#14059: Fix refcount/deallocation of integers
-----------------------------+----------------------------------------------
Reporter: SimonKing | Owner: rlm
Type: defect | Status: new
Priority: blocker | Milestone: sage-5.7
Component: memleak | Resolution:
Keywords: | Work issues:
Report Upstream: N/A | Reviewers:
Authors: | Merged in:
Dependencies: | Stopgaps:
-----------------------------+----------------------------------------------
Comment (by SimonKing):
Starting and quitting Sage yields (with the optional gdb package from
#13866)
{{{
sage: quit
Exiting Sage (CPU time 0m0.06s, Wall time 0m7.51s).
Debug memory block at address p=0x1c817e0: API '�'
18302628885633695743 bytes originally requested
The 7 pad bytes at p-7 are not all FORBIDDENBYTE (0xfb):
at p-7: 0xcb *** OUCH
at p-6: 0xcb *** OUCH
at p-5: 0xcb *** OUCH
at p-4: 0xcb *** OUCH
at p-3: 0xcb *** OUCH
at p-2: 0xcb *** OUCH
at p-1: 0xcb *** OUCH
Because memory is corrupted at the start, the count of bytes requested
may be bogus, and checking the trailing pad bytes may segfault.
The 8 pad bytes at tail=0xfe00000001c817df are
------------------------------------------------------------------------
/home/simon/SAGE/debug/sage-5.7.beta2/local/lib/libcsage.so(print_backtrace+0x31)[0x7fa099a7210d]
/home/simon/SAGE/debug/sage-5.7.beta2/local/lib/libcsage.so(sigdie+0x3d)[0x7fa099a7228f]
/home/simon/SAGE/debug/sage-5.7.beta2/local/lib/libcsage.so(sage_signal_handler+0x199)[0x7fa099a71ae3]
/lib64/libpthread.so.0(+0xfd00)[0x7fa09cf83d00]
/home/simon/SAGE/debug/sage-5.7.beta2/local/lib/libpython2.7.so.1.0(_PyObject_DebugDumpAddress+0x292)[0x7fa09d24eebe]
/home/simon/SAGE/debug/sage-5.7.beta2/local/lib/libpython2.7.so.1.0(_PyObject_DebugCheckAddressApi+0x114)[0x7fa09d24ec1e]
/home/simon/SAGE/debug/sage-5.7.beta2/local/lib/libpython2.7.so.1.0(_PyObject_DebugFreeApi+0x36)[0x7fa09d24e8de]
/home/simon/SAGE/debug/sage-5.7.beta2/local/lib/libpython2.7.so.1.0(_PyObject_DebugFree+0x1d)[0x7fa09d24e78a]
/home/simon/SAGE/debug/sage-5.7.beta2/local/lib/python2.7/site-
packages/sage/rings/integer.so(+0x80292)[0x7fa08a30d292]
/home/simon/SAGE/debug/sage-5.7.beta2/local/lib/libpython2.7.so.1.0(_Py_Dealloc+0x35)[0x7fa09d24cbe4]
/home/simon/SAGE/debug/sage-5.7.beta2/local/lib/libpython2.7.so.1.0(+0xace8e)[0x7fa09d23de8e]
/home/simon/SAGE/debug/sage-5.7.beta2/local/lib/libpython2.7.so.1.0(_Py_Dealloc+0x35)[0x7fa09d24cbe4]
/home/simon/SAGE/debug/sage-5.7.beta2/local/lib/libpython2.7.so.1.0(+0xace8e)[0x7fa09d23de8e]
/home/simon/SAGE/debug/sage-5.7.beta2/local/lib/libpython2.7.so.1.0(_Py_Dealloc+0x35)[0x7fa09d24cbe4]
/home/simon/SAGE/debug/sage-5.7.beta2/local/lib/libpython2.7.so.1.0(_PyImport_Fini+0x80)[0x7fa09d306b45]
/home/simon/SAGE/debug/sage-5.7.beta2/local/lib/libpython2.7.so.1.0(Py_Finalize+0x58)[0x7fa09d31ab86]
/home/simon/SAGE/debug/sage-5.7.beta2/local/lib/libpython2.7.so.1.0(Py_Main+0xec1)[0x7fa09d33776b]
python(main+0x20)[0x4007b4]
/lib64/libc.so.6(__libc_start_main+0xed)[0x7fa09c5a723d]
python[0x4006d9]
------------------------------------------------------------------------
Attaching gdb to process id 29767.
