.0 produces an "Illegal instruction(coredump)" under AIX 7.1 Rejected 04/25/2013

History

#1 Updated by Werner Novak about 2 years ago

Same problem occures without redmine plugins and with older ruby version 1.9.3 p392

#2 Updated by Werner Novak about 2 years ago

Also tried it with Redmine 2.2.4 under ruby 1.9.3 p392, with the same results, see dump below:

#> dbx /opt/pware/ruby/1.9.3/bin/ruby core
Type 'help' for help.
[using memory image in core]
reading symbolic information ...

Illegal instruction (illegal opcode) in . at 0x0 ($t14)
warning: Unable to access address 0x0 from core
(dbx) where
.() at 0x0
st_lookup(table = 0xd4aad6c8, key = 17, value = (nil)), line 341 in "st.c"
search_method@AF293_120(??, ??), line 374 in "vm_method.c"
rb_method_entry_get_without_cache(klass = 581288160, id = 581288180), line 393 in "vm_method.c"
unnamed block in vm_exec_core(th = (nil), initial = 0), line 2080 in "vm_insnhelper.c"
unnamed block in vm_exec_core(th = (nil), initial = 0), line 2080 in "vm_insnhelper.c"
vm_exec_core(th = (nil), initial = 0), line 2080 in "vm_insnhelper.c"
unnamed block in vm_exec(th = 0x225565f8), line 1236 in "vm.c"
unnamed block in vm_exec(th = 0x225565f8), line 1236 in "vm.c"
vm_exec(th = 0x225565f8), line 1236 in "vm.c"
rb_vm_invoke_proc(th = 0x225565f8, proc = 0x22dfb8f8, self = 554994300, argc = 1, argv = 0x22af8d10, blockptr = (nil)), line 640 in "vm.c"
proc_call(argc = 576022008, argv = 0x213df958, procval = 554994300), line 561 in "proc.c"
vm_call_method(th = 0x229a58a4, cfp = 0x229a58b8, num = 586449168, blockptr = 0x22f482d4, flag = 586449616, id = 586449224, me = 0x22f48100, recv = 537705864), line 317 in "vm_insnhelper.c"
unnamed block in vm_exec_core(th = 0x00000001, initial = 570025340), line 1018 in "insns.def"
unnamed block in vm_exec_core(th = 0x00000001, initial = 570025340), line 1018 in "insns.def"
vm_exec_core(th = 0x00000001, initial = 570025340), line 1018 in "insns.def"
unnamed block in vm_exec(th = 0x225565f8), line 1236 in "vm.c"
unnamed block in vm_exec(th = 0x225565f8), line 1236 in "vm.c"
vm_exec(th = 0x225565f8), line 1236 in "vm.c"
rb_yield(val = 580541480), line 648 in "vm.c"
rb_ary_each(array = 3568469004), line 1495 in "array.c"
vm_call_method(th = 0x229975b0, cfp = 0x2299a198, num = 1, blockptr = 0x2298d09c, flag = 550528788, id = 3, me = 0x12e20067, recv = 1), line 320 in "vm_insnhelper.c"
unnamed block in vm_exec_core(th = (nil), initial = 0), line 1018 in "insns.def"
unnamed block in vm_exec_core(th = (nil), initial = 0), line 1018 in "insns.def"
vm_exec_core(th = (nil), initial = 0), line 1018 in "insns.def"
unnamed block in vm_exec(th = 0x225565f8), line 1236 in "vm.c"
unnamed block in vm_exec(th = 0x225565f8), line 1236 in "vm.c"
vm_exec(th = 0x225565f8), line 1236 in "vm.c"
rb_vm_invoke_proc(th = 0x225565f8, proc = 0x222899e8, self = 577397360, argc = 0, argv = 0x2298dd24, blockptr = (nil)), line 640 in "vm.c"
thread_start_func_2(th = 0x225565f8, stack_start = (nil)), line 460 in "thread.c"
unnamed block in thread_start_func_1(th_ptr = (nil)), line 654 in "thread_pthread.c"
thread_start_func_1(th_ptr = (nil)), line 654 in "thread_pthread.c"
(dbx)

#3 Updated by Yui NARUSE about 2 years ago

  • Assignee set to Yutaka Kanemoto
  • Target version set to 2.1.0
  • Backport changed from 1.9.3: UNKNOWN, 2.0.0: UNKNOWN to 1.9.3: REQUIRED, 2.0.0: REQUIRED

#4 Updated by Kaustubh D over 1 year ago

We are facing similar issue (similar stack trace) in our tests. Our observation is, if we build ruby in non-optimized mode or 'even if we have ruby optimized (-O) but gc.c built without optimization' we do not see core dump. This might indicate that some code in gc.c is getting optimized away that leads to this issue.

It core dumps randomly but most of the times within st_lookup. We are not able to reproduce with a simple program yet.

Illegal instruction (illegal opcode) in . at 0x0 ($t1102)
warning: Unable to access address 0x0 from core
(dbx) where
.() at 0x0
st_lookup() at 0x9000000009fcb30
vm.rb_eval_string_wrap.search_method@AF293_120() at 0x9000000009df2a0
rb_method_entry_get_without_cache() at 0x9000000009d207c
vm_exec_core() at 0x9000000009cb79c
vm_exec() at 0x9000000009c4488
rb_vm_invoke_proc() at 0x9000000009d1518
thread_start_func_2() at 0x900000000a2ad2c
thread.native_thread_create.thread_start_func_1() at 0x900000000a299e8

Not sure if this is anyway related, but found issue which happened in optimized builds of ruby but non-optimized had worked. http://bugs.ruby-lang.org/issues/5244. The fix of this issue #5244 relied on "register window" concept but it seems that 'register window' does not apply to power architecture.

Any inputs from ruby core team might be helpful. Thanks in advance.

#5 Updated by Kaustubh D over 1 year ago

Additional input, an SBR (stack array bounds read) was reported in mark_locations_array. for example see the attachment.

#6 Updated by Kaustubh D over 1 year ago

This turns out to be issue related to optimization, we were able to workaround this using ruby compiled with xlc flags "-O -qhot". Hope it helps someone. Thanks!!

#7 Updated by Hiroshi SHIBATA over 1 year ago

  • Target version changed from 2.1.0 to current: 2.2.0

Also available in: Atom PDF