From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net X-Spam-Level: X-Spam-ASN: AS4713 221.184.0.0/13 X-Spam-Status: No, score=-2.6 required=3.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED, FORGED_GMAIL_RCVD,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_PASS,UNPARSEABLE_RELAY shortcircuit=no autolearn=no autolearn_force=no version=3.4.2 Received: from neon.ruby-lang.org (neon.ruby-lang.org [221.186.184.75]) by dcvr.yhbt.net (Postfix) with ESMTP id D2C7E1F5AE for ; Thu, 22 Apr 2021 16:00:34 +0000 (UTC) Received: from neon.ruby-lang.org (localhost [IPv6:::1]) by neon.ruby-lang.org (Postfix) with ESMTP id 00E51120F27; Fri, 23 Apr 2021 00:59:25 +0900 (JST) Received: from o1678948x4.outbound-mail.sendgrid.net (o1678948x4.outbound-mail.sendgrid.net [167.89.48.4]) by neon.ruby-lang.org (Postfix) with ESMTPS id 10A2D120F27 for ; Fri, 23 Apr 2021 00:59:21 +0900 (JST) Received: by filterdrecv-canary-564765b699-vzblm with SMTP id filterdrecv-canary-564765b699-vzblm-14-60819D90-15E 2021-04-22 16:00:16.581340856 +0000 UTC m=+589525.418899738 Received: from herokuapp.com (unknown) by ismtpd0159p1mdw1.sendgrid.net (SG) with ESMTP id Vs2FxhBJQM-9xfiAMjekfQ for ; Thu, 22 Apr 2021 16:00:16.448 +0000 (UTC) Date: Thu, 22 Apr 2021 16:00:16 +0000 (UTC) From: stanhu@gmail.com Message-ID: References: Mime-Version: 1.0 X-Redmine-Project: ruby-master X-Redmine-Issue-Tracker: Bug X-Redmine-Issue-Id: 17799 X-Redmine-Issue-Author: stanhu X-Redmine-Sender: stanhu X-Mailer: Redmine X-Redmine-Host: bugs.ruby-lang.org X-Redmine-Site: Ruby Issue Tracking System X-Auto-Response-Suppress: All Auto-Submitted: auto-generated X-Redmine-MailingListIntegration-Message-Ids: 79602 X-SG-EID: =?us-ascii?Q?sCZ0iwZXfLNQePjq93WAzqHVizTEa3DJLDOLB5cq=2FOu6B0hrtPraZlA70gsfKU?= =?us-ascii?Q?7PIKP+lKjLU624TSKl8JK1o4PgHj58IdN5B91h9?= =?us-ascii?Q?6VB462d1RVjZ1gB6t2O7UIK=2FLw4WkUZ7blHADDz?= =?us-ascii?Q?7630RDl7Co+0VSV0koniXRmUAGDQuCmduwQFDD9?= =?us-ascii?Q?E9BZPPPkj7GKouw9T+1IGM8QjXR9DekI5bFSGO=2F?= =?us-ascii?Q?WfIx+Z3Y0+NxpILwg=3D?= To: ruby-core@ruby-lang.org X-Entity-ID: b/2+PoftWZ6GuOu3b0IycA== X-ML-Name: ruby-core X-Mail-Count: 103555 Subject: [ruby-core:103555] [Ruby master Bug#17799] Seg fault in rb_class_clear_method_cache X-BeenThere: ruby-core@ruby-lang.org X-Mailman-Version: 2.1.15 Precedence: list Reply-To: Ruby developers List-Id: Ruby developers List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ruby-core-bounces@ruby-lang.org Sender: "ruby-core" Issue #17799 has been updated by stanhu (Stan Hu). xtkoba (Tee KOBAYASHI) wrote in #note-2: > My explanation in #note-1 is partly incorrect. What is wrongfully 0 is the value of the class itself, not the class serial. Thanks. I haven't been able to reproduce