[pypy-issue] Issue #2237: PyPy 4.0.1 segmentation fault (code using Eventlet, platform: OS X, presumably GC involved) (pypy/pypy)
Jakub Stasiak
issues-reply at bitbucket.org
Fri Feb 12 08:02:34 EST 2016
New issue 2237: PyPy 4.0.1 segmentation fault (code using Eventlet, platform: OS X, presumably GC involved)
https://bitbucket.org/pypy/pypy/issues/2237/pypy-401-segmentation-fault-code-using
Jakub Stasiak:
Code that triggers the segfault (extracted from Eventlet test suite and modified to improve the chance of failure):
```python
import gc
import eventlet
from eventlet import event
for i in range(5):
evt = event.Event()
def waiter(sock, addr):
evt.wait()
l = eventlet.listen(('localhost', 0))
allowed_count = 10
eventlet.spawn(eventlet.serve, l, waiter, allowed_count)
def test_client():
eventlet.connect(('localhost', l.getsockname()[1]))
for i in range(allowed_count):
test_client()
eventlet.with_timeout(
0.01,
test_client,
timeout_value="timed out")
gc.collect()
```
Extra dependencies:
```
eventlet==0.18.2
```
Result:
```
* thread #1: tid = 0xb0ee9, 0x0000000100f9cb5e libpypy-c.dylib`pypy_g_trace___append_if_nonnull + 26, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x2014d8836)
frame #0: 0x0000000100f9cb5e libpypy-c.dylib`pypy_g_trace___append_if_nonnull + 26
libpypy-c.dylib`pypy_g_trace___append_if_nonnull:
-> 0x100f9cb5e <+26>: movq (%rbx,%r15), %rax
0x100f9cb62 <+30>: testl $0x260000, %eax
0x100f9cb67 <+35>: je 0x100f9cbaa ; <+102>
0x100f9cb69 <+37>: testl $0x40000, %eax
(lldb) disassemble
libpypy-c.dylib`pypy_g_trace___append_if_nonnull:
0x100f9cb44 <+0>: pushq %r15
0x100f9cb46 <+2>: pushq %r14
0x100f9cb48 <+4>: pushq %r13
0x100f9cb4a <+6>: pushq %r12
0x100f9cb4c <+8>: pushq %rbx
0x100f9cb4d <+9>: movq %rdx, %r14
0x100f9cb50 <+12>: movq %rsi, %r12
0x100f9cb53 <+15>: movl (%r12), %ebx
0x100f9cb57 <+19>: leaq 0x53bd02(%rip), %r15 ; pypy_g_typeinfo
-> 0x100f9cb5e <+26>: movq (%rbx,%r15), %rax
0x100f9cb62 <+30>: testl $0x260000, %eax
0x100f9cb67 <+35>: je 0x100f9cbaa ; <+102>
0x100f9cb69 <+37>: testl $0x40000, %eax
0x100f9cb6e <+42>: jne 0x100f9cc12 ; <+206>
0x100f9cb74 <+48>: movq %r12, %rsi
0x100f9cb77 <+51>: movq %r14, %rdx
0x100f9cb7a <+54>: callq 0x100f9cccc ; pypy_g__trace_slow_path___append_if_nonnull
0x100f9cb7f <+59>: cmpq $0x0, 0x1905509(%rip) ; pypy_g_array_92 + 65535
0x100f9cb87 <+67>: je 0x100f9cbaa ; <+102>
0x100f9cb89 <+69>: movslq 0x19141d0(%rip), %rax ; pypydtcount
0x100f9cb90 <+76>: leal 0x1(%rax), %ecx
0x100f9cb93 <+79>: shlq $0x4, %rax
0x100f9cb97 <+83>: leaq 0x1915312(%rip), %rdx ; pypy_debug_tracebacks
0x100f9cb9e <+90>: leaq 0x189480b(%rip), %rsi ; pypy_g_trace___append_if_nonnull.loc128
0x100f9cba5 <+97>: jmp 0x100f9ccac ; <+360>
0x100f9cbaa <+102>: movq 0x18(%rbx,%r15), %r15
0x100f9cbaf <+107>: movq (%r15), %rax
