[ruby-core:122548] [Ruby Bug#21441] SEGV during thread cleanup if profiler calls thread_profiles

ruby-core@ruby-lang.org archive (unofficial mirror)
 help / color / mirror / Atom feed

* [ruby-core:122548] [Ruby Bug#21441] SEGV during thread cleanup if profiler calls thread_profiles_frames at wrong time
@ 2025-06-17 20:45 luke-gru (Luke Gruber) via ruby-core
  2025-06-17 20:58 ` [ruby-core:122549] " luke-gru (Luke Gruber) via ruby-core
  2025-06-29  4:08 ` [ruby-core:122620] " nagachika (Tomoyuki Chikanaga) via ruby-core
  0 siblings, 2 replies; 3+ messages in thread
From: luke-gru (Luke Gruber) via ruby-core @ 2025-06-17 20:45 UTC (permalink / raw)
  To: ruby-core; +Cc: luke-gru (Luke Gruber)

Issue #21441 has been reported by luke-gru (Luke Gruber).

----------------------------------------
Bug #21441: SEGV during thread cleanup if profiler calls thread_profiles_frames at wrong time
https://bugs.ruby-lang.org/issues/21441

* Author: luke-gru (Luke Gruber)
* Status: Open
* ruby -v: 3.5.0
* Backport: 3.2: UNKNOWN, 3.3: UNKNOWN, 3.4: UNKNOWN
----------------------------------------
During thread cleanup, if a ruby sampling profiler calls `thread_profile_frames` at just the wrong time, the ec's stack is cleared but the CFP still exists on the EC, so `thread_profile_frames` assumes it can walk the stack and crashes.

In `rb_ec_clear_vm_stack`, it should set `cfp` to `NULL` before clearing the stack. If during `rc_ec_clear_vm_stack` the process gets a signal and this thread handles it and calls `thread_profile_frames`, the early return check of `if (!cfp)` fails, it continues and crashes in this function.



-- 
https://bugs.ruby-lang.org/
______________________________________________
 ruby-core mailing list -- ruby-core@ml.ruby-lang.org
 To unsubscribe send an email to ruby-core-leave@ml.ruby-lang.org
 ruby-core info -- https://ml.ruby-lang.org/mailman3/lists/ruby-core.ml.ruby-lang.org/

^ permalink raw reply	[flat|nested] 3+ messages in thread

* [ruby-core:122549] [Ruby Bug#21441] SEGV during thread cleanup if profiler calls thread_profiles_frames at wrong time
  2025-06-17 20:45 [ruby-core:122548] [Ruby Bug#21441] SEGV during thread cleanup if profiler calls thread_profiles_frames at wrong time luke-gru (Luke Gruber) via ruby-core
@ 2025-06-17 20:58 ` luke-gru (Luke Gruber) via ruby-core
  2025-06-29  4:08 ` [ruby-core:122620] " nagachika (Tomoyuki Chikanaga) via ruby-core
  1 sibling, 0 replies; 3+ messages in thread
From: luke-gru (Luke Gruber) via ruby-core @ 2025-06-17 20:58 UTC (permalink / raw)
  To: ruby-core; +Cc: luke-gru (Luke Gruber)

Issue #21441 has been updated by luke-gru (Luke Gruber).


I opened a PR [here](https://github.com/ruby/ruby/pull/13643).

This may need to be backported.

----------------------------------------
Bug #21441: SEGV during thread cleanup if profiler calls thread_profiles_frames at wrong time
https://bugs.ruby-lang.org/issues/21441#change-113779

* Author: luke-gru (Luke Gruber)
* Status: Open
* ruby -v: 3.5.0
* Backport: 3.2: UNKNOWN, 3.3: UNKNOWN, 3.4: UNKNOWN
----------------------------------------
During thread cleanup, if a ruby sampling profiler calls `thread_profile_frames` at just the wrong time, the ec's stack is cleared but the CFP still exists on the EC, so `thread_profile_frames` assumes it can walk the stack and crashes.

In `rb_ec_clear_vm_stack`, it should set `cfp` to `NULL` before clearing the stack. If during `rc_ec_clear_vm_stack` the process gets a signal and this thread handles it and calls `thread_profile_frames`, the early return check of `if (!cfp)` fails, it continues and crashes in this function.



-- 
https://bugs.ruby-lang.org/
______________________________________________
 ruby-core mailing list -- ruby-core@ml.ruby-lang.org
 To unsubscribe send an email to ruby-core-leave@ml.ruby-lang.org
 ruby-core info -- https://ml.ruby-lang.org/mailman3/lists/ruby-core.ml.ruby-lang.org/

^ permalink raw reply	[flat|nested] 3+ messages in thread

* [ruby-core:122620] [Ruby Bug#21441] SEGV during thread cleanup if profiler calls thread_profiles_frames at wrong time
  2025-06-17 20:45 [ruby-core:122548] [Ruby Bug#21441] SEGV during thread cleanup if profiler calls thread_profiles_frames at wrong time luke-gru (Luke Gruber) via ruby-core
  2025-06-17 20:58 ` [ruby-core:122549] " luke-gru (Luke Gruber) via ruby-core
@ 2025-06-29  4:08 ` nagachika (Tomoyuki Chikanaga) via ruby-core
  1 sibling, 0 replies; 3+ messages in thread
From: nagachika (Tomoyuki Chikanaga) via ruby-core @ 2025-06-29  4:08 UTC (permalink / raw)
  To: ruby-core; +Cc: nagachika (Tomoyuki Chikanaga)

Issue #21441 has been updated by nagachika (Tomoyuki Chikanaga).

Backport changed from 3.2: UNKNOWN, 3.3: REQUIRED, 3.4: REQUIRED to 3.2: UNKNOWN, 3.3: DONE, 3.4: REQUIRED

Merged https://github.com/ruby/ruby/pull/13672 into ruby_3_3 branch.

----------------------------------------
Bug #21441: SEGV during thread cleanup if profiler calls thread_profiles_frames at wrong time
https://bugs.ruby-lang.org/issues/21441#change-113859

* Author: luke-gru (Luke Gruber)
* Status: Closed
* ruby -v: 3.5.0
* Backport: 3.2: UNKNOWN, 3.3: DONE, 3.4: REQUIRED
----------------------------------------
During thread cleanup, if a ruby sampling profiler calls `thread_profile_frames` at just the wrong time, the ec's stack is cleared but the CFP still exists on the EC, so `thread_profile_frames` assumes it can walk the stack and crashes.

In `rb_ec_clear_vm_stack`, it should set `cfp` to `NULL` before clearing the stack. If during `rc_ec_clear_vm_stack` the process gets a signal and this thread handles it and calls `thread_profile_frames`, the early return check of `if (!cfp)` fails, it continues and crashes in this function.



-- 
https://bugs.ruby-lang.org/
______________________________________________
 ruby-core mailing list -- ruby-core@ml.ruby-lang.org
 To unsubscribe send an email to ruby-core-leave@ml.ruby-lang.org
 ruby-core info -- https://ml.ruby-lang.org/mailman3/lists/ruby-core.ml.ruby-lang.org/

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2025-06-29  4:10 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-06-17 20:45 [ruby-core:122548] [Ruby Bug#21441] SEGV during thread cleanup if profiler calls thread_profiles_frames at wrong time luke-gru (Luke Gruber) via ruby-core
2025-06-17 20:58 ` [ruby-core:122549] " luke-gru (Luke Gruber) via ruby-core
2025-06-29  4:08 ` [ruby-core:122620] " nagachika (Tomoyuki Chikanaga) via ruby-core

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).