Project

General

Profile

Actions

Bug #20915

closed

Segfault with `TracePoint#parameters` and aliased C method

Added by viralpraxis (Iaroslav Kurbatov) about 1 month ago. Updated 13 days ago.

Status:
Closed
Assignee:
-
Target version:
-
[ruby-core:120031]

Description

I'm getting a segfault in the following example

C = Class.new do
  alias_method :new_to_s, :to_s
end

TracePoint.new(:c_call, &:parameters).enable { C.new.new_to_s }

Proposed fix: https://github.com/ruby/ruby/pull/12186

Ruby: MRI 3.3.6, also ruby 3.4.0dev (2024-11-27T19:36:50Z master 7dd2afbe3a) +PRISM [x86_64-linux]

The root cause of the issue lies in the rb_tracearg_parameters function within the RUBY_EVENT_C_RETURN branch.
Specifically, when the invoked method is an alias for a C function, rb_method_entry_without_refinements(..., trace_arg->called_id, ...) may return NULL.
In that case we can fallback to trace_arg->id.

Some additional context: before https://github.com/ruby/ruby/commit/837ef8911c638c3e2bdb6af710de7c1fac7b5f90 this code path used single trace_arg->id lookup, and the commit changed it to trace_arg->called_id. So we have to make both lookups to handle all edge cases.

Output:

[BUG] Segmentation fault at 0x0000000000000010
ruby 3.4.0dev (2024-11-27T19:36:50Z master 7dd2afbe3a) +PRISM [x86_64-linux]

-- Control frame information -----------------------------------------------
c:0005 p:0003 s:0022 e:000021 METHOD <internal:trace_point>:333 [FINISH]
c:0004 p:0006 s:0018 e:000016 BLOCK  test.rb:5 [FINISH]
c:0003 p:0003 s:0014 e:000013 METHOD <internal:trace_point>:265
c:0002 p:0021 s:0006 e:000005 EVAL   test.rb:5 [FINISH]
c:0001 p:0000 s:0003 E:001470 DUMMY  [FINISH]

-- Ruby level backtrace information ----------------------------------------
test.rb:5:in '<main>'
<internal:trace_point>:265:in 'enable'
test.rb:5:in 'block in <main>'
<internal:trace_point>:333:in 'parameters'

-- Threading information ---------------------------------------------------
Total ractor count: 1
Ruby thread count for this ractor: 1

-- Machine register context ------------------------------------------------
 RIP: 0x0000609a79ce6f16 RBP: 0x00007ffd98dc9030 RSP: 0x00007ffd98dc9020
 RAX: 0x0000000000000000 RBX: 0x0000609a7b40bdf0 RCX: 0x000000000000b6d1
 RDX: 0x0000000000000000 RDI: 0x0000000000000000 RSI: 0x0000000000000b6d
  R8: 0x0000000000000000  R9: 0x000076e90ee24aa0 R10: 0x0000000000000001
 R11: 0x0000000000000010 R12: 0x0000000000000002 R13: 0x0000000000000000
 R14: 0x0000609a7b40be08 R15: 0x000076e90effeef8 EFL: 0x0000000000010202

