tp_descr_get(self, obj, type) is called without owning a reference to "self" #69936
Comments
|
Downstream: [http://trac.sagemath.org/ticket/19633] |
jdemeyer
added
interpreter-core
|
This is a known general issue which is documented in Lib/test/crashers/borrowed_ref_1 inside the 2.7 branch. In trunk, I see that this file has been deleted, although the issue has not been solved in general. Only the particular crash in the file has been solved. (Somebody with motivation should restore the crashers that have been solved superficially only. But finding actual crashing code takes more effort than I'm willing to put into this rather pointless process, so CPython still gets the occasional bug report like this one instead.) |
|
Thanks for the pointer. My patch does fix the crash in Lib/test/crashers/borrowed_ref_2.py on Python 2.7.10. |
|
Will Jeroen's patch make it into 2.7.12 or are you expecting more stuff before committing a change? |
|
I haven't seen any crashes in the wild here, but this is still the case in the latest code base. The change doesn't seem invasive, so I don't see why it shouldn't get implemented. |
|
I cannot be 100% sure, but we have ample evidence suggesting we're experiencing this same crash in production. We have a big system that mixes Cython and pure-python coroutines, and in one version we started seeing segfaults that strongly hint at this root cause. Adding pure-python indirections (that keep the arguments alive, I'd wager), fixes those segfaults. I cannot share the codebase (and in any case it's too big, and the crash is too difficult to reproduce in isolation, without real traffic), but I'd add my +1 on applying this fix. We're currently testing to try and reproduce the segfaults on 2.7.13, after that I'll try jdemeyer's patch and report the results. |
|
descr_ref-2.patch: patch rebased on the 2.7 branch. |
|
Claudio: "We're currently testing to try and reproduce the segfaults on 2.7.13, after that I'll try jdemeyer's patch and report the results." Cool! Keep us in touch ;-) |
|
The crash (the one we're experiencing) still happens with 2.7.13. But at this point it's not clear whether it's a Python bug or a Cython bug, as jdemeyer's patch doesn't fix it. We're having a hard time getting accurate backtraces to actually debug this thing, as it only happens on production servers. |
I suggest you to try faulthandler to try to get a traceback ;-) |
|
<shameless plug> If you are on POSIX, you could also use cysignals to get a traceback (simply import cysignals, which will install a handler for fatal signals like SIGSEGV). |
|
Nice ideas, will give them a try |
|
The bug has been fixed in 2.7, 3.6, 3.7 and master branches. Thanks Jeroen Demeyer for your tenacity and hard work :-) Let's see what we do with the unit test: PR 9084. |
|
This change introduced a compiler warning. /home/serhiy/py/cpython/Modules/_testcapimodule.c:5042:17: warning: initialization from incompatible pointer type [-Wincompatible-pointer-types] |
|
Comment on the commit: "bad_get should be explicitly cast to PyCFunction here, or else the compiler will balk; see https://bugs.python.org/msg328176 " |
|
The cast warning is not specific to this issue, it's a more general issue that will be address in bpo-33012. I close again the bug. |
|
bpo-33012 is about more strong warnings in gcc 8. This issue introduced a warning in gcc 7. |
|
Is it necessary to use METH_FASTCALL? |
In Python 3, the bug only occurs with METH_FASTCALL. The issue is a reference counting bug and the temporary tuple used for a METH_VARARGS method avoids the bug. |
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields:
bugs.python.org fields:
The text was updated successfully, but these errors were encountered: