[ruby-core:122548] [Ruby Bug#21441] SEGV during thread cleanup if profiler calls thread_profiles_frames at wrong time
Issue #21441 has been reported by luke-gru (Luke Gruber). ---------------------------------------- Bug #21441: SEGV during thread cleanup if profiler calls thread_profiles_frames at wrong time https://bugs.ruby-lang.org/issues/21441 * Author: luke-gru (Luke Gruber) * Status: Open * ruby -v: 3.5.0 * Backport: 3.2: UNKNOWN, 3.3: UNKNOWN, 3.4: UNKNOWN ---------------------------------------- During thread cleanup, if a ruby sampling profiler calls `thread_profile_frames` at just the wrong time, the ec's stack is cleared but the CFP still exists on the EC, so `thread_profile_frames` assumes it can walk the stack and crashes. In `rb_ec_clear_vm_stack`, it should set `cfp` to `NULL` before clearing the stack. If during `rc_ec_clear_vm_stack` the process gets a signal and this thread handles it and calls `thread_profile_frames`, the early return check of `if (!cfp)` fails, it continues and crashes in this function. -- https://bugs.ruby-lang.org/
Issue #21441 has been updated by luke-gru (Luke Gruber). I opened a PR [here](https://github.com/ruby/ruby/pull/13643). This may need to be backported. ---------------------------------------- Bug #21441: SEGV during thread cleanup if profiler calls thread_profiles_frames at wrong time https://bugs.ruby-lang.org/issues/21441#change-113779 * Author: luke-gru (Luke Gruber) * Status: Open * ruby -v: 3.5.0 * Backport: 3.2: UNKNOWN, 3.3: UNKNOWN, 3.4: UNKNOWN ---------------------------------------- During thread cleanup, if a ruby sampling profiler calls `thread_profile_frames` at just the wrong time, the ec's stack is cleared but the CFP still exists on the EC, so `thread_profile_frames` assumes it can walk the stack and crashes. In `rb_ec_clear_vm_stack`, it should set `cfp` to `NULL` before clearing the stack. If during `rc_ec_clear_vm_stack` the process gets a signal and this thread handles it and calls `thread_profile_frames`, the early return check of `if (!cfp)` fails, it continues and crashes in this function. -- https://bugs.ruby-lang.org/
Issue #21441 has been updated by nagachika (Tomoyuki Chikanaga). Backport changed from 3.2: UNKNOWN, 3.3: REQUIRED, 3.4: REQUIRED to 3.2: UNKNOWN, 3.3: DONE, 3.4: REQUIRED Merged https://github.com/ruby/ruby/pull/13672 into ruby_3_3 branch. ---------------------------------------- Bug #21441: SEGV during thread cleanup if profiler calls thread_profiles_frames at wrong time https://bugs.ruby-lang.org/issues/21441#change-113859 * Author: luke-gru (Luke Gruber) * Status: Closed * ruby -v: 3.5.0 * Backport: 3.2: UNKNOWN, 3.3: DONE, 3.4: REQUIRED ---------------------------------------- During thread cleanup, if a ruby sampling profiler calls `thread_profile_frames` at just the wrong time, the ec's stack is cleared but the CFP still exists on the EC, so `thread_profile_frames` assumes it can walk the stack and crashes. In `rb_ec_clear_vm_stack`, it should set `cfp` to `NULL` before clearing the stack. If during `rc_ec_clear_vm_stack` the process gets a signal and this thread handles it and calls `thread_profile_frames`, the early return check of `if (!cfp)` fails, it continues and crashes in this function. -- https://bugs.ruby-lang.org/
Issue #21441 has been updated by k0kubun (Takashi Kokubun). Backport changed from 3.2: UNKNOWN, 3.3: DONE, 3.4: REQUIRED to 3.2: UNKNOWN, 3.3: DONE, 3.4: DONE ruby_3_4 commit:edfcbacabae6317195a55f2b83fafe2d2b3f6fc8. ---------------------------------------- Bug #21441: SEGV during thread cleanup if profiler calls thread_profiles_frames at wrong time https://bugs.ruby-lang.org/issues/21441#change-114048 * Author: luke-gru (Luke Gruber) * Status: Closed * ruby -v: 3.5.0 * Backport: 3.2: UNKNOWN, 3.3: DONE, 3.4: DONE ---------------------------------------- During thread cleanup, if a ruby sampling profiler calls `thread_profile_frames` at just the wrong time, the ec's stack is cleared but the CFP still exists on the EC, so `thread_profile_frames` assumes it can walk the stack and crashes. In `rb_ec_clear_vm_stack`, it should set `cfp` to `NULL` before clearing the stack. If during `rc_ec_clear_vm_stack` the process gets a signal and this thread handles it and calls `thread_profile_frames`, the early return check of `if (!cfp)` fails, it continues and crashes in this function. -- https://bugs.ruby-lang.org/
participants (3)
-
k0kubun (Takashi Kokubun) -
luke-gru (Luke Gruber)
-
nagachika (Tomoyuki Chikanaga)