Closed
Description
Crash report
What happened?
This is a follow-up on another bug report to the diffoscope program, after we have concluded that its is not the program but the interpreter that crashes: https://salsa.debian.org/reproducible-builds/diffoscope/-/issues/371
The other bug report also has some background information and stacktraces that occur with the original diffoscope issue.
The following snippet (with a.pyc) seems to crash the python interpreter for me (on exit):
from diffoscope.comparators.python import parse_pyc
len(list(parse_pyc(open("a.pyc", "rb"))))Here is the terminal output in full:
Python 3.12.3 (main, Apr 23 2024, 09:16:07) [GCC 13.2.1 20240417] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> from diffoscope.comparators.python import parse_pyc
>>> len(list(parse_pyc(open("a.pyc", "rb"))))
2510
>>>
corrupted size vs. prev_size
[1] 15886 IOT instruction (core dumped) python
This gets me the following traceback:
(gdb) bt full
#0 __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44
tid = <optimized out>
ret = 0
pd = <optimized out>
old_mask = {__val = {140737488344448}}
ret = <optimized out>
#1 0x00007ffff76a8eb3 in __pthread_kill_internal (threadid=<optimized out>, signo=6) at pthread_kill.c:78
No locals.
#2 0x00007ffff7650a30 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
ret = <optimized out>
#3 0x00007ffff76384c3 in __GI_abort () at abort.c:79
save_stage = 1
act = {__sigaction_handler = {sa_handler = 0x20, sa_sigaction = 0x20}, sa_mask = {__val = {563003392984950430, 140737338523248, 140737347523616,
140737338523408, 0, 140737335247376, 140737334969392, 8, 93824994291376, 140737338523248, 140737347523616, 15, 5, 140737333430000,
140737334971376, 16}}, sa_flags = -1259926528, sa_restorer = 0xf}
#4 0x00007ffff7639354 in __libc_message_impl (fmt=fmt@entry=0x7ffff77c22ea "%s\n") at ../sysdeps/posix/libc_fatal.c:132
ap = {{gp_offset = 16, fp_offset = 32767, overflow_arg_area = 0x7fffffffd7b0, reg_save_area = 0x7fffffffd740}}
fd = 2
iov = {{iov_base = 0x7ffff77bffe1, iov_len = 28}, {iov_base = 0x7ffff77c22ec, iov_len = 1}, {iov_base = 0x7ffff711be70, iov_len = 140737347523616}, {
iov_base = 0x5555556bceb0, iov_len = 40}, {iov_base = 0x555555817c50, iov_len = 140737333753808}, {iov_base = 0x80, iov_len = 93824995122304}, {
iov_base = 0x7f, iov_len = 140737347269691}}
iovcnt = <optimized out>
total = <optimized out>
cp = <optimized out>
#5 0x00007ffff76b3085 in malloc_printerr (str=str@entry=0x7ffff77bffe1 "corrupted size vs. prev_size") at malloc.c:5772
No locals.
#6 0x00007ffff76b3c16 in unlink_chunk (p=p@entry=0x5555557f5fa0, av=0x7ffff77f6ac0 <main_arena>) at malloc.c:1611
fd = <optimized out>
bk = <optimized out>
#7 0x00007ffff76b3e6c in _int_free_create_chunk (av=av@entry=0x7ffff77f6ac0 <main_arena>, p=p@entry=0x5555557f5d10, size=size@entry=656,
nextchunk=nextchunk@entry=0x5555557f5fa0, nextsize=nextsize@entry=656) at malloc.c:4721
nextinuse = <optimized out>
bck = <optimized out>
fwd = <optimized out>
#8 0x00007ffff76b51ca in _int_free_merge_chunk (av=0x7ffff77f6ac0 <main_arena>, p=0x5555557f5d10, size=656) at malloc.c:4700
nextchunk = 0x5555557f5fa0
nextsize = 656
#9 0x00007ffff76b53ea in _int_free (av=<optimized out>, p=p@entry=0x5555557f5d10, have_lock=<optimized out>, have_lock@entry=0) at malloc.c:4646
size = <optimized out>
fb = <optimized out>
#10 0x00007ffff76b7dae in __GI___libc_free (mem=mem@entry=0x5555557f5d20) at malloc.c:3398
ar_ptr = <optimized out>
p = 0x5555557f5d10
err = 0
#11 0x00007ffff79adb0c in _PyMem_RawFree (_unused_ctx=<optimized out>, ptr=0x5555557f5d20) at Objects/obmalloc.c:73
No locals.
#12 PyMem_RawFree (ptr=0x5555557f5d20) at Objects/obmalloc.c:685
No locals.
#13 _PyObject_Free (p=0x5555557f5d20, ctx=<optimized out>) at Objects/obmalloc.c:1853
state = 0x7ffff7dc6140 <_PyRuntime+80352>
state = <optimized out>
#14 PyObject_Free (ptr=0x5555557f5d20) at Objects/obmalloc.c:830
No locals.
#15 code_dealloc (co=0x5555557f5d20) at Objects/codeobject.c:1745
No locals.
