Message 357169 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	pconnell
Recipients	Johan Dahlin, db3l, emilyemorehouse, eric.snow, koobs, nascheme, ncoghlan, pconnell, pmpp, serhiy.storchaka, shprotx, steve.dower, vstinner, yselivanov
Date	2019-11-21.13:48:28
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1574344109.21.0.479934626407.issue33608@roundup.psfhosted.org>
In-reply-to

Content
Based on Victor's info from https://bugs.python.org/issue36114#msg337090 I believe the crash is essentially what's reproduced in the attached program. From the root of a (built) cpython clone run: gcc -c -o fini_crash.o -IInclude -I. fini_crash.c && gcc -o fini_crash fini_crash.o libpython3.9.a -lcrypt -lpthread -ldl -lutil -lm && ./fini_crash The output should be: MAIN: allow other thread to execute OTHER: acquired GIL OTHER: released GIL MAIN: interpreter finalized OTHER: attempt to acquire GIL...crash! [1] 266749 segmentation fault (core dumped) ./fini_crash And running it through valgrind: $ valgrind --suppressions=Misc/valgrind-python.supp fini_crash -- COMMAND -- 13:4[12/5973] ==266836== Memcheck, a memory error detector ==266836== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al. ==266836== Using Valgrind-3.15.0 and LibVEX; rerun with -h for copyright info ==266836== Command: fini_crash ==266836== MAIN: allow other thread to execute OTHER: acquired GIL OTHER: released GIL MAIN: interpreter finalized OTHER: attempt to acquire GIL...crash! ==266836== Thread 2: ==266836== Invalid read of size 8 ==266836== at 0x15607D: PyEval_RestoreThread (ceval.c:389) ==266836== by 0x15479F: evil_main (in /home/phconnel/dev/cpython/fini_crash) ==266836== by 0x48B94CE: start_thread (in /usr/lib/libpthread-2.30.so) ==266836== by 0x4B232D2: clone (in /usr/lib/libc-2.30.so) ==266836== Address 0x4d17270 is 16 bytes inside a block of size 264 free'd ==266836== at 0x48399AB: free (vg_replace_malloc.c:540) ==266836== by 0x1773FF: tstate_delete_common (pystate.c:829) ==266836== by 0x1773FF: _PyThreadState_Delete (pystate.c:848) ==266836== by 0x1773FF: zapthreads (pystate.c:311) ==266836== by 0x1773FF: PyInterpreterState_Delete (pystate.c:321) ==266836== by 0x174920: finalize_interp_delete (pylifecycle.c:1242) ==266836== by 0x174920: Py_FinalizeEx.part.0 (pylifecycle.c:1400) ==266836== by 0x15487B: main (in /home/phconnel/dev/cpython/fini_crash) ==266836== Block was alloc'd at ==266836== at 0x483877F: malloc (vg_replace_malloc.c:309) ==266836== by 0x178D7C: new_threadstate (pystate.c:557) ==266836== by 0x178D7C: PyThreadState_New (pystate.c:629) ==266836== by 0x178D7C: PyGILState_Ensure (pystate.c:1288) ==266836== by 0x154759: evil_main (in /home/phconnel/dev/cpython/fini_crash) ==266836== by 0x48B94CE: start_thread (in /usr/lib/libpthread-2.30.so) ==266836== by 0x4B232D2: clone (in /usr/lib/libc-2.30.so) ==266836== ==266836== Invalid read of size 8 ==266836== at 0x156081: PyEval_RestoreThread (ceval.c:389) ==266836== by 0x15479F: evil_main (in /home/phconnel/dev/cpython/fini_crash) ==266836== by 0x48B94CE: start_thread (in /usr/lib/libpthread-2.30.so) ==266836== by 0x4B232D2: clone (in /usr/lib/libc-2.30.so) ==266836== Address 0x4c3a0f0 is 16 bytes inside a block of size 2,960 free'd ==266836== at 0x48399AB: free (vg_replace_malloc.c:540) ==266836== by 0x174920: finalize_interp_delete (pylifecycle.c:1242) ==266836== by 0x174920: Py_FinalizeEx.part.0 (pylifecycle.c:1400) ==266836== by 0x15487B: main (in /home/phconnel/dev/cpython/fini_crash) ==266836== Block was alloc'd at ==266836== at 0x483877F: malloc (vg_replace_malloc.c:309) ==266836== by 0x177153: PyInterpreterState_New (pystate.c:205) ==266836== by 0x1732BF: pycore_create_interpreter (pylifecycle.c:526) ==266836== by 0x1732BF: pyinit_config.constprop.0 (pylifecycle.c:695) ==266836== by 0x1766B7: pyinit_core (pylifecycle.c:879) ==266836== by 0x1766B7: Py_InitializeFromConfig (pylifecycle.c:1055) ==266836== by 0x1766B7: Py_InitializeEx (pylifecycle.c:1093) ==266836== by 0x154801: main (in /home/phconnel/dev/cpython/fini_crash) ==266836==

Based on Victor's info from https://bugs.python.org/issue36114#msg337090 I believe the crash is essentially what's reproduced in the attached program.

From the root of a (built) cpython clone run:

gcc -c -o fini_crash.o -IInclude -I. fini_crash.c && gcc -o fini_crash fini_crash.o libpython3.9.a -lcrypt -lpthread -ldl -lutil -lm && ./fini_crash

The output should be:

MAIN: allow other thread to execute                                                                                    
OTHER: acquired GIL                                                                                                    
OTHER: released GIL                                                                                                    
MAIN: interpreter finalized
OTHER: attempt to acquire GIL...crash!
[1]    266749 segmentation fault (core dumped)  ./fini_crash

And running it through valgrind:

$ valgrind --suppressions=Misc/valgrind-python.supp fini_crash                                                                                                                 -- COMMAND -- 13:4[12/5973]
==266836== Memcheck, a memory error detector
==266836== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==266836== Using Valgrind-3.15.0 and LibVEX; rerun with -h for copyright info
==266836== Command: fini_crash                    
==266836==                                            
MAIN: allow other thread to execute                       
OTHER: acquired GIL                                
OTHER: released GIL                                                                                                    
MAIN: interpreter finalized
OTHER: attempt to acquire GIL...crash!                                                                                 
==266836== Thread 2:                                                                                                   
==266836== Invalid read of size 8                                                                                      
==266836==    at 0x15607D: PyEval_RestoreThread (ceval.c:389)                                                                                                                                                                                  
==266836==    by 0x15479F: evil_main (in /home/phconnel/dev/cpython/fini_crash)
==266836==    by 0x48B94CE: start_thread (in /usr/lib/libpthread-2.30.so)
==266836==    by 0x4B232D2: clone (in /usr/lib/libc-2.30.so)
==266836==  Address 0x4d17270 is 16 bytes inside a block of size 264 free'd
==266836==    at 0x48399AB: free (vg_replace_malloc.c:540)
==266836==    by 0x1773FF: tstate_delete_common (pystate.c:829)
==266836==    by 0x1773FF: _PyThreadState_Delete (pystate.c:848)
==266836==    by 0x1773FF: zapthreads (pystate.c:311)
==266836==    by 0x1773FF: PyInterpreterState_Delete (pystate.c:321)
==266836==    by 0x174920: finalize_interp_delete (pylifecycle.c:1242)
==266836==    by 0x174920: Py_FinalizeEx.part.0 (pylifecycle.c:1400)
==266836==    by 0x15487B: main (in /home/phconnel/dev/cpython/fini_crash)
==266836==  Block was alloc'd at
==266836==    at 0x483877F: malloc (vg_replace_malloc.c:309)
==266836==    by 0x178D7C: new_threadstate (pystate.c:557)
==266836==    by 0x178D7C: PyThreadState_New (pystate.c:629)
==266836==    by 0x178D7C: PyGILState_Ensure (pystate.c:1288)
==266836==    by 0x154759: evil_main (in /home/phconnel/dev/cpython/fini_crash)
==266836==    by 0x48B94CE: start_thread (in /usr/lib/libpthread-2.30.so)
==266836==    by 0x4B232D2: clone (in /usr/lib/libc-2.30.so)
==266836== 
==266836== Invalid read of size 8
==266836==    at 0x156081: PyEval_RestoreThread (ceval.c:389)
==266836==    by 0x15479F: evil_main (in /home/phconnel/dev/cpython/fini_crash)
==266836==    by 0x48B94CE: start_thread (in /usr/lib/libpthread-2.30.so)
==266836==    by 0x4B232D2: clone (in /usr/lib/libc-2.30.so)
==266836==  Address 0x4c3a0f0 is 16 bytes inside a block of size 2,960 free'd
==266836==    at 0x48399AB: free (vg_replace_malloc.c:540)
==266836==    by 0x174920: finalize_interp_delete (pylifecycle.c:1242)
==266836==    by 0x174920: Py_FinalizeEx.part.0 (pylifecycle.c:1400)
==266836==    by 0x15487B: main (in /home/phconnel/dev/cpython/fini_crash)
==266836==  Block was alloc'd at
==266836==    at 0x483877F: malloc (vg_replace_malloc.c:309)
==266836==    by 0x177153: PyInterpreterState_New (pystate.c:205)
==266836==    by 0x1732BF: pycore_create_interpreter (pylifecycle.c:526)
==266836==    by 0x1732BF: pyinit_config.constprop.0 (pylifecycle.c:695)
==266836==    by 0x1766B7: pyinit_core (pylifecycle.c:879)
==266836==    by 0x1766B7: Py_InitializeFromConfig (pylifecycle.c:1055)
==266836==    by 0x1766B7: Py_InitializeEx (pylifecycle.c:1093)
==266836==    by 0x154801: main (in /home/phconnel/dev/cpython/fini_crash)
==266836==

History
Date	User	Action	Args
2019-11-21 13:48:29	pconnell	set	recipients: + pconnell, nascheme, db3l, ncoghlan, vstinner, pmpp, eric.snow, serhiy.storchaka, yselivanov, koobs, steve.dower, emilyemorehouse, Johan Dahlin, shprotx
2019-11-21 13:48:29	pconnell	set	messageid: <1574344109.21.0.479934626407.issue33608@roundup.psfhosted.org>
2019-11-21 13:48:29	pconnell	link	issue33608 messages
2019-11-21 13:48:28	pconnell	create