GraalVM cannot run WPScan

[josevnz]

Issue

WPScan is a WordPress vulnerability scanner written in Ruby. Installation works fine on Fedora 30 after providing the following dependencies:

Environment

(wpscan) [josevnz@macmini2 ~]$ uname -a
Linux macmini2 5.6.13-100.fc30.x86_64 #1 SMP Fri May 15 00:36:06 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
(wpscan) [josevnz@macmini2 ~]$ free -m
              total        used        free      shared  buff/cache   available
Mem:           1959         133        1735           0          91        1707
Swap:          2099         118        1981
bin  Desktop  Downloads  graalvm-ce-java11-21.0.0.2
graalvm-ce-java11-21.0.0.2/bin/ruby -v
truffleruby 21.0.0.2, like ruby 2.7.2, GraalVM CE Native [x86_64-linux]

Dependencies

sudo dnf install openssl-devel
sudo dnf install libxml2-devel.x86_64
sudo dnf install libxslt-devel.x86_64

But the script dies during execution (it runs briefly using 3 times the amount of memory the regular Ruby run, plus twice the CPU) with the following error:

test -x $HOME/graalvm-ce-java11-21.0.0.2/bin/ruby && export RUBY=$HOME/graalvm-ce-java11-21.0.0.2/bin/ruby|| export RUBY=/usr/bin/ruby
$RUBY $HOME/bin/wpscan --url "$site" --api-token "$WPSCAN_API_KEY" --plugins-detection mixed --format json --output $logfile

Error message:

