Message 238069 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	michaelg
Recipients	gvanrossum, karamanolev, michaelg, r-englund, vstinner, yselivanov
Date	2015-03-14.02:27:44
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1426300066.98.0.817778770992.issue23187@psf.upfronthosting.co.za>
In-reply-to

Content
I caught another crash just now, this time in update_refs(). A stack trace is attached below. I still think this is the same issue. static void update_refs(PyGC_Head containers) { PyGC_Head gc = containers->gc.gc_next; 0000000067382D60 mov rdx,qword ptr [rcx] for (; gc != containers; gc = gc->gc.gc_next) { 0000000067382D63 cmp rdx,rcx 0000000067382D66 je update_refs+28h (67382D88h) 0000000067382D68 nop dword ptr [rax+rax] assert(_PyGCHead_REFS(gc) == GC_REACHABLE); _PyGCHead_SET_REFS(gc, Py_REFCNT(FROM_GC(gc))); 0000000067382D70 and qword ptr [rdx+10h],1 Here rdx is 0, which means we're writing to 0x10, probably because the member gc_refs is at offset 0x10 of struct PyGC_Head.gc. So I suppose containers->gc.gc_next was NULL. (In case this is helpful: somehow, possibly due to compiler optimizations, Visual Studio claims that containers->gc.gc_next is 0x34. I'm not sure what to make of this. It also claims that containers->gc.gc_prev->gc.gc_next is 0x3e, and that containers->gc.gc_prev->gc.gc_prev->gc.gc_next is 0x3e, and so on... gc_prev always seems fine and gc_next is always 0x3e, except for the first one which is 0x34. I'm attaching a screenshot to make this clearer.) Stack trace (Python 3.4.2, 64 bit, Windows): python34.dll!update_refs(_gc_head * containers=0x00000000676af8e0) Line 345 python34.dll!collect(int generation=-290088656, __int64 * n_collected=0x00000000f166e920, __int64 * n_uncollectable=0x0000000000000000, int nofail=0) Line 969 python34.dll!collect_with_callback(int generation=-290088656) Line 1141 python34.dll!_PyObject_GC_Malloc(unsigned __int64 basicsize=4046951880) Line 1739 python34.dll!_PyObject_GC_New(_typeobject * tp=0x0000000001c624f0) Line 1749 python34.dll!PyList_New(__int64 size=0) Line 159 + 0xc bytes python34.dll!PyEval_EvalFrameEx(_frame * f=0x00000000bab65b08, int throwflag=-244913096) Line 2346 python34.dll!fast_function(_object * func=0x0000000000000003, _object * * * pp_stack=0x00000000f77684e0, int n=102445400, int na=1732453353, int nk=0) Line 4332 python34.dll!call_function(_object * * * pp_stack=0x00000000f166ec29, int oparg=131) Line 4260 python34.dll!PyEval_EvalFrameEx(_frame * f=0x00000000601cbd68, int throwflag=-244912600) Line 2838 python34.dll!fast_function(_object * func=0x0000000000000003, _object * * * pp_stack=0x00000000f7768f28, int n=56017240, int na=1732453353, int nk=0) Line 4332 python34.dll!call_function(_object * * * pp_stack=0x00000000f166ee19, int oparg=131) Line 4260 python34.dll!PyEval_EvalFrameEx(_frame * f=0x00000000c65ff8f8, int throwflag=0) Line 2838 python34.dll!PyEval_EvalCodeEx(_object * _co=0x0000000000000002, _object * globals=0x0000000000000002, _object * locals=0x0000000000000000, _object * * args=0x000000000358d248, int argcount=2, _object * * kws=0x0000000001c50060, int kwcount=0, _object * * defs=0x0000000000000000, int defcount=0, _object * kwdefs=0x0000000000000000, _object * closure=0x0000000000000000) Line 3585 + 0xa bytes python34.dll!function_call(_object * func=0x000000000355f048, _object * arg=0x00000000f12f7688, _object * kw=0x0000000000000000) Line 638 + 0x45 bytes python34.dll!PyObject_Call(_object * func=0x00000000f12f7688, _object * arg=0x00000000f11c4d08, _object * kw=0x00000000f4e9ba58) Line 2068 python34.dll!ext_do_call(_object * func=0x000000000355f048, _object * * * pp_stack=0x00000000f166f0d9, int flags=-200649216, int na=1, int nk=0) Line 4558 + 0xe bytes