[pypy-issue] Issue #2237: PyPy 4.0.1 segmentation fault (code using Eventlet, platform: OS X, presumably GC involved) (pypy/pypy)

Jakub Stasiak issues-reply at bitbucket.org
Fri Feb 12 08:02:34 EST 2016


New issue 2237: PyPy 4.0.1 segmentation fault (code using Eventlet, platform: OS X, presumably GC involved)
https://bitbucket.org/pypy/pypy/issues/2237/pypy-401-segmentation-fault-code-using

Jakub Stasiak:

Code that triggers the segfault (extracted from Eventlet test suite and modified to improve the chance of failure):

```python
import gc

import eventlet
from eventlet import event
for i in range(5):
    evt = event.Event()

    def waiter(sock, addr):
        evt.wait()
    l = eventlet.listen(('localhost', 0))
    allowed_count = 10
    eventlet.spawn(eventlet.serve, l, waiter, allowed_count)

    def test_client():
        eventlet.connect(('localhost', l.getsockname()[1]))
    for i in range(allowed_count):
        test_client()
    eventlet.with_timeout(
        0.01,
        test_client,
        timeout_value="timed out")

    gc.collect()
```

Extra dependencies:

```
eventlet==0.18.2
```

Result:

```
* thread #1: tid = 0xb0ee9, 0x0000000100f9cb5e libpypy-c.dylib`pypy_g_trace___append_if_nonnull + 26, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x2014d8836)
    frame #0: 0x0000000100f9cb5e libpypy-c.dylib`pypy_g_trace___append_if_nonnull + 26
libpypy-c.dylib`pypy_g_trace___append_if_nonnull:
->  0x100f9cb5e <+26>: movq   (%rbx,%r15), %rax
    0x100f9cb62 <+30>: testl  $0x260000, %eax
    0x100f9cb67 <+35>: je     0x100f9cbaa               ; <+102>
    0x100f9cb69 <+37>: testl  $0x40000, %eax
(lldb) disassemble
libpypy-c.dylib`pypy_g_trace___append_if_nonnull:
    0x100f9cb44 <+0>:   pushq  %r15
    0x100f9cb46 <+2>:   pushq  %r14
    0x100f9cb48 <+4>:   pushq  %r13
    0x100f9cb4a <+6>:   pushq  %r12
    0x100f9cb4c <+8>:   pushq  %rbx
    0x100f9cb4d <+9>:   movq   %rdx, %r14
    0x100f9cb50 <+12>:  movq   %rsi, %r12
    0x100f9cb53 <+15>:  movl   (%r12), %ebx
    0x100f9cb57 <+19>:  leaq   0x53bd02(%rip), %r15      ; pypy_g_typeinfo
->  0x100f9cb5e <+26>:  movq   (%rbx,%r15), %rax
    0x100f9cb62 <+30>:  testl  $0x260000, %eax
    0x100f9cb67 <+35>:  je     0x100f9cbaa               ; <+102>
    0x100f9cb69 <+37>:  testl  $0x40000, %eax
    0x100f9cb6e <+42>:  jne    0x100f9cc12               ; <+206>
    0x100f9cb74 <+48>:  movq   %r12, %rsi
    0x100f9cb77 <+51>:  movq   %r14, %rdx
    0x100f9cb7a <+54>:  callq  0x100f9cccc               ; pypy_g__trace_slow_path___append_if_nonnull
    0x100f9cb7f <+59>:  cmpq   $0x0, 0x1905509(%rip)     ; pypy_g_array_92 + 65535
    0x100f9cb87 <+67>:  je     0x100f9cbaa               ; <+102>
    0x100f9cb89 <+69>:  movslq 0x19141d0(%rip), %rax     ; pypydtcount
    0x100f9cb90 <+76>:  leal   0x1(%rax), %ecx
    0x100f9cb93 <+79>:  shlq   $0x4, %rax
    0x100f9cb97 <+83>:  leaq   0x1915312(%rip), %rdx     ; pypy_debug_tracebacks
    0x100f9cb9e <+90>:  leaq   0x189480b(%rip), %rsi     ; pypy_g_trace___append_if_nonnull.loc128
    0x100f9cba5 <+97>:  jmp    0x100f9ccac               ; <+360>
    0x100f9cbaa <+102>: movq   0x18(%rbx,%r15), %r15
