Project

General

Profile

Actions

Bug #17880

closed

[BUG] We are killing the stack canary set by `opt_setinlinecache`

Added by byroot (Jean Boussier) 3 months ago. Updated about 2 months ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Target version:
-
ruby -v:
ruby 3.1.0dev (2021-05-22T06:57:24Z f698294cc4) [x86_64-linux] (RUBY_DEBUG)
[ruby-core:103971]

Description

I commented out the faulty assertions in https://bugs.ruby-lang.org/issues/17879 to see if some other bug is lurking. See: https://github.com/Shopify/ruby/commit/f698294cc419e696f1cabd8d05e7576c3e490a7a (directly after current master)

This one is less common, most of our CI workers pass, only a minority hit this bug

We are killing the stack canary set by opt_setinlinecache, at <RubyVM::InstructionSequence:user_verification_required?@/app/components/merchant_risk/app/public/merchant_risk/kym/query/payment_provider/user_verification_required_response.rb:53>@pc=7
watch out the C stack trace.
== disasm: #<ISeq:user_verification_required?@/app/components/merchant_risk/app/public/merchant_risk/kym/query/payment_provider/user_verification_required_response.rb:53 (53,12)-(55,15)> (catch: FALSE)
local table (size: 3, argc: 0 [opts: 0, rest: -1, post: 0, block: -1, kw: 2@2, kwrest: -1])
[ 3] provider_id@0[ 2] user_facts@1[ 1] ?@2
0000 opt_getinlinecache                     9, <is:0>                 (  54)[LiCa]
0003 putobject                              true
0005 getconstant                            :HIGH_FRAUD_RATE_PROVIDERS
0007 opt_setinlinecache                     <is:0>
0009 getlocal_WC_0                          provider_id@0
0011 opt_send_without_block                 <calldata!mid:include?, argc:1, ARGS_SIMPLE>
0013 dup
0014 branchunless                           23
0016 pop
0017 getlocal_WC_0                          user_facts@1
0019 opt_send_without_block                 <calldata!mid:email_verified?, argc:0, ARGS_SIMPLE>
0021 opt_not                                <calldata!mid:!, argc:0, ARGS_SIMPLE>
0023 opt_not                                <calldata!mid:!, argc:0, ARGS_SIMPLE>
0025 opt_not                                <calldata!mid:!, argc:0, ARGS_SIMPLE>
0027 leave                                                            (  55)[Re]
/app/components/merchant_risk/app/public/merchant_risk/kym/query/payment_provider/user_verification_required_response.rb:54: [BUG] see above.
ruby 3.1.0dev (2021-05-22T06:57:24Z shopify f698294cc4) [x86_64-linux]

