Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ruby: Seg fault with google-protobuf >= 3.15 #8938

Closed
stanhu opened this issue Aug 31, 2021 · 11 comments
Closed

Ruby: Seg fault with google-protobuf >= 3.15 #8938

stanhu opened this issue Aug 31, 2021 · 11 comments

Comments

@stanhu
Copy link
Contributor

stanhu commented Aug 31, 2021
edited
Loading

What version of protobuf and what language are you using?
Version: master/v3.17.3/v13.5.8
Language: Ruby

What operating system (Linux, Windows, ...) and version?

Linux and macOS

What runtime / compiler are you using (e.g., python version or gcc version)

What did you do?

Steps to reproduce the behavior:

Attached is a reproduction script. Extract and run ruby test_parse.rb.

repro2.zip

@haberman This bug was originally filed under pganalyze/pg_query#226. I took the C extension out of the equation and loaded the serialized bytes directly from a file, and this seems more like a memory issue with google-protobuf. Note there is some recursive repeated and oneof fields that may be causing some issues.

With google-protobuf v3.14.x, there is no seg fault. With versions >= 3.15, there is a seg fault. This sounds similar to a memory issue identified in #8559. I wasn't able to get valgrind or Address Sanitizer to flag an issue.

What did you expect to see

Empty stdout

What did you see instead?

Seg fault

$ ruby test_parse.rb
test_parse.rb:238: [BUG] Segmentation fault at 0x0000000000000010
ruby 2.7.2p137 (2020-10-01 revision 5445e04352) [x86_64-darwin19]

-- Crash Report log information --------------------------------------------
   See Crash Report log file under the one of following:
     * ~/Library/Logs/DiagnosticReports
     * /Library/Logs/DiagnosticReports
   for more details.
Don't forget to include the above Crash Report log file in bug reports.

-- Control frame information -----------------------------------------------
c:0007 p:1397 s:0040 e:000038 BLOCK  test_parse.rb:238 [FINISH]
c:0006 p:---- s:0027 e:000026 CFUNC  :loop
c:0005 p:0048 s:0023 e:000022 METHOD test_parse.rb:102
c:0004 p:0010 s:0016 e:000015 METHOD test_parse.rb:81
c:0003 p:0003 s:0012 e:000011 METHOD test_parse.rb:40
c:0002 p:0047 s:0008 E:002250 EVAL   test_parse.rb:327 [FINISH]
c:0001 p:0000 s:0003 E:000590 (none) [FINISH]

-- Ruby level backtrace information ----------------------------------------
test_parse.rb:327:in `<main>'
test_parse.rb:40:in `tables'
test_parse.rb:81:in `tables_with_details'
test_parse.rb:102:in `load_objects!'
test_parse.rb:102:in `loop'
test_parse.rb:238:in `block in load_objects!'

-- Machine register context ------------------------------------------------
 rax: 0x0000000000000000 rbx: 0x00007fc07f8160e0 rcx: 0x0000000000001d60
 rdx: 0x00007ffedfed2768 rdi: 0x00007fc07f81ccb0 rsi: 0x000000000000c991
 rbp: 0x00007ffedfed27a0 rsp: 0x00007ffedfed2760  r8: 0x0000000000000c99
  r9: 0x0000000000000000 r10: 0x00007fc080127e78 r11: 0x00007fc07e836998
 r12: 0x00007ffedfed2768 r13: 0x000000000000c991 r14: 0x00007fc07f816388
 r15: 0x00000ff80ff0e5e0 rip: 0x000000010ff88c24 rfl: 0x0000000000010202

-- C level backtrace information -------------------------------------------
/Users/stanhu/.rbenv/versions/2.7.2/lib/libruby.2.7.dylib(rb_vm_bugreport+0x96) [0x10ffaa176]
/Users/stanhu/.rbenv/versions/2.7.2/lib/libruby.2.7.dylib(rb_bug_for_fatal_signal+0x1d0) [0x10fde2e80]
/Users/stanhu/.rbenv/versions/2.7.2/lib/libruby.2.7.dylib(sigsegv+0x5b) [0x10ff0d8fb]
/usr/lib/system/libsystem_platform.dylib(_sigtramp+0x1d) [0x7fff6cf5e5fd]
/Users/stanhu/.rbenv/versions/2.7.2/lib/libruby.2.7.dylib(method_entry_get+0x94) [0x10ff88c24]
/Users/stanhu/.rbenv/versions/2.7.2/lib/libruby.2.7.dylib(rb_callable_method_entry+0x29) [0x10ff7dd09]
/Users/stanhu/.rbenv/versions/2.7.2/lib/libruby.2.7.dylib(vm_search_method+0x14f) [0x10ff8ef1f]
/Users/stanhu/.rbenv/versions/2.7.2/lib/libruby.2.7.dylib(vm_exec_core+0x38cf) [0x10ff81b8f]
/Users/stanhu/.rbenv/versions/2.7.2/lib/libruby.2.7.dylib(rb_vm_exec+0xa93) [0x10ff966c3]
/Users/stanhu/.rbenv/versions/2.7.2/lib/libruby.2.7.dylib(loop_i+0x47) [0x10ffa60c7]
/Users/stanhu/.rbenv/versions/2.7.2/lib/libruby.2.7.dylib(rb_vrescue2+0x114) [0x10fdeec54]
/Users/stanhu/.rbenv/versions/2.7.2/lib/libruby.2.7.dylib(rb_rescue2+0x7b) [0x10fdeeb1b]
/Users/stanhu/.rbenv/versions/2.7.2/lib/libruby.2.7.dylib(vm_call_cfunc+0x16c) [0x10ff9b83c]
/Users/stanhu/.rbenv/versions/2.7.2/lib/libruby.2.7.dylib(vm_exec_core+0x3770) [0x10ff81a30]
/Users/stanhu/.rbenv/versions/2.7.2/lib/libruby.2.7.dylib(rb_vm_exec+0xa93) [0x10ff966c3]
/Users/stanhu/.rbenv/versions/2.7.2/lib/libruby.2.7.dylib(rb_ec_exec_node+0xb6) [0x10fdee226]
/Users/stanhu/.rbenv/versions/2.7.2/lib/libruby.2.7.dylib(ruby_run_node+0x55) [0x10fdee125]
/Users/stanhu/.rbenv/versions/2.7.2/bin/ruby(main+0x5d) [0x10fd2ff0d]
@stanhu
Copy link
Contributor Author

stanhu commented Aug 31, 2021
edited
Loading

I stripped some unnecessary code from test_parse.rb and created a smaller reproduction:

repro3.zip

@haberman
Copy link
Member

Thanks so much for the brilliant repro. I was immediately able to reproduce on my machine. I'll look into this right away, hopefully we can get a fix into 3.18.0 which is in -rc right now.

