Issue #4339 has been updated by Sean Bradly.


Including a gdb trace. This issue happens in the mark_load_arg function when st_foreach encounters a corrupt bin ptr. I have seen similar failures occur in marshal_dump_arg. Also, _very_ rarely the st_table_entry list of one of the bins will become circularly linked, causing an infinite loop.

Program received signal SIGSEGV, Segmentation fault.
0x001c86b6 in st_foreach (table=0x3cb3c0, func=0x178f40 <mark_entry>, arg=0) at st.c:486
486             for(ptr = table->bins[i]; ptr != 0;) {
(gdb) bt
#0  0x001c86b6 in st_foreach (table=0x3cb3c0, func=0x178f40 <mark_entry>, arg=0) at st.c:486
#1  0x001786c3 in mark_tbl (tbl=0x0) at gc.c:716
#2  rb_mark_tbl (tbl=0x0) at gc.c:723
#3  0x00189c04 in mark_load_arg (ptr=0xbfffca3c) at marshal.c:841
#4  0x00178d7e in gc_mark_children (ptr=3086829960, lev=1) at gc.c:1025
#5  0x00178a71 in mark_locations_array (x=<value optimized out>, n=<value optimized out>) at gc.c:684
#6  0x00157b95 in thread_mark (th=0x8087300) at eval.c:10466
#7  0x00178d7e in gc_mark_children (ptr=3086830120, lev=3) at gc.c:1025
#8  0x00178d06 in gc_mark_children (ptr=<value optimized out>, lev=<value optimized out>) at gc.c:1006
#9  0x00178e18 in gc_mark_children (ptr=<value optimized out>, lev=<value optimized out>) at gc.c:1057
#10 0x001791de in garbage_collect () at gc.c:1465
#11 0x00179be7 in rb_gc () at gc.c:1530
#12 0x00179c17 in rb_gc_start () at gc.c:1547
#13 0x00159a9d in call_cfunc (func=0x179c00 <rb_gc_start>, recv=3978176, len=0, argc=0, argv=0x0) at eval.c:5781
#14 0x00164a09 in rb_call0 (klass=<value optimized out>, recv=<value optimized out>, id=5313, oid=5313, argc=0, argv=0x0, body=0xb7fd88bc, flags=<value optimized out>) at eval.c:5928
#15 0x00164baa in rb_call (klass=3086846160, recv=3086846180, mid=5313, argc=0, argv=0x0, scope=0, self=3086911820) at eval.c:6176
#16 0x00161e7b in rb_eval (self=<value optimized out>, n=<value optimized out>) at eval.c:3506
#17 0x00163404 in rb_yield_0 (val=<value optimized out>, self=<value optimized out>, klass=0, flags=<value optimized out>, avalue=0) at eval.c:5095
#18 0x0016e657 in rb_yield (val=3) at eval.c:5179
#19 0x0018e641 in int_dotimes (num=201) at numeric.c:2960
#20 0x00159a9d in call_cfunc (func=0x18e5f0 <int_dotimes>, recv=3978176, len=0, argc=0, argv=0x0) at eval.c:5781
#21 0x00164a09 in rb_call0 (klass=<value optimized out>, recv=<value optimized out>, id=5753, oid=5753, argc=0, argv=0x0, body=0xb7fe4c5c, flags=<value optimized out>) at eval.c:5928
#22 0x00164baa in rb_call (klass=3086896500, recv=201, mid=5753, argc=0, argv=0x0, scope=0, self=3086911820) at eval.c:6176
#23 0x00161e7b in rb_eval (self=<value optimized out>, n=<value optimized out>) at eval.c:3506
#24 0x0016292e in rb_eval (self=<value optimized out>, n=<value optimized out>) at eval.c:3236
#25 0x00163404 in rb_yield_0 (val=<value optimized out>, self=<value optimized out>, klass=0, flags=<value optimized out>, avalue=2) at eval.c:5095
#26 0x0016374a in rb_thread_yield (arg=3086829920, th=0x8087658) at eval.c:12553
#27 0x0016c2f9 in rb_thread_start_0 (fn=<value optimized out>, arg=<value optimized out>, th=0x8087658) at eval.c:12471
#28 0x00159ade in call_cfunc (func=0x16c420 <rb_thread_initialize>, recv=3978176, len=-2, argc=0, argv=0x0) at eval.c:5775
#29 0x00164a09 in rb_call0 (klass=<value optimized out>, recv=<value optimized out>, id=2961, oid=2961, argc=0, argv=0x0, body=0xb7fe59b8, flags=<value optimized out>) at eval.c:5928
#30 0x00164baa in rb_call (klass=3086899740, recv=3086829940, mid=2961, argc=0, argv=0x0, scope=1, self=6) at eval.c:6176
#31 0x00165459 in rb_funcall2 (recv=3978176, mid=2961, argc=0, argv=0x0) at eval.c:6312
#32 0x001654f7 in rb_obj_call_init (obj=3086829940, argc=0, argv=0x0) at eval.c:7825
#33 0x00165552 in rb_thread_s_new (argc=0, argv=0x0, klass=3086899740) at eval.c:12584
#34 0x00159ab8 in call_cfunc (func=0x165510 <rb_thread_s_new>, recv=3978176, len=-1, argc=0, argv=0x0) at eval.c:5778
#35 0x00164a09 in rb_call0 (klass=<value optimized out>, recv=<value optimized out>, id=3361, oid=3361, argc=0, argv=0x0, body=0xb7fe59e0, flags=<value optimized out>) at eval.c:5928
#36 0x00164baa in rb_call (klass=3086899720, recv=3086899740, mid=3361, argc=0, argv=0x0, scope=0, self=3086911820) at eval.c:6176
#37 0x00161e7b in rb_eval (self=<value optimized out>, n=<value optimized out>) at eval.c:3506
#38 0x0016292e in rb_eval (self=<value optimized out>, n=<value optimized out>) at eval.c:3236
#39 0x0015f659 in rb_eval (self=<value optimized out>, n=<value optimized out>) at eval.c:3501
#40 0x00170d66 in ruby_exec_internal () at eval.c:1654
#41 0x00170db2 in ruby_exec () at eval.c:1674
#42 0x00170df5 in ruby_run () at eval.c:1684
#43 0x0804869d in main (argc=2, argv=0xbfffed24, envp=0xbfffed30) at main.c:48

----------------------------------------
http://redmine.ruby-lang.org/issues/show/4339

----------------------------------------
http://redmine.ruby-lang.org