Issue #14441 has been updated by wanabe (_ wanabe).


Reproduced on my environment, `ruby 2.6.0dev (2018-02-06 trunk 62242) [x86_64-linux]`.

I guess this is due to missing error-handling for `c_file`.
https://github.com/ruby/ruby/blob/88035b997930bd00c30be7b69de9d855a7f2322e/mjit.c#L701
https://svn.ruby-lang.org/cgi-bin/viewvc.cgi/trunk/mjit.c?revision=62242&view=markup#l701

----------------------------------------
Bug #14441: Dir.chroot results in segfault when used with --jit
https://bugs.ruby-lang.org/issues/14441#change-70220

* Author: jeremyevans0 (Jeremy Evans)
* Status: Open
* Priority: Normal
* Assignee: 
* Target version: 
* ruby -v: ruby 2.6.0dev (2018-02-05 trunk 62211) [x86_64-openbsd]
* Backport: 2.3: UNKNOWN, 2.4: UNKNOWN, 2.5: UNKNOWN
----------------------------------------
Example code:

~~~
$ ruby --jit --jit-cc=clang -e 'a = 0; Dir.chroot("."); 50000000.times{|i| a += i }; p a
-e:1: [BUG] Segmentation fault at 0x0000000000000058
ruby 2.6.0dev (2018-02-05 trunk 62211) [x86_64-openbsd]

-- Control frame information -----------------------------------------------
c:0003 p:---- s:0011 e:000010 CFUNC  :times
c:0002 p:0022 s:0007 E:001d18 EVAL   -e:1 [FINISH]
c:0001 p:0000 s:0003 E:001f20 (none) [FINISH]

-- Ruby level backtrace information ----------------------------------------
-e:1:in `<main>'
-e:1:in `times'
~~~

