search

python / cpython

The Python programming language
https://www.python.org
Other
62.75k stars 30.07k forks source link

python coredump with libffi 3.4.2 #118171

Open iwannastay opened 5 months ago

iwannastay commented 5 months ago

Bug report

Bug description:

I encountered a core dump and the backtrace shows that it relates to ctypes:

#0  0x00007f2b0071bf71 in closure_fcn (cif=0x7f2adcd88de8, resp=0x7ffeeb800a10, args=0x7ffeeb800890, userdata=0x3b) at /usr1/python/python/target/checkout/Python-3.9.11/Modules/_ctypes/callbacks.c:311
#1  0x00007f2b0072ba09 in ffi_closure_unix64_inner () from /path/to/python/lib/python3.9/lib-dynload/_ctypes.cpython-39-x86_64-linux-gnu.so
#2  0x00007f2b0072c1e8 in ffi_closure_unix64 () from /path/to/python/lib/python3.9/lib-dynload/_ctypes.cpython-39-x86_64-linux-gnu.so
#3  0x00007f2add597c13 in LLVMPYObjectCache::notifyObjectCompiled (this=0x3382350, M=0x324a370, MBR=...) at executionengine.cpp:195
#4  0x00007f2adea3e18b in llvm::MCJIT::emitObject(llvm::Module*) [clone .localalias] () from /path/to/python/lib/python3.9/site-packages/llvmlite/binding/libllvmlite.so
#5  0x00007f2adea3ea39 in llvm::MCJIT::generateCodeForModule(llvm::Module*) [clone .localalias] () from /path/to/python/lib/python3.9/site-packages/llvmlite/binding/libllvmlite.so
#6  0x00007f2adea39f30 in llvm::MCJIT::finalizeObject() [clone .localalias] () from /path/to/python/lib/python3.9/site-packages/llvmlite/binding/libllvmlite.so
#7  0x00007f2add5975f5 in LLVMPY_FinalizeObject (EE=0x3335f80) at executionengine.cpp:63
#8  0x00007f2b0072c052 in ffi_call_unix64 () from /path/to/python/lib/python3.9/lib-dynload/_ctypes.cpython-39-x86_64-linux-gnu.so
#9  0x00007f2b0072b428 in ffi_call_int () from /path/to/python/lib/python3.9/lib-dynload/_ctypes.cpython-39-x86_64-linux-gnu.so
#10 0x00007f2b0072b491 in ffi_call () from /path/to/python/lib/python3.9/lib-dynload/_ctypes.cpython-39-x86_64-linux-gnu.so

I changed nothing but the version of libffi from 3.3 to 3.4.2, while it runs ok with version 3,3. I compile libffi and recompiling python with it:

# compile libffi
./configure --prefix=/path/to/libffi/ CFLAGS="-fPIC" --disable-shared --disable-docs
make && make install

# compile python with libffi
sed -i '/Linux\*|GNU\*) LINKFORSHARED=/ s/="/&-pie /' configure
./configure CFLAGS="-fstack-protector-strong -fPIC -D_FORTIFY_SOURCE=2 -O2" LDFLAGS="-L/path/to/libffi/lib64 -Bstatic -Wl,--build-id=none,-z,noexecstack,-z,relro,-z,now" LIBS="-lffi"
make && make install

I also run unittest of ctypes as ctypes unittest crashes with libffi 3.4.2, 

test_callbacks (ctypes.test.test_as_parameter.AsParamPropertyWrapperTestCase) ... Aborted (core dumped)

it cored as follows:


#0  0x00007fa96efcc77b in raise () from /usr/lib64/libc.so.6
#1  0x00007fa96efcdaa1 in abort () from /usr/lib64/libc.so.6
#2  0x00007fa961fa4d5a in dlfree () from /path/to/python/lib/python3.9/lib-dynload/_ctypes.cpython-39-x86_64-linux-gnu.so
#3  0x00007fa961fa5b0e in ffi_closure_free () from /path/to/python/lib/python3.9/lib-dynload/_ctypes.cpython-39-x86_64-linux-gnu.so
#4  0x00007fa961f97f24 in CThunkObject_dealloc (myself=0x7fa9616f19e0) at /usr1/python/python/target/checkout/Python-3.9.11/Modules/_ctypes/callbacks.c:23
#5  0x00000000004cb315 in _Py_DECREF (op=<optimized out>) at ./Include/object.h:430
#6  _Py_XDECREF (op=<optimized out>) at ./Include/object.h:497
#7  free_keys_object (keys=0x7fa9616f1870) at Objects/dictobject.c:598
#8  0x00000000004cbbc0 in dictkeys_decref (dk=0x7fa9616f1870) at Objects/dictobject.c:333
#9  dict_dealloc (mp=0x7fa961bdc680) at Objects/dictobject.c:2026

Do you have any ideas?

