Message 238072 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	gvanrossum
Recipients	gvanrossum, karamanolev, michaelg, r-englund, vstinner, yselivanov
Date	2015-03-14.04:42:42
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<CAP7+vJKods0vYghY9Xb2Ay7-eVijjnBnLyzM3svd92--OXRHWw@mail.gmail.com>
In-reply-to	<1426300066.98.0.817778770992.issue23187@psf.upfronthosting.co.za>

Content
So what do you make of this? PyObject_GC_Malloc(unsigned __int64 basicsize=4046951880) That's nearly 4 GB. I somehow doubt your app is actually trying to allocate that much memory -- maybe the type object a few lines below in the stack is overwritten, or maybe the compiler is lying about everything. Is there any chance you can run an unoptimized build? On Fri, Mar 13, 2015 at 7:27 PM, Michael Goldish <report@bugs.python.org> wrote: > > Michael Goldish added the comment: > > I caught another crash just now, this time in update_refs(). A stack trace > is attached below. I still think this is the same issue. > > static void > update_refs(PyGC_Head containers) > { > PyGC_Head gc = containers->gc.gc_next; > 0000000067382D60 mov rdx,qword ptr [rcx] > for (; gc != containers; gc = gc->gc.gc_next) { > 0000000067382D63 cmp rdx,rcx > 0000000067382D66 je update_refs+28h (67382D88h) > 0000000067382D68 nop dword ptr [rax+rax] > assert(_PyGCHead_REFS(gc) == GC_REACHABLE); > _PyGCHead_SET_REFS(gc, Py_REFCNT(FROM_GC(gc))); > 0000000067382D70 and qword ptr [rdx+10h],1 > > Here rdx is 0, which means we're writing to 0x10, probably because the > member gc_refs is at offset 0x10 of struct PyGC_Head.gc. So I suppose > containers->gc.gc_next was NULL. > > (In case this is helpful: somehow, possibly due to compiler optimizations, > Visual Studio claims that containers->gc.gc_next is 0x34. I'm not sure what > to make of this. It also claims that containers->gc.gc_prev->gc.gc_next is > 0x3e, and that containers->gc.gc_prev->gc.gc_prev->gc.gc_next is 0x3e, and > so on... gc_prev always seems fine and gc_next is always 0x3e, except for > the first one which is 0x34. I'm attaching a screenshot to make this > clearer.) > > Stack trace (Python 3.4.2, 64 bit, Windows): > > python34.dll!update_refs(_gc_head * containers=0x00000000676af8e0) Line > 345 > python34.dll!collect(int generation=-290088656, __int64 * > n_collected=0x00000000f166e920, __int64 * > n_uncollectable=0x0000000000000000, int nofail=0) Line 969 > python34.dll!collect_with_callback(int generation=-290088656) Line 1141 > python34.dll!_PyObject_GC_Malloc(unsigned __int64 basicsize=4046951880) > Line 1739 > python34.dll!_PyObject_GC_New(_typeobject * tp=0x0000000001c624f0) Line > 1749 > python34.dll!PyList_New(__int64 size=0) Line 159 + 0xc bytes > python34.dll!PyEval_EvalFrameEx(_frame * f=0x00000000bab65b08, int > throwflag=-244913096) Line 2346 > python34.dll!fast_function(_object * func=0x0000000000000003, _object * * > * pp_stack=0x00000000f77684e0, int n=102445400, int na=1732453353, int > nk=0) Line 4332 > python34.dll!call_function(_object * * * pp_stack=0x00000000f166ec29, int > oparg=131) Line 4260 > python34.dll!PyEval_EvalFrameEx(_frame * f=0x00000000601cbd68, int > throwflag=-244912600) Line 2838 > python34.dll!fast_function(_object * func=0x0000000000000003, _object * * > * pp_stack=0x00000000f7768f28, int n=56017240, int na=1732453353, int > nk=0) Line 4332 > python34.dll!call_function(_object * * * pp_stack=0x00000000f166ee19, int > oparg=131) Line 4260 > python34.dll!PyEval_EvalFrameEx(_frame * f=0x00000000c65ff8f8, int > throwflag=0) Line 2838 > python34.dll!PyEval_EvalCodeEx(_object * _co=0x0000000000000002, _object * > globals=0x0000000000000002, _object * locals=0x0000000000000000, _object * > * args=0x000000000358d248, int argcount=2, _object * * > kws=0x0000000001c50060, int kwcount=0, _object * * defs=0x0000000000000000, > int defcount=0, _object * kwdefs=0x0000000000000000, _object * > closure=0x0000000000000000) Line 3585 + 0xa bytes > python34.dll!function_call(_object * func=0x000000000355f048, _object * > arg=0x00000000f12f7688, _object * kw=0x0000000000000000) Line 638 + 0x45 > bytes > python34.dll!PyObject_Call(_object * func=0x00000000f12f7688, _object * > arg=0x00000000f11c4d08, _object * kw=0x00000000f4e9ba58) Line 2068 > python34.dll!ext_do_call(_object * func=0x000000000355f048, _object * * * > pp_stack=0x00000000f166f0d9, int flags=-200649216, int na=1, int nk=0) > Line 4558 + 0xe bytes > python34.dll!PyEval_EvalFrameEx(_frame * f=0x00000000f40a5458, int > throwflag=-244911400) Line 2879 > python34.dll!fast_function(_object * func=0x0000000000000001, _object * * > * pp_stack=0x00000000f1380f98, int n=45993224, int na=1732453353, int > nk=0) Line 4332 > python34.dll!call_function(_object * * * pp_stack=0x00000000f166f2c9, int > oparg=131) Line 4260 > python34.dll!PyEval_EvalFrameEx(_frame * f=0x00000000d6922548, int > throwflag=0) Line 2838 > python34.dll!PyEval_EvalCodeEx(_object * _co=0x0000000000000002, _object * > globals=0x0000000000000002, _object * locals=0x0000000000000000, _object * > * args=0x0000000002334200, int argcount=2, _object * * > kws=0x0000000001c50060, int kwcount=0, _object * * defs=0x0000000000000000, > int defcount=0, _object * kwdefs=0x0000000000000000, _object * > closure=0x0000000000000000) Line 3585 + 0xa bytes > python34.dll!function_call(_object * func=0x0000000002bdcbf8, _object * > arg=0x00000000e41ef808, _object * kw=0x0000000000000000) Line 638 + 0x45 > bytes > python34.dll!PyObject_Call(_object * func=0x00000000e41ef808, _object * > arg=0x00000000ef4ad308, _object * kw=0x00000000deda7148) Line 2068 > python34.dll!ext_do_call(_object * func=0x0000000002bdcbf8, _object * * * > pp_stack=0x00000000f166f589, int flags=-280305184, int na=0, int nk=0) > Line 4558 + 0xe bytes > python34.dll!PyEval_EvalFrameEx(_frame * f=0x00000000ef4ae048, int > throwflag=-244910200) Line 2879 > python34.dll!fast_function(_object * func=0x0000000000000001, _object * * > * pp_stack=0x00000000ef4a7c50, int n=44825728, int na=1732453353, int > nk=0) Line 4332 > python34.dll!call_function(_object * * * pp_stack=0x00000000f166f779, int > oparg=131) Line 4260 > python34.dll!PyEval_EvalFrameEx(_frame * f=0x00000000db168948, int > throwflag=-244909704) Line 2838 > python34.dll!fast_function(_object * func=0x0000000000000001, _object * * > * pp_stack=0x00000000ef4a7c50, int n=44826272, int na=1732453353, int > nk=0) Line 4332 > python34.dll!call_function(_object * * * pp_stack=0x00000000f166f969, int > oparg=131) Line 4260 > python34.dll!PyEval_EvalFrameEx(_frame * f=0x00000000ef4ab418, int > throwflag=0) Line 2838 > python34.dll!PyEval_EvalCodeEx(_object * _co=0x0000000000000001, _object * > globals=0x0000000000000001, _object * locals=0x0000000000000000, _object * > * args=0x0000000000000000, int argcount=1, _object * * > kws=0x0000000000000000, int