gdb:

~~~
(gdb) bt
#0  thrkill () at -:3
#1  0x00000eaf81ad3b6e in _libc_abort () at /usr/src/lib/libc/stdlib/abort.c:51
#2  0x00000eaf7cd7f049 in die () at error.c:578
#3  0x00000eaf7cd7f225 in rb_bug_context (ctx=0xeafe4196e10, fmt=0xeaf7d10c7e1 "Segmentation fault at %p") at error.c:608
#4  0x00000eaf7cee4937 in sigsegv (sig=11, info=0xeafe4196f00, ctx=0xeafe4196e10) at signal.c:933
#5  <signal handler called>
#6  __vfprintf (fp=0x0, fmt0=0xeaf7d0e94a0 "/* %s@%s:%d */\n\n", ap=0xeafe4197ab0) at /usr/src/lib/libc/stdio/vfprintf.c:458
#7  0x00000eaf81a7d3a3 in _libc_vfprintf (fp=0x0, fmt0=0xeaf7d0e94a0 "/* %s@%s:%d */\n\n", ap=0xeafe4197ab0) at /usr/src/lib/libc/stdio/vfprintf.c:263
#8  0x00000eaf81a90996 in _libc_fprintf (fp=Variable "fp" is not available.
) at /usr/src/lib/libc/stdio/fprintf.c:44
#9  0x00000eaf7cdfed0b in convert_unit_to_func (unit=0xeafddcc4220) at mjit.c:736
#10 0x00000eaf7cdfdc73 in worker () at mjit.c:817
#11 0x00000eaf7cf321d2 in mjit_worker (arg=0xeaf7cdfdb20) at thread_pthread.c:1788
#12 0x00000eaf598395fe in _rthread_start (v=Variable "v" is not available.
) at /usr/src/lib/librthread/rthread.c:96
#13 0x00000eaf81a8ae3b in __tfork_thread () at /usr/src/lib/libc/arch/amd64/sys/tfork_thread.S:75
#14 0x0000000000000000 in ?? ()
(gdb) info threads
  3 process 384917  _thread_sys_poll () at -:3
  2 process 562197  VM_FRAME_CFRAME_P (cfp=0xeafd148af20) at vm_core.h:1141
* 1 process 417946  thrkill () at -:3
(gdb) thread 2
[Switching to thread 2 (process 562197)]#0  VM_FRAME_CFRAME_P (cfp=0xeafd148af20) at vm_core.h:1141
1141        int cframe_p = VM_ENV_FLAGS(cfp->ep, VM_FRAME_FLAG_CFRAME) != 0;
Current language:  auto; currently minimal
(gdb) bt
#0  VM_FRAME_CFRAME_P (cfp=0xeafd148af20) at vm_core.h:1141
#1  0x00000eaf7cf822a5 in VM_FRAME_RUBYFRAME_P (cfp=0xeafd148af20) at vm_core.h:1149
#2  0x00000eaf7cf86090 in vm_base_ptr (cfp=0xeafd148af20) at vm_insnhelper.c:1537
#3  0x00000eaf7cf7492c in vm_exec_core (ec=0xeafa3125248, initial=0) at insns.def:838
#4  0x00000eaf7cf84b9c in vm_exec (ec=0xeafa3125248) at vm.c:1804
#5  0x00000eaf7cf9cf50 in invoke_block (ec=0xeafa3125248, iseq=0xeaf0be77688, self=16148754916040, captured=0xeafd148afa8, cref=0x0, type=572653569, opt_pc=0) at vm.c:1005
#6  0x00000eaf7cf9cd7b in invoke_iseq_block_from_c (ec=0xeafa3125248, captured=0xeafd148afa8, self=16148754916040, argc=1, argv=0x7f7ffffbc8e0, passed_block_handler=0, cref=0x0, is_lambda=0) at vm.c:1057
#7  0x00000eaf7cf9ca8e in invoke_block_from_c_bh (ec=0xeafa3125248, block_handler=16148293267369, argc=1, argv=0x7f7ffffbc8e0, passed_block_handler=0, cref=0x0, is_lambda=0, force_blockarg=0) at vm.c:1075
#8  0x00000eaf7cf9c9db in vm_yield (ec=0xeafa3125248, argc=1, argv=0x7f7ffffbc8e0) at vm.c:1120
#9  0x00000eaf7cf7ee83 in rb_yield_0 (argc=1, argv=0x7f7ffffbc8e0) at vm_eval.c:980
#10 0x00000eaf7cf7ee27 in rb_yield_1 (val=804333) at vm_eval.c:986
#11 0x00000eaf7ce2e7ac in int_dotimes (num=100000001) at numeric.c:4984
#12 0x00000eaf7cf9a733 in call_cfunc_0 (func=0xeaf7ce2e710 <int_dotimes>, recv=100000001, argc=0, argv=0xeafd138b040) at vm_insnhelper.c:1739
#13 0x00000eaf7cf8f257 in vm_call_cfunc_with_frame (ec=0xeafa3125248, reg_cfp=0xeafd148af90, calling=0x7f7ffffbda28, ci=0xeaf1105e6d0, cc=0xeaf6a057428) at vm_insnhelper.c:1928
#14 0x00000eaf7cf8a9fa in vm_call_cfunc (ec=0xeafa3125248, reg_cfp=0xeafd148af90, calling=0x7f7ffffbda28, ci=0xeaf1105e6d0, cc=0xeaf6a057428) at vm_insnhelper.c:1944
#15 0x00000eaf7cf89e7e in vm_call_method_each_type (ec=0xeafa3125248, cfp=0xeafd148af90, calling=0x7f7ffffbda28, ci=0xeaf1105e6d0, cc=0xeaf6a057428) at vm_insnhelper.c:2265
#16 0x00000eaf7cf89beb in vm_call_method (ec=0xeafa3125248, cfp=0xeafd148af90, calling=0x7f7ffffbda28, ci=0xeaf1105e6d0, cc=0xeaf6a057428) at vm_insnhelper.c:2391
#17 0x00000eaf7cf70d55 in vm_call_general (ec=0xeafa3125248, reg_cfp=0xeafd148af90, calling=0x7f7ffffbda28, ci=0xeaf1105e6d0, cc=0xeaf6a057428) at vm_insnhelper.c:2434
#18 0x00000eaf7cf73f37 in vm_exec_core (ec=0xeafa3125248, initial=0) at insns.def:718
#19 0x00000eaf7cf84b9c in vm_exec (ec=0xeafa3125248) at vm.c:1804
#20 0x00000eaf7cf8628b in rb_iseq_eval_main (iseq=0xeaf0e4f0328) at vm.c:2057
#21 0x00000eaf7cd8a354 in ruby_exec_internal (n=0xeaf0e4f0328) at eval.c:247
#22 0x00000eaf7cd8a20c in ruby_exec_node (n=0xeaf0e4f0328) at eval.c:311
#23 0x00000eaf7cd8a19b in ruby_run_node (n=0xeaf0e4f0328) at eval.c:303
#24 0x00000ead0570062c in main (argc=5, argv=0x7f7ffffbde08) at main.c:42
(gdb) thread 3
[Switching to thread 3 (process 384917)]#0  _thread_sys_poll () at -:3
3       -: No such file or directory.
        in -
(gdb) bt
#0  _thread_sys_poll () at -:3
#1  0x00000eaf81a68b34 in _libc_poll_cancel (fds=Variable "fds" is not available.
) at /usr/src/lib/libc/sys/w_poll.c:27
#2  0x00000eaf7cf3def6 in timer_thread_sleep (gvl=0xeb002bab808) at thread_pthread.c:1433
#3  0x00000eaf7cf3dbae in thread_timer (p=0xeb002bab808) at thread_pthread.c:1552
#4  0x00000eaf598395fe in _rthread_start (v=Variable "v" is not available.
) at /usr/src/lib/librthread/rthread.c:96
#5  0x00000eaf81a8ae3b in __tfork_thread () at /usr/src/lib/libc/arch/amd64/sys/tfork_thread.S:75
#6  0x0000000000000000 in ?? ()
~~~



-- 
https://bugs.ruby-lang.org/

Unsubscribe: <mailto:ruby-core-request / ruby-lang.org?subject=unsubscribe>
<http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>