[issue23187] Segmentation fault, possibly asyncio related

Michael Goldish Fri, 13 Mar 2015 19:28:34 -0700

Michael Goldish added the comment:

I caught another crash just now, this time in update_refs(). A stack trace is 
attached below. I still think this is the same issue.


static void
update_refs(PyGC_Head *containers)
{
    PyGC_Head *gc = containers->gc.gc_next;
0000000067382D60  mov         rdx,qword ptr [rcx]  
    for (; gc != containers; gc = gc->gc.gc_next) {
0000000067382D63  cmp         rdx,rcx  
0000000067382D66  je          update_refs+28h (67382D88h)  
0000000067382D68  nop         dword ptr [rax+rax]  
        assert(_PyGCHead_REFS(gc) == GC_REACHABLE);
        _PyGCHead_SET_REFS(gc, Py_REFCNT(FROM_GC(gc)));
0000000067382D70  and         qword ptr [rdx+10h],1  

Here rdx is 0, which means we're writing to 0x10, probably because the member 
gc_refs is at offset 0x10 of struct PyGC_Head.gc. So I suppose 
containers->gc.gc_next was NULL.

(In case this is helpful: somehow, possibly due to compiler optimizations, 
Visual Studio claims that containers->gc.gc_next is 0x34. I'm not sure what to 
make of this. It also claims that containers->gc.gc_prev->gc.gc_next is 0x3e, 
and that containers->gc.gc_prev->gc.gc_prev->gc.gc_next is 0x3e, and so on... 
gc_prev always seems fine and gc_next is always 0x3e, except for the first one 
which is 0x34. I'm attaching a screenshot to make this clearer.)

Stack trace (Python 3.4.2, 64 bit, Windows):