    0x100f9cbaf <+107>: movq   (%r15), %rax
    0x100f9cbb2 <+110>: testq  %rax, %rax
    0x100f9cbb5 <+113>: jle    0x100f9ccc2               ; <+382>
    0x100f9cbbb <+119>: xorl   %ebx, %ebx
    0x100f9cbbd <+121>: movq   0x8(%r15,%rbx,8), %rcx
    0x100f9cbc2 <+126>: movq   (%r12,%rcx), %r13
    0x100f9cbc6 <+130>: testq  %r13, %r13
    0x100f9cbc9 <+133>: je     0x100f9cc05               ; <+193>
    0x100f9cbcb <+135>: movq   0x10(%r14), %rax
    0x100f9cbcf <+139>: cmpq   $0x3fb, %rax
    0x100f9cbd5 <+145>: jne    0x100f9cbf2               ; <+174>
    0x100f9cbd7 <+147>: movq   %r14, %rdi
    0x100f9cbda <+150>: callq  0x100fd22d9               ; pypy_g_AddressStack_enlarge
    0x100f9cbdf <+155>: cmpq   $0x0, 0x19054a9(%rip)     ; pypy_g_array_92 + 65535
    0x100f9cbe7 <+163>: movl   $0x0, %eax
    0x100f9cbec <+168>: jne    0x100f9cc72               ; <+302>
    0x100f9cbf2 <+174>: movq   0x8(%r14), %rcx
    0x100f9cbf6 <+178>: movq   %r13, 0x8(%rcx,%rax,8)
    0x100f9cbfb <+183>: incq   %rax
    0x100f9cbfe <+186>: movq   %rax, 0x10(%r14)
    0x100f9cc02 <+190>: movq   (%r15), %rax
    0x100f9cc05 <+193>: incq   %rbx
    0x100f9cc08 <+196>: cmpq   %rax, %rbx
    0x100f9cc0b <+199>: jl     0x100f9cbbd               ; <+121>
    0x100f9cc0d <+201>: jmp    0x100f9ccc2               ; <+382>
    0x100f9cc12 <+206>: movq   0x8(%r12), %rbx
    0x100f9cc17 <+211>: testq  %rbx, %rbx
    0x100f9cc1a <+214>: jle    0x100f9ccc2               ; <+382>
    0x100f9cc20 <+220>: addq   $0x10, %r12
    0x100f9cc24 <+224>: incq   %rbx
    0x100f9cc27 <+227>: movq   (%r12), %r15
    0x100f9cc2b <+231>: testq  %r15, %r15
    0x100f9cc2e <+234>: je     0x100f9cc63               ; <+287>
    0x100f9cc30 <+236>: movq   0x10(%r14), %rax
    0x100f9cc34 <+240>: cmpq   $0x3fb, %rax
    0x100f9cc3a <+246>: jne    0x100f9cc53               ; <+271>
    0x100f9cc3c <+248>: movq   %r14, %rdi
    0x100f9cc3f <+251>: callq  0x100fd22d9               ; pypy_g_AddressStack_enlarge
    0x100f9cc44 <+256>: cmpq   $0x0, 0x1905444(%rip)     ; pypy_g_array_92 + 65535
    0x100f9cc4c <+264>: movl   $0x0, %eax
    0x100f9cc51 <+269>: jne    0x100f9cc90               ; <+332>
    0x100f9cc53 <+271>: movq   0x8(%r14), %rcx
    0x100f9cc57 <+275>: movq   %r15, 0x8(%rcx,%rax,8)
    0x100f9cc5c <+280>: incq   %rax
    0x100f9cc5f <+283>: movq   %rax, 0x10(%r14)
    0x100f9cc63 <+287>: addq   $0x8, %r12
    0x100f9cc67 <+291>: decq   %rbx
    0x100f9cc6a <+294>: cmpq   $0x1, %rbx
    0x100f9cc6e <+298>: jg     0x100f9cc27               ; <+227>
    0x100f9cc70 <+300>: jmp    0x100f9ccc2               ; <+382>
    0x100f9cc72 <+302>: movslq 0x19140e7(%rip), %rax     ; pypydtcount
    0x100f9cc79 <+309>: leal   0x1(%rax), %ecx
    0x100f9cc7c <+312>: shlq   $0x4, %rax
    0x100f9cc80 <+316>: leaq   0x1915229(%rip), %rdx     ; pypy_debug_tracebacks
    0x100f9cc87 <+323>: leaq   0x189470a(%rip), %rsi     ; pypy_g_trace___append_if_nonnull.loc
    0x100f9cc8e <+330>: jmp    0x100f9ccac               ; <+360>
    0x100f9cc90 <+332>: movslq 0x19140c9(%rip), %rax     ; pypydtcount
    0x100f9cc97 <+339>: leal   0x1(%rax), %ecx