-- C level backtrace information -------------------------------------------
/usr/local/bin/ruby(rb_print_backtrace+0x11) [0x5649b8803527] vm_dump.c:759
/usr/local/bin/ruby(rb_vm_bugreport) vm_dump.c:1041
/usr/local/bin/ruby(bug_report_end+0x0) [0x5649b863785f] error.c:777
/usr/local/bin/ruby(rb_bug_without_die) error.c:777
/usr/local/bin/ruby(die+0x0) [0x5649b860657a] error.c:785
/usr/local/bin/ruby(rb_bug) error.c:787
/usr/local/bin/ruby(rb_vm_check_canary+0xe8) [0x5649b87d6298] vm_insnhelper.c:284
/usr/local/bin/ruby(vm_call0_body+0x353) [0x5649b87eb883] vm_eval.c:169
/usr/local/bin/ruby(rb_funcallv_scope+0x126) [0x5649b87eeff6] vm_eval.c:72
/usr/local/bin/ruby(rb_eql+0x79) [0x5649b86c6e39] object.c:187
/usr/local/bin/ruby(rb_any_cmp+0x2e) [0x5649b866cc48] hash.c:132
/usr/local/bin/ruby(rb_any_cmp) hash.c:120
/usr/local/bin/ruby(ar_equal+0x9) [0x5649b866cd49] hash.c:694
/usr/local/bin/ruby(ar_find_entry_hint+0x1cf) [0x5649b866cf2f] hash.c:708
/usr/local/bin/ruby(ar_foreach_check+0x39) [0x5649b866d1ad] hash.c:988
/usr/local/bin/ruby(hash_foreach_call) hash.c:1503
/usr/local/bin/ruby(rb_ensure+0x129) [0x5649b8643bf9] eval.c:1166
/usr/local/bin/ruby(rb_hash_foreach+0x77) [0x5649b8668bb7] hash.c:1527
/usr/local/bin/ruby(obj_traverse_i+0x1e7) [0x5649b8712ab7] ractor.c:2330
/usr/local/bin/ruby(obj_traverse_i+0x242) [0x5649b8712b12] ractor.c:2308
/usr/local/bin/ruby(rb_obj_traverse+0x40) [0x5649b8718fd3] ractor.c:2276
/usr/local/bin/ruby(rb_ractor_shareable_p_continue) ractor.c:2540
/usr/local/bin/ruby(vm_ic_update+0x55) [0x5649b87f3263] vm_insnhelper.c:4662
/usr/local/bin/ruby(vm_exec_core) insns.def:1027
/usr/local/bin/ruby(rb_vm_exec+0xbc) [0x5649b87e5d2c] vm.c:2169
/usr/local/bin/ruby(vm_call0_body+0x40f) [0x5649b87eb93f] vm_eval.c:178
/usr/local/bin/ruby(rb_vm_call0+0xfb) [0x5649b87ebf6b] vm_eval.c:57
/usr/local/bin/ruby(umethod_bind_call+0x11e) [0x5649b870012e] proc.c:2437
/usr/local/bin/ruby(vm_call_cfunc_with_frame+0x10e) [0x5649b87d9a7e] vm_insnhelper.c:2943
/usr/local/bin/ruby(vm_sendish+0x30e) [0x5649b87e550e] vm_insnhelper.c:4521
/usr/local/bin/ruby(vm_exec_core+0x169) [0x5649b87f07c9] insns.def:754
/usr/local/bin/ruby(rb_vm_exec+0xbc) [0x5649b87e5d2c] vm.c:2169
/usr/local/bin/ruby(rb_ec_ractor_ptr+0x0) [0x5649b87e6c8a] vm.c:1290
/usr/local/bin/ruby(rb_ec_ractor_hooks) vm_core.h:2004
/usr/local/bin/ruby(invoke_bmethod) vm.c:1292
/usr/local/bin/ruby(invoke_iseq_block_from_c) vm.c:1335
/usr/local/bin/ruby(invoke_block_from_c_proc) vm.c:1432
/usr/local/bin/ruby(rb_vm_invoke_bmethod) vm.c:1468
/usr/local/bin/ruby(vm_call_bmethod+0x16b) [0x5649b87e70ab] vm_insnhelper.c:3002
/usr/local/bin/ruby(vm_call_method_each_type+0x1b5) [0x5649b87e72e5] vm_insnhelper.c:3459
/usr/local/bin/ruby(vm_call_method+0x11f) [0x5649b87e79ff] vm_insnhelper.c:3551
/usr/local/bin/ruby(vm_sendish+0x30e) [0x5649b87e550e] vm_insnhelper.c:4521
/usr/local/bin/ruby(vm_exec_core+0xf3) [0x5649b87f0753] insns.def:773
/usr/local/bin/ruby(rb_vm_exec+0xbc) [0x5649b87e5d2c] vm.c:2169
/usr/local/bin/ruby(rb_yield+0xad) [0x5649b87eafcd] vm.c:1395
/usr/local/bin/ruby(rb_ary_collect+0xb2) [0x5649b8819432] array.c:3646
