Message394085
This issue tracker has been migrated to GitHub,
and is currently read-only.
For more information,
see the GitHub FAQs in the Python's Developer Guide.
Author | pablogsal |
---|---|
Recipients | Anthony Sottile, ammar2, christian.heimes, erlendaasland, pablogsal, paul.moore, shreyanavigyan, stestagg, steve.dower, tim.golden, vstinner, zach.ware |
Date | 2021-05-21.00:14:16 |
SpamBayes Score | -1.0 |
Marked as misclassified | Yes |
Message-id | <1621556057.39.0.820542125294.issue44184@roundup.psfhosted.org> |
In-reply-to |
Content | |
---|---|
Ok, I got a crash under the address sanitizer using ref.py: ./python lel.py exit Cycle.__del__ Cycle.__del__ ================================================================= ==77503==ERROR: AddressSanitizer: heap-use-after-free on address 0x61900005a638 at pc 0x55a491f59376 bp 0x7fff8b27cd10 sp 0x7fff8b27cd00 READ of size 8 at 0x61900005a638 thread T0 #0 0x55a491f59375 in subtype_dealloc Objects/typeobject.c:1456 #1 0x55a491ebb5e4 in _Py_DECREF Include/object.h:500 #2 0x55a491ebb5e4 in _Py_XDECREF Include/object.h:567 #3 0x55a491ebb5e4 in list_dealloc Objects/listobject.c:342 #4 0x55a491eebe44 in _Py_DECREF Include/object.h:500 #5 0x55a491eebe44 in _Py_XDECREF Include/object.h:567 #6 0x55a491eebe44 in dict_dealloc Objects/dictobject.c:2068 #7 0x55a492305eec in _Py_DECREF Include/object.h:500 #8 0x55a492305eec in ast_dealloc Python/Python-ast.c:764 #9 0x55a491f59065 in subtype_dealloc Objects/typeobject.c:1450 #10 0x55a491eebe44 in _Py_DECREF Include/object.h:500 #11 0x55a491eebe44 in _Py_XDECREF Include/object.h:567 #12 0x55a491eebe44 in dict_dealloc Objects/dictobject.c:2068 #13 0x55a492305eec in _Py_DECREF Include/object.h:500 #14 0x55a492305eec in ast_dealloc Python/Python-ast.c:764 #15 0x55a491f59065 in subtype_dealloc Objects/typeobject.c:1450 #16 0x55a491ebb5e4 in _Py_DECREF Include/object.h:500 #17 0x55a491ebb5e4 in _Py_XDECREF Include/object.h:567 #18 0x55a491ebb5e4 in list_dealloc Objects/listobject.c:342 #19 0x55a491eebe44 in _Py_DECREF Include/object.h:500 #20 0x55a491eebe44 in _Py_XDECREF Include/object.h:567 #21 0x55a491eebe44 in dict_dealloc Objects/dictobject.c:2068 #22 0x55a492305e1f in _Py_DECREF Include/object.h:500 #23 0x55a492305e1f in ast_clear Python/Python-ast.c:782 #24 0x55a49216367b in delete_garbage Modules/gcmodule.c:1017 #25 0x55a49216367b in gc_collect_main Modules/gcmodule.c:1300 #26 0x55a492165fe5 in _PyGC_CollectNoFail Modules/gcmodule.c:2123 #27 0x55a492105745 in interpreter_clear Python/pystate.c:326 #28 0x55a4920f5565 in finalize_interp_clear Python/pylifecycle.c:1634 #29 0x55a4920fa882 in Py_FinalizeEx Python/pylifecycle.c:1812 #30 0x55a491e72870 in Py_RunMain Modules/main.c:668 #31 0x55a491e72870 in pymain_main Modules/main.c:696 #32 0x55a491e72870 in Py_BytesMain Modules/main.c:720 #33 0x7f772d82eb24 in __libc_start_main (/usr/lib/libc.so.6+0x27b24) #34 0x55a491e6ec2d in _start (/home/pablogsal/github/python/master/python+0x174c2d) 0x61900005a638 is located 184 bytes inside of 944-byte region [0x61900005a580,0x61900005a930) freed by thread T0 here: #0 0x7f772dbfaf19 in __interceptor_free /build/gcc/src/gcc/libsanitizer/asan/asan_malloc_linux.cpp:127 #1 0x55a491f5466e in type_dealloc Objects/typeobject.c:4041 #2 0x55a491f59065 in subtype_dealloc Objects/typeobject.c:1450 #3 0x55a491ebb5e4 in _Py_DECREF Include/object.h:500 #4 0x55a491ebb5e4 in _Py_XDECREF Include/object.h:567 #5 0x55a491ebb5e4 in list_dealloc Objects/listobject.c:342 #6 0x55a491eebe44 in _Py_DECREF