kwcount=0, _object * * defs=0x0000000000000000, > int defcount=0, _object * kwdefs=0x0000000000000000, _object * > closure=0x0000000000000000) Line 3585 + 0xa bytes > python34.dll!function_call(_object * func=0x0000000002abfd08, _object * > arg=0x00000000e22ebef0, _object * kw=0x0000000000000000) Line 638 + 0x45 > bytes > python34.dll!PyObject_Call(_object * func=0x00000000e22ebef0, _object * > arg=0x0000000000000000, _object * kw=0x0000000001c50048) Line 2068 > python34.dll!method_call(_object * func=0x0000000002d36148, _object * > arg=0x0000000001c50048, _object * kw=0x0000000000000000) Line 348 > python34.dll!PyObject_Call(_object * func=0x0000000001c50048, _object * > arg=0x0000000000000000, _object * kw=0x0000000002d36148) Line 2068 > python34.dll!PyEval_CallObjectWithKeywords(_object * > func=0x00000000c0a69f40, _object * arg=0x00000000673b1100, _object * > kw=0x0000000000000000) Line 4112 > python34.dll!t_bootstrap(void * boot_raw=0x00000000dacc7d00) Line 1000 + > 0x17 bytes > python34.dll!bootstrap(void * call=0x00000000dacc7d00) Line 177 > msvcr100.dll!_callthreadstartex() Line 314 + 0xd bytes > msvcr100.dll!_threadstartex(void * ptd=0x0000000000000000) Line 292 + 0x5 > bytes > kernel32.dll!0000000076eb5a4d() > [Frames below may be incorrect and/or missing, no symbols loaded for > kernel32.dll] > ntdll.dll!00000000775aba01() > > ---------- > Added file: http://bugs.python.org/file38478/gc_next.png > > _______________________________________ > Python tracker <report@bugs.python.org> > <http://bugs.python.org/issue23187> > _______________________________________ >

So what do you make of this?

PyObject_GC_Malloc(unsigned __int64 basicsize=4046951880)

That's nearly 4 GB. I somehow doubt your app is actually trying to allocate
that much memory -- maybe the type object a few lines below in the stack is
overwritten, or maybe the compiler is lying about everything. Is there any
chance you can run an unoptimized build?

On Fri, Mar 13, 2015 at 7:27 PM, Michael Goldish <report@bugs.python.org>
wrote:

>
> Michael Goldish added the comment:
>
> I caught another crash just now, this time in update_refs(). A stack trace
> is attached below. I still think this is the same issue.
>
> static void
> update_refs(PyGC_Head *containers)
> {
>     PyGC_Head *gc = containers->gc.gc_next;
> 0000000067382D60  mov         rdx,qword ptr [rcx]
>     for (; gc != containers; gc = gc->gc.gc_next) {
> 0000000067382D63  cmp         rdx,rcx
> 0000000067382D66  je          update_refs+28h (67382D88h)
> 0000000067382D68  nop         dword ptr [rax+rax]
>         assert(_PyGCHead_REFS(gc) == GC_REACHABLE);
>         _PyGCHead_SET_REFS(gc, Py_REFCNT(FROM_GC(gc)));
> 0000000067382D70  and         qword ptr [rdx+10h],1
>
> Here rdx is 0, which means we're writing to 0x10, probably because the
> member gc_refs is at offset 0x10 of struct PyGC_Head.gc. So I suppose
> containers->gc.gc_next was NULL.
>
> (In case this is helpful: somehow, possibly due to compiler optimizations,
> Visual Studio claims that containers->gc.gc_next is 0x34. I'm not sure what
> to make of this. It also claims that containers->gc.gc_prev->gc.gc_next is
> 0x3e, and that containers->gc.gc_prev->gc.gc_prev->gc.gc_next is 0x3e, and
> so on... gc_prev always seems fine and gc_next is always 0x3e, except for
> the first one which is 0x34. I'm attaching a screenshot to make this
> clearer.)
