Project

General

Profile

Bug #12950

irb: 'input-method.rb:151: [BUG] Segmentation fault' / 'malloc(): smallbin double linked list corrupted'

Added by AYGHOR (dota? =op dota? =op) almost 3 years ago. Updated 26 days ago.

Status:
Third Party's Issue
Priority:
Normal
Assignee:
-
Target version:
-
ruby -v:
ruby 2.3.1p112 (2016-04-26 revision 54768) [x86_64-linux]
[ruby-core:78184]

Description

i'm getting stuff liek this:

/usr/lib/ruby/2.3.0/irb/input-method.rb:151: [BUG] Segmentation fault at 0x00000000000000
ruby 2.3.1p112 (2016-04-26 revision 54768) [x86_64-linux]

and this:

*** Error in `/usr/bin/ruby': malloc(): smallbin double linked list corrupted: 0x0000564c509fa040 ***

randomly on rails console. it seems readline-related.

i managed to reproduce by repeating commands until crash occurred, logs attached.


Files

ERORR2 (32.7 KB) ERORR2 AYGHOR (dota? =op dota? =op), 11/17/2016 08:45 PM
ERORR (255 KB) ERORR AYGHOR (dota? =op dota? =op), 11/17/2016 08:45 PM
ERORR3 (31.1 KB) ERORR3 AYGHOR (dota? =op dota? =op), 11/17/2016 09:31 PM
ERORR4 (12 KB) ERORR4 AYGHOR (dota? =op dota? =op), 11/17/2016 09:38 PM
.inputrc (43 Bytes) .inputrc ~/.inputrc AYGHOR (dota? =op dota? =op), 11/18/2016 03:40 PM
inputrc (1.68 KB) inputrc /etc/inputrc AYGHOR (dota? =op dota? =op), 11/18/2016 03:40 PM

Related issues

Related to Ruby master - Bug #8644: valgrind error in a readline testClosed07/16/2013Actions
Related to Ruby master - Bug #8749: Readline.readline stops STDOUT?Closed08/07/2013Actions
Related to Ruby master - Bug #9040: Readline duplicate file descriptors but doesn't close them Closed10/21/2013Actions

History

Updated by AYGHOR (dota? =op dota? =op) almost 3 years ago

  • Subject changed from readline-related segfaults to irb: 'input-method.rb:151: [BUG] Segmentation fault' / 'malloc(): smallbin double linked list corrupted'

Updated by AYGHOR (dota? =op dota? =op) almost 3 years ago

oh yea, my readline version: readline-6.3.008

Updated by AYGHOR (dota? =op dota? =op) almost 3 years ago

actually i just got:

*** Error in `/usr/bin/ruby': malloc(): smallbin double linked list corrupted: 0x0000560f0e10b090 ***

from just hitting CTRL+C a few tiems on rails console. could reproduce too, log attached.

Updated by AYGHOR (dota? =op dota? =op) almost 3 years ago

Copy of actually i just got:

*** Error in `irb': malloc(): smallbin double linked list corrupted: 0x0000556762bac3d0 ***

on plain irb, no rails. log attached

Updated by nobu (Nobuyoshi Nakada) almost 3 years ago

  • Status changed from Open to Feedback

I can't reproduce it with recent 2.3 and libreadline6-6.3-8ubuntu8.
Could you try 2.3.2?

Updated by AYGHOR (dota? =op dota? =op) almost 3 years ago

ok i traced down the problem to this line on my .inputrc

set enable-keypad on

i couldnt reproduce the issue after commenting it out. tested about ten tiems commenting/uncommenting and it was consistent.

inputrc attached.

Updated by AYGHOR (dota? =op dota? =op) almost 3 years ago

Nobuyoshi Nakada wrote:

I can't reproduce it with recent 2.3 and libreadline6-6.3-8ubuntu8.
Could you try 2.3.2?

in a few days, yes

Updated by AYGHOR (dota? =op dota? =op) over 2 years ago

dota? =op dota? =op wrote:

Nobuyoshi Nakada wrote:

I can't reproduce it with recent 2.3 and libreadline6-6.3-8ubuntu8.
Could you try 2.3.2?

in a few days, yes

it does happen on 2.3.2 too:

ruby 2.3.2p217 (2016-11-15 revision 56796) [x86_64-linux]

Updated by nobu (Nobuyoshi Nakada) over 2 years ago

dota? =op dota? =op wrote:

ok i traced down the problem to this line on my .inputrc

set enable-keypad on

I could reproduce it by the inputrc with recent 2.3 and trunk.
And libreadline7 seems same.

