Project

General

Profile

Actions
Copy link

Bug #21620

open

master branch: LTO with >= -O2 optimization causes miniruby to segfault in vm_cc

Added by jprokop (Jarek Prokop) 1 day ago. Updated 37 minutes ago.

Status:
Open
Assignee:
-
Target version:
-
ruby -v:
Backport:
3.2: UNKNOWN, 3.3: UNKNOWN, 3.4: UNKNOWN
[ruby-core:123360]

Description

Ruby built with LTO (-flto) with the -O2 or -O3 optimization causes misbehavior in miniruby.
Using -O1 does not result in segfault. Higher optimization is required. Removing -flto results in no segfault.

Preview1 was OK, after running git-bisect I arrived at the following commit hash: 547f111b5b0d773af2a4268fe407fdacc7060109
as the culprit that introduced the buggy behavior.

Latest tested commit 3361aa5c7df35b1d1daea578fefec3addf29c9a6 still exhibits this behavior.

$ export CFLAGS='-O2 -flto -g'
$ ./autogen.sh
$ ./configure
$ ./make -j16 V=1
<...snip...>
./miniruby -I./lib -I. -I.ext/common  ./tool/generic_erb.rb -o builtin_binary.rbbin \
	./template/builtin_binary.rbbin.tmpl
make: *** [uncommon.mk:1363: builtin_binary.rbbin] Segmentation fault (core dumped)

Supplied also -g to have debug info available in GDB

Once miniruby is linked and available to run, simplest reproducer is just ./miniruby, that is enough for a segfault.

This segfault was observed with following GCC versions as delivered on Fedora/RHEL:

  • Fedora 42: 15.2.1
  • RHEL 10: 14.3.1
  • RHEL 9: 11.5.0

There are different backtraces with different O optimization levels. The following backtraces are from the mentioned commit 547f111b5b0d773af2a4268fe407fdacc7060109

With -O2

$ gdb ./miniruby
(gdb) run
Starting program: /home/fedora/projects/ruby/miniruby

[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".

Program received signal SIGSEGV, Segmentation fault.
vm_lookup_cc (klass=klass@entry=140737348630880, ci=ci@entry=0x7fffffffe450, mid=mid@entry=4161) at /home/fedora/projects/ruby/vm_insnhelper.c:2173
2173	            const int ccs_len = ccs->len;
(gdb) bt f
#0  vm_lookup_cc (klass=klass@entry=140737348630880, ci=ci@entry=0x7fffffffe450, mid=mid@entry=4161) at /home/fedora/projects/ruby/vm_insnhelper.c:2173
        ccs_len = 1
        vm_locking_level = <optimized out>
        vm_locking_do = <optimized out>
        flag = <optimized out>
        i = <optimized out>
        ccs_ci_flag = <optimized out>
        ccs_cc = <optimized out>
        argc = <optimized out>
        ccs_ci_argc = <optimized out>
        cc_tbl = 140737348956800
        ccs = 0x555555b88aa0
#1  0x00005555557bc6d6 in vm_search_cc (klass=140737348630880, ci=0x7fffffffe450) at /home/fedora/projects/ruby/vm_insnhelper.c:2220
        mid = 4161
        cc = <optimized out>
#2  0x00005555557cf48e in rb_vm_search_method_slowpath (ci=<optimized out>, klass=<optimized out>) at /home/fedora/projects/ruby/vm_insnhelper.c:2247
        cc = <optimized out>
#3  vm_search_method_slowpath0 (cd_owner=0, cd=<synthetic pointer>, klass=<optimized out>) at /home/fedora/projects/ruby/vm_insnhelper.c:2266
        cc = <optimized out>
        empty_cc = <optimized out>
        cc = <optimized out>
        empty_cc = <optimized out>
#4  gccct_method_search_slowpath (vm=0x555555b6d310, klass=<optimized out>, index=200, ci=<optimized out>) at /home/fedora/projects/ruby/vm_eval.c:418
        cd = <optimized out>
#5  0x00005555557d899a in gccct_method_search (ec=0x555555b74390, recv=140737348632000, mid=4161, ci=0x7fffffffe450) at /home/fedora/projects/ruby/vm_eval.c:490
        cc = <optimized out>
        klass = <optimized out>
        ns_value = <optimized out>
        ns = <optimized out>
        index = <optimized out>
        vm = <optimized out>
        klass = <optimized out>
        ns_value = <optimized out>
        ns = <optimized out>
        index = <optimized out>
        vm = <optimized out>
        cc = <optimized out>
        cme = <optimized out>
#6  rb_funcallv_scope (recv=140737348632000, mid=4161, argc=<optimized out>, argv=0x7fffffffe538, scope=CALL_FCALL) at /home/fedora/projects/ruby/vm_eval.c:1059
        ec = 0x555555b74390
        ci = {flags = 106522, kwarg = 0x0, mid = 4161, flag = 4, argc = 1}
        cc = <optimized out>
        self = <optimized out>
#7  0x000055555558fc50 in rb_funcallv (recv=140737348632000, mid=<optimized out>, argc=1, argv=0x7fffffffe538) at /home/fedora/projects/ruby/vm_eval.c:1080
No locals.
#8  rb_class_inherited (super=super@entry=140737348632000, klass=klass@entry=140737348629120) at /home/fedora/projects/ruby/class.c:1472
        rb_funcall_argc = 1
        rb_funcall_args = {140737348629120}
        rb_funcall_nargs = 1
        inherited = <optimized out>
        rbimpl_id = 4161
#9  0x000055555558fd6a in rb_define_class (name=<optimized out>, super=140737348632000) at /home/fedora/projects/ruby/class.c:1506
        klass = 140737348629120
        id = 5163
        ns = <optimized out>
#10 0x00005555556af895 in InitVM_Object () at /home/fedora/projects/ruby/object.c:4606
No locals.
#11 0x00005555556498ff in Init_Object () at /home/fedora/projects/ruby/object.c:4639
No locals.
#12 rb_call_inits () at /home/fedora/projects/ruby/inits.c:29
No locals.
#13 0x0000555555613e10 in ruby_setup () at /home/fedora/projects/ruby/eval.c:87
        _ec = 0x555555b74390
        _tag = {tag = 36, retval = 3, buf = {0x7fffffffe948, 0x5555556132f8 <ruby_setup+872>, 0x7fffffffe6c0, 0x8800, 0x0}, prev = 0x0, state = RUBY_TAG_NONE, lock_rec = 0}
        state = RUBY_TAG_NONE
#14 0x0000555555613fa9 in ruby_init () at /home/fedora/projects/ruby/eval.c:99
        state = <optimized out>
        ec = <optimized out>
#15 0x00005555555689e2 in rb_main (argc=1, argv=0x7fffffffe948) at ./main.c:41
        variable_in_this_stack_frame = 0
#16 main (argc=<optimized out>, argv=<optimized out>) at ./main.c:62
No locals.