the problem with optimizations turned off (`-O0`) or with this patch below. I'm not sure why this would be the case. Is it possible another thread is modifying the class definitions, and we need to add the `volatile` keyword to ensure the compiler doesn't optimize out the lookups? ```diff diff --git a/class.c b/class.c index c866d1d727..37ff3c5ade 100644 --- a/class.c +++ b/class.c @@ -27,6 +27,7 @@ #include "ruby/st.h" #include "constant.h" #include "vm_core.h" +#include "vm_debug.h" #include "id_table.h" #include @@ -119,6 +120,12 @@ rb_class_foreach_subclass(VALUE klass, void (*f)(VALUE, VALUE), VALUE arg) while (cur) { VALUE curklass = cur->klass; cur = cur->next; + + if (curklass == 0) { + fprintf(stderr, "=== Detected NULL subclass:\n"); + dp(curklass); + } + f(curklass, arg); } } ``` ### Before ```c void rb_class_foreach_subclass(VALUE klass, void (*f)(VALUE, VALUE), VALUE arg) { rb_subclass_entry_t *cur = RCLASS_EXT(klass)->subclasses; /* do not be tempted to simplify this loop into a for loop, the order of operations is important here if `f` modifies the linked list */ while (cur) { VALUE curklass = cur->klass; cur = cur->next; f(curklass, arg); } } ``` ``` 0000000000000cf0 : cf0: 41 54 push %r12 cf2: 55 push %rbp cf3: 53 push %rbx cf4: 48 8b 47 18 mov 0x18(%rdi),%rax cf8: 48 8b 58 28 mov 0x28(%rax),%rbx cfc: 48 85 db test %rbx,%rbx cff: 74 21 je d22 d01: 49 89 f4 mov %rsi,%r12 d04: 48 89 d5 mov %rdx,%rbp d07: 66 0f 1f 84 00 00 00 nopw 0x0(%rax,%rax,1) d0e: 00 00 d10: 48 8b 3b mov (%rbx),%rdi d13: 48 8b 5b 08 mov 0x8(%rbx),%rbx d17: 48 89 ee mov %rbp,%rsi d1a: 41 ff d4 callq *%r12 d1d: 48 85 db test %rbx,%rbx d20: 75 ee jne d10 d22: 5b pop %rbx d23: 5d pop %rbp d24: 41 5c pop %r12 d26: c3 retq d27: 66 0f 1f 84 00 00 00 nopw 0x0(%rax,%rax,1) d2e: 00 00 ``` ### After ```c rb_class_foreach_subclass(VALUE klass, void (*f)(VALUE, VALUE), VALUE arg) { rb_subclass_entry_t *cur = RCLASS_EXT(klass)->subclasses; /* do not be tempted to simplify this loop into a for loop, the order of operations is important here if `f` modifies the linked list */ while (cur) { VALUE curklass = cur->klass; cur = cur->next; if (curklass == 0) { fprintf(stderr, "=== DETECTED null module class:\n"); dp(curklass); } f(curklass, arg); } } ``` ``` 0000000000000cf0 : cf0: 41 55 push %r13 cf2: 41 54 push %r12 cf4: 4c 8d 2d 00 00 00 00 lea 0x0(%rip),%r13 # cfb cfb: 55 push %rbp cfc: 53 push %rbx cfd: 49 89 f4 mov %rsi,%r12 d00: 48 89 d5 mov %rdx,%rbp d03: 48 83 ec 08 sub $0x8,%rsp d07: 48 8b 47 18 mov 0x18(%rdi),%rax d0b: 48 8b 58 28 mov 0x28(%rax),%rbx d0f: 48 85 db test %rbx,%rbx d12: 74 1b je d2f d14: 0f 1f 40 00 nopl 0x0(%rax) d18: 48 8b 3b mov (%rbx),%rdi d1b: 48 8b 5b 08 mov 0x8(%rbx),%rbx d1f: 48 85 ff test %rdi,%rdi