From: jean.boussier@...
Date: 2020-03-11T10:36:43+00:00
Subject: [ruby-core:97445] [Ruby master Bug#16682] Ruby 2.7.0p0 crash on exit if there is an active RUBY_INTERNAL_EVENT_GC_EXIT tracepoint

Issue #16682 has been updated by byroot (Jean Boussier).


So I just tried your patch, it does indeed fix my reproduction script, however It doesn't fix the other crashes I reported above. However this time I managed to get the C-level backtrace for `try to mark T_NONE object`.

```
-- C level backtrace information -------------------------------------------
ruby-2.7.0/bin/ruby(rb_vm_bugreport+0x96) [0x10895e1f6]
ruby-2.7.0/bin/ruby(rb_bug+0xcc) [0x10896ab86]
ruby-2.7.0/bin/ruby(gc_mark_ptr+0x17a) [0x1087bc72a]
ruby-2.7.0/bin/ruby(mark_keyvalue+0x49) [0x1087bd4d9]
ruby-2.7.0/bin/ruby(st_general_foreach+0xa9) [0x1088c8389]
ruby-2.7.0/bin/ruby(rb_st_foreach+0x33) [0x1088c8a53]
ruby-2.7.0/bin/ruby(gc_mark_children+0x8e8) [0x1087b2078]
ruby-2.7.0/bin/ruby(gc_mark_stacked_objects_incremental+0x9e) [0x1087bae0e]
ruby-2.7.0/bin/ruby(newobj_slowpath+0x50f) [0x1087b7e9f]
ruby-2.7.0/bin/ruby(newobj_slowpath_wb_protected+0x14) [0x1087b7964]
ruby-2.7.0/bin/ruby(rb_hash_transform_keys+0x27) [0x1087c72e7]
ruby-2.7.0/bin/ruby(vm_call_cfunc+0x170) [0x10894f220]
ruby-2.7.0/bin/ruby(vm_exec_core+0x3782) [0x108934f52]
ruby-2.7.0/bin/ruby(rb_vm_exec+0xadc) [0x10894a03c]
ruby-2.7.0/bin/ruby(rb_yield+0xa7) [0x108942a87]
ruby-2.7.0/bin/ruby(transform_values_foreach_replace+0x11) [0x1087cb181]
ruby-2.7.0/bin/ruby(st_general_foreach+0xe0) [0x1088c83c0]
ruby-2.7.0/bin/ruby(rb_hash_transform_values_bang+0x137) [0x1087c77e7]
ruby-2.7.0/bin/ruby(vm_call_cfunc+0x170) [0x10894f220]
ruby-2.7.0/bin/ruby(vm_exec_core+0x3782) [0x108934f52]
ruby-2.7.0/bin/ruby(rb_vm_exec+0xadc) [0x10894a03c]
ruby-2.7.0/bin/ruby(rb_yield+0xa7) [0x108942a87]
ruby-2.7.0/bin/ruby(transform_values_foreach_replace+0x11) [0x1087cb181]
ruby-2.7.0/bin/ruby(st_general_foreach+0xe0) [0x1088c83c0]
ruby-2.7.0/bin/ruby(rb_hash_transform_values_bang+0x137) [0x1087c77e7]
ruby-2.7.0/bin/ruby(vm_call_cfunc+0x170) [0x10894f220]
ruby-2.7.0/bin/ruby(vm_exec_core+0x3782) [0x108934f52]
ruby-2.7.0/bin/ruby(rb_vm_exec+0xadc) [0x10894a03c]
ruby-2.7.0/bin/ruby(rb_yield+0xa7) [0x108942a87]