Tested with:

CPython versions tested on:

3.9

Operating systems tested on:

Linux

iwannastay commented 5 months ago 
import numpy as np

from numba.types import UniTuple
from numba import njit, float64, int32, void

@njit(float64(float64[:]), nogil=True, boundscheck=False)
def log_sum_exp(x):
    """
    求x的e的幂的和的对数
    :param x:
    :return: x的e的幂的和的对数
    """
    x_max = np.max(x)
    if np.isinf(x_max):
        return -np.Inf
    return np.log(np.sum(np.exp(x)))

I run this python script after updating python version to 3.11.4 and it coredump with the same backtrace above, here is the bt and py-bt:

(gdb) bt
#0  0x00007f03eed996c7 in closure_fcn (cif=0x7f03ee3154a8, resp=0x7fffd37be2e0, args=0x7fffd37be160, userdata=0x3b) at /usr1/python/python/Python-3.9.11/Modules/_ctypes/callbacks.c:310
#1  0x00007f03eeda8718 in ffi_closure_unix64_inner () from /tmp/lstest2/lib/python3.11/lib-dynload/_ctypes.cpython-311-x86_64-linux-gnu.so
#2  0x00007f03eeda91e8 in ffi_closure_unix64 () from /tmp/lstest2/lib/python3.11/lib-dynload/_ctypes.cpython-311-x86_64-linux-gnu.so
#3  0x00007f03e813dc13 in LLVMPYObjectCache::notifyObjectCompiled (this=0x564454ccab00, M=0x564454ac1c90, MBR=...) at executionengine.cpp:195
#4  0x00007f03e95e418b in llvm::MCJIT::emitObject(llvm::Module*) [clone .localalias] () from /tmp/lstest2/lib/python3.11/site-packages/llvmlite/binding/libllvmlite.so
#5  0x00007f03e95e4a39 in llvm::MCJIT::generateCodeForModule(llvm::Module*) [clone .localalias] () from /tmp/lstest2/lib/python3.11/site-packages/llvmlite/binding/libllvmlite.so
#6  0x00007f03e95dff30 in llvm::MCJIT::finalizeObject() [clone .localalias] () from /tmp/lstest2/lib/python3.11/site-packages/llvmlite/binding/libllvmlite.so
#7  0x00007f03e813d5f5 in LLVMPY_FinalizeObject (EE=0x564454fbf0c0) at executionengine.cpp:63
#8  0x00007f03eeda9052 in ffi_call_unix64 () from /tmp/lstest2/lib/python3.11/lib-dynload/_ctypes.cpython-311-x86_64-linux-gnu.so
#9  0x00007f03eeda8137 in ffi_call_int () from /tmp/lstest2/lib/python3.11/lib-dynload/_ctypes.cpython-311-x86_64-linux-gnu.so
#10 0x00007f03eeda81a0 in ffi_call () from /tmp/lstest2/lib/python3.11/lib-dynload/_ctypes.cpython-311-x86_64-linux-gnu.so
#11 0x00007f03eed9b5a6 in _call_function_pointer (argtypecount=<optimized out>, argcount=1, resmem=0x7fffd37bf800, restype=<optimized out>, atypes=<optimized out>, avalues=0x7fffd37bf7f0, pProc=0x7f03e813d5ce <LLVMPY_FinalizeObject(LLVMExecutionEngineRef)>, 
    flags=4353) at /usr1/python/python/Python-3.9.11/Modules/_ctypes/callproc.c:923
#12 _ctypes_callproc (pProc=pProc@entry=0x7f03e813d5ce <LLVMPY_FinalizeObject(LLVMExecutionEngineRef)>, argtuple=argtuple@entry=0x7f03e6dd30a0, flags=4353, argtypes=argtypes@entry=0x7f03ee36afb0, restype=restype@entry=0x56445478d400, checker=0x0)
    at /usr1/python/python/Python-3.9.11/Modules/_ctypes/callproc.c:1262
#13 0x00007f03eed9492f in PyCFuncPtr_call (self=<optimized out>, inargs=<optimized out>, kwds=0x7f03e6da5540) at /usr1/python/python/Python-3.9.11/Modules/_ctypes/_ctypes.c:4201
#14 0x00005644538c3e9a in _PyObject_Call (kwargs=0x7f03e6da5540, args=0x7f03e6dd30a0, callable=0x7f03e788c390, tstate=0x564453ca7ab8 <_PyRuntime+166328>) at Objects/call.c:343
#15 _PyObject_Call (tstate=0x564453ca7ab8 <_PyRuntime+166328>, callable=0x7f03e788c390, args=0x7f03e6dd30a0, kwargs=0x7f03e6da5540) at Objects/call.c:313
#16 0x000056445387672d in do_call_core (use_tracing=<optimized out>, kwdict=0x7f03e6da5540, callargs=0x7f03e6dd30a0, func=0x7f03e788c390, tstate=0x564453ca7ab8 <_PyRuntime+166328>) at Python/ceval.c:7357
#17 _PyEval_EvalFrameDefault (tstate=<optimized out>, frame=<optimized out>, throwflag=<optimized out>) at Python/ceval.c:5381
#18 0x0000564453993391 in _PyEval_EvalFrame (throwflag=0, frame=0x7f0415e46c08, tstate=0x564453ca7ab8 <_PyRuntime+166328>) at ./Include/internal/pycore_ceval.h:73
#19 _PyEval_Vector (tstate=0x564453ca7ab8 <_PyRuntime+166328>, func=<optimized out>, locals=<optimized out>, args=<optimized out>, argcount=<optimized out>, kwnames=<optimized out>) at Python/ceval.c:6439
#20 0x00005644538c41e7 in _PyObject_FastCallDictTstate (tstate=tstate@entry=0x564453ca7ab8 <_PyRuntime+166328>, callable=callable@entry=0x7f03ee31fec0, args=args@entry=0x7fffd37bfc10, nargsf=nargsf@entry=2, kwargs=kwargs@entry=0x0) at Objects/call.c:141
#21 0x00005644538c44c0 in _PyObject_Call_Prepend (tstate=tstate@entry=0x564453ca7ab8 <_PyRuntime+166328>, callable=callable@entry=0x7f03ee31fec0, obj=obj@entry=0x7f03ee36b4c0, args=args@entry=0x7f03e6dd3010, kwargs=kwargs@entry=0x0) at Objects/call.c:482
#22 0x000056445392637c in slot_tp_call (self=0x7f03ee36b4c0, args=0x7f03e6dd3010, kwds=0x0) at Objects/typeobject.c:7632
#23 0x00005644538c4070 in _PyObject_MakeTpCall (tstate=0x564453ca7ab8 <_PyRuntime+166328>, callable=callable@entry=0x7f03ee36b4c0, args=args@entry=0x7f0415e46c00, nargs=1, keywords=0x0, keywords@entry=0x7f03e6dd3010) at Objects/call.c:214
#24 0x00005644538c46f0 in _PyObject_VectorcallTstate (kwnames=0x7f03e6dd3010, nargsf=<optimized out>, args=0x7f0415e46c00, callable=0x7f03ee36b4c0, tstate=<optimized out>) at ./Include/internal/pycore_call.h:90
#25 _PyObject_VectorcallTstate (kwnames=0x7f03e6dd3010, nargsf=<optimized out>, args=0x7f0415e46c00, callable=0x7f03ee36b4c0, tstate=<optimized out>) at ./Include/internal/pycore_call.h:77
#26 PyObject_Vectorcall (callable=callable@entry=0x7f03ee36b4c0, args=args@entry=0x7f0415e46c00, nargsf=<optimized out>, kwnames=kwnames@entry=0x0) at Objects/call.c:299
#27 0x0000564453876ae6 in _PyEval_EvalFrameDefault (tstate=<optimized out>, frame=<optimized out>, throwflag=<optimized out>) at Python/ceval.c:7315
#28 0x0000564453993391 in _PyEval_EvalFrame (throwflag=0, frame=0x7f0415e46ba0, tstate=0x564453ca7ab8 <_PyRuntime+166328>) at ./Include/internal/pycore_ceval.h:73