/usr/local/bin/ruby(vm_call_cfunc_with_frame+0x10e) [0x5649b87d9a7e] vm_insnhelper.c:2943
/usr/local/bin/ruby(vm_sendish+0x30e) [0x5649b87e550e] vm_insnhelper.c:4521
/usr/local/bin/ruby(vm_exec_core+0x169) [0x5649b87f07c9] insns.def:754
/usr/local/bin/ruby(rb_vm_exec+0xbc) [0x5649b87e5d2c] vm.c:2169
/usr/local/bin/ruby(rb_ec_ractor_ptr+0x0) [0x5649b87e6c8a] vm.c:1290
/usr/local/bin/ruby(rb_ec_ractor_hooks) vm_core.h:2004
/usr/local/bin/ruby(invoke_bmethod) vm.c:1292
/usr/local/bin/ruby(invoke_iseq_block_from_c) vm.c:1335
/usr/local/bin/ruby(invoke_block_from_c_proc) vm.c:1432
/usr/local/bin/ruby(rb_vm_invoke_bmethod) vm.c:1468
/usr/local/bin/ruby(vm_call0_body+0x4d1) [0x5649b87eba01] vm_insnhelper.c:3002
/usr/local/bin/ruby(rb_call0+0x136) [0x5649b87ee326] vm_eval.c:72
/usr/local/bin/ruby(send_internal+0x124) [0x5649b87ee5e4] vm_eval.c:1258
/usr/local/bin/ruby(vm_call_cfunc_with_frame+0x10e) [0x5649b87d9a7e] vm_insnhelper.c:2943
/usr/local/bin/ruby(vm_call_method_each_type+0x7d) [0x5649b87e71ad] vm_insnhelper.c:3433
/usr/local/bin/ruby(vm_call_method+0x11f) [0x5649b87e79ff] vm_insnhelper.c:3551
/usr/local/bin/ruby(vm_sendish+0x30e) [0x5649b87e550e] vm_insnhelper.c:4521
/usr/local/bin/ruby(vm_exec_core+0xf3) [0x5649b87f0753] insns.def:773
/usr/local/bin/ruby(rb_vm_exec+0xbc) [0x5649b87e5d2c] vm.c:2169
/usr/local/bin/ruby(rb_ec_ractor_ptr+0x0) [0x5649b87e6c8a] vm.c:1290
/usr/local/bin/ruby(rb_ec_ractor_hooks) vm_core.h:2004
/usr/local/bin/ruby(invoke_bmethod) vm.c:1292
/usr/local/bin/ruby(invoke_iseq_block_from_c) vm.c:1335
/usr/local/bin/ruby(invoke_block_from_c_proc) vm.c:1432
/usr/local/bin/ruby(rb_vm_invoke_bmethod) vm.c:1468
/usr/local/bin/ruby(vm_call_bmethod+0x16b) [0x5649b87e70ab] vm_insnhelper.c:3002
/usr/local/bin/ruby(vm_call_method_each_type+0x1b5) [0x5649b87e72e5] vm_insnhelper.c:3459
/usr/local/bin/ruby(vm_call_method+0x11f) [0x5649b87e79ff] vm_insnhelper.c:3551
/usr/local/bin/ruby(vm_sendish+0x30e) [0x5649b87e550e] vm_insnhelper.c:4521
/usr/local/bin/ruby(vm_exec_core+0xf3) [0x5649b87f0753] insns.def:773
/usr/local/bin/ruby(rb_vm_exec+0xbc) [0x5649b87e5d2c] vm.c:2169
/usr/local/bin/ruby(vm_call0_body+0x40f) [0x5649b87eb93f] vm_eval.c:178
/usr/local/bin/ruby(rb_vm_call0+0xfb) [0x5649b87ebf6b] vm_eval.c:57
/usr/local/bin/ruby(umethod_bind_call+0x11e) [0x5649b870012e] proc.c:2437
/usr/local/bin/ruby(vm_call_cfunc_with_frame+0x10e) [0x5649b87d9a7e] vm_insnhelper.c:2943
/usr/local/bin/ruby(vm_sendish+0x30e) [0x5649b87e550e] vm_insnhelper.c:4521
/usr/local/bin/ruby(vm_exec_core+0x169) [0x5649b87f07c9] insns.def:754
/usr/local/bin/ruby(rb_vm_exec+0xbc) [0x5649b87e5d2c] vm.c:2169
/usr/local/bin/ruby(rb_ec_ractor_ptr+0x0) [0x5649b87e6c8a] vm.c:1290
/usr/local/bin/ruby(rb_ec_ractor_hooks) vm_core.h:2004
/usr/local/bin/ruby(invoke_bmethod) vm.c:1292
/usr/local/bin/ruby(invoke_iseq_block_from_c) vm.c:1335
/usr/local/bin/ruby(invoke_block_from_c_proc) vm.c:1432
/usr/local/bin/ruby(rb_vm_invoke_bmethod) vm.c:1468
/usr/local/bin/ruby(vm_call_bmethod+0x16b) [0x5649b87e70ab] vm_insnhelper.c:3002
/usr/local/bin/ruby(vm_call_method_each_type+0x1b5) [0x5649b87e72e5] vm_insnhelper.c:3459