ruby-2.7.0/bin/ruby(transform_values_foreach_replace+0x11) [0x1087cb181]
ruby-2.7.0/bin/ruby(st_general_foreach+0xe0) [0x1088c83c0]
ruby-2.7.0/bin/ruby(rb_hash_transform_values_bang+0x137) [0x1087c77e7]
ruby-2.7.0/bin/ruby(vm_call_cfunc+0x170) [0x10894f220]
ruby-2.7.0/bin/ruby(vm_exec_core+0x3782) [0x108934f52]
ruby-2.7.0/bin/ruby(rb_vm_exec+0xadc) [0x10894a03c]
ruby-2.7.0/bin/ruby(catch_i+0x67) [0x108959f17]
ruby-2.7.0/bin/ruby(vm_catch_protect+0xd5) [0x1089452a5]
ruby-2.7.0/bin/ruby(rb_f_catch+0x57) [0x108945987]
ruby-2.7.0/bin/ruby(vm_call_cfunc+0x170) [0x10894f220]
ruby-2.7.0/bin/ruby(vm_exec_core+0x3782) [0x108934f52]
ruby-2.7.0/bin/ruby(rb_vm_exec+0xadc) [0x10894a03c]
ruby-2.7.0/bin/ruby(rb_yield+0xa7) [0x108942a87]
ruby-2.7.0/bin/ruby(rb_ary_each+0x39) [0x1086f5a69]
ruby-2.7.0/bin/ruby(vm_call_cfunc+0x170) [0x10894f220]
ruby-2.7.0/bin/ruby(vm_exec_core+0x3782) [0x108934f52]
ruby-2.7.0/bin/ruby(rb_vm_exec+0xadc) [0x10894a03c]
ruby-2.7.0/bin/ruby(catch_i+0x67) [0x108959f17]
ruby-2.7.0/bin/ruby(vm_catch_protect+0xd5) [0x1089452a5]
ruby-2.7.0/bin/ruby(rb_f_catch+0x57) [0x108945987]
ruby-2.7.0/bin/ruby(vm_call_cfunc+0x170) [0x10894f220]
ruby-2.7.0/bin/ruby(vm_exec_core+0x3782) [0x108934f52]
ruby-2.7.0/bin/ruby(rb_vm_exec+0xadc) [0x10894a03c]
ruby-2.7.0/bin/ruby(rb_funcallv_with_cc+0x8a) [0x10893d73a]
ruby-2.7.0/bin/ruby(rb_inspect+0x20) [0x10882c7c0]
ruby-2.7.0/bin/ruby(inspect_ary+0x98) [0x1087050b8]
ruby-2.7.0/bin/ruby(exec_recursive+0x423) [0x108900943]
ruby-2.7.0/bin/ruby(vm_call_cfunc+0x170) [0x10894f220]
ruby-2.7.0/bin/ruby(vm_exec_core+0x38df) [0x1089350af]
ruby-2.7.0/bin/ruby(rb_vm_exec+0xadc) [0x10894a03c]
ruby-2.7.0/bin/ruby(rb_call0+0x5e7) [0x108958ec7]
ruby-2.7.0/bin/ruby(rb_funcall_with_block_kw+0x85) [0x108942875]
ruby-2.7.0/bin/ruby(rb_yield+0xa7) [0x108942a87]
ruby-2.7.0/bin/ruby(rb_ary_collect+0xf2) [0x1086fbdd2]
ruby-2.7.0/bin/ruby(vm_call_cfunc+0x170) [0x10894f220]
ruby-2.7.0/bin/ruby(vm_exec_core+0x3782) [0x108934f52]
ruby-2.7.0/bin/ruby(rb_vm_exec+0xadc) [0x10894a03c]
ruby-2.7.0/bin/ruby(rb_yield+0xa7) [0x108942a87]
ruby-2.7.0/bin/ruby(rb_ary_each+0x39) [0x1086f5a69]
ruby-2.7.0/bin/ruby(vm_call_cfunc+0x170) [0x10894f220]
ruby-2.7.0/bin/ruby(vm_exec_core+0x3782) [0x108934f52]
ruby-2.7.0/bin/ruby(rb_vm_exec+0xadc) [0x10894a03c]