<no message> (java.lang.NullPointerException)
    from com.oracle.svm.truffle.nfi.NativeClosure.doInvokeClosureBufferRet(NativeClosure.java:182)
    from com.oracle.svm.truffle.nfi.NativeClosure.invokeClosureBufferRet(NativeClosure.java:169)
    from com.oracle.svm.truffle.nfi.NativeSignature$ExecuteHelper.ffiCall(NativeSignature.java:165)
    from com.oracle.svm.truffle.nfi.NativeSignature$ExecuteHelper.execute(NativeSignature.java:146)
    from com.oracle.truffle.nfi.impl.NFIContext.executePrimitive(NFIContext.java:179)
    from com.oracle.truffle.nfi.impl.LibFFISignature$CachedSignatureInfo.execute(LibFFISignature.java:244)
    from com.oracle.truffle.nfi.impl.FunctionExecuteNode$SignatureExecuteNode.execute(FunctionExecuteNode.java:137)
    from org.graalvm.compiler.truffle.runtime.OptimizedCallTarget.executeRootNode(OptimizedCallTarget.java:591)
/home/josevnz/graalvm-ce-java11-21.0.0.2/languages/ruby/lib/truffle/truffle/ffi_backend/function.rb:86:in `block in call'
    from /home/josevnz/graalvm-ce-java11-21.0.0.2/languages/ruby/lib/truffle/truffle/ffi_backend/function.rb:85:in `call'
    from /home/josevnz/graalvm-ce-java11-21.0.0.2/languages/ruby/lib/truffle/truffle/ffi_backend/function.rb:120:in `easy_perform'
    from /home/josevnz/graalvm-ce-java11-21.0.0.2/languages/ruby/lib/gems/gems/ethon-0.12.0/lib/ethon/easy/operations.rb:29:in `perform'
    from /home/josevnz/graalvm-ce-java11-21.0.0.2/languages/ruby/lib/gems/gems/typhoeus-1.4.0/lib/typhoeus/request/operations.rb:16:in `run'
    from /home/josevnz/graalvm-ce-java11-21.0.0.2/languages/ruby/lib/gems/gems/typhoeus-1.4.0/lib/typhoeus/request/cacheable.rb:18:in `run'
    from /home/josevnz/graalvm-ce-java11-21.0.0.2/languages/ruby/lib/gems/gems/typhoeus-1.4.0/lib/typhoeus/request/block_connection.rb:31:in `run'
    from /home/josevnz/graalvm-ce-java11-21.0.0.2/languages/ruby/lib/gems/gems/typhoeus-1.4.0/lib/typhoeus/request/stubbable.rb:25:in `run'
    from /home/josevnz/graalvm-ce-java11-21.0.0.2/languages/ruby/lib/gems/gems/typhoeus-1.4.0/lib/typhoeus/request/before.rb:26:in `run'
    from /home/josevnz/graalvm-ce-java11-21.0.0.2/languages/ruby/lib/gems/gems/cms_scanner-0.13.3/lib/cms_scanner/web_site.rb:139:in `head_and_get'
    from /home/josevnz/graalvm-ce-java11-21.0.0.2/languages/ruby/lib/gems/gems/cms_scanner-0.13.3/app/finders/interesting_findings/robots_txt.rb:11:in `aggressive'
    from /home/josevnz/graalvm-ce-java11-21.0.0.2/languages/ruby/lib/gems/gems/cms_scanner-0.13.3/lib/cms_scanner/finders/base_finders.rb:31:in `run_finder'
    from /home/josevnz/graalvm-ce-java11-21.0.0.2/languages/ruby/lib/gems/gems/cms_scanner-0.13.3/lib/cms_scanner/finders/independent_finders.rb:18:in `block (2 levels) in run'