With -O3, there it fails at different point, so backtrace is different, for completeness this was configured with export CFLAGS="-O3 -flto -g":

(gdb) run
Starting program: /home/fedora/projects/ruby/miniruby

[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
[New Thread 0x7fffde5ff6c0 (LWP 519565)]

Thread 1 "miniruby" received signal SIGSEGV, Segmentation fault.
vm_ccs_push (cc_tbl=140737348956800, ccs=0x555555cc6ae0, ci=0x7fffffffd090, cc=0x7ffff7a7ea28) at /home/fedora/projects/ruby/vm_insnhelper.c:2006
2006	    if (UNLIKELY(ccs->len == ccs->capa)) {
Missing rpms, try: dnf --enablerepo='*debug*' install libxcrypt-debuginfo-4.4.38-7.fc41.x86_64 glibc-debuginfo-2.40-28.fc41.x86_64 libgcc-debuginfo-14.3.1-3.fc41.x86_64
(gdb) bt f
#0  vm_ccs_push (cc_tbl=140737348956800, ccs=0x555555cc6ae0, ci=0x7fffffffd090, cc=0x7ffff7a7ea28) at /home/fedora/projects/ruby/vm_insnhelper.c:2006
        pos = <optimized out>
        pos = <optimized out>
#1  vm_populate_cc (klass=140737348630880, ci=0x7fffffffd090, mid=<optimized out>) at /home/fedora/projects/ruby/vm_insnhelper.c:2146
        original_cc_table = 140737348956800
        ccs = 0x555555cc6ae0
        cme = 0x7ffff7acd128
        cc = 0x7ffff7a7ea28
        cc_tbl = 140737348956800
        cc_tbl = <optimized out>
        original_cc_table = <optimized out>
        ccs = <optimized out>
        cme = <optimized out>
        cc = <optimized out>
#2  vm_search_cc (klass=140737348630880, ci=0x7fffffffd090) at /home/fedora/projects/ruby/vm_insnhelper.c:2233
        vm_locking_level = 21845
        vm_locking_do = <optimized out>
        mid = <optimized out>
        cc = <optimized out>
#3  0x000055555583508e in rb_vm_search_method_slowpath (ci=<optimized out>, klass=<optimized out>) at /home/fedora/projects/ruby/vm_insnhelper.c:2247
        cc = <optimized out>
#4  vm_search_method_slowpath0 (cd_owner=140737348407160, cd=<synthetic pointer>, klass=<optimized out>) at /home/fedora/projects/ruby/vm_insnhelper.c:2266
        cc = <optimized out>
        empty_cc = <optimized out>
        cc = <optimized out>
        empty_cc = <optimized out>
#5  gccct_method_search_slowpath (vm=0x555555bee310, klass=<optimized out>, index=377, ci=<optimized out>) at /home/fedora/projects/ruby/vm_eval.c:418
        cd = <optimized out>
#6  0x00005555558cf0fd in gccct_method_search (ec=0x555555bf5390, recv=140737348632000, mid=2865, ci=0x7fffffffd090) at /home/fedora/projects/ruby/vm_eval.c:490
        cc = <optimized out>
        klass = <optimized out>
        ns_value = <optimized out>
        ns = <optimized out>
        index = <optimized out>
        vm = <optimized out>
        klass = <optimized out>
        ns_value = <optimized out>
        ns = <optimized out>
        index = <optimized out>
        vm = <optimized out>
        cc = <optimized out>
        cme = <optimized out>
#7  rb_funcallv_scope.constprop.0 (recv=140737348632000, mid=2865, argc=1, argv=0x7fffffffd108, scope=CALL_FCALL) at /home/fedora/projects/ruby/vm_eval.c:1059
        ec = 0x555555bf5390
        ci = {flags = 106522, kwarg = 0x0, mid = 2865, flag = 4, argc = 1}
        cc = <optimized out>
        self = <optimized out>
#8  0x0000555555816885 in rb_funcallv (argc=1, recv=140737348632000, mid=2865, argv=0x7fffffffd108) at /home/fedora/projects/ruby/vm_eval.c:1076
No locals.
#9  const_added (klass=140737348632000, const_name=30875) at /home/fedora/projects/ruby/variable.c:4000
        name = 7904012
#10 const_added (klass=140737348632000, const_name=30875) at /home/fedora/projects/ruby/variable.c:3996
        name = <optimized out>
#11 rb_const_set (klass=140737348632000, id=30875, val=140737348364880) at /home/fedora/projects/ruby/variable.c:4074
No locals.
#12 rb_define_const (klass=140737348632000, name=name@entry=0x555555aff318 "RUBY_DESCRIPTION", val=val@entry=140737348364880) at /home/fedora/projects/ruby/variable.c:4176
        id = 30875
#13 0x00005555558169ec in rb_define_global_const (name=0x555555aff318 "RUBY_DESCRIPTION", val=140737348364880) at /home/fedora/projects/ruby/variable.c:4180
No locals.
#14 define_ruby_const (mod=140737348467520, name=0x555555aff318 "RUBY_DESCRIPTION", value=140737348364880, toplevel=true) at /home/fedora/projects/ruby/version.c:103
No locals.
#15 define_ruby_description (jit_opt=<optimized out>) at /home/fedora/projects/ruby/version.c:243
        n = 76
        mRuby = 140737348467520
        description = 140737348364880
        desc = "ruby 3.5.0dev (2025-08-01T08:42:04Z master 547f111b5b) +PRISM [x86_64-linux]\000\000\000\000\000\000\000\000\000\000"
#16 0x0000555555783cac in Init_ruby_description (opt=0x8) at /home/fedora/projects/ruby/version.c:253
        jit_opt = <optimized out>
        jit_opt = <optimized out>
#17 process_options (argc=<optimized out>, argc@entry=1, argv=<optimized out>, argv@entry=0x7fffffffe948, opt=opt@entry=0x7fffffffe680) at /home/fedora/projects/ruby/ruby.c:2378
        ast_value = 4
        result = {ast = 0x0, prism = {parser = {node_id = 0, lex_state = PM_LEX_STATE_NONE, enclosure_nesting = 0, lambda_enclosure_nesting = 0, brace_nesting = 0, do_loop_stack = 0, accepts_block_stack = 0, lex_modes = {current = 0x0, stack = {{mode = PM_LEX_DEFAULT,
                    as = {list = {nesting = 0, interpolation = false, incrementor = 0 '\000', terminator = 0 '\000', breakpoints = "\000\000\000\000\000\000\000\000\000\000"}, regexp = {nesting = 0, incrementor = 0 '\000', terminator = 0 '\000',
                        breakpoints = "\000\000\000\000\000\000"}, string = {nesting = 0, interpolation = false, label_allowed = false, incrementor = 0 '\000', terminator = 0 '\000', breakpoints = "\000\000\000\000\000\000"}, heredoc = {base = {ident_start = 0x0,
                          ident_length = 0, quote = PM_HEREDOC_QUOTE_NONE, indent = PM_HEREDOC_INDENT_NONE}, next_start = 0x0, common_whitespace = 0x0, line_continuation = false}}, prev = 0x0}, {mode = PM_LEX_DEFAULT, as = {list = {nesting = 0, interpolation = false,
                        incrementor = 0 '\000', terminator = 0 '\000', breakpoints = "\000\000\000\000\000\000\000\000\000\000"}, regexp = {nesting = 0, incrementor = 0 '\000', terminator = 0 '\000', breakpoints = "\000\000\000\000\000\000"}, string = {nesting = 0,
--Type <RET> for more, q to quit, c to continue without paging--
