Message 394085 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	pablogsal
Recipients	Anthony Sottile, ammar2, christian.heimes, erlendaasland, pablogsal, paul.moore, shreyanavigyan, stestagg, steve.dower, tim.golden, vstinner, zach.ware
Date	2021-05-21.00:14:16
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1621556057.39.0.820542125294.issue44184@roundup.psfhosted.org>
In-reply-to

Content
Ok, I got a crash under the address sanitizer using ref.py: ./python lel.py exit Cycle.__del__ Cycle.__del__ ================================================================= ==77503==ERROR: AddressSanitizer: heap-use-after-free on address 0x61900005a638 at pc 0x55a491f59376 bp 0x7fff8b27cd10 sp 0x7fff8b27cd00 READ of size 8 at 0x61900005a638 thread T0 #0 0x55a491f59375 in subtype_dealloc Objects/typeobject.c:1456 #1 0x55a491ebb5e4 in _Py_DECREF Include/object.h:500 #2 0x55a491ebb5e4 in _Py_XDECREF Include/object.h:567 #3 0x55a491ebb5e4 in list_dealloc Objects/listobject.c:342 #4 0x55a491eebe44 in _Py_DECREF Include/object.h:500 #5 0x55a491eebe44 in _Py_XDECREF Include/object.h:567 #6 0x55a491eebe44 in dict_dealloc Objects/dictobject.c:2068 #7 0x55a492305eec in _Py_DECREF Include/object.h:500 #8 0x55a492305eec in ast_dealloc Python/Python-ast.c:764 #9 0x55a491f59065 in subtype_dealloc Objects/typeobject.c:1450 #10 0x55a491eebe44 in _Py_DECREF Include/object.h:500 #11 0x55a491eebe44 in _Py_XDECREF Include/object.h:567 #12 0x55a491eebe44 in dict_dealloc Objects/dictobject.c:2068 #13 0x55a492305eec in _Py_DECREF Include/object.h:500 #14 0x55a492305eec in ast_dealloc Python/Python-ast.c:764 #15 0x55a491f59065 in subtype_dealloc Objects/typeobject.c:1450 #16 0x55a491ebb5e4 in _Py_DECREF Include/object.h:500 #17 0x55a491ebb5e4 in _Py_XDECREF Include/object.h:567 #18 0x55a491ebb5e4 in list_dealloc Objects/listobject.c:342 #19 0x55a491eebe44 in _Py_DECREF Include/object.h:500 #20 0x55a491eebe44 in _Py_XDECREF Include/object.h:567 #21 0x55a491eebe44 in dict_dealloc Objects/dictobject.c:2068 #22 0x55a492305e1f in _Py_DECREF Include/object.h:500 #23 0x55a492305e1f in ast_clear Python/Python-ast.c:782 #24 0x55a49216367b in delete_garbage Modules/gcmodule.c:1017 #25 0x55a49216367b in gc_collect_main Modules/gcmodule.c:1300 #26 0x55a492165fe5 in _PyGC_CollectNoFail Modules/gcmodule.c:2123 #27 0x55a492105745 in interpreter_clear Python/pystate.c:326 #28 0x55a4920f5565 in finalize_interp_clear Python/pylifecycle.c:1634 #29 0x55a4920fa882 in Py_FinalizeEx Python/pylifecycle.c:1812 #30 0x55a491e72870 in Py_RunMain Modules/main.c:668 #31 0x55a491e72870 in pymain_main Modules/main.c:696 #32 0x55a491e72870 in Py_BytesMain Modules/main.c:720 #33 0x7f772d82eb24 in __libc_start_main (/usr/lib/libc.so.6+0x27b24) #34 0x55a491e6ec2d in _start (/home/pablogsal/github/python/master/python+0x174c2d) 0x61900005a638 is located 184 bytes inside of 944-byte region [0x61900005a580,0x61900005a930) freed by thread T0 here: #0 0x7f772dbfaf19 in __interceptor_free /build/gcc/src/gcc/libsanitizer/asan/asan_malloc_linux.cpp:127 #1 0x55a491f5466e in type_dealloc Objects/typeobject.c:4041 #2 0x55a491f59065 in subtype_dealloc Objects/typeobject.c:1450 #3 0x55a491ebb5e4 in _Py_DECREF Include/object.h:500 #4 0x55a491ebb5e4 in _Py_XDECREF Include/object.h:567 #5 0x55a491ebb5e4 in list_dealloc Objects/listobject.c:342 #6 0x55a491eebe44 in _Py_DECREF Include/object.h:500 #7 0x55a491eebe44 