>
> Stack trace (Python 3.4.2, 64 bit, Windows):
>
> python34.dll!update_refs(_gc_head * containers=0x00000000676af8e0)  Line
> 345
> python34.dll!collect(int generation=-290088656, __int64 *
> n_collected=0x00000000f166e920, __int64 *
> n_uncollectable=0x0000000000000000, int nofail=0)  Line 969
> python34.dll!collect_with_callback(int generation=-290088656)  Line 1141
> python34.dll!_PyObject_GC_Malloc(unsigned __int64 basicsize=4046951880)
> Line 1739
> python34.dll!_PyObject_GC_New(_typeobject * tp=0x0000000001c624f0)  Line
> 1749
> python34.dll!PyList_New(__int64 size=0)  Line 159 + 0xc bytes
> python34.dll!PyEval_EvalFrameEx(_frame * f=0x00000000bab65b08, int
> throwflag=-244913096)  Line 2346
> python34.dll!fast_function(_object * func=0x0000000000000003, _object * *
> * pp_stack=0x00000000f77684e0, int n=102445400, int na=1732453353, int
> nk=0)  Line 4332
> python34.dll!call_function(_object * * * pp_stack=0x00000000f166ec29, int
> oparg=131)  Line 4260
> python34.dll!PyEval_EvalFrameEx(_frame * f=0x00000000601cbd68, int
> throwflag=-244912600)  Line 2838
> python34.dll!fast_function(_object * func=0x0000000000000003, _object * *
> * pp_stack=0x00000000f7768f28, int n=56017240, int na=1732453353, int
> nk=0)  Line 4332
> python34.dll!call_function(_object * * * pp_stack=0x00000000f166ee19, int
> oparg=131)  Line 4260
> python34.dll!PyEval_EvalFrameEx(_frame * f=0x00000000c65ff8f8, int
> throwflag=0)  Line 2838
> python34.dll!PyEval_EvalCodeEx(_object * _co=0x0000000000000002, _object *
> globals=0x0000000000000002, _object * locals=0x0000000000000000, _object *
> * args=0x000000000358d248, int argcount=2, _object * *
> kws=0x0000000001c50060, int kwcount=0, _object * * defs=0x0000000000000000,
> int defcount=0, _object * kwdefs=0x0000000000000000, _object *
> closure=0x0000000000000000)  Line 3585 + 0xa bytes
> python34.dll!function_call(_object * func=0x000000000355f048, _object *
> arg=0x00000000f12f7688, _object * kw=0x0000000000000000)  Line 638 + 0x45
> bytes
> python34.dll!PyObject_Call(_object * func=0x00000000f12f7688, _object *
> arg=0x00000000f11c4d08, _object * kw=0x00000000f4e9ba58)  Line 2068
> python34.dll!ext_do_call(_object * func=0x000000000355f048, _object * * *
> pp_stack=0x00000000f166f0d9, int flags=-200649216, int na=1, int nk=0)
> Line 4558 + 0xe bytes
> python34.dll!PyEval_EvalFrameEx(_frame * f=0x00000000f40a5458, int
> throwflag=-244911400)  Line 2879
> python34.dll!fast_function(_object * func=0x0000000000000001, _object * *
> * pp_stack=0x00000000f1380f98, int n=45993224, int na=1732453353, int
> nk=0)  Line 4332
> python34.dll!call_function(_object * * * pp_stack=0x00000000f166f2c9, int
> oparg=131)  Line 4260
> python34.dll!PyEval_EvalFrameEx(_frame * f=0x00000000d6922548, int
> throwflag=0)  Line 2838
> python34.dll!PyEval_EvalCodeEx(_object * _co=0x0000000000000002, _object *
> globals=0x0000000000000002, _object * locals=0x0000000000000000, _object *
> * args=0x0000000002334200, int argcount=2, _object * *
> kws=0x0000000001c50060, int kwcount=0, _object * * defs=0x0000000000000000,
> int defcount=0, _object * kwdefs=0x0000000000000000, _object *
> closure=0x0000000000000000)  Line 3585 + 0xa bytes
> python34.dll!function_call(_object * func=0x0000000002bdcbf8, _object *