#16 0x00007ffff799db11 in Py_DECREF (op=<optimized out>) at ./Include/object.h:705
No locals.
#17 func_dealloc (op=0x7ffff6b15260) at Objects/funcobject.c:856
No locals.
#18 0x00007ffff79827a0 in _Py_Dealloc (op=<optimized out>) at Objects/object.c:2625
type = <optimized out>
dealloc = <optimized out>
#19 Py_DECREF (op=<optimized out>) at ./Include/object.h:705
No locals.
#20 Py_XDECREF (op=<optimized out>) at ./Include/object.h:798
No locals.
#21 free_keys_object (interp=0x7ffff7dc51c8 <_PyRuntime+76392>, keys=0x55555581bbb0) at Objects/dictobject.c:673
entries = <optimized out>
i = 76
n = <optimized out>
state = <optimized out>
#22 0x00007ffff7a6e0ab in type_clear (type=0x55555581a8c0) at Objects/typeobject.c:5295
dict = <optimized out>
#23 0x00007ffff798fc7a in delete_garbage (old=0x7ffff7dc5280 <_PyRuntime+76576>, collectable=0x7fffffffd9c0, gcstate=0x7ffff7dc5238 <_PyRuntime+76504>,
tstate=0x7ffff7e22ae8 <_PyRuntime+459656>) at Modules/gcmodule.c:1029
clear = <optimized out>
gc = <optimized out>
op = 0x55555581a8c0
#24 gc_collect_main (tstate=tstate@entry=0x7ffff7e22ae8 <_PyRuntime+459656>, generation=generation@entry=2, n_collected=n_collected@entry=0x0,
n_uncollectable=n_uncollectable@entry=0x0, nofail=nofail@entry=1) at Modules/gcmodule.c:1303
i = <optimized out>
m = 3913
n = 0
young = 0x7ffff7dc5280 <_PyRuntime+76576>
old = <optimized out>
unreachable = {_gc_next = 140737488345520, _gc_prev = 140737488345520}
finalizers = {_gc_next = 140737488345504, _gc_prev = 140737488345504}
gc = <optimized out>
t1 = 0
gcstate = 0x7ffff7dc5238 <_PyRuntime+76504>
final_unreachable = {_gc_next = 93824995141808, _gc_prev = 140737332415728}
stats = <optimized out>
#25 0x00007ffff7a759fc in _PyGC_CollectNoFail (tstate=tstate@entry=0x7ffff7e22ae8 <_PyRuntime+459656>) at Modules/gcmodule.c:2135
gcstate = 0x7ffff7dc5238 <_PyRuntime+76504>
n = <optimized out>
#26 0x00007ffff7a74ab4 in finalize_modules (tstate=tstate@entry=0x7ffff7e22ae8 <_PyRuntime+459656>) at Python/pylifecycle.c:1588
interp = <optimized out>
modules = 0x7ffff7190200
verbose = <optimized out>
weaklist = 0x7ffff7191200
#27 0x00007ffff7a5e406 in Py_FinalizeEx () at Python/pylifecycle.c:1889
status = <optimized out>
runtime = 0x7ffff7db2760 <_PyRuntime>
tstate = <optimized out>
malloc_stats = <optimized out>
#28 0x00007ffff7a6ccf2 in Py_RunMain () at Modules/main.c:711
exitcode = 0
#29 0x00007ffff7a28fab in Py_BytesMain (argc=<optimized out>, argv=<optimized out>) at Modules/main.c:763
args = {argc = 1, use_bytes_argv = 1, bytes_argv = 0x7fffffffde58, wchar_argv = 0x0}
#30 0x00007ffff7639c88 in __libc_start_call_main (main=main@entry=0x555555555120 <main>, argc=argc@entry=1, argv=argv@entry=0x7fffffffde58)
at ../sysdeps/nptl/libc_start_call_main.h:58
self = <optimized out>
result = <optimized out>
unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140737488346712, 6779890582023430464, 1, 0, 140737354125312, 93824992247232, 6779890582008750400,
6779909378961826112}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x1, 0x7fffffffde50}, data = {prev = 0x0, cleanup = 0x0,
canceltype = 1}}}
not_first_call = <optimized out>
#31 0x00007ffff7639d4c in __libc_start_main_impl (main=0x555555555120 <main>, argc=1, argv=0x7fffffffde58, init=<optimized out>, fini=<optimized out>,
rtld_fini=<optimized out>, stack_end=0x7fffffffde48) at ../csu/libc-start.c:360
No locals.
#32 0x0000555555555045 in _start ()
No symbol table info available.
I have also looked at previous issues issues, but it seems like they are either unrelated or a few years old.
The issue occurs and was tested on Arch Linux with the python 3.12.3-1 package.
I'm happy to provide more input or test things if that helps with debugging the issue!
CPython versions tested on:
3.12
Operating systems tested on:
Linux
Output from running 'python -VV' on the command line:
Python 3.12.3 (main, Apr 23 2024, 09:16:07) [GCC 13.2.1 20240417]