/usr/local/bin/ruby(vm_call_method+0x11f) [0x5649b87e79ff] vm_insnhelper.c:3551
/usr/local/bin/ruby(vm_sendish+0x30e) [0x5649b87e550e] vm_insnhelper.c:4521
/usr/local/bin/ruby(vm_exec_core+0xf3) [0x5649b87f0753] insns.def:773
/usr/local/bin/ruby(rb_vm_exec+0xbc) [0x5649b87e5d2c] vm.c:2169
/usr/local/bin/ruby(vm_call0_body+0x40f) [0x5649b87eb93f] vm_eval.c:178
/usr/local/bin/ruby(rb_call0+0x136) [0x5649b87ee326] vm_eval.c:72
/usr/local/bin/ruby(send_internal+0x124) [0x5649b87ee5e4] vm_eval.c:1258
/usr/local/bin/ruby(vm_call_cfunc_with_frame+0x10e) [0x5649b87d9a7e] vm_insnhelper.c:2943
/usr/local/bin/ruby(vm_call_method_each_type+0x7d) [0x5649b87e71ad] vm_insnhelper.c:3433
/usr/local/bin/ruby(vm_call_method+0x11f) [0x5649b87e79ff] vm_insnhelper.c:3551
/usr/local/bin/ruby(vm_sendish+0x30e) [0x5649b87e550e] vm_insnhelper.c:4521
/usr/local/bin/ruby(vm_exec_core+0xf3) [0x5649b87f0753] insns.def:773
/usr/local/bin/ruby(rb_vm_exec+0xbc) [0x5649b87e5d2c] vm.c:2169
/usr/local/bin/ruby(vm_call0_body+0x40f) [0x5649b87eb93f] vm_eval.c:178
/usr/local/bin/ruby(rb_call0+0x136) [0x5649b87ee326] vm_eval.c:72
/usr/local/bin/ruby(send_internal+0x124) [0x5649b87ee5e4] vm_eval.c:1258
/usr/local/bin/ruby(vm_call_cfunc_with_frame+0x10e) [0x5649b87d9a7e] vm_insnhelper.c:2943
/usr/local/bin/ruby(vm_call_method_each_type+0x7d) [0x5649b87e71ad] vm_insnhelper.c:3433
/usr/local/bin/ruby(vm_call_method+0x11f) [0x5649b87e79ff] vm_insnhelper.c:3551
/usr/local/bin/ruby(vm_sendish+0x30e) [0x5649b87e550e] vm_insnhelper.c:4521
/usr/local/bin/ruby(vm_exec_core+0xf3) [0x5649b87f0753] insns.def:773
/usr/local/bin/ruby(rb_vm_exec+0xbc) [0x5649b87e5d2c] vm.c:2169
/usr/local/bin/ruby(vm_call0_body+0x40f) [0x5649b87eb93f] vm_eval.c:178
/usr/local/bin/ruby(rb_vm_call0+0xfb) [0x5649b87ebf6b] vm_eval.c:57
/usr/local/bin/ruby(umethod_bind_call+0x11e) [0x5649b870012e] proc.c:2437
/usr/local/bin/ruby(vm_call_cfunc_with_frame+0x10e) [0x5649b87d9a7e] vm_insnhelper.c:2943
/usr/local/bin/ruby(vm_sendish+0x30e) [0x5649b87e550e] vm_insnhelper.c:4521
/usr/local/bin/ruby(vm_exec_core+0x169) [0x5649b87f07c9] insns.def:754
/usr/local/bin/ruby(rb_vm_exec+0xbc) [0x5649b87e5d2c] vm.c:2169
/usr/local/bin/ruby(rb_ec_ractor_ptr+0x0) [0x5649b87e6c8a] vm.c:1290
/usr/local/bin/ruby(rb_ec_ractor_hooks) vm_core.h:2004
/usr/local/bin/ruby(invoke_bmethod) vm.c:1292
/usr/local/bin/ruby(invoke_iseq_block_from_c) vm.c:1335
/usr/local/bin/ruby(invoke_block_from_c_proc) vm.c:1432
/usr/local/bin/ruby(rb_vm_invoke_bmethod) vm.c:1468
/usr/local/bin/ruby(vm_call_bmethod+0x16b) [0x5649b87e70ab] vm_insnhelper.c:3002
/usr/local/bin/ruby(vm_sendish+0x30e) [0x5649b87e550e] vm_insnhelper.c:4521
/usr/local/bin/ruby(vm_exec_core+0x169) [0x5649b87f07c9] insns.def:754
/usr/local/bin/ruby(rb_vm_exec+0xbc) [0x5649b87e5d2c] vm.c:2169
/usr/local/bin/ruby(rb_yield_values2+0xa1) [0x5649b87ea7e1] vm.c:1395
/usr/local/bin/ruby(each_pair_i_fast+0x37) [0x5649b8668687] hash.c:3103
/usr/local/bin/ruby(hash_ar_foreach_iter+0x11) [0x5649b866d185] hash.c:1355
/usr/local/bin/ruby(ar_foreach_check) hash.c:981
/usr/local/bin/ruby(hash_foreach_call) hash.c:1503
/usr/local/bin/ruby(rb_ensure+0x129) [0x5649b8643bf9] eval.c:1166
