Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Nokogiri/libxml SEGFAULTS in MRI Ruby GC #1092

Closed
pibako opened this issue May 7, 2014 · 3 comments
Closed

Nokogiri/libxml SEGFAULTS in MRI Ruby GC #1092

pibako opened this issue May 7, 2014 · 3 comments
Labels
topic/memory Segfaults, memory leaks, valgrind testing, etc. vendored/libxml2

Comments

@pibako
Copy link

pibako commented May 7, 2014

The following piece of code sometimes causes SEGFAULTS in GC of MRI Ruby which makes it very difficult to debug:

require 'nokogiri'

def run
  doc = Nokogiri::XML::Document.new()

  text_node = Nokogiri::XML::Text.new("text element", doc)

  cdata_node = Nokogiri::XML::CDATA.new(doc, "cdata element")

  # Never add CDATA element to a Text element (1) this doesn't make
  # any sense (2) it will cause segfaults
  text_node.add_child(cdata_node)
end

# If you change 2 to 1 you will probably never see a bug.
1.upto(2) do |i|
  run
end

This is the output for MRI Ruby and xml:

pi@mac:~/code/ruby/tmp$ rbenv shell 1.9.3-p545
pi@mac:~/code/ruby/tmp$ ruby issue.rb
ruby(65891,0x7fff7b26e310) malloc: *** error for object 0x7fa83afa1a60: pointer being freed was not allocated
*** set a breakpoint in malloc_error_break to debug
Abort trap: 6

and this is for JRuby which makes it easy and obvious and fails always:

pi@mac:~/code/ruby/tmp$ rbenv shell jruby-1.7.10
pi@mac:~/code/ruby/tmp$ ruby issue.rb
RuntimeError: org.w3c.dom.DOMException: HIERARCHY_REQUEST_ERR: An attempt was made to insert a node where it is not permitted.
                     add_child_node at nokogiri/XmlNode.java:1589
  add_child_node_and_reparent_attrs at /Users/pi/.rbenv/versions/jruby-1.7.10/lib/ruby/gems/shared/gems/nokogiri-1.6.1-java/lib/nokogiri/xml/node.rb:948
                          add_child at /Users/pi/.rbenv/versions/jruby-1.7.10/lib/ruby/gems/shared/gems/nokogiri-1.6.1-java/lib/nokogiri/xml/node.rb:275
                                run at issue.rb:11
                             (root) at issue.rb:16
                               upto at org/jruby/RubyInteger.java:133
                             (root) at issue.rb:15

Nokogiri version:

pi@mac:~/code/ruby/tmp$ nokogiri -v
# Nokogiri (1.5.11)
    ---
    warnings: []
    nokogiri: 1.5.11
    ruby:
      version: 1.9.3
      platform: x86_64-darwin13.1.0
      description: ruby 1.9.3p545 (2014-02-24 revision 45159) [x86_64-darwin13.1.0]
      engine: ruby
    libxml:
      binding: extension
      compiled: 2.9.0
      loaded: 2.9.0

You can see the following backtraces:

error : Unknown node type 289118591

Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: 13 at address: 0x0000000000000000
0x0000000107249ce3 in xmlCtxtDumpOneNode ()
(gdb) bt
#0  0x0000000107249ce3 in xmlCtxtDumpOneNode ()
#1  0x000000010724aac2 in xmlCtxtDumpNode ()
#2  0x000000010724af89 in xmlCtxtDumpDocument ()
#3  0x000000010724b1de in xmlDebugCheckDocument ()
#4  0x00000001072241df in xmlFreeDoc ()
#5  0x00000001045caaac in dealloc (doc=0x113bbc100) at xml_document.c:35
#6  0x000000010006d6a3 in run_final (objspace=0x100404250, obj=4371207000) at gc.c:3033
#7  0x000000010006d527 in finalize_list (objspace=0x100404250, p=0x1048b5358) at gc.c:2055
#8  0x0000000100069755 in finalize_deferred (objspace=0x100404250) at gc.c:3049
#9  0x000000010006970a in rb_gc_finalize_deferred () at gc.c:3056
#10 0x00000001001e5167 in rb_threadptr_execute_interrupts_common (th=0x100403f30) at thread.c:1311
#11 0x00000001001e4e15 in rb_threadptr_execute_interrupts (th=0x100403f30) at thread.c:1335
#12 0x00000001001e13b1 in vm_call_method (th=0x100403f30, cfp=0x1005ffe48, num=0, blockptr=0x1005ffe70, flag=0, id=9472, me=0x100487be0, recv=4303783840) at vm_insnhelper.c:677
#13 0x00000001001c959e in vm_exec_core (th=0x100403f30, initial=0) at insns.def:1018
#14 0x00000001001d7009 in vm_exec (th=0x100403f30) at vm.c:1236
#15 0x00000001001d6647 in invoke_block_from_c (th=0x100403f30, block=0x10cb02300, self=4390129720, argc=0, argv=0x105199ab0, blockptr=0x0, cref=0x0) at vm.c:640
#16 0x00000001001d6377 in rb_vm_invoke_proc (th=0x100403f30, proc=0x10cb02300, self=4390129720, argc=0, argv=0x105199ab0, blockptr=0x0) at vm.c:686
#17 0x000000010005656a in rb_proc_call (self=4327162080, args=4380531360) at proc.c:584
#18 0x000000010004fb25 in rb_call_end_proc (data=4327162080) at eval_jump.c:13
#19 0x000000010004fe65 in rb_exec_end_proc () at eval_jump.c:129
#20 0x00000001000503e6 in ruby_finalize_0 () at eval.c:92
#21 0x00000001000505f7 in ruby_cleanup (ex=0) at eval.c:133
#22 0x0000000100050aac in ruby_run_node (n=0x10106af98) at eval.c:244
#23 0x000000010000172f in main (argc=4, argv=0x7fff5fbff6f0) at main.c:38

