ruby garbage collector segfaults under certain conditions

Bug #488115 reported by Bryan McLellan on 2009-11-25
24
This bug affects 3 people
Affects Status Importance Assigned to Milestone
Ruby
In Progress
Undecided
Unassigned
ruby1.8 (Debian)
Fix Released
Unknown
ruby1.8 (Ubuntu)
High
Unassigned
Karmic
Undecided
Unassigned

Bug Description

Binary package hint: ruby1.8

$ ruby -e 't1 = t2 = Time.now ; while t1.sec == t2.sec do t2 = Time.now end'
-e:1: [BUG] Segmentation fault
ruby 1.8.7 (2009-06-12 patchlevel 174) [i486-linux]

Aborted

ruby1.8=1.8.7.174-1 on karmic (9.10)

upstream: http://redmine.ruby-lang.org/issues/show/2326
additional information: http://tickets.opscode.com/browse/CHEF-530

ProblemType: Bug
Architecture: i386
Date: Wed Nov 25 02:19:10 2009
DistroRelease: Ubuntu 9.10
NonfreeKernelModules: nvidia
Package: ruby1.8 1.8.7.174-1
ProcEnviron:
 PATH=(custom, no user)
 LANG=en_US.UTF-8
 SHELL=/bin/bash
ProcVersionSignature: Ubuntu 2.6.31-14.48-generic
SourcePackage: ruby1.8
Uname: Linux 2.6.31-14-generic i686

Bryan McLellan (btm) wrote :
Bryan McLellan (btm) wrote :

I can reproduce this bug using both the upstream test, and the chef package is affected by it:

$ sudo chef-client
[Wed, 25 Nov 2009 10:43:36 +0000] INFO: Starting Chef Run
/usr/lib/ruby/1.8/systemu.rb:54: [BUG] Segmentation fault
ruby 1.8.7 (2009-06-12 patchlevel 174) [x86_64-linux]

Aborted

Other chef users have reported the same issue: http://tickets.opscode.com/browse/CHEF-530
Two other Ubuntu 9.10 users have confirmed the above test upstream: http://redmine.ruby-lang.org/issues/show/2326

Changed in ruby:
status: New → In Progress
Changed in ruby1.8 (Ubuntu):
status: New → Triaged
importance: Undecided → High
Bryan McLellan (btm) wrote :

Attached patch builds against ruby1.8=1.8.7.174-1 (karmic) and ruby1.8=1.8.7.174-2 (squeeze) and fixes both the Time test, and resolves the segfault running the chef package.

Patch filed upstream with debian as well.

Bryan McLellan (btm) on 2009-11-25
Changed in ruby1.8 (Ubuntu):
milestone: none → karmic-updates
milestone: karmic-updates → none
Lucas Nussbaum (lucas) wrote :

Bryan, would you mind preparing:
- a debdiff against the current karmic version that:
   + backports the changes from the current Sid package
   + adds this patch
- a debdiff against the current sid package, targetted for Debian, that adds this patch ?

That way, I could upload the first one to karmic-updates, the second one to sid, and then get it synced in lucid.

Changed in ruby1.8 (Debian):
status: Unknown → New
Bryan McLellan (btm) wrote :

debdiff for karmic attached.

debdiff for sid sent to debian bug.

Changed in ruby1.8 (Debian):
status: New → Fix Released
Lucas Nussbaum (lucas) wrote :

Hi,

I prepared a SRU to fix this bug and #484756 in karmic. The SRU consists in backporting all the Debian changes, including Bryan's patch, to the karmic package (there was no new upstream version in the meantime). So, as a bonus, it also fixes several bugs that were reported in Debian, but not in Ubuntu.

The debdiff between the current version in karmic and my SRU is attached. Note that the debdiff between the current version in Debian and the SRU is much smaller, obviously.

I've uploaded the proposed SRU to karmic-proposed.

Lucas Nussbaum (lucas) wrote :

Ah, I would also need a sponsor, since ruby1.8 is in main, and I'm not allowed to upload to main (my upload was rejected).

Martin Pitt (pitti) wrote :

Lucas, would it be possible to only backport the particular fix for this crash? There seem to be a lot of other changes, which make the SRU very difficult to review, and open possibilities for regressions. Thanks!

Lucas Nussbaum (lucas) wrote :

It would be possible, but there's not much value to it. The other bugfixes also fix relatively severe bugs. Also, 1.8.7.174-2 was uploaded to Debian mid-august, so it received a lot of testing.

Bryan McLellan (btm) wrote :

This SRU would also fix Bug #484756.