/usr/local/bin/ruby(rb_hash_foreach+0x77) [0x5649b8668bb7] hash.c:1527
/usr/local/bin/ruby(rb_hash_each_pair+0x47) [0x5649b866fee7] hash.c:3140
/usr/local/bin/ruby(vm_call_cfunc_with_frame+0x10e) [0x5649b87d9a7e] vm_insnhelper.c:2943
/usr/local/bin/ruby(vm_sendish+0x30e) [0x5649b87e550e] vm_insnhelper.c:4521
/usr/local/bin/ruby(vm_exec_core+0x169) [0x5649b87f07c9] insns.def:754
/usr/local/bin/ruby(rb_vm_exec+0xbc) [0x5649b87e5d2c] vm.c:2169
/usr/local/bin/ruby(rb_yield_values2+0xa1) [0x5649b87ea7e1] vm.c:1395
/usr/local/bin/ruby(each_pair_i_fast+0x37) [0x5649b8668687] hash.c:3103
/usr/local/bin/ruby(hash_ar_foreach_iter+0x11) [0x5649b866d185] hash.c:1355
/usr/local/bin/ruby(ar_foreach_check) hash.c:981
/usr/local/bin/ruby(hash_foreach_call) hash.c:1503
/usr/local/bin/ruby(rb_ensure+0x129) [0x5649b8643bf9] eval.c:1166
/usr/local/bin/ruby(rb_hash_foreach+0x77) [0x5649b8668bb7] hash.c:1527
/usr/local/bin/ruby(rb_hash_each_pair+0x47) [0x5649b866fee7] hash.c:3140
/usr/local/bin/ruby(vm_call_cfunc_with_frame+0x10e) [0x5649b87d9a7e] vm_insnhelper.c:2943
/usr/local/bin/ruby(vm_sendish+0x30e) [0x5649b87e550e] vm_insnhelper.c:4521
/usr/local/bin/ruby(vm_exec_core+0x169) [0x5649b87f07c9] insns.def:754
/usr/local/bin/ruby(rb_vm_exec+0xbc) [0x5649b87e5d2c] vm.c:2169
/usr/local/bin/ruby(vm_call0_body+0x40f) [0x5649b87eb93f] vm_eval.c:178
/usr/local/bin/ruby(rb_vm_call0+0xfb) [0x5649b87ebf6b] vm_eval.c:57
/usr/local/bin/ruby(umethod_bind_call+0x11e) [0x5649b870012e] proc.c:2437
/usr/local/bin/ruby(vm_call_cfunc_with_frame+0x10e) [0x5649b87d9a7e] vm_insnhelper.c:2943
/usr/local/bin/ruby(vm_sendish+0x30e) [0x5649b87e550e] vm_insnhelper.c:4521
/usr/local/bin/ruby(vm_exec_core+0x169) [0x5649b87f07c9] insns.def:754
/usr/local/bin/ruby(rb_vm_exec+0xbc) [0x5649b87e5d2c] vm.c:2169
/usr/local/bin/ruby(rb_ec_ractor_ptr+0x0) [0x5649b87e6c8a] vm.c:1290
/usr/local/bin/ruby(rb_ec_ractor_hooks) vm_core.h:2004
/usr/local/bin/ruby(invoke_bmethod) vm.c:1292
/usr/local/bin/ruby(invoke_iseq_block_from_c) vm.c:1335
/usr/local/bin/ruby(invoke_block_from_c_proc) vm.c:1432
/usr/local/bin/ruby(rb_vm_invoke_bmethod) vm.c:1468
/usr/local/bin/ruby(vm_call_bmethod+0x16b) [0x5649b87e70ab] vm_insnhelper.c:3002
/usr/local/bin/ruby(vm_sendish+0x30e) [0x5649b87e550e] vm_insnhelper.c:4521
/usr/local/bin/ruby(vm_exec_core+0x169) [0x5649b87f07c9] insns.def:754
/usr/local/bin/ruby(rb_vm_exec+0xbc) [0x5649b87e5d2c] vm.c:2169
/usr/local/bin/ruby(rb_yield_values2+0xa1) [0x5649b87ea7e1] vm.c:1395
/usr/local/bin/ruby(each_with_index_i+0x89) [0x5649b8890489] enum.c:2452
/usr/local/bin/ruby(rb_vm_pop_frame+0x0) [0x5649b87e3384] vm_insnhelper.c:3749
/usr/local/bin/ruby(vm_yield_with_cfunc) vm_insnhelper.c:3750
/usr/local/bin/ruby(rb_yield+0xad) [0x5649b87eafcd] vm.c:1395
/usr/local/bin/ruby(rb_ary_each+0xa7) [0x5649b8817257] array.c:2534
/usr/local/bin/ruby(vm_call0_cfunc_with_frame+0x6d) [0x5649b87eb687] vm_eval.c:135
/usr/local/bin/ruby(vm_call0_cfunc) vm_eval.c:149
/usr/local/bin/ruby(vm_call0_body) vm_eval.c:182
/usr/local/bin/ruby(rb_call0+0x136) [0x5649b87ee326] vm_eval.c:72
/usr/local/bin/ruby(iterate_method+0x47) [0x5649b87ee997] vm_eval.c:845