                        interpolation = false, label_allowed = false, incrementor = 0 '\000', terminator = 0 '\000', breakpoints = "\000\000\000\000\000\000"}, heredoc = {base = {ident_start = 0x0, ident_length = 0, quote = PM_HEREDOC_QUOTE_NONE,
                          indent = PM_HEREDOC_INDENT_NONE}, next_start = 0x0, common_whitespace = 0x0, line_continuation = false}}, prev = 0x0}, {mode = PM_LEX_DEFAULT, as = {list = {nesting = 0, interpolation = false, incrementor = 0 '\000', terminator = 0 '\000',
                        breakpoints = "\000\000\000\000\000\000\000\000\000\000"}, regexp = {nesting = 0, incrementor = 0 '\000', terminator = 0 '\000', breakpoints = "\000\000\000\000\000\000"}, string = {nesting = 0, interpolation = false, label_allowed = false,
                        incrementor = 0 '\000', terminator = 0 '\000', breakpoints = "\000\000\000\000\000\000"}, heredoc = {base = {ident_start = 0x0, ident_length = 0, quote = PM_HEREDOC_QUOTE_NONE, indent = PM_HEREDOC_INDENT_NONE}, next_start = 0x0,
                        common_whitespace = 0x0, line_continuation = false}}, prev = 0x0}, {mode = PM_LEX_DEFAULT, as = {list = {nesting = 0, interpolation = false, incrementor = 0 '\000', terminator = 0 '\000', breakpoints = "\000\000\000\000\000\000\000\000\000\000"},
                      regexp = {nesting = 0, incrementor = 0 '\000', terminator = 0 '\000', breakpoints = "\000\000\000\000\000\000"}, string = {nesting = 0, interpolation = false, label_allowed = false, incrementor = 0 '\000', terminator = 0 '\000',
                        breakpoints = "\000\000\000\000\000\000"}, heredoc = {base = {ident_start = 0x0, ident_length = 0, quote = PM_HEREDOC_QUOTE_NONE, indent = PM_HEREDOC_INDENT_NONE}, next_start = 0x0, common_whitespace = 0x0, line_continuation = false}},
                    prev = 0x0}}, index = 0}, start = 0x0, end = 0x0, previous = {type = 0, start = 0x0, end = 0x0}, current = {type = 0, start = 0x0, end = 0x0}, next_start = 0x0, heredoc_end = 0x0, comment_list = {size = 0, head = 0x0, tail = 0x0},
              magic_comment_list = {size = 0, head = 0x0, tail = 0x0}, data_loc = {start = 0x0, end = 0x0}, warning_list = {size = 0, head = 0x0, tail = 0x0}, error_list = {size = 0, head = 0x0, tail = 0x0}, current_scope = 0x0, current_context = 0x0,
              current_hash_keys = 0x0, encoding = 0x0, encoding_changed_callback = 0x0, encoding_comment_start = 0x0, lex_callback = 0x0, filepath = {source = 0x0, length = 0, type = PM_STRING_CONSTANT}, constant_pool = {buckets = 0x0, constants = 0x0, size = 0,
                capacity = 0}, newline_list = {start = 0x0, size = 0, capacity = 0, offsets = 0x0}, integer_base = 0, current_string = {source = 0x0, length = 0, type = PM_STRING_CONSTANT}, start_line = 0, explicit_encoding = 0x0, current_block_exits = 0x0,
              version = PM_OPTIONS_VERSION_UNSET, command_line = 0 '\000', frozen_string_literal = 0 '\000', parsing_eval = false, partial_script = false, command_start = false, recovering = false, encoding_locked = false, encoding_changed = false,
              pattern_matching_newlines = false, in_keyword_arg = false, semantic_token_seen = false, current_regular_expression_ascii_only = false, warn_mismatched_indentation = false}, options = {shebang_callback = 0x0, shebang_callback_data = 0x0, filepath = {
                source = 0x0, length = 0, type = PM_STRING_CONSTANT}, line = 0, encoding = {source = 0x0, length = 0, type = PM_STRING_CONSTANT}, scopes_count = 0, scopes = 0x0, version = PM_OPTIONS_VERSION_UNSET, command_line = 0 '\000',
              frozen_string_literal = 0 '\000', encoding_locked = false, main_script = false, partial_script = false, freeze = false}, input = {source = 0x0, length = 0, type = PM_STRING_CONSTANT}, node = {base = {type = 0, flags = 0, node_id = 0, location = {
                  start = 0x0, end = 0x0}}, previous = 0x0, ast_node = 0x0, parameters = 0x0, body = 0x0, locals = {size = 0, capacity = 0, ids = 0x0}, parser = 0x0, encoding = 0x0, script_lines = 0x0, filepath_encoding = 0x0, local_table_for_iseq_size = 0,
              constants = 0x0, index_lookup_table = 0x0, coverage_enabled = 0, pre_execution_anchor = 0x0}, parsed = false}}
        iseq = <optimized out>
        enc = <optimized out>
        lenc = <optimized out>
        s = <optimized out>
        fbuf = "\300\317\033\000\000\000\000\000\000\004\000\000\000\000\000\000\260\327\377\377\377\177\000\000\030\022\337\367\377\177\000\000\020\327\373\367\377\177\000\000|\353\336\367\377\177\000\000\201\031\236|\000\000\000\000\020:\340\367\377\177\000\000p\327\377\377\377\177\000\000\033\002\375\367\377\177\000\000\257\002\000\000\000\000\000\000\020:\340\367\377\177\000\000\020\327\373\367\377\177\000\0008\327\377\377\377\177\000\0004\327\377\377\377\177\000\000\235\340\026\000\000\000\000\000\235\340\026\000\000\000\000\000\000\020\000\000\000\000\000\000\001\000\000\000\004\000\000\000\000\000\027\000\000\000\000\000\000\000\027", '\000' <repeats 13 times>, "\006\000\000\000\000\000\000\000(\335\373\367\377\177\000\000\030\330\377\377\377\177\000\000"...
        i = <optimized out>
        dump = <optimized out>
        vm = 0x555555bee310
        loaded_before_enc = 8
        rbimpl_id = 0
#18 0x000055555578604d in ruby_process_options (argc=1, argv=0x7fffffffe948) at /home/fedora/projects/ruby/ruby.c:222
        opt = {script = 0x0, script_name = 0, e_script = 0, src = {enc = {name = 0, index = -1}}, ext = {enc = {name = 0, index = -1}}, intern = {enc = {name = 0, index = -1}}, req_list = 0, features = {mask = 0, set = 31}, warn = {mask = 0, set = 0}, dump = 8,
          backtrace_length_limit = -9223372036854775808, crash_report = 0x0, sflag = 0, xflag = 0, warning = 0, verbose = 0, do_loop = 0, do_print = 0, do_line = 0, do_split = 0, do_search = 0, setids = 0, yjit = 0}
        iseq = <optimized out>
        script_name = <optimized out>
#19 0x0000555555628844 in ruby_options (argc=<optimized out>, argv=<optimized out>) at /home/fedora/projects/ruby/eval.c:118
        _ec = 0x555555bf5390
        _tag = {tag = 36, retval = 34816, buf = {0x7fffffffe948, 0x55555562886a <ruby_options+186>, 0x7fffffffe740, 0x68dd1020, 0x0}, prev = 0x0, state = RUBY_TAG_NONE, lock_rec = 0}
        ec = 0x555555bf5390
        state = RUBY_TAG_NONE
        iseq = 0x0
#20 0x0000555555569d2c in rb_main (argc=1, argv=0x7fffffffe948) at ./main.c:42
        variable_in_this_stack_frame = 0
#21 main (argc=<optimized out>, argv=<optimized out>) at ./main.c:62