    from /home/josevnz/graalvm-ce-java11-21.0.0.2/languages/ruby/lib/gems/gems/cms_scanner-0.13.3/lib/cms_scanner/finders/independent_finders.rb:17:in `each'
    from /home/josevnz/graalvm-ce-java11-21.0.0.2/languages/ruby/lib/gems/gems/cms_scanner-0.13.3/lib/cms_scanner/finders/independent_finders.rb:17:in `block in run'
    from /home/josevnz/graalvm-ce-java11-21.0.0.2/languages/ruby/lib/gems/gems/cms_scanner-0.13.3/lib/cms_scanner/finders/independent_finders.rb:16:in `each'
    from /home/josevnz/graalvm-ce-java11-21.0.0.2/languages/ruby/lib/gems/gems/cms_scanner-0.13.3/lib/cms_scanner/finders/independent_finders.rb:16:in `run'
    from /home/josevnz/graalvm-ce-java11-21.0.0.2/languages/ruby/lib/gems/gems/cms_scanner-0.13.3/lib/cms_scanner/finders/independent_finder.rb:21:in `find'
    from /home/josevnz/graalvm-ce-java11-21.0.0.2/languages/ruby/lib/gems/gems/cms_scanner-0.13.3/lib/cms_scanner/finders/independent_finder.rb:12:in `find'
    from /home/josevnz/graalvm-ce-java11-21.0.0.2/languages/ruby/lib/gems/gems/cms_scanner-0.13.3/lib/cms_scanner/target.rb:28:in `interesting_findings'
    from /home/josevnz/graalvm-ce-java11-21.0.0.2/languages/ruby/lib/gems/gems/cms_scanner-0.13.3/app/controllers/interesting_findings.rb:19:in `run'
    from /home/josevnz/graalvm-ce-java11-21.0.0.2/languages/ruby/lib/gems/gems/cms_scanner-0.13.3/lib/cms_scanner/controllers.rb:50:in `run'
    from /home/josevnz/graalvm-ce-java11-21.0.0.2/languages/ruby/lib/gems/gems/cms_scanner-0.13.3/lib/cms_scanner/controllers.rb:50:in `each'
    from /home/josevnz/graalvm-ce-java11-21.0.0.2/languages/ruby/lib/gems/gems/cms_scanner-0.13.3/lib/cms_scanner/controllers.rb:50:in `block in run'
    from /home/josevnz/graalvm-ce-java11-21.0.0.2/languages/ruby/lib/truffle/timeout.rb:158:in `timeout'
    from /home/josevnz/graalvm-ce-java11-21.0.0.2/languages/ruby/lib/gems/gems/cms_scanner-0.13.3/lib/cms_scanner/controllers.rb:45:in `run'
    from /home/josevnz/graalvm-ce-java11-21.0.0.2/languages/ruby/lib/gems/gems/cms_scanner-0.13.3/lib/cms_scanner/scan.rb:24:in `run'
    from /home/josevnz/graalvm-ce-java11-21.0.0.2/languages/ruby/lib/gems/gems/wpscan-3.8.17/bin/wpscan:17:in `block in <top (required)>'
    from /home/josevnz/graalvm-ce-java11-21.0.0.2/languages/ruby/lib/gems/gems/cms_scanner-0.13.3/lib/cms_scanner/scan.rb:15:in `initialize'
    from /home/josevnz/graalvm-ce-java11-21.0.0.2/languages/ruby/lib/gems/gems/wpscan-3.8.17/bin/wpscan:6:in `<top (required)>'
    from <internal:core> core/kernel.rb:400:in `load'
    from <internal:core> core/kernel.rb:400:in `load'
    from /home/josevnz/bin/wpscan:23:in `<main>'

