Segmentation fault in 3.11.4, 3.12.0b3; _PyInterpreterFrame ownership issue #106092

andersk · 2023-06-25T19:51:19Z

Crash report

This test case (minimized from a crash in the Zulip test suite) causes a segmentation fault in Python 3.11.4 and 3.12.0b3.

https://github.com/andersk/python-segfault

$ git clone https://github.com/andersk/python-segfault.git
$ cd python-segfault
$ pip install -r requirements.txt
…
Successfully installed Django-4.2.2 asgiref-3.7.2 coverage-7.2.7 sqlparse-0.4.4
$ python -m django migrate --settings=myapp.settings
…
$ python -m coverage run --timid -m django test --settings=myapp.settings
Found 1 test(s).
System check identified no issues (0 silenced).
150
151
…
199
200
Fatal Python error: Segmentation fault

Based on the tracebacks below, this looks like a _PyInterpreterFrame ownership issue similar to #99729 and #100126. The crash is here:

cpython/Objects/frameobject.c

Line 854 in 1bbf60d

assert(f->f_frame->owner != FRAME_OWNED_BY_GENERATOR ||

where the _PyInterpreterFrame at *f->f_frame has already been freed.

Error messages

Full output with Python traceback

$ python -m coverage run --timid -m django test --settings=myapp.settings
Found 1 test(s).
System check identified no issues (0 silenced).
150
151
…
199
200
Fatal Python error: Segmentation fault