This time there is also Ruby's segfault handler, with -O2 it doesn't reach that stage:

$ ./miniruby
./miniruby: [BUG] Segmentation fault at 0x0000000000000004
ruby 3.5.0dev (2025-08-01T08:42:04Z master 547f111b5b) +PRISM [x86_64-linux]

-- Control frame information -----------------------------------------------
c:0001 p:0000 s:0003 E:001460 DUMMY  [FINISH]


-- Threading information ---------------------------------------------------
Total ractor count: 1
Ruby thread count for this ractor: 1

-- Machine register context ------------------------------------------------
 RIP: 0x000055609bc1cb7c RBP: 0x0000000000000000 RSP: 0x00007ffda4c6ad10
 RAX: 0x0000000000000000 RBX: 0x00007ffda4c6add0 RCX: 0x0000000000000000
 RDX: 0x000000000000b01a RDI: 0x0000000000000000 RSI: 0x00007f729eb5e998
  R8: 0x0000000000000000  R9: 0x00007f72a07fd130 R10: 0x0000000000000000
 R11: 0x00007f729eb5e998 R12: 0x00007f72a07ef968 R13: 0x00007f729eb5e998
 R14: 0x00007f72b9c4f288 R15: 0x0000000000000000 EFL: 0x0000000000010246