Include/object.h:500 #7 0x55a491eebe44 in _Py_XDECREF Include/object.h:567 #8 0x55a491eebe44 in dict_dealloc Objects/dictobject.c:2068 #9 0x55a492305eec in _Py_DECREF Include/object.h:500 #10 0x55a492305eec in ast_dealloc Python/Python-ast.c:764 #11 0x55a491f59065 in subtype_dealloc Objects/typeobject.c:1450 #12 0x55a491eebe44 in _Py_DECREF Include/object.h:500 #13 0x55a491eebe44 in _Py_XDECREF Include/object.h:567 #14 0x55a491eebe44 in dict_dealloc Objects/dictobject.c:2068 #15 0x55a492305eec in _Py_DECREF Include/object.h:500 #16 0x55a492305eec in ast_dealloc Python/Python-ast.c:764 #17 0x55a491f59065 in subtype_dealloc Objects/typeobject.c:1450 #18 0x55a491ebb5e4 in _Py_DECREF Include/object.h:500 #19 0x55a491ebb5e4 in _Py_XDECREF Include/object.h:567 #20 0x55a491ebb5e4 in list_dealloc Objects/listobject.c:342 #21 0x55a491eebe44 in _Py_DECREF Include/object.h:500 #22 0x55a491eebe44 in _Py_XDECREF Include/object.h:567 #23 0x55a491eebe44 in dict_dealloc Objects/dictobject.c:2068 #24 0x55a492305e1f in _Py_DECREF Include/object.h:500 #25 0x55a492305e1f in ast_clear Python/Python-ast.c:782 #26 0x55a49216367b in delete_garbage Modules/gcmodule.c:1017 #27 0x55a49216367b in gc_collect_main Modules/gcmodule.c:1300 #28 0x55a492165fe5 in _PyGC_CollectNoFail Modules/gcmodule.c:2123 #29 0x55a492105745 in interpreter_clear Python/pystate.c:326 #30 0x55a4920f5565 in finalize_interp_clear Python/pylifecycle.c:1634 #31 0x55a4920fa882 in Py_FinalizeEx Python/pylifecycle.c:1812 #32 0x55a491e72870 in Py_RunMain Modules/main.c:668 #33 0x55a491e72870 in pymain_main Modules/main.c:696 #34 0x55a491e72870 in Py_BytesMain Modules/main.c:720 #35 0x7f772d82eb24 in __libc_start_main (/usr/lib/libc.so.6+0x27b24) previously allocated by thread T0 here: #0 0x7f772dbfb279 in __interceptor_malloc /build/gcc/src/gcc/libsanitizer/asan/asan_malloc_linux.cpp:145 #1 0x55a4921667b5 in _PyObject_GC_Alloc Modules/gcmodule.c:2250 #2 0x55a4921667b5 in _PyObject_GC_Malloc Modules/gcmodule.c:2277 #3 0x55a491f56986 in PyType_GenericAlloc Objects/typeobject.c:1160 #4 0x55a491f866ea in type_new_alloc Objects/typeobject.c:2732 #5 0x55a491f866ea in type_new_init Objects/typeobject.c:3144 #6 0x55a491f866ea in type_new_impl Objects/typeobject.c:3167 #7 0x55a491f866ea in type_new Objects/typeobject.c:3312 #8 0x55a491f5b377 in type_call Objects/typeobject.c:1127 #9 0x55a491e92ad8 in _PyObject_MakeTpCall Objects/call.c:215 #10 0x55a491e93f33 in _PyObject_VectorcallTstate Include/cpython/abstract.h:114 #11 0x55a491e93f33 in _PyObject_CallFunctionVa Objects/call.c:485 #12 0x55a491e973af in PyObject_CallFunction Objects/call.c:507 #13 0x55a49230623b in make_type Python/Python-ast.c:935 #14 0x55a49231d15f in init_types Python/Python-ast.c:1735 #15 0x55a49231edaf in get_ast_state Python/Python-ast.c:19 #16 0x55a49231edaf in astmodule_exec Python/Python-ast.c:10795 #17 0x55a491f1c866 in PyModule_ExecDef Objects/moduleobject.c:407 #18 0x55a4920bddf2 in _imp_exec_builtin (/home/pablogsal/github/python/master/python+0x3c3df2) #19 0x55a492303267 in cfunction_vectorcall_O Objects/methodobject.c:512 #20 0x55a491e94d69 in PyVectorcall_Call Objects/call.c:255 #21 0x55a491e58b83 in do_call_core Python/ceval.c:5937 #22 0x55a491e58b83 in _PyEval_EvalFrameDefault Python/ceval.c:4278 #23 0x55a492050e77 in _PyEval_EvalFrame Include/internal/pycore_ceval.h:46 #24 0x55a492050e77 in _PyEval_Vector Python/ceval.c:5069 #25 0x55a491e617da in _PyObject_VectorcallTstate Include/cpython/abstract.h:114 #26 0x55a491e617da in PyObject_Vectorcall