Hello,

Thank you for the reproducing process.  I could also comfirmed it.
This is one of the most difficult bug that I have seen...

In short, I've not solved this issue, but I found valgrind with -O0
enlightens us the (maybe) important point:


=3D=3D357=3D=3D Invalid write of size 1
=3D=3D357=3D=3D    at 0x814BF6F: rb_thread_mark (vm.c:1689)
=3D=3D357=3D=3D    by 0x8155988: cont_mark (cont.c:141)
=3D=3D357=3D=3D    by 0x8155B8C: fiber_mark (cont.c:268)
=3D=3D357=3D=3D    by 0x8061039: gc_mark_children (gc.c:1836)
=3D=3D357=3D=3D    by 0x8060BB6: gc_mark (gc.c:1628)
=3D=3D357=3D=3D    by 0x8060BF0: rb_gc_mark (gc.c:1634)
=3D=3D357=3D=3D    by 0x814C0C3: rb_thread_mark (vm.c:1705)
=3D=3D357=3D=3D    by 0x8061039: gc_mark_children (gc.c:1836)
=3D=3D357=3D=3D    by 0x8060BB6: gc_mark (gc.c:1628)
=3D=3D357=3D=3D    by 0x8060BF0: rb_gc_mark (gc.c:1634)
=3D=3D357=3D=3D    by 0x814BB02: vm_mark_each_thread_func (vm.c:1510)
=3D=3D357=3D=3D    by 0x80F0595: st_foreach (st.c:747)
=3D=3D357=3D=3D  Address 0x75ab318 is 16 bytes inside a block of size 32 fr=
ee'd
=3D=3D357=3D=3D    at 0x4025BF0: free (vg_replace_malloc.c:366)
=3D=3D357=3D=3D    by 0x805F708: vm_xfree (gc.c:816)
=3D=3D357=3D=3D    by 0x805F8FC: ruby_xfree (gc.c:880)
=3D=3D357=3D=3D    by 0x805C91E: bm_free (proc.c:877)
=3D=3D357=3D=3D    by 0x80632B1: run_final (gc.c:2921)
=3D=3D357=3D=3D    by 0x80613B7: finalize_list (gc.c:1925)
=3D=3D357=3D=3D    by 0x8063323: finalize_deferred (gc.c:2937)
=3D=3D357=3D=3D    by 0x806333E: rb_gc_finalize_deferred (gc.c:2944)
=3D=3D357=3D=3D    by 0x8150FFD: rb_threadptr_execute_interrupts_common (th=
read.c:1311)
=3D=3D357=3D=3D    by 0x81510DD: rb_threadptr_execute_interrupts (thread.c:=
1335)
=3D=3D357=3D=3D    by 0x8146179: vm_call0 (vm_eval.c:146)
=3D=3D357=3D=3D    by 0x81463EB: rb_call0 (vm_eval.c:235)


vm.c:1689:  if (cfp->me) ((rb_method_entry_t *)cfp->me)->mark =3D 1;

This point seems to write free'd area, and accidentally (?) break
the st_table consistency of method table of singleton class, which
leads to SEGV during GC.

(In fact, I managed to figure the point painstakingly by using GDB.
 I should have used valgrind first...)


So, any module breaks YARV stack, or the me (method entry) is
wrongly free'd.  Because fiber_mark and bm_free is in the trace, I
guess one (or ones) of Fiber, Method, GC and YARV (especially,
method entry handling) is guilty.


Additional node: the reproducible code depends only two non-standard
extension libraries (tiny_tds and bcrypt).  The SEGV still occurs
even if the dependence can be easily removed just by deleting calls
to "require".  So this is absolutely core or standard libraries'
problem.  We cannot use "third party's issue" ;-(


2011/7/24 Hiroshi Nakamura <nakahiro / gmail.com>:
>
> Issue #5047 has been updated by Hiroshi Nakamura.