/usr/local/bin/ruby(rb_iterate0+0x19e) [0x5649b87df90e] vm_eval.c:1528
/usr/local/bin/ruby(rb_block_call+0x7f) [0x5649b87dfc1f] vm_eval.c:1560
/usr/local/bin/ruby(enum_each_with_index+0x4c) [0x5649b888da2c] enum.c:2482
/usr/local/bin/ruby(vm_call_cfunc_with_frame+0x10e) [0x5649b87d9a7e] vm_insnhelper.c:2943
/usr/local/bin/ruby(vm_sendish+0x30e) [0x5649b87e550e] vm_insnhelper.c:4521
/usr/local/bin/ruby(vm_exec_core+0x169) [0x5649b87f07c9] insns.def:754
/usr/local/bin/ruby(rb_vm_exec+0xbc) [0x5649b87e5d2c] vm.c:2169
/usr/local/bin/ruby(vm_call0_body+0x40f) [0x5649b87eb93f] vm_eval.c:178
/usr/local/bin/ruby(rb_vm_call0+0xfb) [0x5649b87ebf6b] vm_eval.c:57
/usr/local/bin/ruby(umethod_bind_call+0x11e) [0x5649b870012e] proc.c:2437
/usr/local/bin/ruby(vm_call_cfunc_with_frame+0x10e) [0x5649b87d9a7e] vm_insnhelper.c:2943
/usr/local/bin/ruby(vm_sendish+0x30e) [0x5649b87e550e] vm_insnhelper.c:4521
/usr/local/bin/ruby(vm_exec_core+0x169) [0x5649b87f07c9] insns.def:754
/usr/local/bin/ruby(rb_vm_exec+0xbc) [0x5649b87e5d2c] vm.c:2169
/usr/local/bin/ruby(rb_ec_ractor_ptr+0x0) [0x5649b87e6c8a] vm.c:1290
/usr/local/bin/ruby(rb_ec_ractor_hooks) vm_core.h:2004
/usr/local/bin/ruby(invoke_bmethod) vm.c:1292
/usr/local/bin/ruby(invoke_iseq_block_from_c) vm.c:1335
/usr/local/bin/ruby(invoke_block_from_c_proc) vm.c:1432
/usr/local/bin/ruby(rb_vm_invoke_bmethod) vm.c:1468
/usr/local/bin/ruby(vm_call_bmethod+0x16b) [0x5649b87e70ab] vm_insnhelper.c:3002
/usr/local/bin/ruby(vm_sendish+0x30e) [0x5649b87e550e] vm_insnhelper.c:4521
/usr/local/bin/ruby(vm_exec_core+0x169) [0x5649b87f07c9] insns.def:754
/usr/local/bin/ruby(rb_vm_exec+0xbc) [0x5649b87e5d2c] vm.c:2169
/usr/local/bin/ruby(vm_call0_body+0x40f) [0x5649b87eb93f] vm_eval.c:178
/usr/local/bin/ruby(rb_vm_call0+0xfb) [0x5649b87ebf6b] vm_eval.c:57
/usr/local/bin/ruby(umethod_bind_call+0x11e) [0x5649b870012e] proc.c:2437
/usr/local/bin/ruby(vm_call_cfunc_with_frame+0x10e) [0x5649b87d9a7e] vm_insnhelper.c:2943
/usr/local/bin/ruby(vm_sendish+0x30e) [0x5649b87e550e] vm_insnhelper.c:4521
/usr/local/bin/ruby(vm_exec_core+0x169) [0x5649b87f07c9] insns.def:754
/usr/local/bin/ruby(rb_vm_exec+0xbc) [0x5649b87e5d2c] vm.c:2169
/usr/local/bin/ruby(rb_ec_ractor_ptr+0x0) [0x5649b87e6c8a] vm.c:1290
/usr/local/bin/ruby(rb_ec_ractor_hooks) vm_core.h:2004
/usr/local/bin/ruby(invoke_bmethod) vm.c:1292
/usr/local/bin/ruby(invoke_iseq_block_from_c) vm.c:1335
/usr/local/bin/ruby(invoke_block_from_c_proc) vm.c:1432
/usr/local/bin/ruby(rb_vm_invoke_bmethod) vm.c:1468
/usr/local/bin/ruby(vm_call_bmethod+0x16b) [0x5649b87e70ab] vm_insnhelper.c:3002
/usr/local/bin/ruby(vm_sendish+0x30e) [0x5649b87e550e] vm_insnhelper.c:4521
/usr/local/bin/ruby(vm_exec_core+0x169) [0x5649b87f07c9] insns.def:754
/usr/local/bin/ruby(rb_vm_exec+0xbc) [0x5649b87e5d2c] vm.c:2169
/usr/local/bin/ruby(vm_call0_body+0x40f) [0x5649b87eb93f] vm_eval.c:178
/usr/local/bin/ruby(rb_vm_call0+0xfb) [0x5649b87ebf6b] vm_eval.c:57
/usr/local/bin/ruby(umethod_bind_call+0x11e) [0x5649b870012e] proc.c:2437
/usr/local/bin/ruby(vm_call_cfunc_with_frame+0x10e) [0x5649b87d9a7e] vm_insnhelper.c:2943