@stanhu stanhu mentioned this issue Aug 31, 2021
Closed
@haberman
Copy link
Member

I further reduced the repro:

require 'google/protobuf'

Google::Protobuf::DescriptorPool.generated_pool.build do
  add_file("test.proto", :syntax => :proto3) do
    add_message "Test.Node" do
    end
    add_message "Test.BoolExpr" do
      repeated :args, :message, 3, "Test.Node"
    end
  end
end

module Test
  Node = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("Test.Node").msgclass
  BoolExpr = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("Test.BoolExpr").msgclass
end

GC.stress = true

subselect_items = [nil]
expr = Test::BoolExpr.new(:args => [{}, {}, {}])
subselect_items.concat(expr.args)

@stanhu
Copy link
Contributor Author

stanhu commented Aug 31, 2021

Ah, great! I should mention I did see this stack trace before:

fail.rb: [BUG] try to mark T_NONE object
ruby 2.7.2p137 (2020-10-01 revision 5445e04352) [x86_64-darwin19]

-- Crash Report log information --------------------------------------------
   See Crash Report log file under the one of following:
     * ~/Library/Logs/DiagnosticReports
     * /Library/Logs/DiagnosticReports
   for more details.
Don't forget to include the above Crash Report log file in bug reports.

-- Control frame information -----------------------------------------------
c:0001 p:0000 s:0003 E:000fa0 (none) [FINISH]


-- C level backtrace information -------------------------------------------
/Users/stanhu/.rbenv/versions/2.7.2/lib/libruby.2.7.dylib(rb_vm_bugreport+0x96) [0x11003f176]
/Users/stanhu/.rbenv/versions/2.7.2/lib/libruby.2.7.dylib(rb_bug+0xcc) [0x11004b6a6]
/Users/stanhu/.rbenv/versions/2.7.2/lib/libruby.2.7.dylib(gc_mark_ptr+0x17a) [0x10fea3a9a]
/Users/stanhu/.rbenv/versions/2.7.2/lib/libruby.2.7.dylib(gc_mark_children+0x945) [0x10fe996d5]
/Users/stanhu/.rbenv/versions/2.7.2/lib/libruby.2.7.dylib(gc_marks_rest+0xa8) [0x10fea2028]
/Users/stanhu/.rbenv/versions/2.7.2/lib/libruby.2.7.dylib(gc_start+0xba9) [0x10fea0379]
/Users/stanhu/.rbenv/versions/2.7.2/lib/libruby.2.7.dylib(objspace_xmalloc0+0x3e1) [0x10fe99fa1]
/Users/stanhu/.rbenv/versions/2.7.2/lib/libruby.2.7.dylib(force_chain_object+0x2e) [0x10fe946fe]
/Users/stanhu/.rbenv/versions/2.7.2/lib/libruby.2.7.dylib(st_general_foreach+0xaf) [0x10ffac6bf]
/Users/stanhu/.rbenv/versions/2.7.2/lib/libruby.2.7.dylib(rb_st_foreach+0x33) [0x10ffacd23]
/Users/stanhu/.rbenv/versions/2.7.2/lib/libruby.2.7.dylib(rb_objspace_call_finalizer+0x2fa) [0x10fe9405a]
/Users/stanhu/.rbenv/versions/2.7.2/lib/libruby.2.7.dylib(rb_ec_cleanup+0x2d9) [0x10fe82f89]
/Users/stanhu/.rbenv/versions/2.7.2/lib/libruby.2.7.dylib(ruby_run_node+0x5f) [0x10fe8312f]
/Users/stanhu/.rbenv/versions/2.7.2/bin/ruby(main+0x5d) [0x10fdc5f0d]

The Ruby garbage collector is failing while trying to iterate through an array and mark each object. Somehow the object is T_NONE, which suggests the value was freed already or the array was corrupted.

@haberman
Copy link
Member

Yes that mirrors my observations too. When I add debug statements into creation/deletion of message objects, I see:

require 'google/protobuf'

Google::Protobuf::DescriptorPool.generated_pool.build do
  add_file("test.proto", :syntax => :proto3) do
    add_message "Test.Node" do
    end
    add_message "Test.BoolExpr" do
      repeated :args, :message, 3, "Test.Node"
    end
  end
end

module Test
  Node = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("Test.Node").msgclass
  BoolExpr = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("Test.BoolExpr").msgclass
end

GC.stress = true

STDERR.puts("Starting test")
expr = Test::BoolExpr.decode_json('{"args": [{}, {}, {}]}')
args = expr.args
items = [nil]
STDERR.puts("This will go boom")
items.concat(args)

Output:

Starting test
Message_alloc() = 0x5631719bc2f0
RepeatedField_alloc() = 0x5631719183d0
This will go boom
RepeatedField_toary() begin
Message_alloc() = 0x5631719ebbc0
Message_alloc() = 0x563171995090
Message_alloc() = 0x5631719cc7a0
RepeatedField_toary() end
Message_free(0x5631719cc7a0) finished
Message_free(0x563171995090) finished
Message_free(0x5631719ebbc0) finished
test_parse.rb: [BUG] try to mark T_NONE object

So the three message objects are indeed being freed before the mark().

What's even weirder is that if I explicitly call #to_ary instead of letting #concat do it implicitly, the test passes:

require 'google/protobuf'

Google::Protobuf::DescriptorPool.generated_pool.build do
  add_file("test.proto", :syntax => :proto3) do
    add_message "Test.Node" do
    end
    add_message "Test.BoolExpr" do
      repeated :args, :message, 3, "Test.Node"
    end
  end
end

module Test
  Node = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("Test.Node").msgclass
  BoolExpr = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("Test.BoolExpr").msgclass
end

GC.stress = true

STDERR.puts("Starting test")
expr = Test::BoolExpr.decode_json('{"args": [{}, {}, {}]}')
args = expr.args
items = [nil]
STDERR.puts("This will work fine")
items.concat(args.to_ary)
STDERR.puts("Succeeded!")

