Issue #12507 has been updated by Hiroshi SHIBATA.

Assignee deleted (ruby-core)

----------------------------------------
Bug #12507: random SEGV in kernel.system when called with long parametre list
https://bugs.ruby-lang.org/issues/12507#change-59287

* Author: Schplurtz Le Dboulonn
* Status: Open
* Priority: Normal
* Assignee: 
* ruby -v: ruby 2.2.5p319 (2016-04-26 revision 54774) [x86_64-linux]
* Backport: 2.1: UNKNOWN, 2.2: UNKNOWN, 2.3: UNKNOWN
----------------------------------------
Hello.

kernel.system randomly SEGV when called with long parametre list. list length
that causes SEGV (or other error) varies from system to system, and to a lesser
extent, from one run to another.  

Here is how to reproduce:

~~~
#! /usr/bin/env ruby
# encoding: utf-8
# vim: se ts=2 sw=2 et:

[#[4, 4],[4,2],
 [35, 17], [14, 4], [30, 3], [17, 10], [4, 2], [10, 5], [14, 3]
].each do |li|
  len, incr = li
  cmd=[ '/bin/true' ]
  arg='a' * len + ' '
  puts "======== #{arg}(#{len}) #{incr}"
  3000.times do |i|
    print "\r#{i} #{cmd.length} "
    break unless system *cmd
    cmd += (arg * incr).split ' '
  end
  puts ''
end
~~~

The fatal iteration varies between runs of the code. On
slow machines, (my raspberry pi 3), this code fails
for [4, 4], while my i7 laptop prefers to SEGV for [14,4].
Is this a timing issue ?

Affected ruby seem to be only 2.2 series. I could not reproduce
the behavior on 2.1 or 2.3 ruby. all rubies are installed with rvm.
Here is the list of affected systems I have access to:

 * OSX El Capitan
  * ruby 2.2.1p85 (2015-02-26 revision 49769) [x86_64-darwin14]
  * ruby 2.2.5p319 (2016-04-26 revision 54774) [x86_64-darwin15]
 * Ubuntu Gnu/Linux 14.04.4
  * ruby 2.2.0p0 (2014-12-25 revision 49005) [x86_64-linux]
  * ruby 2.2.3p173 (2015-08-18 revision 51636) [x86_64-linux]
  * ruby 2.2.4p230 (2015-12-16 revision 53155) [x86_64-linux]
  * ruby 2.2.5p319 (2016-04-26 revision 54774) [x86_64-linux]
 * Raspian 8.0 
  * ruby 2.2.0p0 (2014-12-25 revision 49005) [armv6l-linux-eabihf] .Was compiled under Raspbian 7
  * ruby 2.2.4p230 (2015-12-16 revision 53155) [armv6l-linux-eabihf]
  * ruby 2.2.5p319 (2016-04-26 revision 54774) [armv7l-linux-eabihf]


