From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on starla X-Spam-Level: X-Spam-Status: No, score=0.1 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_BL_SPAMCOP_NET,SPF_HELO_PASS, SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 Received: from nue.mailmanlists.eu (nue.mailmanlists.eu [IPv6:2a01:4f8:1c0c:6b10::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by dcvr.yhbt.net (Postfix) with ESMTPS id 5312D1F406 for ; Thu, 23 Nov 2023 13:47:57 +0000 (UTC) Authentication-Results: dcvr.yhbt.net; dkim=pass (1024-bit key; secure) header.d=ml.ruby-lang.org header.i=@ml.ruby-lang.org header.a=rsa-sha256 header.s=mail header.b=kuZO3CWp; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=ruby-lang.org header.i=@ruby-lang.org header.a=rsa-sha256 header.s=s1 header.b=esWTFiBV; dkim-atps=neutral Received: from nue.mailmanlists.eu (localhost [127.0.0.1]) by nue.mailmanlists.eu (Postfix) with ESMTP id 9BDB480BA2; Thu, 23 Nov 2023 13:47:48 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ml.ruby-lang.org; s=mail; t=1700747268; bh=fc1eYnC4o7dXZmnPvfhtPr3zkMUCuWcXzVRGcXLSsdg=; h=Date:References:To:Reply-To:Subject:List-Id:List-Archive: List-Help:List-Owner:List-Post:List-Subscribe:List-Unsubscribe: From:Cc:From; b=kuZO3CWpKuFFK0HpUWO/+zwkCw/M19eI0a0QvTK90rOi+NrAt3u3wDWb2FTCer9i7 4WT4wX4jwexnIFcYcr+qbqa2xR2sAjricX7T1aWzR22+12/h+xv+OHE0hFS0qtZjfV xh0vPT9FM35ICu84RZFyQwBFmxNENHYaOOg3+Ngc= Received: from wrqvtvvn.outbound-mail.sendgrid.net (wrqvtvvn.outbound-mail.sendgrid.net [149.72.120.130]) by nue.mailmanlists.eu (Postfix) with ESMTPS id 5676F80B89 for ; Thu, 23 Nov 2023 13:47:45 +0000 (UTC) Authentication-Results: nue.mailmanlists.eu; dkim=pass (2048-bit key; unprotected) header.d=ruby-lang.org header.i=@ruby-lang.org header.a=rsa-sha256 header.s=s1 header.b=esWTFiBV; dkim-atps=neutral DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ruby-lang.org; h=from:references:subject:mime-version:content-type: content-transfer-encoding:list-id:to:cc:content-type:from:subject:to; s=s1; bh=vq8QgkEpFABzrSsQBQtsobiz2nNv5UhiLPA8mQvgb90=; b=esWTFiBVs3THESz7ZffvhUMJBYSfe2kNGFhYv3uh724Q3ZEv6qR4qVxc+2kzCevFF2Np kudFdY9LJB+Tv4XaOQ0P40rJSBhGhCCXch7wDpo6EVQ01E4iA5B1MZvf+s17emNcglBuTx LjilpOPKlEVGSYR4C+KCHzL48DWKLMPS2dNTGWghFdiI5qtufTSCvnjlf4gRWID+NcZGn+ 0QO1/Nv+14lr3hPsab1UwO2LF4StsDbEcoTLU+gi708Mnf/TS5eqhjJ3GvdmTeY/cwdzF2 qhLKt/Z1vUTtP1rBMN85RWBhIgwVJe8r3vAyikLJ1+QPLYU5K2UNdZ6Rf9raImkA== Received: by filterdrecv-656b5b4c75-wlz7f with SMTP id filterdrecv-656b5b4c75-wlz7f-1-655F5800-8 2023-11-23 13:47:44.128527071 +0000 UTC m=+3179271.302467246 Received: from herokuapp.com (unknown) by geopod-ismtpd-62 (SG) with ESMTP id EjOnRXZjRsyodyFfGHYayQ for ; Thu, 23 Nov 2023 13:47:43.982 +0000 (UTC) Date: Thu, 23 Nov 2023 13:47:44 +0000 (UTC) Message-ID: References: Mime-Version: 1.0 X-Redmine-Project: ruby-master X-Redmine-Issue-Tracker: Bug X-Redmine-Issue-Id: 17807 X-Redmine-Issue-Author: ivoanjo X-Redmine-Sender: ivoanjo X-Mailer: Redmine X-Redmine-Host: bugs.ruby-lang.org X-Redmine-Site: Ruby Issue Tracking System X-Auto-Response-Suppress: All Auto-Submitted: auto-generated X-Redmine-MailingListIntegration-Message-Ids: 92001 X-SG-EID: =?us-ascii?Q?vq9NZUDHExLc+waeN8EQFLrIaw8M3n++fdtL0epuT2XFW0IcKdePWbcForkxKy?= =?us-ascii?Q?SnyAc52BkFE52cpMNFrfeJmGXvuiJREhHmsqUcU?= =?us-ascii?Q?YK39lILlOQG6NB3itJnaLSfrCayzwIDXeV=2F84tK?= =?us-ascii?Q?vOOt8gLUlNXgxyoRMz213gdC4ZMrHXlL6490l3D?= =?us-ascii?Q?9M2l6IGhmWgrmJzc0GXYnKA=2FksRpZy=2FFXmJYMgw?= =?us-ascii?Q?TZfYrWHW4YWAcXqoKSo8RTbYZrSPCcgTIDkRop4?