Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

sre_constants._makecodes segfaults in JIT builds #126221

Closed
devdanzin opened this issue Oct 31, 2024 · 4 comments
Closed

sre_constants._makecodes segfaults in JIT builds #126221

devdanzin opened this issue Oct 31, 2024 · 4 comments
Labels
interpreter-core (Objects, Python, Grammar, and Parser dirs) topic-JIT type-crash A hard crash of the interpreter, possibly with a core dump

Comments

@devdanzin
Copy link
Contributor

devdanzin commented Oct 31, 2024

Crash report

What happened?

It's possible to crash a JIT build of Python (or abort, if it's a debug build) by passing an invalid parameter to sre_constants._makecodes:

import sre_constants
sre_constants._makecodes("", {}, 10)

Backtrace on non-debug JIT build looks like:

Program received signal SIGSEGV, Segmentation fault.
_PyEval_EvalFrameDefault (tstate=0x555555b3f440 <_PyRuntime+313216>, frame=0x7ffff7fb0098, throwflag=<optimized out>) at Python/generated_cases.c.h:6753
6753                PyStackRef_CLOSE(value);
(gdb) bt
#0  _PyEval_EvalFrameDefault (tstate=0x555555b3f440 <_PyRuntime+313216>, frame=0x7ffff7fb0098,
    throwflag=<optimized out>) at Python/generated_cases.c.h:6753
#1  0x00005555557a9bac in _PyEval_EvalFrame (throwflag=0, frame=0x7ffff7fb0020,
    tstate=0x555555b3f440 <_PyRuntime+313216>) at ./Include/internal/pycore_ceval.h:116
#2  _PyEval_Vector (args=0x0, argcount=0, kwnames=0x0, locals=0x7ffff7a18c00, func=0x7ffff7a035e0,
    tstate=0x555555b3f440 <_PyRuntime+313216>) at Python/ceval.c:1886
#3  PyEval_EvalCode (co=co@entry=0x7ffff7a3a010, globals=globals@entry=0x7ffff7a18c00,
    locals=locals@entry=0x7ffff7a18c00) at Python/ceval.c:662
#4  0x000055555583aca8 in run_eval_code_obj (locals=0x7ffff7a18c00, globals=0x7ffff7a18c00,
    co=0x7ffff7a3a010, tstate=0x555555b3f440 <_PyRuntime+313216>) at Python/pythonrun.c:1338
#5  run_eval_code_obj (tstate=0x555555b3f440 <_PyRuntime+313216>, co=0x7ffff7a3a010,
    globals=0x7ffff7a18c00, locals=0x7ffff7a18c00) at Python/pythonrun.c:1305
#6  0x000055555583af28 in run_mod (mod=mod@entry=0x555555c61fb0, filename=filename@entry=0x7ffff7a72130,
    globals=globals@entry=0x7ffff7a18c00, locals=locals@entry=0x7ffff7a18c00,
    flags=flags@entry=0x7fffffffdf28, arena=arena@entry=0x7ffff7b5e250, interactive_src=0x7ffff7b8dbc0,
    generate_new_source=0) at Python/pythonrun.c:1423
#7  0x000055555583d5a4 in _PyRun_StringFlagsWithName (generate_new_source=0, flags=0x7fffffffdf28,
    locals=0x7ffff7a18c00, globals=0x7ffff7a18c00, start=257, name=0x7ffff7a72130,
    str=0x7ffff7a49c10 "import sre_constants; sre_constants._makecodes('', {}, 10)\n")
    at Python/pythonrun.c:1222
#8  _PyRun_SimpleStringFlagsWithName (
    command=0x7ffff7a49c10 "import sre_constants; sre_constants._makecodes('', {}, 10)\n",
    name=name@entry=0x5555558e3520 "<string>", flags=flags@entry=0x7fffffffdf28) at Python/pythonrun.c:548

Backtrace on debug JIT build looks like:

python: Python/ceval.c:966: _PyEval_EvalFrameDefault: Assertion `STACK_LEVEL() >= level' failed.

