Forum: Ruby-core [ruby-trunk - Bug #8080][Open] Segfault in rb_fd_set

Issue #8080 has been reported by jonleighton (Jon Leighton).

----------------------------------------
Bug #8080: Segfault in rb_fd_set
https://bugs.ruby-lang.org/issues/8080

Author: jonleighton (Jon Leighton)
Status: Open
Priority: Normal
Assignee:
Category:
Target version:
ruby -v: ruby 2.0.0p0 (2013-02-24 revision 39474) [x86_64-linux]


I have experienced a segfault with Ruby 2 during an IO.select call:

See https://travis-ci.org/jonleighton/spring/jobs/5393025 or 
https://gist.github.com/jonleighton/5147785 to see the crash output.

I cannot reproduce on a different version of Linux (Fedora). However I 
was able to reproduce by downloading a VM image of the Travis CI 
environment and running the code on there (see 
http://pivotallabs.com/debugging-travis-builds/ for how to do that).

I tried to produce a simple script to reproduce, but without success. I 
also tried to build Ruby 2 with debugging symbols, but this did not 
produce the crash. I'm not sure why - perhaps related to compiler 
optimisations.

I found a workaround for the crash with 
https://github.com/jonleighton/spring/commit/c8a7a....

"jonleighton (Jon Leighton)" <j@jonathanleighton.com> wrote:
> I have experienced a segfault with Ruby 2 during an IO.select call:
>
> See https://travis-ci.org/jonleighton/spring/jobs/5393025 or 
https://gist.github.com/jonleighton/5147785 to see the crash output.
>
> I cannot reproduce on a different version of Linux (Fedora). However I was able 
to reproduce by downloading a VM image of the Travis CI environment and running 
the code on there (see http://pivotallabs.com/debugging-travis-builds/ for how to 
do that).
>
> I tried to produce a simple script to reproduce, but without success. I also 
tried to build Ruby 2 with debugging symbols, but this did not produce the crash. 
I'm not sure why - perhaps related to compiler optimisations.
>
> I found a workaround for the crash with 
https://github.com/jonleighton/spring/commit/c8a7a....

Looking at your workaround, I think a better one is "watcher.to_io"
method needs to memoize its return value.

I think Ruby expects the return value of obj.to_io to be persistent
for the lifetime of obj.

Making IO.select cache the value of to_io internally might be alright...

Issue #8080 has been updated by kosaki (Motohiro KOSAKI).

Category set to core
Status changed from Open to Assigned
Assignee set to kosaki (Motohiro KOSAKI)
Target version set to current: 2.1.0


----------------------------------------
Bug #8080: Segfault in rb_fd_set
https://bugs.ruby-lang.org/issues/8080#change-37557

Author: jonleighton (Jon Leighton)
Status: Assigned
Priority: Normal
Assignee: kosaki (Motohiro KOSAKI)
Category: core
Target version: current: 2.1.0
ruby -v: ruby 2.0.0p0 (2013-02-24 revision 39474) [x86_64-linux]


I have experienced a segfault with Ruby 2 during an IO.select call:

See https://travis-ci.org/jonleighton/spring/jobs/5393025 or 
https://gist.github.com/jonleighton/5147785 to see the crash output.

I cannot reproduce on a different version of Linux (Fedora). However I 
was able to reproduce by downloading a VM image of the Travis CI 
environment and running the code on there (see 
http://pivotallabs.com/debugging-travis-builds/ for how to do that).

I tried to produce a simple script to reproduce, but without success. I 
also tried to build Ruby 2 with debugging symbols, but this did not 
produce the crash. I'm not sure why - perhaps related to compiler 
optimisations.

I found a workaround for the crash with 
https://github.com/jonleighton/spring/commit/c8a7a....

Issue #8080 has been updated by jonleighton (Jon Leighton).


normalperson (Eric Wong) wrote:
>  Looking at your workaround, I think a better one is "watcher.to_io"
>  method needs to memoize its return value.
>
>  I think Ruby expects the return value of obj.to_io to be persistent
>  for the lifetime of obj.
>
>  Making IO.select cache the value of to_io internally might be alright...

It seems that IO.select *does* cache the value of to_io internally. At 
least that seems to be the case from 
https://gist.github.com/jonleighton/5172263.

Running the script prints "to_io" once and then hangs.
----------------------------------------
Bug #8080: Segfault in rb_fd_set
https://bugs.ruby-lang.org/issues/8080#change-37643

Author: jonleighton (Jon Leighton)
Status: Assigned
Priority: Normal
Assignee: kosaki (Motohiro KOSAKI)
Category: core
Target version: current: 2.1.0
ruby -v: ruby 2.0.0p0 (2013-02-24 revision 39474) [x86_64-linux]


I have experienced a segfault with Ruby 2 during an IO.select call:

See https://travis-ci.org/jonleighton/spring/jobs/5393025 or 
https://gist.github.com/jonleighton/5147785 to see the crash output.

I cannot reproduce on a different version of Linux (Fedora). However I 
was able to reproduce by downloading a VM image of the Travis CI 
environment and running the code on there (see 
http://pivotallabs.com/debugging-travis-builds/ for how to do that).

