I’ve got something that’s fairly reproducible in 1.6.7. Is
the latest Ruby “stable enough” to use – is it better than
1.6.7?

Here’s a partial backtrace:

(gdb) bt full
#0 0x40182c21 in free () from /lib/libc.so.6
No symbol table info available.
#1 0x40182aa3 in free () from /lib/libc.so.6
No symbol table info available.
#2 0x40041a78 in Init_load () from /usr/lib/libruby.so.1.6
No symbol table info available.
#3 0x4004da8e in rb_gc_force_recycle () from /usr/lib/libruby.so.1.6
No symbol table info available.
#4 0x4004d673 in rb_gc_mark () from /usr/lib/libruby.so.1.6
No symbol table info available.
#5 0x4004ddaf in rb_gc () from /usr/lib/libruby.so.1.6
No symbol table info available.
#6 0x4004ca67 in rb_newobj () from /usr/lib/libruby.so.1.6
No symbol table info available.
#7 0x40026ad1 in rb_ary_new2 () from /usr/lib/libruby.so.1.6
No symbol table info available.
#8 0x400286a7 in rb_ary_sort () from /usr/lib/libruby.so.1.6
No symbol table info available.
#9 0x4003d4ba in rb_stack_check () from /usr/lib/libruby.so.1.6
No symbol table info available.
#10 0x4003da35 in rb_stack_check () from /usr/lib/libruby.so.1.6
No symbol table info available.
#11 0x4003e292 in rb_stack_check () from /usr/lib/libruby.so.1.6
No symbol table info available.
#12 0x40038b1e in rb_alias () from /usr/lib/libruby.so.1.6
No symbol table info available.
#13 0x400379fb in rb_alias () from /usr/lib/libruby.so.1.6
No symbol table info available.
#14 0x40039502 in rb_alias () from /usr/lib/libruby.so.1.6
No symbol table info available.
#15 0x40036ef6 in rb_alias () from /usr/lib/libruby.so.1.6
No symbol table info available.
#16 0x4003de4a in rb_stack_check () from /usr/lib/libruby.so.1.6
No symbol table info available.
#17 0x4003e292 in rb_stack_check () from /usr/lib/libruby.so.1.6
No symbol table info available.
—Type to continue, or q to quit—

I’m not sure why there’s a double free() happening, but if
this looks familiar to anyone (as a problem that’s already
fixed) I’d like to know if I should just build Ruby from
source (right now I’m using the Debian package).

ruby -v

ruby 1.6.7 (2002-03-19) [i386-linux]

– Dossy

Hi,

I’ve got something that’s fairly reproducible in 1.6.7.

What did you do? How can I reproduce it?

Is the latest Ruby “stable enough” to use – is it better
than 1.6.7?
(snip)

ruby -v

ruby 1.6.7 (2002-03-19) [i386-linux]

In fact, some bugs have been fixed after 1.6.7 had released,
but I’m not sure if this is fixed already.

Hi,

I’ve got something that’s fairly reproducible in 1.6.7.

What did you do? How can I reproduce it?

Heh. Run the Ruby program I’m writing … inside of 3 minutes,
it throws the error. Random place in the application, too. Not
a particular line of code that’s causing it.

Is the latest Ruby “stable enough” to use – is it better
than 1.6.7?
(snip)

ruby -v

ruby 1.6.7 (2002-03-19) [i386-linux]

In fact, some bugs have been fixed after 1.6.7 had released,
but I’m not sure if this is fixed already.

I’m building 1.7.2 (as checked out of CVS just now) and II’ll
see if this fixes the problem. If not, I’ll try to debug harder.

– Dossy

$ ruby-1.7.2 -v
ruby 1.7.2 (2002-05-30) [i686-linux]

Well, I built 1.7.2 (and freshly installed ruby/dbi, dbd_oracle 0.0.15
and rexml 2.2.2). I still get the error, but at least now I get more
useful debugging info in gdb:

Program received signal SIGSEGV, Segmentation fault.
0x400dac1b in free () from /lib/libc.so.6
(gdb) bt
#0 0x400dac1b in free () from /lib/libc.so.6
#1 0x400daaa3 in free () from /lib/libc.so.6
#2 0x0806a9a5 in obj_free (obj=1076321712) at gc.c:1069
#3 0x0806a628 in gc_sweep () at gc.c:894
#4 0x0806ab9c in rb_gc () at gc.c:1199
#5 0x08069b3f in rb_newobj () at gc.c:320
#6 0x08051ba7 in new_blktag () at eval.c:575
#7 0x08055470 in rb_eval (self=1075998352, n=0x4019cfb8) at eval.c:2455
#8 0x08054afa in rb_eval (self=1075998352, n=0x4019d224) at eval.c:2200
#9 0x0805ae45 in rb_call0 (klass=1075883624, recv=1075998352, id=6913,
argc=0, argv=0xbffedc58, body=0x4019d224, nosuper=0) at eval.c:4659
#10 0x0805b268 in rb_call (klass=1075883624, recv=1075998352, mid=6913,
argc=2, argv=0xbffedc50, scope=0) at eval.c:4755
#11 0x080562ef in rb_eval (self=1076000392, n=0x40198a44) at eval.c:2721
#12 0x080590a8 in rb_yield_0 (val=1075998352, self=1076000392, klass=0,
pcall=0) at eval.c:3820
#13 0x080592e4 in rb_yield (val=1075998352) at eval.c:3889
#14 0x080b5b24 in rb_ary_each (ary=1076000292) at array.c:754
#15 0x0805a556 in call_cfunc (func=0x80b5b04 <rb_ary_each>, recv=1076000292,
len=0, argc=0, argv=0x0) at eval.c:4396
#16 0x0805aa51 in rb_call0 (klass=1075522140, recv=1076000292, id=3697,
argc=0, argv=0x0, body=0x401b2638, nosuper=1) at eval.c:4530
#17 0x0805b268 in rb_call (klass=1075522140, recv=1076000292, mid=3697,
argc=0, argv=0x0, scope=0) at eval.c:4755
#18 0x080562ef in rb_eval (self=1076000392, n=0x4021afe8) at eval.c:2721
#19 0x0805f7b8 in block_pass (self=1076000392, node=0x4021affc) at eval.c:6720
#20 0x08055410 in rb_eval (self=1076000392, n=0x4021b04c) at eval.c:2447
#21 0x0805ae45 in rb_call0 (klass=1075923404, recv=1076000392, id=3697,
argc=0, argv=0x0, body=0x4021b04c, nosuper=0) at eval.c:4659
#22 0x0805b268 in rb_call (klass=1075923404, recv=1076000392, mid=3697,
argc=0, argv=0x0, scope=1) at eval.c:4755
#23 0x0805652c in rb_eval (self=1076000392, n=0x40198a1c) at eval.c:2734
#24 0x08055580 in rb_eval (self=1076000392, n=0x401985e4) at eval.c:2461
#25 0x0805ae45 in rb_call0 (klass=1075883624, recv=1076000392, id=11729,
argc=0, argv=0xbffefcd8, body=0x401985e4, nosuper=0) at eval.c:4659
#26 0x0805b268 in rb_call (klass=1075883624, recv=1076000392, mid=11729,
argc=2, argv=0xbffefcd0, scope=1) at eval.c:4755
#27 0x0805652c in rb_eval (self=1076000392, n=0x4019cd9c) at eval.c:2734
#28 0x08054afa in rb_eval (self=1076000392, n=0x4019cc5c) at eval.c:2200
#29 0x08054afa in rb_eval (self=1076000392, n=0x4019d224) at eval.c:2200
#30 0x0805ae45 in rb_call0 (klass=1075883624, recv=1076000392, id=6913,
argc=0, argv=0xbfff0d18, body=0x4019d224, nosuper=0) at eval.c:4659
#31 0x0805b268 in rb_call (klass=1075883624, recv=1076000392, mid=6913,
argc=2, argv=0xbfff0d10, scope=0) at eval.c:4755
#32 0x080562ef in rb_eval (self=1076001592, n=0x40198a44) at eval.c:2721
#33 0x080590a8 in rb_yield_0 (val=1076000392, self=1076001592, klass=0,
pcall=0) at eval.c:3820
#34 0x080592e4 in rb_yield (val=1076000392) at eval.c:3889
#35 0x080b5b24 in rb_ary_each (ary=1076001532) at array.c:754