python34.dll!update_refs(_gc_head * containers=0x00000000676af8e0)  Line 345
python34.dll!collect(int generation=-290088656, __int64 * 
n_collected=0x00000000f166e920, __int64 * n_uncollectable=0x0000000000000000, 
int nofail=0)  Line 969
python34.dll!collect_with_callback(int generation=-290088656)  Line 1141
python34.dll!_PyObject_GC_Malloc(unsigned __int64 basicsize=4046951880)  Line 
1739
python34.dll!_PyObject_GC_New(_typeobject * tp=0x0000000001c624f0)  Line 1749
python34.dll!PyList_New(__int64 size=0)  Line 159 + 0xc bytes
python34.dll!PyEval_EvalFrameEx(_frame * f=0x00000000bab65b08, int 
throwflag=-244913096)  Line 2346
python34.dll!fast_function(_object * func=0x0000000000000003, _object * * * 
pp_stack=0x00000000f77684e0, int n=102445400, int na=1732453353, int nk=0)  
Line 4332
python34.dll!call_function(_object * * * pp_stack=0x00000000f166ec29, int 
oparg=131)  Line 4260
python34.dll!PyEval_EvalFrameEx(_frame * f=0x00000000601cbd68, int 
throwflag=-244912600)  Line 2838
python34.dll!fast_function(_object * func=0x0000000000000003, _object * * * 
pp_stack=0x00000000f7768f28, int n=56017240, int na=1732453353, int nk=0)  Line 
4332
python34.dll!call_function(_object * * * pp_stack=0x00000000f166ee19, int 
oparg=131)  Line 4260
python34.dll!PyEval_EvalFrameEx(_frame * f=0x00000000c65ff8f8, int throwflag=0) 
 Line 2838
python34.dll!PyEval_EvalCodeEx(_object * _co=0x0000000000000002, _object * 
globals=0x0000000000000002, _object * locals=0x0000000000000000, _object * * 
args=0x000000000358d248, int argcount=2, _object * * kws=0x0000000001c50060, 
int kwcount=0, _object * * defs=0x0000000000000000, int defcount=0, _object * 
kwdefs=0x0000000000000000, _object * closure=0x0000000000000000)  Line 3585 + 
0xa bytes
python34.dll!function_call(_object * func=0x000000000355f048, _object * 
arg=0x00000000f12f7688, _object * kw=0x0000000000000000)  Line 638 + 0x45 bytes
python34.dll!PyObject_Call(_object * func=0x00000000f12f7688, _object * 
arg=0x00000000f11c4d08, _object * kw=0x00000000f4e9ba58)  Line 2068
python34.dll!ext_do_call(_object * func=0x000000000355f048, _object * * * 
pp_stack=0x00000000f166f0d9, int flags=-200649216, int na=1, int nk=0)  Line 
4558 + 0xe bytes
python34.dll!PyEval_EvalFrameEx(_frame * f=0x00000000f40a5458, int 
throwflag=-244911400)  Line 2879
python34.dll!fast_function(_object * func=0x0000000000000001, _object * * * 
pp_stack=0x00000000f1380f98, int n=45993224, int na=1732453353, int nk=0)  Line 
4332
python34.dll!call_function(_object * * * pp_stack=0x00000000f166f2c9, int 
oparg=131)  Line 4260
python34.dll!PyEval_EvalFrameEx(_frame * f=0x00000000d6922548, int throwflag=0) 
 Line 2838
python34.dll!PyEval_EvalCodeEx(_object * _co=0x0000000000000002, _object * 
globals=0x0000000000000002, _object * locals=0x0000000000000000, _object * * 
args=0x0000000002334200, int argcount=2, _object * * kws=0x0000000001c50060, 
int kwcount=0, _object * * defs=0x0000000000000000, int defcount=0, _object * 
kwdefs=0x0000000000000000, _object * closure=0x0000000000000000)  Line 3585 + 
0xa bytes
python34.dll!function_call(_object * func=0x0000000002bdcbf8, _object * 
arg=0x00000000e41ef808, _object * kw=0x0000000000000000)  Line 638 + 0x45 bytes
python34.dll!PyObject_Call(_object * func=0x00000000e41ef808, _object * 
arg=0x00000000ef4ad308, _object * kw=0x00000000deda7148)  Line 2068
python34.dll!ext_do_call(_object * func=0x0000000002bdcbf8, _object * * * 
pp_stack=0x00000000f166f589, int flags=-280305184, int na=0, int nk=0)  Line 
4558 + 0xe bytes
python34.dll!PyEval_EvalFrameEx(_frame * f=0x00000000ef4ae048, int 
throwflag=-244910200)  Line 2879
python34.dll!fast_function(_object * func=0x0000000000000001, _object * * * 
pp_stack=0x00000000ef4a7c50, int n=44825728, int na=1732453353, int nk=0)  Line 
4332
python34.dll!call_function(_object * * * pp_stack=0x00000000f166f779, int 
oparg=131)  Line 4260
python34.dll!PyEval_EvalFrameEx(_frame * f=0x00000000db168948, int 
throwflag=-244909704)  Line 2838
python34.dll!fast_function(_object * func=0x0000000000000001, _object * * * 
pp_stack=0x00000000ef4a7c50, int n=44826272, int na=1732453353, int nk=0)  Line 
4332
python34.dll!call_function(_object * * * pp_stack=0x00000000f166f969, int 
oparg=131)  Line 4260
python34.dll!PyEval_EvalFrameEx(_frame * f=0x00000000ef4ab418, int throwflag=0) 
 Line 2838
python34.dll!PyEval_EvalCodeEx(_object * _co=0x0000000000000001, _object * 
globals=0x0000000000000001, _object * locals=0x0000000000000000, _object * * 
args=0x0000000000000000, int argcount=1, _object * * kws=0x0000000000000000, 
int kwcount=0, _object * * defs=0x0000000000000000, int defcount=0, _object * 
kwdefs=0x0000000000000000, _object * closure=0x0000000000000000)  Line 3585 + 
0xa bytes
python34.dll!function_call(_object * func=0x0000000002abfd08, _object * 
arg=0x00000000e22ebef0, _object * kw=0x0000000000000000)  Line 638 + 0x45 bytes
python34.dll!PyObject_Call(_object * func=0x00000000e22ebef0, _object * 
arg=0x0000000000000000, _object * kw=0x0000000001c50048)  Line 2068
python34.dll!method_call(_object * func=0x0000000002d36148, _object * 
arg=0x0000000001c50048, _object * kw=0x0000000000000000)  Line 348
python34.dll!PyObject_Call(_object * func=0x0000000001c50048, _object * 
arg=0x0000000000000000, _object * kw=0x0000000002d36148)  Line 2068
python34.dll!PyEval_CallObjectWithKeywords(_object * func=0x00000000c0a69f40, 
_object * arg=0x00000000673b1100, _object * kw=0x0000000000000000)  Line 4112
python34.dll!t_bootstrap(void * boot_raw=0x00000000dacc7d00)  Line 1000 + 0x17 
bytes
python34.dll!bootstrap(void * call=0x00000000dacc7d00)  Line 177
msvcr100.dll!_callthreadstartex()  Line 314 + 0xd bytes
msvcr100.dll!_threadstartex(void * ptd=0x0000000000000000)  Line 292 + 0x5 bytes
kernel32.dll!0000000076eb5a4d()         
[Frames below may be incorrect and/or missing, no symbols loaded for 
kernel32.dll]      
ntdll.dll!00000000775aba01()

----------
Added file: http://bugs.python.org/file38478/gc_next.png

_______________________________________
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue23187>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue23187] Segmentation fault, possibly asyncio related

Reply via email to