I tried to produce a simple script to reproduce, but without success. I 
also tried to build Ruby 2 with debugging symbols, but this did not 
produce the crash. I'm not sure why - perhaps related to compiler 
optimisations.

I found a workaround for the crash with 
https://github.com/jonleighton/spring/commit/c8a7a....

"jonleighton (Jon Leighton)" <j@jonathanleighton.com> wrote:
> It seems that IO.select *does* cache the value of to_io internally. At least 
that seems to be the case from https://gist.github.com/jonleighton/5172263.
>
> Running the script prints "to_io" once and then hangs.

That's because nothing else is running while IO.select is running.
IO.select does not cache, it accesses once the data once.
See comments below:

---------------------------------8<-------------------------------
class Foo
  def to_io
    puts "to_io"
    IO.pipe.first
   end
end
n = 0

trap(:USR1) { n += 1 }

# Generate garbage to trigger GC, and then EINTR for select()
Thread.new do
  loop do
    # make some garbage here
    (1..1000000).each { |z| z.to_s.dup }
    puts "KILL #{n}"
    Process.kill("USR1", $$)
  end
end

# This will now return empty arrays
# If you swap Foo.new for $stdin, this will never return (as expected)
p IO.select([Foo.new])
---------------------------------8<-------------------------------

Issue #8080 has been updated by kosaki (Motohiro KOSAKI).


Hi nagachika-sanm

You need backport 39777, 39779, 39781 and 39783 too.
----------------------------------------
Backport #8080: Segfault in rb_fd_set
https://bugs.ruby-lang.org/issues/8080#change-37667

Author: jonleighton (Jon Leighton)
Status: Assigned
Priority: High
Assignee: nagachika (Tomoyuki Chikanaga)
Category:
Target version:


I have experienced a segfault with Ruby 2 during an IO.select call:

See https://travis-ci.org/jonleighton/spring/jobs/5393025 or 
https://gist.github.com/jonleighton/5147785 to see the crash output.

I cannot reproduce on a different version of Linux (Fedora). However I 
was able to reproduce by downloading a VM image of the Travis CI 
environment and running the code on there (see 
http://pivotallabs.com/debugging-travis-builds/ for how to do that).

I tried to produce a simple script to reproduce, but without success. I 
also tried to build Ruby 2 with debugging symbols, but this did not 
produce the crash. I'm not sure why - perhaps related to compiler 
optimisations.

I found a workaround for the crash with 
https://github.com/jonleighton/spring/commit/c8a7a....

Issue #8080 has been updated by nagachika (Tomoyuki Chikanaga).


r39772-r39775, r39777, r39779, r39781 and r39783 are backported.
I also merged r39160, r39162, r39174, r39198 and r39200 for clean merge 
of configure.in.
----------------------------------------
Backport #8080: Segfault in rb_fd_set
https://bugs.ruby-lang.org/issues/8080#change-37766

Author: jonleighton (Jon Leighton)
Status: Closed
Priority: High
Assignee: nagachika (Tomoyuki Chikanaga)
Category:
Target version:


I have experienced a segfault with Ruby 2 during an IO.select call:

See https://travis-ci.org/jonleighton/spring/jobs/5393025 or 
https://gist.github.com/jonleighton/5147785 to see the crash output.

I cannot reproduce on a different version of Linux (Fedora). However I 
was able to reproduce by downloading a VM image of the Travis CI 
environment and running the code on there (see 
http://pivotallabs.com/debugging-travis-builds/ for how to do that).

I tried to produce a simple script to reproduce, but without success. I 
also tried to build Ruby 2 with debugging symbols, but this did not 
produce the crash. I'm not sure why - perhaps related to compiler 
optimisations.

I found a workaround for the crash with 
https://github.com/jonleighton/spring/commit/c8a7a....

Issue #8080 has been updated by znz (Kazuhiro NISHIYAMA).

Status changed from Closed to Assigned

This backport to ruby_1_9_3 is not enough.
Build failed on Mac.
see https://gist.github.com/hsbt/5263190

----------------------------------------
Backport #8080: Segfault in rb_fd_set
https://bugs.ruby-lang.org/issues/8080#change-38003

Author: jonleighton (Jon Leighton)
Status: Assigned
Priority: High
Assignee: usa (Usaku NAKAMURA)
Category:
Target version:


I have experienced a segfault with Ruby 2 during an IO.select call:

See https://travis-ci.org/jonleighton/spring/jobs/5393025 or 
https://gist.github.com/jonleighton/5147785 to see the crash output.

I cannot reproduce on a different version of Linux (Fedora). However I 
was able to reproduce by downloading a VM image of the Travis CI 
environment and running the code on there (see 
http://pivotallabs.com/debugging-travis-builds/ for how to do that).

I tried to produce a simple script to reproduce, but without success. I 
also tried to build Ruby 2 with debugging symbols, but this did not 
produce the crash. I'm not sure why - perhaps related to compiler 
optimisations.

I found a workaround for the crash with 
https://github.com/jonleighton/spring/commit/c8a7a....