ruby-2.7.0/bin/ruby(rb_yield_values2+0x4e) [0x108942cde]
ruby-2.7.0/bin/ruby(rb_ensure+0xf0) [0x10879c430]
ruby-2.7.0/bin/ruby(vm_call_cfunc+0x170) [0x10894f220]
ruby-2.7.0/bin/ruby(vm_exec_core+0x3782) [0x108934f52]
ruby-2.7.0/bin/ruby(rb_vm_exec+0xadc) [0x10894a03c]
ruby-2.7.0/bin/ruby(yield_under+0x40d) [0x108944f4d]
ruby-2.7.0/bin/ruby(vm_call_cfunc+0x170) [0x10894f220]
ruby-2.7.0/bin/ruby(vm_exec_core+0x3782) [0x108934f52]
ruby-2.7.0/bin/ruby(rb_vm_exec+0xadc) [0x10894a03c]
ruby-2.7.0/bin/ruby(yield_under+0x40d) [0x108944f4d]
ruby-2.7.0/bin/ruby(vm_call_cfunc+0x170) [0x10894f220]
ruby-2.7.0/bin/ruby(vm_call_opt_send+0x2f4) [0x108950074]
ruby-2.7.0/bin/ruby(vm_exec_core+0x3782) [0x108934f52]
ruby-2.7.0/bin/ruby(rb_vm_exec+0xadc) [0x10894a03c]
ruby-2.7.0/bin/ruby(rb_yield+0xa7) [0x108942a87]
ruby-2.7.0/bin/ruby(rb_ary_each+0x39) [0x1086f5a69]
ruby-2.7.0/bin/ruby(vm_call_cfunc+0x170) [0x10894f220]
ruby-2.7.0/bin/ruby(vm_exec_core+0x3782) [0x108934f52]
ruby-2.7.0/bin/ruby(rb_vm_exec+0xadc) [0x10894a03c]
ruby-2.7.0/bin/ruby(yield_under+0x40d) [0x108944f4d]
ruby-2.7.0/bin/ruby(vm_call_cfunc+0x170) [0x10894f220]
ruby-2.7.0/bin/ruby(vm_exec_core+0x3782) [0x108934f52]
ruby-2.7.0/bin/ruby(rb_vm_exec+0xadc) [0x10894a03c]
ruby-2.7.0/bin/ruby(yield_under+0x40d) [0x108944f4d]
ruby-2.7.0/bin/ruby(vm_call_cfunc+0x170) [0x10894f220]
ruby-2.7.0/bin/ruby(vm_call_opt_send+0x2f4) [0x108950074]
ruby-2.7.0/bin/ruby(vm_exec_core+0x3782) [0x108934f52]
ruby-2.7.0/bin/ruby(rb_vm_exec+0xadc) [0x10894a03c]
ruby-2.7.0/bin/ruby(yield_under+0x40d) [0x108944f4d]
ruby-2.7.0/bin/ruby(vm_call_cfunc+0x170) [0x10894f220]
ruby-2.7.0/bin/ruby(vm_exec_core+0x3782) [0x108934f52]
ruby-2.7.0/bin/ruby(rb_vm_exec+0xadc) [0x10894a03c]
ruby-2.7.0/bin/ruby(yield_under+0x40d) [0x108944f4d]
ruby-2.7.0/bin/ruby(vm_call_cfunc+0x170) [0x10894f220]
ruby-2.7.0/bin/ruby(vm_call_opt_send+0x2f4) [0x108950074]
ruby-2.7.0/bin/ruby(vm_exec_core+0x3782) [0x108934f52]
ruby-2.7.0/bin/ruby(rb_vm_exec+0xadc) [0x10894a03c]
ruby-2.7.0/bin/ruby(yield_under+0x40d) [0x108944f4d]
ruby-2.7.0/bin/ruby(vm_call_cfunc+0x170) [0x10894f220]
ruby-2.7.0/bin/ruby(vm_exec_core+0x3782) [0x108934f52]
ruby-2.7.0/bin/ruby(rb_vm_exec+0xadc) [0x10894a03c]
ruby-2.7.0/bin/ruby(yield_under+0x40d) [0x108944f4d]
ruby-2.7.0/bin/ruby(vm_call_cfunc+0x170) [0x10894f220]