Output:

Starting test
Message_alloc() = 0x5642804e9a00
RepeatedField_alloc() = 0x56428046f980
This will work fine
RepeatedField_toary() begin
Message_alloc() = 0x56428047fd20
Message_alloc() = 0x5642804e2830
Message_alloc() = 0x56428038d3e0
RepeatedField_toary() end
Succeeded!
RepeatedField_free(0x56428046f980)
Message_free(0x5642804e9a00) finished
Arena_free()
Message_free(0x56428047fd20) finished
Message_free(0x5642804e2830) finished
Message_free(0x56428038d3e0) finished

This is starting to smell like a bug in Ruby.

@haberman
Copy link
Member

I have a minimal repro that doesn't use protobuf at all!

C extension:

#include "ruby.h"

VALUE cFoo; 

// Foo

typedef struct {
  int dummy;
} Foo;

static void Foo_free(void* _self) {
  fprintf(stderr, "Foo_free(%p)\n", _self);
  xfree(_self);
}

static rb_data_type_t Foo_type = {
  "Foo",
  {NULL, Foo_free, NULL },
  .flags = RUBY_TYPED_FREE_IMMEDIATELY,
};

static VALUE Foo_alloc(VALUE klass) {
  Foo* _self = ALLOC(Foo);
  fprintf(stderr, "Foo_alloc(%p)\n", _self);
  return TypedData_Wrap_Struct(klass, &Foo_type, _self);
}

// Bar

typedef struct {
  int dummy;
} Bar;

static void Bar_free(void* _self) {
  fprintf(stderr, "Bar_free(%p)\n", _self);
  xfree(_self);
}

static rb_data_type_t Bar_type = {
  "Bar",
  {NULL, Bar_free, NULL },
  .flags = RUBY_TYPED_FREE_IMMEDIATELY,
};

static VALUE Bar_alloc(VALUE klass) {
  Bar* bar = ALLOC(Bar);
  return TypedData_Wrap_Struct(klass, &Bar_type, bar);
}

VALUE Bar_to_ary(VALUE _self) {
  fprintf(stderr, "Bar_to_ary() begin\n");
  VALUE ary = rb_ary_new2(3);
  rb_ary_push(ary, Foo_alloc(cFoo));
  rb_ary_push(ary, Foo_alloc(cFoo));
  rb_ary_push(ary, Foo_alloc(cFoo));
  fprintf(stderr, "Bar_to_ary() end\n");
  return ary;
}

void Init_test_ext() {
  cFoo = rb_define_class("Foo", rb_cObject);
  rb_gc_register_address(&cFoo);
  rb_define_alloc_func(cFoo, Foo_alloc);

  VALUE bar = rb_define_class("Bar", rb_cObject);
  rb_define_alloc_func(bar, Bar_alloc);
  rb_define_method(bar, "to_ary", Bar_to_ary, 0);
}

extconf.rb:

#!/usr/bin/ruby
  
require 'mkmf'
  
$objs = ["test_ext.o"]
               
create_makefile("test_ext")

Test script:

require "test_ext"

GC.stress = true

arr = [nil]
STDERR.puts("Bar.new")
bar = Bar.new
STDERR.puts("concat")
arr.concat(bar)
STDERR.puts("concat done")

Output:

Bar.new
concat
Bar_to_ary() begin
Foo_alloc(0x5639160cc230)
Foo_alloc(0x56391607dd50)
Foo_alloc(0x56391607e570)
Bar_to_ary() end
Foo_free(0x56391607e570)
Foo_free(0x56391607dd50)
Foo_free(0x5639160cc230)
test.rb:11: [BUG] try to mark T_NONE object
ruby 2.7.4p191 (2021-07-07 revision a21a3b7d23) [x86_64-linux]

-- Control frame information -----------------------------------------------
c:0004 p:---- s:0016 e:000015 CFUNC  :write
c:0003 p:---- s:0013 e:000012 CFUNC  :puts
c:0002 p:0085 s:0008 E:000b50 EVAL   test.rb:11 [FINISH]
c:0001 p:0000 s:0003 E:001d00 (none) [FINISH]

-- Ruby level backtrace information ----------------------------------------
test.rb:11:in `<main>'
test.rb:11:in `puts'
test.rb:11:in `write'

-- C level backtrace information -------------------------------------------
/usr/local/google/home/haberman/.rubies/ruby-2.7.4-dbg/bin/ruby(rb_vm_bugreport+0xd67) [0x5639149f3a17] vm_dump.c:755
/usr/local/google/home/haberman/.rubies/ruby-2.7.4-dbg/bin/ruby(rb_bug+0xe4) [0x563914861063] error.c:645
[0x56391485d546]
[0x56391487a29b]
/usr/local/google/home/haberman/.rubies/ruby-2.7.4-dbg/bin/ruby(gc_marks_rest+0x90) [0x56391487e510] gc.c:5519
/usr/local/google/home/haberman/.rubies/ruby-2.7.4-dbg/bin/ruby(gc_rest+0x7a) [0x56391487e7aa] gc.c:7375
[0x563914880517]
/usr/local/google/home/haberman/.rubies/ruby-2.7.4-dbg/bin/ruby(str_new0+0x26) [0x56391497d296] string.c:728
/usr/local/google/home/haberman/.rubies/ruby-2.7.4-dbg/bin/ruby(str_new_frozen+0x23d) [0x56391498243d] string.c:770
/usr/local/google/home/haberman/.rubies/ruby-2.7.4-dbg/bin/ruby(io_fwritev+0xf8) [0x563914891008] io.c:1705
/usr/local/google/home/haberman/.rubies/ruby-2.7.4-dbg/bin/ruby(io_writev+0x12b) [0x563914899a2b] io.c:1757
[0x5639149df72b]
/usr/local/google/home/haberman/.rubies/ruby-2.7.4-dbg/bin/ruby(rb_funcallv_with_cc+0xdc) [0x5639149e502c] vm_eval.c:1013
/usr/local/google/home/haberman/.rubies/ruby-2.7.4-dbg/bin/ruby(rb_io_puts+0x60) [0x56391489cb60] io.c:7773
/usr/local/google/home/haberman/.rubies/ruby-2.7.4-dbg/bin/ruby(rb_io_puts+0x20) [0x56391489cc10] io.c:7753
[0x5639149d2892]
/usr/local/google/home/haberman/.rubies/ruby-2.7.4-dbg/bin/ruby(vm_sendish+0x76) [0x5639149cc9c6] vm_insnhelper.c:4023
[0x5639149e8508]
[0x5639149dac28]
/usr/local/google/home/haberman/.rubies/ruby-2.7.4-dbg/bin/ruby(rb_ec_exec_node+0xa0) [0x563914861a30] eval.c:278
/usr/local/google/home/haberman/.rubies/ruby-2.7.4-dbg/bin/ruby(ruby_run_node+0x47) [0x5639148655b7] eval.c:336
/usr/local/google/home/haberman/.rubies/ruby-2.7.4-dbg/bin/ruby(main+0x6f) [0x56391486127f] ./main.c:50