in _Py_XDECREF Include/object.h:567 #8 0x55a491eebe44 in dict_dealloc Objects/dictobject.c:2068 #9 0x55a492305eec in _Py_DECREF Include/object.h:500 #10 0x55a492305eec in ast_dealloc Python/Python-ast.c:764 #11 0x55a491f59065 in subtype_dealloc Objects/typeobject.c:1450 #12 0x55a491eebe44 in _Py_DECREF Include/object.h:500 #13 0x55a491eebe44 in _Py_XDECREF Include/object.h:567 #14 0x55a491eebe44 in dict_dealloc Objects/dictobject.c:2068 #15 0x55a492305eec in _Py_DECREF Include/object.h:500 #16 0x55a492305eec in ast_dealloc Python/Python-ast.c:764 #17 0x55a491f59065 in subtype_dealloc Objects/typeobject.c:1450 #18 0x55a491ebb5e4 in _Py_DECREF Include/object.h:500 #19 0x55a491ebb5e4 in _Py_XDECREF Include/object.h:567 #20 0x55a491ebb5e4 in list_dealloc Objects/listobject.c:342 #21 0x55a491eebe44 in _Py_DECREF Include/object.h:500 #22 0x55a491eebe44 in _Py_XDECREF Include/object.h:567 #23 0x55a491eebe44 in dict_dealloc Objects/dictobject.c:2068 #24 0x55a492305e1f in _Py_DECREF Include/object.h:500 #25 0x55a492305e1f in ast_clear Python/Python-ast.c:782 #26 0x55a49216367b in delete_garbage Modules/gcmodule.c:1017 #27 0x55a49216367b in gc_collect_main Modules/gcmodule.c:1300 #28 0x55a492165fe5 in _PyGC_CollectNoFail Modules/gcmodule.c:2123 #29 0x55a492105745 in interpreter_clear Python/pystate.c:326 #30 0x55a4920f5565 in finalize_interp_clear Python/pylifecycle.c:1634 #31 0x55a4920fa882 in Py_FinalizeEx Python/pylifecycle.c:1812 #32 0x55a491e72870 in Py_RunMain Modules/main.c:668 #33 0x55a491e72870 in pymain_main Modules/main.c:696 #34 0x55a491e72870 in Py_BytesMain Modules/main.c:720 #35 0x7f772d82eb24 in __libc_start_main (/usr/lib/libc.so.6+0x27b24) previously allocated by thread T0 here: #0 0x7f772dbfb279 in __interceptor_malloc /build/gcc/src/gcc/libsanitizer/asan/asan_malloc_linux.cpp:145 #1 0x55a4921667b5 in _PyObject_GC_Alloc Modules/gcmodule.c:2250 #2 0x55a4921667b5 in _PyObject_GC_Malloc Modules/gcmodule.c:2277 #3 0x55a491f56986 in PyType_GenericAlloc Objects/typeobject.c:1160 #4 0x55a491f866ea in type_new_alloc Objects/typeobject.c:2732 #5 0x55a491f866ea in type_new_init Objects/typeobject.c:3144 #6 0x55a491f866ea in type_new_impl Objects/typeobject.c:3167 #7 0x55a491f866ea in type_new Objects/typeobject.c:3312 #8 0x55a491f5b377 in type_call Objects/typeobject.c:1127 #9 0x55a491e92ad8 in _PyObject_MakeTpCall Objects/call.c:215 #10 0x55a491e93f33 in _PyObject_VectorcallTstate Include/cpython/abstract.h:114 #11 0x55a491e93f33 in _PyObject_CallFunctionVa Objects/call.c:485 #12 0x55a491e973af in PyObject_CallFunction Objects/call.c:507 #13 0x55a49230623b in make_type Python/Python-ast.c:935 #14 0x55a49231d15f in init_types Python/Python-ast.c:1735 #15 0x55a49231edaf in get_ast_state Python/Python-ast.c:19 #16 0x55a49231edaf in astmodule_exec Python/Python-ast.c:10795 #17 0x55a491f1c866 in PyModule_ExecDef Objects/moduleobject.c:407 #18 0x55a4920bddf2 in _imp_exec_builtin (/home/pablogsal/github/python/master/python+0x3c3df2) #19 0x55a492303267 in cfunction_vectorcall_O Objects/methodobject.c:512 #20 0x55a491e94d69 in PyVectorcall_Call Objects/call.c:255 #21 0x55a491e58b83 in do_call_core Python/ceval.c:5937 #22 0x55a491e58b83 in _PyEval_EvalFrameDefault Python/ceval.c:4278 #23 0x55a492050e77 in _PyEval_EvalFrame Include/internal/pycore_ceval.h:46 #24 0x55a492050e77 in _PyEval_Vector Python/ceval.c:5069 #25 0x55a491e617da in _PyObject_VectorcallTstate Include/cpython/abstract.h:114 #26 0x55a491e617da in PyObject_Vectorcall Include/cpython/abstract.h:123 #27 0x55a491e617da in call_function Python/ceval.c:5885 #28 0x55a491e617da in _PyEval_EvalFrameDefault Python/ceval.c:4214 #29 0x55a492050e77 in _PyEval_EvalFrame Include/internal/pycore_ceval.h:46 #30 0x55a492050e77 in _PyEval_Vector Python/ceval.c:5069 #31 0x55a491e692fd in _PyObject_VectorcallTstate Include/cpython/abstract.h:114 #32 0x55a491e692fd in PyObject_Vectorcall Include/cpython/abstract.h:123 #33 0x55a491e692fd in call_function Python/ceval.c:5885 #34 0x55a491e692fd in _PyEval_EvalFrameDefault Python/ceval.c:4182 #35 0x55a492050e77 in _PyEval_EvalFrame Include/internal/pycore_ceval.h:46 #36 0x55a492050e77 in _PyEval_Vector Python/ceval.c:5069 #37 0x55a491e617da in _PyObject_VectorcallTstate Include/cpython/abstract.h:114 #38 0x55a491e617da in PyObject_Vectorcall Include/cpython/abstract.h:123 #39 0x55a491e617da in call_function Python/ceval.c:5885 #40 0x55a491e617da in _PyEval_EvalFrameDefault Python/ceval.c:4214 #41 0x55a492050e77 in _PyEval_EvalFrame Include/internal/pycore_ceval.h:46 #42 0x55a492050e77 in _PyEval_Vector Python/ceval.c:5069 #43 0x55a491e617da in _PyObject_VectorcallTstate Include/cpython/abstract.h:114 #44 0x55a491e617da in PyObject_Vectorcall Include/cpython/abstract.h:123 #45 0x55a491e617da in call_function Python/ceval.c:5885 #46 0x55a491e617da in _PyEval_EvalFrameDefault Python/ceval.c:4214 #47 0x55a492050e77 in _PyEval_EvalFrame Include/internal/pycore_ceval.h:46 #48 0x55a492050e77 in _PyEval_Vector Python/ceval.c:5069 #49 0x55a491e93a05 in _PyObject_VectorcallTstate Include/cpython/abstract.h:114 #50 0x55a491e93a05 in object_vacall Objects/call.c:734 #51 0x55a491e99424 in _PyObject_CallMethodIdObjArgs Objects/call.c:825 #52 0x55a4920c27f7 in import_find_and_load Python/import.c:1499 #53 0x55a4920c27f7 in PyImport_ImportModuleLevelObject Python/import.c:1600 #54 0x55a491e68ac5 in import_name Python/ceval.c:6010 #55 0x55a491e68ac5 in _PyEval_EvalFrameDefault Python/ceval.c:3701 #56 0x55a49205077f in _PyEval_EvalFrame Include/internal/pycore_ceval.h:46 #57 0x55a49205077f in _PyEval_Vector Python/ceval.c:5069 #58 0x55a49205077f in PyEval_EvalCode Python/ceval.c:1135 SUMMARY: AddressSanitizer: heap-use-after-free Objects/typeobject.c:1456 in subtype_dealloc Shadow bytes around the buggy address: 0x0c3280003470: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c3280003480: 00 00 00 00 00 00 fa fa fa fa fa fa fa fa fa fa 0x0c3280003490: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c32800034a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c32800034b0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd =>0x0c32800034c0: fd fd fd fd fd fd fd[fd]fd fd fd fd fd fd fd fd 0x0c32800034d0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c32800034e0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c32800034f0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c3280003500: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c3280003510: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==77503==ABORTING

Ok, I got a crash under the address sanitizer using ref.py:

 ./python lel.py
exit
Cycle.__del__
Cycle.__del__
=================================================================
==77503==ERROR: AddressSanitizer: heap-use-after-free on address 0x61900005a638 at pc 0x55a491f59376 bp 0x7fff8b27cd10 sp 0x7fff8b27cd00