Output could be this

~~~
 moi@meduseld:~$ /tmp/a
 ======== aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa (35) 17
 2999 50984 
 ======== aaaaaaaaaaaaaa (14) 4
 139 557 /tmp/a:14: [BUG] Segmentation fault at 0x00616161616191
 ruby 2.2.5p319 (2016-04-26 revision 54774) [x86_64-linux]
 
 -- Control frame information -----------------------------------------------
 c:0007 p:---- s:0580 e:000579 CFUNC  :system
 c:0006 p:0033 s:0020 e:000019 BLOCK  /tmp/a:14 [FINISH]
 c:0005 p:---- s:0017 e:000016 CFUNC  :times
 c:0004 p:0064 s:0014 e:000013 BLOCK  /tmp/a:12 [FINISH]
 c:0003 p:---- s:0007 e:000006 CFUNC  :each
 c:0002 p:0020 s:0004 E:002360 EVAL   /tmp/a:7 [FINISH]
 c:0001 p:0000 s:0002 E:002660 TOP    [FINISH]
 
 -- Ruby level backtrace information ----------------------------------------
 /tmp/a:7:in `<main>'
 /tmp/a:7:in `each'
 /tmp/a:12:in `block in <main>'
 /tmp/a:12:in `times'
 /tmp/a:14:in `block (2 levels) in <main>'
 /tmp/a:14:in `system'
 
 -- Machine register context ------------------------------------------------
  RIP: 0x00007fc40509c354 RBP: 0x0000000000000000 RSP: 0x00007ffe460a44d0
  RAX: 0x0000000000a72eb0 RBX: 0x00000000009ff5d0 RCX: 0x0000000000000085
  RDX: 0x0000616161616161 RDI: 0x0000000001288b50 RSI: 0x0000000000000c41
   R8: 0x0000000000000000  R9: 0x000000000000003f R10: 0x00007fc404c37a70
  R11: 0x0000000000000000 R12: 0x0000000000000c41 R13: 0x00007fc4050e7356
  R14: 0x0000000001288b50 R15: 0x0000000001288b28 EFL: 0x0000000000010246
 
 -- C level backtrace information -------------------------------------------
 /home/moi/.rvm/rubies/ruby-2.2.5/bin/../lib/libruby.so.2.2(rb_vm_bugreport+0x51f) [0x7fc4050a6f7f] vm_dump.c:693
 /home/moi/.rvm/rubies/ruby-2.2.5/bin/../lib/libruby.so.2.2(rb_bug_context+0xcb) [0x7fc404f3a17b] error.c:425
 /home/moi/.rvm/rubies/ruby-2.2.5/bin/../lib/libruby.so.2.2(sigsegv+0x3e) [0x7fc40501ba5e] signal.c:879
 /lib/x86_64-linux-gnu/libc.so.6 [0x7fc404b2dcb0]
 /home/moi/.rvm/rubies/ruby-2.2.5/bin/../lib/libruby.so.2.2(rb_check_funcall+0x144) [0x7fc40509c354] vm_method.c:652
 /home/moi/.rvm/rubies/ruby-2.2.5/bin/../lib/libruby.so.2.2(rb_convert_type+0x5d) [0x7fc404fa7ffd] object.c:2619
 /home/moi/.rvm/rubies/ruby-2.2.5/bin/../lib/libruby.so.2.2(rb_string_value+0x32) [0x7fc405032c72] string.c:1685
 /home/moi/.rvm/rubies/ruby-2.2.5/bin/../lib/libruby.so.2.2(rb_string_value_cstr+0x13) [0x7fc405036743] string.c:1738
 /home/moi/.rvm/rubies/ruby-2.2.5/bin/../lib/libruby.so.2.2(rb_exec_fillarg+0x560) [0x7fc404fd1b50] process.c:2212
 /home/moi/.rvm/rubies/ruby-2.2.5/bin/../lib/libruby.so.2.2(rb_execarg_init+0x1d7) [0x7fc404fd1db7] process.c:2268
 /home/moi/.rvm/rubies/ruby-2.2.5/bin/../lib/libruby.so.2.2(rb_execarg_new+0x55) [0x7fc404fd1f35] process.c:2246
 /home/moi/.rvm/rubies/ruby-2.2.5/bin/../lib/libruby.so.2.2(rb_f_system+0x3d) [0x7fc404fd3cdd] process.c:3935
