From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on starla X-Spam-Level: * X-Spam-Status: No, score=1.5 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_SBL,SPF_HELO_PASS,SPF_PASS autolearn=no autolearn_force=no version=3.4.6 Received: from nue.mailmanlists.eu (nue.mailmanlists.eu [IPv6:2a01:4f8:1c0c:6b10::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by dcvr.yhbt.net (Postfix) with ESMTPS id E22D71F44D for ; Sat, 30 Mar 2024 02:02:28 +0000 (UTC) Authentication-Results: dcvr.yhbt.net; dkim=pass (1024-bit key; secure) header.d=ml.ruby-lang.org header.i=@ml.ruby-lang.org header.a=rsa-sha256 header.s=mail header.b=DEb6kGG9; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=ruby-lang.org header.i=@ruby-lang.org header.a=rsa-sha256 header.s=s1 header.b=TqgH6qEO; dkim-atps=neutral Received: from nue.mailmanlists.eu (localhost [127.0.0.1]) by nue.mailmanlists.eu (Postfix) with ESMTP id 05C5C83A4F; Sat, 30 Mar 2024 02:02:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ml.ruby-lang.org; s=mail; t=1711764141; bh=+zoJNS4Ob2R911Dbj9me5n1UimqeGOXUQuNlJm9A3co=; h=Date:References:To:Reply-To:Subject:List-Id:List-Archive: List-Help:List-Owner:List-Post:List-Subscribe:List-Unsubscribe: From:Cc:From; b=DEb6kGG9JWSMAWS6gRKzhdVgB+svPAtChbfggU+/4YyNs5qyJQE5mUkgzVgynwf96 MP1VK9Nr+58reLyOGZLnkMFLgk2UefUxcSDZJvQK/GjLw72cOSkyljqkROEP0m1Zcc J8Lqe+qrfOpnmeRfvBJETmSP44pUMTi6Lr+tNnHM= Received: from s.csnrwnwx.outbound-mail.sendgrid.net (s.csnrwnwx.outbound-mail.sendgrid.net [198.37.146.154]) by nue.mailmanlists.eu (Postfix) with ESMTPS id B4A6E834B1 for ; Sat, 30 Mar 2024 02:02:16 +0000 (UTC) Authentication-Results: nue.mailmanlists.eu; dkim=pass (2048-bit key; unprotected) header.d=ruby-lang.org header.i=@ruby-lang.org header.a=rsa-sha256 header.s=s1 header.b=TqgH6qEO; dkim-atps=neutral DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ruby-lang.org; h=from:references:subject:mime-version:content-type: content-transfer-encoding:list-id:to:cc:content-type:from:subject:to; s=s1; bh=/HyFmjeC4R3jaYYNJE3QI/hH+gCzMW3jmkr57egXCmk=; b=TqgH6qEOOdNWyvltexj8MuxcBckCF+jnDwX41ULzlFL79Am8Ldp30oMHFRyzDplc3yFH Lai2lVOi08Kxzg+N5dzJeKbcumw5qJy0/B9EVyNMn9NNokC/lqe02XhrMENxRV8gy7Smaa 7r4U4XxhjWrng5eOHgxhGs7PHR8qdlG58EGVgpd0Kha8O+PCK+daFDNp+7yjR+NY7gRC0C X8sVeccMKCJJpjpSs4GvPl5hgMmvzJ5rasRerUSp/IqyFdnCJgFN+fT7ZQYJLM93iY1ash mhRj2GL94mxp3ggCoPWZAGs8mIyQIOyDeEhdWxfwF/XFZHUM3dTPr1DS0z7FA19A== Received: by recvd-canary-857ddd74b-zn5tb with SMTP id recvd-canary-857ddd74b-zn5tb-1-660772A6-14 2024-03-30 02:02:14.526108034 +0000 UTC m=+969063.760813784 Received: from herokuapp.com (unknown) by geopod-ismtpd-38 (SG) with ESMTP id u60H9w_rQAmKsThaU5Mg8w for ; Sat, 30 Mar 2024 02:02:14.486 +0000 (UTC) Date: Sat, 30 Mar 2024 02:02:14 +0000 (UTC) Message-ID: References: Mime-Version: 1.0 X-Redmine-Project: ruby-master X-Redmine-Issue-Tracker: Bug X-Redmine-Issue-Id: 20402 X-Redmine-Issue-Author: kjtsanaktsidis X-Redmine-Issue-Assignee: kjtsanaktsidis X-Redmine-Issue-Priority: Normal X-Redmine-Sender: kjtsanaktsidis X-Mailer: Redmine X-Redmine-Host: bugs.ruby-lang.org X-Redmine-Site: Ruby Issue Tracking System X-Auto-Response-Suppress: All Auto-Submitted: auto-generated X-Redmine-MailingListIntegration-Message-Ids: 93976 X-SG-EID: =?us-ascii?Q?u001=2Ehtvb0C=2FfA7uJxza5ajJoGjWf7D35DJhKe7Y94xYuv7SZnqx0qbu=2F70+zV?