-- Other runtime information -----------------------------------------------

* Loaded script: test.rb

* Loaded features:

    0 enumerator.so
    1 thread.rb
    2 rational.so
    3 complex.so
    4 ruby2_keywords.rb
    5 /usr/local/google/home/haberman/.rubies/ruby-2.7.4-dbg/lib/ruby/2.7.0/x86_64-linux/enc/encdb.so
    6 /usr/local/google/home/haberman/.rubies/ruby-2.7.4-dbg/lib/ruby/2.7.0/x86_64-linux/enc/trans/transdb.so
    7 /usr/local/google/home/haberman/.rubies/ruby-2.7.4-dbg/lib/ruby/2.7.0/x86_64-linux/rbconfig.rb
    8 /usr/local/google/home/haberman/.rubies/ruby-2.7.4-dbg/lib/ruby/2.7.0/rubygems/compatibility.rb
    9 /usr/local/google/home/haberman/.rubies/ruby-2.7.4-dbg/lib/ruby/2.7.0/rubygems/defaults.rb
   10 /usr/local/google/home/haberman/.rubies/ruby-2.7.4-dbg/lib/ruby/2.7.0/rubygems/deprecate.rb
   11 /usr/local/google/home/haberman/.rubies/ruby-2.7.4-dbg/lib/ruby/2.7.0/rubygems/errors.rb
   12 /usr/local/google/home/haberman/.rubies/ruby-2.7.4-dbg/lib/ruby/2.7.0/rubygems/version.rb
   13 /usr/local/google/home/haberman/.rubies/ruby-2.7.4-dbg/lib/ruby/2.7.0/rubygems/requirement.rb
   14 /usr/local/google/home/haberman/.rubies/ruby-2.7.4-dbg/lib/ruby/2.7.0/rubygems/platform.rb
   15 /usr/local/google/home/haberman/.rubies/ruby-2.7.4-dbg/lib/ruby/2.7.0/rubygems/basic_specification.rb
   16 /usr/local/google/home/haberman/.rubies/ruby-2.7.4-dbg/lib/ruby/2.7.0/rubygems/stub_specification.rb
   17 /usr/local/google/home/haberman/.rubies/ruby-2.7.4-dbg/lib/ruby/2.7.0/rubygems/util.rb
   18 /usr/local/google/home/haberman/.rubies/ruby-2.7.4-dbg/lib/ruby/2.7.0/rubygems/text.rb
   19 /usr/local/google/home/haberman/.rubies/ruby-2.7.4-dbg/lib/ruby/2.7.0/rubygems/user_interaction.rb
   20 /usr/local/google/home/haberman/.rubies/ruby-2.7.4-dbg/lib/ruby/2.7.0/rubygems/specification_policy.rb
   21 /usr/local/google/home/haberman/.rubies/ruby-2.7.4-dbg/lib/ruby/2.7.0/rubygems/util/list.rb
   22 /usr/local/google/home/haberman/.rubies/ruby-2.7.4-dbg/lib/ruby/2.7.0/rubygems/specification.rb
   23 /usr/local/google/home/haberman/.rubies/ruby-2.7.4-dbg/lib/ruby/2.7.0/rubygems/exceptions.rb
   24 /usr/local/google/home/haberman/.rubies/ruby-2.7.4-dbg/lib/ruby/2.7.0/rubygems/bundler_version_finder.rb
   25 /usr/local/google/home/haberman/.rubies/ruby-2.7.4-dbg/lib/ruby/2.7.0/rubygems/dependency.rb
   26 /usr/local/google/home/haberman/.rubies/ruby-2.7.4-dbg/lib/ruby/2.7.0/rubygems/core_ext/kernel_gem.rb
   27 /usr/local/google/home/haberman/.rubies/ruby-2.7.4-dbg/lib/ruby/2.7.0/x86_64-linux/monitor.so
   28 /usr/local/google/home/haberman/.rubies/ruby-2.7.4-dbg/lib/ruby/2.7.0/monitor.rb
   29 /usr/local/google/home/haberman/.rubies/ruby-2.7.4-dbg/lib/ruby/2.7.0/rubygems/core_ext/kernel_require.rb
   30 /usr/local/google/home/haberman/.rubies/ruby-2.7.4-dbg/lib/ruby/2.7.0/rubygems/core_ext/kernel_warn.rb
   31 /usr/local/google/home/haberman/.rubies/ruby-2.7.4-dbg/lib/ruby/2.7.0/rubygems.rb
   32 /usr/local/google/home/haberman/.rubies/ruby-2.7.4-dbg/lib/ruby/2.7.0/rubygems/path_support.rb
   33 /usr/local/google/home/haberman/.rubies/ruby-2.7.4-dbg/lib/ruby/2.7.0/did_you_mean/version.rb
   34 /usr/local/google/home/haberman/.rubies/ruby-2.7.4-dbg/lib/ruby/2.7.0/did_you_mean/core_ext/name_error.rb
   35 /usr/local/google/home/haberman/.rubies/ruby-2.7.4-dbg/lib/ruby/2.7.0/did_you_mean/levenshtein.rb
   36 /usr/local/google/home/haberman/.rubies/ruby-2.7.4-dbg/lib/ruby/2.7.0/did_you_mean/jaro_winkler.rb
   37 /usr/local/google/home/haberman/.rubies/ruby-2.7.4-dbg/lib/ruby/2.7.0/did_you_mean/spell_checker.rb
   38 /usr/local/google/home/haberman/.rubies/ruby-2.7.4-dbg/lib/ruby/2.7.0/did_you_mean/spell_checkers/name_error_checkers/class_name_checker.rb
   39 /usr/local/google/home/haberman/.rubies/ruby-2.7.4-dbg/lib/ruby/2.7.0/did_you_mean/spell_checkers/name_error_checkers/variable_name_checker.rb
   40 /usr/local/google/home/haberman/.rubies/ruby-2.7.4-dbg/lib/ruby/2.7.0/did_you_mean/spell_checkers/name_error_checkers.rb
   41 /usr/local/google/home/haberman/.rubies/ruby-2.7.4-dbg/lib/ruby/2.7.0/did_you_mean/spell_checkers/method_name_checker.rb
   42 /usr/local/google/home/haberman/.rubies/ruby-2.7.4-dbg/lib/ruby/2.7.0/did_you_mean/spell_checkers/key_error_checker.rb
   43 /usr/local/google/home/haberman/.rubies/ruby-2.7.4-dbg/lib/ruby/2.7.0/did_you_mean/spell_checkers/null_checker.rb
   44 /usr/local/google/home/haberman/.rubies/ruby-2.7.4-dbg/lib/ruby/2.7.0/did_you_mean/formatters/plain_formatter.rb
   45 /usr/local/google/home/haberman/.rubies/ruby-2.7.4-dbg/lib/ruby/2.7.0/did_you_mean/tree_spell_checker.rb
   46 /usr/local/google/home/haberman/.rubies/ruby-2.7.4-dbg/lib/ruby/2.7.0/did_you_mean.rb
   47 /usr/local/google/home/haberman/code/protobuf/ruby/test_repro/test_ext.so

