merge revision(s) e1bd45624c85e8a80991bda20801f50967ac77a1: [Backport #19482]

	Fix crash when allocating classes with newobj hook

	We need to zero out the whole slot when running the newobj hook for a
	newly allocated class because the slot could be filled with garbage,
	which would cause a crash if a GC runs inside of the newobj hook.

	For example, the following script crashes:

	```
	require "objspace"

	GC.stress = true

	ObjectSpace.trace_object_allocations {
	  100.times do
	    Class.new
	  end
	}
	```

	[Bug #19482]
	---
	 gc.c                           | 8 +++++++-
	 test/objspace/test_objspace.rb | 7 +++++++
	 2 files changed, 14 insertions(+), 1 deletion(-)

3 files changed, 15 insertions, 2 deletions

diff --git a/gc.c b/gc.c
index fd9cd2a5f2..58f793f949 100644
--- a/gc.c
+++ b/gc.c
@@ -2796,6 +2796,12 @@ newobj_alloc(rb_objspace_t *objspace, rb_ractor_t *cr, size_t size_pool_idx, boo
     return obj;
 }
 
+static void
+newobj_zero_slot(VALUE obj)
+{
+    memset((char *)obj + sizeof(struct RBasic), 0, rb_gc_obj_slot_size(obj) - sizeof(struct RBasic));
+}
+
 ALWAYS_INLINE(static VALUE newobj_slowpath(VALUE klass, VALUE flags, rb_objspace_t *objspace, rb_ractor_t *cr, int wb_protected, size_t size_pool_idx));
 
 static inline VALUE
@@ -2826,7 +2832,7 @@ newobj_slowpath(VALUE klass, VALUE flags, rb_objspace_t *objspace, rb_ractor_t *
 #endif
         newobj_init(klass, flags, wb_protected, objspace, obj);
 
-        gc_event_hook_prep(objspace, RUBY_INTERNAL_EVENT_NEWOBJ, obj, newobj_fill(obj, 0, 0, 0));
+        gc_event_hook_prep(objspace, RUBY_INTERNAL_EVENT_NEWOBJ, obj, newobj_zero_slot(obj));
     }
     RB_VM_LOCK_LEAVE_CR_LEV(cr, &lev);
 
diff --git a/test/objspace/test_objspace.rb b/test/objspace/test_objspace.rb
index f0f294c31a..7556fca530 100644
--- a/test/objspace/test_objspace.rb
+++ b/test/objspace/test_objspace.rb
@@ -216,6 +216,13 @@ class TestObjSpace < Test::Unit::TestCase
       assert_equal(c3,       ObjectSpace.allocation_generation(o3))
       assert_equal(self.class.name, ObjectSpace.allocation_class_path(o3))
       assert_equal(__method__,      ObjectSpace.allocation_method_id(o3))
+
+      # [Bug #19482]
+      EnvUtil.under_gc_stress do
+        100.times do
+          Class.new
+        end
+      end
     }
   end
 
diff --git a/version.h b/version.h
index 1c37eef5d5..cd1bdf5394 100644
--- a/version.h
+++ b/version.h
@@ -11,7 +11,7 @@
 # define RUBY_VERSION_MINOR RUBY_API_VERSION_MINOR
 #define RUBY_VERSION_TEENY 2
 #define RUBY_RELEASE_DATE RUBY_RELEASE_YEAR_STR"-"RUBY_RELEASE_MONTH_STR"-"RUBY_RELEASE_DAY_STR
-#define RUBY_PATCHLEVEL 67
+#define RUBY_PATCHLEVEL 68
 
 #include "ruby/version.h"
 #include "ruby/internal/abi.h"