 /home/moi/.rvm/rubies/ruby-2.2.5/bin/../lib/libruby.so.2.2(vm_call_cfunc+0x11e) [0x7fc40508ef5e] vm_insnhelper.c:1380
 /home/moi/.rvm/rubies/ruby-2.2.5/bin/../lib/libruby.so.2.2(vm_exec_core+0x2613) [0x7fc405096f83] insns.def:1070
 /home/moi/.rvm/rubies/ruby-2.2.5/bin/../lib/libruby.so.2.2(vm_exec+0x82) [0x7fc40509a592] vm.c:1440
 /home/moi/.rvm/rubies/ruby-2.2.5/bin/../lib/libruby.so.2.2(rb_yield+0x497) [0x7fc4050a1717] vm.c:818
 /home/moi/.rvm/rubies/ruby-2.2.5/bin/../lib/libruby.so.2.2(int_dotimes+0x3e) [0x7fc404f9a4de] numeric.c:3868
 /home/moi/.rvm/rubies/ruby-2.2.5/bin/../lib/libruby.so.2.2(vm_call_cfunc+0x11e) [0x7fc40508ef5e] vm_insnhelper.c:1380
 /home/moi/.rvm/rubies/ruby-2.2.5/bin/../lib/libruby.so.2.2(vm_exec_core+0x12f8) [0x7fc405095c68] insns.def:1040
 /home/moi/.rvm/rubies/ruby-2.2.5/bin/../lib/libruby.so.2.2(vm_exec+0x82) [0x7fc40509a592] vm.c:1440
 /home/moi/.rvm/rubies/ruby-2.2.5/bin/../lib/libruby.so.2.2(rb_yield+0x497) [0x7fc4050a1717] vm.c:818
 /home/moi/.rvm/rubies/ruby-2.2.5/bin/../lib/libruby.so.2.2(rb_ary_each+0x52) [0x7fc404eeba42] array.c:1814
 /home/moi/.rvm/rubies/ruby-2.2.5/bin/../lib/libruby.so.2.2(vm_call_cfunc+0x11e) [0x7fc40508ef5e] vm_insnhelper.c:1380
 /home/moi/.rvm/rubies/ruby-2.2.5/bin/../lib/libruby.so.2.2(vm_call_method+0x11e) [0x7fc4050a53be] vm_insnhelper.c:1689
 /home/moi/.rvm/rubies/ruby-2.2.5/bin/../lib/libruby.so.2.2(vm_exec_core+0x12f8) [0x7fc405095c68] insns.def:1040
 /home/moi/.rvm/rubies/ruby-2.2.5/bin/../lib/libruby.so.2.2(vm_exec+0x82) [0x7fc40509a592] vm.c:1440
 /home/moi/.rvm/rubies/ruby-2.2.5/bin/../lib/libruby.so.2.2(rb_iseq_eval_main+0x1f3) [0x7fc40509bbe3] vm.c:1685
 /home/moi/.rvm/rubies/ruby-2.2.5/bin/../lib/libruby.so.2.2(ruby_exec_internal+0xc4) [0x7fc404f3f8f4] eval.c:254
 /home/moi/.rvm/rubies/ruby-2.2.5/bin/../lib/libruby.so.2.2(ruby_exec_node+0x1d) [0x7fc404f41add] eval.c:319
 /home/moi/.rvm/rubies/ruby-2.2.5/bin/../lib/libruby.so.2.2(ruby_run_node+0x1c) [0x7fc404f4434c] eval.c:311
 /home/moi/.rvm/rubies/ruby-2.2.5/bin/ruby(main+0x4b) [0x40087b] main.c:36
 
 -- Other runtime information -----------------------------------------------
 
 * Loaded script: /tmp/a
 
 * Loaded features:
 
     0 enumerator.so
     1 rational.so
     2 complex.so
     3 /home/moi/.rvm/rubies/ruby-2.2.5/lib/ruby/2.2.0/x86_64-linux/enc/encdb.so
     4 /home/moi/.rvm/rubies/ruby-2.2.5/lib/ruby/2.2.0/x86_64-linux/enc/trans/transdb.so
     5 /home/moi/.rvm/rubies/ruby-2.2.5/lib/ruby/2.2.0/unicode_normalize.rb
     6 /home/moi/.rvm/rubies/ruby-2.2.5/lib/ruby/2.2.0/x86_64-linux/rbconfig.rb
     7 thread.rb
     8 /home/moi/.rvm/rubies/ruby-2.2.5/lib/ruby/2.2.0/x86_64-linux/thread.so
     9 /home/moi/.rvm/rubies/ruby-2.2.5/lib/ruby/site_ruby/2.2.0/rubygems/compatibility.rb
    10 /home/moi/.rvm/rubies/ruby-2.2.5/lib/ruby/site_ruby/2.2.0/rubygems/defaults.rb
    11 /home/moi/.rvm/rubies/ruby-2.2.5/lib/ruby/site_ruby/2.2.0/rubygems/deprecate.rb