-- C level backtrace information -------------------------------------------
/home/fedora/projects/ruby/miniruby(0x55609bc515d5) [0x55609bc515d5]
/home/fedora/projects/ruby/miniruby(0x55609bc556cf) [0x55609bc556cf]
/home/fedora/projects/ruby/miniruby(0x55609ba2554c) [0x55609ba2554c]
/home/fedora/projects/ruby/miniruby(0x55609bb9d462) [0x55609bb9d462]
/lib64/libc.so.6(__restore_rt+0x0) [0x7f72b9dd8450]
/home/fedora/projects/ruby/miniruby(0x55609bc1cb7c) [0x55609bc1cb7c]
/home/fedora/projects/ruby/miniruby(0x55609bc3d08e) [0x55609bc3d08e]
/home/fedora/projects/ruby/miniruby(0x55609bcd70fd) [0x55609bcd70fd]
/home/fedora/projects/ruby/miniruby(0x55609bc1e885) [0x55609bc1e885]
/home/fedora/projects/ruby/miniruby(0x55609bc1e9ec) [0x55609bc1e9ec]
/home/fedora/projects/ruby/miniruby(0x55609bb8bcac) [0x55609bb8bcac]
/home/fedora/projects/ruby/miniruby(0x55609bb8e04d) [0x55609bb8e04d]
/home/fedora/projects/ruby/miniruby(0x55609ba30844) [0x55609ba30844]
/home/fedora/projects/ruby/miniruby(0x55609b971d2c) [0x55609b971d2c]
/lib64/libc.so.6(__libc_start_call_main+0x78) [0x7f72b9dc1448]
/lib64/libc.so.6(__libc_start_main+0x8b) [0x7f72b9dc150b]
[0x55609b971d65]

-- Other runtime information -----------------------------------------------

* Loaded script: ./miniruby

* Loaded features:

    0 enumerator.so
    1 thread.rb
    2 fiber.so
    3 rational.so
    4 complex.so
    5 pathname.so
    6 ruby2_keywords.rb
    7 set.rb

* Process memory map:

