From: "k0kubun (Takashi Kokubun) via ruby-core" <ruby-core@...>
Date: 2025-07-14T21:36:11+00:00
Subject: [ruby-core:122769] [Ruby Bug#21441] SEGV during thread cleanup if profiler calls thread_profiles_frames at wrong time

Issue #21441 has been updated by k0kubun (Takashi Kokubun).

Backport changed from 3.2: UNKNOWN, 3.3: DONE, 3.4: REQUIRED to 3.2: UNKNOWN, 3.3: DONE, 3.4: DONE

ruby_3_4 commit:edfcbacabae6317195a55f2b83fafe2d2b3f6fc8.

----------------------------------------
Bug #21441: SEGV during thread cleanup if profiler calls thread_profiles_frames at wrong time
https://bugs.ruby-lang.org/issues/21441#change-114048

* Author: luke-gru (Luke Gruber)
* Status: Closed
* ruby -v: 3.5.0
* Backport: 3.2: UNKNOWN, 3.3: DONE, 3.4: DONE
----------------------------------------
During thread cleanup, if a ruby sampling profiler calls `thread_profile_frames` at just the wrong time, the ec's stack is cleared but the CFP still exists on the EC, so `thread_profile_frames` assumes it can walk the stack and crashes.

In `rb_ec_clear_vm_stack`, it should set `cfp` to `NULL` before clearing the stack. If during `rc_ec_clear_vm_stack` the process gets a signal and this thread handles it and calls `thread_profile_frames`, the early return check of `if (!cfp)` fails, it continues and crashes in this function.



-- 
https://bugs.ruby-lang.org/
______________________________________________
 ruby-core mailing list -- ruby-core@ml.ruby-lang.org
 To unsubscribe send an email to ruby-core-leave@ml.ruby-lang.org
 ruby-core info -- https://ml.ruby-lang.org/mailman3/lists/ruby-core.ml.ruby-lang.org/