= =?us-ascii?Q?XRgEUZlB2KACYgzrNXwJOFqD+GI4v+xLlProPhe?= =?us-ascii?Q?RqFaaJyjkoszyXQkIQ+gLXMid1YJqvegTNzdkLm?= =?us-ascii?Q?BcEEqXjTeqM4x0waQuuMHcuJOQ=2FTSChFVbf=2Fi+G?= =?us-ascii?Q?6Fj3LQzDaBuZyVCxUoKHKpcvcoiWQXkNCnE=2FWBY?= =?us-ascii?Q?BHU9+SGJRzM=2FeX2SRaYfndYKfcfLvpG+oFKX7V4?= =?us-ascii?Q?c6GXS0QotkwVaGUf7MMBy6M0s1e2lPL6louDIy4?= =?us-ascii?Q?37teg6Hw=3D?= To: ruby-core@ml.ruby-lang.org X-Entity-ID: u001.I8uzylDtAfgbeCOeLBYDww== Message-ID-Hash: RBB4FT2Q5SOKWHAW4UT274MPWFXBXD74 X-Message-ID-Hash: RBB4FT2Q5SOKWHAW4UT274MPWFXBXD74 X-MailFrom: bounces+313651-b711-ruby-core=ml.ruby-lang.org@em5188.ruby-lang.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.3 Precedence: list Reply-To: Ruby developers Subject: [ruby-core:117381] [Ruby master Bug#20402] Double-free in TestIseqLoad#test_stressful_roundtrip List-Id: Ruby developers Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: From: "kjtsanaktsidis (KJ Tsanaktsidis) via ruby-core" Cc: "kjtsanaktsidis (KJ Tsanaktsidis)" Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Issue #20402 has been updated by kjtsanaktsidis (KJ Tsanaktsidis). https://github.com/ruby/ruby/pull/10408 should fix this ---------------------------------------- Bug #20402: Double-free in TestIseqLoad#test_stressful_roundtrip https://bugs.ruby-lang.org/issues/20402#change-107540 * Author: kjtsanaktsidis (KJ Tsanaktsidis) * Status: Open * Assignee: kjtsanaktsidis (KJ Tsanaktsidis) * Backport: 3.0: UNKNOWN, 3.1: UNKNOWN, 3.2: UNKNOWN, 3.3: UNKNOWN ---------------------------------------- With ASAN enabled, the TestIseqLoad#test_stressful_roundtrip fails with the following output: ``` 2/9] TestIseqLoad#test_stressful_roundtrip = 7.26 s 1) Failure: TestIseqLoad#test_stressful_roundtrip [/home/kj/ruby/test/-ext-/iseq_load/test_iseq_load.rb:20]: pid 172821 killed by SIGSEGV (signal 11) (core dumped) | -:10: [BUG] Segmentation fault at 0x0000000000000018 | ruby 3.4.0dev (2024-03-28T23:13:25Z master 02d40b6c17) [x86_64-linux] | | -- Control frame information ----------------------------------------------- | c:0005 p:---- s:0023 e:000022 CFUNC :iseq_load | c:0004 p:0037 s:0018 e:000017 METHOD -:10 | c:0003 p:0005 s:0010 e:000009 METHOD -:16 | c:0002 p:0054 s:0006 e:000005 EVAL -:26 [FINISH] | c:0001 p:0000 s:0003 E:000540 DUMMY [FINISH] | | -- Ruby level backtrace information ---------------------------------------- | -:26:in '
' | -:16:in 'test_bug8543' | -:10:in 'assert_iseq_roundtrip' | -:10:in 'iseq_load' | | -- Threading information --------------------------------------------------- | Total ractor count: 1 | Ruby thread count for this ractor: 1 | | -- Machine register context ------------------------------------------------ | RIP: 0x0000556b3dc84a08 RBP: 0x00007ffeff1f6d40 RSP: 0x00007ffeff1f6c10 | RAX: 0x0000000000000003 RBX: 0x0000000000000000 RCX: 0x00000fe916945e7a | RDX: 0x0000000000000001 RDI: 0x0000000000000018 RSI: 0x0000000000000000 | R8: 0x00000000003ba300 R9: 0x0000000000000000 R10: 0x00000a4a000000b7 | R11: 0x0000000000000000 