pybind11 icon indicating copy to clipboard operation
pybind11 copied to clipboard

Published 20 hours ago verified publisher icon pybind

[BUG]: crash of GNU Radio on OpenBSD, probably related to pybind11

Open bsdmp opened this issue 1 year ago • 0 comments

Required prerequisites

  • [X] Make sure you've read the documentation. Your issue may be addressed there.
  • [X] Search the issue tracker and Discussions to verify that this hasn't already been reported. +1 or comment there if it has.
  • [ ] Consider asking first in the Gitter chat room or in a Discussion.

What version (or hash if on master) of pybind11 are you using?

2.11.1

Problem description

I've reported it to GNU Radio issues (https://github.com/gnuradio/gnuradio/issues/6689), but I was told that the crash probably relates to pybind11:

At least for the second backtrace, I'd say the primary suspect is pybind11, or to be more specific, Pybind11 not being sure how to resolve types

With even simplest null source -> null sink graph I'm getting SIGSEGV, here is backtrace:

0x0000094e696fe13e in pybind11::class_<gr::blocks::null_source, gr::sync_block, gr::block, gr::basic_block, std::__1::shared_ptr<gr::blocks::null_source> >::add_base<gr::sync_block, 0>(pybind11::detail::type_record&)::{lambda(void*)#1}::operator()(void*) const (src=0x94eb17c4630, this=<optimized out>) at /usr/local/lib/python3.10/site-packages/pybind11/include/pybind11/pybind11.h:1566
1566                return static_cast<Base *>(reinterpret_cast<type *>(src));
(gdb) bt
#0  0x0000094e696fe13e in pybind11::class_<gr::blocks::null_source, gr::sync_block, gr::block, gr::basic_block, std::__1::shared_ptr<gr::blocks::null_source> >::add_base<gr::sync_block, 0>(pybind11::detail::type_record&)::{lambda(void*)#1}::operator()(void*) const (src=0x94eb17c4630, this=<optimized out>) at /usr/local/lib/python3.10/site-packages/pybind11/include/pybind11/pybind11.h:1566
#1  pybind11::class_<gr::blocks::null_source, gr::sync_block, gr::block, gr::basic_block, std::__1::shared_ptr<gr::blocks::null_source> >::add_base<gr::sync_block, 0>(pybind11::detail::type_record&)::{lambda(void*)#1}::__invoke(void*) (src=0x94eb17c4630) at /usr/local/lib/python3.10/site-packages/pybind11/include/pybind11/pybind11.h:1565
#2  0x0000094e9286245c in pybind11::detail::type_caster_generic::try_implicit_casts (this=0x7354da7f12e0, src=..., convert=<optimized out>)
    at /usr/local/lib/python3.10/site-packages/pybind11/include/pybind11/detail/type_caster_base.h:626
#3  pybind11::detail::type_caster_generic::load_impl<pybind11::detail::type_caster_generic> (this=<optimized out>, src=..., convert=<optimized out>)
    at /usr/local/lib/python3.10/site-packages/pybind11/include/pybind11/detail/type_caster_base.h:729
#4  0x0000094e928620f6 in pybind11::detail::type_caster_generic::load (this=<optimized out>, src=..., convert=<optimized out>)
    at /usr/local/lib/python3.10/site-packages/pybind11/include/pybind11/detail/type_caster_base.h:506
#5  pybind11::detail::type_caster_generic::try_implicit_casts (this=0x7354da7f1370, src=..., convert=<optimized out>) at /usr/local/lib/python3.10/site-packages/pybind11/include/pybind11/detail/type_caster_base.h:625
#6  pybind11::detail::type_caster_generic::load_impl<pybind11::detail::type_caster_generic> (this=<optimized out>, src=..., convert=<optimized out>)
