segfault with v2021.10-104-g5f8441024

The t/02parser.t gives:

....
    # Subtest: SAX chunk parser
        # Subtest: well-formed
            1..22
            ok 1 - The object is-a '"LibXML::DocumentFragment"'
            ok 2 - <A/> is well formed
            ok 3 - The object is-a '"LibXML::DocumentFragment"'
            ok 4 - <A></A> is well formed
            ok 5 - The object is-a '"LibXML::DocumentFragment"'
            ok 6 - <A B="C"/> is well formed
            ok 7 - The object is-a '"LibXML::DocumentFragment"'
            ok 8 - <A>D</A> is well formed
            ok 9 - The object is-a '"LibXML::DocumentFragment"'
            ok 10 - <A><![CDATA[D]]></A> is well formed
            ok 11 - The object is-a '"LibXML::DocumentFragment"'
            ok 12 - <A><!--D--></A> is well formed
            ok 13 - The object is-a '"LibXML::DocumentFragment"'
            ok 14 - <A><K/></A> is well formed
            ok 15 - The object is-a '"LibXML::DocumentFragment"'
            ok 16 - <A xmlns="xml://E"/> is well formed
            ok 17 - The object is-a '"LibXML::DocumentFragment"'
            ok 18 - <F:A xmlns:F="xml://G" F:A="B">D</F:A> is well formed
            ok 19 - The object is-a '"LibXML::DocumentFragment"'
Segmentation fault (core dumped)

Backtrace not particularly useful:

Thread 1 "rakudo-m" received signal SIGSEGV, Segmentation fault.
0x00007ffff797f951 in MVM_disp_program_run () from //usr/local/lib/libmoar.so
(gdb) bt full
#0  0x00007ffff797f951 in MVM_disp_program_run () from //usr/local/lib/libmoar.so
No symbol table info available.
#1  0x00007ffff7975659 in dispatch_monomorphic () from //usr/local/lib/libmoar.so
No symbol table info available.
#2  0x00007ffff78ee07a in MVM_interp_run () from //usr/local/lib/libmoar.so
No symbol table info available.
#3  0x00000000004016e9 in main ()
No symbol table info available.

Running it with rakudo-valgrind-m seems to prevent the segfault.

t/04node.t:

...
    ok 12 - document fragment
    # Subtest: DOM extensions
        ok 1 - 
        ok 2 - hasChildNodes
        ok 3 - removed child nodes
Segmentation fault (core dumped)

Same backtrace.

t/18docfree.t:

[jonathan@menenius LibXML-raku]$ raku -I. t/18docfree.t
1..1
Segmentation fault (core dumped)

t/90threads.t:

...
ok 7 - access leaf nodes
# Subtest: multiple documents
    ok 1 - document leaf nodes
    ok 2 - document leaf nodes reduced by unique keys
    ok 3 - document leaf nodes reduced by content
    1..3
ok 8 - multiple documents
ok 9 - parse errors
Segmentation fault (core dumped)

This last in valgrind gives:

1..19
ok 1 - Parser initted.
# Subtest: relaxng
    1..3
==2516118== Thread 3:
==2516118== Conditional jump or move depends on uninitialised value(s)
==2516118==    at 0x4A8A44A: MVM_nativecall_make_cstruct (in /usr/local/lib/libmoar.so)
==2516118==    by 0x4A8C54A: callback_handler (in /usr/local/lib/libmoar.so)
==2516118==    by 0x4BA82E9: ??? (in /usr/local/lib/libmoar.so)
==2516118==    by 0x17A58F52: __xmlRaiseError (error.c:604)
==2516118==    by 0x17B2C45E: UnknownInlinedFun (relaxng.c:561)
==2516118==    by 0x17B2C45E: xmlRelaxNGShowValidError.part.0.lto_priv.0 (relaxng.c:2269)
==2516118==    by 0x17B26454: xmlRelaxNGElementMatch.lto_priv.0 (relaxng.c:9667)
==2516118==    by 0x17B27FD5: xmlRelaxNGValidateState (relaxng.c:9966)
==2516118==    by 0x17B29AB0: xmlRelaxNGValidateDefinition (relaxng.c:10666)
==2516118==    by 0x17B27AEF: xmlRelaxNGValidateState (relaxng.c:10471)
==2516118==    by 0x17B29AB0: xmlRelaxNGValidateDefinition (relaxng.c:10666)
==2516118==    by 0x17B2A2CB: UnknownInlinedFun (relaxng.c:10795)
==2516118==    by 0x17B2A2CB: xmlRelaxNGValidateDoc (relaxng.c:11085)
==2516118==    by 0x4BA7434: ??? (in /usr/local/lib/libmoar.so)
==2516118== 
==2516118== Conditional jump or move depends on uninitialised value(s)
==2516118==    at 0x4A8A44F: MVM_nativecall_make_cstruct (in /usr/local/lib/libmoar.so)
==2516118==    by 0x4A8C54A: callback_handler (in /usr/local/lib/libmoar.so)
==2516118==    by 0x4BA82E9: ??? (in /usr/local/lib/libmoar.so)
==2516118==    by 0x17A58F52: __xmlRaiseError (error.c:604)
==2516118==    by 0x17B2C45E: UnknownInlinedFun (relaxng.c:561)
==2516118==    by 0x17B2C45E: xmlRelaxNGShowValidError.part.0.lto_priv.0 (relaxng.c:2269)
==2516118==    by 0x17B26454: xmlRelaxNGElementMatch.lto_priv.0 (relaxng.c:9667)
==2516118==    by 0x17B27FD5: xmlRelaxNGValidateState (relaxng.c:9966)
==2516118==    by 0x17B29AB0: xmlRelaxNGValidateDefinition (relaxng.c:10666)
==2516118==    by 0x17B27AEF: xmlRelaxNGValidateState (relaxng.c:10471)
==2516118==    by 0x17B29AB0: xmlRelaxNGValidateDefinition (relaxng.c:10666)
==2516118==    by 0x17B2A2CB: UnknownInlinedFun (relaxng.c:10795)
==2516118==    by 0x17B2A2CB: xmlRelaxNGValidateDoc (relaxng.c:11085)
==2516118==    by 0x4BA7434: ??? (in /usr/local/lib/libmoar.so)
==2516118== 
    ok 1 - relaxng schemas
    ok 2 - relax-ng valid
    ok 3 - relax-ng invalid
ok 2 - relaxng
# Subtest: parse strings
    ok 1 - parse errors
    1..1
ok 3 - parse strings
# Subtest: create element/attribute
    ok 1 - document roots
    ok 2 - document root reduction
    1..2
ok 4 - create element/attribute
# Subtest: operating on different documents without lock
    ok 1 - document roots
    ok 2 - unique documents don't reduce
    ok 3 - att values
    ok 4 - att values reduction
    1..4
ok 5 - operating on different documents without lock
# Subtest: operating on the same document with a lock
    ok 1 - document roots
    ok 2 - documents reduction
    1..2
ok 6 - operating on the same document with a lock
# Subtest: access leaf nodes
    ok 1 - document leaf nodes
    ok 2 - document leaf nodes reduction
    ok 3 - sampled node
    1..3
ok 7 - access leaf nodes
# Subtest: multiple documents
    ok 1 - document leaf nodes
    ok 2 - document leaf nodes reduced by unique keys
    ok 3 - document leaf nodes reduced by content
    1..3
ok 8 - multiple documents
==2516118== Thread 10:
==2516118== Invalid read of size 8
==2516118==    at 0x4A702F1: MVM_interp_run (in /usr/local/lib/libmoar.so)
==2516118==    by 0x4A84B18: start_thread (in /usr/local/lib/libmoar.so)
==2516118==    by 0x51E8B16: start_thread (pthread_create.c:435)
==2516118==    by 0x526C953: clone (clone.S:100)
==2516118==  Address 0x10 is not stack'd, malloc'd or (recently) free'd
==2516118== 
==2516118== 
==2516118== Process terminating with default action of signal 11 (SIGSEGV): dumping core
==2516118==  Access not within mapped region at address 0x10
==2516118==    at 0x4A702F1: MVM_interp_run (in /usr/local/lib/libmoar.so)
==2516118==    by 0x4A84B18: start_thread (in /usr/local/lib/libmoar.so)
==2516118==    by 0x51E8B16: start_thread (pthread_create.c:435)
==2516118==    by 0x526C953: clone (clone.S:100)
==2516118==  If you believe this happened as a result of a stack
==2516118==  overflow in your program's main thread (unlikely but
==2516118==  possible), you can try to increase the size of the
==2516118==  main thread stack using the --main-stacksize= flag.
==2516118==  The main thread stack size used in this run was 8388608.
==2516118== 
==2516118== HEAP SUMMARY:
==2516118==     in use at exit: 280,729,458 bytes in 578,378 blocks
==2516118==   total heap usage: 2,998,503 allocs, 2,420,125 frees, 1,775,065,570 bytes allocated
==2516118== 
==2516118== LEAK SUMMARY:
==2516118==    definitely lost: 640,605 bytes in 7,564 blocks
==2516118==    indirectly lost: 459,524 bytes in 9,922 blocks
==2516118==      possibly lost: 10,736,712 bytes in 4,069 blocks
==2516118==    still reachable: 268,892,617 bytes in 556,823 blocks
==2516118==         suppressed: 0 bytes in 0 blocks
==2516118== Rerun with --leak-check=full to see details of leaked memory
==2516118== 
==2516118== Use --track-origins=yes to see where uninitialised values come from
==2516118== For lists of detected and suppressed errors, rerun with: -s
==2516118== ERROR SUMMARY: 11 errors from 3 contexts (suppressed: 0 from 0)
/usr/local/bin/rakudo-valgrind-m: line 53: 2516118 Segmentation fault      (core dumped) "$VALGRIND" ${MVM_VALGRIND_OPTS} "$DIR/rakudo-m" "$@"

Which suggests that it might infact be something in moar.

