Regularly segfaults on ruby-1.9.3-p385

[ConradIrwin]

To reproduce:

git clone http://github.com/ConradIrwin/lspace
bundle
rspec

Will segfault reliably.

[banister]

it would be interesting to the diff b/w p187 and the previous patchlevel, im guessing it doesnt' segv on the previous one?

[banister]

also, i can't get it to segfault on ruby 2.0, can you confirm this too? (rc2)

[envygeeks]

FWIW I've not been able to get it to segfault on 2.0 since the update.

[plindelauf]

I've had mostly segmentation faults as well on Ruby 1.9.3-p192 and 1.9.3-p392 in Mac OS X 10.8.2. I've had no faults running rspec since I removed binding_of_caller from my Gemfile. Version 0.7.1.

[donnfelker]

I"m also getting this quite reliably (3/5 runs with rspec). Ruby versions: 1.9.3-p125 and 1.9.3-p396 Removed the gem, presto, issue gone.

[cmaujean]

With this gem I get segfaults when running rspec / jasmine:ci in 1.9.3-p392, without it, none.

[badosu]

@donnfelker @cmaujean @ConradIrwin

Do you have any indication of what triggers the segfault?

A simple repro would really help a lot in this case.

[ConradIrwin]

@badosu: I think it's some kind of use-after-free bug (GC.disable fixes it completely, and it's apparently non-deterministic). The lspace project has a binding_of_caller_segfault branch which was triggering it reasonably reliably when I opened this bug (doesn't seem to trigger on -p392 now I test though :/).

A while back I started trying to trace this through, and the segfault was somewhere deep inside rb_vm_make_env_object, but I ran out of time at that point and haven't summoned up enough energy to try again.

Getting into the realms of superstition, at one point we thought we had a link between binding stacks that included top-level blocks (which are pervasive in rspec) and segfaults; but I'm not convinced that was any more than coincidence.

[RISCfuture]

Same deal here, I can get a reliable segfault using p429 on https://github.com/SquareSquash/ruby/tree/segfault (bundle ; rake).

C backtrace (excerpt):

6   libruby.1.9.1.dylib             0x000000010a8a36c5 rb_vm_make_proc + 389 (vm.c:554)
7   libruby.1.9.1.dylib             0x000000010a8a3bde rb_vm_make_env_object + 350 (vm.c:555)
8   binding_of_caller.bundle        0x000000010af7d713 binding_of_caller + 275 (binding_of_caller.c:152)

Ruby backtrace (excerpt):

c:0037 p:---- s:0140 b:0140 l:000139 d:000139 CFUNC  :callers
c:0036 p:0064 s:0137 b:0137 l:000c00 d:001f30 LAMBDA /Documents/Projects/OpenSquash/ruby/lib/squash/ruby/exception_additions.rb:65
c:0035 p:---- s:0134 b:0134 l:000133 d:000133 FINISH
c:0034 p:0065 s:0132 b:0132 l:002148 d:002148 METHOD /Documents/Projects/OpenSquash/ruby/lib/squash/ruby.rb:238
c:0033 p:0021 s:0127 b:0127 l:002290 d:002290 METHOD /Documents/Projects/OpenSquash/ruby/lib/squash/ruby/exception_additions.rb:48
c:0032 p:0063 s:0123 b:0123 l:0023e8 d:0023e8 METHOD /Documents/Projects/OpenSquash/ruby/lib/squash/ruby/exception_additions.rb:37
c:0031 p:0023 s:0118 b:0118 l:000b38 d:0025c8 LAMBDA /Documents/Projects/OpenSquash/ruby/spec/squash_ruby/exception_additions_spec.rb:34

[badosu]

Thank you!

I am gonna check it out!

[badosu]

@ConradIrwin Just tested the repro you`ve shown in master and it worked. Do you still have this issue using master?

[ConradIrwin]

@badosu only on ruby 1.9.3-p385. on 1.9.3-p392 it works. I'm not sure whether it's worth investigating on -p385; it might be best to use @RISCfuture's example which is apparently reliable on latest ruby (though I think the cause will be the same).

[squiter]

I get a SegFault using Ruby 1.9.3-p392 when I run my specs. I'm using: Rails 3.2.13 Rspec 2.11 binding_of_caller 0.7.1

[badosu]

@ConradIrwin I tested your repo on 1.9.3-p385 as well. Strange.

@RISCfuture I tested yours in 1.8.7-p371 and 1.9.3-p385 in the branch segfault. You meant 1.9.3-p429? I could not install it with rvm, will compile it later.

Maybe it is specific to OSX?

[squiter]

Maybe you're right, I'm in OS X.

[badosu]

@ConradIrwin , @RISCfuture Are you on OSX?

[ConradIrwin]

yes

[RISCfuture]

yep

[badosu]

Ok, I will try to test it on a OSX box then, thanks!

[docwhat]

I'm able to reproduce this on CentOS 6.4 and ruby 1.9.3-p448 with binding_of_caller v0.7.4. Just a data point.

[docwhat]

Interestingly, if I run:

bundle exec rspec

I get the SegFault.

However, if I run:

bundle exec rspec | cat

I do not!

Here's my traceback (from OSX), in case you're interested:

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   libsystem_kernel.dylib          0x00007fff86102212 __pthread_kill + 10
1   libsystem_c.dylib               0x00007fff8a616b54 pthread_kill + 90
2   libsystem_c.dylib               0x00007fff8a65adce abort + 143
3   ruby                            0x0000000103ae3999 rb_bug + 185
4   ruby                            0x0000000103b88ccf sigsegv + 79
5   libsystem_c.dylib               0x00007fff8a60394a _sigtramp + 26
6   ruby                            0x0000000103be48f6 rb_vm_make_env_object + 54
7   binding_of_caller.bundle        0x00000001043b058d binding_of_caller + 365
8   binding_of_caller.bundle        0x00000001043b0888 callers + 72
9   ruby                            0x0000000103be2d20 call_cfunc + 112
10  ruby                            0x0000000103bedb8a vm_call_method + 762
11  ruby                            0x0000000103be97f5 vm_exec_core + 11989
12  ruby                            0x0000000103bee4fe vm_exec + 94

I'm willing to help track this down, if you want it.

[pallymore]

I'm having the same issue with ruby 1.9.3-p392, rails 3.2.13, rspec 2.13.1 when running 'rake jasmine:ci' (jasmine_gem version: 1.3.2)

osx 10.8.4

[bomberby]

I'm having this problem on Ubuntu 13.04, while my other computer with ubunto 12.04 LTS does not have this problem. ruby 1.9.2-p290

[badosu]

@pallymore @bomberby @docwhat

Could you share any info on how to reproduce this?

It is so frustrating... I just tried a lot of rubies, including 193-p392, 192-p290, 193-p448 on lspace and SquareSquash.

@bomberby I am using 13.04 as well. Maybe it could be related with some installed lib?

[ConradIrwin]

@badosu I re-ran my test with ruby-p185 and lspace's branch. It doesn't seem to segfault... I've updated my operating system (which shouldn't have much effect), and I'm probably using a different version of bundler (which might have some effect), but otherwise everything should be the same as before.

I even tried setting GC.stress = true, which would imply that it's not just as use-after-free as I thought.

[kyrylo]

@docwhat, the latest version of binding_of_caller is v0.7.2.

I'm using Arch Linux x64. I tried to reproduce this bug (without luck) on these rubies:

   ruby-1.9.3-p105
   ruby-1.9.3-p194
   ruby-1.9.3-p286
   ruby-1.9.3-p327
   ruby-1.9.3-p362
   ruby-1.9.3-p374
   ruby-1.9.3-p385
   ruby-1.9.3-p392
   ruby-1.9.3-p429
   ruby-1.9.3-p448
   ruby-2.0.0-p247

LSpace showed no segfaults. SquareSquash/ruby works on Ruby v2.0.0, but errors (not segfaults) on all listed rubies.

[kyrylo]

@bomberby, is your Ubuntu 13.04 32-bit or 64-bit?

[bomberby]

Both are 64-bit

[stewartmatheson]

@plindelauf when you say removed from your gem file do mean a line from the Gemfile it's self or do mean remove it from your bundle?

[etagwerker]

I've found this issue intermittently with ruby-1.9.3-p448 and binding_of_caller (0.7.2)

If I use the version in master the segfault seems to go away.

[kyrylo]

On Thu, 17 Oct 2013 12:22:40 -0700 Ernesto Tagwerker [email protected] wrote:

I've found this issue intermittently with ruby-1.9.3-p448 and binding_of_caller (0.7.2)

If I use the version in master the segfault seems to go away.

Thanks for the information. However, what do you use in order to reproduce it? Can you share it?