python34.dll!PyEval_EvalFrameEx(_frame * f=0x00000000f40a5458, int throwflag=-244911400) Line 2879 python34.dll!fast_function(_object * func=0x0000000000000001, _object * * * pp_stack=0x00000000f1380f98, int n=45993224, int na=1732453353, int nk=0) Line 4332 python34.dll!call_function(_object * * * pp_stack=0x00000000f166f2c9, int oparg=131) Line 4260 python34.dll!PyEval_EvalFrameEx(_frame * f=0x00000000d6922548, int throwflag=0) Line 2838 python34.dll!PyEval_EvalCodeEx(_object * _co=0x0000000000000002, _object * globals=0x0000000000000002, _object * locals=0x0000000000000000, _object * * args=0x0000000002334200, int argcount=2, _object * * kws=0x0000000001c50060, int kwcount=0, _object * * defs=0x0000000000000000, int defcount=0, _object * kwdefs=0x0000000000000000, _object * closure=0x0000000000000000) Line 3585 + 0xa bytes python34.dll!function_call(_object * func=0x0000000002bdcbf8, _object * arg=0x00000000e41ef808, _object * kw=0x0000000000000000) Line 638 + 0x45 bytes python34.dll!PyObject_Call(_object * func=0x00000000e41ef808, _object * arg=0x00000000ef4ad308, _object * kw=0x00000000deda7148) Line 2068 python34.dll!ext_do_call(_object * func=0x0000000002bdcbf8, _object * * * pp_stack=0x00000000f166f589, int flags=-280305184, int na=0, int nk=0) Line 4558 + 0xe bytes python34.dll!PyEval_EvalFrameEx(_frame * f=0x00000000ef4ae048, int throwflag=-244910200) Line 2879 python34.dll!fast_function(_object * func=0x0000000000000001, _object * * * pp_stack=0x00000000ef4a7c50, int n=44825728, int na=1732453353, int nk=0) Line 4332 python34.dll!call_function(_object * * * pp_stack=0x00000000f166f779, int oparg=131) Line 4260 python34.dll!PyEval_EvalFrameEx(_frame * f=0x00000000db168948, int throwflag=-244909704) Line 2838 python34.dll!fast_function(_object * func=0x0000000000000001, _object * * * pp_stack=0x00000000ef4a7c50, int n=44826272, int na=1732453353, int nk=0) Line 4332 python34.dll!call_function(_object * * * pp_stack=0x00000000f166f969, int oparg=131) Line 4260 python34.dll!PyEval_EvalFrameEx(_frame * f=0x00000000ef4ab418, int throwflag=0) Line 2838 python34.dll!PyEval_EvalCodeEx(_object * _co=0x0000000000000001, _object * globals=0x0000000000000001, _object * locals=0x0000000000000000, _object * * args=0x0000000000000000, int argcount=1, _object * * kws=0x0000000000000000, int kwcount=0, _object * * defs=0x0000000000000000, int defcount=0, _object * kwdefs=0x0000000000000000, _object * closure=0x0000000000000000) Line 3585 + 0xa bytes python34.dll!function_call(_object * func=0x0000000002abfd08, _object * arg=0x00000000e22ebef0, _object * kw=0x0000000000000000) Line 638 + 0x45 bytes python34.dll!PyObject_Call(_object * func=0x00000000e22ebef0, _object * arg=0x0000000000000000, _object * kw=0x0000000001c50048) Line 2068 python34.dll!method_call(_object * func=0x0000000002d36148, _object * arg=0x0000000001c50048, _object * kw=0x0000000000000000) Line 348 python34.dll!PyObject_Call(_object * func=0x0000000001c50048, _object * arg=0x0000000000000000, _object * kw=0x0000000002d36148) Line 2068 python34.dll!PyEval_CallObjectWithKeywords(_object * func=0x00000000c0a69f40, _object * arg=0x00000000673b1100, _object * kw=0x0000000000000000) Line 4112 python34.dll!t_bootstrap(void * boot_raw=0x00000000dacc7d00) Line 1000 + 0x17 bytes python34.dll!bootstrap(void * call=0x00000000dacc7d00) Line 177 msvcr100.dll!_callthreadstartex() Line 314 + 0xd bytes msvcr100.dll!_threadstartex(void * ptd=0x0000000000000000) Line 292 + 0x5 bytes kernel32.dll!0000000076eb5a4d() [Frames below may be incorrect and/or missing, no symbols loaded for kernel32.dll] ntdll.dll!00000000775aba01()

I caught another crash just now, this time in update_refs(). A stack trace is attached below. I still think this is the same issue.