    at /usr/local/lib/python3.10/site-packages/pybind11/include/pybind11/detail/type_caster_base.h:729
#7  0x0000094e928620f6 in pybind11::detail::type_caster_generic::load (this=<optimized out>, src=..., convert=<optimized out>)
    at /usr/local/lib/python3.10/site-packages/pybind11/include/pybind11/detail/type_caster_base.h:506
#8  pybind11::detail::type_caster_generic::try_implicit_casts (this=0x7354da7f1400, src=..., convert=<optimized out>) at /usr/local/lib/python3.10/site-packages/pybind11/include/pybind11/detail/type_caster_base.h:625
#9  pybind11::detail::type_caster_generic::load_impl<pybind11::detail::type_caster_generic> (this=<optimized out>, src=..., convert=<optimized out>)
    at /usr/local/lib/python3.10/site-packages/pybind11/include/pybind11/detail/type_caster_base.h:729
#10 0x0000094e92874d1a in pybind11::detail::type_caster_generic::load (this=<optimized out>, src=..., convert=<optimized out>)
    at /usr/local/lib/python3.10/site-packages/pybind11/include/pybind11/detail/type_caster_base.h:506
#11 pybind11::detail::argument_loader<gr::basic_block*>::load_impl_sequence<0ul> (this=<optimized out>, call=...) at /usr/local/lib/python3.10/site-packages/pybind11/include/pybind11/cast.h:1465
#12 pybind11::detail::argument_loader<gr::basic_block*>::load_args (this=<optimized out>, call=...) at /usr/local/lib/python3.10/site-packages/pybind11/include/pybind11/cast.h:1443
#13 pybind11::cpp_function::initialize<pybind11::cpp_function::initialize<std::__1::shared_ptr<gr::basic_block>, gr::basic_block, , pybind11::name, pybind11::is_method, pybind11::sibling, char const*>(std::__1::shared_ptr<gr::basic_block> (gr::basic_block::*)(), pybind11::name const&, pybind11::is_method const&, pybind11::sibling const&, char const* const&)::{lambda(gr::basic_block*)#1}, std::__1::shared_ptr<gr::basic_block>, gr::basic_block*, pybind11::name, pybind11::is_method, pybind11::sibling, char const*>(pybind11::cpp_function::initialize<std::__1::shared_ptr<gr::basic_block>, gr::basic_block, , pybind11::name, pybind11::is_method, pybind11::sibling, char const*>(std::__1::shared_ptr<gr::basic_block> (gr::basic_block::*)(), pybind11::name const&, pybind11::is_method const&, pybind11::sibling const&, char const* const&)::{lambda(gr::basic_block*)#1}&&, std::__1::shared_ptr<gr::basic_block> (*)(gr::basic_block*), pybind11::name const&, pybind11::is_method const&, pybind11::sibling const&, char const* const&)::{lambda(pybind11::detail::function_call&)#1}::operator()(pybind11::detail::function_call&) const (this=<optimized out>, call=...) at /usr/local/lib/python3.10/site-packages/pybind11/include/pybind11/pybind11.h:228
#14 0x0000094e92874ca2 in pybind11::cpp_function::initialize<pybind11::cpp_function::initialize<std::__1::shared_ptr<gr::basic_block>, gr::basic_block, , pybind11::name, pybind11::is_method, pybind11::sibling, char const*>(std::__1::shared_ptr<gr::basic_block> (gr::basic_block::*)(), pybind11::name const&, pybind11::is_method const&, pybind11::sibling const&, char const* const&)::{lambda(gr::basic_block*)#1}, std::__1::shared_ptr<gr::basic_block>, gr::basic_block*, pybind11::name, pybind11::is_method, pybind11::sibling, char const*>(pybind11::cpp_function::initialize<std::__1::shared_ptr<gr::basic_block>, gr::basic_block, , pybind11::name, pybind11::is_method,
pybind11::sibling, char const*>(std::__1::shared_ptr<gr::basic_block> (gr::basic_block::*)(), pybind11::name const&, pybind11::is_method const&, pybind11::sibling const&, char const* const&)::{lambda(gr::basic_block*)#1}&&, std::__1::shared_ptr<gr::basic_block> (*)(gr::basic_block*), pybind11::name const&, pybind11::is_method const&, pybind11::sibling const&, char const* const&)::{lambda(pybind11::detail::function_call&)#1}::__invoke(pybind11::detail::function_call&) (call=...) at /usr/local/lib/python3.10/site-packages/pybind11/include/pybind11/pybind11.h:224
#15 0x0000094e92857008 in pybind11::cpp_function::dispatcher (self=<optimized out>, args_in=(<gnuradio.blocks.blocks_python.null_source at remote 0x94e8429de30>,), kwargs_in=0x0)
    at /usr/local/lib/python3.10/site-packages/pybind11/include/pybind11/pybind11.h:946
#16 0x0000094f32c7bd1c in cfunction_call () from /usr/local/lib/libpython3.10.so.0.0
#17 0x0000094f32c21c75 in _PyObject_MakeTpCall () from /usr/local/lib/libpython3.10.so.0.0
#18 0x0000094f32c25e34 in method_vectorcall () from /usr/local/lib/libpython3.10.so.0.0
#19 0x0000094f32d2ed0e in call_function () from /usr/local/lib/libpython3.10.so.0.0
#20 0x0000094f32d256c0 in _PyEval_EvalFrameDefault () from /usr/local/lib/libpython3.10.so.0.0
#21 0x0000094f32d224e4 in _PyEval_Vector () from /usr/local/lib/libpython3.10.so.0.0
#22 0x0000094f32d2ed0e in call_function () from /usr/local/lib/libpython3.10.so.0.0
#23 0x0000094f32d280b9 in _PyEval_EvalFrameDefault () from /usr/local/lib/libpython3.10.so.0.0
#24 0x0000094f32d224e4 in _PyEval_Vector () from /usr/local/lib/libpython3.10.so.0.0
#25 0x0000094f32c25dc5 in method_vectorcall () from /usr/local/lib/libpython3.10.so.0.0
#26 0x0000094f32d2ed0e in call_function () from /usr/local/lib/libpython3.10.so.0.0
#27 0x0000094f32d256c0 in _PyEval_EvalFrameDefault () from /usr/local/lib/libpython3.10.so.0.0
#28 0x0000094f32d224e4 in _PyEval_Vector () from /usr/local/lib/libpython3.10.so.0.0
#29 0x0000094f32c2206e in _PyObject_FastCallDictTstate () from /usr/local/lib/libpython3.10.so.0.0
#30 0x0000094f32c22da4 in _PyObject_Call_Prepend () from /usr/local/lib/libpython3.10.so.0.0
#31 0x0000094f32ca2f34 in slot_tp_init () from /usr/local/lib/libpython3.10.so.0.0
#32 0x0000094f32ca8de4 in type_call () from /usr/local/lib/libpython3.10.so.0.0
#33 0x0000094f32c21c75 in _PyObject_MakeTpCall () from /usr/local/lib/libpython3.10.so.0.0
#34 0x0000094f32d2ee60 in call_function () from /usr/local/lib/libpython3.10.so.0.0
#35 0x0000094f32d280b9 in _PyEval_EvalFrameDefault () from /usr/local/lib/libpython3.10.so.0.0
#36 0x0000094f32d224e4 in _PyEval_Vector () from /usr/local/lib/libpython3.10.so.0.0
#37 0x0000094f32d2ed0e in call_function () from /usr/local/lib/libpython3.10.so.0.0
#38 0x0000094f32d280b9 in _PyEval_EvalFrameDefault () from /usr/local/lib/libpython3.10.so.0.0
#39 0x0000094f32d224e4 in _PyEval_Vector () from /usr/local/lib/libpython3.10.so.0.0
#40 0x0000094f32d8a527 in run_mod () from /usr/local/lib/libpython3.10.so.0.0
#41 0x0000094f32d89f79 in _PyRun_SimpleFileObject () from /usr/local/lib/libpython3.10.so.0.0
#42 0x0000094f32d88e6d in _PyRun_AnyFileObject () from /usr/local/lib/libpython3.10.so.0.0
#43 0x0000094f32db181d in Py_RunMain () from /usr/local/lib/libpython3.10.so.0.0
#44 0x0000094f32db2c33 in pymain_main () from /usr/local/lib/libpython3.10.so.0.0
#45 0x0000094f32db302c in Py_BytesMain () from /usr/local/lib/libpython3.10.so.0.0
#46 0x0000094c3c872971 in _start ()

