From: "wanabe (_ wanabe) via ruby-core" <ruby-core@...>
Date: 2023-03-26T10:37:55+00:00
Subject: [ruby-core:113020] [Ruby master Bug#19363] Fix rb_transient_heap_mark: wrong header (T_STRUCT) segfault

Issue #19363 has been updated by wanabe (_ wanabe).



File segv.log added



I made a short reproduction code.

There are three points:

- unexpected negative lineno for eval (or for class_eval)

- Coverage.start with `lines: true, eval: true`

- GC verification



```

require "coverage"



Coverage.start(lines: true, eval: true)

eval(<<~EOS, binding, "", -1)

  Kernel.module_eval do

    def bar(locals)

      bar = locals[:bar]

    end

  end

EOS

bar({})

GC.verify_compaction_references



```



And I attached SEGV log on ruby 3.3.0dev (2023-03-26T06:23:11Z master 2f916812a9) [x86_64-linux] + WSL2.



----------------------------------------

Bug #19363: Fix rb_transient_heap_mark: wrong header (T_STRUCT) segfault

https://bugs.ruby-lang.org/issues/19363#change-102554



* Author: bkuhlmann (Brooke Kuhlmann)

* Status: Open

* Priority: Normal

* ruby -v: ruby 3.2.0 (2022-12-25 revision a528908271) +YJIT [arm64-darwin22.2.0]

* Backport: 2.7: UNKNOWN, 3.0: UNKNOWN, 3.1: UNKNOWN, 3.2: UNKNOWN

----------------------------------------

## Overview



Hello. ���� I'm hitting an issue where my build is constantly failing with a segfault. The following is a snippet taken from my local machine with YJIT enabled (see attachments for details):



``` 

/Users/bkuhlmann/.cache/frum/versions/3.2.0/lib/ruby/gems/3.2.0/gems/puma-6.0.2/lib/puma/runner.rb: [BUG] rb_transient_heap_mark: wrong header, T_STRUCT (0x0000000109ea98a0)

ruby 3.2.0 (2022-12-25 revision a528908271) +YJIT [arm64-darwin22.2.0]

```



The closest issue I could find that might be related to this issue (but not sure) is this issue: #15358.



## Steps to Recreate



You should be able to quickly recreate this issue via these steps:



- Download/clone my [Hemo](https://github.com/bkuhlmann/hemo) project.

- Run the setup steps.

- Run the test suite by running `bin/rspec`.



If you need an example of the same segfault (but not on my macOS machine), you can see the same segfault via my [Circle CI Build](https://app.circleci.com/pipelines/github/bkuhlmann/hemo/11/workflows/f19abf41-60bc-4e8e-9ba9-b964a67ece73/jobs/10). My Circle CI build is using my [Docker Alpine Linux Ruby](https://www.alchemists.io/projects/docker-alpine-ruby) image which might be of interest as well. This Docker image is also built with YJIT enabled.



Interestingly, is if you were to run the test suite with `bin/guard` instead of `bin/rspec` then the segfault doesn't occur. 





## Environment



``` 

ruby 3.2.0 (2022-12-25 revision a528908271) +YJIT [arm64-darwin22.2.0]



1.43.0 (using Parser 3.2.0.0, rubocop-ast 1.24.1, running on ruby 3.2.0) [arm64-darwin22.2.0]

  - rubocop-performance 1.15.2

  - rubocop-rake 0.6.0

  - rubocop-rspec 2.18.1

  - rubocop-sequel 0.3.4

  - rubocop-thread_safety 0.4.4

```





---Files--------------------------------

segfault.txt (237 KB)

ruby-2023-01-21-113841.ips (19.6 KB)

segv.log (14.7 KB)





-- 

https://bugs.ruby-lang.org/

 ______________________________________________
 ruby-core mailing list -- ruby-core@ml.ruby-lang.org
 To unsubscribe send an email to ruby-core-leave@ml.ruby-lang.org
 ruby-core info -- https://ml.ruby-lang.org/mailman3/postorius/lists/ruby-core.ml.ruby-lang.org/