* Process memory map:

563914837000-56391485c000 r--p 00000000 fd:01 36637862                   /usr/local/google/home/haberman/.rubies/ruby-2.7.4-dbg/bin/ruby
56391485c000-563914a79000 r-xp 00025000 fd:01 36637862                   /usr/local/google/home/haberman/.rubies/ruby-2.7.4-dbg/bin/ruby
563914a79000-563914b72000 r--p 00242000 fd:01 36637862                   /usr/local/google/home/haberman/.rubies/ruby-2.7.4-dbg/bin/ruby
563914b72000-563914b78000 r--p 0033a000 fd:01 36637862                   /usr/local/google/home/haberman/.rubies/ruby-2.7.4-dbg/bin/ruby
563914b78000-563914b79000 rw-p 00340000 fd:01 36637862                   /usr/local/google/home/haberman/.rubies/ruby-2.7.4-dbg/bin/ruby
563914b79000-563914b94000 rw-p 00000000 00:00 0 
563915eca000-56391627a000 rw-p 00000000 00:00 0                          [heap]
7f9d02c29000-7f9d02deb000 r--s 00000000 fd:01 33948006                   /usr/lib/x86_64-linux-gnu/libc-2.31.so
7f9d02deb000-7f9d0418f000 r--s 00000000 fd:01 36637862                   /usr/local/google/home/haberman/.rubies/ruby-2.7.4-dbg/bin/ruby
7f9d0418f000-7f9d04192000 r--p 00000000 fd:01 33948594                   /usr/lib/x86_64-linux-gnu/libgcc_s.so.1
7f9d04192000-7f9d041a3000 r-xp 00003000 fd:01 33948594                   /usr/lib/x86_64-linux-gnu/libgcc_s.so.1
7f9d041a3000-7f9d041a7000 r--p 00014000 fd:01 33948594                   /usr/lib/x86_64-linux-gnu/libgcc_s.so.1
7f9d041a7000-7f9d041a8000 r--p 00017000 fd:01 33948594                   /usr/lib/x86_64-linux-gnu/libgcc_s.so.1
7f9d041a8000-7f9d041a9000 rw-p 00018000 fd:01 33948594                   /usr/lib/x86_64-linux-gnu/libgcc_s.so.1
7f9d041c9000-7f9d041ca000 ---p 00000000 00:00 0 
7f9d041ca000-7f9d0426b000 rw-p 00000000 00:00 0 
7f9d0426b000-7f9d0426c000 ---p 00000000 00:00 0 
7f9d0426c000-7f9d0430d000 rw-p 00000000 00:00 0 
7f9d0430d000-7f9d0430e000 ---p 00000000 00:00 0 
7f9d0430e000-7f9d043af000 rw-p 00000000 00:00 0 
7f9d043af000-7f9d043b0000 ---p 00000000 00:00 0 
7f9d043b0000-7f9d04451000 rw-p 00000000 00:00 0 
7f9d04451000-7f9d04452000 ---p 00000000 00:00 0 
7f9d04452000-7f9d044f3000 rw-p 00000000 00:00 0 
7f9d044f3000-7f9d044f4000 ---p 00000000 00:00 0 
7f9d044f4000-7f9d04595000 rw-p 00000000 00:00 0 
7f9d04595000-7f9d04596000 ---p 00000000 00:00 0 
7f9d04596000-7f9d04637000 rw-p 00000000 00:00 0 
7f9d04637000-7f9d04638000 ---p 00000000 00:00 0 
7f9d04638000-7f9d046d9000 rw-p 00000000 00:00 0 
7f9d046d9000-7f9d046da000 ---p 00000000 00:00 0 
7f9d046da000-7f9d0477b000 rw-p 00000000 00:00 0 
7f9d0477b000-7f9d0477c000 ---p 00000000 00:00 0 
7f9d0477c000-7f9d0481d000 rw-p 00000000 00:00 0 
7f9d0481d000-7f9d0481e000 ---p 00000000 00:00 0 
7f9d0481e000-7f9d048bf000 rw-p 00000000 00:00 0 
7f9d048bf000-7f9d048c0000 ---p 00000000 00:00 0 
7f9d048c0000-7f9d04961000 rw-p 00000000 00:00 0 
7f9d04961000-7f9d04962000 ---p 00000000 00:00 0 
7f9d04962000-7f9d04a03000 rw-p 00000000 00:00 0 
7f9d04a03000-7f9d04a04000 ---p 00000000 00:00 0 
7f9d04a04000-7f9d04aa5000 rw-p 00000000 00:00 0 
7f9d04aa5000-7f9d04aa6000 ---p 00000000 00:00 0 
7f9d04aa6000-7f9d04b47000 rw-p 00000000 00:00 0 
7f9d04b47000-7f9d04b48000 ---p 00000000 00:00 0 
7f9d04b48000-7f9d04be9000 rw-p 00000000 00:00 0 
7f9d04be9000-7f9d04bea000 ---p 00000000 00:00 0 
7f9d04bea000-7f9d04c8b000 rw-p 00000000 00:00 0 
7f9d04c8b000-7f9d04c8c000 ---p 00000000 00:00 0 
7f9d04c8c000-7f9d04d2d000 rw-p 00000000 00:00 0 
7f9d04d2d000-7f9d04d2e000 ---p 00000000 00:00 0 
7f9d04d2e000-7f9d04dcf000 rw-p 00000000 00:00 0 
7f9d04dcf000-7f9d04dd0000 ---p 00000000 00:00 0 
7f9d04dd0000-7f9d04e71000 rw-p 00000000 00:00 0 
7f9d04e71000-7f9d04e72000 ---p 00000000 00:00 0 
7f9d04e72000-7f9d04f13000 rw-p 00000000 00:00 0 
7f9d04f13000-7f9d04f14000 ---p 00000000 00:00 0 
7f9d04f14000-7f9d04fb5000 rw-p 00000000 00:00 0 
7f9d04fb5000-7f9d04fb6000 ---p 00000000 00:00 0 