    12 /home/moi/.rvm/rubies/ruby-2.2.5/lib/ruby/site_ruby/2.2.0/rubygems/errors.rb
    13 /home/moi/.rvm/rubies/ruby-2.2.5/lib/ruby/site_ruby/2.2.0/rubygems/version.rb
    14 /home/moi/.rvm/rubies/ruby-2.2.5/lib/ruby/site_ruby/2.2.0/rubygems/requirement.rb
    15 /home/moi/.rvm/rubies/ruby-2.2.5/lib/ruby/site_ruby/2.2.0/rubygems/platform.rb
    16 /home/moi/.rvm/rubies/ruby-2.2.5/lib/ruby/site_ruby/2.2.0/rubygems/basic_specification.rb
    17 /home/moi/.rvm/rubies/ruby-2.2.5/lib/ruby/site_ruby/2.2.0/rubygems/stub_specification.rb
    18 /home/moi/.rvm/rubies/ruby-2.2.5/lib/ruby/site_ruby/2.2.0/rubygems/util/stringio.rb
    19 /home/moi/.rvm/rubies/ruby-2.2.5/lib/ruby/site_ruby/2.2.0/rubygems/specification.rb
    20 /home/moi/.rvm/rubies/ruby-2.2.5/lib/ruby/site_ruby/2.2.0/rubygems/exceptions.rb
    21 /home/moi/.rvm/rubies/ruby-2.2.5/lib/ruby/site_ruby/2.2.0/rubygems/core_ext/kernel_gem.rb
    22 /home/moi/.rvm/rubies/ruby-2.2.5/lib/ruby/2.2.0/monitor.rb
    23 /home/moi/.rvm/rubies/ruby-2.2.5/lib/ruby/site_ruby/2.2.0/rubygems/core_ext/kernel_require.rb
    24 /home/moi/.rvm/rubies/ruby-2.2.5/lib/ruby/site_ruby/2.2.0/rubygems.rb
 
 * Process memory map:
 
 00400000-00401000 r-xp 00000000 fc:02 555460565                          /home/moi/.rvm/rubies/ruby-2.2.5/bin/ruby
 00600000-00601000 r--p 00000000 fc:02 555460565                          /home/moi/.rvm/rubies/ruby-2.2.5/bin/ruby
 00601000-00602000 rw-p 00001000 fc:02 555460565                          /home/moi/.rvm/rubies/ruby-2.2.5/bin/ruby
 009fe000-06e67000 rw-p 00000000 00:00 0                                  [heap]
 7fc4027f1000-7fc4029b3000 r--s 00000000 fc:02 806357505                  /lib/x86_64-linux-gnu/libc-2.19.so
 7fc4029b3000-7fc4036a6000 r--s 00000000 fc:02 807891100                  /home/moi/.rvm/rubies/ruby-2.2.5/lib/libruby.so.2.2.0
 7fc4036a6000-7fc4036bc000 r-xp 00000000 fc:02 805308844                  /lib/x86_64-linux-gnu/libgcc_s.so.1
 7fc4036bc000-7fc4038bb000 ---p 00016000 fc:02 805308844                  /lib/x86_64-linux-gnu/libgcc_s.so.1
 7fc4038bb000-7fc4038bc000 rw-p 00015000 fc:02 805308844                  /lib/x86_64-linux-gnu/libgcc_s.so.1
 7fc4038bc000-7fc4038bf000 r-xp 00000000 fc:02 269819652                  /home/moi/.rvm/rubies/ruby-2.2.5/lib/ruby/2.2.0/x86_64-linux/thread.so
 7fc4038bf000-7fc403abf000 ---p 00003000 fc:02 269819652                  /home/moi/.rvm/rubies/ruby-2.2.5/lib/ruby/2.2.0/x86_64-linux/thread.so
 7fc403abf000-7fc403ac0000 r--p 00003000 fc:02 269819652                  /home/moi/.rvm/rubies/ruby-2.2.5/lib/ruby/2.2.0/x86_64-linux/thread.so
 7fc403ac0000-7fc403ac1000 rw-p 00004000 fc:02 269819652                  /home/moi/.rvm/rubies/ruby-2.2.5/lib/ruby/2.2.0/x86_64-linux/thread.so
 7fc403ac1000-7fc403ac3000 r-xp 00000000 fc:02 806167023                  /home/moi/.rvm/rubies/ruby-2.2.5/lib/ruby/2.2.0/x86_64-linux/enc/trans/transdb.so