#36 0x0805a556 in call_cfunc (func=0x80b5b04 <rb_ary_each>, recv=1076001532,
len=0, argc=0, argv=0x0) at eval.c:4396
#37 0x0805aa51 in rb_call0 (klass=1075522140, recv=1076001532, id=3697,
argc=0, argv=0x0, body=0x401b2638, nosuper=1) at eval.c:4530
#38 0x0805b268 in rb_call (klass=1075522140, recv=1076001532, mid=3697,
argc=0, argv=0x0, scope=0) at eval.c:4755
#39 0x080562ef in rb_eval (self=1076001592, n=0x4021afe8) at eval.c:2721
#40 0x0805f7b8 in block_pass (self=1076001592, node=0x4021affc) at eval.c:6720
#41 0x08055410 in rb_eval (self=1076001592, n=0x4021b04c) at eval.c:2447
#42 0x0805ae45 in rb_call0 (klass=1075923404, recv=1076001592, id=3697,
argc=0, argv=0x0, body=0x4021b04c, nosuper=0) at eval.c:4659
#43 0x0805b268 in rb_call (klass=1075923404, recv=1076001592, mid=3697,
argc=0, argv=0x0, scope=1) at eval.c:4755
#44 0x0805652c in rb_eval (self=1076001592, n=0x40198a1c) at eval.c:2734
#45 0x08055580 in rb_eval (self=1076001592, n=0x401985e4) at eval.c:2461
#46 0x0805ae45 in rb_call0 (klass=1075883624, recv=1076001592, id=11729,
argc=0, argv=0xbfff2d98, body=0x401985e4, nosuper=0) at eval.c:4659
#47 0x0805b268 in rb_call (klass=1075883624, recv=1076001592, mid=11729,
argc=2, argv=0xbfff2d90, scope=1) at eval.c:4755
#48 0x0805652c in rb_eval (self=1076001592, n=0x4019cd9c) at eval.c:2734
#49 0x08054afa in rb_eval (self=1076001592, n=0x4019cc5c) at eval.c:2200
#50 0x08054afa in rb_eval (self=1076001592, n=0x4019d224) at eval.c:2200
#51 0x0805ae45 in rb_call0 (klass=1075883624, recv=1076001592, id=6913,
argc=0, argv=0xbfff3dd8, body=0x4019d224, nosuper=0) at eval.c:4659
#52 0x0805b268 in rb_call (klass=1075883624, recv=1076001592, mid=6913,
argc=2, argv=0xbfff3dd0, scope=1) at eval.c:4755
#53 0x0805652c in rb_eval (self=1076001592, n=0x40217460) at eval.c:2734
#54 0x08054afa in rb_eval (self=1076001592, n=0x4021744c) at eval.c:2200
#55 0x0805ae45 in rb_call0 (klass=1075923364, recv=1076001592, id=3065,
argc=0, argv=0x0, body=0x4021744c, nosuper=0) at eval.c:4659
#56 0x0805b268 in rb_call (klass=1075923364, recv=1076001592, mid=3065,
argc=0, argv=0x0, scope=0) at eval.c:4755
#57 0x080562ef in rb_eval (self=1075988412, n=0x4021186c) at eval.c:2721
#58 0x0805614f in rb_eval (self=1075988412, n=0x402117f4) at eval.c:2718
#59 0x0805ae45 in rb_call0 (klass=1075951104, recv=1075988412, id=324, argc=0,
argv=0xbfff54a4, body=0x402117f4, nosuper=0) at eval.c:4659
#60 0x0805b268 in rb_call (klass=1075951104, recv=1075988412, mid=324, argc=1,
argv=0xbfff54a0, scope=1) at eval.c:4755
#61 0x0805b499 in rb_funcall (recv=1075988412, mid=324, n=1) at eval.c:4829
#62 0x080bcb59 in cmp_equal (x=1075988412, y=1076001592) at compar.c:23
#63 0x0805a568 in call_cfunc (func=0x80bcb40 <cmp_equal>, recv=1075988412,
len=1, argc=1, argv=0xbfff56e0) at eval.c:4399
#64 0x0805aa51 in rb_call0 (klass=1075950984, recv=1075988412, id=325, argc=1,
argv=0xbfff56e0, body=0x401b8880, nosuper=1) at eval.c:4530
#65 0x0805b268 in rb_call (klass=1075950984, recv=1075988412, mid=325, argc=1,
argv=0xbfff56e0, scope=1) at eval.c:4755