READ of size 8 at 0x61900005a638 thread T0
    #0 0x55a491f59375 in subtype_dealloc Objects/typeobject.c:1456
    #1 0x55a491ebb5e4 in _Py_DECREF Include/object.h:500
    #2 0x55a491ebb5e4 in _Py_XDECREF Include/object.h:567
    #3 0x55a491ebb5e4 in list_dealloc Objects/listobject.c:342
    #4 0x55a491eebe44 in _Py_DECREF Include/object.h:500
    #5 0x55a491eebe44 in _Py_XDECREF Include/object.h:567
    #6 0x55a491eebe44 in dict_dealloc Objects/dictobject.c:2068
    #7 0x55a492305eec in _Py_DECREF Include/object.h:500
    #8 0x55a492305eec in ast_dealloc Python/Python-ast.c:764
    #9 0x55a491f59065 in subtype_dealloc Objects/typeobject.c:1450
    #10 0x55a491eebe44 in _Py_DECREF Include/object.h:500
    #11 0x55a491eebe44 in _Py_XDECREF Include/object.h:567
    #12 0x55a491eebe44 in dict_dealloc Objects/dictobject.c:2068
    #13 0x55a492305eec in _Py_DECREF Include/object.h:500
    #14 0x55a492305eec in ast_dealloc Python/Python-ast.c:764
    #15 0x55a491f59065 in subtype_dealloc Objects/typeobject.c:1450
    #16 0x55a491ebb5e4 in _Py_DECREF Include/object.h:500
    #17 0x55a491ebb5e4 in _Py_XDECREF Include/object.h:567
    #18 0x55a491ebb5e4 in list_dealloc Objects/listobject.c:342
    #19 0x55a491eebe44 in _Py_DECREF Include/object.h:500
    #20 0x55a491eebe44 in _Py_XDECREF Include/object.h:567
    #21 0x55a491eebe44 in dict_dealloc Objects/dictobject.c:2068
    #22 0x55a492305e1f in _Py_DECREF Include/object.h:500
    #23 0x55a492305e1f in ast_clear Python/Python-ast.c:782
    #24 0x55a49216367b in delete_garbage Modules/gcmodule.c:1017
    #25 0x55a49216367b in gc_collect_main Modules/gcmodule.c:1300
    #26 0x55a492165fe5 in _PyGC_CollectNoFail Modules/gcmodule.c:2123
    #27 0x55a492105745 in interpreter_clear Python/pystate.c:326
    #28 0x55a4920f5565 in finalize_interp_clear Python/pylifecycle.c:1634
    #29 0x55a4920fa882 in Py_FinalizeEx Python/pylifecycle.c:1812
    #30 0x55a491e72870 in Py_RunMain Modules/main.c:668
    #31 0x55a491e72870 in pymain_main Modules/main.c:696
    #32 0x55a491e72870 in Py_BytesMain Modules/main.c:720
    #33 0x7f772d82eb24 in __libc_start_main (/usr/lib/libc.so.6+0x27b24)
    #34 0x55a491e6ec2d in _start (/home/pablogsal/github/python/master/python+0x174c2d)
0x61900005a638 is located 184 bytes inside of 944-byte region [0x61900005a580,0x61900005a930)
freed by thread T0 here:
    #0 0x7f772dbfaf19 in __interceptor_free /build/gcc/src/gcc/libsanitizer/asan/asan_malloc_linux.cpp:127
    #1 0x55a491f5466e in type_dealloc Objects/typeobject.c:4041
    #2 0x55a491f59065 in subtype_dealloc Objects/typeobject.c:1450
    #3 0x55a491ebb5e4 in _Py_DECREF Include/object.h:500
    #4 0x55a491ebb5e4 in _Py_XDECREF Include/object.h:567
    #5 0x55a491ebb5e4 in list_dealloc Objects/listobject.c:342
    #6 0x55a491eebe44 in _Py_DECREF Include/object.h:500
    #7 0x55a491eebe44 in _Py_XDECREF Include/object.h:567
    #8 0x55a491eebe44 in dict_dealloc Objects/dictobject.c:2068
    #9 0x55a492305eec in _Py_DECREF Include/object.h:500
    #10 0x55a492305eec in ast_dealloc Python/Python-ast.c:764
    #11 0x55a491f59065 in subtype_dealloc Objects/typeobject.c:1450
    #12 0x55a491eebe44 in _Py_DECREF Include/object.h:500
    #13 0x55a491eebe44 in _Py_XDECREF Include/object.h:567
    #14 0x55a491eebe44 in dict_dealloc Objects/dictobject.c:2068
    #15 0x55a492305eec in _Py_DECREF Include/object.h:500