d22: 74 1c je d40 d24: 48 89 ee mov %rbp,%rsi d27: 41 ff d4 callq *%r12 d2a: 48 85 db test %rbx,%rbx d2d: 75 e9 jne d18 d2f: 48 83 c4 08 add $0x8,%rsp d33: 5b pop %rbx d34: 5d pop %rbp d35: 41 5c pop %r12 d37: 41 5d pop %r13 d39: c3 retq d3a: 66 0f 1f 44 00 00 nopw 0x0(%rax,%rax,1) d40: 48 8b 0d 00 00 00 00 mov 0x0(%rip),%rcx # d47 d47: ba 20 00 00 00 mov $0x20,%edx d4c: be 01 00 00 00 mov $0x1,%esi d51: 4c 89 ef mov %r13,%rdi d54: e8 00 00 00 00 callq d59 d59: 48 8d 15 00 00 00 00 lea 0x0(%rip),%rdx # d60 d60: 31 c9 xor %ecx,%ecx d62: 31 f6 xor %esi,%esi d64: bf ff ff ff ff mov $0xffffffff,%edi d69: e8 00 00 00 00 callq d6e d6e: 31 ff xor %edi,%edi d70: 48 89 ee mov %rbp,%rsi d73: 41 ff d4 callq *%r12 d76: 48 85 db test %rbx,%rbx d79: 75 9d jne d18 d7b: 48 83 c4 08 add $0x8,%rsp d7f: 5b pop %rbx d80: 5d pop %rbp d81: 41 5c pop %r12 d83: 41 5d pop %r13 d85: c3 retq d86: 66 2e 0f 1f 84 00 00 nopw %cs:0x0(%rax,%rax,1) d8d: 00 00 00 ``` ---------------------------------------- Bug #17799: Seg fault in rb_class_clear_method_cache https://bugs.ruby-lang.org/issues/17799#change-91657 * Author: stanhu (Stan Hu) * Status: Open * Priority: Normal * ruby -v: ruby 2.7.2p137 (2020-10-01 revision 5445e04352) [x86_64-linux] * Backport: 2.6: UNKNOWN, 2.7: UNKNOWN, 3.0: UNKNOWN ---------------------------------------- Recently our CI tests have been intermittently failing with segmentation faults at random points, such as: ``` /builds/gitlab-org/security/gitlab/spec/support/shared_examples/requests/api/issues/merge_requests_count_shared_examples.rb:3: [BUG] Segmentation fault at 0x0000000000000000 ruby 2.7.2p137 (2020-10-01 revision 5445e04352) [x86_64-linux] -- Control frame information ----------------------------------------------- c:0042 p:0003 s:0237 e:000236 TOP /builds/gitlab-org/security/gitlab/spec/support/shared_examples/requests/api/issues/merge_requests_count_shared_examples.rb:3 [FINISH] c:0041 p:---- s:0234 e:000233 CFUNC :require c:0040 p:0012 s:0229 e:000228 BLOCK /builds/gitlab-org/security/gitlab/vendor/ruby/2.7.0/gems/bootsnap-1.4.6/lib/bootsnap/load_path_cache/core_ext/kernel_require.r c:0039 p:0070 s:0226 e:000225 METHOD /builds/gitlab-org/security/gitlab/vendor/ruby/2.7.0/gems/bootsnap-1.4.6/lib/bootsnap/load_path_cache/loaded_features_index.rb: c:0038 p:0025 s:0214 e:000213 METHOD /builds/gitlab-org/security/gitlab/vendor/ruby/2.7.0/gems/bootsnap-1.4.6/lib/bootsnap/load_path_cache/core_ext/kernel_require.r c:0037 p:0055 s:0208 e:000207 METHOD /builds/gitlab-org/security/gitlab/vendor/ruby/2.7.0/gems/bootsnap-1.4.6/lib/bootsnap/load_path_cache/core_ext/kernel_require.r c:0036 p:0006 s:0201 e:000200 BLOCK /builds/gitlab-org/security/gitlab/spec/spec_helper.rb:71 [FINISH] c:0035 p:---- s:0197 