ruby-2.7.0/bin/ruby(vm_call_opt_send+0x2f4) [0x108950074]
ruby-2.7.0/bin/ruby(vm_exec_core+0x3782) [0x108934f52]
ruby-2.7.0/bin/ruby(rb_vm_exec+0xadc) [0x10894a03c]
ruby-2.7.0/bin/ruby(rb_vm_invoke_bmethod+0x7f1) [0x108947821]
ruby-2.7.0/bin/ruby(vm_call_bmethod+0xac) [0x10894fbfc]
ruby-2.7.0/bin/ruby(vm_call_opt_send+0x2f4) [0x108950074]
ruby-2.7.0/bin/ruby(vm_exec_core+0x38df) [0x1089350af]
ruby-2.7.0/bin/ruby(rb_vm_exec+0xadc) [0x10894a03c]
ruby-2.7.0/bin/ruby(rb_yield+0xa7) [0x108942a87]
ruby-2.7.0/bin/ruby(rb_ary_each+0x39) [0x1086f5a69]
ruby-2.7.0/bin/ruby(vm_call_cfunc+0x170) [0x10894f220]
ruby-2.7.0/bin/ruby(vm_exec_core+0x3782) [0x108934f52]
ruby-2.7.0/bin/ruby(rb_vm_exec+0xadc) [0x10894a03c]
ruby-2.7.0/bin/ruby(rb_yield+0xa7) [0x108942a87]
ruby-2.7.0/bin/ruby(rb_ary_collect+0xf2) [0x1086fbdd2]
ruby-2.7.0/bin/ruby(vm_call_cfunc+0x170) [0x10894f220]
ruby-2.7.0/bin/ruby(vm_exec_core+0x3782) [0x108934f52]
ruby-2.7.0/bin/ruby(rb_vm_exec+0xadc) [0x10894a03c]
ruby-2.7.0/bin/ruby(rb_proc_call+0x9f) [0x10886255f]
ruby-2.7.0/bin/ruby(rb_ec_exec_end_proc+0x172) [0x10879e4c2]
ruby-2.7.0/bin/ruby(rb_ec_teardown+0xaf) [0x10879afbf]
ruby-2.7.0/bin/ruby(rb_ec_cleanup+0x17e) [0x10879b18e]
ruby-2.7.0/bin/ruby(ruby_stop+0x9) [0x10879b3d9]
ruby-2.7.0/bin/ruby(rb_f_fork+0x98) [0x10886e028]
ruby-2.7.0/bin/ruby(vm_call_cfunc+0x170) [0x10894f220]
ruby-2.7.0/bin/ruby(vm_exec_core+0x492b) [0x1089360fb]
ruby-2.7.0/bin/ruby(rb_vm_exec+0xadc) [0x10894a03c]
ruby-2.7.0/bin/ruby(loop_i+0x29) [0x108959f99]
ruby-2.7.0/bin/ruby(rb_vrescue2+0x114) [0x10879c024]
ruby-2.7.0/bin/ruby(rb_rescue2+0x7b) [0x10879beeb]
ruby-2.7.0/bin/ruby(vm_call_cfunc+0x170) [0x10894f220]
ruby-2.7.0/bin/ruby(vm_exec_core+0x3782) [0x108934f52]
ruby-2.7.0/bin/ruby(rb_vm_exec+0xadc) [0x10894a03c]
ruby-2.7.0/bin/ruby(load_iseq_eval+0xb9) [0x1087f4fb9]
ruby-2.7.0/bin/ruby(require_internal+0x2f1) [0x1087f3cc1]
ruby-2.7.0/bin/ruby(rb_f_require+0x21) [0x1087f3201]
ruby-2.7.0/bin/ruby(vm_call_cfunc+0x170) [0x10894f220]
ruby-2.7.0/bin/ruby(vm_exec_core+0x38df) [0x1089350af]
ruby-2.7.0/bin/ruby(rb_vm_exec+0xadc) [0x10894a03c]
ruby-2.7.0/bin/ruby(rb_ec_exec_node+0xc6) [0x10879b5a6]
ruby-2.7.0/bin/ruby(ruby_run_node+0x55) [0x10879b485]
ruby-2.7.0/bin/ruby(main+0x5d) [0x1086f2c9d]
```