#66 0x0805b499 in rb_funcall (recv=1075988412, mid=325, n=1) at eval.c:4829
#67 0x0807c44f in rb_equal (obj1=1075988412, obj2=1076001592) at object.c:45
#68 0x080b72cf in rb_ary_includes (ary=1076005652, item=1076001592)
at array.c:1570
#69 0x0805a568 in call_cfunc (func=0x80b72a4 <rb_ary_includes>,
recv=1076005652, len=1, argc=1, argv=0xbfff5950) at eval.c:4399
#70 0x0805aa51 in rb_call0 (klass=1075522140, recv=1076005652, id=3319,
argc=1, argv=0xbfff5950, body=0x401b2188, nosuper=1) at eval.c:4530
#71 0x0805b268 in rb_call (klass=1075522140, recv=1076005652, mid=3319,
argc=1, argv=0xbfff5950, scope=0) at eval.c:4755
#72 0x080562ef in rb_eval (self=1076005872, n=0x4021b2a4) at eval.c:2721
#73 0x08054db7 in rb_eval (self=1076005872, n=0x4021b27c) at eval.c:2288
#74 0x08054afa in rb_eval (self=1076005872, n=0x4021b1f0) at eval.c:2200
#75 0x0805ae45 in rb_call0 (klass=1075923404, recv=1076005872, id=4489,
argc=0, argv=0xbfff6984, body=0x4021b1f0, nosuper=0) at eval.c:4659
#76 0x0805b268 in rb_call (klass=1075923404, recv=1076005872, mid=4489,
argc=1, argv=0xbfff6980, scope=0) at eval.c:4755
#77 0x080562ef in rb_eval (self=1076001592, n=0x40219814) at eval.c:2721
#78 0x08054afa in rb_eval (self=1076001592, n=0x40219738) at eval.c:2200
#79 0x0805ae45 in rb_call0 (klass=1075926404, recv=1076001592, id=11308,
argc=0, argv=0xbfff74e4, body=0x40219738, nosuper=0) at eval.c:4659
#80 0x0805b268 in rb_call (klass=1075926404, recv=1076001592, mid=11308,
argc=1, argv=0xbfff74e0, scope=0) at eval.c:4755
#81 0x080562ef in rb_eval (self=1076005872, n=0x4021b1f0) at eval.c:2721
#82 0x0805ae45 in rb_call0 (klass=1075923404, recv=1076005872, id=4489,
argc=0, argv=0xbfff7b74, body=0x4021b1f0, nosuper=0) at eval.c:4659
#83 0x0805b268 in rb_call (klass=1075923404, recv=1076005872, mid=4489,
argc=1, argv=0xbfff7b70, scope=0) at eval.c:4755
#84 0x080562ef in rb_eval (self=1076001592, n=0x40219814) at eval.c:2721
#85 0x08054afa in rb_eval (self=1076001592, n=0x40219738) at eval.c:2200
#86 0x0805ae45 in rb_call0 (klass=1075926404, recv=1076001592, id=11308,
argc=0, argv=0xbfff86d4, body=0x40219738, nosuper=0) at eval.c:4659
#87 0x0805b268 in rb_call (klass=1075926404, recv=1076001592, mid=11308,
argc=1, argv=0xbfff86d0, scope=0) at eval.c:4755
#88 0x080562ef in rb_eval (self=1075976752, n=0x4021b90c) at eval.c:2721
#89 0x08054afa in rb_eval (self=1075976752, n=0x4021b880) at eval.c:2200
#90 0x08055a52 in rb_eval (self=1075976752, n=0x4021b6dc) at eval.c:2562
#91 0x08054afa in rb_eval (self=1075976752, n=0x4021b68c) at eval.c:2200
#92 0x0805ae45 in rb_call0 (klass=1075923404, recv=1075976752, id=6017,
argc=0, argv=0xbfff9bd4, body=0x4021b68c, nosuper=0) at eval.c:4659
#93 0x0805b268 in rb_call (klass=1075923404, recv=1075976752, mid=6017,
argc=1, argv=0xbfff9bd0, scope=0) at eval.c:4755
#94 0x080562ef in rb_eval (self=1076596912, n=0x401e94c0) at eval.c:2721
#95 0x08054afa in rb_eval (self=1076596912, n=0x401e9bf0) at eval.c:2200
#96 0x0805ae45 in rb_call0 (klass=1076366512, recv=1076596912, id=14369,
argc=0, argv=0xbfffa744, body=0x401e9bf0, nosuper=0) at eval.c:4659