e:000196 CFUNC :each c:0034 p:0563 s:0193 e:000192 TOP /builds/gitlab-org/security/gitlab/spec/spec_helper.rb:71 [FINISH] c:0033 p:---- s:0187 e:000186 CFUNC :require c:0032 p:0007 s:0182 e:000181 METHOD /builds/gitlab-org/security/gitlab/vendor/ruby/2.7.0/gems/rspec-core-3.10.1/lib/rspec/core/configuration.rb:2112 c:0031 p:0008 s:0173 e:000172 BLOCK /builds/gitlab-org/security/gitlab/vendor/ruby/2.7.0/gems/rspec-core-3.10.1/lib/rspec/core/configuration.rb:1574 [FINISH] c:0030 p:---- s:0169 e:000168 CFUNC :each c:0029 p:0042 s:0165 e:000164 METHOD /builds/gitlab-org/security/gitlab/vendor/ruby/2.7.0/gems/rspec-core-3.10.1/lib/rspec/core/configuration.rb:1574 c:0028 p:0048 s:0159 e:000158 BLOCK /builds/gitlab-org/security/gitlab/vendor/ruby/2.7.0/gems/rspec-core-3.10.1/lib/rspec/core/configuration_options.rb:113 [FINISH] c:0027 p:---- s:0155 e:000154 CFUNC :each c:0026 p:0019 s:0151 e:000150 METHOD /builds/gitlab-org/security/gitlab/vendor/ruby/2.7.0/gems/rspec-core-3.10.1/lib/rspec/core/configuration_options.rb:112 c:0025 p:0005 s:0145 e:000144 METHOD /builds/gitlab-org/security/gitlab/vendor/ruby/2.7.0/gems/rspec-core-3.10.1/lib/rspec/core/configuration_options.rb:22 c:0024 p:0035 s:0140 e:000139 METHOD /builds/gitlab-org/security/gitlab/vendor/ruby/2.7.0/gems/rspec-core-3.10.1/lib/rspec/core/runner.rb:132 c:0023 p:0007 s:0134 e:000133 METHOD /builds/gitlab-org/security/gitlab/vendor/ruby/2.7.0/gems/rspec-core-3.10.1/lib/rspec/core/runner.rb:99 c:0022 p:0007 s:0128 e:000127 METHOD /builds/gitlab-org/security/gitlab/vendor/ruby/2.7.0/gems/rspec-core-3.10.1/lib/rspec/core/runner.rb:86 c:0021 p:0065 s:0122 e:000121 METHOD /builds/gitlab-org/security/gitlab/vendor/ruby/2.7.0/gems/rspec-core-3.10.1/lib/rspec/core/runner.rb:71 c:0020 p:0020 s:0114 e:000113 METHOD /builds/gitlab-org/security/gitlab/vendor/ruby/2.7.0/gems/rspec-core-3.10.1/lib/rspec/core/runner.rb:45 c:0019 p:0025 s:0109 e:000108 TOP /builds/gitlab-org/security/gitlab/vendor/ruby/2.7.0/gems/rspec-core-3.10.1/exe/rspec:4 [FINISH] c:0018 p:---- s:0106 e:000105 CFUNC :load c:0017 p:0112 s:0101 e:000100 TOP /builds/gitlab-org/security/gitlab/vendor/ruby/2.7.0/bin/rspec:23 [FINISH] c:0016 p:---- s:0096 e:000095 CFUNC :load c:0015 p:0107 s:0091 e:000090 METHOD /usr/local/lib/ruby/2.7.0/bundler/cli/exec.rb:63 c:0014 p:0071 s:0083 e:000082 METHOD /usr/local/lib/ruby/2.7.0/bundler/cli/exec.rb:28 c:0013 p:0024 s:0078 e:000077 METHOD /usr/local/lib/ruby/2.7.0/bundler/cli.rb:476 c:0012 p:0054 s:0073 e:000072 METHOD /usr/local/lib/ruby/2.7.0/bundler/vendor/thor/lib/thor/command.rb:27 c:0011 p:0040 s:0065 e:000064 METHOD /usr/local/lib/ruby/2.7.0/bundler/vendor/thor/lib/thor/invocation.rb:127 c:0010 p:0239 s:0058 e:000057 METHOD /usr/local/lib/ruby/2.7.0/bundler/vendor/thor/lib/thor.rb:399 c:0009 p:0008 s:0045 e:000044 METHOD /usr/local/lib/ruby/2.7.0/bundler/cli.rb:30 c:0008 p:0066 s:0040 e:000039 METHOD /usr/local/lib/ruby/2.7.0/bundler/vendor/thor/lib/thor/base.rb:476 c:0007 p:0008 s:0033 e:000032 METHOD /usr/local/lib/ruby/2.7.0/bundler/cli.rb:24 c:0006 p:0109 s:0028 e:000027 BLOCK /usr/local/lib/ruby/gems/2.7.0/gems/bundler-2.1.4/libexec/bundle:46 c:0005 p:0002 s:0022 e:000021 METHOD /usr/local/lib/ruby/2.7.0/bundler/friendly_errors.rb:123 c:0004 p:0111 s:0017 E:001838 TOP /usr/local/lib/ruby/gems/2.7.0/gems/bundler-2.1.4/libexec/bundle:34 [FINISH] c:0003 p:---- s:0013 e:000012 CFUNC :load c:0002 p:0112 s:0008 E:002100 EVAL /usr/local/bin/bundle:23 [FINISH] c:0001 p:0000 s:0003 E:001040 (none) [FINISH] -- Ruby level backtrace information ---------------------------------------- /usr/local/bin/bundle:23:in `
' /usr/local/bin/bundle:23:in `load' /usr/local/lib/ruby/gems/2.7.0/gems/bundler-2.1.4/libexec/bundle:34:in `' /usr/local/lib/ruby/2.7.0/bundler/friendly_errors.rb:123:in `with_friendly_errors' /usr/local/lib/ruby/gems/2.7.0/gems/bundler-2.1.4/libexec/bundle:46:in `block in ' /usr/local/lib/ruby/2.7.0/bundler/cli.rb:24:in `start' /usr/local/lib/ruby/2.7.0/bundler/vendor/thor/lib/thor/base.rb:476:in `start' /usr/local/lib/ruby/2.7.0/bundler/cli.rb:30:in `dispatch' /usr/local/lib/ruby/2.7.0/bundler/vendor/thor/lib/thor.rb:399:in `dispatch' /usr/local/lib/ruby/2.7.0/bundler/vendor/thor/lib/thor/invocation.rb:127:in `invoke_command' /usr/local/lib/ruby/2.7.0/bundler/vendor/thor/lib/thor/command.rb:27:in `run' /usr/local/lib/ruby/2.7.0/bundler/cli.rb:476:in `exec' /usr/local/lib/ruby/2.7.0/bundler/cli/exec.rb:28:in `run' /usr/local/lib/ruby/2.7.0/bundler/cli/exec.rb:63:in `kernel_load' /usr/local/lib/ruby/2.7.0/bundler/cli/exec.rb:63:in `load' /builds/gitlab-org/security/gitlab/vendor/ruby/2.7.0/bin/rspec:23:in `' /builds/gitlab-org/security/gitlab/vendor/ruby/2.7.0/bin/rspec:23:in `load' /builds/gitlab-org/security/gitlab/vendor/ruby/2.7.0/gems/rspec-core-3.10.1/exe/rspec:4:in `' /builds/gitlab-org/security/gitlab/vendor/ruby/2.7.0/gems/rspec-core-3.10.1/lib/rspec/core/runner.rb:45:in `invoke' /builds/gitlab-org/security/gitlab/vendor/ruby/2.7.0/gems/rspec-core-3.10.1/lib/rspec/core/runner.rb:71:in `run' /builds/gitlab-org/security/gitlab/vendor/ruby/2.7.0/gems/rspec-core-3.10.1/lib/rspec/core/runner.rb:86:in `run' /builds/gitlab-org/security/gitlab/vendor/ruby/2.7.0/gems/rspec-core-3.10.1/lib/rspec/core/runner.rb:99:in `setup' /builds/gitlab-org/security/gitlab/vendor/ruby/2.7.0/gems/rspec-core-3.10.1/lib/rspec/core/runner.rb:132:in `configure' /builds/gitlab-org/security/gitlab/vendor/ruby/2.7.0/gems/rspec-core-3.10.1/lib/rspec/core/configuration_options.rb:22:in `configure' /builds/gitlab-org/security/gitlab/vendor/ruby/2.7.0/gems/rspec-core-3.10.1/lib/rspec/core/configuration_options.rb:112:in `process_options_into' /builds/gitlab-org/security/gitlab/vendor/ruby/2.7.0/gems/rspec-core-3.10.1/lib/rspec/core/configuration_options.rb:112:in `each' /builds/gitlab-org/security/gitlab/vendor/ruby/2.7.0/gems/rspec-core-3.10.1/lib/rspec/core/configuration_options.rb:113:in `block in process_options_into' /builds/gitlab-org/security/gitlab/vendor/ruby/2.7.0/gems/rspec-core-3.10.1/lib/rspec/core/configuration.rb:1574:in `requires=' /builds/gitlab-org/security/gitlab/vendor/ruby/2.7.0/gems/rspec-core-3.10.1/lib/rspec/core/configuration.rb:1574:in `each' /builds/gitlab-org/security/gitlab/vendor/ruby/2.7.0/gems/rspec-core-3.10.1/lib/rspec/core/configuration.rb:1574:in `block in requires=' /builds/gitlab-org/security/gitlab/vendor/ruby/2.7.0/gems/rspec-core-3.10.1/lib/rspec/core/configuration.rb:2112:in `load_file_handling_errors' /builds/gitlab-org/security/gitlab/vendor/ruby/2.7.0/gems/rspec-core-3.10.1/lib/rspec/core/configuration.rb:2112:in `require' /builds/gitlab-org/security/gitlab/spec/spec_helper.rb:71:in `' /builds/gitlab-org/security/gitlab/spec/spec_helper.rb:71:in `each' /builds/gitlab-org/security/gitlab/spec/spec_helper.rb:71:in `block in ' /builds/gitlab-org/security/gitlab/vendor/ruby/2.7.0/gems/bootsnap-1.4.6/lib/bootsnap/load_path_cache/core_ext/kernel_require.rb:31:in `require' /builds/gitlab-org/security/gitlab/vendor/ruby/2.7.0/gems/bootsnap-1.4.6/lib/bootsnap/load_path_cache/core_ext/kernel_require.rb:22:in `require_with_bootsnap_lfi' /builds/gitlab-org/security/gitlab/vendor/ruby/2.7.0/gems/bootsnap-1.4.6/lib/bootsnap/load_path_cache/loaded_features_index.rb:92:in `register' /builds/gitlab-org/security/gitlab/vendor/ruby/2.7.0/gems/bootsnap-1.4.6/lib/bootsnap/load_path_cache/core_ext/kernel_require.rb:23:in `block in require_with_bootsnap_lfi' /builds/gitlab-org/security/gitlab/vendor/ruby/2.7.0/gems/bootsnap-1.4.6/lib/bootsnap/load_path_cache/core_ext/kernel_require.rb:23:in `require' /builds/gitlab-org/security/gitlab/spec/support/shared_examples/requests/api/issues/merge_requests_count_shared_examples.rb:3:in `' -- Machine register context ------------------------------------------------ RIP: 0x00007fba9179f8fb RBP: 0x00007ffdb2bc4dc0 RSP: 0x00007ffdb2bc3d40 RAX: 0x0000565411171e60 RBX: 0x0000000000000000 RCX: 0x0000000004bf1491 RDX: 0x00007ffdb2bc4dc0 RDI: 0x00005654110bc550 RSI: 0x00007fba9179f8c0 R8: 0x0000565406728098 R9: 0x00007fba91124170 R10: 0x0000565406726010 R11: 0x00007fba91124170 R12: 0x00007fba9179f8c0 R13: 0x0000000004bd5abc R14: 0x000056543d860c70 R15: 0x0000565435cff1e0 EFL: 0x0000000000010246 -- Other runtime information ----------------------------------------------- ``` We managed to generate a core file from this seg fault: ``` $ docker run -v /tmp/bugs:/bugs -it registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.7.2.patched-golang-1.14-git-2.31-lfs-2.9-chrome-89-node-14.15-yarn-1.22-postgresql-12-graphicsmagick-1.3.36 bash root@25a81975afab:/bugs# mkdir -p /builds/gitlab-org/security/gitlab/ root@25a81975afab:/bugs# cd /builds/gitlab-org/security/gitlab/ root@25a81975afab:/builds/gitlab-org/security/gitlab# unzip /bugs/cache.zip Archive: /bugs/cache.zip creating: vendor/gitaly-ruby/ creating: vendor/gitaly-ruby/ruby/ creating: vendor/gitaly-ruby/ruby/2.7.0/ creating: vendor/gitaly-ruby/ruby/2.7.0/bin/ inflating: vendor/gitaly-ruby/ruby/2.7.0/bin/codera root@25a81975afab:/bugs# gdb /usr/local/bin/ruby --core core.bundle.1618331218.363 GNU gdb (Debian 8.2.1-2+b3) 8.2.1 Copyright (C) 2018 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-linux-gnu". Type "show configuration" for configuration details. For bug reporting instructions, please see: . Find the GDB manual and other documentation resources online at: . For help, type "help". Type "apropos word" to search for commands related to "word"... Reading symbols from /usr/local/bin/ruby...done. warning: core file may not match specified executable file. [New LWP 363] [New LWP 533] [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". Core was generated by `/builds/gitlab-org/security/gitlab/vendor/ruby/2.7.0/bin/rspec -Ispec -rspec_he'. Program terminated with signal SIGABRT, Aborted. #0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50 50 ../sysdeps/unix/sysv/linux/raise.c: No such file or directory. [Current thread is 1 (Thread 0x7fba90f65740 (LWP 363))] (gdb) t a a bt Thread 2 (Thread 0x7fba87c62700 (LWP 533)): #0 0x00007fba91056916 in __GI_ppoll (fds=fds@entry=0x7fba87b616d8, nfds=nfds@entry=1, timeout=, timeout@entry=0x7fba87b616e0, sigmask=sigmask@entry=0x0) at ../sysdeps/unix/sysv/linux/ppoll.c:39 #1 0x00007fba91771890 in rb_sigwait_sleep (th=th@entry=0x5654120da230, sigwait_fd=sigwait_fd@entry=3, rel=rel@entry=0x7fba87b61790) at hrtime.h:148 #2 0x00007fba91772599 in native_sleep (th=0x5654120da230, rel=0x7fba87b61790) at thread_pthread.c:2099 #3 0x00007fba91775e2f in sleep_hrtime (fl=2, rel=, th=0x5654120da230) at thread.c:1303 #4 rb_thread_wait_for (time=...) at thread.c:1351 #5 0x00007fba916e10e0 in rb_f_sleep (argc=1, argv=0x7fba87b61d58, _=) at process.c:4886 #6 0x00007fba917a4c39 in vm_call_cfunc_with_frame (empty_kw_splat=, cd=0x56540b8b7a80, calling=, reg_cfp=0x7fba87c61ca0, ec=0x5654120da410) at vm_insnhelper.c:2514 #7 vm_call_cfunc (ec=0x5654120da410, reg_cfp=0x7fba87c61ca0, calling=, cd=0x56540b8b7a80) at