0x100f9cbb2 <+110>: testq %rax, %rax
0x100f9cbb5 <+113>: jle 0x100f9ccc2 ; <+382>
0x100f9cbbb <+119>: xorl %ebx, %ebx
0x100f9cbbd <+121>: movq 0x8(%r15,%rbx,8), %rcx
0x100f9cbc2 <+126>: movq (%r12,%rcx), %r13
0x100f9cbc6 <+130>: testq %r13, %r13
0x100f9cbc9 <+133>: je 0x100f9cc05 ; <+193>
0x100f9cbcb <+135>: movq 0x10(%r14), %rax
0x100f9cbcf <+139>: cmpq $0x3fb, %rax
0x100f9cbd5 <+145>: jne 0x100f9cbf2 ; <+174>
0x100f9cbd7 <+147>: movq %r14, %rdi
0x100f9cbda <+150>: callq 0x100fd22d9 ; pypy_g_AddressStack_enlarge
0x100f9cbdf <+155>: cmpq $0x0, 0x19054a9(%rip) ; pypy_g_array_92 + 65535
0x100f9cbe7 <+163>: movl $0x0, %eax
0x100f9cbec <+168>: jne 0x100f9cc72 ; <+302>
0x100f9cbf2 <+174>: movq 0x8(%r14), %rcx
0x100f9cbf6 <+178>: movq %r13, 0x8(%rcx,%rax,8)
0x100f9cbfb <+183>: incq %rax
0x100f9cbfe <+186>: movq %rax, 0x10(%r14)
0x100f9cc02 <+190>: movq (%r15), %rax
0x100f9cc05 <+193>: incq %rbx
0x100f9cc08 <+196>: cmpq %rax, %rbx
0x100f9cc0b <+199>: jl 0x100f9cbbd ; <+121>
0x100f9cc0d <+201>: jmp 0x100f9ccc2 ; <+382>
0x100f9cc12 <+206>: movq 0x8(%r12), %rbx
0x100f9cc17 <+211>: testq %rbx, %rbx
0x100f9cc1a <+214>: jle 0x100f9ccc2 ; <+382>
0x100f9cc20 <+220>: addq $0x10, %r12
0x100f9cc24 <+224>: incq %rbx
0x100f9cc27 <+227>: movq (%r12), %r15
0x100f9cc2b <+231>: testq %r15, %r15
0x100f9cc2e <+234>: je 0x100f9cc63 ; <+287>
0x100f9cc30 <+236>: movq 0x10(%r14), %rax
0x100f9cc34 <+240>: cmpq $0x3fb, %rax
0x100f9cc3a <+246>: jne 0x100f9cc53 ; <+271>
0x100f9cc3c <+248>: movq %r14, %rdi
0x100f9cc3f <+251>: callq 0x100fd22d9 ; pypy_g_AddressStack_enlarge
0x100f9cc44 <+256>: cmpq $0x0, 0x1905444(%rip) ; pypy_g_array_92 + 65535
0x100f9cc4c <+264>: movl $0x0, %eax
0x100f9cc51 <+269>: jne 0x100f9cc90 ; <+332>
0x100f9cc53 <+271>: movq 0x8(%r14), %rcx
0x100f9cc57 <+275>: movq %r15, 0x8(%rcx,%rax,8)
0x100f9cc5c <+280>: incq %rax
0x100f9cc5f <+283>: movq %rax, 0x10(%r14)
0x100f9cc63 <+287>: addq $0x8, %r12
0x100f9cc67 <+291>: decq %rbx
0x100f9cc6a <+294>: cmpq $0x1, %rbx
0x100f9cc6e <+298>: jg 0x100f9cc27 ; <+227>
0x100f9cc70 <+300>: jmp 0x100f9ccc2 ; <+382>
0x100f9cc72 <+302>: movslq 0x19140e7(%rip), %rax ; pypydtcount
0x100f9cc79 <+309>: leal 0x1(%rax), %ecx
0x100f9cc7c <+312>: shlq $0x4, %rax
0x100f9cc80 <+316>: leaq 0x1915229(%rip), %rdx ; pypy_debug_tracebacks
0x100f9cc87 <+323>: leaq 0x189470a(%rip), %rsi ; pypy_g_trace___append_if_nonnull.loc
0x100f9cc8e <+330>: jmp 0x100f9ccac ; <+360>
0x100f9cc90 <+332>: movslq 0x19140c9(%rip), %rax ; pypydtcount
0x100f9cc97 <+339>: leal 0x1(%rax), %ecx
0x100f9cc9a <+342>: shlq $0x4, %rax
0x100f9cc9e <+346>: leaq 0x191520b(%rip), %rdx ; pypy_debug_tracebacks
0x100f9cca5 <+353>: leaq 0x189471c(%rip), %rsi ; pypy_g_trace___append_if_nonnull.loc129
0x100f9ccac <+360>: movq %rsi, (%rax,%rdx)
0x100f9ccb0 <+364>: movq $0x0, 0x8(%rax,%rdx)
