Forum: Ruby-core Segfault on successive stack overflows

F1d6cc2b735bfd82c8773172da2aeab9?d=identicon&s=25 Nobuyoshi Nakada (nobu)
on 2012-12-13 14:11
(Received via mailing list)
Issue #4492 has been updated by nobu (Nobuyoshi Nakada).

Description updated


----------------------------------------
Bug #4492: Segfault on successive stack overflows
https://bugs.ruby-lang.org/issues/4492#change-34701

Author: catwell (Pierre Chapuis)
Status: Feedback
Priority: Normal
Assignee: ko1 (Koichi Sasada)
Category:
Target version: next minor
ruby -v: ruby 1.9.2p136 (2010-12-25 revision 30365)
[x86_64-darwin10.6.0]


=begin
On a Mac, this snippet crashes Ruby:

 def f(*x); end
 begin
   f(*(0..120000))
 rescue
   nil
 end
 f(*(0..120000))

Here is the result when run with ruby:

 segfaulter.rb:7: [BUG] Segmentation fault
 ruby 1.9.2p136 (2010-12-25 revision 30365) [x86_64-darwin10.6.0]

 -- control frame ----------
 c:0003 p:0048 s:120009 b:0006 l:0014e8 d:000c08 EVAL   segfaulter.rb:7
 c:0002 p:---- s:0004 b:0004 l:000003 d:000003 FINISH
 c:0001 p:0000 s:0002 b:0002 l:0014e8 d:0014e8 TOP
 ---------------------------
 -- Ruby level backtrace information
----------------------------------------
 segfaulter.rb:7:in `<main>'

 -- C level backtrace information
-------------------------------------------

 [NOTE]
 You may have encountered a bug in the Ruby interpreter or extension
libraries.
 Bug reports are welcome.
 For details: http://www.ruby-lang.org/bugreport.html

 Abort trap

Here is the result in irb:

 ruby-1.9.2-p136 :001 > def f(*x); end
  => nil
 ruby-1.9.2-p136 :002 > begin
 ruby-1.9.2-p136 :003 >       f(*(0..120000))
 ruby-1.9.2-p136 :004?>   rescue
 ruby-1.9.2-p136 :005?>     nil
 ruby-1.9.2-p136 :006?>   end
  => nil
 ruby-1.9.2-p136 :007 > f(*(0..120000))
 (irb):7: [BUG] Bus Error
 ruby 1.9.2p136 (2010-12-25 revision 30365) [x86_64-darwin10.6.0]

 -- control frame ----------
 c:0023 p:0013 s:120084 b:0082 l:001af8 d:000081 EVAL   (irb):7
 c:0022 p:---- s:0080 b:0080 l:000079 d:000079 FINISH
 c:0021 p:---- s:0078 b:0078 l:000077 d:000077 CFUNC  :eval
 c:0020 p:0028 s:0071 b:0071 l:000070 d:000070 METHOD
/Users/pierre/.rvm/rubies/ruby-1.9.2-p136/lib/ruby/1.9.1/irb/workspace.rb:80
 c:0019 p:0033 s:0064 b:0063 l:000062 d:000062 METHOD
/Users/pierre/.rvm/rubies/ruby-1.9.2-p136/lib/ruby/1.9.1/irb/context.rb:254
 c:0018 p:0031 s:0058 b:0058 l:0007a8 d:000057 BLOCK
/Users/pierre/.rvm/rubies/ruby-1.9.2-p136/lib/ruby/1.9.1/irb.rb:159
 c:0017 p:0042 s:0050 b:0050 l:000049 d:000049 METHOD
/Users/pierre/.rvm/rubies/ruby-1.9.2-p136/lib/ruby/1.9.1/irb.rb:273
 c:0016 p:0011 s:0045 b:0045 l:0007a8 d:000044 BLOCK
/Users/pierre/.rvm/rubies/ruby-1.9.2-p136/lib/ruby/1.9.1/irb.rb:156
 c:0015 p:0144 s:0041 b:0041 l:000024 d:000040 BLOCK
/Users/pierre/.rvm/rubies/ruby-1.9.2-p136/lib/ruby/1.9.1/irb/ruby-lex.rb:243
 c:0014 p:---- s:0038 b:0038 l:000037 d:000037 FINISH
 c:0013 p:---- s:0036 b:0036 l:000035 d:000035 CFUNC  :loop
 c:0012 p:0009 s:0033 b:0033 l:000024 d:000032 BLOCK
/Users/pierre/.rvm/rubies/ruby-1.9.2-p136/lib/ruby/1.9.1/irb/ruby-lex.rb:229
 c:0011 p:---- s:0031 b:0031 l:000030 d:000030 FINISH
 c:0010 p:---- s:0029 b:0029 l:000028 d:000028 CFUNC  :catch
 c:0009 p:0023 s:0025 b:0025 l:000024 d:000024 METHOD
/Users/pierre/.rvm/rubies/ruby-1.9.2-p136/lib/ruby/1.9.1/irb/ruby-lex.rb:228
 c:0008 p:0046 s:0022 b:0022 l:0007a8 d:0007a8 METHOD
/Users/pierre/.rvm/rubies/ruby-1.9.2-p136/lib/ruby/1.9.1/irb.rb:155
 c:0007 p:0011 s:0019 b:0019 l:000bd8 d:000018 BLOCK
/Users/pierre/.rvm/rubies/ruby-1.9.2-p136/lib/ruby/1.9.1/irb.rb:70
 c:0006 p:---- s:0017 b:0017 l:000016 d:000016 FINISH
 c:0005 p:---- s:0015 b:0015 l:000014 d:000014 CFUNC  :catch
 c:0004 p:0183 s:0011 b:0011 l:000bd8 d:000bd8 METHOD
/Users/pierre/.rvm/rubies/ruby-1.9.2-p136/lib/ruby/1.9.1/irb.rb:69
 c:0003 p:0142 s:0006 b:0006 l:0014e8 d:001078 EVAL
/Users/pierre/.rvm/rubies/ruby-1.9.2-p136/bin/irb:16
 c:0002 p:---- s:0004 b:0004 l:000003 d:000003 FINISH
 c:0001 p:0000 s:0002 b:0002 l:0014e8 d:0014e8 TOP
 ---------------------------
 -- Ruby level backtrace information
----------------------------------------
 /Users/pierre/.rvm/rubies/ruby-1.9.2-p136/bin/irb:16:in `<main>'
 /Users/pierre/.rvm/rubies/ruby-1.9.2-p136/lib/ruby/1.9.1/irb.rb:69:in
`start'
 /Users/pierre/.rvm/rubies/ruby-1.9.2-p136/lib/ruby/1.9.1/irb.rb:69:in
`catch'
 /Users/pierre/.rvm/rubies/ruby-1.9.2-p136/lib/ruby/1.9.1/irb.rb:70:in
`block in start'
 /Users/pierre/.rvm/rubies/ruby-1.9.2-p136/lib/ruby/1.9.1/irb.rb:155:in
`eval_input'
 /Users/pierre/.rvm/rubies/ruby-1.9.2-p136/lib/ruby/1.9.1/irb/ruby-lex.rb:228:in
`each_top_level_statement'
 /Users/pierre/.rvm/rubies/ruby-1.9.2-p136/lib/ruby/1.9.1/irb/ruby-lex.rb:228:in
`catch'
 /Users/pierre/.rvm/rubies/ruby-1.9.2-p136/lib/ruby/1.9.1/irb/ruby-lex.rb:229:in
`block in each_top_level_statement'
 /Users/pierre/.rvm/rubies/ruby-1.9.2-p136/lib/ruby/1.9.1/irb/ruby-lex.rb:229:in
`loop'
 /Users/pierre/.rvm/rubies/ruby-1.9.2-p136/lib/ruby/1.9.1/irb/ruby-lex.rb:243:in
`block (2 levels) in each_top_level_statement'
 /Users/pierre/.rvm/rubies/ruby-1.9.2-p136/lib/ruby/1.9.1/irb.rb:156:in
`block in eval_input'
 /Users/pierre/.rvm/rubies/ruby-1.9.2-p136/lib/ruby/1.9.1/irb.rb:273:in
`signal_status'
 /Users/pierre/.rvm/rubies/ruby-1.9.2-p136/lib/ruby/1.9.1/irb.rb:159:in
`block (2 levels) in eval_input'
 /Users/pierre/.rvm/rubies/ruby-1.9.2-p136/lib/ruby/1.9.1/irb/context.rb:254:in
`evaluate'
 /Users/pierre/.rvm/rubies/ruby-1.9.2-p136/lib/ruby/1.9.1/irb/workspace.rb:80:in
`evaluate'
 /Users/pierre/.rvm/rubies/ruby-1.9.2-p136/lib/ruby/1.9.1/irb/workspace.rb:80:in
`eval'
 (irb):7:in `irb_binding'

 -- C level backtrace information
-------------------------------------------
 0   libruby.1.9.1.dylib                 0x0000000100180792
rb_vm_bugreport + 210
 1   libruby.1.9.1.dylib                 0x000000010003a614 report_bug +
372
 2   libruby.1.9.1.dylib                 0x000000010003a7d8 rb_bug + 200
 3   libruby.1.9.1.dylib                 0x00000001000fff42 sigbus + 18
 4   libSystem.B.dylib                   0x00007fff84c7767a _sigtramp +
26
 5   ???                                 0x00007fff5fbf7990 0x0 +
140734799772048
 6   libruby.1.9.1.dylib                 0x00000001001619b4
rb_thread_mark + 100
 7   libruby.1.9.1.dylib                 0x0000000100054924
gc_mark_children + 4036
 8   libruby.1.9.1.dylib                 0x0000000100054d77
gc_mark_children + 5143
 9   libruby.1.9.1.dylib                 0x0000000100055d81
mark_keyvalue + 465
 10  libruby.1.9.1.dylib                 0x0000000100108a50 st_foreach +
192
 11  libruby.1.9.1.dylib                 0x0000000100054831
gc_mark_children + 3793
 12  libruby.1.9.1.dylib                 0x00000001000555a9 mark_entry +
217
 13  libruby.1.9.1.dylib                 0x0000000100108a50 st_foreach +
192
 14  libruby.1.9.1.dylib                 0x0000000100054b5c
gc_mark_children + 4604
 15  libruby.1.9.1.dylib                 0x000000010005430e
gc_mark_children + 2478
 16  libruby.1.9.1.dylib                 0x000000010015cf65 iseq_mark +
293
 17  libruby.1.9.1.dylib                 0x0000000100054924
gc_mark_children + 4036
 18  libruby.1.9.1.dylib                 0x0000000100058188
mark_method_entry_i + 424
 19  libruby.1.9.1.dylib                 0x0000000100108a50 st_foreach +
192
 20  libruby.1.9.1.dylib                 0x0000000100054b34
gc_mark_children + 4564
 21  libruby.1.9.1.dylib                 0x000000010005430e
gc_mark_children + 2478
 22  libruby.1.9.1.dylib                 0x000000010015cf65 iseq_mark +
293
 23  libruby.1.9.1.dylib                 0x0000000100054924
gc_mark_children + 4036
 24  libruby.1.9.1.dylib                 0x0000000100054c95
gc_mark_children + 4917
 25  libruby.1.9.1.dylib                 0x000000010015cfa5 iseq_mark +
357
 26  libruby.1.9.1.dylib                 0x0000000100054924
gc_mark_children + 4036
 27  libruby.1.9.1.dylib                 0x0000000100054c95
gc_mark_children + 4917
 28  libruby.1.9.1.dylib                 0x000000010015cfa5 iseq_mark +
357
 29  libruby.1.9.1.dylib                 0x0000000100054924
gc_mark_children + 4036
 30  libruby.1.9.1.dylib                 0x0000000100058188
mark_method_entry_i + 424
 31  libruby.1.9.1.dylib                 0x0000000100108a50 st_foreach +
192
 32  libruby.1.9.1.dylib                 0x0000000100054b34
gc_mark_children + 4564
 33  libruby.1.9.1.dylib                 0x0000000100053ddf
gc_mark_children + 1151
 34  libruby.1.9.1.dylib                 0x00000001000555a9 mark_entry +
217
 35  libruby.1.9.1.dylib                 0x0000000100108a50 st_foreach +
192
 36  libruby.1.9.1.dylib                 0x0000000100054b5c
gc_mark_children + 4604
 37  libruby.1.9.1.dylib                 0x000000010005430e
gc_mark_children + 2478
 38  libruby.1.9.1.dylib                 0x000000010015cf65 iseq_mark +
293
 39  libruby.1.9.1.dylib                 0x0000000100054924
gc_mark_children + 4036
 40  libruby.1.9.1.dylib                 0x0000000100058188
mark_method_entry_i + 424
 41  libruby.1.9.1.dylib                 0x0000000100108a50 st_foreach +
192
 42  libruby.1.9.1.dylib                 0x0000000100054b34
gc_mark_children + 4564
 43  libruby.1.9.1.dylib                 0x00000001000555a9 mark_entry +
217
 44  libruby.1.9.1.dylib                 0x0000000100108a50 st_foreach +
192
 45  libruby.1.9.1.dylib                 0x0000000100054b5c
gc_mark_children + 4604
 46  libruby.1.9.1.dylib                 0x00000001000555a9 mark_entry +
217
 47  libruby.1.9.1.dylib                 0x00000001001089df st_foreach +
79
 48  libruby.1.9.1.dylib                 0x0000000100054b5c
gc_mark_children + 4604
 49  libruby.1.9.1.dylib                 0x0000000100053ddf
gc_mark_children + 1151
 50  libruby.1.9.1.dylib                 0x0000000100053ddf
gc_mark_children + 1151
 51  libruby.1.9.1.dylib                 0x000000010015cf95 iseq_mark +
341
 52  libruby.1.9.1.dylib                 0x0000000100054924
gc_mark_children + 4036
 53  libruby.1.9.1.dylib                 0x0000000100058188
mark_method_entry_i + 424
 54  libruby.1.9.1.dylib                 0x0000000100108a50 st_foreach +
192
 55  libruby.1.9.1.dylib                 0x0000000100054b34
gc_mark_children + 4564
 56  libruby.1.9.1.dylib                 0x00000001000555a9 mark_entry +
217
 57  libruby.1.9.1.dylib                 0x00000001001089df st_foreach +
79
 58  libruby.1.9.1.dylib                 0x0000000100054b5c
gc_mark_children + 4604
 59  libruby.1.9.1.dylib                 0x00000001000555a9 mark_entry +
217
 60  libruby.1.9.1.dylib                 0x00000001001089df st_foreach +
79
 61  libruby.1.9.1.dylib                 0x0000000100054b5c
gc_mark_children + 4604
 62  libruby.1.9.1.dylib                 0x0000000100053ddf
gc_mark_children + 1151
 63  libruby.1.9.1.dylib                 0x0000000100053ddf
gc_mark_children + 1151
 64  libruby.1.9.1.dylib                 0x0000000100053ddf
gc_mark_children + 1151
 65  libruby.1.9.1.dylib                 0x0000000100053ddf
gc_mark_children + 1151
 66  libruby.1.9.1.dylib                 0x0000000100058188
mark_method_entry_i + 424
 67  libruby.1.9.1.dylib                 0x00000001001089df st_foreach +
79
 68  libruby.1.9.1.dylib                 0x0000000100054b34
gc_mark_children + 4564
 69  libruby.1.9.1.dylib                 0x00000001000555a9 mark_entry +
217
 70  libruby.1.9.1.dylib                 0x00000001001089df st_foreach +
79
 71  libruby.1.9.1.dylib                 0x0000000100054b5c
gc_mark_children + 4604
 72  libruby.1.9.1.dylib                 0x00000001000555a9 mark_entry +
217
 73  libruby.1.9.1.dylib                 0x00000001001089df st_foreach +
79
 74  libruby.1.9.1.dylib                 0x0000000100054b5c
gc_mark_children + 4604
 75  libruby.1.9.1.dylib                 0x0000000100053ddf
gc_mark_children + 1151
 76  libruby.1.9.1.dylib                 0x0000000100053ddf
gc_mark_children + 1151
 77  libruby.1.9.1.dylib                 0x0000000100053ddf
gc_mark_children + 1151
 78  libruby.1.9.1.dylib                 0x0000000100053ddf
gc_mark_children + 1151
 79  libruby.1.9.1.dylib                 0x0000000100053ddf
gc_mark_children + 1151