    #16 0x55a492305eec in ast_dealloc Python/Python-ast.c:764
    #17 0x55a491f59065 in subtype_dealloc Objects/typeobject.c:1450
    #18 0x55a491ebb5e4 in _Py_DECREF Include/object.h:500
    #19 0x55a491ebb5e4 in _Py_XDECREF Include/object.h:567
    #20 0x55a491ebb5e4 in list_dealloc Objects/listobject.c:342
    #21 0x55a491eebe44 in _Py_DECREF Include/object.h:500
    #22 0x55a491eebe44 in _Py_XDECREF Include/object.h:567
    #23 0x55a491eebe44 in dict_dealloc Objects/dictobject.c:2068
    #24 0x55a492305e1f in _Py_DECREF Include/object.h:500
    #25 0x55a492305e1f in ast_clear Python/Python-ast.c:782
    #26 0x55a49216367b in delete_garbage Modules/gcmodule.c:1017
    #27 0x55a49216367b in gc_collect_main Modules/gcmodule.c:1300
    #28 0x55a492165fe5 in _PyGC_CollectNoFail Modules/gcmodule.c:2123
    #29 0x55a492105745 in interpreter_clear Python/pystate.c:326
    #30 0x55a4920f5565 in finalize_interp_clear Python/pylifecycle.c:1634
    #31 0x55a4920fa882 in Py_FinalizeEx Python/pylifecycle.c:1812
    #32 0x55a491e72870 in Py_RunMain Modules/main.c:668
    #33 0x55a491e72870 in pymain_main Modules/main.c:696
    #34 0x55a491e72870 in Py_BytesMain Modules/main.c:720
    #35 0x7f772d82eb24 in __libc_start_main (/usr/lib/libc.so.6+0x27b24)

previously allocated by thread T0 here:
    #0 0x7f772dbfb279 in __interceptor_malloc /build/gcc/src/gcc/libsanitizer/asan/asan_malloc_linux.cpp:145
    #1 0x55a4921667b5 in _PyObject_GC_Alloc Modules/gcmodule.c:2250
    #2 0x55a4921667b5 in _PyObject_GC_Malloc Modules/gcmodule.c:2277
    #3 0x55a491f56986 in PyType_GenericAlloc Objects/typeobject.c:1160
    #4 0x55a491f866ea in type_new_alloc Objects/typeobject.c:2732
    #5 0x55a491f866ea in type_new_init Objects/typeobject.c:3144
    #6 0x55a491f866ea in type_new_impl Objects/typeobject.c:3167
    #7 0x55a491f866ea in type_new Objects/typeobject.c:3312
    #8 0x55a491f5b377 in type_call Objects/typeobject.c:1127
    #9 0x55a491e92ad8 in _PyObject_MakeTpCall Objects/call.c:215
    #10 0x55a491e93f33 in _PyObject_VectorcallTstate Include/cpython/abstract.h:114
    #11 0x55a491e93f33 in _PyObject_CallFunctionVa Objects/call.c:485
    #12 0x55a491e973af in PyObject_CallFunction Objects/call.c:507
    #13 0x55a49230623b in make_type Python/Python-ast.c:935
    #14 0x55a49231d15f in init_types Python/Python-ast.c:1735
    #15 0x55a49231edaf in get_ast_state Python/Python-ast.c:19
    #16 0x55a49231edaf in astmodule_exec Python/Python-ast.c:10795
    #17 0x55a491f1c866 in PyModule_ExecDef Objects/moduleobject.c:407
    #18 0x55a4920bddf2 in _imp_exec_builtin (/home/pablogsal/github/python/master/python+0x3c3df2)
    #19 0x55a492303267 in cfunction_vectorcall_O Objects/methodobject.c:512
    #20 0x55a491e94d69 in PyVectorcall_Call Objects/call.c:255
    #21 0x55a491e58b83 in do_call_core Python/ceval.c:5937
    #22 0x55a491e58b83 in _PyEval_EvalFrameDefault Python/ceval.c:4278
    #23 0x55a492050e77 in _PyEval_EvalFrame Include/internal/pycore_ceval.h:46
    #24 0x55a492050e77 in _PyEval_Vector Python/ceval.c:5069
    #25 0x55a491e617da in _PyObject_VectorcallTstate Include/cpython/abstract.h:114
    #26 0x55a491e617da in PyObject_Vectorcall Include/cpython/abstract.h:123
    #27 0x55a491e617da in call_function Python/ceval.c:5885
    #28 0x55a491e617da in _PyEval_EvalFrameDefault Python/ceval.c:4214