Bryan McLellan (btm) wrote :

New debdiff that patches the segfault bugs here and in 484756

Martin Pitt (pitti) wrote :

Reportedly fixed in lucid in 1.8.7.174-2.

Changed in ruby1.8 (Ubuntu):
status: Triaged → Fix Released

Accepted ruby1.8 into karmic-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Changed in ruby1.8 (Ubuntu Karmic):
status: New → Fix Committed
tags: added: verification-needed
Bryan McLellan (btm) wrote :

Installed ruby1.8 and libruby1.8 version 1.8.7.174-1ubuntu1 from karmic-proposed.

Ran both tests successfully with experiencing a segfault, confirming package in -proposed fixes this bug.

$ ruby -e 't1 = t2 = Time.now ; while t1.sec == t2.sec do t2 = Time.now end'
$ ruby -ve "C=0; o=''; o.instance_eval('def m; C; end'); o.clone.m"
ruby 1.8.7 (2009-06-12 patchlevel 174) [x86_64-linux]
$

Bryan McLellan [2009-12-08 0:33 -0000]:
> Installed ruby1.8 and libruby1.8 version 1.8.7.174-1ubuntu1 from karmic-
> proposed.
>
> Ran both tests successfully with experiencing a segfault

Was that meant to say "without", or is there yet another one?

Thanks! Martin

--
Martin Pitt | http://www.piware.de
Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org)

Bryan McLellan (btm) wrote :

My mistake.

*without* a segfault.

Works as expected.

Martin Pitt (pitti) on 2009-12-08
tags: added: verification-done
removed: verification-needed
kallistec (danielsdeleo) wrote :

I can confirm that updating to the proposed versions of ruby and libruby fix the segfault test cases, and I have not observed any regressions in my testing.

ruby -e "Time.now while true" #=> runs indefinitely

Cheers,
Daniel DeLeo

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ruby1.8 - 1.8.7.174-1ubuntu1

---------------
ruby1.8 (1.8.7.174-1ubuntu1) karmic-proposed; urgency=medium

  * Added debian/patches/091125_gc_check.dpatch: Avoid segv on gc run whe
    heap fills up with deferred objects. (LP: #488115)
  * Added debian/patches/090812_class_clone_segv.dpatch: avoid segv when an
    object cloned. (LP: #484756)
 -- Bryan McLellan <email address hidden> Tue, 01 Dec 2009 03:33:13 -0800

Changed in ruby1.8 (Ubuntu Karmic):
status: Fix Committed → Fix Released
Lucas Nussbaum (lucas) wrote :

Uh? The message sent by the way this bug was handed is:
"We know better than the Debian maintainers, and don't want to backport new versions even if they only contain important bug fixes."

As a result:
$ ruby -e 'eval ("1+2+"*10000).chop'
Segmentation fault

(That's http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510561)
And http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534241 is also not fixed.

Martin Pitt (pitti) wrote :

Lucas Nussbaum [2009-12-15 10:01 -0000]:
> Uh? The message sent by the way this bug was handed is: "We know
> better than the Debian maintainers, and don't want to backport new
> versions even if they only contain important bug fixes."

Sorry if it came across that way, it was certainly not meant to be the
message. We just have been severely burned several times by being too
liberal with changes to stable releases. All the changes in that
Debian package were never tested (with feedback) on a karmic system,
so we better apply changes individually.

If there are more fixes to apply in stables (like the crash you
mentioned), which have a confirmed patch and no unrelated changes,
these are fine for SRU as well, of course.

Ronen Botzer (ronen) wrote :

Is there a non-GUI way of gaining access to the karmic-proposed distro? I edited the sources.list, did an apt-get update and did this:
apt-get install --reinstall ruby1.8=1.8.7.174-1ubuntu1
apt-get install --reinstall libruby1.8=1.8.7.174-1ubuntu1

It appears to download and reinstall something, but ruby -v still looks the same, and this will cause a segfault:
ruby -e 'eval ("1+2+"*10000).chop'

Bryan McLellan (btm) wrote :

Ronen, the bug that Lucas mentioned in #19 is not fixed in Ubuntu. The original bug listed in the bug description was fixed in ruby1.8=1.8.7.174-1ubuntu1 which is in karmic-updates now.

So you don't need to add karmic-proposed. If you did, there are directions for configuring it using the GUI at [1].

[1] https://wiki.ubuntu.com/Testing/EnableProposed

Ronen Botzer (ronen) wrote :

Thanks for clarifying, Bryan. The GC bug-fix works.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.