Project

General

Profile

Bug #16771

Segmentation fault when inspecting a bound method

Added by decuplet (Nikita Shilnikov) about 2 months ago. Updated 4 days ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Target version:
-
[ruby-core:97756]

Description

This piece of code leads to a crash in ruby 2.7.1.

bound_method = Kernel.instance_method(:respond_to?).bind(Object.new)
100000.times { bound_method.inspect }

I cannot reproduce the error in 2.7.0 so this must be new.
I attached the output, didn't bother with the crash report log, though. It should be easily reproducible since I found it on CI which runs a different OS.


Files

output.txt (41.3 KB) output.txt decuplet (Nikita Shilnikov), 04/08/2020 10:26 PM

Updated by jeremyevans0 (Jeremy Evans) about 2 months ago

I can reproduce this in 2.7.1, but not on master. Here's debugging information:

(gdb) bt
#0  0x00000bbf2523f290 in rb_funcallv_with_cc (cd=0xbbf25296430 <rb_inspect.rb_funcallv_data>, recv=12912719941280, mid=2753, argc=0, argv=0x0) at ./vm_eval.c:1012
#1  0x00000bbf2512f8cf in rb_inspect (obj=12912719941288) at object.c:680
#2  0x00000bbf251678cb in method_inspect (method=12913381588560) at proc.c:2854
#3  0x00000bbf2525014f in vm_call_cfunc_with_frame (ec=<optimized out>, reg_cfp=<optimized out>, calling=<optimized out>, cd=<optimized out>, empty_kw_splat=<optimized out>) at ./vm_insnhelper.c:2514
#4  vm_call_cfunc (ec=0xbbf3908ba50, reg_cfp=0xbbea2dd7f20, calling=<optimized out>, cd=<optimized out>) at ./vm_insnhelper.c:2539
#5  0x00000bbf2523ae24 in vm_sendish (ec=<optimized out>, reg_cfp=<optimized out>, cd=0xbbe82436780, block_handler=0, method_explorer=<optimized out>) at ./vm_insnhelper.c:4023
#6  vm_exec_core (ec=<optimized out>, initial=<optimized out>) at insns.def:801
#7  0x00000bbf2524c06a in rb_vm_exec (ec=<optimized out>, mjit_enable_p=<optimized out>) at vm.c:2139
#8  0x00000bbf25244327 in vm_yield (ec=0xbbf25296430 <rb_inspect.rb_funcallv_data>, argc=1, argv=<optimized out>, kw_splat=0) at vm.c:1179
#9  rb_yield_0 (argc=1, argv=<optimized out>) at ./vm_eval.c:1227
#10 rb_yield_1 (val=<optimized out>) at ./vm_eval.c:1233
#11 0x00000bbf25129918 in int_dotimes (num=200001) at numeric.c:5201
#12 0x00000bbf2525014f in vm_call_cfunc_with_frame (ec=<optimized out>, reg_cfp=<optimized out>, calling=<optimized out>, cd=<optimized out>, empty_kw_splat=<optimized out>) at ./vm_insnhelper.c:2514
#13 vm_call_cfunc (ec=0xbbf3908ba50, reg_cfp=0xbbea2dd7f90, calling=<optimized out>, cd=<optimized out>) at ./vm_insnhelper.c:2539
#14 0x00000bbf2523471b in vm_sendish (ec=<optimized out>, reg_cfp=<optimized out>, cd=0xbbf4722cef0, block_handler=<optimized out>, method_explorer=<optimized out>) at ./vm_insnhelper.c:4023
#15 vm_exec_core (ec=0xbbf3908ba50, initial=<optimized out>) at insns.def:782
#16 0x00000bbf2524c06a in rb_vm_exec (ec=<optimized out>, mjit_enable_p=<optimized out>) at vm.c:2139
#17 0x00000bbf250a094b in rb_ec_exec_node (ec=<optimized out>, n=<optimized out>) at eval.c:278
#18 ruby_run_node (n=<optimized out>) at eval.c:336
#19 0x00000bbc64c0139c in main (argc=<optimized out>, argv=<optimized out>) at ./main.c:50
(gdb) print *cd
$1 = {cc = {method_state = 140, class_serial = {6, 0, 0}, me = 0xbbea185bdb0, method_serial = 42, call = 0xbbf252339a0 <vm_call_general>, aux = {index = 0, method_missing_reason = MISSING_NOENTRY}}, ci = {mid = 2753, flag = 0, orig_argc = 0}}
(gdb) print *(cd->cc->me)
$2 = {flags = 9535493, defined_class = 12914954958280, def = 0x646f6874654d, called_id = 0, owner = 0}
(gdb) print *(cd->cc->me->def)
Cannot access memory at address 0x646f6874654d
#2

Updated by nagachika (Tomoyuki Chikanaga) about 2 months ago

  • Backport changed from 2.5: UNKNOWN, 2.6: UNKNOWN, 2.7: UNKNOWN to 2.5: UNKNOWN, 2.6: UNKNOWN, 2.7: REQUIRED
#3

Updated by jeremyevans0 (Jeremy Evans) 4 days ago

  • Status changed from Open to Closed

Also available in: Atom PDF