error : Unknown node type 331918528

Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_INVALID_ADDRESS at address: 0x0000000000000007
0x0000000107449ce3 in xmlCtxtDumpOneNode ()
(gdb) bt
#0  0x0000000107449ce3 in xmlCtxtDumpOneNode ()
#1  0x000000010744aac2 in xmlCtxtDumpNode ()
#2  0x000000010744af89 in xmlCtxtDumpDocument ()
#3  0x000000010744b1de in xmlDebugCheckDocument ()
#4  0x00000001074241df in xmlFreeDoc ()
#5  0x0000000104fcaaac in dealloc (doc=0x113c758d0) at xml_document.c:35
#6  0x000000010006d6a3 in run_final (objspace=0x100404250, obj=4605556960) at gc.c:3033
#7  0x000000010006d527 in finalize_list (objspace=0x100404250, p=0x1128338e0) at gc.c:2055
#8  0x0000000100069af7 in rb_objspace_call_finalizer (objspace=0x100404250) at gc.c:3145
#9  0x000000010006977a in rb_gc_call_finalizer_at_exit () at gc.c:3080
#10 0x0000000100050423 in ruby_finalize_1 () at eval.c:101
#11 0x0000000100050709 in ruby_cleanup (ex=0) at eval.c:147
#12 0x0000000100050aac in ruby_run_node (n=0x103007400) at eval.c:244
#13 0x000000010000172f in main (argc=4, argv=0x7fff5fbff6f0) at main.c:38
@knu
Copy link
Member

knu commented May 7, 2014

I have to point out that libxml2 2.9.0 is not (currently) supported by nokogiri, while I'm not sure if the problem caused by using the version of libxml2.

Does it reproduce with 1.6.2.rc2 built with the bundled libxml2 (2.8.0)?

@knu knu added the libxml2 label May 7, 2014
@pibako
Copy link
Author

pibako commented May 8, 2014 

pi@mac:~/code/ruby/tmp$ nokogiri -v
# Nokogiri (1.6.2.rc2)
    ---
    warnings: []
    nokogiri: 1.6.2.rc2
    ruby:
      version: 1.9.3
      platform: x86_64-darwin13.1.0
      description: ruby 1.9.3p392 (2013-02-22 revision 39386) [x86_64-darwin13.1.0]
      engine: ruby
    libxml:
      binding: extension
      source: packaged
      libxml2_path: /Users/pi/.rbenv/versions/1.9.3-p392/lib/ruby/gems/1.9.1/gems/nokogiri-1.6.2.rc2/ports/x86_64-apple-darwin13.1.0/libxml2/2.8.0
      libxslt_path: /Users/pi/.rbenv/versions/1.9.3-p392/lib/ruby/gems/1.9.1/gems/nokogiri-1.6.2.rc2/ports/x86_64-apple-darwin13.1.0/libxslt/1.1.28
      compiled: 2.8.0
      loaded: 2.8.0

Just tried it... and it is the same problem. The problem is not specific to OS X either.

@knu knu closed this as completed in 31e369c May 8, 2014
@pibako
Copy link
Author

pibako commented May 8, 2014

Awesome job, thanks!

@flavorjones flavorjones added the topic/memory Segfaults, memory leaks, valgrind testing, etc. label Feb 2, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
topic/memory Segfaults, memory leaks, valgrind testing, etc. vendored/libxml2
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@flavorjones @knu @pibako