    0x100f9cc9a <+342>: shlq   $0x4, %rax
    0x100f9cc9e <+346>: leaq   0x191520b(%rip), %rdx     ; pypy_debug_tracebacks
    0x100f9cca5 <+353>: leaq   0x189471c(%rip), %rsi     ; pypy_g_trace___append_if_nonnull.loc129
    0x100f9ccac <+360>: movq   %rsi, (%rax,%rdx)
    0x100f9ccb0 <+364>: movq   $0x0, 0x8(%rax,%rdx)
    0x100f9ccb9 <+373>: andl   $0x7f, %ecx
    0x100f9ccbc <+376>: movl   %ecx, 0x191409e(%rip)     ; pypydtcount
    0x100f9ccc2 <+382>: popq   %rbx
    0x100f9ccc3 <+383>: popq   %r12
    0x100f9ccc5 <+385>: popq   %r13
    0x100f9ccc7 <+387>: popq   %r14
    0x100f9ccc9 <+389>: popq   %r15
    0x100f9cccb <+391>: retq   
(lldb) register read
General Purpose Registers:
       rax = 0xffffffefffffffd6
       rbx = 0x00000000ffffffd6
       rcx = 0x0000000106817e00
       rdx = 0x000000010411efc0
       rdi = 0x00000001016f2458  pypy_g_rpython_memory_gc_incminimark_IncrementalMiniMar
       rsi = 0x00000001059455f8
       rbp = 0x00000001059455f8
       rsp = 0x00007fff5fbfec60
        r8 = 0x0000000000000001
        r9 = 0x00000000c0000000
       r10 = 0x00000000051706c5
       r11 = 0x0000000104100000
       r12 = 0x00000001059455f8
       r13 = 0x0000000105d57a18
       r14 = 0x000000010411efc0
       r15 = 0x00000001014d8860  pypy_g_typeinfo
       rip = 0x0000000100f9cb5e  libpypy-c.dylib`pypy_g_trace___append_if_nonnull + 26
    rflags = 0x0000000000010282
        cs = 0x000000000000002b
        fs = 0x0000000000000000
        gs = 0x0000000000000000

(lldb) thread backtrace
* thread #1: tid = 0xb0ee9, 0x0000000100f9cb5e libpypy-c.dylib`pypy_g_trace___append_if_nonnull + 26, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x2014d8836)
  * frame #0: 0x0000000100f9cb5e libpypy-c.dylib`pypy_g_trace___append_if_nonnull + 26
    frame #1: 0x0000000100fa5af2 libpypy-c.dylib`pypy_g_IncrementalMiniMarkGC__recursively_bump_finaliza + 179
    frame #2: 0x0000000100fa46ba libpypy-c.dylib`pypy_g_IncrementalMiniMarkGC_deal_with_objects_with_fin + 1335
    frame #3: 0x0000000100fa2d58 libpypy-c.dylib`pypy_g_IncrementalMiniMarkGC_major_collection_step + 990
    frame #4: 0x0000000100fa3aef libpypy-c.dylib`pypy_g_IncrementalMiniMarkGC_gc_step_until + 47
    frame #5: 0x0000000100752b4a libpypy-c.dylib`pypy_g_collect + 42
    frame #6: 0x000000010039c611 libpypy-c.dylib`pypy_g_BuiltinCode_funcrun_obj + 214
    frame #7: 0x00000001009a96a8 libpypy-c.dylib`pypy_g_CALL_METHOD__AccessDirect_star_1 + 251
    frame #8: 0x00000001003c53ad libpypy-c.dylib`pypy_g_dispatch_bytecode__AccessDirect_None + 9120
    frame #9: 0x00000001003c2bee libpypy-c.dylib`pypy_g_handle_bytecode__AccessDirect_None + 43
    frame #10: 0x0000000100940549 libpypy-c.dylib`pypy_g_portal_35 + 68
    frame #11: 0x0000000100eae93b libpypy-c.dylib`pypy_g_ll_portal_runner__Unsigned_Bool_pypy_interpreter + 537
    frame #12: 0x00000001003b72ab libpypy-c.dylib`rpyvmprof_f_pypy_rrr + 1515
    frame #13: 0x00000001011f0905 libpypy-c.dylib`rpyvmprof_t_pypy_rrr + 6
    frame #14: 0x00000001010f0a31 libpypy-c.dylib`pypy_g_execute_frame_rvmprof__star_3 + 213
    frame #15: 0x00000001003cc8d9 libpypy-c.dylib`pypy_g_EXEC_STMT__AccessDirect_None + 988