static void
update_refs(PyGC_Head *containers)
{
    PyGC_Head *gc = containers->gc.gc_next;
0000000067382D60  mov         rdx,qword ptr [rcx]  
    for (; gc != containers; gc = gc->gc.gc_next) {
0000000067382D63  cmp         rdx,rcx  
0000000067382D66  je          update_refs+28h (67382D88h)  
0000000067382D68  nop         dword ptr [rax+rax]  
        assert(_PyGCHead_REFS(gc) == GC_REACHABLE);
        _PyGCHead_SET_REFS(gc, Py_REFCNT(FROM_GC(gc)));
0000000067382D70  and         qword ptr [rdx+10h],1  

Here rdx is 0, which means we're writing to 0x10, probably because the member gc_refs is at offset 0x10 of struct PyGC_Head.gc. So I suppose containers->gc.gc_next was NULL.

(In case this is helpful: somehow, possibly due to compiler optimizations, Visual Studio claims that containers->gc.gc_next is 0x34. I'm not sure what to make of this. It also claims that containers->gc.gc_prev->gc.gc_next is 0x3e, and that containers->gc.gc_prev->gc.gc_prev->gc.gc_next is 0x3e, and so on... gc_prev always seems fine and gc_next is always 0x3e, except for the first one which is 0x34. I'm attaching a screenshot to make this clearer.)

Stack trace (Python 3.4.2, 64 bit, Windows):