/usr/local/bin/ruby(vm_sendish+0x30e) [0x5649b87e550e] vm_insnhelper.c:4521
/usr/local/bin/ruby(vm_exec_core+0x169) [0x5649b87f07c9] insns.def:754
/usr/local/bin/ruby(rb_vm_exec+0xbc) [0x5649b87e5d2c] vm.c:2169
/usr/local/bin/ruby(rb_ec_ractor_ptr+0x0) [0x5649b87e6c8a] vm.c:1290
/usr/local/bin/ruby(rb_ec_ractor_hooks) vm_core.h:2004
/usr/local/bin/ruby(invoke_bmethod) vm.c:1292
/usr/local/bin/ruby(invoke_iseq_block_from_c) vm.c:1335
/usr/local/bin/ruby(invoke_block_from_c_proc) vm.c:1432
/usr/local/bin/ruby(rb_vm_invoke_bmethod) vm.c:1468
/usr/local/bin/ruby(vm_call_bmethod+0x16b) [0x5649b87e70ab] vm_insnhelper.c:3002
/usr/local/bin/ruby(vm_call_method_each_type+0x1b5) [0x5649b87e72e5] vm_insnhelper.c:3459
/usr/local/bin/ruby(vm_call_method+0x11f) [0x5649b87e79ff] vm_insnhelper.c:3551
/usr/local/bin/ruby(vm_sendish+0x30e) [0x5649b87e550e] vm_insnhelper.c:4521
/usr/local/bin/ruby(vm_exec_core+0x169) [0x5649b87f07c9] insns.def:754
/usr/local/bin/ruby(rb_vm_exec+0xbc) [0x5649b87e5d2c] vm.c:2169
/usr/local/bin/ruby(rb_ec_ractor_ptr+0x0) [0x5649b87e6c8a] vm.c:1290
/usr/local/bin/ruby(rb_ec_ractor_hooks) vm_core.h:2004
/usr/local/bin/ruby(invoke_bmethod) vm.c:1292
/usr/local/bin/ruby(invoke_iseq_block_from_c) vm.c:1335
/usr/local/bin/ruby(invoke_block_from_c_proc) vm.c:1432
/usr/local/bin/ruby(rb_vm_invoke_bmethod) vm.c:1468
/usr/local/bin/ruby(vm_call_bmethod+0x16b) [0x5649b87e70ab] vm_insnhelper.c:3002
/usr/local/bin/ruby(vm_call_method_each_type+0x1b5) [0x5649b87e72e5] vm_insnhelper.c:3459
/usr/local/bin/ruby(vm_call_method+0x11f) [0x5649b87e79ff] vm_insnhelper.c:3551
/usr/local/bin/ruby(vm_call_symbol+0x15d) [0x5649b87e80dd] vm_insnhelper.c:3157
/usr/local/bin/ruby(vm_call_method_each_type+0x62d) [0x5649b87e775d] vm_insnhelper.c:3469
/usr/local/bin/ruby(vm_call_method+0x11f) [0x5649b87e79ff] vm_insnhelper.c:3551
/usr/local/bin/ruby(vm_sendish+0x30e) [0x5649b87e550e] vm_insnhelper.c:4521
/usr/local/bin/ruby(vm_exec_core+0xf3) [0x5649b87f0753] insns.def:773
/usr/local/bin/ruby(rb_vm_exec+0xbc) [0x5649b87e5d2c] vm.c:2169
/usr/local/bin/ruby(catch_i+0x9d) [0x5649b87ea72d] vm.c:1395
/usr/local/bin/ruby(vm_catch_protect+0x107) [0x5649b87dfe87] vm_eval.c:2418
/usr/local/bin/ruby(rb_catch_obj+0x28) [0x5649b87e011d] vm_eval.c:2444
/usr/local/bin/ruby(rb_f_catch) vm_eval.c:2394
/usr/local/bin/ruby(vm_call_cfunc_with_frame+0x10e) [0x5649b87d9a7e] vm_insnhelper.c:2943
/usr/local/bin/ruby(vm_sendish+0x30e) [0x5649b87e550e] vm_insnhelper.c:4521
/usr/local/bin/ruby(vm_exec_core+0x169) [0x5649b87f07c9] insns.def:754
/usr/local/bin/ruby(rb_vm_exec+0xbc) [0x5649b87e5d2c] vm.c:2169
/usr/local/bin/ruby(rb_vm_invoke_proc+0x6f) [0x5649b87eb48f] vm.c:1482
/usr/local/bin/ruby(rb_proc_call+0x117) [0x5649b86fcef7] proc.c:1001
/usr/local/bin/ruby(exec_end_procs_chain+0x44) [0x5649b8641bad] eval_jump.c:105
/usr/local/bin/ruby(rb_ec_exec_end_proc) eval_jump.c:120
/usr/local/bin/ruby(rb_ec_teardown+0xdd) [0x5649b8641dad] eval.c:175
/usr/local/bin/ruby(rb_ec_cleanup+0x1f1) [0x5649b8642061] eval.c:243
/usr/local/bin/ruby(ruby_run_node+0x62) [0x5649b8642af2] eval.c:375
/usr/local/bin/ruby(main+0x73) [0x5649b8634313] ./main.c:47