>
>
> Random note;
> =A0* SEGV on trunk, ruby_1_9_3 and 1.9.2-p280
> =A0* SEGV on x86_64-linux but NOT on x86_64-darwin10.8.0 according to @na=
gachika
> =A0* SEGV at GC mark or sweep, and the broken object looks like a singlet=
on class object
> =A0* SEGV caused at autoload from autoload from autoload... or at finaliz=
ing VM at exit.
> =A0* slight change of code, different location of SEGV.
> =A0* lack of RB_GC_GUARD for a Node which is used in particular code?
>
> ----------------------------------------
> Bug #5047: Segfault (most likely involving require)
> http://redmine.ruby-lang.org/issues/5047
>
> Author: Jack Christensen
> Status: Assigned
> Priority: High
> Assignee: Hiroshi Nakamura
> Category: core
> Target version: 1.9.3
> ruby -v: -
>
>
> Rails application randomly segfaults when running rspec. It will segfault=
 about 80% of the time before any specs run. It seems to be related to requ=
iring files. If it succeeds in getting to any specs it will run all of them=
 without segfaulting.
>
> The catalyst for the segfault seems to be the prawn gem. I have tested se=
veral rails applications where adding prawn to the Gemfile crashes them. Ho=
wever, there need to be certain other gems in place as well.
>
> <pre>
> source 'http://rubygems.org'
>
> gem 'rails', '3.1.0.rc4'
>
> gem 'tiny_tds'
> gem 'activerecord-sqlserver-adapter', :git =3D> 'git://github.com/rails-s=
qlserver/activerecord-sqlserver-adapter.git'
>
> group :test do
> =A0gem 'rspec-rails', '>=3D 2.6.0'
> end
>
> gem "prawn"
> </pre>
>
> This Gemfile will crash most of the time when running bundle exec rspec s=
pec. If I replace the tiny_tds and activerecord-sql-server-adapter with sql=
ite3 it does not crash. But I do not believe the fault is with the SQL serv=
er gems as in my other rails projects I am using the pg gem and they also c=
rash.
>
> Another interesting point is the order of the Gemfile matters. If I move =
the prawn gem to the top of the Gemfile the segfaults do not occur.
>
> The crashes occur at multiple locations, but the most most common is: act=
ivesupport-3.1.0.rc4/lib/active_support/dependencies.rb:237.
>
> I've put a whole stack dump below.
>
> <pre>
> /usr/local/lib/ruby/gems/1.9.1/gems/activesupport-3.1.0.rc4/lib/active_su=
pport/dependencies.rb:237: [BUG] Segmentation fault
> ruby 1.9.2p290 (2011-07-09 revision 32553) [x86_64-linux]
>
> -- control frame ----------
> c:0042 p:---- s:0143 b:0143 l:000142 d:000142 CFUNC =A0:require
> c:0041 p:0012 s:0139 b:0139 l:000131 d:000138 BLOCK =A0/usr/local/lib/rub=
y/gems/1.9.1/gems/activesupport-3.1.0.rc4/lib/active_support/dependencies.r=
b:237
> c:0040 p:0054 s:0137 b:0137 l:000136 d:000136 METHOD /usr/local/lib/ruby/=
gems/1.9.1/gems/activesupport-3.1.0.rc4/lib/active_support/dependencies.rb:=
225