#29 _PyEval_Vector (tstate=0x564453ca7ab8 <_PyRuntime+166328>, func=<optimized out>, locals=<optimized out>, args=<optimized out>, argcount=<optimized out>, kwnames=<optimized out>) at Python/ceval.c:6439
#30 0x000056445387672d in do_call_core (use_tracing=<optimized out>, kwdict=0x7f03eecc1d40, callargs=0x7f03e6dd3040, func=0x7f03ee37e3e0, tstate=0x564453ca7ab8 <_PyRuntime+166328>) at Python/ceval.c:7357
#31 _PyEval_EvalFrameDefault (tstate=<optimized out>, frame=<optimized out>, throwflag=<optimized out>) at Python/ceval.c:5381
#32 0x0000564453993391 in _PyEval_EvalFrame (throwflag=0, frame=0x7f0415e46878, tstate=0x564453ca7ab8 <_PyRuntime+166328>) at ./Include/internal/pycore_ceval.h:73
#33 _PyEval_Vector (tstate=0x564453ca7ab8 <_PyRuntime+166328>, func=<optimized out>, locals=<optimized out>, args=<optimized out>, argcount=<optimized out>, kwnames=<optimized out>) at Python/ceval.c:6439
#34 0x000056445387672d in do_call_core (use_tracing=<optimized out>, kwdict=0x7f03e6e02680, callargs=0x7f03e6e02500, func=0x7f03e6f30a40, tstate=0x564453ca7ab8 <_PyRuntime+166328>) at Python/ceval.c:7357
#35 _PyEval_EvalFrameDefault (tstate=<optimized out>, frame=<optimized out>, throwflag=<optimized out>) at Python/ceval.c:5381
#36 0x0000564453993391 in _PyEval_EvalFrame (throwflag=0, frame=0x7f0415e46540, tstate=0x564453ca7ab8 <_PyRuntime+166328>) at ./Include/internal/pycore_ceval.h:73
#37 _PyEval_Vector (tstate=0x564453ca7ab8 <_PyRuntime+166328>, func=<optimized out>, locals=<optimized out>, args=<optimized out>, argcount=<optimized out>, kwnames=<optimized out>) at Python/ceval.c:6439
#38 0x00005644538c41e7 in _PyObject_FastCallDictTstate (tstate=tstate@entry=0x564453ca7ab8 <_PyRuntime+166328>, callable=callable@entry=0x7f03e6ea60c0, args=args@entry=0x7f0408bcf0f0, nargsf=nargsf@entry=8, kwargs=kwargs@entry=0x0) at Objects/call.c:141
#39 0x00005644538c4455 in _PyObject_Call_Prepend (tstate=tstate@entry=0x564453ca7ab8 <_PyRuntime+166328>, callable=callable@entry=0x7f03e6ea60c0, obj=obj@entry=0x7f03e78b9c10, args=args@entry=0x7f03e6d5cac0, kwargs=kwargs@entry=0x0) at Objects/call.c:482
#40 0x00005644539264a4 in slot_tp_init (self=0x7f03e78b9c10, args=0x7f03e6d5cac0, kwds=0x0) at Objects/typeobject.c:7863
#41 0x000056445391f137 in type_call (type=<optimized out>, args=0x7f03e6d5cac0, kwds=0x0) at Objects/typeobject.c:1112
#42 0x00005644538c4070 in _PyObject_MakeTpCall (tstate=0x564453ca7ab8 <_PyRuntime+166328>, callable=callable@entry=0x564454f4eb60, args=args@entry=0x7f0415e46508, nargs=7, keywords=0x0, keywords@entry=0x5644538c4455 <_PyObject_Call_Prepend+149>) at Objects/call.c:214
#43 0x00005644538c46f0 in _PyObject_VectorcallTstate (kwnames=0x5644538c4455 <_PyObject_Call_Prepend+149>, nargsf=<optimized out>, args=0x7f0415e46508, callable=0x564454f4eb60, tstate=<optimized out>) at ./Include/internal/pycore_call.h:90