#97 0x0805b268 in rb_call (klass=1076366512, recv=1076596912, mid=14369,
argc=1, argv=0xbfffa740, scope=0) at eval.c:4755
#98 0x080562ef in rb_eval (self=1076596912, n=0x401e459c) at eval.c:2721
#99 0x08056e94 in rb_eval (self=1076596912, n=0x401e4588) at eval.c:2881
#100 0x08054afa in rb_eval (self=1076596912, n=0x401e4498) at eval.c:2200
#101 0x0805ae45 in rb_call0 (klass=1076366512, recv=1076596912, id=14617,
argc=0, argv=0xbfffb9bc, body=0x401e4498, nosuper=0) at eval.c:4659
#102 0x0805b268 in rb_call (klass=1076366512, recv=1076596912, mid=14617,
argc=1, argv=0xbfffb9b8, scope=1) at eval.c:4755
#103 0x0805b3d9 in rb_f_send (argc=1, argv=0xbfffb9b4, recv=1076596912)
at eval.c:4785
#104 0x0805a548 in call_cfunc (func=0x805b314 <rb_f_send>, recv=1076596912,
len=-1, argc=2, argv=0xbfffb9b4) at eval.c:4393
#105 0x0805aa51 in rb_call0 (klass=1075551380, recv=1076596912, id=3897,
argc=2, argv=0xbfffb9b4, body=0x401b7e94, nosuper=1) at eval.c:4530
#106 0x0805b268 in rb_call (klass=1075551380, recv=1076596912, mid=3897,
argc=2, argv=0xbfffb9b4, scope=0) at eval.c:4755
#107 0x080562ef in rb_eval (self=1075853724, n=0x401ee204) at eval.c:2721
#108 0x08056eda in rb_eval (self=1075853724, n=0x401eddb8) at eval.c:2887
#109 0x08054afa in rb_eval (self=1075853724, n=0x401ee9e8) at eval.c:2200
#110 0x0805ae45 in rb_call0 (klass=1075853624, recv=1075853724, id=9657,
argc=0, argv=0xbfffc9f8, body=0x401ee9e8, nosuper=0) at eval.c:4659
#111 0x0805b268 in rb_call (klass=1075853624, recv=1075853724, mid=9657,
argc=1, argv=0xbfffc9f4, scope=0) at eval.c:4755
#112 0x080562ef in rb_eval (self=1075546820, n=0x401a9ccc) at eval.c:2721
#113 0x08056f37 in rb_eval (self=1075546820, n=0x401a9cb8) at eval.c:2897
#114 0x08054afa in rb_eval (self=1075546820, n=0x401aa03c) at eval.c:2200
#115 0x08055a52 in rb_eval (self=1075546820, n=0x401a96b4) at eval.c:2562
#116 0x08055c9d in rb_eval (self=1075546820, n=0x401a9678) at eval.c:2602
#117 0x080590a8 in rb_yield_0 (val=6, self=1075546820, klass=0, pcall=2)
at eval.c:3820
#118 0x0806347f in rb_thread_yield (arg=1076007372, th=0x81dc010)
at eval.c:8682
#119 0x080631b2 in rb_thread_start_0 (fn=0x80633d8 <rb_thread_yield>,
arg=0x402291cc, th_arg=0x81dc010) at eval.c:8601
#120 0x0806356e in rb_thread_start (klass=1075529300, args=1076007372)
at eval.c:8721
#121 0x0805a534 in call_cfunc (func=0x8063530 <rb_thread_start>,
recv=1075529300, len=-2, argc=0, argv=0x0) at eval.c:4390
#122 0x0805aa51 in rb_call0 (klass=1075529280, recv=1075529300, id=5825,
argc=0, argv=0x0, body=0x401b45c8, nosuper=1) at eval.c:4530
#123 0x0805b268 in rb_call (klass=1075529280, recv=1075529300, mid=5825,
argc=0, argv=0x0, scope=0) at eval.c:4755
#124 0x080562ef in rb_eval (self=1075546820, n=0x401aa168) at eval.c:2721
#125 0x08055580 in rb_eval (self=1075546820, n=0x401aa1cc) at eval.c:2461
#126 0x080551c4 in rb_eval (self=1075546820, n=0x401aa834) at eval.c:2390
#127 0x080525a8 in eval_node (self=1075546820, node=0x401aa834) at eval.c:1103
#128 0x08052982 in ruby_run () at eval.c:1236
#129 0x08051192 in main (argc=2, argv=0xbffff744, envp=0xbffff750) at main.c:50