vm_insnhelper.c:2539 #8 0x00007fba917bd6bc in vm_call_method_each_type (ec=0x5654120da410, cfp=0x7fba87c61ca0, calling=0x7fba87b61a00, cd=0x56540b8b7a80) at vm_insnhelper.c:2925 #9 0x00007fba917bde55 in vm_call_method_each_type (cd=, calling=, cfp=, ec=) at vm_insnhelper.c:3026 #10 vm_call_method (ec=0x5654120da410, cfp=0x7fba87c61ca0, calling=, cd=) at vm_insnhelper.c:3053 #11 0x00007fba917b0072 in vm_sendish (block_handler=, method_explorer=, cd=, reg_cfp=, ec=) at vm_insnhelper.c:4023 #12 vm_exec_core (ec=0x7fba87b616d8, initial=1) at insns.def:801 #13 0x00007fba917b5b8c in rb_vm_exec (ec=0x5654120da410, mjit_enable_p=1) at vm.c:1920 #14 0x00007fba917b729c in invoke_iseq_block_from_c (me=0x0, is_lambda=, cref=0x0, passed_block_handler=0, kw_splat=, argv=, argc=1, self=94918931276240, captured=, ec=0x5654120da410) at vm.c:1116 #15 invoke_block_from_c_proc (me=0x0, is_lambda=, passed_block_handler=0, kw_splat=, argv=, argc=1, self=94918931276240, proc=0x5654120da410, ec=0x5654120da410) at vm.c:1216 #16 vm_invoke_proc (passed_block_handler=0, kw_splat=, argv=, argc=1, self=94918931276240, proc=0x5654120da410, ec=0x5654120da410) at vm.c:1238 #17 rb_vm_invoke_proc (ec=0x5654120da410, proc=proc@entry=0x5654135f2920, argc=1, argv=, kw_splat=, passed_block_handler=passed_block_handler@entry=0) at vm.c:1259 #18 0x00007fba9177447d in thread_do_start (th=0x5654120da230) at thread.c:697 #19 0x00007fba917764ff in thread_start_func_2 (th=0x5654120da230, stack_start=) at thread.c:745 #20 0x00007fba91776a44 in thread_start_func_1 (th_ptr=) at thread_pthread.c:969 #21 0x00007fba912fefa3 in start_thread (arg=) at pthread_create.c:486 #22 0x00007fba910614cf in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95 Thread 1 (Thread 0x7fba90f65740 (LWP 363)): #0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50 #1 0x00007fba90f8a535 in __GI_abort () at abort.c:79 #2 0x00007fba9157275b in die () at error.c:664 #3 rb_bug_for_fatal_signal (default_sighandler=0x0, sig=sig@entry=11, ctx=ctx@entry=0x565406831a00, fmt=fmt@entry=0x7fba91808f8b "Segmentation fault at %p") at error.c:664 #4 0x00007fba917314db in sigsegv (sig=11, info=0x565406831b30, ctx=0x565406831a00) at signal.c:946 #5 #6 rb_class_clear_method_cache (klass=0, arg=140439281334464) at vm.c:362 #7 0x00007fba9159b33d in rb_class_foreach_subclass (arg=8, f=, klass=) at class.c:122 #8 rb_class_detach_module_subclasses (klass=) at class.c:147 #9 0x0000000000000000 in ?? () (gdb) ``` This seg fault seems to have occurred `rb_class_clear_method_cache`, perhaps in https://github.com/ruby/ruby/blob/5445e0435260b449decf2ac16f9d09bae3cafe72/vm.c#L362? ---Files-------------------------------- job.log (1.93 MB) -- https://bugs.ruby-lang.org/