python34.dll!update_refs(_gc_head * containers=0x00000000676af8e0)  Line 345
python34.dll!collect(int generation=-290088656, __int64 * n_collected=0x00000000f166e920, __int64 * n_uncollectable=0x0000000000000000, int nofail=0)  Line 969
python34.dll!collect_with_callback(int generation=-290088656)  Line 1141
python34.dll!_PyObject_GC_Malloc(unsigned __int64 basicsize=4046951880)  Line 1739
python34.dll!_PyObject_GC_New(_typeobject * tp=0x0000000001c624f0)  Line 1749
python34.dll!PyList_New(__int64 size=0)  Line 159 + 0xc bytes
python34.dll!PyEval_EvalFrameEx(_frame * f=0x00000000bab65b08, int throwflag=-244913096)  Line 2346
python34.dll!fast_function(_object * func=0x0000000000000003, _object * * * pp_stack=0x00000000f77684e0, int n=102445400, int na=1732453353, int nk=0)  Line 4332
python34.dll!call_function(_object * * * pp_stack=0x00000000f166ec29, int oparg=131)  Line 4260
python34.dll!PyEval_EvalFrameEx(_frame * f=0x00000000601cbd68, int throwflag=-244912600)  Line 2838
python34.dll!fast_function(_object * func=0x0000000000000003, _object * * * pp_stack=0x00000000f7768f28, int n=56017240, int na=1732453353, int nk=0)  Line 4332
python34.dll!call_function(_object * * * pp_stack=0x00000000f166ee19, int oparg=131)  Line 4260
python34.dll!PyEval_EvalFrameEx(_frame * f=0x00000000c65ff8f8, int throwflag=0)  Line 2838
python34.dll!PyEval_EvalCodeEx(_object * _co=0x0000000000000002, _object * globals=0x0000000000000002, _object * locals=0x0000000000000000, _object * * args=0x000000000358d248, int argcount=2, _object * * kws=0x0000000001c50060, int kwcount=0, _object * * defs=0x0000000000000000, int defcount=0, _object * kwdefs=0x0000000000000000, _object * closure=0x0000000000000000)  Line 3585 + 0xa bytes
python34.dll!function_call(_object * func=0x000000000355f048, _object * arg=0x00000000f12f7688, _object * kw=0x0000000000000000)  Line 638 + 0x45 bytes
python34.dll!PyObject_Call(_object * func=0x00000000f12f7688, _object * arg=0x00000000f11c4d08, _object * kw=0x00000000f4e9ba58)  Line 2068
python34.dll!ext_do_call(_object * func=0x000000000355f048, _object * * * pp_stack=0x00000000f166f0d9, int flags=-200649216, int na=1, int nk=0)  Line 4558 + 0xe bytes
python34.dll!PyEval_EvalFrameEx(_frame * f=0x00000000f40a5458, int throwflag=-244911400)  Line 2879
python34.dll!fast_function(_object * func=0x0000000000000001, _object * * * pp_stack=0x00000000f1380f98, int n=45993224, int na=1732453353, int nk=0)  Line 4332
python34.dll!call_function(_object * * * pp_stack=0x00000000f166f2c9, int oparg=131)  Line 4260
python34.dll!PyEval_EvalFrameEx(_frame * f=0x00000000d6922548, int throwflag=0)  Line 2838
python34.dll!PyEval_EvalCodeEx(_object * _co=0x0000000000000002, _object * globals=0x0000000000000002, _object * locals=0x0000000000000000, _object * * args=0x0000000002334200, int argcount=2, _object * * kws=0x0000000001c50060, int kwcount=0, _object * * defs=0x0000000000000000, int defcount=0, _object * kwdefs=0x0000000000000000, _object * closure=0x0000000000000000)  Line 3585 + 0xa bytes
python34.dll!function_call(_object * func=0x0000000002bdcbf8, _object * arg=0x00000000e41ef808, _object * kw=0x0000000000000000)  Line 638 + 0x45 bytes
python34.dll!PyObject_Call(_object * func=0x00000000e41ef808, _object * arg=0x00000000ef4ad308, _object * kw=0x00000000deda7148)  Line 2068
python34.dll!ext_do_call(_object * func=0x0000000002bdcbf8, _object * * * pp_stack=0x00000000f166f589, int flags=-280305184, int na=0, int nk=0)  Line 4558 + 0xe bytes
python34.dll!PyEval_EvalFrameEx(_frame * f=0x00000000ef4ae048, int throwflag=-244910200)  Line 2879
python34.dll!fast_function(_object * func=0x0000000000000001, _object * * * pp_stack=0x00000000ef4a7c50, int n=44825728, int na=1732453353, int nk=0)  Line 4332
python34.dll!call_function(_object * * * pp_stack=0x00000000f166f779, int oparg=131)  Line 4260
python34.dll!PyEval_EvalFrameEx(_frame * f=0x00000000db168948, int throwflag=-244909704)  Line 2838
python34.dll!fast_function(_object * func=0x0000000000000001, _object * * * pp_stack=0x00000000ef4a7c50, int n=44826272, int na=1732453353, int nk=0)  Line 4332
python34.dll!call_function(_object * * * pp_stack=0x00000000f166f969, int oparg=131)  Line 4260
python34.dll!PyEval_EvalFrameEx(_frame * f=0x00000000ef4ab418, int throwflag=0)  Line 2838
python34.dll!PyEval_EvalCodeEx(_object * _co=0x0000000000000001, _object * globals=0x0000000000000001, _object * locals=0x0000000000000000, _object * * args=0x0000000000000000, int argcount=1, _object * * kws=0x0000000000000000, int kwcount=0, _object * * defs=0x0000000000000000, int defcount=0, _object * kwdefs=0x0000000000000000, _object * closure=0x0000000000000000)  Line 3585 + 0xa bytes
python34.dll!function_call(_object * func=0x0000000002abfd08, _object * arg=0x00000000e22ebef0, _object * kw=0x0000000000000000)  Line 638 + 0x45 bytes
python34.dll!PyObject_Call(_object * func=0x00000000e22ebef0, _object * arg=0x0000000000000000, _object * kw=0x0000000001c50048)  Line 2068
python34.dll!method_call(_object * func=0x0000000002d36148, _object * arg=0x0000000001c50048, _object * kw=0x0000000000000000)  Line 348
python34.dll!PyObject_Call(_object * func=0x0000000001c50048, _object * arg=0x0000000000000000, _object * kw=0x0000000002d36148)  Line 2068
python34.dll!PyEval_CallObjectWithKeywords(_object * func=0x00000000c0a69f40, _object * arg=0x00000000673b1100, _object * kw=0x0000000000000000)  Line 4112
python34.dll!t_bootstrap(void * boot_raw=0x00000000dacc7d00)  Line 1000 + 0x17 bytes
python34.dll!bootstrap(void * call=0x00000000dacc7d00)  Line 177
msvcr100.dll!_callthreadstartex()  Line 314 + 0xd bytes
msvcr100.dll!_threadstartex(void * ptd=0x0000000000000000)  Line 292 + 0x5 bytes
kernel32.dll!0000000076eb5a4d() 	
[Frames below may be incorrect and/or missing, no symbols loaded for kernel32.dll]	
ntdll.dll!00000000775aba01()

History
Date	User	Action	Args
2015-03-14 02:27:47	michaelg	set	recipients: + michaelg, gvanrossum, vstinner, yselivanov, karamanolev, r-englund
2015-03-14 02:27:46	michaelg	set	messageid: <1426300066.98.0.817778770992.issue23187@psf.upfronthosting.co.za>
2015-03-14 02:27:46	michaelg	link	issue23187 messages
2015-03-14 02:27:44	michaelg	create