[issue23187] Segmentation fault, possibly asyncio related

Guido van Rossum report at bugs.python.org
Sat Mar 14 05:42:42 CET 2015 

Guido van Rossum added the comment:

So what do you make of this?

PyObject_GC_Malloc(unsigned __int64 basicsize=4046951880)

That's nearly 4 GB. I somehow doubt your app is actually trying to allocate
that much memory -- maybe the type object a few lines below in the stack is
overwritten, or maybe the compiler is lying about everything. Is there any
chance you can run an unoptimized build?

On Fri, Mar 13, 2015 at 7:27 PM, Michael Goldish <report at bugs.python.org>
wrote:

>
> Michael Goldish added the comment:
>
> I caught another crash just now, this time in update_refs(). A stack trace
> is attached below. I still think this is the same issue.
>
> static void
> update_refs(PyGC_Head *containers)
> {
>     PyGC_Head *gc = containers->gc.gc_next;
> 0000000067382D60  mov         rdx,qword ptr [rcx]
>     for (; gc != containers; gc = gc->gc.gc_next) {
> 0000000067382D63  cmp         rdx,rcx
> 0000000067382D66  je          update_refs+28h (67382D88h)
> 0000000067382D68  nop         dword ptr [rax+rax]
>         assert(_PyGCHead_REFS(gc) == GC_REACHABLE);
>         _PyGCHead_SET_REFS(gc, Py_REFCNT(FROM_GC(gc)));
> 0000000067382D70  and         qword ptr [rdx+10h],1
>
> Here rdx is 0, which means we're writing to 0x10, probably because the
> member gc_refs is at offset 0x10 of struct PyGC_Head.gc. So I suppose
> containers->gc.gc_next was NULL.
>
> (In case this is helpful: somehow, possibly due to compiler optimizations,
> Visual Studio claims that containers->gc.gc_next is 0x34. I'm not sure what
> to make of this. It also claims that containers->gc.gc_prev->gc.gc_next is
> 0x3e, and that containers->gc.gc_prev->gc.gc_prev->gc.gc_next is 0x3e, and
> so on... gc_prev always seems fine and gc_next is always 0x3e, except for
> the first one which is 0x34. I'm attaching a screenshot to make this
> clearer.)
>
> Stack trace (Python 3.4.2, 64 bit, Windows):
>
> python34.dll!update_refs(_gc_head * containers=0x00000000676af8e0)  Line
> 345
> python34.dll!collect(int generation=-290088656, __int64 *
> n_collected=0x00000000f166e920, __int64 *
> n_uncollectable=0x0000000000000000, int nofail=0)  Line 969
> python34.dll!collect_with_callback(int generation=-290088656)  Line 1141
> python34.dll!_PyObject_GC_Malloc(unsigned __int64 basicsize=4046951880)
> Line 1739
> python34.dll!_PyObject_GC_New(_typeobject * tp=0x0000000001c624f0)  Line
> 1749
> python34.dll!PyList_New(__int64 size=0)  Line 159 + 0xc bytes
> python34.dll!PyEval_EvalFrameEx(_frame * f=0x00000000bab65b08, int
> throwflag=-244913096)  Line 2346
> python34.dll!fast_function(_object * func=0x0000000000000003, _object * *
> * pp_stack=0x00000000f77684e0, int n=102445400, int na=1732453353, int
> nk=0)  Line 4332
> python34.dll!call_function(_object * * * pp_stack=0x00000000f166ec29, int
> oparg=131)  Line 4260
> python34.dll!PyEval_EvalFrameEx(_frame * f=0x00000000601cbd68, int
> throwflag=-244912600)  Line 2838
> python34.dll!fast_function(_object * func=0x0000000000000003, _object * *
> * pp_stack=0x00000000f7768f28, int n=56017240, int na=1732453353, int
> nk=0)  Line 4332
> python34.dll!call_function(_object * * * pp_stack=0x00000000f166ee19, int
> oparg=131)  Line 4260
> python34.dll!PyEval_EvalFrameEx(_frame * f=0x00000000c65ff8f8, int
> throwflag=0)  Line 2838
> python34.dll!PyEval_EvalCodeEx(_object * _co=0x0000000000000002, _object *
> globals=0x0000000000000002, _object * locals=0x0000000000000000, _object *
> * args=0x000000000358d248, int argcount=2, _object * *
> kws=0x0000000001c50060, int kwcount=0, _object * * defs=0x0000000000000000,
> int defcount=0, _object * kwdefs=0x0000000000000000, _object *
> closure=0x0000000000000000)  Line 3585 + 0xa bytes
> python34.dll!function_call(_object * func=0x000000000355f048, _object *
> arg=0x00000000f12f7688, _object * kw=0x0000000000000000)  Line 638 + 0x45
> bytes
> python34.dll!PyObject_Call(_object * func=0x00000000f12f7688, _object *
> arg=0x00000000f11c4d08, _object * kw=0x00000000f4e9ba58)  Line 2068
> python34.dll!ext_do_call(_object * func=0x000000000355f048, _object * * *
> pp_stack=0x00000000f166f0d9, int flags=-200649216, int na=1, int nk=0)