Current thread 0x00007f4abeab1740 (most recent call first):
  Garbage-collecting
  File "/home/anders/zulip/test/python-segfault/venv/lib/python3.11/site-packages/django/utils/functional.py", line 295 in __getattribute__
  File "/home/anders/zulip/test/python-segfault/venv/lib/python3.11/site-packages/django/db/models/fields/__init__.py", line 1587 in get_prep_value
  File "/home/anders/zulip/test/python-segfault/venv/lib/python3.11/site-packages/django/db/models/lookups.py", line 85 in get_prep_lookup
  File "/home/anders/zulip/test/python-segfault/venv/lib/python3.11/site-packages/django/db/models/lookups.py", line 27 in __init__
  File "/home/anders/zulip/test/python-segfault/venv/lib/python3.11/site-packages/django/db/models/sql/query.py", line 1307 in build_lookup
  File "/home/anders/zulip/test/python-segfault/venv/lib/python3.11/site-packages/django/db/models/sql/query.py", line 1480 in build_filter
  File "/home/anders/zulip/test/python-segfault/venv/lib/python3.11/site-packages/django/db/models/sql/query.py", line 1565 in _add_q
  File "/home/anders/zulip/test/python-segfault/venv/lib/python3.11/site-packages/django/db/models/sql/query.py", line 1534 in add_q
  File "/home/anders/zulip/test/python-segfault/venv/lib/python3.11/site-packages/django/db/models/query.py", line 1461 in _filter_or_exclude_inplace
  File "/home/anders/zulip/test/python-segfault/venv/lib/python3.11/site-packages/django/db/models/query.py", line 1454 in _filter_or_exclude
  File "/home/anders/zulip/test/python-segfault/venv/lib/python3.11/site-packages/django/db/models/query.py", line 1436 in filter
  File "/home/anders/zulip/test/python-segfault/venv/lib/python3.11/site-packages/django/db/models/query.py", line 623 in get
  File "/home/anders/zulip/test/python-segfault/venv/lib/python3.11/site-packages/django/db/models/manager.py", line 87 in manager_method
  File "/home/anders/zulip/test/python-segfault/venv/lib/python3.11/site-packages/django/contrib/sessions/backends/db.py", line 32 in _get_session_from_db
  File "/home/anders/zulip/test/python-segfault/venv/lib/python3.11/site-packages/django/contrib/sessions/backends/db.py", line 42 in load
  File "/home/anders/zulip/test/python-segfault/venv/lib/python3.11/site-packages/django/contrib/sessions/backends/base.py", line 192 in _get_session
  File "/home/anders/zulip/test/python-segfault/venv/lib/python3.11/site-packages/django/contrib/sessions/backends/base.py", line 53 in __getitem__
  File "/home/anders/zulip/test/python-segfault/venv/lib/python3.11/site-packages/django/contrib/auth/__init__.py", line 60 in _get_user_session_key
  File "/home/anders/zulip/test/python-segfault/venv/lib/python3.11/site-packages/django/contrib/auth/__init__.py", line 191 in get_user
  File "/home/anders/zulip/test/python-segfault/venv/lib/python3.11/site-packages/django/contrib/auth/middleware.py", line 11 in get_user
  File "/home/anders/zulip/test/python-segfault/venv/lib/python3.11/site-packages/django/contrib/auth/middleware.py", line 25 in <lambda>
  File "/home/anders/zulip/test/python-segfault/venv/lib/python3.11/site-packages/django/utils/functional.py", line 419 in _setup
  File "/home/anders/zulip/test/python-segfault/venv/lib/python3.11/site-packages/django/utils/functional.py", line 266 in inner
  File "/home/anders/zulip/test/python-segfault/myapp/urls.py", line 21 in foo
  File "/home/anders/zulip/test/python-segfault/myapp/urls.py", line 8 in <lambda>
  File "/home/anders/zulip/test/python-segfault/myapp/urls.py", line 8 in <lambda>
  File "/home/anders/zulip/test/python-segfault/myapp/urls.py", line 34 in me
  File "/home/anders/zulip/test/python-segfault/venv/lib/python3.11/site-packages/django/utils/decorators.py", line 134 in _wrapper_view
  File "/home/anders/zulip/test/python-segfault/myapp/urls.py", line 8 in <lambda>
  File "/home/anders/zulip/test/python-segfault/myapp/urls.py", line 8 in <lambda>
  File "/home/anders/zulip/test/python-segfault/myapp/urls.py", line 8 in <lambda>
  File "/home/anders/zulip/test/python-segfault/myapp/urls.py", line 8 in <lambda>
  File "/home/anders/zulip/test/python-segfault/venv/lib/python3.11/site-packages/django/core/handlers/base.py", line 197 in _get_response
  File "/home/anders/zulip/test/python-segfault/venv/lib/python3.11/site-packages/django/core/handlers/exception.py", line 55 in inner
  File "/home/anders/zulip/test/python-segfault/venv/lib/python3.11/site-packages/django/utils/deprecation.py", line 134 in __call__