(gdb) bt 10 full
#0 0x400dac1b in free () from /lib/libc.so.6
No symbol table info available.
#1 0x400daaa3 in free () from /lib/libc.so.6
No symbol table info available.
#2 0x0806a9a5 in obj_free (obj=1076321712) at gc.c:1069
obj = 1076321712
#3 0x0806a628 in gc_sweep () at gc.c:894
n = 16538
p = (RVALUE *) 0x40275db0
pend = (RVALUE *) 0x402ba348
final_list = (RVALUE *) 0x0
freed = 1862
i = 136513304
used = 3
#4 0x0806ab9c in rb_gc () at gc.c:1199
list = (struct gc_list *) 0x0
frame = (struct FRAME *) 0x0
save_regs_gc_mark = {{__jmpbuf = {0, 1075434380, 0, -1073819464,
-1073819664, 134654716}, __mask_was_saved = 0, __saved_mask = {__val = {
1075358380, 1, 3221147872, 338, 0, 1075883144, 3221150628, 0,
135392409, 521, 0, 0, 1075358380, 3221147832, 134591080, 1075542440,
1075358380, 338, 1, 3221147872, 1075540360, 1, 1, 0, 1, 1, 3221147848,
134904078, 1075432460, 3221147864, 134952249, 338}}}}
stack_end = (VALUE *) 0xbffed0b8
#5 0x08069b3f in rb_newobj () at gc.c:320
obj = 0
#6 0x08051ba7 in new_blktag () at eval.c:575
blktag = (struct BLOCKTAG *) 0x8230718
#7 0x08055470 in rb_eval (self=1075998352, n=0x4019cfb8) at eval.c:2455
_block = {var = 0x4019d184, body = 0x4019d044, self = 1075998352,
frame = {self = 1075998352, argc = 2, argv = 0xbffeda9c, last_func = 6913,
last_class = 1075883624, cbase = 1075883144, prev = 0xbffee224, tmp = 0x0,
file = 0x811ec99 “/usr/lib/ruby/site_ruby/1.7/rexml/element.rb”,
line = 526, iter = 0, flags = 0}, scope = 0x4018b574, tag = 0x4018b114,
klass = 1075551520, iter = 0, vmode = 0, flags = 1, dyna_vars = 0x0,
orig_thread = 1, wrapper = 0, prev = 0x0}
_tag = {buf = {{__jmpbuf = {0, -1073816620, -1073818984, -1073818200,
-1073819424, 134567219}, __mask_was_saved = 0, __saved_mask = {
__val = {0, 0, 4, 3221148440, 134813952, 1, 0, 3221148440, 1, 0,
135459832, 3221148456, 134826810, 0, 136291568, 3221148488,
134830298, 1075365480, 1075359980, 3221148504, 134907898, 137387773,
135425504, 1, 3221148812, 1075365480, 0, 102, 8, 11345, 1075863684,
3221148552}}}}, frame = 0xbffedba4, iter = 0xbffedad8,
tag = 4294967295, retval = 4, scope = 0x40189634, dst = 0, prev = 0xbffedaec}
n = (NODE *) 0x8230718
node = (NODE *) 0x4019d008
state = 0
result = 4
#8 0x08054afa in rb_eval (self=1075998352, n=0x4019d224) at eval.c:2200
n = (NODE *) 0x8230718
node = (NODE *) 0x4019cfa4
state = 2
result = 4
#9 0x0805ae45 in rb_call0 (klass=1075883624, recv=1075998352, id=6913,
argc=0, argv=0xbffedc58, body=0x4019d224, nosuper=0) at eval.c:4659
_tag = {buf = {{__jmpbuf = {0, 0, 0, -1073816616, -1073816960,
134589548}, __mask_was_saved = 0, __saved_mask = {__val = {0,
3221153376, 123, 135391601, 0, 3221150384, 1075358380, 1075542440,
0, 0, 2833, 0, 1075952644, 3221154804, 0, 3221151688, 95, 0, 0,
3221151704, 3221150632, 134591080, 1075542420, 1075542440, 2833, 0,
0, 1075926204, 1, 3221150752, 336, 0}}}}, frame = 0xbffedba4,
iter = 0xbffedad8, tag = 4294967295, retval = 4, scope = 0x40189634,
dst = 0, prev = 0xbffee168}
_old = (struct RVarmap *) 0x40189828
_vmode = 0
_old = (struct SCOPE *) 0x4018a0fc
_scope = (struct SCOPE *) 0x8230718
state = 0
local_vars = (VALUE *) 0xbffeda94
saved_cref = (NODE *) 0x4020ac88
_frame = {self = 1075998352, argc = 2, argv = 0xbffeda9c,
last_func = 6913, last_class = 1075883624, cbase = 1075883144,
prev = 0xbffee224, tmp = 0x0,
file = 0x811ec99 “/usr/lib/ruby/site_ruby/1.7/rexml/element.rb”, line = 680,
iter = 0, flags = 0}
_iter = {iter = 0, prev = 0xbffee160}
nosuper = 1075434380
b2 = (NODE *) 0x4019cb80
result = 4
itr = 0
tick = 714664