-- C level backtrace information -------------------------------------------
./ruby(0x609a79e219f7) [0x609a79e219f7]
./ruby(0x609a79e2214b) [0x609a79e2214b]
./ruby(0x609a7a02e998) [0x609a7a02e998]
./ruby(0x609a79d61811) [0x609a79d61811]
/lib/x86_64-linux-gnu/libc.so.6(0x76e90f845320) [0x76e90f845320]
./ruby(0x609a79ce6f16) [0x609a79ce6f16]
./ruby(rb_tracearg_parameters+0x1a1) [0x609a79e25db2] /home/viralpraxis/Documents/open_source/ruby/vm_trace.c:943
./ruby(tracepoint_attr_parameters+0x21) [0x609a79e26252] /home/viralpraxis/Documents/open_source/ruby/vm_trace.c:1121
./ruby(0x609a79df8f0b) [0x609a79df8f0b]
./ruby(0x609a79df9904) [0x609a79df9904]
./ruby(0x609a79df9983) [0x609a79df9983]
./ruby(0x609a79e0147e) [0x609a79e0147e]
./ruby(0x609a79e15d9c) [0x609a79e15d9c]
./ruby(0x609a79e09991) [0x609a79e09991]
./ruby(0x609a79e091bd) [0x609a79e091bd]
./ruby(0x609a79e0ad1f) [0x609a79e0ad1f]
./ruby(0x609a79e0ba2b) [0x609a79e0ba2b]
./ruby(rb_funcall_with_block_kw) [0x609a79e0c7ef]
./ruby(0x609a79d8d877) [0x609a79d8d877]
./ruby(0x609a79df3832) [0x609a79df3832]
./ruby(0x609a79e13238) [0x609a79e13238]
./ruby(0x609a79e13888) [0x609a79e13888]
./ruby(rb_proc_call_with_block_kw) [0x609a79ce3b6a]
./ruby(rb_proc_call_with_block) [0x609a79ce3bcf]
./ruby(tp_call_trace+0x8d) [0x609a79e2641c] /home/viralpraxis/Documents/open_source/ruby/vm_trace.c:1188
./ruby(exec_hooks_body+0x114) [0x609a79e245d7] /home/viralpraxis/Documents/open_source/ruby/vm_trace.c:354
./ruby(exec_hooks_protected+0x166) [0x609a79e24838] /home/viralpraxis/Documents/open_source/ruby/vm_trace.c:401
./ruby(rb_exec_event_hooks+0x12d) [0x609a79e249e2] /home/viralpraxis/Documents/open_source/ruby/vm_trace.c:446
./ruby(0x609a79ddbefe) [0x609a79ddbefe]
./ruby(0x609a79deef34) [0x609a79deef34]
./ruby(0x609a79def260) [0x609a79def260]
./ruby(0x609a79def38d) [0x609a79def38d]
./ruby(0x609a79def7d4) [0x609a79def7d4]
./ruby(0x609a79df243b) [0x609a79df243b]
./ruby(0x609a79df0646) [0x609a79df0646]
./ruby(0x609a79df2c0d) [0x609a79df2c0d]
./ruby(0x609a79df2ee7) [0x609a79df2ee7]
./ruby(0x609a79df30e9) [0x609a79df30e9]
./ruby(0x609a79df580a) [0x609a79df580a]
./ruby(0x609a79dfd8dd) [0x609a79dfd8dd]
./ruby(0x609a79e15d9c) [0x609a79e15d9c]
./ruby(0x609a79e12a8c) [0x609a79e12a8c]
./ruby(0x609a79e12c48) [0x609a79e12c48]
./ruby(0x609a79e12c86) [0x609a79e12c86]
./ruby(0x609a79e0cc8c) [0x609a79e0cc8c]
./ruby(rb_yield) [0x609a79e0cce0]
./ruby(rb_ensure) [0x609a79c20ea4]
./ruby(tracepoint_enable_m+0x1a5) [0x609a79e26c05] /home/viralpraxis/Documents/open_source/ruby/vm_trace.c:1414
./ruby(0x609a79df8fd7) [0x609a79df8fd7]
./ruby(0x609a79df9904) [0x609a79df9904]
./ruby(0x609a79df99d1) [0x609a79df99d1]
./ruby(0x609a79e01583) [0x609a79e01583]
./ruby(0x609a79e15d9c) [0x609a79e15d9c]
./ruby(rb_iseq_eval_main) [0x609a79e16bcb]
./ruby(0x609a79c1f112) [0x609a79c1f112]
./ruby(ruby_run_node) [0x609a79c1f283]
./ruby(0x609a79c1aae4) [0x609a79c1aae4]
./ruby(0x609a79c1ab45) [0x609a79c1ab45]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_call_main+0x7a) [0x76e90f82a1ca] ../sysdeps/nptl/libc_start_call_main.h:58
/lib/x86_64-linux-gnu/libc.so.6(call_init+0x0) [0x76e90f82a28b] ../csu/libc-start.c:360
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main_impl) ../csu/libc-start.c:347
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main) (null):0
[0x609a79c1a9c5]

-- Other runtime information -----------------------------------------------

* Loaded script: test.rb

* Loaded features:

    0 enumerator.so
    1 thread.rb
    2 fiber.so
    3 rational.so
    4 complex.so
    5 ruby2_keywords.rb
Actions #1

Updated by viralpraxis (Iaroslav Kurbatov) about 1 month ago

  • Description updated (diff)
Actions #2

Updated by viralpraxis (Iaroslav Kurbatov) about 1 month ago

  • Description updated (diff)
Actions #3

Updated by viralpraxis (Iaroslav Kurbatov) 29 days ago

  • Description updated (diff)
Actions #4

Updated by peterzhu2118 (Peter Zhu) 28 days ago

  • Backport changed from 3.1: UNKNOWN, 3.2: UNKNOWN, 3.3: UNKNOWN to 3.1: WONTFIX, 3.2: REQUIRED, 3.3: REQUIRED
Actions #5

Updated by viralpraxis (Iaroslav Kurbatov) 28 days ago

  • Status changed from Open to Closed

Applied in changeset git|660b995365f719fa59ed6f2809bb1527e6470d14.


[Bug #20915] Fix SEGV with TracePoint#parameters and aliased C method

The following snippet results with a SEGV:

C = Class.new do
  alias_method :new_to_s, :to_s
end

TracePoint.new(:c_call, &:parameters).enable { C.new.new_to_s }

at MRI 3.3.6 and ruby 3.4.0dev

The root cause of the issue lies in the rb_tracearg_parameters function
within the RUBY_EVENT_C_RETURN branch. Specifically, when the invoked
method is an alias for a C function,
rb_method_entry_without_refinements(..., trace_arg->called_id, ...)
may return NULL. In that case we can fallback to trace_arg->id.

Updated by nagachika (Tomoyuki Chikanaga) 13 days ago

  • Backport changed from 3.1: WONTFIX, 3.2: REQUIRED, 3.3: REQUIRED to 3.1: WONTFIX, 3.2: DONE, 3.3: REQUIRED
Actions

Also available in: Atom PDF

Like0
Like0Like0Like0Like0Like0Like0