  File "/home/anders/zulip/test/python-segfault/venv/lib/python3.11/site-packages/django/core/handlers/exception.py", line 55 in inner
  File "/home/anders/zulip/test/python-segfault/venv/lib/python3.11/site-packages/django/utils/deprecation.py", line 134 in __call__
  File "/home/anders/zulip/test/python-segfault/venv/lib/python3.11/site-packages/django/core/handlers/exception.py", line 55 in inner
  File "/home/anders/zulip/test/python-segfault/venv/lib/python3.11/site-packages/django/utils/deprecation.py", line 134 in __call__
  File "/home/anders/zulip/test/python-segfault/venv/lib/python3.11/site-packages/django/core/handlers/exception.py", line 55 in inner
  File "/home/anders/zulip/test/python-segfault/venv/lib/python3.11/site-packages/django/utils/deprecation.py", line 134 in __call__
  File "/home/anders/zulip/test/python-segfault/venv/lib/python3.11/site-packages/django/core/handlers/exception.py", line 55 in inner
  File "/home/anders/zulip/test/python-segfault/venv/lib/python3.11/site-packages/django/utils/deprecation.py", line 134 in __call__
  File "/home/anders/zulip/test/python-segfault/venv/lib/python3.11/site-packages/django/core/handlers/exception.py", line 55 in inner
  File "/home/anders/zulip/test/python-segfault/venv/lib/python3.11/site-packages/django/utils/deprecation.py", line 134 in __call__
  File "/home/anders/zulip/test/python-segfault/venv/lib/python3.11/site-packages/django/core/handlers/exception.py", line 55 in inner
  File "/home/anders/zulip/test/python-segfault/venv/lib/python3.11/site-packages/django/utils/deprecation.py", line 134 in __call__
  File "/home/anders/zulip/test/python-segfault/venv/lib/python3.11/site-packages/django/core/handlers/exception.py", line 55 in inner
  File "/home/anders/zulip/test/python-segfault/venv/lib/python3.11/site-packages/django/utils/deprecation.py", line 134 in __call__
  File "/home/anders/zulip/test/python-segfault/venv/lib/python3.11/site-packages/django/core/handlers/exception.py", line 55 in inner
  File "/home/anders/zulip/test/python-segfault/venv/lib/python3.11/site-packages/django/utils/deprecation.py", line 134 in __call__
  File "/home/anders/zulip/test/python-segfault/venv/lib/python3.11/site-packages/django/core/handlers/exception.py", line 55 in inner
  File "/home/anders/zulip/test/python-segfault/venv/lib/python3.11/site-packages/django/utils/deprecation.py", line 134 in __call__
  File "/home/anders/zulip/test/python-segfault/venv/lib/python3.11/site-packages/django/core/handlers/exception.py", line 55 in inner
  File "/home/anders/zulip/test/python-segfault/venv/lib/python3.11/site-packages/django/utils/deprecation.py", line 134 in __call__
  File "/home/anders/zulip/test/python-segfault/venv/lib/python3.11/site-packages/django/core/handlers/exception.py", line 55 in inner
  File "/home/anders/zulip/test/python-segfault/venv/lib/python3.11/site-packages/django/utils/deprecation.py", line 134 in __call__
  File "/home/anders/zulip/test/python-segfault/venv/lib/python3.11/site-packages/django/core/handlers/exception.py", line 55 in inner
  File "/home/anders/zulip/test/python-segfault/venv/lib/python3.11/site-packages/django/utils/deprecation.py", line 134 in __call__
  File "/home/anders/zulip/test/python-segfault/venv/lib/python3.11/site-packages/django/core/handlers/exception.py", line 55 in inner
  File "/home/anders/zulip/test/python-segfault/venv/lib/python3.11/site-packages/django/utils/deprecation.py", line 134 in __call__
  File "/home/anders/zulip/test/python-segfault/venv/lib/python3.11/site-packages/django/core/handlers/exception.py", line 55 in inner
  File "/home/anders/zulip/test/python-segfault/venv/lib/python3.11/site-packages/django/utils/deprecation.py", line 134 in __call__
  File "/home/anders/zulip/test/python-segfault/venv/lib/python3.11/site-packages/django/core/handlers/exception.py", line 55 in inner
  File "/home/anders/zulip/test/python-segfault/venv/lib/python3.11/site-packages/django/utils/deprecation.py", line 134 in __call__
  File "/home/anders/zulip/test/python-segfault/venv/lib/python3.11/site-packages/django/core/handlers/exception.py", line 55 in inner
  File "/home/anders/zulip/test/python-segfault/venv/lib/python3.11/site-packages/django/utils/deprecation.py", line 134 in __call__
  File "/home/anders/zulip/test/python-segfault/venv/lib/python3.11/site-packages/django/core/handlers/exception.py", line 55 in inner