0x100f9ccb9 <+373>: andl $0x7f, %ecx
0x100f9ccbc <+376>: movl %ecx, 0x191409e(%rip) ; pypydtcount
0x100f9ccc2 <+382>: popq %rbx
0x100f9ccc3 <+383>: popq %r12
0x100f9ccc5 <+385>: popq %r13
0x100f9ccc7 <+387>: popq %r14
0x100f9ccc9 <+389>: popq %r15
0x100f9cccb <+391>: retq
(lldb) register read
General Purpose Registers:
rax = 0xffffffefffffffd6
rbx = 0x00000000ffffffd6
rcx = 0x0000000106817e00
rdx = 0x000000010411efc0
rdi = 0x00000001016f2458 pypy_g_rpython_memory_gc_incminimark_IncrementalMiniMar
rsi = 0x00000001059455f8
rbp = 0x00000001059455f8
rsp = 0x00007fff5fbfec60
r8 = 0x0000000000000001
r9 = 0x00000000c0000000
r10 = 0x00000000051706c5
r11 = 0x0000000104100000
r12 = 0x00000001059455f8
r13 = 0x0000000105d57a18
r14 = 0x000000010411efc0
r15 = 0x00000001014d8860 pypy_g_typeinfo
rip = 0x0000000100f9cb5e libpypy-c.dylib`pypy_g_trace___append_if_nonnull + 26
rflags = 0x0000000000010282
cs = 0x000000000000002b
fs = 0x0000000000000000
gs = 0x0000000000000000
(lldb) thread backtrace
* thread #1: tid = 0xb0ee9, 0x0000000100f9cb5e libpypy-c.dylib`pypy_g_trace___append_if_nonnull + 26, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x2014d8836)
* frame #0: 0x0000000100f9cb5e libpypy-c.dylib`pypy_g_trace___append_if_nonnull + 26
frame #1: 0x0000000100fa5af2 libpypy-c.dylib`pypy_g_IncrementalMiniMarkGC__recursively_bump_finaliza + 179
frame #2: 0x0000000100fa46ba libpypy-c.dylib`pypy_g_IncrementalMiniMarkGC_deal_with_objects_with_fin + 1335
frame #3: 0x0000000100fa2d58 libpypy-c.dylib`pypy_g_IncrementalMiniMarkGC_major_collection_step + 990
frame #4: 0x0000000100fa3aef libpypy-c.dylib`pypy_g_IncrementalMiniMarkGC_gc_step_until + 47
frame #5: 0x0000000100752b4a libpypy-c.dylib`pypy_g_collect + 42
frame #6: 0x000000010039c611 libpypy-c.dylib`pypy_g_BuiltinCode_funcrun_obj + 214
frame #7: 0x00000001009a96a8 libpypy-c.dylib`pypy_g_CALL_METHOD__AccessDirect_star_1 + 251
frame #8: 0x00000001003c53ad libpypy-c.dylib`pypy_g_dispatch_bytecode__AccessDirect_None + 9120
frame #9: 0x00000001003c2bee libpypy-c.dylib`pypy_g_handle_bytecode__AccessDirect_None + 43
frame #10: 0x0000000100940549 libpypy-c.dylib`pypy_g_portal_35 + 68
frame #11: 0x0000000100eae93b libpypy-c.dylib`pypy_g_ll_portal_runner__Unsigned_Bool_pypy_interpreter + 537
frame #12: 0x00000001003b72ab libpypy-c.dylib`rpyvmprof_f_pypy_rrr + 1515
frame #13: 0x00000001011f0905 libpypy-c.dylib`rpyvmprof_t_pypy_rrr + 6
frame #14: 0x00000001010f0a31 libpypy-c.dylib`pypy_g_execute_frame_rvmprof__star_3 + 213
frame #15: 0x00000001003cc8d9 libpypy-c.dylib`pypy_g_EXEC_STMT__AccessDirect_None + 988
frame #16: 0x00000001003c46a6 libpypy-c.dylib`pypy_g_dispatch_bytecode__AccessDirect_None + 5785
frame #17: 0x00000001003c2bee libpypy-c.dylib`pypy_g_handle_bytecode__AccessDirect_None + 43