> c:0039 p:0013 s:0132 b:0132 l:000131 d:000131 METHOD /usr/local/lib/ruby/=
gems/1.9.1/gems/activesupport-3.1.0.rc4/lib/active_support/dependencies.rb:=
237
> c:0038 p:0119 s:0127 b:0127 l:000126 d:000126 TOP =A0 =A0/usr/local/lib/r=
uby/gems/1.9.1/gems/rspec-mocks-2.6.0/lib/rspec/mocks/framework.rb:14
> c:0037 p:---- s:0125 b:0125 l:000124 d:000124 FINISH
> c:0036 p:---- s:0123 b:0123 l:000122 d:000122 CFUNC =A0:require
> c:0035 p:0012 s:0119 b:0119 l:000111 d:000118 BLOCK =A0/usr/local/lib/rub=
y/gems/1.9.1/gems/activesupport-3.1.0.rc4/lib/active_support/dependencies.r=
b:237
> c:0034 p:0054 s:0117 b:0117 l:000116 d:000116 METHOD /usr/local/lib/ruby/=
gems/1.9.1/gems/activesupport-3.1.0.rc4/lib/active_support/dependencies.rb:=
225
> c:0033 p:0013 s:0112 b:0112 l:000111 d:000111 METHOD /usr/local/lib/ruby/=
gems/1.9.1/gems/activesupport-3.1.0.rc4/lib/active_support/dependencies.rb:=
237
> c:0032 p:0011 s:0107 b:0107 l:000106 d:000106 TOP =A0 =A0/usr/local/lib/r=
uby/gems/1.9.1/gems/rspec-mocks-2.6.0/lib/rspec/mocks.rb:1
> c:0031 p:---- s:0105 b:0105 l:000104 d:000104 FINISH
> c:0030 p:---- s:0103 b:0103 l:000102 d:000102 CFUNC =A0:require
> c:0029 p:0012 s:0099 b:0099 l:000091 d:000098 BLOCK =A0/usr/local/lib/rub=
y/gems/1.9.1/gems/activesupport-3.1.0.rc4/lib/active_support/dependencies.r=
b:237
> c:0028 p:0054 s:0097 b:0097 l:000096 d:000096 METHOD /usr/local/lib/ruby/=
gems/1.9.1/gems/activesupport-3.1.0.rc4/lib/active_support/dependencies.rb:=
225
> c:0027 p:0013 s:0092 b:0092 l:000091 d:000091 METHOD /usr/local/lib/ruby/=
gems/1.9.1/gems/activesupport-3.1.0.rc4/lib/active_support/dependencies.rb:=
237
> c:0026 p:0011 s:0087 b:0087 l:000086 d:000086 TOP =A0 =A0/usr/local/lib/r=
uby/gems/1.9.1/gems/rspec-core-2.6.4/lib/rspec/core/mocking/with_rspec.rb:1
> c:0025 p:---- s:0085 b:0085 l:000084 d:000084 FINISH
> c:0024 p:---- s:0083 b:0083 l:000082 d:000082 CFUNC =A0:require
> c:0023 p:0012 s:0079 b:0079 l:000071 d:000078 BLOCK =A0/usr/local/lib/rub=
y/gems/1.9.1/gems/activesupport-3.1.0.rc4/lib/active_support/dependencies.r=
b:237
> c:0022 p:0054 s:0077 b:0077 l:000076 d:000076 METHOD /usr/local/lib/ruby/=
gems/1.9.1/gems/activesupport-3.1.0.rc4/lib/active_support/dependencies.rb:=
225
> c:0021 p:0013 s:0072 b:0072 l:000071 d:000071 METHOD /usr/local/lib/ruby/=
gems/1.9.1/gems/activesupport-3.1.0.rc4/lib/active_support/dependencies.rb:=
237
> c:0020 p:0186 s:0067 b:0067 l:000066 d:000066 METHOD /usr/local/lib/ruby/=
gems/1.9.1/gems/rspec-core-2.6.4/lib/rspec/core/configuration.rb:176
> c:0019 p:0016 s:0063 b:0062 l:000061 d:000061 METHOD /usr/local/lib/ruby/=
gems/1.9.1/gems/rspec-core-2.6.4/lib/rspec/core/configuration.rb:135
> c:0018 p:0013 s:0058 b:0058 l:000051 d:000057 BLOCK =A0/home/jackc/work/s=
egfault/spec/spec_helper.rb:18
> c:0017 p:0062 s:0055 b:0055 l:000054 d:000054 METHOD /usr/local/lib/ruby/=