GNU gdb (GDB) 7.5.1
Copyright (C) 2012 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
<http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-unknown-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
0x00007fa09cf838bd in waitpid () from /lib64/libpthread.so.0
Stack backtrace
---------------
No symbol table info available.
#1 0x00007fa099a72250 in print_enhanced_backtrace () from
/home/simon/SAGE/debug/sage-5.7.beta2/local/lib/libcsage.so
No symbol table info available.
#2 0x00007fa099a722c2 in sigdie () from
/home/simon/SAGE/debug/sage-5.7.beta2/local/lib/libcsage.so
No symbol table info available.
#3 0x00007fa099a71ae3 in sage_signal_handler () from
/home/simon/SAGE/debug/sage-5.7.beta2/local/lib/libcsage.so
No symbol table info available.
#4 <signal handler called>
No symbol table info available.
#5 0x00007fa09d24eebe in _PyObject_DebugDumpAddress (p=0x1c817e0) at
Objects/obmalloc.c:1649
q = 0x1c817e0 ""
tail = 0xfe00000001c817df <Address 0xfe00000001c817df out of
bounds>
nbytes = 18302628885633695743
serial = 29890528
i = 0
ok = 1
id = -53 '\313'
#6 0x00007fa09d24ec1e in _PyObject_DebugCheckAddressApi (api=111 'o',
p=0x1c817e0) at Objects/obmalloc.c:1590
q = 0x1c817e0 ""
msgbuf = "bad ID: Allocated using API '\313', verified using API
'o'\000\000\000\000\000\000\000\000"
msg = 0x7fff6ce1a910 "bad ID: Allocated using API '\313', verified
using API 'o'"
nbytes = 28403168
tail = 0x67 <Address 0x67 out of bounds>
i = 32767
id = -53 '\313'
#7 0x00007fa09d24e8de in _PyObject_DebugFreeApi (api=111 'o',
p=0x1c817e0) at Objects/obmalloc.c:1478
q = 0x1c817d0
"\375\377\377\377\377\377\377\377\313\313\313\313\313\313\313",
<incomplete sequence \313>
nbytes = 28429568
#8 0x00007fa09d24e78a in _PyObject_DebugFree (p=0x1c817e0) at
Objects/obmalloc.c:1422
No locals.
#9 0x00007fa08a30d292 in __pyx_f_4sage_5rings_7integer_fast_tp_dealloc
(__pyx_v_o=0x1c817e0) at sage/rings/integer.c:35775
__pyx_t_1 = 0
#10 0x00007fa09d24cbe4 in _Py_Dealloc (op=0x1c817e0) at
Objects/object.c:2243
dealloc = 0x7fa08a30d1c4
<__pyx_f_4sage_5rings_7integer_fast_tp_dealloc>
#11 0x00007fa09d23de8e in dict_dealloc (mp=0x1ccef60) at
Objects/dictobject.c:985
ep = 0x1cd31a8
fill = 25
#12 0x00007fa09d24cbe4 in _Py_Dealloc (op=0x1ccef60) at
Objects/object.c:2243
dealloc = 0x7fa09d23dd5b <dict_dealloc>
#13 0x00007fa09d23de8e in dict_dealloc (mp=0x673ba0) at
Objects/dictobject.c:985
ep = 0x1b86bd8
fill = 277
#14 0x00007fa09d24cbe4 in _Py_Dealloc (op=0x673ba0) at
Objects/object.c:2243
dealloc = 0x7fa09d23dd5b <dict_dealloc>
#15 0x00007fa09d306b45 in _PyImport_Fini () at Python/import.c:244
No locals.