    #29 0x55a492050e77 in _PyEval_EvalFrame Include/internal/pycore_ceval.h:46
    #30 0x55a492050e77 in _PyEval_Vector Python/ceval.c:5069
    #31 0x55a491e692fd in _PyObject_VectorcallTstate Include/cpython/abstract.h:114
    #32 0x55a491e692fd in PyObject_Vectorcall Include/cpython/abstract.h:123
    #33 0x55a491e692fd in call_function Python/ceval.c:5885
    #34 0x55a491e692fd in _PyEval_EvalFrameDefault Python/ceval.c:4182
    #35 0x55a492050e77 in _PyEval_EvalFrame Include/internal/pycore_ceval.h:46
    #36 0x55a492050e77 in _PyEval_Vector Python/ceval.c:5069
    #37 0x55a491e617da in _PyObject_VectorcallTstate Include/cpython/abstract.h:114
    #38 0x55a491e617da in PyObject_Vectorcall Include/cpython/abstract.h:123
    #39 0x55a491e617da in call_function Python/ceval.c:5885
    #40 0x55a491e617da in _PyEval_EvalFrameDefault Python/ceval.c:4214
    #41 0x55a492050e77 in _PyEval_EvalFrame Include/internal/pycore_ceval.h:46
    #42 0x55a492050e77 in _PyEval_Vector Python/ceval.c:5069
    #43 0x55a491e617da in _PyObject_VectorcallTstate Include/cpython/abstract.h:114
    #44 0x55a491e617da in PyObject_Vectorcall Include/cpython/abstract.h:123
    #45 0x55a491e617da in call_function Python/ceval.c:5885
    #46 0x55a491e617da in _PyEval_EvalFrameDefault Python/ceval.c:4214
    #47 0x55a492050e77 in _PyEval_EvalFrame Include/internal/pycore_ceval.h:46
    #48 0x55a492050e77 in _PyEval_Vector Python/ceval.c:5069
    #49 0x55a491e93a05 in _PyObject_VectorcallTstate Include/cpython/abstract.h:114
    #50 0x55a491e93a05 in object_vacall Objects/call.c:734
    #51 0x55a491e99424 in _PyObject_CallMethodIdObjArgs Objects/call.c:825
    #52 0x55a4920c27f7 in import_find_and_load Python/import.c:1499
    #53 0x55a4920c27f7 in PyImport_ImportModuleLevelObject Python/import.c:1600
    #54 0x55a491e68ac5 in import_name Python/ceval.c:6010
    #55 0x55a491e68ac5 in _PyEval_EvalFrameDefault Python/ceval.c:3701
    #56 0x55a49205077f in _PyEval_EvalFrame Include/internal/pycore_ceval.h:46
    #57 0x55a49205077f in _PyEval_Vector Python/ceval.c:5069
    #58 0x55a49205077f in PyEval_EvalCode Python/ceval.c:1135
SUMMARY: AddressSanitizer: heap-use-after-free Objects/typeobject.c:1456 in subtype_dealloc
Shadow bytes around the buggy address:
  0x0c3280003470: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c3280003480: 00 00 00 00 00 00 fa fa fa fa fa fa fa fa fa fa
  0x0c3280003490: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c32800034a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c32800034b0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
=>0x0c32800034c0: fd fd fd fd fd fd fd[fd]fd fd fd fd fd fd fd fd
  0x0c32800034d0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c32800034e0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c32800034f0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c3280003500: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c3280003510: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc
==77503==ABORTING

History
Date	User	Action	Args
2021-05-21 00:14:17	pablogsal	set	recipients: + pablogsal, paul.moore, vstinner, christian.heimes, tim.golden, zach.ware, steve.dower, Anthony Sottile, ammar2, erlendaasland, stestagg, shreyanavigyan
2021-05-21 00:14:17	pablogsal	set	messageid: <1621556057.39.0.820542125294.issue44184@roundup.psfhosted.org>
2021-05-21 00:14:17	pablogsal	link	issue44184 messages
2021-05-21 00:14:16	pablogsal	create