gems/1.9.1/gems/rspec-core-2.6.4/lib/rspec/core.rb:79
> c:0016 p:0125 s:0052 b:0052 l:000051 d:000051 TOP =A0 =A0/home/jackc/work=
/segfault/spec/spec_helper.rb:10
> c:0015 p:---- s:0050 b:0050 l:000049 d:000049 FINISH
> c:0014 p:---- s:0048 b:0048 l:000047 d:000047 CFUNC =A0:require
> c:0013 p:0011 s:0044 b:0044 l:000043 d:000043 TOP =A0 =A0/home/jackc/work=
/segfault/spec/controllers/application_controller_spec.rb:1
> c:0012 p:---- s:0042 b:0042 l:000041 d:000041 FINISH
> c:0011 p:---- s:0040 b:0040 l:000039 d:000039 CFUNC =A0:load
> c:0010 p:0025 s:0036 b:0036 l:000027 d:000035 BLOCK =A0/usr/local/lib/rub=
y/gems/1.9.1/gems/rspec-core-2.6.4/lib/rspec/core/configuration.rb:419
> c:0009 p:---- s:0033 b:0033 l:000032 d:000032 FINISH
> c:0008 p:---- s:0031 b:0031 l:000030 d:000030 CFUNC =A0:map
> c:0007 p:0017 s:0028 b:0028 l:000027 d:000027 METHOD /usr/local/lib/ruby/=
gems/1.9.1/gems/rspec-core-2.6.4/lib/rspec/core/configuration.rb:419
> c:0006 p:0074 s:0025 b:0025 l:000024 d:000024 METHOD /usr/local/lib/ruby/=
gems/1.9.1/gems/rspec-core-2.6.4/lib/rspec/core/command_line.rb:18
> c:0005 p:0055 s:0020 b:0020 l:000019 d:000019 METHOD /usr/local/lib/ruby/=
gems/1.9.1/gems/rspec-core-2.6.4/lib/rspec/core/runner.rb:80
> c:0004 p:0101 s:0014 b:0014 l:000013 d:000013 METHOD /usr/local/lib/ruby/=
gems/1.9.1/gems/rspec-core-2.6.4/lib/rspec/core/runner.rb:69
> c:0003 p:0021 s:0007 b:0006 l:002108 d:000005 BLOCK =A0/usr/local/lib/rub=
y/gems/1.9.1/gems/rspec-core-2.6.4/lib/rspec/core/runner.rb:11
> c:0002 p:---- s:0004 b:0004 l:000003 d:000003 FINISH
> c:0001 p:0000 s:0002 b:0002 l:000688 d:000688 TOP
> ---------------------------
> -- Ruby level backtrace information -------------------------------------=
---
> /usr/local/lib/ruby/gems/1.9.1/gems/rspec-core-2.6.4/lib/rspec/core/runne=
r.rb:11:in `block in autorun'
> /usr/local/lib/ruby/gems/1.9.1/gems/rspec-core-2.6.4/lib/rspec/core/runne=
r.rb:69:in `run'
> /usr/local/lib/ruby/gems/1.9.1/gems/rspec-core-2.6.4/lib/rspec/core/runne=
r.rb:80:in `run_in_process'
> /usr/local/lib/ruby/gems/1.9.1/gems/rspec-core-2.6.4/lib/rspec/core/comma=
nd_line.rb:18:in `run'
> /usr/local/lib/ruby/gems/1.9.1/gems/rspec-core-2.6.4/lib/rspec/core/confi=
guration.rb:419:in `load_spec_files'
> /usr/local/lib/ruby/gems/1.9.1/gems/rspec-core-2.6.4/lib/rspec/core/confi=
guration.rb:419:in `map'
> /usr/local/lib/ruby/gems/1.9.1/gems/rspec-core-2.6.4/lib/rspec/core/confi=
guration.rb:419:in `block in load_spec_files'
> /usr/local/lib/ruby/gems/1.9.1/gems/rspec-core-2.6.4/lib/rspec/core/confi=
guration.rb:419:in `load'
> /home/jackc/work/segfault/spec/controllers/application_controller_spec.rb=
:1:in `<top (required)>'
> /home/jackc/work/segfault/spec/controllers/application_controller_spec.rb=
:1:in `require'