----------------------------------------
Bug #16682: Ruby 2.7.0p0 crash on exit if there is an active RUBY_INTERNAL_EVENT_GC_EXIT tracepoint
https://bugs.ruby-lang.org/issues/16682#change-84590

* Author: byroot (Jean Boussier)
* Status: Open
* Priority: Normal
* ruby -v: ruby 2.7.0p0 (2019-12-25 revision 647ee6f091) [x86_64-darwin19]
* Backport: 2.5: UNKNOWN, 2.6: UNKNOWN, 2.7: UNKNOWN
----------------------------------------
```
[BUG] object allocation during garbage collection phase
ruby 2.7.0p0 (2019-12-25 revision 647ee6f091) [x86_64-darwin19]

-- Crash Report log information --------------------------------------------
   See Crash Report log file under the one of following:                    
     * ~/Library/Logs/DiagnosticReports                                     
     * /Library/Logs/DiagnosticReports                                      
   for more details.                                                        
Don't forget to include the above Crash Report log file in bug reports.     

-- Control frame information -----------------------------------------------
c:0001 p:0001 s:0003 E:002690 (none) [FINISH]


-- C level backtrace information -------------------------------------------
/Users/byroot/.rubies/ruby-2.7.0/bin/ruby(rb_vm_bugreport+0x96) [0x10fa9f266]
/Users/byroot/.rubies/ruby-2.7.0/bin/ruby(rb_bug+0xcc) [0x10faabb86]
/Users/byroot/.rubies/ruby-2.7.0/bin/ruby(newobj_slowpath+0x99c) [0x10f8f939c]
/Users/byroot/.rubies/ruby-2.7.0/bin/ruby(newobj_slowpath_wb_protected+0x14) [0x10f8f89d4]
/Users/byroot/.rubies/ruby-2.7.0/bin/ruby(rb_str_buf_new+0x1e) [0x10fa151be]
/Users/byroot/.rubies/ruby-2.7.0/bin/ruby(rb_enc_vsprintf+0x48) [0x10fa03178]
/Users/byroot/.rubies/ruby-2.7.0/bin/ruby(rb_vraise+0x14) [0x10f8d4d84]
/Users/byroot/.rubies/ruby-2.7.0/bin/ruby(rb_raise+0x7b) [0x10f8d052b]
/Users/byroot/.rubies/ruby-2.7.0/bin/ruby(rb_check_typeddata+0xf3) [0x10f8d19a3]
/Users/byroot/.rubies/ruby-2.7.0/bin/ruby(tp_call_trace+0x2a) [0x10faa1aaa]
/Users/byroot/.rubies/ruby-2.7.0/bin/ruby(rb_exec_event_hooks+0x163) [0x10faa0ab3]
/Users/byroot/.rubies/ruby-2.7.0/bin/ruby(rb_objspace_call_finalizer+0x8b7) [0x10f8eded7]
/Users/byroot/.rubies/ruby-2.7.0/bin/ruby(rb_ec_cleanup+0x2de) [0x10f8dc35e]
/Users/byroot/.rubies/ruby-2.7.0/bin/ruby(ruby_run_node+0x5f) [0x10f8dc4ff]
/Users/byroot/.rubies/ruby-2.7.0/bin/ruby(main+0x5d) [0x10f833d0d]
```

It also crash in other circumstances, but I'm not able to reproduce them as easily.

Older versions are not affected.

I created a repository to easily reproduce the issue: https://github.com/casperisfine/ruby-tracepoint-crash



-- 
https://bugs.ruby-lang.org/

Unsubscribe: <mailto:ruby-core-request@ruby-lang.org?subject=unsubscribe>
<http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>