 7fc403ac3000-7fc403cc3000 ---p 00002000 fc:02 806167023                  /home/moi/.rvm/rubies/ruby-2.2.5/lib/ruby/2.2.0/x86_64-linux/enc/trans/transdb.so
 7fc403cc3000-7fc403cc4000 r--p 00002000 fc:02 806167023                  /home/moi/.rvm/rubies/ruby-2.2.5/lib/ruby/2.2.0/x86_64-linux/enc/trans/transdb.so
 7fc403cc4000-7fc403cc5000 rw-p 00003000 fc:02 806167023                  /home/moi/.rvm/rubies/ruby-2.2.5/lib/ruby/2.2.0/x86_64-linux/enc/trans/transdb.so
 7fc403cc5000-7fc403cc7000 r-xp 00000000 fc:02 538538881                  /home/moi/.rvm/rubies/ruby-2.2.5/lib/ruby/2.2.0/x86_64-linux/enc/encdb.so
 7fc403cc7000-7fc403ec6000 ---p 00002000 fc:02 538538881                  /home/moi/.rvm/rubies/ruby-2.2.5/lib/ruby/2.2.0/x86_64-linux/enc/encdb.so
 7fc403ec6000-7fc403ec7000 r--p 00001000 fc:02 538538881                  /home/moi/.rvm/rubies/ruby-2.2.5/lib/ruby/2.2.0/x86_64-linux/enc/encdb.so
 7fc403ec7000-7fc403ec8000 rw-p 00002000 fc:02 538538881                  /home/moi/.rvm/rubies/ruby-2.2.5/lib/ruby/2.2.0/x86_64-linux/enc/encdb.so
 7fc403ec8000-7fc404196000 r--p 00000000 fc:02 537242510                  /usr/lib/locale/locale-archive
 7fc404196000-7fc40429b000 r-xp 00000000 fc:02 806357486                  /lib/x86_64-linux-gnu/libm-2.19.so
 7fc40429b000-7fc40449a000 ---p 00105000 fc:02 806357486                  /lib/x86_64-linux-gnu/libm-2.19.so
 7fc40449a000-7fc40449b000 r--p 00104000 fc:02 806357486                  /lib/x86_64-linux-gnu/libm-2.19.so
 7fc40449b000-7fc40449c000 rw-p 00105000 fc:02 806357486                  /lib/x86_64-linux-gnu/libm-2.19.so
 7fc40449c000-7fc4044a5000 r-xp 00000000 fc:02 806357489                  /lib/x86_64-linux-gnu/libcrypt-2.19.so
 7fc4044a5000-7fc4046a5000 ---p 00009000 fc:02 806357489                  /lib/x86_64-linux-gnu/libcrypt-2.19.so
 7fc4046a5000-7fc4046a6000 r--p 00009000 fc:02 806357489                  /lib/x86_64-linux-gnu/libcrypt-2.19.so
 7fc4046a6000-7fc4046a7000 rw-p 0000a000 fc:02 806357489                  /lib/x86_64-linux-gnu/libcrypt-2.19.so
 7fc4046a7000-7fc4046d5000 rw-p 00000000 00:00 0 
 7fc4046d5000-7fc4046d8000 r-xp 00000000 fc:02 806357488                  /lib/x86_64-linux-gnu/libdl-2.19.so
 7fc4046d8000-7fc4048d7000 ---p 00003000 fc:02 806357488                  /lib/x86_64-linux-gnu/libdl-2.19.so
 7fc4048d7000-7fc4048d8000 r--p 00002000 fc:02 806357488                  /lib/x86_64-linux-gnu/libdl-2.19.so
 7fc4048d8000-7fc4048d9000 rw-p 00003000 fc:02 806357488                  /lib/x86_64-linux-gnu/libdl-2.19.so
 7fc4048d9000-7fc4048f2000 r-xp 00000000 fc:02 806357495                  /lib/x86_64-linux-gnu/libpthread-2.19.so
 7fc4048f2000-7fc404af1000 ---p 00019000 fc:02 806357495                  /lib/x86_64-linux-gnu/libpthread-2.19.so
 7fc404af1000-7fc404af2000 r--p 00018000 fc:02 806357495                  /lib/x86_64-linux-gnu/libpthread-2.19.so