Just to dig a little:

(gdb) p *(RVALUE *)1076321712
$8 = {as = {free = {flags = 9, next = 0x401b2a5c}, basic = {flags = 9,
klass = 1075522140}, object = {basic = {flags = 9, klass = 1075522140},
iv_tbl = 0x1}, klass = {basic = {flags = 9, klass = 1075522140},
iv_tbl = 0x1, m_tbl = 0x1, super = 136513296}, flonum = {basic = {
flags = 9, klass = 1075522140}, value = 2.121995791459338e-314},
string = {basic = {flags = 9, klass = 1075522140}, len = 1,
ptr = 0x1 <Address 0x1 out of bounds>, aux = {capa = 136513296,
shared = 136513296}}, array = {basic = {flags = 9,
klass = 1075522140}, len = 1, aux = {capa = 1, shared = 1},
ptr = 0x8230710}, regexp = {basic = {flags = 9, klass = 1075522140},
ptr = 0x1, len = 1, str = 0x8230710 “\004”}, hash = {basic = {flags = 9,
klass = 1075522140}, tbl = 0x1, iter_lev = 1, ifnone = 136513296},
data = {basic = {flags = 9, klass = 1075522140}, dmark = 0x1, dfree = 0x1,
data = 0x8230710}, rstruct = {basic = {flags = 9, klass = 1075522140},
len = 1, ptr = 0x1}, bignum = {basic = {flags = 9, klass = 1075522140},
sign = 1 ‘\001’, len = 1, digits = 0x8230710}, file = {basic = {
flags = 9, klass = 1075522140}, fptr = 0x1}, node = {flags = 9,
nd_file = 0x401b2a5c “\003”, u1 = {node = 0x1, id = 1, value = 1,
cfunc = 0x1, tbl = 0x1}, u2 = {node = 0x1, id = 1, argc = 1,
value = 1}, u3 = {node = 0x8230710, id = 136513296, state = 136513296,
entry = 0x8230710, cnt = 136513296, value = 136513296}}, match = {
basic = {flags = 9, klass = 1075522140}, str = 1, regs = 0x1}, varmap = {
super = {flags = 9, klass = 1075522140}, id = 1, val = 1,
next = 0x8230710}, scope = {super = {flags = 9, klass = 1075522140},
local_tbl = 0x1, local_vars = 0x1, flags = 136513296}}}