55609b95c000-55609b95d000 r--p 00000000 00:26 193598                     /home/fedora/projects/ruby/miniruby
55609b95d000-55609bdfa000 r-xp 00001000 00:26 193598                     /home/fedora/projects/ruby/miniruby
55609bdfa000-55609bfc7000 r--p 0049e000 00:26 193598                     /home/fedora/projects/ruby/miniruby
55609bfc7000-55609bfdd000 r--p 0066a000 00:26 193598                     /home/fedora/projects/ruby/miniruby
55609bfdd000-55609bfdf000 rw-p 00680000 00:26 193598                     /home/fedora/projects/ruby/miniruby
55609bfdf000-55609bff4000 rw-p 00000000 00:00 0
5560c4356000-5560c4449000 rw-p 00000000 00:00 0                          [heap]
7f729b600000-7f729b858000 r--s 00000000 00:26 131829                     /usr/lib64/libc.so.6
7f729ba00000-7f729ea29000 r--s 00000000 00:26 193598                     /home/fedora/projects/ruby/miniruby
7f729eb50000-7f729eb60000 rw-p 00000000 00:00 0
7f729eb6f000-7f729eb70000 ---p 00000000 00:00 0
7f729eb70000-7f729ec11000 rw-p 00000000 00:00 0
7f729ec11000-7f729ec12000 ---p 00000000 00:00 0
7f729ec12000-7f729ecb3000 rw-p 00000000 00:00 0
7f729ecb3000-7f729ecb4000 ---p 00000000 00:00 0
7f729ecb4000-7f729ed55000 rw-p 00000000 00:00 0
7f729ed55000-7f729ed56000 ---p 00000000 00:00 0
7f729ed56000-7f729edf7000 rw-p 00000000 00:00 0
7f729edf7000-7f729edf8000 ---p 00000000 00:00 0
7f729edf8000-7f729ee99000 rw-p 00000000 00:00 0
7f729ee99000-7f729ee9a000 ---p 00000000 00:00 0
7f729ee9a000-7f729ef3b000 rw-p 00000000 00:00 0
7f729ef3b000-7f729ef3c000 ---p 00000000 00:00 0
7f729ef3c000-7f729efdd000 rw-p 00000000 00:00 0
7f729efdd000-7f729efde000 ---p 00000000 00:00 0
7f729efde000-7f729f07f000 rw-p 00000000 00:00 0
7f729f07f000-7f729f080000 ---p 00000000 00:00 0
7f729f080000-7f729f121000 rw-p 00000000 00:00 0
7f729f121000-7f729f122000 ---p 00000000 00:00 0
7f729f122000-7f729f1c3000 rw-p 00000000 00:00 0
7f729f1c3000-7f729f1c4000 ---p 00000000 00:00 0
7f729f1c4000-7f729f265000 rw-p 00000000 00:00 0
7f729f265000-7f729f266000 ---p 00000000 00:00 0
7f729f266000-7f729f307000 rw-p 00000000 00:00 0
7f729f307000-7f729f308000 ---p 00000000 00:00 0
7f729f308000-7f729f3a9000 rw-p 00000000 00:00 0
7f729f3a9000-7f729f3aa000 ---p 00000000 00:00 0
7f729f3aa000-7f729f44b000 rw-p 00000000 00:00 0
7f729f44b000-7f729f44c000 ---p 00000000 00:00 0
7f729f44c000-7f729f4ed000 rw-p 00000000 00:00 0
7f729f4ed000-7f729f4ee000 ---p 00000000 00:00 0
7f729f4ee000-7f729f58f000 rw-p 00000000 00:00 0
7f729f58f000-7f729f590000 ---p 00000000 00:00 0
7f729f590000-7f729f631000 rw-p 00000000 00:00 0
7f729f631000-7f729f632000 ---p 00000000 00:00 0
7f729f632000-7f729f6d3000 rw-p 00000000 00:00 0
7f729f6d3000-7f729f6d4000 ---p 00000000 00:00 0
7f729f6d4000-7f729f775000 rw-p 00000000 00:00 0
7f729f775000-7f729f776000 ---p 00000000 00:00 0
7f729f776000-7f729f817000 rw-p 00000000 00:00 0
7f729f817000-7f729f818000 ---p 00000000 00:00 0
7f729f818000-7f729f8b9000 rw-p 00000000 00:00 0
7f729f8b9000-7f729f8ba000 ---p 00000000 00:00 0
7f729f8ba000-7f729f95b000 rw-p 00000000 00:00 0
7f729f95b000-7f729f95c000 ---p 00000000 00:00 0
7f729f95c000-7f729f9fd000 rw-p 00000000 00:00 0
7f729f9fd000-7f729f9fe000 ---p 00000000 00:00 0
7f729f9fe000-7f729fa9f000 rw-p 00000000 00:00 0
7f729fa9f000-7f729faa0000 ---p 00000000 00:00 0
7f729faa0000-7f729fb41000 rw-p 00000000 00:00 0
7f729fb41000-7f729fb42000 ---p 00000000 00:00 0
7f729fb42000-7f729fbe3000 rw-p 00000000 00:00 0
7f729fbe3000-7f729fbe4000 ---p 00000000 00:00 0
7f729fbe4000-7f729fc85000 rw-p 00000000 00:00 0
7f729fc85000-7f729fc86000 ---p 00000000 00:00 0
7f729fc86000-7f729fd27000 rw-p 00000000 00:00 0
7f729fd27000-7f729fd28000 ---p 00000000 00:00 0
7f729fd28000-7f729fdc9000 rw-p 00000000 00:00 0
7f729fdc9000-7f729fdca000 ---p 00000000 00:00 0