= =?us-ascii?Q?IKKxd5B9oYXIM4jo0GtRQ=3D=3D?= To: ruby-core@ml.ruby-lang.org X-Entity-ID: b/2+PoftWZ6GuOu3b0IycA== Message-ID-Hash: SFZRWDEIG65J7CENC5RNTUWDC5OUU5C3 X-Message-ID-Hash: SFZRWDEIG65J7CENC5RNTUWDC5OUU5C3 X-MailFrom: bounces+313651-b711-ruby-core=ml.ruby-lang.org@em5188.ruby-lang.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.3 Precedence: list Reply-To: Ruby developers Subject: [ruby-core:115463] [Ruby master Bug#17807] "Segmentation fault at 0x0000000000000008" crash when accessing instance variables of Process::Waiter instances (Ruby 2.3 to 2.6) List-Id: Ruby developers Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: From: "ivoanjo (Ivo Anjo) via ruby-core" Cc: "ivoanjo (Ivo Anjo)" Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Issue #17807 has been updated by ivoanjo (Ivo Anjo). Randomly, I found today that right around when I was trying to debug this, the puma folks also independently ran into it: https://github.com/puma/puma/issues/2566 ---------------------------------------- Bug #17807: "Segmentation fault at 0x0000000000000008" crash when accessing instance variables of Process::Waiter instances (Ruby 2.3 to 2.6) https://bugs.ruby-lang.org/issues/17807#change-105391 * Author: ivoanjo (Ivo Anjo) * Status: Closed * Priority: Normal * ruby -v: ruby 2.6.7p197 (2021-04-05 revision 67941) [x86_64-linux] * Backport: 2.6: UNKNOWN, 2.7: UNKNOWN, 3.0: UNKNOWN ---------------------------------------- Hey there! I'm in [Datadog's ddtrace gem](https://github.com/DataDog/dd-trace-rb) team and one of our customers was running into this crash. Reproducing it is trivial: `ruby -e 'Process.detach(fork {}); Thread.list.last.instance_variable_get(:@kaboom)'`. The issue seems to be that some of the internal structures of the `Process::Waiter` are not properly initialized, and so trying to access instance variables on an instance of that very special class triggers the crash. This seems to affect Ruby from 2.3 up to 2.6, on both Linux and macOS. I've attached a crash log, but probably running the reproducer example is faster :) As I said above, this crash is gone on 2.7 and 3.0. I could not find any mention of this crash, so I suspect the fix may have been a happy side effect of some refactoring, rather than a deliberate thing. Furthermore, I know that out of the affected versions, only 2.6 is the only one still not EOL, and I am not sure if this can be qualified as a security issue. I decided to report it anyway, in the spirit of documenting what I learned. Feel free to close the ticket if indeed there's no plans of fixing it. Finally, here's some hints, if someone out there also needs to work around this issue: * `defined?` (from inside the class) or `instance_variable_defined?` (from the outside) seem to work, so if you "look before you jump", you can avoid the crash * Writing once to any instance variable on any instance of a `Process::Waiter` seems to initialize whatever was missing; afterwards, any instance of this class will behave correctly * You can always check the `.class` of the thread to see if you should skip whatever you were trying to do with it ---Files-------------------------------- crash-log.txt (16 KB) -- https://bugs.ruby-lang.org/ ______________________________________________ ruby-core mailing list -- ruby-core@ml.ruby-lang.org To unsubscribe send an email to ruby-core-leave@ml.ruby-lang.org ruby-core info -- https://ml.ruby-lang.org/mailman3/postorius/lists/ruby-core.ml.ruby-lang.org/