classification
Title: Segmentation fault after multiple reinitializations
Type: crash Stage: resolved
Components: Interpreter Core Versions: Python 3.3
process
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: georg.brandl Nosy List: Arfrever, brett.cannon, eric.snow, georg.brandl, pitrou, python-dev, skrah
Priority: release blocker Keywords: 3.3regression

Created on 2012-09-12 03:13 by Arfrever, last changed 2012-09-24 05:46 by python-dev. This issue is now closed.

Messages (8)
msg170349 - (view) Author: Arfrever Frehtes Taifersar Arahesis (Arfrever) * Date: 2012-09-12 03:13 
#include <Python.h>
#include <stdlib.h>
int main()
{
    int i;
    for (i = 0; i < 100; i++) {
        printf("%d\n", i);
        Py_Initialize();
        Py_Finalize();
    }
    return 0;
}

The above code succeeds with Python 3.2, but causes segmentation fault with Python 3.3:

$ ./reinitializations
0
1
2
3
4
5
6
7
8
9
Segmentation fault
$
msg170357 - (view) Author: Stefan Krah (skrah) * (Python committer) Date: 2012-09-12 07:32 
The segfault occurs in a path in import.c that has a comment "XXX this
this should really not happen.":

Program received signal SIGSEGV, Segmentation fault.
0x000000000047d733 in type_dealloc (type=0x8381e0) at Objects/typeobject.c:2694
2694        _PyObject_GC_UNTRACK(type);
(gdb) bt
#0  0x000000000047d733 in type_dealloc (type=0x8381e0) at Objects/typeobject.c:2694
#1  0x000000000045d8ef in free_keys_object (keys=0x8eb810) at Objects/dictobject.c:374
#2  0x0000000000463513 in dict_dealloc (mp=0x8fa9c0) at Objects/dictobject.c:1392
#3  0x0000000000503118 in _PyImport_FixupExtensionObject (mod=0xa0cd40, name=0xb1fa90, 
    filename=0xb1fa90) at Python/import.c:498



(gdb) f 3
#3  0x0000000000503118 in _PyImport_FixupExtensionObject (mod=0xa0cd40, name=0xb1fa90, 
    filename=0xb1fa90) at Python/import.c:498
498                 Py_DECREF(def->m_base.m_copy);
(gdb) l
493         if (def->m_size == -1) {
494             if (def->m_base.m_copy) {
495                 /* Somebody already imported the module,
496                    likely under a different name.
497                    XXX this should really not happen. */
498                 Py_DECREF(def->m_base.m_copy);
499                 def->m_base.m_copy = NULL;
500             }
501             dict = PyModule_GetDict(mod);
502             if (dict == NULL)
msg170358 - (view) Author: Stefan Krah (skrah) * (Python committer) Date: 2012-09-12 07:38 
Maybe related: If you increase the number of passes in Modules/_testembed.c, pass 9 fails:

--- Pass 9 ---
_testembed: Objects/typeobject.c:2693: type_dealloc: Assertion `type->tp_flags & (1L<<9)' failed.
Aborted
msg170397 - (view) Author: Roundup Robot (python-dev) Date: 2012-09-12 16:02 
New changeset 8d22d9528164 by Antoine Pitrou in branch 'default':
Issue #15926: Fix crash after multiple reinitializations of the interpreter.
http://hg.python.org/cpython/rev/8d22d9528164
msg170398 - (view) Author: Antoine Pitrou (pitrou) * (Python committer) Date: 2012-09-12 16:03 
This should be fixed now. Georg, this is up to you whether this deserves being ported to 3.3.0 or not.
msg170410 - (view) Author: Arfrever Frehtes Taifersar Arahesis (Arfrever) * Date: 2012-09-12 17:35 
+1 for including the fix in 3.3.0.
This segmentation fault was reproducible in test suite of dbus-python:
http://cgit.freedesktop.org/dbus/dbus-python/tree/test/import-repeatedly.c
msg170961 - (view) Author: Georg Brandl (georg.brandl) * (Python committer) Date: 2012-09-22 07:05 
Picked as 6708224f8bee.
msg171097 - (view) Author: Roundup Robot (python-dev) Date: 2012-09-24 05:46 
New changeset 6708224f8bee by Antoine Pitrou in branch 'default':
Issue #15926: Fix crash after multiple reinitializations of the interpreter.
http://hg.python.org/cpython/rev/6708224f8bee
History
Date User Action Args
2012-09-24 05:46:47python-devsetmessages: + msg171097
2012-09-22 07:05:39georg.brandlsetstatus: open -> closed

messages: + msg170961
2012-09-12 17:35:43Arfreversetpriority: high -> release blocker

messages: + msg170410
2012-09-12 16:03:51pitrousetnosy: + georg.brandl
messages: + msg170398

assignee: georg.brandl
resolution: fixed
stage: needs patch -> resolved
2012-09-12 16:02:45python-devsetnosy: + python-dev
messages: + msg170397
2012-09-12 07:40:20skrahsettype: crash
components: + Interpreter Core
stage: needs patch
2012-09-12 07:38:13skrahsetmessages: + msg170358
2012-09-12 07:32:56skrahsetnosy: + eric.snow, skrah, brett.cannon, pitrou
messages: + msg170357
2012-09-12 03:13:01Arfrevercreate