    frame #16: 0x00000001003c46a6 libpypy-c.dylib`pypy_g_dispatch_bytecode__AccessDirect_None + 5785
    frame #17: 0x00000001003c2bee libpypy-c.dylib`pypy_g_handle_bytecode__AccessDirect_None + 43
    frame #18: 0x0000000100940549 libpypy-c.dylib`pypy_g_portal_35 + 68
    frame #19: 0x0000000100eae93b libpypy-c.dylib`pypy_g_ll_portal_runner__Unsigned_Bool_pypy_interpreter + 537
    frame #20: 0x00000001003b72ab libpypy-c.dylib`rpyvmprof_f_pypy_rrr + 1515
    frame #21: 0x00000001011f0905 libpypy-c.dylib`rpyvmprof_t_pypy_rrr + 6
    frame #22: 0x00000001010f0a31 libpypy-c.dylib`pypy_g_execute_frame_rvmprof__star_3 + 213
    frame #23: 0x00000001003cb993 libpypy-c.dylib`pypy_g_call_function__AccessDirect_None + 1737
    frame #24: 0x00000001003c51f8 libpypy-c.dylib`pypy_g_dispatch_bytecode__AccessDirect_None + 8683
    frame #25: 0x00000001003c2bee libpypy-c.dylib`pypy_g_handle_bytecode__AccessDirect_None + 43
    frame #26: 0x0000000100940549 libpypy-c.dylib`pypy_g_portal_35 + 68
    frame #27: 0x0000000100eae93b libpypy-c.dylib`pypy_g_ll_portal_runner__Unsigned_Bool_pypy_interpreter + 537
    frame #28: 0x00000001003b72ab libpypy-c.dylib`rpyvmprof_f_pypy_rrr + 1515
    frame #29: 0x00000001011f0905 libpypy-c.dylib`rpyvmprof_t_pypy_rrr + 6
    frame #30: 0x00000001010f0a31 libpypy-c.dylib`pypy_g_execute_frame_rvmprof__star_3 + 213
    frame #31: 0x00000001003cb993 libpypy-c.dylib`pypy_g_call_function__AccessDirect_None + 1737
    frame #32: 0x00000001003c511e libpypy-c.dylib`pypy_g_dispatch_bytecode__AccessDirect_None + 8465
    frame #33: 0x00000001003c2bee libpypy-c.dylib`pypy_g_handle_bytecode__AccessDirect_None + 43
    frame #34: 0x0000000100940549 libpypy-c.dylib`pypy_g_portal_35 + 68
    frame #35: 0x0000000100eae93b libpypy-c.dylib`pypy_g_ll_portal_runner__Unsigned_Bool_pypy_interpreter + 537
    frame #36: 0x00000001003b72ab libpypy-c.dylib`rpyvmprof_f_pypy_rrr + 1515
    frame #37: 0x00000001011f0905 libpypy-c.dylib`rpyvmprof_t_pypy_rrr + 6
    frame #38: 0x00000001010f0a31 libpypy-c.dylib`pypy_g_execute_frame_rvmprof__star_3 + 213
    frame #39: 0x00000001003cb993 libpypy-c.dylib`pypy_g_call_function__AccessDirect_None + 1737
    frame #40: 0x00000001003c518b libpypy-c.dylib`pypy_g_dispatch_bytecode__AccessDirect_None + 8574
    frame #41: 0x00000001003c2bee libpypy-c.dylib`pypy_g_handle_bytecode__AccessDirect_None + 43
    frame #42: 0x0000000100940549 libpypy-c.dylib`pypy_g_portal_35 + 68
    frame #43: 0x0000000100eae93b libpypy-c.dylib`pypy_g_ll_portal_runner__Unsigned_Bool_pypy_interpreter + 537
    frame #44: 0x00000001003b72ab libpypy-c.dylib`rpyvmprof_f_pypy_rrr + 1515
    frame #45: 0x00000001011f0905 libpypy-c.dylib`rpyvmprof_t_pypy_rrr + 6
    frame #46: 0x00000001010f0a31 libpypy-c.dylib`pypy_g_execute_frame_rvmprof__star_3 + 213
    frame #47: 0x0000000100360236 libpypy-c.dylib`pypy_g_call_function__star_2 + 306
    frame #48: 0x00000001002a0bea libpypy-c.dylib`pypy_g_entry_point + 4598
    frame #49: 0x00000001011f3095 libpypy-c.dylib`pypy_main_function + 105
    frame #50: 0x0000000100000f38 python`start + 52
```




More information about the pypy-issue mailing list