disass:

(gdb) disassemble
Dump of assembler code for function _ZZN8pybind116class_IN2gr6blocks11null_sourceEJNS1_10sync_blockENS1_5blockENS1_11basic_blockENSt3__110shared_ptrIS3_EEEE8add_baseIS4_Li0EEEvRNS_6detail11type_recordEENUlPvE_8__invokeESF_:
   0x0000094e696fe120 <+0>:     endbr64
   0x0000094e696fe124 <+4>:     mov    0x98f4d(%rip),%r11        # 0x94e69797078 <__retguard_3494>
   0x0000094e696fe12b <+11>:    xor    (%rsp),%r11
   0x0000094e696fe12f <+15>:    test   %rdi,%rdi
   0x0000094e696fe132 <+18>:    je     0x94e696fe145 <_ZZN8pybind116class_IN2gr6blocks11null_sourceEJNS1_10sync_blockENS1_5blockENS1_11basic_blockENSt3__110shared_ptrIS3_EEEE8add_baseIS4_Li0EEEvRNS_6detail11type_recordEENUlPvE_8__invokeESF_+37>
   0x0000094e696fe134 <+20>:    push   %rbp
   0x0000094e696fe135 <+21>:    mov    %rsp,%rbp
   0x0000094e696fe138 <+24>:    mov    %rdi,%rax
   0x0000094e696fe13b <+27>:    mov    (%rdi),%rcx
=> 0x0000094e696fe13e <+30>:    add    -0x18(%rcx),%rax
   0x0000094e696fe142 <+34>:    pop    %rbp
   0x0000094e696fe143 <+35>:    jmp    0x94e696fe147 <_ZZN8pybind116class_IN2gr6blocks11null_sourceEJNS1_10sync_blockENS1_5blockENS1_11basic_blockENSt3__110shared_ptrIS3_EEEE8add_baseIS4_Li0EEEvRNS_6detail11type_recordEENUlPvE_8__invokeESF_+39>
   0x0000094e696fe145 <+37>:    xor    %eax,%eax
   0x0000094e696fe147 <+39>:    xor    (%rsp),%r11
   0x0000094e696fe14b <+43>:    cmp    0x98f26(%rip),%r11        # 0x94e69797078 <__retguard_3494>
   0x0000094e696fe152 <+50>:    je     0x94e696fe15f <_ZZN8pybind116class_IN2gr6blocks11null_sourceEJNS1_10sync_blockENS1_5blockENS1_11basic_blockENSt3__110shared_ptrIS3_EEEE8add_baseIS4_Li0EEEvRNS_6detail11type_recordEENUlPvE_8__invokeESF_+63>
   0x0000094e696fe154 <+52>:    int3
   0x0000094e696fe155 <+53>:    int3
   0x0000094e696fe156 <+54>:    int3
   0x0000094e696fe157 <+55>:    int3
   0x0000094e696fe158 <+56>:    int3
   0x0000094e696fe159 <+57>:    int3
   0x0000094e696fe15a <+58>:    int3
   0x0000094e696fe15b <+59>:    int3
   0x0000094e696fe15c <+60>:    int3
   0x0000094e696fe15d <+61>:    int3
   0x0000094e696fe15e <+62>:    int3
   0x0000094e696fe15f <+63>:    ret
End of assembler dump.

and info reg:

(gdb) info reg
rax            0x94eb17c4630       10233589810736
rbx            0x1                 1
rcx            0xdfdfdfdfdfdfdfdf  -2314885530818453537
rdx            0x0                 0
rsi            0x94e8429de30       10232829435440
rdi            0x94eb17c4630       10233589810736
rbp            0x7354da7f1230      0x7354da7f1230
rsp            0x7354da7f1230      0x7354da7f1230
r8             0x0                 0
r9             0x94f32e518d0       10235760941264
r10            0xf08e9cc8faacdf39  -1112779670900908231
r11            0x5881065087276f30  6377385490267991856
r12            0x94e8429de30       10232829435440
r13            0x94e8429de30       10232829435440
r14            0x94e896b1830       10232917596208
r15            0x94e896b1ff0       10232917598192
rip            0x94e696fe13e       0x94e696fe13e <pybind11::class_<gr::blocks::null_source, gr::sync_block, gr::block, gr::basic_block, std::__1::shared_ptr<gr::blocks::null_source> >::add_base<gr::sync_block, 0>(pybind11::detail::type_record&)::{lambda(void*)#1}::__invoke(void*)+30>
eflags         0x10206             [ PF IF RF ]
cs             0x2b                43
ss             0x23                35
ds             0x23                35
es             0x23                35
fs             0x23                35
gs             0x23                35
fs_base        <unavailable>
gs_base        <unavailable>

add -0x18(%rcx),%rax is the instruction which crashing the software, but rcx register is 0xdf..., which means that the memory has been free'ed already.

Reproducible example code

No response

Is this a regression? Put the last known working version here if it is.

Not a regression

bsdmp avatar Jan 02 '24 12:01 bsdmp