7f9d04fb6000-7f9d05057000 rw-p 00000000 00:00 0 
7f9d05057000-7f9d05058000 ---p 00000000 00:00 0 
7f9d05058000-7f9d050f9000 rw-p 00000000 00:00 0 
7f9d050f9000-7f9d050fa000 ---p 00000000 00:00 0 
7f9d050fa000-7f9d0519b000 rw-p 00000000 00:00 0 
7f9d0519b000-7f9d0519c000 ---p 00000000 00:00 0 
7f9d0519c000-7f9d0523d000 rw-p 00000000 00:00 0 
7f9d0523d000-7f9d0523e000 ---p 00000000 00:00 0 
7f9d0523e000-7f9d052df000 rw-p 00000000 00:00 0 
7f9d052df000-7f9d052e0000 ---p 00000000 00:00 0 
7f9d052e0000-7f9d05381000 rw-p 00000000 00:00 0 
7f9d05381000-7f9d05382000 ---p 00000000 00:00 0 
7f9d05382000-7f9d05423000 rw-p 00000000 00:00 0 
7f9d05423000-7f9d05424000 ---p 00000000 00:00 0 
7f9d05424000-7f9d054c5000 rw-p 00000000 00:00 0 
7f9d054c5000-7f9d054c6000 ---p 00000000 00:00 0 
7f9d054c6000-7f9d05567000 rw-p 00000000 00:00 0 
7f9d05567000-7f9d05568000 ---p 00000000 00:00 0 
7f9d05568000-7f9d07774000 rw-p 00000000 00:00 0 
7f9d07774000-7f9d07a5b000 r--p 00000000 fd:01 33030163                   /usr/lib/locale/locale-archive
7f9d07a5b000-7f9d07a5d000 rw-p 00000000 00:00 0 
7f9d07a5d000-7f9d07a82000 r--p 00000000 fd:01 33948006                   /usr/lib/x86_64-linux-gnu/libc-2.31.so
7f9d07a82000-7f9d07bcd000 r-xp 00025000 fd:01 33948006                   /usr/lib/x86_64-linux-gnu/libc-2.31.so
7f9d07bcd000-7f9d07c17000 r--p 00170000 fd:01 33948006                   /usr/lib/x86_64-linux-gnu/libc-2.31.so
7f9d07c17000-7f9d07c18000 ---p 001ba000 fd:01 33948006                   /usr/lib/x86_64-linux-gnu/libc-2.31.so
7f9d07c18000-7f9d07c1b000 r--p 001ba000 fd:01 33948006                   /usr/lib/x86_64-linux-gnu/libc-2.31.so
7f9d07c1b000-7f9d07c1e000 rw-p 001bd000 fd:01 33948006                   /usr/lib/x86_64-linux-gnu/libc-2.31.so
7f9d07c1e000-7f9d07c22000 rw-p 00000000 00:00 0 
7f9d07c22000-7f9d07c31000 r--p 00000000 fd:01 33948010                   /usr/lib/x86_64-linux-gnu/libm-2.31.so
7f9d07c31000-7f9d07ccb000 r-xp 0000f000 fd:01 33948010                   /usr/lib/x86_64-linux-gnu/libm-2.31.so
7f9d07ccb000-7f9d07d64000 r--p 000a9000 fd:01 33948010                   /usr/lib/x86_64-linux-gnu/libm-2.31.so
7f9d07d64000-7f9d07d65000 r--p 00141000 fd:01 33948010                   /usr/lib/x86_64-linux-gnu/libm-2.31.so
7f9d07d65000-7f9d07d66000 rw-p 00142000 fd:01 33948010                   /usr/lib/x86_64-linux-gnu/libm-2.31.so
7f9d07d66000-7f9d07d68000 rw-p 00000000 00:00 0 
7f9d07d68000-7f9d07d6a000 r--p 00000000 fd:01 33949537                   /usr/lib/x86_64-linux-gnu/libcrypt.so.1.1.0
7f9d07d6a000-7f9d07d7f000 r-xp 00002000 fd:01 33949537                   /usr/lib/x86_64-linux-gnu/libcrypt.so.1.1.0
7f9d07d7f000-7f9d07d99000 r--p 00017000 fd:01 33949537                   /usr/lib/x86_64-linux-gnu/libcrypt.so.1.1.0
7f9d07d99000-7f9d07d9a000 r--p 00030000 fd:01 33949537                   /usr/lib/x86_64-linux-gnu/libcrypt.so.1.1.0
7f9d07d9a000-7f9d07d9b000 rw-p 00031000 fd:01 33949537                   /usr/lib/x86_64-linux-gnu/libcrypt.so.1.1.0
7f9d07d9b000-7f9d07da3000 rw-p 00000000 00:00 0 
7f9d07da3000-7f9d07da4000 r--p 00000000 fd:01 33948008                   /usr/lib/x86_64-linux-gnu/libdl-2.31.so
7f9d07da4000-7f9d07da6000 r-xp 00001000 fd:01 33948008                   /usr/lib/x86_64-linux-gnu/libdl-2.31.so
7f9d07da6000-7f9d07da7000 r--p 00003000 fd:01 33948008                   /usr/lib/x86_64-linux-gnu/libdl-2.31.so
7f9d07da7000-7f9d07da8000 r--p 00003000 fd:01 33948008                   /usr/lib/x86_64-linux-gnu/libdl-2.31.so
7f9d07da8000-7f9d07da9000 rw-p 00004000 fd:01 33948008                   /usr/lib/x86_64-linux-gnu/libdl-2.31.so
7f9d07da9000-7f9d07db4000 r--p 00000000 fd:01 33948804                   /usr/lib/x86_64-linux-gnu/libgmp.so.10.4.1
7f9d07db4000-7f9d07e10000 r-xp 0000b000 fd:01 33948804                   /usr/lib/x86_64-linux-gnu/libgmp.so.10.4.1
