Project

General

Profile

Actions

Bug #16771

closed

Segmentation fault when inspecting a bound method

Added by decuplet (Nikita Shilnikov) almost 4 years ago. Updated over 3 years ago.

Status:
Closed
Assignee:
-
Target version:
-
[ruby-core:97756]

Description

This piece of code leads to a crash in ruby 2.7.1.

bound_method = Kernel.instance_method(:respond_to?).bind(Object.new)
100000.times { bound_method.inspect }

I cannot reproduce the error in 2.7.0 so this must be new.
I attached the output, didn't bother with the crash report log, though. It should be easily reproducible since I found it on CI which runs a different OS.


Files

output.txt (41.3 KB) output.txt decuplet (Nikita Shilnikov), 04/08/2020 10:26 PM

Updated by jeremyevans0 (Jeremy Evans) almost 4 years ago

I can reproduce this in 2.7.1, but not on master. Here's debugging information:

(gdb) bt
#0  0x00000bbf2523f290 in rb_funcallv_with_cc (cd=0xbbf25296430 <rb_inspect.rb_funcallv_data>, recv=12912719941280, mid=2753, argc=0, argv=0x0) at ./vm_eval.c:1012
#1  0x00000bbf2512f8cf in rb_inspect (obj=12912719941288) at object.c:680
#2  0x00000bbf251678cb in method_inspect (method=12913381588560) at proc.c:2854
#3  0x00000bbf2525014f in vm_call_cfunc_with_frame (ec=<optimized out>, reg_cfp=<optimized out>, calling=<optimized out>, cd=<optimized out>, empty_kw_splat=<optimized out>) at ./vm_insnhelper.c:2514
#4  vm_call_cfunc (ec=0xbbf3908ba50, reg_cfp=0xbbea2dd7f20, calling=<optimized out>, cd=<optimized out>) at ./vm_insnhelper.c:2539
#5  0x00000bbf2523ae24 in vm_sendish (ec=<optimized out>, reg_cfp=<optimized out>, cd=0xbbe82436780, block_handler=0, method_explorer=<optimized out>) at ./vm_insnhelper.c:4023
#6  vm_exec_core (ec=<optimized out>, initial=<optimized out>) at insns.def:801
#7  0x00000bbf2524c06a in rb_vm_exec (ec=<optimized out>, mjit_enable_p=<optimized out>) at vm.c:2139
#8  0x00000bbf25244327 in vm_yield (ec=0xbbf25296430 <rb_inspect.rb_funcallv_data>, argc=1, argv=<optimized out>, kw_splat=0) at vm.c:1179
#9  rb_yield_0 (argc=1, argv=<optimized out>) at ./vm_eval.c:1227
#10 rb_yield_1 (val=<optimized out>) at ./vm_eval.c:1233
#11 0x00000bbf25129918 in int_dotimes (num=200001) at numeric.c:5201
#12 0x00000bbf2525014f in vm_call_cfunc_with_frame (ec=<optimized out>, reg_cfp=<optimized out>, calling=<optimized out>, cd=<optimized out>, empty_kw_splat=<optimized out>) at ./vm_insnhelper.c:2514
#13 vm_call_cfunc (ec=0xbbf3908ba50, reg_cfp=0xbbea2dd7f90, calling=<optimized out>, cd=<optimized out>) at ./vm_insnhelper.c:2539
#14 0x00000bbf2523471b in vm_sendish (ec=<optimized out>, reg_cfp=<optimized out>, cd=0xbbf4722cef0, block_handler=<optimized out>, method_explorer=<optimized out>) at ./vm_insnhelper.c:4023
#15 vm_exec_core (ec=0xbbf3908ba50, initial=<optimized out>) at insns.def:782
#16 0x00000bbf2524c06a in rb_vm_exec (ec=<optimized out>, mjit_enable_p=<optimized out>) at vm.c:2139
#17 0x00000bbf250a094b in rb_ec_exec_node (ec=<optimized out>, n=<optimized out>) at eval.c:278
#18 ruby_run_node (n=<optimized out>) at eval.c:336
#19 0x00000bbc64c0139c in main (argc=<optimized out>, argv=<optimized out>) at ./main.c:50
(gdb) print *cd
$1 = {cc = {method_state = 140, class_serial = {6, 0, 0}, me = 0xbbea185bdb0, method_serial = 42, call = 0xbbf252339a0 <vm_call_general>, aux = {index = 0, method_missing_reason = MISSING_NOENTRY}}, ci = {mid = 2753, flag = 0, orig_argc = 0}}
(gdb) print *(cd->cc->me)
$2 = {flags = 9535493, defined_class = 12914954958280, def = 0x646f6874654d, called_id = 0, owner = 0}
(gdb) print *(cd->cc->me->def)
Cannot access memory at address 0x646f6874654d
Actions #2

Updated by nagachika (Tomoyuki Chikanaga) almost 4 years ago

  • Backport changed from 2.5: UNKNOWN, 2.6: UNKNOWN, 2.7: UNKNOWN to 2.5: UNKNOWN, 2.6: UNKNOWN, 2.7: REQUIRED
Actions #3

Updated by jeremyevans0 (Jeremy Evans) almost 4 years ago

  • Status changed from Open to Closed

Updated by decuplet (Nikita Shilnikov) almost 4 years ago

@jeremyevans0 (Jeremy Evans) was this fixed? I can't find any references to this issue from the repo, perhaps I'm missing something.

Updated by jeremyevans0 (Jeremy Evans) almost 4 years ago

decuplet (Nikita Shilnikov) wrote in #note-4:

@jeremyevans0 (Jeremy Evans) was this fixed? I can't find any references to this issue from the repo, perhaps I'm missing something.

It's fixed in master, so the issue is closed, but the flag to backport to 2.7 is set to required. This is our standard way to mark issues for backporting. I'll see if I can bisect to find the commit that fixes this.

Updated by jeremyevans0 (Jeremy Evans) almost 4 years ago

@nagachika (Tomoyuki Chikanaga) I bisected this to 0d24fb774d84d4a99454ce10fd343da00049a588. As the inspect output is not of critical importance, I recommend reverting the commit in 2.7.

Updated by nagachika (Tomoyuki Chikanaga) over 3 years ago

  • Backport changed from 2.5: UNKNOWN, 2.6: UNKNOWN, 2.7: REQUIRED to 2.5: UNKNOWN, 2.6: UNKNOWN, 2.7: DONE

ruby_2_7 2c9dd060ab487a96e391793bd782cef6fd471b83.

Updated by nagachika (Tomoyuki Chikanaga) over 3 years ago

Thank you jeremy for your investigation.
I reverted the commit at 2c9dd060ab487a96e391793bd782cef6fd471b83 according to your recommendation. thanks!

Actions

Also available in: Atom PDF

Like0
Like0Like0Like0Like0Like0Like0Like0Like0