[chrisseaton]

To bundle install I had to make this change.

diff --git a/wpscan.gemspec b/wpscan.gemspec
index bc8c243f..724ecd64 100644
--- a/wpscan.gemspec
+++ b/wpscan.gemspec
@@ -32,6 +32,6 @@ Gem::Specification.new do |s|
   s.add_development_dependency 'rubocop-performance', '~> 1.10.0'
   s.add_development_dependency 'simplecov',           '~> 0.21.0'
   s.add_development_dependency 'simplecov-lcov',      '~> 0.8.0'
-  s.add_development_dependency 'stackprof',           '~> 0.2.12'
+  #s.add_development_dependency 'stackprof',           '~> 0.2.12'
   s.add_development_dependency 'webmock',             '~> 3.12.0'
 end

I then tried running specs with bundle exec rake spec. This goes to load a 100k line YAML file from spec/fixtures/db/dynamic_finders.yml, which is just grinding away forever. After it's loaded performance seems to grind away in ruby.WPScan::DB::DynamicFinders::Wordpress.df_data (wordpress.rb:8), then specs start to run.

7827 examples, 0 failures, 45 pending

I didn't try the command given as I don't have a $WPSCAN_API_KEY.

This was with truffleruby 21.1.0-dev-8deb9b1f, like ruby 2.7.2, Interpreted JVM [x86_64-darwin].

To set expectations - this isn't likely to be an app that shows huge speedup on TruffleRuby, as it's batch and doesn't seem very compute intensive. But thank you very much for trying to run it.

[josevnz]

Hello,

Thanks for looking into this!. I'm aware WPScan is not CPU intensive but was hoping than the memory utilization would drop instead (but before the crash it went 3 times up, almost like it had a memory leak).

I'll keep looking forward to this project, it looks promising but it is not a drop in replacement for Ruby or JRuby any time soon.

[eregon]

but was hoping than the memory utilization would drop instead

It is expected TruffleRuby (and JRuby) use more memory than CRuby. After all they have a JIT and that needs some memory and CPU to work. There are cases where TruffleRuby (and JRuby) can use less memory, e.g., when running a large apps with multiple threads instead of multiple processes on CRuby. But for a single thread/process it is very likely CRuby will use less memory, at the cost of being slower for compute-intensive tasks.

I'll keep looking forward to this project, it looks promising but it is not a drop in replacement for Ruby or JRuby any time soon.

That is an inappropriate conclusion based on this one issue. One cannot assess compatibility with just one issue.

Back to the issue, I guess it might be simpler to reproduce by running ethon or typhoeus tests.

[eregon]

The test suites of both ethon and typhoeus pass on TruffleRuby, and in fact TruffleRuby is in CI for both of those gems. And as Chris replied, the test suite of wpscan passes too.

So we need another way to reproduce this issue.

@josevnz Could you share the $site and $WPSCAN_API_KEY for a test website where it reproduces? This could be sent privately if needed: https://github.com/oracle/truffleruby#contact

[josevnz]

Hello Benoit,

I cannot share my key because is tied to my project but you can quickly get yours (they are free) on the following URL: https://wpscan.com/api (Free tier, 25 API requests per day).

I sent you an email with the URL on a blog you can use for testing (one of mine).

Please ping me if you need anything else, and thanks for looking into this.

[eregon]

I've tried to reproduce and I could but not reliably.

I ran on JVM with some debug logging (using the new --engine.TraceStackTraceInterval):

ruby --experimental-options --engine.TraceStackTraceInterval=500 --log.level=INFO -S wpscan -v --url "$site" --api-token "$WPSCAN_API_KEY" --plugins-detection mixed --format json 

Last stracktrace:

[engine] Stack Trace Thread main: org.graalvm.polyglot.PolyglotException
    at <internal/nfi-native> null(Unknown)
    at                <ruby> FFI::Function#call(code/truffleruby-ws/graal/sdk/mxbuild/linux-amd64/GRAALVM_329FD87155_JAVA11/graalvm-329fd87155-java11-21.1.0-dev/languages/ruby/lib/truffle/truffle/ffi_backend/function.rb:86:3539-3619)
    at                <ruby> Ethon::Curl.easy_perform(code/truffleruby-ws/graal/sdk/mxbuild/linux-amd64/GRAALVM_329FD87155_JAVA11/graalvm-329fd87155-java11-21.1.0-dev/languages/ruby/lib/truffle/truffle/ffi_backend/function.rb:115:4405-4436)
    at                <ruby> Ethon::Easy::Operations#perform(code/truffleruby-ws/graal/sdk/mxbuild/linux-amd64/GRAALVM_329FD87155_JAVA11/graalvm-329fd87155-java11-21.1.0-dev/languages/ruby/lib/gems/gems/ethon-0.12.0/lib/ethon/easy/operations.rb:29:772-819)
    at                <ruby> Typhoeus::Request::Operations#run(code/truffleruby-ws/graal/sdk/mxbuild/linux-amd64/GRAALVM_329FD87155_JAVA11/graalvm-329fd87155-java11-21.1.0-dev/languages/ruby/lib/gems/gems/typhoeus-1.4.0/lib/typhoeus/request/operations.rb:16:367-386)
    at                <ruby> Typhoeus::Request::Cacheable#run(code/truffleruby-ws/graal/sdk/mxbuild/linux-amd64/GRAALVM_329FD87155_JAVA11/graalvm-329fd87155-java11-21.1.0-dev/languages/ruby/lib/gems/gems/typhoeus-1.4.0/lib/typhoeus/request/cacheable.rb:18:348-362)
    at                <ruby> Typhoeus::Request::BlockConnection#run(code/truffleruby-ws/graal/sdk/mxbuild/linux-amd64/GRAALVM_329FD87155_JAVA11/graalvm-329fd87155-java11-21.1.0-dev/languages/ruby/lib/gems/gems/typhoeus-1.4.0/lib/typhoeus/request/block_connection.rb:31:844-858)
    at                <ruby> Typhoeus::Request::Stubbable#run(code/truffleruby-ws/graal/sdk/mxbuild/linux-amd64/GRAALVM_329FD87155_JAVA11/graalvm-329fd87155-java11-21.1.0-dev/languages/ruby/lib/gems/gems/typhoeus-1.4.0/lib/typhoeus/request/stubbable.rb:25:798-812)
    at                <ruby> Typhoeus::Request::Before#run(code/truffleruby-ws/graal/sdk/mxbuild/linux-amd64/GRAALVM_329FD87155_JAVA11/graalvm-329fd87155-java11-21.1.0-dev/languages/ruby/lib/gems/gems/typhoeus-1.4.0/lib/typhoeus/request/before.rb:26:751-763)
    at                <ruby> CMSScanner::WebSite#head_and_get(code/truffleruby-ws/graal/sdk/mxbuild/linux-amd64/GRAALVM_329FD87155_JAVA11/graalvm-329fd87155-java11-21.1.0-dev/languages/ruby/lib/gems/gems/cms_scanner-0.13.3/lib/cms_scanner/web_site.rb:139:3870-3940)
    at                <ruby> CMSScanner::Finders::InterestingFindings::RobotsTxt#aggressive(code/truffleruby-ws/graal/sdk/mxbuild/linux-amd64/GRAALVM_329FD87155_JAVA11/graalvm-329fd87155-java11-21.1.0-dev/languages/ruby/lib/gems/gems/cms_scanner-0.13.3/app/finders/interesting_findings/robots_txt.rb:11:260-301)
    at                <ruby> CMSScanner::Finders::BaseFinders#run_finder(code/truffleruby-ws/graal/sdk/mxbuild/linux-amd64/GRAALVM_329FD87155_JAVA11/graalvm-329fd87155-java11-21.1.0-dev/languages/ruby/lib/gems/gems/cms_scanner-0.13.3/lib/cms_scanner/finders/base_finders.rb:31:880-966)
    at                <ruby> block (2 levels) in CMSScanner::Finders::IndependentFinders#run(code/truffleruby-ws/graal/sdk/mxbuild/linux-amd64/GRAALVM_329FD87155_JAVA11/graalvm-329fd87155-java11-21.1.0-dev/languages/ruby/lib/gems/gems/cms_scanner-0.13.3/lib/cms_scanner/finders/independent_finders.rb:18:512-555)
    at                <ruby> block in CMSScanner::Finders::IndependentFinders#run(code/truffleruby-ws/graal/sdk/mxbuild/linux-amd64/GRAALVM_329FD87155_JAVA11/graalvm-329fd87155-java11-21.1.0-dev/languages/ruby/lib/gems/gems/cms_scanner-0.13.3/lib/cms_scanner/finders/independent_finders.rb:17:477-510)
    at                <ruby> CMSScanner::Finders::IndependentFinders#run(code/truffleruby-ws/graal/sdk/mxbuild/linux-amd64/GRAALVM_329FD87155_JAVA11/graalvm-329fd87155-java11-21.1.0-dev/languages/ruby/lib/gems/gems/cms_scanner-0.13.3/lib/cms_scanner/finders/independent_finders.rb:16:452-475)