The libxml2 is 2.9.12

Seems to be happening around calls to parsed-balanced(). This also demonstrates the issue:

use LibXML;
my LibXML $pparser .= new;

for 1 .. 1000 {
    $*ERR.print: "[$_]";
    $pparser.parse-balanced: :string("<x/>");
}

Example output on Rakudo™ v2021.10-108-gb994c6bbb.

$ valgrind `which raku` -I. /tmp/tst.raku 
==6265== Memcheck, a memory error detector
==6265== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==6265== Using Valgrind-3.14.0 and LibVEX; rerun with -h for copyright info
==6265== Command: /home/david/git/rakudo/install/bin/raku -I. /tmp/tst.raku
==6265== 
[1][2][3][4][5][6][7][8][9][10][11][12][13][14][15][16][17][18][19][20][21][22][23][24][25][26][27][28][29][30][31][32][33][34][35][36][37][38][39][40][41][42][43][44][45][46][47][48][49][50][51][52][53][54][55][56][57][58][59][60][61][62][63][64][65][66][67][68][69][70][71][72][73][74][75][76][77][78][79][80][81][82][83][84][85][86][87][88][89][90][91][92][93][94][95][96][97][98][99][100][101][102][103][104][105][106][107][108][109][110][111][112][113][114][115][116][117][118][119][120][121][122][123][124][125][126][127][128][129][130][131][132][133][134][135][136][137][138][139][140][141][142][143][144][145][146][147][148][149][150][151][152][153][154][155][156][157][158][159][160][161][162][163][164][165]==6265== Invalid read of size 8
==6265==    at 0x4AEFEC1: MVM_disp_program_run (in /home/david/git/rakudo.master/install/lib/libmoar.so)
==6265==    by 0x4AE5CAE: dispatch_monomorphic (in /home/david/git/rakudo.master/install/lib/libmoar.so)
==6265==    by 0x4A5DF40: MVM_interp_run (in /home/david/git/rakudo.master/install/lib/libmoar.so)
==6265==    by 0x109604: main (in /home/david/git/rakudo.master/install/bin/rakudo)
==6265==  Address 0x10 is not stack'd, malloc'd or (recently) free'd
==6265== 
==6265== 
==6265== Process terminating with default action of signal 11 (SIGSEGV)
==6265==  Access not within mapped region at address 0x10
==6265==    at 0x4AEFEC1: MVM_disp_program_run (in /home/david/git/rakudo.master/install/lib/libmoar.so)
==6265==    by 0x4AE5CAE: dispatch_monomorphic (in /home/david/git/rakudo.master/install/lib/libmoar.so)
==6265==    by 0x4A5DF40: MVM_interp_run (in /home/david/git/rakudo.master/install/lib/libmoar.so)
==6265==    by 0x109604: main (in /home/david/git/rakudo.master/install/bin/rakudo)
==6265==  If you believe this happened as a result of a stack
==6265==  overflow in your program's main thread (unlikely but
==6265==  possible), you can try to increase the size of the
==6265==  main thread stack using the --main-stacksize= flag.
==6265==  The main thread stack size used in this run was 8388608.
==6265== 
==6265== HEAP SUMMARY:
==6265==     in use at exit: 126,727,527 bytes in 462,440 blocks
==6265==   total heap usage: 1,873,615 allocs, 1,411,175 frees, 1,028,153,375 bytes allocated
==6265== 
==6265== LEAK SUMMARY:
==6265==    definitely lost: 142,266 bytes in 2,694 blocks
==6265==    indirectly lost: 444,458 bytes in 9,589 blocks
==6265==      possibly lost: 8,215,088 bytes in 3,397 blocks
==6265==    still reachable: 117,925,715 bytes in 446,760 blocks
==6265==         suppressed: 0 bytes in 0 blocks
==6265== Rerun with --leak-check=full to see details of leaked memory
==6265== 
==6265== For counts of detected and suppressed errors, rerun with: -v
==6265== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
Segmentation fault

libxml-raku / LibXML-raku

segfault with v2021.10-104-g5f8441024 #65