 80  libruby.1.9.1.dylib                 0x00000001000572bc
garbage_collect + 4396
 81  libruby.1.9.1.dylib                 0x0000000100057906 vm_xmalloc +
150
 82  libruby.1.9.1.dylib                 0x000000010000bd4d ary_new +
221
 83  libruby.1.9.1.dylib                 0x000000010000c989 rb_ary_new4
+ 41
 84  libruby.1.9.1.dylib                 0x0000000100178551
vm_callee_setup_arg_complex + 225
 85  libruby.1.9.1.dylib                 0x000000010017c469
vm_call_method + 2921
 86  libruby.1.9.1.dylib                 0x0000000100167e54 vm_exec_core
+ 8260
 87  libruby.1.9.1.dylib                 0x000000010016faf3 vm_exec +
1507
 88  libruby.1.9.1.dylib                 0x0000000100170340
eval_string_with_cref + 880
 89  libruby.1.9.1.dylib                 0x0000000100170a62 rb_f_eval +
242
 90  libruby.1.9.1.dylib                 0x000000010017bca3
vm_call_method + 931
 91  libruby.1.9.1.dylib                 0x0000000100167e54 vm_exec_core
+ 8260
 92  libruby.1.9.1.dylib                 0x000000010016faf3 vm_exec +
1507
 93  libruby.1.9.1.dylib                 0x000000010017e031 loop_i + 561
 94  libruby.1.9.1.dylib                 0x000000010003f787 rb_rescue2 +
519
 95  libruby.1.9.1.dylib                 0x0000000100162d56 rb_f_loop +
54
 96  libruby.1.9.1.dylib                 0x000000010017bca3
vm_call_method + 931
 97  libruby.1.9.1.dylib                 0x0000000100167e54 vm_exec_core
+ 8260
 98  libruby.1.9.1.dylib                 0x000000010016faf3 vm_exec +
1507
 99  libruby.1.9.1.dylib                 0x000000010017dcb4 catch_i +
596
 100 libruby.1.9.1.dylib                 0x0000000100161f45 rb_catch_obj
+ 325
 101 libruby.1.9.1.dylib                 0x0000000100162c10 rb_f_catch +
48
 102 libruby.1.9.1.dylib                 0x000000010017bca3
vm_call_method + 931
 103 libruby.1.9.1.dylib                 0x0000000100167e54 vm_exec_core
+ 8260
 104 libruby.1.9.1.dylib                 0x000000010016faf3 vm_exec +
1507
 105 libruby.1.9.1.dylib                 0x000000010017dcb4 catch_i +
596
 106 libruby.1.9.1.dylib                 0x0000000100161f45 rb_catch_obj
+ 325
 107 libruby.1.9.1.dylib                 0x0000000100162c10 rb_f_catch +
48
 108 libruby.1.9.1.dylib                 0x000000010017bca3
vm_call_method + 931
 109 libruby.1.9.1.dylib                 0x0000000100167e54 vm_exec_core
+ 8260
 110 libruby.1.9.1.dylib                 0x000000010016faf3 vm_exec +
1507
 111 libruby.1.9.1.dylib                 0x000000010016fdfb
rb_iseq_eval_main + 507
 112 libruby.1.9.1.dylib                 0x000000010003f9f2
ruby_exec_internal + 178
 113 libruby.1.9.1.dylib                 0x000000010004237c
ruby_run_node + 60
 114 ruby                                0x0000000100000ecf main + 79
 115 ruby                                0x0000000100000e74 start + 52
 116 ???                                 0x0000000000000002 0x0 + 2

 [NOTE]
 You may have encountered a bug in the Ruby interpreter or extension
libraries.
 Bug reports are welcome.
 For details: http://www.ruby-lang.org/bugreport.html

 Abort trap

I cannot reproduce this on a EC2 instance running Linux, where 'ruby -v'
gives:

 ruby 1.9.2p136 (2010-12-25 revision 30365) [x86_64-linux]
=end
This topic is locked and can not be replied to.