> /home/jackc/work/segfault/spec/spec_helper.rb:10:in `<top (required)>'
> /usr/local/lib/ruby/gems/1.9.1/gems/rspec-core-2.6.4/lib/rspec/core.rb:79=
:in `configure'
> /home/jackc/work/segfault/spec/spec_helper.rb:18:in `block in <top (requi=
red)>'
> /usr/local/lib/ruby/gems/1.9.1/gems/rspec-core-2.6.4/lib/rspec/core/confi=
guration.rb:135:in `mock_with'
> /usr/local/lib/ruby/gems/1.9.1/gems/rspec-core-2.6.4/lib/rspec/core/confi=
guration.rb:176:in `mock_framework=3D'
> /usr/local/lib/ruby/gems/1.9.1/gems/activesupport-3.1.0.rc4/lib/active_su=
pport/dependencies.rb:237:in `require'
> /usr/local/lib/ruby/gems/1.9.1/gems/activesupport-3.1.0.rc4/lib/active_su=
pport/dependencies.rb:225:in `load_dependency'
> /usr/local/lib/ruby/gems/1.9.1/gems/activesupport-3.1.0.rc4/lib/active_su=
pport/dependencies.rb:237:in `block in require'
> /usr/local/lib/ruby/gems/1.9.1/gems/activesupport-3.1.0.rc4/lib/active_su=
pport/dependencies.rb:237:in `require'
> /usr/local/lib/ruby/gems/1.9.1/gems/rspec-core-2.6.4/lib/rspec/core/mocki=
ng/with_rspec.rb:1:in `<top (required)>'
> /usr/local/lib/ruby/gems/1.9.1/gems/activesupport-3.1.0.rc4/lib/active_su=
pport/dependencies.rb:237:in `require'
> /usr/local/lib/ruby/gems/1.9.1/gems/activesupport-3.1.0.rc4/lib/active_su=
pport/dependencies.rb:225:in `load_dependency'
> /usr/local/lib/ruby/gems/1.9.1/gems/activesupport-3.1.0.rc4/lib/active_su=
pport/dependencies.rb:237:in `block in require'
> /usr/local/lib/ruby/gems/1.9.1/gems/activesupport-3.1.0.rc4/lib/active_su=
pport/dependencies.rb:237:in `require'
> /usr/local/lib/ruby/gems/1.9.1/gems/rspec-mocks-2.6.0/lib/rspec/mocks.rb:=
1:in `<top (required)>'
> /usr/local/lib/ruby/gems/1.9.1/gems/activesupport-3.1.0.rc4/lib/active_su=
pport/dependencies.rb:237:in `require'
> /usr/local/lib/ruby/gems/1.9.1/gems/activesupport-3.1.0.rc4/lib/active_su=
pport/dependencies.rb:225:in `load_dependency'
> /usr/local/lib/ruby/gems/1.9.1/gems/activesupport-3.1.0.rc4/lib/active_su=
pport/dependencies.rb:237:in `block in require'
> /usr/local/lib/ruby/gems/1.9.1/gems/activesupport-3.1.0.rc4/lib/active_su=
pport/dependencies.rb:237:in `require'
> /usr/local/lib/ruby/gems/1.9.1/gems/rspec-mocks-2.6.0/lib/rspec/mocks/fra=
mework.rb:14:in `<top (required)>'
> /usr/local/lib/ruby/gems/1.9.1/gems/activesupport-3.1.0.rc4/lib/active_su=
pport/dependencies.rb:237:in `require'
> /usr/local/lib/ruby/gems/1.9.1/gems/activesupport-3.1.0.rc4/lib/active_su=
pport/dependencies.rb:225:in `load_dependency'
> /usr/local/lib/ruby/gems/1.9.1/gems/activesupport-3.1.0.rc4/lib/active_su=
pport/dependencies.rb:237:in `block in require'
> /usr/local/lib/ruby/gems/1.9.1/gems/activesupport-3.1.0.rc4/lib/active_su=
pport/dependencies.rb:237:in `require'
>
> -- C level backtrace information ----------------------------------------=
---
> /usr/local/bin/ruby(rb_vm_bugreport+0x9e) [0x523b6e]