#44 _PyObject_VectorcallTstate (kwnames=0x5644538c4455 <_PyObject_Call_Prepend+149>, nargsf=<optimized out>, args=0x7f0415e46508, callable=0x564454f4eb60, tstate=<optimized out>) at ./Include/internal/pycore_call.h:77
#45 PyObject_Vectorcall (callable=callable@entry=0x564454f4eb60, args=args@entry=0x7f0415e46508, nargsf=<optimized out>, kwnames=kwnames@entry=0x0) at Objects/call.c:299
#46 0x0000564453876ae6 in _PyEval_EvalFrameDefault (tstate=<optimized out>, frame=<optimized out>, throwflag=<optimized out>) at Python/ceval.c:7315
#47 0x0000564453993391 in _PyEval_EvalFrame (throwflag=0, frame=0x7f0415e46020, tstate=0x564453ca7ab8 <_PyRuntime+166328>) at ./Include/internal/pycore_ceval.h:73
#48 _PyEval_Vector (tstate=tstate@entry=0x564453ca7ab8 <_PyRuntime+166328>, func=func@entry=0x7f0408b4fba0, locals=locals@entry=0x7f0408d9a340, args=args@entry=0x0, argcount=argcount@entry=0, kwnames=kwnames@entry=0x0) at Python/ceval.c:6439
#49 0x0000564453993444 in PyEval_EvalCode (co=co@entry=0x7f03e6f1c7a0, globals=globals@entry=0x7f0408d9a340, locals=locals@entry=0x7f0408d9a340) at Python/ceval.c:1154
#50 0x00005644539d3efa in run_eval_code_obj (tstate=tstate@entry=0x564453ca7ab8 <_PyRuntime+166328>, co=co@entry=0x7f03e6f1c7a0, globals=globals@entry=0x7f0408d9a340, locals=locals@entry=0x7f0408d9a340) at Python/pythonrun.c:1714
#51 0x00005644539d4107 in run_mod (mod=mod@entry=0x564454fbac78, filename=filename@entry=0x7f0408d9a4b0, globals=0x7f0408d9a340, locals=0x7f0408d9a340, flags=flags@entry=0x7fffd37c0718, arena=arena@entry=0x7f0408cc3790) at Python/pythonrun.c:1735
#52 0x00005644539d5cdb in PyRun_InteractiveOneObjectEx (fp=fp@entry=0x7f0415c8b860 <_IO_2_1_stdin_>, filename=filename@entry=0x7f0408d9a4b0, flags=flags@entry=0x7fffd37c0718) at Python/pythonrun.c:261
#53 0x00005644539d68a6 in _PyRun_InteractiveLoopObject (fp=fp@entry=0x7f0415c8b860 <_IO_2_1_stdin_>, filename=filename@entry=0x7f0408d9a4b0, flags=flags@entry=0x7fffd37c0718) at Python/pythonrun.c:138
#54 0x00005644539d708e in _PyRun_AnyFileObject (fp=fp@entry=0x7f0415c8b860 <_IO_2_1_stdin_>, filename=filename@entry=0x7f0408d9a4b0, closeit=closeit@entry=0, flags=flags@entry=0x7fffd37c0718) at Python/pythonrun.c:73
#55 0x00005644539d713a in PyRun_AnyFileExFlags (fp=0x7f0415c8b860 <_IO_2_1_stdin_>, filename=filename@entry=0x564453a65291 "<stdin>", closeit=closeit@entry=0, flags=flags@entry=0x7fffd37c0718) at Python/pythonrun.c:105
#56 0x00005644539f4173 in pymain_run_stdin (config=0x564453c8db00 <_PyRuntime+59904>) at Modules/main.c:509
#57 pymain_run_python (exitcode=0x7fffd37c0710) at Modules/main.c:604
#58 Py_RunMain () at Modules/main.c:680
#59 0x00005644539f4406 in pymain_main (args=0x7fffd37c0830) at Modules/main.c:710
#60 Py_BytesMain (argc=<optimized out>, argv=<optimized out>) at Modules/main.c:734
#61 0x00007f0415affc57 in __libc_start_main () from /usr/lib64/libc.so.6
#62 0x000056445387b17a in _start () at Python/ceval.c:2764