[T_MASK == 0x3f]
(gdb) p (*(RVALUE *)1076321712)->as.basic.flags & 0x3f
$11 = 9

[0x09 == T_ARRAY]

gc.c:
987 case T_ARRAY:
988 if (RANY(obj)->as.array.ptr && !FL_TEST(obj, ELTS_SHARED)) {
989 RUBY_CRITICAL(free(RANY(obj)->as.array.ptr));
990 }
991 break;

(gdb) p (*(RVALUE *)1076321712)->as.array.ptr
$12 = (VALUE *) 0x8230710

(gdb) p ((RVALUE *)1076321712)->as.array.ptr
$13 = 4

However, look at this in gc.c:

1067 case T_STRUCT:
1068 if (RANY(obj)->as.rstruct.ptr) {
1069 RUBY_CRITICAL(free(RANY(obj)->as.rstruct.ptr));
1070 }
1071 break;

This doesn’t make sense. Why would the switch statement match
T_ARRAY and T_STRUCT (especially when T_STRUCT == 0x0c)?

Perhaps I’m looking too late and memory is already wrong?

I’ll try to set up some breakpoints and catch the problem before
it manifests, but I don’t know how successful I’ll be. Any
hints at debugging Ruby will be much appreciated.

– Dossy

Hi,

$ ruby-1.7.2 -v
ruby 1.7.2 (2002-05-30) [i686-linux]

Well, I built 1.7.2 (and freshly installed ruby/dbi, dbd_oracle 0.0.15
and rexml 2.2.2). I still get the error, but at least now I get more
useful debugging info in gdb:

If you use extension libraries, possibly it may be due to those
libraries.

(gdb) p ((RVALUE *)1076321712)->as.array.ptr
$13 = 4

It means the first element of the array was nil.

Perhaps I’m looking too late and memory is already wrong?

If it was due to GC bug.

I’ll try to set up some breakpoints and catch the problem before
it manifests, but I don’t know how successful I’ll be. Any
hints at debugging Ruby will be much appreciated.

Anyway, I can say nothing more now. Can’t you make a snippet
reproduce it?

I think you should take a look at ruby-talk/41322
I’m pretty sure it’s all happen after your recent changes
on eval.c , both for 1.6.x/1.7.x (scope_node trick)

If you use extension libraries, possibly it may be due to those
libraries.

Indeed, my hunch is that dbd_oracle is NOT thread-safe.

I’ll try to set up some breakpoints and catch the problem before
it manifests, but I don’t know how successful I’ll be. Any
hints at debugging Ruby will be much appreciated.

Anyway, I can say nothing more now. Can’t you make a snippet
reproduce it?

I don’t know what’s causing it, so I can’t create a small snippet
of code to reproduce it.

Once I have a reproducible test case, I’ll provide it.

In the meanwhile, can anyone give me any pointers as to how to
do root cause analysis for this kind of problem? Are there good
functions in the core to breakpoint? Otherwise, I’ll just have
to keep stepping through the GC code and inspect before and after
of all the variables (ouch!) to see what code is corrupting what.
That’ll suck …

– Dossy

Hi,

Well, after setting 19 breakpoints all around the GC code and
not being able to pinpoint the cause, I added an “GC.start” where
I iterate over the resultset from DBI, and the code has been
running and hasn’t segfaulted again.

Is there anyone here who knows DBI (and dbd_oracle) well and
can help me debug?

My current guess is that there’s a fixed amount of data available
to the DBI layer (either in DBI itself or somewhere in dbd_oracle)
so if the GC isn’t run frequently enough, it runs out of memory
(probably a sized char somewhere) and segfaults.

Since I haven’t looked closely at dbd_oracle, I’m talking through
my hat here – that’s why I’d like to ask an expert …

I’m using:

$ ruby-1.7.2 -v
ruby 1.7.2 (2002-05-30) [i686-linux]

And these extensions:

oracle-0.2.11.tar.gz
rexml_2.2.2.tgz
ruby-dbi-all-0.0.15.tar.gz

– Dossy

If you use extension libraries, possibly it may be due to those
libraries.

Indeed, my hunch is that dbd_oracle is NOT thread-safe.

Well, after setting 19 breakpoints all around the GC code and
not being able to pinpoint the cause, I added an “GC.start” where
I iterate over the resultset from DBI, and the code has been
running and hasn’t segfaulted again.

Someone mentioned on IRC that Array’s aren’t thread safe. Could this
be what’s biting (byting?) you? -sc

Since I haven't looked closely at dbd_oracle, I'm talking through
my hat here -- that's why I'd like to ask an expert ...

Nobody can help you if nobody can see your source.

Guy Decoux