    at                <ruby> CMSScanner::Finders::IndependentFinder#find(code/truffleruby-ws/graal/sdk/mxbuild/linux-amd64/GRAALVM_329FD87155_JAVA11/graalvm-329fd87155-java11-21.1.0-dev/languages/ruby/lib/gems/gems/cms_scanner-0.13.3/lib/cms_scanner/finders/independent_finder.rb:21:471-495)
    at                <ruby> CMSScanner::Finders::IndependentFinder::ClassMethods#find(code/truffleruby-ws/graal/sdk/mxbuild/linux-amd64/GRAALVM_329FD87155_JAVA11/graalvm-329fd87155-java11-21.1.0-dev/languages/ruby/lib/gems/gems/cms_scanner-0.13.3/lib/cms_scanner/finders/independent_finder.rb:12:254-285)
    at                <ruby> CMSScanner::Target#interesting_findings(code/truffleruby-ws/graal/sdk/mxbuild/linux-amd64/GRAALVM_329FD87155_JAVA11/graalvm-329fd87155-java11-21.1.0-dev/languages/ruby/lib/gems/gems/cms_scanner-0.13.3/lib/cms_scanner/target.rb:28:662-748)
    at                <ruby> CMSScanner::Controller::InterestingFindings#run(code/truffleruby-ws/graal/sdk/mxbuild/linux-amd64/GRAALVM_329FD87155_JAVA11/graalvm-329fd87155-java11-21.1.0-dev/languages/ruby/lib/gems/gems/cms_scanner-0.13.3/app/controllers/interesting_findings.rb:19:559-616)
    at                <ruby> &:run((unavailable):1:0)
    at                <ruby> block in CMSScanner::Controllers#run(code/truffleruby-ws/graal/sdk/mxbuild/linux-amd64/GRAALVM_329FD87155_JAVA11/graalvm-329fd87155-java11-21.1.0-dev/languages/ruby/lib/gems/gems/cms_scanner-0.13.3/lib/cms_scanner/controllers.rb:50:1434-1452)
    at                <ruby> Timeout#timeout(code/truffleruby-ws/graal/sdk/mxbuild/linux-amd64/GRAALVM_329FD87155_JAVA11/graalvm-329fd87155-java11-21.1.0-dev/languages/ruby/lib/truffle/timeout.rb:158:3668-3712)
    at                <ruby> CMSScanner::Controllers#run(code/truffleruby-ws/graal/sdk/mxbuild/linux-amd64/GRAALVM_329FD87155_JAVA11/graalvm-329fd87155-java11-21.1.0-dev/languages/ruby/lib/gems/gems/cms_scanner-0.13.3/lib/cms_scanner/controllers.rb:45:1287-1378)
    at                <ruby> CMSScanner::Scan#run(code/truffleruby-ws/graal/sdk/mxbuild/linux-amd64/GRAALVM_329FD87155_JAVA11/graalvm-329fd87155-java11-21.1.0-dev/languages/ruby/lib/gems/gems/cms_scanner-0.13.3/lib/cms_scanner/scan.rb:24:387-407)
    at                <ruby> block in <top (required)>(code/truffleruby-ws/graal/sdk/mxbuild/linux-amd64/GRAALVM_329FD87155_JAVA11/graalvm-329fd87155-java11-21.1.0-dev/languages/ruby/lib/gems/gems/wpscan-3.8.17/bin/wpscan:17:459-465)
    at                <ruby> CMSScanner::Scan#initialize(code/truffleruby-ws/graal/sdk/mxbuild/linux-amd64/GRAALVM_329FD87155_JAVA11/graalvm-329fd87155-java11-21.1.0-dev/languages/ruby/lib/gems/gems/cms_scanner-0.13.3/lib/cms_scanner/scan.rb:15:231-262)
    at                <ruby> <top (required)>(code/truffleruby-ws/graal/sdk/mxbuild/linux-amd64/GRAALVM_329FD87155_JAVA11/graalvm-329fd87155-java11-21.1.0-dev/languages/ruby/lib/gems/gems/wpscan-3.8.17/bin/wpscan:6:69-91)
    at                <ruby> Kernel#load(resource:/truffleruby/core/kernel.rb:400:12162-12237)
    at                <ruby> <main>(code/truffleruby-ws/graal/sdk/mxbuild/linux-amd64/GRAALVM_329FD87155_JAVA11/graalvm-329fd87155-java11-21.1.0-dev/languages/ruby/bin/wpscan:23:531-585)
    at org.graalvm.sdk/org.graalvm.polyglot.Value.execute(Value.java:832)
    at org.truffleruby.launcher.RubyLauncher.runRubyMain(RubyLauncher.java:227)
    at org.truffleruby.launcher.RubyLauncher.launch(RubyLauncher.java:123)
    at org.graalvm.launcher.AbstractLanguageLauncher.launch(AbstractLanguageLauncher.java:124)
    at org.graalvm.launcher.AbstractLanguageLauncher.launch(AbstractLanguageLauncher.java:71)
    at org.truffleruby.launcher.RubyLauncher.main(RubyLauncher.java:38)