 7fc404af2000-7fc404af3000 rw-p 00019000 fc:02 806357495                  /lib/x86_64-linux-gnu/libpthread-2.19.so
 7fc404af3000-7fc404af7000 rw-p 00000000 00:00 0 
 7fc404af7000-7fc404cb1000 r-xp 00000000 fc:02 806357505                  /lib/x86_64-linux-gnu/libc-2.19.so
 7fc404cb1000-7fc404eb1000 ---p 001ba000 fc:02 806357505                  /lib/x86_64-linux-gnu/libc-2.19.so
 7fc404eb1000-7fc404eb5000 r--p 001ba000 fc:02 806357505                  /lib/x86_64-linux-gnu/libc-2.19.so
 7fc404eb5000-7fc404eb7000 rw-p 001be000 fc:02 806357505                  /lib/x86_64-linux-gnu/libc-2.19.so
 7fc404eb7000-7fc404ebc000 rw-p 00000000 00:00 0 
 7fc404ebc000-7fc405180000 r-xp 00000000 fc:02 807891100                  /home/moi/.rvm/rubies/ruby-2.2.5/lib/libruby.so.2.2.0
 7fc405180000-7fc405380000 ---p 002c4000 fc:02 807891100                  /home/moi/.rvm/rubies/ruby-2.2.5/lib/libruby.so.2.2.0
 7fc405380000-7fc405385000 r--p 002c4000 fc:02 807891100                  /home/moi/.rvm/rubies/ruby-2.2.5/lib/libruby.so.2.2.0
 7fc405385000-7fc405388000 rw-p 002c9000 fc:02 807891100                  /home/moi/.rvm/rubies/ruby-2.2.5/lib/libruby.so.2.2.0
 7fc405388000-7fc40539a000 rw-p 00000000 00:00 0 
 7fc40539a000-7fc4053bd000 r-xp 00000000 fc:02 806357496                  /lib/x86_64-linux-gnu/ld-2.19.so
 7fc40548d000-7fc405594000 rw-p 00000000 00:00 0 
 7fc405594000-7fc4055b6000 r--s 00000000 fc:02 555460565                  /home/moi/.rvm/rubies/ruby-2.2.5/bin/ruby
 7fc4055b6000-7fc4055b7000 ---p 00000000 00:00 0 
 7fc4055b7000-7fc4055bc000 rw-p 00000000 00:00 0                          [stack:15986]
 7fc4055bc000-7fc4055bd000 r--p 00022000 fc:02 806357496                  /lib/x86_64-linux-gnu/ld-2.19.so
 7fc4055bd000-7fc4055be000 rw-p 00023000 fc:02 806357496                  /lib/x86_64-linux-gnu/ld-2.19.so
 7fc4055be000-7fc4055bf000 rw-p 00000000 00:00 0 
 7ffe458a9000-7ffe460a8000 rw-p 00000000 00:00 0 
 7ffe46181000-7ffe46183000 r-xp 00000000 00:00 0                          [vdso]
 ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]
 
 
 [NOTE]
 You may have encountered a bug in the Ruby interpreter or extension libraries.
 Bug reports are welcome.
 For details: http://www.ruby-lang.org/bugreport.html
 
 Abandon (core dumped)
~~~

or that

~~~
 moi@meduseld:~$ /tmp/a
 ======== aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa (35) 17
 2999 50984 
 ======== aaaaaaaaaaaaaa (14) 4
 134 537 /tmp/a:14:in `system': string contains null byte (ArgumentError)
 	from /tmp/a:14:in `block (2 levels) in <main>'
 	from /tmp/a:12:in `times'
 	from /tmp/a:12:in `block in <main>'
 	from /tmp/a:7:in `each'
 	from /tmp/a:7:in `<main>'
~~~




-- 
https://bugs.ruby-lang.org/

Unsubscribe: <mailto:ruby-core-request / ruby-lang.org?subject=unsubscribe>
<http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>