frame #18: 0x0000000100940549 libpypy-c.dylib`pypy_g_portal_35 + 68
frame #19: 0x0000000100eae93b libpypy-c.dylib`pypy_g_ll_portal_runner__Unsigned_Bool_pypy_interpreter + 537
frame #20: 0x00000001003b72ab libpypy-c.dylib`rpyvmprof_f_pypy_rrr + 1515
frame #21: 0x00000001011f0905 libpypy-c.dylib`rpyvmprof_t_pypy_rrr + 6
frame #22: 0x00000001010f0a31 libpypy-c.dylib`pypy_g_execute_frame_rvmprof__star_3 + 213
frame #23: 0x00000001003cb993 libpypy-c.dylib`pypy_g_call_function__AccessDirect_None + 1737
frame #24: 0x00000001003c51f8 libpypy-c.dylib`pypy_g_dispatch_bytecode__AccessDirect_None + 8683
frame #25: 0x00000001003c2bee libpypy-c.dylib`pypy_g_handle_bytecode__AccessDirect_None + 43
frame #26: 0x0000000100940549 libpypy-c.dylib`pypy_g_portal_35 + 68
frame #27: 0x0000000100eae93b libpypy-c.dylib`pypy_g_ll_portal_runner__Unsigned_Bool_pypy_interpreter + 537
frame #28: 0x00000001003b72ab libpypy-c.dylib`rpyvmprof_f_pypy_rrr + 1515
frame #29: 0x00000001011f0905 libpypy-c.dylib`rpyvmprof_t_pypy_rrr + 6
frame #30: 0x00000001010f0a31 libpypy-c.dylib`pypy_g_execute_frame_rvmprof__star_3 + 213
frame #31: 0x00000001003cb993 libpypy-c.dylib`pypy_g_call_function__AccessDirect_None + 1737
frame #32: 0x00000001003c511e libpypy-c.dylib`pypy_g_dispatch_bytecode__AccessDirect_None + 8465
frame #33: 0x00000001003c2bee libpypy-c.dylib`pypy_g_handle_bytecode__AccessDirect_None + 43
frame #34: 0x0000000100940549 libpypy-c.dylib`pypy_g_portal_35 + 68
frame #35: 0x0000000100eae93b libpypy-c.dylib`pypy_g_ll_portal_runner__Unsigned_Bool_pypy_interpreter + 537
frame #36: 0x00000001003b72ab libpypy-c.dylib`rpyvmprof_f_pypy_rrr + 1515
frame #37: 0x00000001011f0905 libpypy-c.dylib`rpyvmprof_t_pypy_rrr + 6
frame #38: 0x00000001010f0a31 libpypy-c.dylib`pypy_g_execute_frame_rvmprof__star_3 + 213
frame #39: 0x00000001003cb993 libpypy-c.dylib`pypy_g_call_function__AccessDirect_None + 1737
frame #40: 0x00000001003c518b libpypy-c.dylib`pypy_g_dispatch_bytecode__AccessDirect_None + 8574
frame #41: 0x00000001003c2bee libpypy-c.dylib`pypy_g_handle_bytecode__AccessDirect_None + 43
frame #42: 0x0000000100940549 libpypy-c.dylib`pypy_g_portal_35 + 68
frame #43: 0x0000000100eae93b libpypy-c.dylib`pypy_g_ll_portal_runner__Unsigned_Bool_pypy_interpreter + 537
frame #44: 0x00000001003b72ab libpypy-c.dylib`rpyvmprof_f_pypy_rrr + 1515
frame #45: 0x00000001011f0905 libpypy-c.dylib`rpyvmprof_t_pypy_rrr + 6
frame #46: 0x00000001010f0a31 libpypy-c.dylib`pypy_g_execute_frame_rvmprof__star_3 + 213
frame #47: 0x0000000100360236 libpypy-c.dylib`pypy_g_call_function__star_2 + 306
frame #48: 0x00000001002a0bea libpypy-c.dylib`pypy_g_entry_point + 4598
frame #49: 0x00000001011f3095 libpypy-c.dylib`pypy_main_function + 105
frame #50: 0x0000000100000f38 python`start + 52
```
More information about the pypy-issue
mailing list