and then:

<no message> (java.lang.NullPointerException)
    from com.oracle.truffle.nfi.impl.NFIContext.executePrimitive(Native Method)
    from com.oracle.truffle.nfi.impl.NFIContext.executePrimitive(NFIContext.java:271)
    from com.oracle.truffle.nfi.impl.LibFFISignature$CachedSignatureInfo.execute(LibFFISignature.java:277)
    from com.oracle.truffle.nfi.impl.FunctionExecuteNode$SignatureExecuteNode.execute(FunctionExecuteNode.java:137)
    from org.graalvm.truffle/com.oracle.truffle.api.impl.DefaultCallTarget.callDirectOrIndirect(DefaultCallTarget.java:85)
/home/eregon/code/truffleruby-ws/graal/sdk/mxbuild/linux-amd64/GRAALVM_329FD87155_JAVA11/graalvm-329fd87155-java11-21.1.0-dev/languages/ruby/lib/truffle/truffle/ffi_backend/function.rb:86:in `call'
    from /home/eregon/code/truffleruby-ws/graal/sdk/mxbuild/linux-amd64/GRAALVM_329FD87155_JAVA11/graalvm-329fd87155-java11-21.1.0-dev/languages/ruby/lib/truffle/truffle/ffi_backend/function.rb:115:in `easy_perform'
    from /home/eregon/code/truffleruby-ws/graal/sdk/mxbuild/linux-amd64/GRAALVM_329FD87155_JAVA11/graalvm-329fd87155-java11-21.1.0-dev/languages/ruby/lib/gems/gems/ethon-0.12.0/lib/ethon/easy/operations.rb:29:in `perform'
    from /home/eregon/code/truffleruby-ws/graal/sdk/mxbuild/linux-amd64/GRAALVM_329FD87155_JAVA11/graalvm-329fd87155-java11-21.1.0-dev/languages/ruby/lib/gems/gems/typhoeus-1.4.0/lib/typhoeus/request/operations.rb:16:in `run'
    from /home/eregon/code/truffleruby-ws/graal/sdk/mxbuild/linux-amd64/GRAALVM_329FD87155_JAVA11/graalvm-329fd87155-java11-21.1.0-dev/languages/ruby/lib/gems/gems/typhoeus-1.4.0/lib/typhoeus/request/cacheable.rb:18:in `run'
    from /home/eregon/code/truffleruby-ws/graal/sdk/mxbuild/linux-amd64/GRAALVM_329FD87155_JAVA11/graalvm-329fd87155-java11-21.1.0-dev/languages/ruby/lib/gems/gems/typhoeus-1.4.0/lib/typhoeus/request/block_connection.rb:31:in `run'
    from /home/eregon/code/truffleruby-ws/graal/sdk/mxbuild/linux-amd64/GRAALVM_329FD87155_JAVA11/graalvm-329fd87155-java11-21.1.0-dev/languages/ruby/lib/gems/gems/typhoeus-1.4.0/lib/typhoeus/request/stubbable.rb:25:in `run'
    from /home/eregon/code/truffleruby-ws/graal/sdk/mxbuild/linux-amd64/GRAALVM_329FD87155_JAVA11/graalvm-329fd87155-java11-21.1.0-dev/languages/ruby/lib/gems/gems/typhoeus-1.4.0/lib/typhoeus/request/before.rb:26:in `run'
    from /home/eregon/code/truffleruby-ws/graal/sdk/mxbuild/linux-amd64/GRAALVM_329FD87155_JAVA11/graalvm-329fd87155-java11-21.1.0-dev/languages/ruby/lib/gems/gems/cms_scanner-0.13.3/lib/cms_scanner/web_site.rb:139:in `head_and_get'
    from /home/eregon/code/truffleruby-ws/graal/sdk/mxbuild/linux-amd64/GRAALVM_329FD87155_JAVA11/graalvm-329fd87155-java11-21.1.0-dev/languages/ruby/lib/gems/gems/cms_scanner-0.13.3/app/finders/interesting_findings/robots_txt.rb:11:in `aggressive'
    from /home/eregon/code/truffleruby-ws/graal/sdk/mxbuild/linux-amd64/GRAALVM_329FD87155_JAVA11/graalvm-329fd87155-java11-21.1.0-dev/languages/ruby/lib/gems/gems/cms_scanner-0.13.3/lib/cms_scanner/finders/base_finders.rb:31:in `run_finder'
    from /home/eregon/code/truffleruby-ws/graal/sdk/mxbuild/linux-amd64/GRAALVM_329FD87155_JAVA11/graalvm-329fd87155-java11-21.1.0-dev/languages/ruby/lib/gems/gems/cms_scanner-0.13.3/lib/cms_scanner/finders/independent_finders.rb:18:in `block (2 levels) in run'
    from /home/eregon/code/truffleruby-ws/graal/sdk/mxbuild/linux-amd64/GRAALVM_329FD87155_JAVA11/graalvm-329fd87155-java11-21.1.0-dev/languages/ruby/lib/gems/gems/cms_scanner-0.13.3/lib/cms_scanner/finders/independent_finders.rb:17:in `each'
    from /home/eregon/code/truffleruby-ws/graal/sdk/mxbuild/linux-amd64/GRAALVM_329FD87155_JAVA11/graalvm-329fd87155-java11-21.1.0-dev/languages/ruby/lib/gems/gems/cms_scanner-0.13.3/lib/cms_scanner/finders/independent_finders.rb:17:in `block in run'
    from /home/eregon/code/truffleruby-ws/graal/sdk/mxbuild/linux-amd64/GRAALVM_329FD87155_JAVA11/graalvm-329fd87155-java11-21.1.0-dev/languages/ruby/lib/gems/gems/cms_scanner-0.13.3/lib/cms_scanner/finders/independent_finders.rb:16:in `each'
    from /home/eregon/code/truffleruby-ws/graal/sdk/mxbuild/linux-amd64/GRAALVM_329FD87155_JAVA11/graalvm-329fd87155-java11-21.1.0-dev/languages/ruby/lib/gems/gems/cms_scanner-0.13.3/lib/cms_scanner/finders/independent_finders.rb:16:in `run'