Include/cpython/abstract.h:123 #27 0x55a491e617da in call_function Python/ceval.c:5885 #28 0x55a491e617da in _PyEval_EvalFrameDefault Python/ceval.c:4214 #29 0x55a492050e77 in _PyEval_EvalFrame Include/internal/pycore_ceval.h:46 #30 0x55a492050e77 in _PyEval_Vector Python/ceval.c:5069 #31 0x55a491e692fd in _PyObject_VectorcallTstate Include/cpython/abstract.h:114 #32 0x55a491e692fd in PyObject_Vectorcall Include/cpython/abstract.h:123 #33 0x55a491e692fd in call_function Python/ceval.c:5885 #34 0x55a491e692fd in _PyEval_EvalFrameDefault Python/ceval.c:4182 #35 0x55a492050e77 in _PyEval_EvalFrame Include/internal/pycore_ceval.h:46 #36 0x55a492050e77 in _PyEval_Vector Python/ceval.c:5069 #37 0x55a491e617da in _PyObject_VectorcallTstate Include/cpython/abstract.h:114 #38 0x55a491e617da in PyObject_Vectorcall Include/cpython/abstract.h:123 #39 0x55a491e617da in call_function Python/ceval.c:5885 #40 0x55a491e617da in _PyEval_EvalFrameDefault Python/ceval.c:4214 #41 0x55a492050e77 in _PyEval_EvalFrame Include/internal/pycore_ceval.h:46 #42 0x55a492050e77 in _PyEval_Vector Python/ceval.c:5069 #43 0x55a491e617da in _PyObject_VectorcallTstate Include/cpython/abstract.h:114 #44 0x55a491e617da in PyObject_Vectorcall Include/cpython/abstract.h:123 #45 0x55a491e617da in call_function Python/ceval.c:5885 #46 0x55a491e617da in _PyEval_EvalFrameDefault Python/ceval.c:4214 #47 0x55a492050e77 in _PyEval_EvalFrame Include/internal/pycore_ceval.h:46 #48 0x55a492050e77 in _PyEval_Vector Python/ceval.c:5069 #49 0x55a491e93a05 in _PyObject_VectorcallTstate Include/cpython/abstract.h:114 #50 0x55a491e93a05 in object_vacall Objects/call.c:734 #51 0x55a491e99424 in _PyObject_CallMethodIdObjArgs Objects/call.c:825 #52 0x55a4920c27f7 in import_find_and_load Python/import.c:1499 #53 0x55a4920c27f7 in PyImport_ImportModuleLevelObject Python/import.c:1600 #54 0x55a491e68ac5 in import_name Python/ceval.c:6010 #55 0x55a491e68ac5 in _PyEval_EvalFrameDefault Python/ceval.c:3701 #56 0x55a49205077f in _PyEval_EvalFrame Include/internal/pycore_ceval.h:46 #57 0x55a49205077f in _PyEval_Vector Python/ceval.c:5069 #58 0x55a49205077f in PyEval_EvalCode Python/ceval.c:1135 SUMMARY: AddressSanitizer: heap-use-after-free Objects/typeobject.c:1456 in subtype_dealloc Shadow bytes around the buggy address: 0x0c3280003470: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c3280003480: 00 00 00 00 00 00 fa fa fa fa fa fa fa fa fa fa 0x0c3280003490: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c32800034a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c32800034b0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd =>0x0c32800034c0: fd fd fd fd fd fd fd[fd]fd fd fd fd fd fd fd fd 0x0c32800034d0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c32800034e0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c32800034f0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c3280003500: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c3280003510: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==77503==ABORTING |
History | |||
---|---|---|---|
Date | User | Action | Args |
2021-05-21 00:14:17 | pablogsal | set | recipients: + pablogsal, paul.moore, vstinner, christian.heimes, tim.golden, zach.ware, steve.dower, Anthony Sottile, ammar2, erlendaasland, stestagg, shreyanavigyan |
2021-05-21 00:14:17 | pablogsal | set | messageid: <1621556057.39.0.820542125294.issue44184@roundup.psfhosted.org> |
2021-05-21 00:14:17 | pablogsal | link | issue44184 messages |
2021-05-21 00:14:16 | pablogsal | create |