[Python-Dev] Problem with _PyTrash_destroy_chain ?
"Martin v. Löwis"
martin at v.loewis.de
Thu Aug 30 20:49:33 CEST 2012
Am 30.08.12 14:39, schrieb Manu:
> After spending quite a bit of time trying to understand what could go
> wrong in the C extensions I use, and not finding anything interesting, I
> decided to try to find the problem with gdb. The stacktrace I have seems
> to mean that we are trying to double free something in the frame_dealloc
> method. See
>
> (gdb) bt
> #0 0x000000000046479f in _Py_ForgetReference (op=0x4dc7bc0) at
> Objects/object.c:2222
> #1 0x0000000000464810 in _Py_Dealloc (op=0x4dc7bc0) at
> Objects/object.c:2242
> #2 0x0000000000559a68 in frame_dealloc (f=0x4997ab0) at
> Objects/frameobject.c:458
> #3 0x000000000046481d in _Py_Dealloc (op=0x4997ab0) at
> Objects/object.c:2243
Why do you think that this stacktrace "seems to mean that we are trying
to double free something"? I can't infer that from the stacktrace.
You seem to suggest that the crash happens on object.c:2222. If so,
it's indeed likely a double-free; my suspicion is that the object memory
shows the regular "deallocated block" memory pattern (display *op at
the point of crash).
It would then be interesting to find out what object used to be there.
Unfortunately, there is no easy way to find out (unless the crash
always involves 0x4dc7bc0). So I suggest the following tracing:
- in _Py_NewReference, printf("allocate %p\n", op);
- in _Py_ForgetReference,
printf("free %p %s\n", op, op->ob_type->tp_name);
fflush(stdout);
This may get large, so you may open a file (e.g. in /tmp/fixedname)
to collect the trace. When it crashes, find the last prior free
of the address - there shouldn't be any subsequent alloc.
If the type doesn't give a clue, but it's always the same type,
you can restrict tracing to that type, and then print values
of the object for further diagnosis.
Other useful debug information would be to find out what specific
frame object is being deallocated - this can still be diagnosed
at the point of crash (try _PyObject_Dump(f->f_code)), and then
which specific variable (not sure what exact Python version you
are using - it seems it's in localsplus, so it likely is a local
variable of that frame).
HTH,
Martin
More information about the Python-Dev
mailing list