7f9d07e10000-7f9d07e27000 r--p 00067000 fd:01 33948804                   /usr/lib/x86_64-linux-gnu/libgmp.so.10.4.1
7f9d07e27000-7f9d07e28000 ---p 0007e000 fd:01 33948804                   /usr/lib/x86_64-linux-gnu/libgmp.so.10.4.1
7f9d07e28000-7f9d07e29000 r--p 0007e000 fd:01 33948804                   /usr/lib/x86_64-linux-gnu/libgmp.so.10.4.1
7f9d07e29000-7f9d07e2a000 rw-p 0007f000 fd:01 33948804                   /usr/lib/x86_64-linux-gnu/libgmp.so.10.4.1
7f9d07e2a000-7f9d07e2d000 r--p 00000000 fd:01 33948060                   /usr/lib/x86_64-linux-gnu/librt-2.31.so
7f9d07e2d000-7f9d07e31000 r-xp 00003000 fd:01 33948060                   /usr/lib/x86_64-linux-gnu/librt-2.31.so
7f9d07e31000-7f9d07e32000 r--p 00007000 fd:01 33948060                   /usr/lib/x86_64-linux-gnu/librt-2.31.so
7f9d07e32000-7f9d07e33000 ---p 00008000 fd:01 33948060                   /usr/lib/x86_64-linux-gnu/librt-2.31.so
7f9d07e33000-7f9d07e34000 r--p 00008000 fd:01 33948060                   /usr/lib/x86_64-linux-gnu/librt-2.31.so
7f9d07e34000-7f9d07e35000 rw-p 00009000 fd:01 33948060                   /usr/lib/x86_64-linux-gnu/librt-2.31.so
7f9d07e35000-7f9d07e3c000 r--p 00000000 fd:01 33948052                   /usr/lib/x86_64-linux-gnu/libpthread-2.31.so
7f9d07e3c000-7f9d07e4c000 r-xp 00007000 fd:01 33948052                   /usr/lib/x86_64-linux-gnu/libpthread-2.31.so
7f9d07e4c000-7f9d07e51000 r--p 00017000 fd:01 33948052                   /usr/lib/x86_64-linux-gnu/libpthread-2.31.so
7f9d07e51000-7f9d07e52000 r--p 0001b000 fd:01 33948052                   /usr/lib/x86_64-linux-gnu/libpthread-2.31.so
7f9d07e52000-7f9d07e53000 rw-p 0001c000 fd:01 33948052                   /usr/lib/x86_64-linux-gnu/libpthread-2.31.so
7f9d07e53000-7f9d07e57000 rw-p 00000000 00:00 0 
7f9d07e57000-7f9d07e5a000 r--p 00000000 fd:01 33949871                   /usr/lib/x86_64-linux-gnu/libz.so.1.2.11
7f9d07e5a000-7f9d07e6b000 r-xp 00003000 fd:01 33949871                   /usr/lib/x86_64-linux-gnu/libz.so.1.2.11
7f9d07e6b000-7f9d07e71000 r--p 00014000 fd:01 33949871                   /usr/lib/x86_64-linux-gnu/libz.so.1.2.11
7f9d07e71000-7f9d07e72000 ---p 0001a000 fd:01 33949871                   /usr/lib/x86_64-linux-gnu/libz.so.1.2.11
7f9d07e72000-7f9d07e73000 r--p 0001a000 fd:01 33949871                   /usr/lib/x86_64-linux-gnu/libz.so.1.2.11
7f9d07e73000-7f9d07e74000 rw-p 0001b000 fd:01 33949871                   /usr/lib/x86_64-linux-gnu/libz.so.1.2.11
7f9d07e78000-7f9d07e79000 r--p 00000000 fd:01 38420499                   /usr/local/google/home/haberman/code/protobuf/ruby/test_repro/test_ext.so
7f9d07e79000-7f9d07e7a000 r-xp 00001000 fd:01 38420499                   /usr/local/google/home/haberman/code/protobuf/ruby/test_repro/test_ext.so
7f9d07e7a000-7f9d07e7b000 r--p 00002000 fd:01 38420499                   /usr/local/google/home/haberman/code/protobuf/ruby/test_repro/test_ext.so
7f9d07e7b000-7f9d07e7c000 r--p 00002000 fd:01 38420499                   /usr/local/google/home/haberman/code/protobuf/ruby/test_repro/test_ext.so
7f9d07e7c000-7f9d07e7d000 rw-p 00003000 fd:01 38420499                   /usr/local/google/home/haberman/code/protobuf/ruby/test_repro/test_ext.so
7f9d07e7d000-7f9d07e7e000 r--p 00000000 fd:01 36637882                   /usr/local/google/home/haberman/.rubies/ruby-2.7.4-dbg/lib/ruby/2.7.0/x86_64-linux/monitor.so
7f9d07e7e000-7f9d07e7f000 r-xp 00001000 fd:01 36637882                   /usr/local/google/home/haberman/.rubies/ruby-2.7.4-dbg/lib/ruby/2.7.0/x86_64-linux/monitor.so
7f9d07e7f000-7f9d07e80000 r--p 00002000 fd:01 36637882                   /usr/local/google/home/haberman/.rubies/ruby-2.7.4-dbg/lib/ruby/2.7.0/x86_64-linux/monitor.so
7f9d07e80000-7f9d07e81000 r--p 00002000 fd:01 36637882                   /usr/local/google/home/haberman/.rubies/ruby-2.7.4-dbg/lib/ruby/2.7.0/x86_64-linux/monitor.so
