卜部です。ちょっとお知恵を拝借したく。

noreply / rubyforge.org さんは書きました:
> this is code snippet I run. it's not much of use, but the result was crash of irb.
>
> while true
>   ObjectSpace.each_object(Numeric) { |a, b| print a, b, "\n" }
> end
>
> output:
>
> ...
> nil
> ...
> nil
> nil
> (irb):91: [BUG] rb_sys_fail() - errno == 0
> ruby 1.8.6 (2007-06-07) [x86_64-linux]
>
> Aborted (core dumped)
>
> ======
> Ubuntu 7.10 amd64
>
> $ ruby -v
> ruby 1.8.6 (2007-06-07 patchlevel 36) [x86_64-linux]
> $ irb -v
> irb 0.9.5(05/04/13)
>   
これが手元で再現して、バックトレースが以下のようになります

#0  0x0000003b8162f07b in raise () from /lib/libc.so.6
#1  0x0000003b8163084e in abort () from /lib/libc.so.6
#2  0x0000000000491d64 in rb_bug (fmt=0x4b00dd "rb_sys_fail(%s) - errno == 0")
    at /home/shyouhei/ruby/branches/ruby_1_8/error.c:214
#3  0x0000000000491e2a in rb_sys_fail (mesg=0x0)
    at /home/shyouhei/ruby/branches/ruby_1_8/error.c:1119
#4  0x00000000004381c1 in io_write (io=<value optimized out>, 
    str=47717750769120) at /home/shyouhei/ruby/branches/ruby_1_8/io.c:580
#5  0x000000000041a42a in rb_call0 (klass=47717750255600, recv=47717750250360, 
    id=7377, oid=7377, argc=1, argv=0x7fff8321b050, body=0x2b66278da410, 
    flags=0) at /home/shyouhei/ruby/branches/ruby_1_8/eval.c:5858
#6  0x000000000041b20a in rb_call (klass=11094, recv=47717750250360, mid=7377, 
    argc=1, argv=0x7fff8321b050, scope=1, self=6)
    at /home/shyouhei/ruby/branches/ruby_1_8/eval.c:6105
#7  0x000000000041b75a in vafuncall (recv=47717750250360, mid=7377, n=-1, 
    ar=<value optimized out>)
    at /home/shyouhei/ruby/branches/ruby_1_8/eval.c:6182
#8  0x000000000041b9af in rb_funcall (recv=11094, mid=11094, n=6)
    at /home/shyouhei/ruby/branches/ruby_1_8/eval.c:6199
---Type <return> to continue, or q <return> to quit---

で、io_write()かなと思ってよく見ると、

(gdb) fr 4
#4  0x00000000004381c1 in io_write (io=<value optimized out>, 
    str=47638147139640) at /home/shyouhei/ruby/branches/ruby_1_8/io.c:580
580         if (n == -1L) rb_sys_fail(fptr->path);
(gdb) p *(struct RString*)str
$1 = {basic = {flags = 7, klass = 47638146600920}, len = -1, 
  ptr = 0x65eb60 "+\202\203\201;", aux = {capa = 22, shared = 22}}

となってここですでにstrが壊れてるのが分かります。