7f729fdca000-7f729fe6b000 rw-p 00000000 00:00 0
7f729fe6b000-7f729fe6c000 ---p 00000000 00:00 0
7f729fe6c000-7f729ff0d000 rw-p 00000000 00:00 0
7f729ff0d000-7f729ff0e000 ---p 00000000 00:00 0
7f729ff0e000-7f729ffaf000 rw-p 00000000 00:00 0
7f729ffaf000-7f729ffb0000 ---p 00000000 00:00 0
7f729ffb0000-7f72a07b0000 rw-p 00000000 00:00 0
7f72a07b0000-7f72b9c00000 rw-p 00000000 00:00 0
7f72b9c1f000-7f72b9c50000 rw-p 00000000 00:00 0
7f72b9c58000-7f72b9d59000 rw-p 00000000 00:00 0
7f72b9d59000-7f72b9d60000 r--s 00000000 00:26 150886                     /usr/lib64/gconv/gconv-modules.cache
7f72b9d60000-7f72b9db9000 r--p 00000000 00:26 131283                     /usr/lib/locale/C.utf8/LC_CTYPE
7f72b9db9000-7f72b9dbe000 rw-p 00000000 00:00 0
7f72b9dbe000-7f72b9dbf000 r--p 00000000 00:26 131829                     /usr/lib64/libc.so.6
7f72b9dbf000-7f72b9f2e000 r-xp 00001000 00:26 131829                     /usr/lib64/libc.so.6
7f72b9f2e000-7f72b9fa3000 r--p 00170000 00:26 131829                     /usr/lib64/libc.so.6
7f72b9fa3000-7f72b9fa7000 r--p 001e5000 00:26 131829                     /usr/lib64/libc.so.6
7f72b9fa7000-7f72b9fa9000 rw-p 001e9000 00:26 131829                     /usr/lib64/libc.so.6
7f72b9fa9000-7f72b9fb1000 rw-p 00000000 00:00 0
7f72b9fb1000-7f72b9fb2000 r--p 00000000 00:26 131249                     /usr/lib64/libgcc_s-14-20250808.so.1
7f72b9fb2000-7f72b9fd6000 r-xp 00001000 00:26 131249                     /usr/lib64/libgcc_s-14-20250808.so.1
7f72b9fd6000-7f72b9fde000 r--p 00025000 00:26 131249                     /usr/lib64/libgcc_s-14-20250808.so.1
7f72b9fde000-7f72b9fdf000 r--p 0002c000 00:26 131249                     /usr/lib64/libgcc_s-14-20250808.so.1
7f72b9fdf000-7f72b9fe0000 rw-p 00000000 00:00 0
7f72b9fe0000-7f72b9fe1000 r--p 00000000 00:26 131831                     /usr/lib64/libm.so.6
7f72b9fe1000-7f72ba05a000 r-xp 00001000 00:26 131831                     /usr/lib64/libm.so.6
7f72ba05a000-7f72ba0c4000 r--p 0007a000 00:26 131831                     /usr/lib64/libm.so.6
7f72ba0c4000-7f72ba0c5000 r--p 000e3000 00:26 131831                     /usr/lib64/libm.so.6
7f72ba0c5000-7f72ba0c6000 rw-p 000e4000 00:26 131831                     /usr/lib64/libm.so.6
7f72ba0c6000-7f72ba0c7000 r--p 00000000 00:26 57774                      /usr/lib64/libcrypt.so.2.0.0
7f72ba0c7000-7f72ba0e0000 r-xp 00001000 00:26 57774                      /usr/lib64/libcrypt.so.2.0.0
7f72ba0e0000-7f72ba0fa000 r--p 0001a000 00:26 57774                      /usr/lib64/libcrypt.so.2.0.0
7f72ba0fa000-7f72ba0fb000 r--p 00033000 00:26 57774                      /usr/lib64/libcrypt.so.2.0.0
7f72ba0fb000-7f72ba0fc000 rw-p 00000000 00:00 0
7f72ba100000-7f72ba101000 rw-p 00000000 00:00 0
7f72ba101000-7f72ba102000 rw-p 00000000 00:00 0
7f72ba102000-7f72ba104000 rw-p 00000000 00:00 0
7f72ba104000-7f72ba108000 r--p 00000000 00:00 0                          [vvar]
7f72ba108000-7f72ba10a000 r--p 00000000 00:00 0                          [vvar_vclock]
7f72ba10a000-7f72ba10c000 r-xp 00000000 00:00 0                          [vdso]
7f72ba10c000-7f72ba10d000 r--p 00000000 00:26 131826                     /usr/lib64/ld-linux-x86-64.so.2
7f72ba10d000-7f72ba136000 r-xp 00001000 00:26 131826                     /usr/lib64/ld-linux-x86-64.so.2
7f72ba136000-7f72ba141000 r--p 0002a000 00:26 131826                     /usr/lib64/ld-linux-x86-64.so.2
7f72ba141000-7f72ba143000 r--p 00035000 00:26 131826                     /usr/lib64/ld-linux-x86-64.so.2
7f72ba143000-7f72ba145000 rw-p 00037000 00:26 131826                     /usr/lib64/ld-linux-x86-64.so.2
7ffda4c4c000-7ffda4c6d000 rw-p 00000000 00:00 0                          [stack]
ffffffffff600000-ffffffffff601000 --xp 00000000 00:00 0                  [vsyscall]