> arg=0x00000000e41ef808, _object * kw=0x0000000000000000)  Line 638 + 0x45
> bytes
> python34.dll!PyObject_Call(_object * func=0x00000000e41ef808, _object *
> arg=0x00000000ef4ad308, _object * kw=0x00000000deda7148)  Line 2068
> python34.dll!ext_do_call(_object * func=0x0000000002bdcbf8, _object * * *
> pp_stack=0x00000000f166f589, int flags=-280305184, int na=0, int nk=0)
> Line 4558 + 0xe bytes
> python34.dll!PyEval_EvalFrameEx(_frame * f=0x00000000ef4ae048, int
> throwflag=-244910200)  Line 2879
> python34.dll!fast_function(_object * func=0x0000000000000001, _object * *
> * pp_stack=0x00000000ef4a7c50, int n=44825728, int na=1732453353, int
> nk=0)  Line 4332
> python34.dll!call_function(_object * * * pp_stack=0x00000000f166f779, int
> oparg=131)  Line 4260
> python34.dll!PyEval_EvalFrameEx(_frame * f=0x00000000db168948, int
> throwflag=-244909704)  Line 2838
> python34.dll!fast_function(_object * func=0x0000000000000001, _object * *
> * pp_stack=0x00000000ef4a7c50, int n=44826272, int na=1732453353, int
> nk=0)  Line 4332
> python34.dll!call_function(_object * * * pp_stack=0x00000000f166f969, int
> oparg=131)  Line 4260
> python34.dll!PyEval_EvalFrameEx(_frame * f=0x00000000ef4ab418, int
> throwflag=0)  Line 2838
> python34.dll!PyEval_EvalCodeEx(_object * _co=0x0000000000000001, _object *
> globals=0x0000000000000001, _object * locals=0x0000000000000000, _object *
> * args=0x0000000000000000, int argcount=1, _object * *
> kws=0x0000000000000000, int kwcount=0, _object * * defs=0x0000000000000000,
> int defcount=0, _object * kwdefs=0x0000000000000000, _object *
> closure=0x0000000000000000)  Line 3585 + 0xa bytes
> python34.dll!function_call(_object * func=0x0000000002abfd08, _object *
> arg=0x00000000e22ebef0, _object * kw=0x0000000000000000)  Line 638 + 0x45
> bytes
> python34.dll!PyObject_Call(_object * func=0x00000000e22ebef0, _object *
> arg=0x0000000000000000, _object * kw=0x0000000001c50048)  Line 2068
> python34.dll!method_call(_object * func=0x0000000002d36148, _object *
> arg=0x0000000001c50048, _object * kw=0x0000000000000000)  Line 348
> python34.dll!PyObject_Call(_object * func=0x0000000001c50048, _object *
> arg=0x0000000000000000, _object * kw=0x0000000002d36148)  Line 2068
> python34.dll!PyEval_CallObjectWithKeywords(_object *
> func=0x00000000c0a69f40, _object * arg=0x00000000673b1100, _object *
> kw=0x0000000000000000)  Line 4112
> python34.dll!t_bootstrap(void * boot_raw=0x00000000dacc7d00)  Line 1000 +
> 0x17 bytes
> python34.dll!bootstrap(void * call=0x00000000dacc7d00)  Line 177
> msvcr100.dll!_callthreadstartex()  Line 314 + 0xd bytes
> msvcr100.dll!_threadstartex(void * ptd=0x0000000000000000)  Line 292 + 0x5
> bytes
> kernel32.dll!0000000076eb5a4d()
> [Frames below may be incorrect and/or missing, no symbols loaded for
> kernel32.dll]
> ntdll.dll!00000000775aba01()
>
> ----------
> Added file: http://bugs.python.org/file38478/gc_next.png
>
> _______________________________________
> Python tracker <report@bugs.python.org>
> <http://bugs.python.org/issue23187>
> _______________________________________
>

History
Date	User	Action	Args
2015-03-14 04:42:42	gvanrossum	set	recipients: + gvanrossum, vstinner, yselivanov, karamanolev, r-englund, michaelg
2015-03-14 04:42:42	gvanrossum	link	issue23187 messages
2015-03-14 04:42:42	gvanrossum	create