-- Machine register context ------------------------------------------------
 RIP: 0x00007fab18d798c5 RBP: 0x000000000000001b RSP: 0x00007ffd38e95040
 RAX: 0x0000000000000001 RBX: 0x000055f7ad3c96d0 RCX: 0x0000000000000000
 RDX: 0x0000000000000000 RDI: 0x00000000ffffffff RSI: 0x0000000000000000
  R8: 0x000055f7ad4868b0  R9: 0x0000000000000001 R10: 0x000055f7ad4848b0
 R11: 0x00007fab190beb58 R12: 0x0000000000000000 R13: 0x0000000000000001
 R14: 0x00000000acff2c01 R15: 0x000055f7acff2cd0 EFL: 0x0000000000010202

-- C level backtrace information -------------------------------------------
libruby.so.2.3(rb_vm_bugreport+0x4e8) [0x7fab192afa88] vm_dump.c:692
libruby.so.2.3(rb_bug_context+0xd4) [0x7fab19141034] error.c:435
libruby.so.2.3(sigsegv+0x3e) [0x7fab1921d4ce] signal.c:890
/lib/x86_64-linux-gnu/libc.so.6 [0x7fab18d32860]
/lib/x86_64-linux-gnu/libc.so.6(_IO_file_overflow@@GLIBC_2.2.5+0x45) [0x7fab18d798c5] fileops.c:864
/lib/x86_64-linux-gnu/libc.so.6(putc+0xdb) [0x7fab18d74e0b] putc.c:29
/lib/x86_64-linux-gnu/libtinfo.so.5(tputs+0x9b) [0x7fab17351bfb]
/lib/x86_64-linux-gnu/libreadline.so.6(rl_prep_terminal+0x2f5) [0x7fab1757e0f5]
/lib/x86_64-linux-gnu/libreadline.so.6(readline+0x31) [0x7fab17579501]
libruby.so.2.3(rb_protect+0xfb) [0x7fab1914a1bb] eval.c:883
readline.so(readline_readline+0x257) [0x7fab177afe07] readline.c:495
libruby.so.2.3(vm_call_cfunc+0x101) [0x7fab1929c741] vm_insnhelper.c:1642
libruby.so.2.3(vm_exec_core+0x1289) [0x7fab192a0f39] insns.def:994
libruby.so.2.3(vm_exec+0x7f) [0x7fab192a61cf] vm.c:1650
libruby.so.2.3(invoke_block_from_c_0+0x2dd) [0x7fab192a6f1d] vm.c:921
libruby.so.2.3(vm_invoke_proc+0xc3) [0x7fab192a6ff3] vm.c:996
libruby.so.2.3(vm_call_opt_call+0xa4) [0x7fab192a7c14] vm.c:1072
libruby.so.2.3(vm_exec_core+0x1289) [0x7fab192a0f39] insns.def:994
libruby.so.2.3(vm_exec+0x7f) [0x7fab192a61cf] vm.c:1650
libruby.so.2.3(loop_i+0x313) [0x7fab192abd73] vm.c:921
libruby.so.2.3(rb_rescue2+0xbe) [0x7fab19149eee] eval.c:815
libruby.so.2.3(vm_call_cfunc+0x101) [0x7fab1929c741] vm_insnhelper.c:1642
libruby.so.2.3(vm_call_method_each_type+0x5e) [0x7fab192a7cee] vm_insnhelper.c:2026
libruby.so.2.3(vm_call_method+0xe3) [0x7fab192a8243] vm_insnhelper.c:2176
libruby.so.2.3(vm_exec_core+0x11b8) [0x7fab192a0e68] insns.def:963
libruby.so.2.3(vm_exec+0x7f) [0x7fab192a61cf] vm.c:1650
libruby.so.2.3(invoke_block_from_c_0+0x2dd) [0x7fab192a6f1d] vm.c:921
libruby.so.2.3(catch_i+0x54) [0x7fab192a7374] vm.c:988
libruby.so.2.3(rb_catch_protect+0xaa) [0x7fab1929d1da] vm_eval.c:2016
libruby.so.2.3(rb_catch_obj+0xe) [0x7fab1929d2be] vm_eval.c:1995
libruby.so.2.3(rb_f_catch+0x2e) [0x7fab1929d36e] vm_eval.c:1981
libruby.so.2.3(vm_call_cfunc+0x101) [0x7fab1929c741] vm_insnhelper.c:1642
libruby.so.2.3(vm_call_method_each_type+0x5e) [0x7fab192a7cee] vm_insnhelper.c:2026
libruby.so.2.3(vm_call_method+0xe3) [0x7fab192a8243] vm_insnhelper.c:2176
libruby.so.2.3(vm_exec_core+0x11b8) [0x7fab192a0e68] insns.def:963
libruby.so.2.3(vm_exec+0x7f) [0x7fab192a61cf] vm.c:1650
libruby.so.2.3(invoke_block_from_c_0+0x2dd) [0x7fab192a6f1d] vm.c:921
libruby.so.2.3(catch_i+0x54) [0x7fab192a7374] vm.c:988
libruby.so.2.3(rb_catch_protect+0xaa) [0x7fab1929d1da] vm_eval.c:2016
libruby.so.2.3(rb_catch_obj+0xe) [0x7fab1929d2be] vm_eval.c:1995
libruby.so.2.3(rb_f_catch+0x2e) [0x7fab1929d36e] vm_eval.c:1981
libruby.so.2.3(vm_call_cfunc+0x101) [0x7fab1929c741] vm_insnhelper.c:1642
libruby.so.2.3(vm_call_method_each_type+0x5e) [0x7fab192a7cee] vm_insnhelper.c:2026
libruby.so.2.3(vm_call_method+0xe3) [0x7fab192a8243] vm_insnhelper.c:2176
libruby.so.2.3(vm_exec_core+0x11b8) [0x7fab192a0e68] insns.def:963
libruby.so.2.3(vm_exec+0x7f) [0x7fab192a61cf] vm.c:1650
libruby.so.2.3(ruby_exec_internal+0xbd) [0x7fab191472dd] eval.c:245
libruby.so.2.3(ruby_exec_node+0x1d) [0x7fab1914943d] eval.c:310
libruby.so.2.3(ruby_run_node+0x1e) [0x7fab1914bd5e] eval.c:302
ruby(main+0x4b) [0x55f7abf048eb] main.c:36