Program received signal SIGABRT, Aborted.
__pthread_kill_implementation (no_tid=0, signo=6, threadid=140737350580032) at ./nptl/pthread_kill.c:44
44      ./nptl/pthread_kill.c: No such file or directory.
(gdb) bt
#0  __pthread_kill_implementation (no_tid=0, signo=6, threadid=140737350580032) at ./nptl/pthread_kill.c:44
#1  __pthread_kill_internal (signo=6, threadid=140737350580032) at ./nptl/pthread_kill.c:78
#2  __GI___pthread_kill (threadid=140737350580032, signo=signo@entry=6) at ./nptl/pthread_kill.c:89
#3  0x00007ffff7ce0476 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
#4  0x00007ffff7cc67f3 in __GI_abort () at ./stdlib/abort.c:79
#5  0x00007ffff7cc671b in __assert_fail_base (
    fmt=0x7ffff7e7b130 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n",
    assertion=0x555555a7203f "STACK_LEVEL() >= level", file=0x555555a71710 "Python/ceval.c", line=966,
    function=<optimized out>) at ./assert/assert.c:92
#6  0x00007ffff7cd7e96 in __GI___assert_fail (
    assertion=assertion@entry=0x555555a7203f "STACK_LEVEL() >= level",
    file=file@entry=0x555555a71710 "Python/ceval.c", line=line@entry=966,
    function=function@entry=0x555555a74920 <__PRETTY_FUNCTION__.74> "_PyEval_EvalFrameDefault")
    at ./assert/assert.c:101
#7  0x00005555558529a0 in _PyEval_EvalFrameDefault (
    tstate=tstate@entry=0x555555cbbc70 <_PyRuntime+329232>, frame=0x7ffff7fb0098,
    throwflag=throwflag@entry=0) at Python/ceval.c:966
#8  0x0000555555852fb7 in _PyEval_EvalFrame (throwflag=0, frame=<optimized out>,
    tstate=0x555555cbbc70 <_PyRuntime+329232>) at ./Include/internal/pycore_ceval.h:116
#9  _PyEval_Vector (tstate=tstate@entry=0x555555cbbc70 <_PyRuntime+329232>,
    func=func@entry=0x7ffff7a46450, locals=locals@entry=0x7ffff7a55df0, args=args@entry=0x0,
    argcount=argcount@entry=0, kwnames=kwnames@entry=0x0) at Python/ceval.c:1886
#10 0x0000555555853096 in PyEval_EvalCode (co=co@entry=0x7ffff7a42e60,
    globals=globals@entry=0x7ffff7a55df0, locals=locals@entry=0x7ffff7a55df0) at Python/ceval.c:662
#11 0x00005555559251f4 in run_eval_code_obj (tstate=tstate@entry=0x555555cbbc70 <_PyRuntime+329232>,
    co=co@entry=0x7ffff7a42e60, globals=globals@entry=0x7ffff7a55df0, locals=locals@entry=0x7ffff7a55df0)
    at Python/pythonrun.c:1338

Found using fusil by @vstinner.

CPython versions tested on:

CPython main branch

Operating systems tested on:

Linux

Output from running 'python -VV' on the command line:

Python 3.14.0a1+ (heads/main:d467d9246cb, Oct 30 2024, 23:30:10) [GCC 11.4.0]

@devdanzin devdanzin added the type-crash A hard crash of the interpreter, possibly with a core dump label Oct 31, 2024
@Zheaoli
Copy link
Contributor

Zheaoli commented Oct 31, 2024

@ZeroIntensity plz add interperter or core lib here. This crash is raised the exception unwind process. I'm trying to find the root cause

@ZeroIntensity ZeroIntensity added interpreter-core (Objects, Python, Grammar, and Parser dirs) and removed extension-modules C modules in the Modules dir labels Oct 31, 2024
@ZeroIntensity
Copy link
Member

I'm pretty sure Brandt already found the root cause and is addressing it via #126222

@devdanzin
Copy link
Contributor Author

I'm pretty sure Brandt already found the root cause and is addressing it via #126222

Agreed.

@devdanzin devdanzin closed this as not planned Won't fix, can't repro, duplicate, stale Oct 31, 2024
@Zheaoli
Copy link
Contributor

Zheaoli commented Oct 31, 2024

I'm pretty sure Brandt already found the root cause and is addressing it via #126222

Yep

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
interpreter-core (Objects, Python, Grammar, and Parser dirs) topic-JIT type-crash A hard crash of the interpreter, possibly with a core dump
Projects
None yet
Development

No branches or pull requests

3 participants