R12: 0x000051b000016c80 R13: 0x00007f48b4a2f3b0 | R14: 0x00007f48d283bb80 R15: 0x00000fe91a507760 EFL: 0x0000000000010246 | | -- C level backtrace information ------------------------------------------- | /home/kj/ruby/build/ruby(___interceptor_backtrace+0x39) [0x556b3d8cf379] /home/kj/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:4358 | /home/kj/ruby/build/ruby(rb_print_backtrace+0x14) [0x556b3ddef67c] /home/kj/ruby/build/../vm_dump.c:820 | /home/kj/ruby/build/ruby(rb_vm_bugreport) /home/kj/ruby/build/../vm_dump.c:1151 | /home/kj/ruby/build/ruby(rb_bug_for_fatal_signal+0x2db) [0x556b3e0190fb] /home/kj/ruby/build/../error.c:1087 | /home/kj/ruby/build/ruby(sigsegv+0x184) [0x556b3dc78ca4] /home/kj/ruby/build/../signal.c:926 | /lib64/libc.so.6(__restore_rt+0x0) [0x7f48d46429a0] /usr/src/debug/glibc-2.38-16.fc39.x86_64/signal/sigaction.c:34 | /home/kj/ruby/build/ruby(rb_st_free_table+0x18) [0x556b3dc84a08] /home/kj/ruby/build/../st.c:661 | /home/kj/ruby/build/ruby(finalize_deferred_heap_pages+0x224) [0x556b3d9dd0b4] /home/kj/ruby/build/../gc.c:4128 | /home/kj/ruby/build/ruby(gc_finalize_deferred+0x97) [0x556b3d9d7127] /home/kj/ruby/build/../gc.c:4195 | /home/kj/ruby/build/ruby(rb_postponed_job_flush+0x501) [0x556b3ddfde81] /home/kj/ruby/build/../vm_trace.c:1849 | /home/kj/ruby/build/ruby(rb_threadptr_execute_interrupts+0x35d) [0x556b3dce9ddd] /home/kj/ruby/build/../thread.c:2464 | /home/kj/ruby/build/ruby(rb_vm_pop_frame+0x18d) [0x556b3dd5b0dd] ../vm_core.h:2103 | /home/kj/ruby/build/ruby(vm_call_cfunc_with_frame_+0x392) [0x556b3ddc6d72] ../vm_insnhelper.c:3529 | /home/kj/ruby/build/ruby(vm_call_method_each_type+0x2a6) [0x556b3ddae576] ../vm_insnhelper.c:4470 | /home/kj/ruby/build/ruby(vm_call_method+0x2a2) [0x556b3ddadb22] | /home/kj/ruby/build/ruby(vm_sendish+0xec7) [0x556b3dd63687] | /home/kj/ruby/build/ruby(vm_exec_core+0x68fc) [0x556b3dd6cf4c] ../insns.def:891 | /home/kj/ruby/build/ruby(rb_vm_exec+0x350) [0x556b3dd64520] /home/kj/ruby/build/../vm.c:2552 | /home/kj/ruby/build/ruby(rb_ec_exec_node+0x264) [0x556b3d9b5844] /home/kj/ruby/build/../eval.c:282 | /home/kj/ruby/build/ruby(ruby_run_node+0x6e) [0x556b3d9b552e] /home/kj/ruby/build/../eval.c:320 | /home/kj/ruby/build/ruby(rb_main+0x29) [0x556b3d9b0981] /home/kj/ruby/build/../main.c:40 | /home/kj/ruby/build/ruby(main) /home/kj/ruby/build/../main.c:59 | /lib64/libc.so.6(__libc_start_call_main+0x7a) [0x7f48d462c14a] ../sysdeps/nptl/libc_start_call_main.h:58 | /lib64/libc.so.6(__libc_start_main_alias_2+0x8b) [0x7f48d462c20b] ../csu/libc-start.c:360 | [0x556b3d87ee05] ``` Reversing execution with `rr` reveals that `DATA_PTR(labels_wrapper) = 0` in `iseq_build_from_ary_body` (https://github.com/ruby/ruby/blob/cdb8d208c919bbc72b3b07d24c118d3a4af95d11/compile.c#L11320) is being executed after `labels_wrapper` is collected. We need to protect `lables_wrapper` with an RB_GC_GUARD. -- https://bugs.ruby-lang.org/ ______________________________________________ ruby-core mailing list -- ruby-core@ml.ruby-lang.org To unsubscribe send an email to ruby-core-leave@ml.ruby-lang.org ruby-core info -- https://ml.ruby-lang.org/mailman3/postorius/lists/ruby-core.ml.ruby-lang.org/