Project

General

Profile

Bug #16771

Segmentation fault when inspecting a bound method

Added by decuplet (Nikita Shilnikov) 3 months ago. Updated 22 days ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Target version:
-
[ruby-core:97756]

Description

This piece of code leads to a crash in ruby 2.7.1.

bound_method = Kernel.instance_method(:respond_to?).bind(Object.new)
100000.times { bound_method.inspect }

I cannot reproduce the error in 2.7.0 so this must be new.
I attached the output, didn't bother with the crash report log, though. It should be easily reproducible since I found it on CI which runs a different OS.


Files

output.txt (41.3 KB) output.txt decuplet (Nikita Shilnikov), 04/08/2020 10:26 PM

Updated by jeremyevans0 (Jeremy Evans) 3 months ago

I can reproduce this in 2.7.1, but not on master. Here's debugging information:

(gdb) bt
#0  0x00000bbf2523f290 in rb_funcallv_with_cc (cd=0xbbf25296430 <rb_inspect.rb_funcallv_data>, recv=12912719941280, mid=2753, argc=0, argv=0x0) at ./vm_eval.c:1012
#1  0x00000bbf2512f8cf in rb_inspect (obj=12912719941288) at object.c:680
#2  0x00000bbf251678cb in method_inspect (method=12913381588560) at proc.c:2854
#3  0x00000bbf2525014f in vm_call_cfunc_with_frame (ec=<optimized out>, reg_cfp=<optimized out>, calling=<optimized out>, cd=<optimized out>, empty_kw_splat=<optimized out>) at ./vm_insnhelper.c:2514
#4  vm_call_cfunc (ec=0xbbf3908ba50, reg_cfp=0xbbea2dd7f20, calling=<optimized out>, cd=<optimized out>) at ./vm_insnhelper.c:2539
#5  0x00000bbf2523ae24 in vm_sendish (ec=<optimized out>, reg_cfp=<optimized out>, cd=0xbbe82436780, block_handler=0, method_explorer=<optimized out>) at ./vm_insnhelper.c:4023
#6  vm_exec_core (ec=<optimized out>, initial=<optimized out>) at insns.def:801
#7  0x00000bbf2524c06a in rb_vm_exec (ec=<optimized out>, mjit_enable_p=<optimized out>) at vm.c:2139
#8  0x00000bbf25244327 in vm_yield (ec=0xbbf25296430 <rb_inspect.rb_funcallv_data>, argc=1, argv=<optimized out>, kw_splat=0) at vm.c:1179
#9  rb_yield_0 (argc=1, argv=<optimized out>) at ./vm_eval.c:1227
#10 rb_yield_1 (val=<optimized out>) at ./vm_eval.c:1233
#11 0x00000bbf25129918 in int_dotimes (num=200001) at numeric.c:5201
#12 0x00000bbf2525014f in vm_call_cfunc_with_frame (ec=<optimized out>, reg_cfp=<optimized out>, calling=<optimized out>, cd=<optimized out>, empty_kw_splat=<optimized out>) at ./vm_insnhelper.c:2514
#13 vm_call_cfunc (ec=0xbbf3908ba50, reg_cfp=0xbbea2dd7f90, calling=<optimized out>, cd=<optimized out>) at ./vm_insnhelper.c:2539
#14 0x00000bbf2523471b in vm_sendish (ec=<optimized out>, reg_cfp=<optimized out>, cd=0xbbf4722cef0, block_handler=<optimized out>, method_explorer=<optimized out>) at ./vm_insnhelper.c:4023
#15 vm_exec_core (ec=0xbbf3908ba50, initial=<optimized out>) at insns.def:782
#16 0x00000bbf2524c06a in rb_vm_exec (ec=<optimized out>, mjit_enable_p=<optimized out>) at vm.c:2139
#17 0x00000bbf250a094b in rb_ec_exec_node (ec=<optimized out>, n=<optimized out>) at eval.c:278
#18 ruby_run_node (n=<optimized out>) at eval.c:336
#19 0x00000bbc64c0139c in main (argc=<optimized out>, argv=<optimized out>) at ./main.c:50
(gdb) print *cd
$1 = {cc = {method_state = 140, class_serial = {6, 0, 0}, me = 0xbbea185bdb0, method_serial = 42, call = 0xbbf252339a0 <vm_call_general>, aux = {index = 0, method_missing_reason = MISSING_NOENTRY}}, ci = {mid = 2753, flag = 0, orig_argc = 0}}
(gdb) print *(cd->cc->me)
$2 = {flags = 9535493, defined_class = 12914954958280, def = 0x646f6874654d, called_id = 0, owner = 0}
(gdb) print *(cd->cc->me->def)
Cannot access memory at address 0x646f6874654d
#2

Updated by nagachika (Tomoyuki Chikanaga) 3 months ago

  • Backport changed from 2.5: UNKNOWN, 2.6: UNKNOWN, 2.7: UNKNOWN to 2.5: UNKNOWN, 2.6: UNKNOWN, 2.7: REQUIRED
#3

Updated by jeremyevans0 (Jeremy Evans) about 2 months ago

  • Status changed from Open to Closed

Updated by decuplet (Nikita Shilnikov) 22 days ago

jeremyevans0 (Jeremy Evans) was this fixed? I can't find any references to this issue from the repo, perhaps I'm missing something.

Updated by jeremyevans0 (Jeremy Evans) 22 days ago

decuplet (Nikita Shilnikov) wrote in #note-4:

jeremyevans0 (Jeremy Evans) was this fixed? I can't find any references to this issue from the repo, perhaps I'm missing something.

It's fixed in master, so the issue is closed, but the flag to backport to 2.7 is set to required. This is our standard way to mark issues for backporting. I'll see if I can bisect to find the commit that fixes this.

Updated by jeremyevans0 (Jeremy Evans) 22 days ago

nagachika (Tomoyuki Chikanaga) I bisected this to 0d24fb774d84d4a99454ce10fd343da00049a588. As the inspect output is not of critical importance, I recommend reverting the commit in 2.7.

Also available in: Atom PDF