7f9d07e81000-7f9d07e82000 rw-p 00003000 fd:01 36637882                   /usr/local/google/home/haberman/.rubies/ruby-2.7.4-dbg/lib/ruby/2.7.0/x86_64-linux/monitor.so
7f9d07e82000-7f9d07e83000 r--p 00000000 fd:01 36731191                   /usr/local/google/home/haberman/.rubies/ruby-2.7.4-dbg/lib/ruby/2.7.0/x86_64-linux/enc/trans/transdb.so
7f9d07e83000-7f9d07e85000 r-xp 00001000 fd:01 36731191                   /usr/local/google/home/haberman/.rubies/ruby-2.7.4-dbg/lib/ruby/2.7.0/x86_64-linux/enc/trans/transdb.so
7f9d07e85000-7f9d07e86000 r--p 00003000 fd:01 36731191                   /usr/local/google/home/haberman/.rubies/ruby-2.7.4-dbg/lib/ruby/2.7.0/x86_64-linux/enc/trans/transdb.so
7f9d07e86000-7f9d07e87000 r--p 00003000 fd:01 36731191                   /usr/local/google/home/haberman/.rubies/ruby-2.7.4-dbg/lib/ruby/2.7.0/x86_64-linux/enc/trans/transdb.so
7f9d07e87000-7f9d07e88000 rw-p 00004000 fd:01 36731191                   /usr/local/google/home/haberman/.rubies/ruby-2.7.4-dbg/lib/ruby/2.7.0/x86_64-linux/enc/trans/transdb.so
7f9d07e88000-7f9d07e89000 r--p 00000000 fd:01 36748007                   /usr/local/google/home/haberman/.rubies/ruby-2.7.4-dbg/lib/ruby/2.7.0/x86_64-linux/enc/encdb.so
7f9d07e89000-7f9d07e8a000 r-xp 00001000 fd:01 36748007                   /usr/local/google/home/haberman/.rubies/ruby-2.7.4-dbg/lib/ruby/2.7.0/x86_64-linux/enc/encdb.so
7f9d07e8a000-7f9d07e8b000 r--p 00002000 fd:01 36748007                   /usr/local/google/home/haberman/.rubies/ruby-2.7.4-dbg/lib/ruby/2.7.0/x86_64-linux/enc/encdb.so
7f9d07e8b000-7f9d07e8c000 r--p 00002000 fd:01 36748007                   /usr/local/google/home/haberman/.rubies/ruby-2.7.4-dbg/lib/ruby/2.7.0/x86_64-linux/enc/encdb.so
7f9d07e8c000-7f9d07e8d000 rw-p 00003000 fd:01 36748007                   /usr/local/google/home/haberman/.rubies/ruby-2.7.4-dbg/lib/ruby/2.7.0/x86_64-linux/enc/encdb.so
7f9d07e8d000-7f9d07e94000 r--s 00000000 fd:01 33958468                   /usr/lib/x86_64-linux-gnu/gconv/gconv-modules.cache
7f9d07e94000-7f9d07e96000 rw-p 00000000 00:00 0 
7f9d07e96000-7f9d07e97000 r--p 00000000 fd:01 33947998                   /usr/lib/x86_64-linux-gnu/ld-2.31.so
7f9d07e97000-7f9d07eb7000 r-xp 00001000 fd:01 33947998                   /usr/lib/x86_64-linux-gnu/ld-2.31.so
7f9d07eb7000-7f9d07ebf000 r--p 00021000 fd:01 33947998                   /usr/lib/x86_64-linux-gnu/ld-2.31.so
7f9d07ec0000-7f9d07ec1000 r--p 00029000 fd:01 33947998                   /usr/lib/x86_64-linux-gnu/ld-2.31.so
7f9d07ec1000-7f9d07ec2000 rw-p 0002a000 fd:01 33947998                   /usr/lib/x86_64-linux-gnu/ld-2.31.so
7f9d07ec2000-7f9d07ec3000 rw-p 00000000 00:00 0 
7ffe4325f000-7ffe43a5e000 rw-p 00000000 00:00 0                          [stack]
7ffe43b69000-7ffe43b6d000 r--p 00000000 00:00 0                          [vvar]
7ffe43b6d000-7ffe43b6f000 r-xp 00000000 00:00 0                          [vdso]

@haberman
Copy link
Member

For me this crash reproduces in every version of Ruby from 2.5.0 - 3.0.2.

I'll report something in the Ruby bug tracker.

Ideally there would be a workaround I could recommend, but nothing immediately comes to mind.

@haberman
Copy link
Member

Filed upstream: https://bugs.ruby-lang.org/issues/18140

@stanhu
Copy link
Contributor Author

stanhu commented Aug 31, 2021

@haberman Thanks for doing this investigation and filing the bug!

@haberman
Copy link
Member

haberman commented Sep 1, 2021

You're welcome, the great repro really helped!

Amazingly, the bug already has a proposed fix upstream: https://bugs.ruby-lang.org/issues/18140#note-2

@stanhu
Copy link
Contributor Author

stanhu commented Sep 1, 2021

Awesome, thanks! Closing this issue.

@stanhu stanhu closed this as completed Sep 1, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@haberman @stanhu