Updated by wanabe (_ wanabe) over 2 years ago

after r42402, Readline.input in IRB::ReadlineInputMethod#gets causes "Too many open files - dup (Errno::EMFILE)".
after r43439, the method causes SEGV.
Everything goes well without set enable-keypad on with any commits.

#11

Updated by wanabe (_ wanabe) over 2 years ago

  • Related to Bug #8644: valgrind error in a readline test added
#12

Updated by wanabe (_ wanabe) over 2 years ago

  • Related to Bug #8749: Readline.readline stops STDOUT? added
#13

Updated by wanabe (_ wanabe) over 2 years ago

  • Related to Bug #9040: Readline duplicate file descriptors but doesn't close them added

Updated by wanabe (_ wanabe) over 2 years ago

_ wanabe wrote:

after r42402, Readline.input in IRB::ReadlineInputMethod#gets causes "Too many open files - dup (Errno::EMFILE)".

Sorry, it is not reproduced on real console. I have confirmed it on PTY.spawn only.
Ctrl-c doesn't affect irb until r42528, at least on the terminal of my environment.

Updated by wanabe (_ wanabe) over 2 years ago

Umm, I guess the issue may be readine's and this can be reproduced without ruby.

#include <stdio.h>
#include <readline/readline.h>

int main() {
    FILE *fp;

    rl_outstream = NULL;

    while(1) {
        fp = fdopen(dup(fileno(stdout)), "w");
        if (rl_outstream) fclose(rl_outstream);
        rl_outstream = fp;
        readline(">");
    }
    return 0;
}

Above code causes SEGV when you press return.
It looks like the same as this issue and seems to be related the difference of rl_outstream and _rl_out_stream.

I read readline-6.3 and imagine the flow: (http://git.savannah.gnu.org/cgit/readline.git/commit/?id=a73b98f779b388a5d0624e02e8bb187246e3e396)
readline() calls rl_prep_terminal() before readline_internal().
rl_prep_terminal() calls _rl_control_keypad() -> tputs() -> _rl_output_character_function(c) -> putc (c, _rl_out_stream);.
readline_internal() sets _rl_out_stream = rl_outstream; in readline_internal_setup().
So, readline() outputs string keypad-start code to old _rl_out_stream.

#16

Updated by jeremyevans0 (Jeremy Evans) 26 days ago

  • Status changed from Feedback to Third Party's Issue

Also available in: Atom PDF