    from /home/eregon/code/truffleruby-ws/graal/sdk/mxbuild/linux-amd64/GRAALVM_329FD87155_JAVA11/graalvm-329fd87155-java11-21.1.0-dev/languages/ruby/lib/gems/gems/cms_scanner-0.13.3/lib/cms_scanner/finders/independent_finder.rb:21:in `find'
    from /home/eregon/code/truffleruby-ws/graal/sdk/mxbuild/linux-amd64/GRAALVM_329FD87155_JAVA11/graalvm-329fd87155-java11-21.1.0-dev/languages/ruby/lib/gems/gems/cms_scanner-0.13.3/lib/cms_scanner/finders/independent_finder.rb:12:in `find'
    from /home/eregon/code/truffleruby-ws/graal/sdk/mxbuild/linux-amd64/GRAALVM_329FD87155_JAVA11/graalvm-329fd87155-java11-21.1.0-dev/languages/ruby/lib/gems/gems/cms_scanner-0.13.3/lib/cms_scanner/target.rb:28:in `interesting_findings'
    from /home/eregon/code/truffleruby-ws/graal/sdk/mxbuild/linux-amd64/GRAALVM_329FD87155_JAVA11/graalvm-329fd87155-java11-21.1.0-dev/languages/ruby/lib/gems/gems/cms_scanner-0.13.3/app/controllers/interesting_findings.rb:19:in `run'
    from /home/eregon/code/truffleruby-ws/graal/sdk/mxbuild/linux-amd64/GRAALVM_329FD87155_JAVA11/graalvm-329fd87155-java11-21.1.0-dev/languages/ruby/lib/gems/gems/cms_scanner-0.13.3/lib/cms_scanner/controllers.rb:50:in `run'
    from /home/eregon/code/truffleruby-ws/graal/sdk/mxbuild/linux-amd64/GRAALVM_329FD87155_JAVA11/graalvm-329fd87155-java11-21.1.0-dev/languages/ruby/lib/gems/gems/cms_scanner-0.13.3/lib/cms_scanner/controllers.rb:50:in `each'
    from /home/eregon/code/truffleruby-ws/graal/sdk/mxbuild/linux-amd64/GRAALVM_329FD87155_JAVA11/graalvm-329fd87155-java11-21.1.0-dev/languages/ruby/lib/gems/gems/cms_scanner-0.13.3/lib/cms_scanner/controllers.rb:50:in `block in run'
    from /home/eregon/code/truffleruby-ws/graal/sdk/mxbuild/linux-amd64/GRAALVM_329FD87155_JAVA11/graalvm-329fd87155-java11-21.1.0-dev/languages/ruby/lib/truffle/timeout.rb:158:in `timeout'
    from /home/eregon/code/truffleruby-ws/graal/sdk/mxbuild/linux-amd64/GRAALVM_329FD87155_JAVA11/graalvm-329fd87155-java11-21.1.0-dev/languages/ruby/lib/gems/gems/cms_scanner-0.13.3/lib/cms_scanner/controllers.rb:45:in `run'
    from /home/eregon/code/truffleruby-ws/graal/sdk/mxbuild/linux-amd64/GRAALVM_329FD87155_JAVA11/graalvm-329fd87155-java11-21.1.0-dev/languages/ruby/lib/gems/gems/cms_scanner-0.13.3/lib/cms_scanner/scan.rb:24:in `run'
    from /home/eregon/code/truffleruby-ws/graal/sdk/mxbuild/linux-amd64/GRAALVM_329FD87155_JAVA11/graalvm-329fd87155-java11-21.1.0-dev/languages/ruby/lib/gems/gems/wpscan-3.8.17/bin/wpscan:17:in `block in <top (required)>'
    from /home/eregon/code/truffleruby-ws/graal/sdk/mxbuild/linux-amd64/GRAALVM_329FD87155_JAVA11/graalvm-329fd87155-java11-21.1.0-dev/languages/ruby/lib/gems/gems/cms_scanner-0.13.3/lib/cms_scanner/scan.rb:15:in `initialize'
    from /home/eregon/code/truffleruby-ws/graal/sdk/mxbuild/linux-amd64/GRAALVM_329FD87155_JAVA11/graalvm-329fd87155-java11-21.1.0-dev/languages/ruby/lib/gems/gems/wpscan-3.8.17/bin/wpscan:6:in `<top (required)>'
    from <internal:core> core/kernel.rb:400:in `load'
    from <internal:core> core/kernel.rb:400:in `load'
    from /home/eregon/code/truffleruby-ws/graal/sdk/mxbuild/linux-amd64/GRAALVM_329FD87155_JAVA11/graalvm-329fd87155-java11-21.1.0-dev/languages/ruby/bin/wpscan:23:in `<main>'

Sometimes, I instead get a segfault inside native code, probably libcurl:

Stack slot to memory mapping:
stack at sp + 0 slots: 0x00007ff4a8053f74: <offset 0x000000000004df74> in /lib64/libcurl.so at 0x00007ff4a8006000

The error report from the JVM says The crash happened outside the Java Virtual Machine in native code.

Maybe TruffleRuby passes incorrect arguments to libcurl, or maybe libcurl is called from multiple threads unsafely (but I only see the main Ruby thread being active when it fails).

[josevnz]

Ouch. I wish I could help you there. Could be an issue with libcur (but on the other hand I would expect the Ruby code to barf as well). Do you think is OK to leave this open and maybe I can try with the next version of GraalVM?

Thanks,

--Jose

[eregon]

Tracked internally as GR-30480, it could potentially be a Truffle NFI issue.