SEGV after SEGV

Issue #10389 has been updated by Akira T…

r47971 でも以下のように発生します。

% ./miniruby -e 'Process.kill(:SEGV, $$)'
-e:1: [BUG] Segmentation fault at 0x0003e80000389f
ruby 2.2.0dev (2014-10-16 trunk 47971) [x86_64-linux]

-- Control frame information 
-----------------------------------------------
c:0003 p:---- s:0009 e:000008 CFUNC  :kill
c:0002 p:0015 s:0004 E:0007f0 EVAL   -e:1 [FINISH]
c:0001 p:0000 s:0002 E:000e60 TOP    [FINISH]

-- Ruby level backtrace information 
----------------------------------------
-e:1:in `<main>'
zsh: segmentation fault  ./miniruby -e 'Process.kill(:SEGV, $$)'

問題が発生した場合は SIGSEGV、発生しなかった場合は SIGABRT で終わるので以下のように数えると、
手元の Debian GNU/Linux (jessie) では、だいたい 20% くらいの確率で発生するようです。

% ./ruby -e '1000.times { system("./miniruby", "-e", 
"Process.kill(:SEGV, $$)", :err => "/dev/null"); puts 
Signal.signame($?.termsig) }'|sort|uniq -c
    798 ABRT
    202 SEGV
% ./miniruby -v
ruby 2.2.0dev (2014-10-16 trunk 47971) [x86_64-linux]

---

Bug #10389: SEGV after SEGV

• Author: Akira T.
• Status: Feedback
• Priority: Normal
• Assignee: Nobuyoshi N.
• Category: core
• Target version: current: 2.2.0
• ruby -v: ruby 2.2.0dev (2014-10-15 trunk 47951) [x86_64-linux]
• Backport: 2.0.0: UNKNOWN, 2.1: UNKNOWN

---

最近、SEGV したときに、さらに SEGV することがあります。

% ./miniruby -e 'Process.kill(:SEGV, $$)'
-e:1: [BUG] Segmentation fault at 0x0003e800003c63
ruby 2.2.0dev (2014-10-15 trunk 47951) [x86_64-linux]

-- Control frame information 
-----------------------------------------------
c:0003 p:---- s:0009 e:000008 CFUNC  :kill
c:0002 p:0015 s:0004 E:000080 EVAL   -e:1 [FINISH]
c:0001 p:0000 s:0002 E:0006f0 TOP    [FINISH]

-- Ruby level backtrace information 
----------------------------------------
-e:1:in `<main>'
zsh: segmentation fault  ./miniruby -e 'Process.kill(:SEGV, $$)'

gdb で動かしてみると、RSTRING_PTR に 0 を渡しているようです。

% gdb miniruby
GNU gdb (Debian 7.7.1+dfsg-3) 7.7.1
Copyright (C) 2014 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later 
<http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show 
copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from miniruby...done.
(gdb) run -e 'Process.kill(:SEGV, $$)'
Starting program: /home/ruby/tst1/ruby/miniruby -e 'Process.kill(:SEGV, 
$$)'
[Thread debugging using libthread_db enabled]
Using host libthread_db library 
"/lib/x86_64-linux-gnu/libthread_db.so.1".
[New Thread 0x7ffff7ff5700 (LWP 15526)]

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff6e8d347 in kill () at ../sysdeps/unix/syscall-template.S:81
81  ../sysdeps/unix/syscall-template.S: そのようなファイルやディレクトリはありません.
(gdb) c
Continuing.
-e:1: [BUG] Segmentation fault at 0x0003e800003ca2
ruby 2.2.0dev (2014-10-15 trunk 47951) [x86_64-linux]

-- Control frame information 
-----------------------------------------------
c:0003 p:---- s:0009 e:000008 CFUNC  :kill
c:0002 p:0015 s:0004 E:0014e0 EVAL   -e:1 [FINISH]
c:0001 p:0000 s:0002 E:001ac0 TOP    [FINISH]

-- Ruby level backtrace information 
----------------------------------------
-e:1:in `<main>'

Program received signal SIGSEGV, Segmentation fault.
0x000055555572f64c in oldbt_bugreport (arg=0x555555a8a78c, 
file=93824997590200, line=1, method=0) at vm_backtrace.c:759
759    fprintf(stderr, "%s:%d:in `%s'\n", filename, line, 
RSTRING_PTR(method));
(gdb) p filename
$1 = 0x555555a704c8 "-e"
(gdb) p line
$2 = 1
(gdb) p method
$3 = 0
(gdb)

CI の履歴をみると、おそらく r47914 あたりからな気がします。
http://chkbuild002.hsbt.org/chkbuild/ruby-trunk/log/20141014T080011Z.diff.html.gz