Updated by k0kubun (Takashi Kokubun) 2 months ago

It's unfortunate that rb_ractor_sharable_p may call arbitrary methods, but maintaining leafness of opt_setinlinecache is probably not as important as opt_getinlinecache's. We could just set attr bool leaf = false; for fixing this. We probably want a unit test that reproduces this when the canary is enabled before doing that though.

Updated by byroot (Jean Boussier) 2 months ago

We probably want a unit test that reproduces this when the canary is enabled before doing that though.

I'd be happy to try to reproduce this in isolation, but I don't quite understand what the bug is about, so I have no idea where to start.

Any idea what this error is about?

Updated by k0kubun (Takashi Kokubun) 2 months ago

Ah okay, I assumed you already knew it because of the title, but it was just what the error message says.

  • opt_setinlinecache: YARV insn to set a constant value to inline cache. Once the cache is filled, it won't be called again until invalidated.
  • killing the stack canary: This is shown when the insn is marked as leaf but it wasn't leaf.
  • leaf: The insn doesn't call rb_funcall or its variant (rb_funcallv_scope in this case). This is used for optimizations.

In this backtrace, rb_ractor_shareable_p_continue called from vm_ic_update (a part of opt_setinlinecache) was the culprit. Looking at function names like hash_foreach_call and ar_equal, this seems to be caused when you refer to a Hash by a constant on the line for the first time and its internal data structure is ar.

Updated by byroot (Jean Boussier) 2 months ago

I assumed you already knew it because of the title

Totally understandable.

Thanks for the explanation, however I'm afraid my understanding of the problem is still too limited to figure out a repro script.

Updated by byroot (Jean Boussier) 2 months ago

Ok, so I was able to reproduce with this small script:

require "set"

iseq = RubyVM::InstructionSequence.compile <<~RUBY
class Id
  attr_reader :db_id
  def initialize(db_id)
    @db_id = db_id
  end

  def ==(other)
    other.class == self.class && other.db_id == db_id
  end
  alias_method :eql?, :==

  def hash
    self.class.hash | db_id.hash
  end

  def to_s
    db_id.to_s
  end

  def <=>(other)
    db_id <=> other.db_id if other.is_a?(self.class)
  end
end

class Namespace
  IDS = Set[
    Id.new(1).freeze,
    Id.new(2).freeze,
    Id.new(3).freeze,
    Id.new(4).freeze,
  ].freeze

  class << self
    def test?(id)
      IDS.include?(id)
    end
  end
end

p Namespace.test?(Id.new(1))
p Namespace.test?(Id.new(5))
RUBY

puts iseq.disasm

RubyVM::InstructionSequence.load_from_binary(iseq.to_binary).eval

It doesn't crash on every runs though, on my machine it crash about 1 or 2 times out of 10:

$ for i in {0..10}; do ./ruby --disable-did-you-mean -Ilib /tmp/canary-repro.rb 2&> /dev/null; echo $? ; done
Abort trap: 6
134
0
0
0
0
0
0
0
0
Abort trap: 6
134
0

Updated by eileencodes (Eileen Uchitelle) about 2 months ago

Aaron and I worked on a fix today: https://github.com/ruby/ruby/pull/4565

We simplified the script and were able to reproduce locally before the change and unable to reproduce after.

Updated by byroot (Jean Boussier) about 2 months ago

I ran that patch on our CI, and confirm that the crash is entirely gone. Thank you!

Actions #8

Updated by Anonymous about 2 months ago

  • Status changed from Open to Closed

Applied in changeset git|2088a457981b0f71a3bfd14871ed5b6f0d090e6a.


[Bug #17880] Set leaf false on opt_setinlinecache (#4565)

This change fixes the bug described in https://bugs.ruby-lang.org/issues/17880.

Checking ractor_shareable_p will cause the method to call back into
Ruby. Anything calling this method can't be a leaf instruction,
otherwise it could crash. By adding attr bool leaf = false we no
longer crash because it marks the function as not a leaf.

Here's a simplified reproduction script:

require "set"

class Id
  attr_reader :db_id
  def initialize(db_id)
    @db_id = db_id
  end

  def ==(other)
    other.class == self.class && other.db_id == db_id
  end
  alias_method :eql?, :==

  def hash
    10
  end

  def <=>(other)
    db_id <=> other.db_id if other.is_a?(self.class)
  end
end

class Namespace
  IDS = Set[
    Id.new(1).freeze,
    Id.new(2).freeze,
    Id.new(3).freeze,
    Id.new(4).freeze,
  ].freeze

  class << self
    def test?(id)
      IDS.include?(id)
    end
  end
end

p Namespace.test?(Id.new(1))
p Namespace.test?(Id.new(5))

Co-authored-by: Aaron Patterson tenderlove@ruby-lang.org

Co-authored-by: Aaron Patterson tenderlove@ruby-lang.org

Actions

Also available in: Atom PDF