Segmentation fault (core dumped)

Once it gets to the segfault, I can reproduce the line/lookup of ccs->len and get the value out of it without causing more crashing, not sure what's up or if it crashes on the correct line in the debugger.

Actions
Copy link
 #1

Updated by jprokop (Jarek Prokop) 1 day ago

  • Description updated (diff)
Actions
Copy link
 #2 [ruby-core:123368]

Updated by byroot (Jean Boussier) about 15 hours ago

Thanks for the report, I suspect this may be a case of a missing GC_GUARD (e.g. with LTO some function calls are inlined allowing some references to be spilled out of the stack).

Unfortunately I'm unable to compile with LTO on my machine (macOS/ARM with clang):

Undefined symbols for architecture arm64:
  "_coroutine_transfer", referenced from:
      _fiber_setcontext in lto.o
      _thread_sched_wait_running_turn in lto.o
      _thread_sched_wait_running_turn in lto.o
      _ruby_coroutine_start in lto.o
      _nt_start in lto.o

(and I get way more missing symbols unless I explicitly disable JITs.).

Actions
Copy link
 #3 [ruby-core:123369]

Updated by byroot (Jean Boussier) about 15 hours ago

I think I'm hitting this bug: https://github.com/llvm/llvm-project/issues/76046, and I can't figure out a work around. I'll ask for help.

Actions
Copy link
 #4 [ruby-core:123377]

Updated by peterzhu2118 (Peter Zhu) 37 minutes ago

Thank you for the bug report. I have a fix here: https://github.com/ruby/ruby/pull/14707. Let me know if this fixes it for you!

Actions
Copy link

Also available in: Atom PDF

Like0
Like0Like0Like0Like0