> /usr/local/bin/ruby() [0x565508]
> /usr/local/bin/ruby(rb_bug+0xb1) [0x5656a1]
> /usr/local/bin/ruby() [0x4b2ca8]
> /lib/libpthread.so.0(+0xf8f0) [0x7fa523e988f0]
> /usr/local/bin/ruby(st_free_table+0x43) [0x4bbb33]
> /usr/local/bin/ruby() [0x426cf5]
> /usr/local/bin/ruby() [0x4277ed]
> /usr/local/bin/ruby() [0x4c0562]
> /usr/local/bin/ruby(rb_usascii_str_new+0x13) [0x4c0683]
> /usr/local/bin/ruby(rb_file_expand_path+0x42) [0x5706c2]
> /usr/local/bin/ruby() [0x56a63a]
> /usr/local/bin/ruby(rb_require_safe+0x25d) [0x56aa8d]
> /usr/local/bin/ruby() [0x51307f]
> /usr/local/bin/ruby() [0x5168c1]
> /usr/local/bin/ruby() [0x519499]
> /usr/local/bin/ruby(rb_iseq_eval+0x1ee) [0x519aee]
> /usr/local/bin/ruby() [0x569a08]
> /usr/local/bin/ruby(rb_require_safe+0x647) [0x56ae77]
> /usr/local/bin/ruby() [0x51307f]
> /usr/local/bin/ruby() [0x5168c1]
> /usr/local/bin/ruby() [0x519499]
> /usr/local/bin/ruby(rb_iseq_eval+0x1ee) [0x519aee]
> /usr/local/bin/ruby() [0x569a08]
> /usr/local/bin/ruby(rb_require_safe+0x647) [0x56ae77]
> /usr/local/bin/ruby() [0x51307f]
> /usr/local/bin/ruby() [0x5168c1]
> /usr/local/bin/ruby() [0x519499]
> /usr/local/bin/ruby(rb_iseq_eval+0x1ee) [0x519aee]
> /usr/local/bin/ruby() [0x569a08]
> /usr/local/bin/ruby(rb_require_safe+0x647) [0x56ae77]
> /usr/local/bin/ruby() [0x51307f]
> /usr/local/bin/ruby() [0x5168c1]
> /usr/local/bin/ruby() [0x519499]
> /usr/local/bin/ruby(rb_iseq_eval+0x1ee) [0x519aee]
> /usr/local/bin/ruby() [0x569a08]
> /usr/local/bin/ruby(rb_require_safe+0x647) [0x56ae77]
> /usr/local/bin/ruby() [0x51307f]
> /usr/local/bin/ruby() [0x515546]
> /usr/local/bin/ruby() [0x519499]
> /usr/local/bin/ruby(rb_iseq_eval+0x1ee) [0x519aee]
> /usr/local/bin/ruby() [0x569a08]
> /usr/local/bin/ruby() [0x569b6b]
> /usr/local/bin/ruby() [0x51307f]
> /usr/local/bin/ruby() [0x515546]
> /usr/local/bin/ruby() [0x519499]
> /usr/local/bin/ruby(rb_yield+0x66) [0x521d56]
> /usr/local/bin/ruby() [0x53ac15]
> /usr/local/bin/ruby() [0x51307f]
> /usr/local/bin/ruby() [0x515546]
> /usr/local/bin/ruby() [0x519499]
> /usr/local/bin/ruby(rb_vm_invoke_proc+0x9f) [0x51c38f]
> /usr/local/bin/ruby(rb_exec_end_proc+0x238) [0x41c5b8]
> /usr/local/bin/ruby() [0x41c684]
> /usr/local/bin/ruby(ruby_cleanup+0x12d) [0x41c7fd]
> /usr/local/bin/ruby(ruby_run_node+0x3d) [0x41cb0d]
> /usr/local/bin/ruby(main+0x49) [0x419c49]
> /lib/libc.so.6(__libc_start_main+0xfd) [0x7fa52325cc4d]
> /usr/local/bin/ruby() [0x419b39]
>
> [NOTE]
> You may have encountered a bug in the Ruby interpreter or extension libra=
ries.
> Bug reports are welcome.
> For details: http://www.ruby-lang.org/bugreport.html
>
> Aborted
> </pre>
>
> I've attached the minimal rails test app I could get to fail below.
>
>
> --
> http://redmine.ruby-lang.org
>
>



--=20
Yusuke Endoh <mame / tsg.ne.jp>