> Line 4558 + 0xe bytes
> python34.dll!PyEval_EvalFrameEx(_frame * f=0x00000000f40a5458, int
> throwflag=-244911400)  Line 2879
> python34.dll!fast_function(_object * func=0x0000000000000001, _object * *
> * pp_stack=0x00000000f1380f98, int n=45993224, int na=1732453353, int
> nk=0)  Line 4332
> python34.dll!call_function(_object * * * pp_stack=0x00000000f166f2c9, int
> oparg=131)  Line 4260
> python34.dll!PyEval_EvalFrameEx(_frame * f=0x00000000d6922548, int
> throwflag=0)  Line 2838
> python34.dll!PyEval_EvalCodeEx(_object * _co=0x0000000000000002, _object *
> globals=0x0000000000000002, _object * locals=0x0000000000000000, _object *
> * args=0x0000000002334200, int argcount=2, _object * *
> kws=0x0000000001c50060, int kwcount=0, _object * * defs=0x0000000000000000,
> int defcount=0, _object * kwdefs=0x0000000000000000, _object *
> closure=0x0000000000000000)  Line 3585 + 0xa bytes
> python34.dll!function_call(_object * func=0x0000000002bdcbf8, _object *
> arg=0x00000000e41ef808, _object * kw=0x0000000000000000)  Line 638 + 0x45
> bytes
> python34.dll!PyObject_Call(_object * func=0x00000000e41ef808, _object *
> arg=0x00000000ef4ad308, _object * kw=0x00000000deda7148)  Line 2068
> python34.dll!ext_do_call(_object * func=0x0000000002bdcbf8, _object * * *
> pp_stack=0x00000000f166f589, int flags=-280305184, int na=0, int nk=0)
> Line 4558 + 0xe bytes
> python34.dll!PyEval_EvalFrameEx(_frame * f=0x00000000ef4ae048, int
> throwflag=-244910200)  Line 2879
> python34.dll!fast_function(_object * func=0x0000000000000001, _object * *
> * pp_stack=0x00000000ef4a7c50, int n=44825728, int na=1732453353, int
> nk=0)  Line 4332
> python34.dll!call_function(_object * * * pp_stack=0x00000000f166f779, int
> oparg=131)  Line 4260
> python34.dll!PyEval_EvalFrameEx(_frame * f=0x00000000db168948, int
> throwflag=-244909704)  Line 2838
> python34.dll!fast_function(_object * func=0x0000000000000001, _object * *
> * pp_stack=0x00000000ef4a7c50, int n=44826272, int na=1732453353, int
> nk=0)  Line 4332
> python34.dll!call_function(_object * * * pp_stack=0x00000000f166f969, int
> oparg=131)  Line 4260
> python34.dll!PyEval_EvalFrameEx(_frame * f=0x00000000ef4ab418, int
> throwflag=0)  Line 2838
> python34.dll!PyEval_EvalCodeEx(_object * _co=0x0000000000000001, _object *
> globals=0x0000000000000001, _object * locals=0x0000000000000000, _object *
> * args=0x0000000000000000, int argcount=1, _object * *
> kws=0x0000000000000000, int kwcount=0, _object * * defs=0x0000000000000000,
> int defcount=0, _object * kwdefs=0x0000000000000000, _object *
> closure=0x0000000000000000)  Line 3585 + 0xa bytes
> python34.dll!function_call(_object * func=0x0000000002abfd08, _object *
> arg=0x00000000e22ebef0, _object * kw=0x0000000000000000)  Line 638 + 0x45
> bytes
> python34.dll!PyObject_Call(_object * func=0x00000000e22ebef0, _object *
> arg=0x0000000000000000, _object * kw=0x0000000001c50048)  Line 2068
> python34.dll!method_call(_object * func=0x0000000002d36148, _object *
> arg=0x0000000001c50048, _object * kw=0x0000000000000000)  Line 348
> python34.dll!PyObject_Call(_object * func=0x0000000001c50048, _object *
> arg=0x0000000000000000, _object * kw=0x0000000002d36148)  Line 2068
> python34.dll!PyEval_CallObjectWithKeywords(_object *
> func=0x00000000c0a69f40, _object * arg=0x00000000673b1100, _object *
> kw=0x0000000000000000)  Line 4112
> python34.dll!t_bootstrap(void * boot_raw=0x00000000dacc7d00)  Line 1000 +
> 0x17 bytes
> python34.dll!bootstrap(void * call=0x00000000dacc7d00)  Line 177
> msvcr100.dll!_callthreadstartex()  Line 314 + 0xd bytes
> msvcr100.dll!_threadstartex(void * ptd=0x0000000000000000)  Line 292 + 0x5
> bytes
> kernel32.dll!0000000076eb5a4d()
> [Frames below may be incorrect and/or missing, no symbols loaded for
> kernel32.dll]
> ntdll.dll!00000000775aba01()
>
> ----------
> Added file: http://bugs.python.org/file38478/gc_next.png
>
> _______________________________________
> Python tracker <report at bugs.python.org>
> <http://bugs.python.org/issue23187>
> _______________________________________
>

----------

_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue23187>
_______________________________________

More information about the Python-bugs-list mailing list