Bug #17807


"Segmentation fault at 0x0000000000000008" crash when accessing instance variables of Process::Waiter instances (Ruby 2.3 to 2.6)

Added by ivoanjo (Ivo Anjo) about 1 month ago. Updated 26 days ago.

Target version:
ruby -v:
ruby 2.6.7p197 (2021-04-05 revision 67941) [x86_64-linux]


Hey there! I'm in Datadog's ddtrace gem team and one of our customers was running into this crash.

Reproducing it is trivial: ruby -e 'Process.detach(fork {}); Thread.list.last.instance_variable_get(:@kaboom)'.

The issue seems to be that some of the internal structures of the Process::Waiter are not properly initialized, and so trying to access instance variables on an instance of that very special class triggers the crash.

This seems to affect Ruby from 2.3 up to 2.6, on both Linux and macOS. I've attached a crash log, but probably running the reproducer example is faster :)

As I said above, this crash is gone on 2.7 and 3.0. I could not find any mention of this crash, so I suspect the fix may have been a happy side effect of some refactoring, rather than a deliberate thing.
Furthermore, I know that out of the affected versions, only 2.6 is the only one still not EOL, and I am not sure if this can be qualified as a security issue. I decided to report it anyway, in the spirit of documenting what I learned. Feel free to close the ticket if indeed there's no plans of fixing it.

Finally, here's some hints, if someone out there also needs to work around this issue:

  • defined? (from inside the class) or instance_variable_defined? (from the outside) seem to work, so if you "look before you jump", you can avoid the crash
  • Writing once to any instance variable on any instance of a Process::Waiter seems to initialize whatever was missing; afterwards, any instance of this class will behave correctly
  • You can always check the .class of the thread to see if you should skip whatever you were trying to do with it


crash-log.txt (16 KB) crash-log.txt Crash log ivoanjo (Ivo Anjo), 04/16/2021 11:08 AM

Updated by jeremyevans0 (Jeremy Evans) 26 days ago

  • Status changed from Open to Closed

Thank you for the report! I don't think this is a security issue, and since Ruby 2.6 is in security maintenance mode and Ruby 2.7+ is not affected, I'm going to close this.


Also available in: Atom PDF