INADA Naoki <[email protected]> added the comment:
I received two core files ("core" and "core.23") from fenrrir, thank you.
But I can't investigate well, sorry.
I think someone breaks memory, and SEGV happened later.
I need to reproduce it on my machine...
In core.23, SEGV happens in kill() syscall. I can't get how it can happened.
(gdb) bt 10
#0 0x00007ffff6c10187 in kill () at ../sysdeps/unix/syscall-template.S:78
#1 0x0000555555778f71 in os_kill_impl (module=<optimized out>,
signal=<optimized out>, pid=<optimized out>) at ../Modules/posixmodule.c:6749
#2 os_kill (module=<optimized out>, args=<optimized out>, nargs=<optimized
out>) at ../Modules/clinic/posixmodule.c.h:2672
#3 0x00005555555dd4ba in _PyMethodDef_RawFastCallKeywords (kwnames=0x0,
nargs=140737353236984, args=0x7ffff7ee7e60, self=<module at remote
0x7ffff7f221d8>,
method=0x555555c007a0 <posix_methods+1920>) at ../Objects/call.c:651
In "core", SEGV happens in pymalloc. Pool is broken and I suppose some buffer
overflow breaks the pool, but I'm not sure.
#0 pymalloc_alloc (ptr_p=ptr_p@entry=0x7fffee81a640, nbytes=40, ctx=<optimized
out>) at ../Objects/obmalloc.c:1398
#1 0x000055555562ed78 in pymalloc_alloc (ctx=<optimized out>, nbytes=40,
ptr_p=0x7fffee81a640) at ../Objects/obmalloc.c:1565
#2 _PyObject_Malloc (ctx=<optimized out>, nbytes=40) at
../Objects/obmalloc.c:1555
#3 0x000055555561d5d5 in new_dict_with_shared_keys (keys=0x7ffff4e4c2d0) at
../Objects/dictobject.c:607
#4 _PyObjectDict_SetItem (tp=tp@entry=0x555555e8b338, dictptr=0x7fffedfe4250,
key=key@entry='s', value=value@entry='\n <h3>') at ../Objects/dictobject.c:4311
#5 0x000055555562b2d4 in _PyObject_GenericSetAttrWithDict (dict=0x0, value='\n
<h3>', name='s', obj=<TextNode at remote 0x7fffedfe4240>) at
../Objects/object.c:1319
#6 PyObject_GenericSetAttr (obj=<TextNode at remote 0x7fffedfe4240>, name='s',
value='\n <h3>') at ../Objects/object.c:1341
#7 0x000055555562a09f in PyObject_SetAttr (v=v@entry=<TextNode at remote
0x7fffedfe4240>, name=<optimized out>, value=value@entry='\n <h3>') at
../Objects/object.c:978
#8 0x00005555555c67d8 in _PyEval_EvalFrameDefault (f=<optimized out>,
throwflag=<optimized out>) at ../Python/ceval.c:2002
#9 0x00005555555c1787 in function_code_fastcall (co=co@entry=0x7ffff4e90930,
args=<optimized out>, args@entry=0x7fffee81a930, nargs=2,
globals=globals@entry={'__name__': 'django.template.base', '__doc__':
"\nThis is the Django template system...
../Objects/call.c:283
(gdb) p pool
$1 = (poolp) 0x7fffee861000
(gdb) p bp
$2 = (block *) 0x7a672f <error: Cannot access memory at address 0x7a672f>
(gdb) p *pool
$3 = {ref = {_padding = 0x2c <error: Cannot access memory at address 0x2c>,
count = 44}, freeblock = 0x7a672f <error: Cannot access memory at address
0x7a672f>,
nextpool = 0x555555ba1fd0 <usedpools+48>, prevpool = 0x555555ba1fd0
<usedpools+48>, arenaindex = 170, szidx = 4, nextoffset = 1768, maxnextoffset =
4056}
(gdb) p *(pool->nextpool)
$4 = {ref = {_padding = 0x7fffeec2a000 "}", count = 4005732352}, freeblock =
0x7fffeea8e000 "\006", nextpool = 0x7fffee861000, prevpool = 0x7fffee861000,
arenaindex = 4004200448,
szidx = 32767, nextoffset = 4004200448, maxnextoffset = 32767}
----------
_______________________________________
Python tracker <[email protected]>
<https://bugs.python.org/issue34087>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