(gdb) py-bt
Traceback (most recent call first):
  File "/path/to/python/lib/python3.9/site-packages/llvmlite/binding/ffi.py", line 190, in __call__
    return self._cfn(*args, **kwargs)
  File "/path/to/python/lib/python3.9/site-packages/llvmlite/binding/executionengine.py", line 92, in finalize_object
    ffi.lib.LLVMPY_FinalizeObject(self)
  File "/path/to/python/lib/python3.9/site-packages/numba/core/codegen.py", line 1060, in wrapper
    return old(self._ee, *args, **kwargs)
  File "/path/to/python/lib/python3.9/site-packages/numba/core/codegen.py", line 999, in _finalize_specific
    self._codegen._engine.finalize_object()
  File "/path/to/python/lib/python3.9/site-packages/numba/core/codegen.py", line 797, in _finalize_final_module
    self._finalize_specific()
  File "/path/to/python/lib/python3.9/site-packages/numba/core/codegen.py", line 765, in finalize
    self._finalize_final_module()
  File "/path/to/python/lib/python3.9/site-packages/numba/core/runtime/nrtdynmod.py", line 213, in compile_nrt_functions
    library.finalize()
  File "/path/to/python/lib/python3.9/site-packages/numba/core/runtime/nrt.py", line 45, in initialize
    self._library = nrtdynmod.compile_nrt_functions(ctx)
  File "/path/to/python/lib/python3.9/site-packages/numba/core/compiler_lock.py", line 35, in _acquire_compile_lock
    return func(*args, **kwargs)
  File "/path/to/python/lib/python3.9/site-packages/numba/core/cpu.py", line 66, in load_additional_registries
    rtsys.initialize(self)
  File "/path/to/python/lib/python3.9/site-packages/numba/core/base.py", line 267, in refresh
    self.load_additional_registries()
  File "/path/to/python/lib/python3.9/site-packages/numba/core/compiler.py", line 418, in __init__
    targetctx.refresh()
  File "/path/to/python/lib/python3.9/site-packages/numba/core/compiler.py", line 768, in compile_extra
    pipeline = pipeline_class(typingctx, targetctx, library,
  File "/path/to/python/lib/python3.9/site-packages/numba/core/dispatcher.py", line 152, in _compile_core
    cres = compiler.compile_extra(self.targetdescr.typing_context,
  File "/path/to/python/lib/python3.9/site-packages/numba/core/dispatcher.py", line 139, in _compile_cached
    retval = self._compile_core(args, return_type)
  File "/path/to/python/lib/python3.9/site-packages/numba/core/dispatcher.py", line 125, in compile
    status, retval = self._compile_cached(args, return_type)
  File "/path/to/python/lib/python3.9/site-packages/numba/core/dispatcher.py", line 965, in compile
    cres = self._compiler.compile(args, return_type)
  File "/path/to/python/lib/python3.9/site-packages/numba/core/decorators.py", line 241, in wrapper
    disp.compile(sig)
  File "./hmm/calculator.py", line 16, in <module>
  <built-in method exec of module object at remote 0x7f2b02632b30>
  File "<frozen importlib._bootstrap>", line 228, in _call_with_frames_removed
  File "<frozen importlib._bootstrap_external>", line 850, in exec_module
  File "<frozen importlib._bootstrap>", line 680, in _load_unlocked
  File "<frozen importlib._bootstrap>", line 986, in _find_and_load_unlocked
  File "<frozen importlib._bootstrap>", line 1007, in _find_and_load
  <built-in method __import__ of module object at remote 0x7f2b02632b30>
  File "/usr1/build/runner_base/runner/run.py", line 133, in _load_model
  File "/usr1/build/runner_base/__init__.py", line 431, in wrapper
  File "/usr1/build/runner_base/runner/run.py", line 198, in case_operate
  File "/usr1/build/runner_base/__init__.py", line 431, in wrapper
  File "/usr1/build/runner_base/boot/main.py", line 216, in run
  File "/usr1/build/runner_base/boot/main.py", line 255, in <module>