#16 0x00007fa09d31ab86 in Py_Finalize () at Python/pythonrun.c:470
interp = 0x602010
tstate = 0x6020a0
#17 0x00007fa09d33776b in Py_Main (argc=3, argv=0x7fff6ce1ad68) at
Modules/main.c:664
c = -1
sts = 0
command = 0x0
filename = 0x7fff6ce1b856
"/home/simon/SAGE/debug/sage-5.7.beta2/local/bin/sage-ipython"
module = 0x0
fp = 0x684a90
p = 0x0
unbuffered = 0
skipfirstline = 0
stdin_is_interactive = 1
help = 0
version = 0
saw_unbuffered_flag = 0
cf = {cf_flags = 0}
#18 0x00000000004007b4 in main (argc=3, argv=0x7fff6ce1ad68) at
./Modules/python.c:23
No locals.
Cython backtrace (newest frame = last)
--------------------------------------
#0 0x0000000000400794 in main()
#1 0x00007fa09d3368aa in Py_Main()
#2 0x00007fa09d31ab2e in Py_Finalize()
#3 0x00007fa09d306ac5 in _PyImport_Fini()
#4 0x00007fa09d24cbaf in _Py_Dealloc()
#5 0x00007fa09d23dd5b in dict_dealloc()
#6 0x00007fa09d24cbaf in _Py_Dealloc()
#7 0x00007fa09d23dd5b in dict_dealloc()
#8 0x00007fa09d24cbaf in _Py_Dealloc()
#9 0x00007fa08a30d1c4 in fast_tp_dealloc() at
/home/simon/SAGE/debug/sage-5.7.beta2/devel/sage-
main/sage/rings/integer.pyx:6053
6048
6049 # Free the object. This assumes that Py_TPFLAGS_HAVE_GC is
not
6050 # set. If it was set another free function would need to be
6051 # called.
6052
> 6053 PyObject_FREE(o)
6054
6055
6056 hook_fast_tp_functions()
6057 from sage.misc.allocator cimport hook_tp_functions
#10 0x00007fa09d24e76d in _PyObject_DebugFree()
#11 0x00007fa09d24e8a8 in _PyObject_DebugFreeApi()
#12 0x00007fa09d24eb0a in _PyObject_DebugCheckAddressApi()
#13 0x00007fa09d24ec2c in _PyObject_DebugDumpAddress()
#14 0x00007fa09d617a10 in __restore_rt()
#15 0x00007fa099a7194a in sage_signal_handler()
#16 0x00007fa099a72252 in sigdie()
#17 0x00007fa099a7212b in print_enhanced_backtrace()
#18 0x00007fa09cf83860 in waitpid()
Saved trace to /home/simon/.sage/crash_logs/sage_crash_WekcH8.log
------------------------------------------------------------------------
Unhandled SIGSEGV: A segmentation fault occurred in Sage.
This probably occurred because a *compiled* component of Sage has a bug
in it and is not properly wrapped with sig_on(), sig_off(). You might
want to run Sage under gdb with 'sage -gdb' to debug this.
Sage will now terminate.
------------------------------------------------------------------------
../../sage: Zeile 135: 29767 Speicherzugriffsfehler
"$SAGE_ROOT/spkg/bin/sage" "$@"
}}}
--
Ticket URL: <http://trac.sagemath.org/sage_trac/ticket/14059#comment:1>
Sage <http://www.sagemath.org>
Sage: Creating a Viable Open Source Alternative to Magma, Maple, Mathematica,
and MATLAB
--
You received this message because you are subscribed to the Google Groups
"sage-trac" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/sage-trac?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