  File "/home/anders/zulip/test/python-segfault/venv/lib/python3.11/site-packages/django/core/handlers/base.py", line 140 in get_response
  File "/home/anders/zulip/test/python-segfault/venv/lib/python3.11/site-packages/django/test/client.py", line 176 in __call__
  File "/home/anders/zulip/test/python-segfault/venv/lib/python3.11/site-packages/django/test/client.py", line 886 in request
  File "/home/anders/zulip/test/python-segfault/venv/lib/python3.11/site-packages/django/test/client.py", line 609 in generic
  File "/home/anders/zulip/test/python-segfault/venv/lib/python3.11/site-packages/django/test/client.py", line 482 in post
  File "/home/anders/zulip/test/python-segfault/venv/lib/python3.11/site-packages/django/test/client.py", line 948 in post
  File "/home/anders/zulip/test/python-segfault/myapp/test_me.py", line 35 in test_me
  File "/home/anders/zulip/test/python-segfault/myapp/test_me.py", line 10 in <lambda>
  File "/home/anders/zulip/test/python-segfault/myapp/test_me.py", line 10 in <lambda>
  File "/home/anders/zulip/test/python-segfault/myapp/test_me.py", line 10 in <lambda>
  File "/home/anders/zulip/test/python-segfault/myapp/test_me.py", line 10 in <lambda>
  File "/home/anders/zulip/test/python-segfault/myapp/test_me.py", line 10 in <lambda>
  File "/home/anders/zulip/test/python-segfault/myapp/test_me.py", line 10 in <lambda>
  File "/home/anders/zulip/test/python-segfault/myapp/test_me.py", line 10 in <lambda>
  File "/home/anders/zulip/test/python-segfault/myapp/test_me.py", line 10 in <lambda>
  File "/home/anders/zulip/test/python-segfault/myapp/test_me.py", line 10 in <lambda>
  File "/nix/store/cxsw4x1189ppmsydhwsmssr0x65nygj7-python3-3.11.4/lib/python3.11/unittest/case.py", line 579 in _callTestMethod
  File "/nix/store/cxsw4x1189ppmsydhwsmssr0x65nygj7-python3-3.11.4/lib/python3.11/unittest/case.py", line 623 in run
  File "/nix/store/cxsw4x1189ppmsydhwsmssr0x65nygj7-python3-3.11.4/lib/python3.11/unittest/case.py", line 678 in __call__
  File "/nix/store/cxsw4x1189ppmsydhwsmssr0x65nygj7-python3-3.11.4/lib/python3.11/unittest/suite.py", line 122 in run
  File "/nix/store/cxsw4x1189ppmsydhwsmssr0x65nygj7-python3-3.11.4/lib/python3.11/unittest/suite.py", line 84 in __call__
  File "/nix/store/cxsw4x1189ppmsydhwsmssr0x65nygj7-python3-3.11.4/lib/python3.11/unittest/runner.py", line 217 in run
  File "/home/anders/zulip/test/python-segfault/venv/lib/python3.11/site-packages/django/test/runner.py", line 983 in run_suite
  File "/home/anders/zulip/test/python-segfault/venv/lib/python3.11/site-packages/django/test/runner.py", line 1061 in run_tests
  File "/home/anders/zulip/test/python-segfault/venv/lib/python3.11/site-packages/django/core/management/commands/test.py", line 68 in handle
  File "/home/anders/zulip/test/python-segfault/venv/lib/python3.11/site-packages/django/core/management/base.py", line 458 in execute
  File "/home/anders/zulip/test/python-segfault/venv/lib/python3.11/site-packages/django/core/management/base.py", line 412 in run_from_argv
  File "/home/anders/zulip/test/python-segfault/venv/lib/python3.11/site-packages/django/core/management/commands/test.py", line 24 in run_from_argv
  File "/home/anders/zulip/test/python-segfault/venv/lib/python3.11/site-packages/django/core/management/__init__.py", line 436 in execute
  File "/home/anders/zulip/test/python-segfault/venv/lib/python3.11/site-packages/django/core/management/__init__.py", line 442 in execute_from_command_line
  File "/home/anders/zulip/test/python-segfault/venv/lib/python3.11/site-packages/django/__main__.py", line 9 in <module>
  File "/home/anders/zulip/test/python-segfault/venv/lib/python3.11/site-packages/coverage/execfile.py", line 211 in run
  ...
Segmentation fault (core dumped)

AddressSanitizer traceback

This is from the current 3.11 branch, commit 1bbf60d.

$ python -m coverage run --timid -m django test --settings=myapp.settings
/home/vagrant/python-segfault/venv/lib/python3.11/site-packages/django/conf/__init__.py:241: RemovedInDjango50Warning: The default value of USE_TZ will change from False to True in Django 5.0. Set USE_TZ to False in your project settings if you want to keep the current default behavior.
  warnings.warn(
Found 1 test(s).
System check identified no issues (0 silenced).
150
151
…
199
200
=================================================================
==4327==ERROR: AddressSanitizer: heap-use-after-free on address 0x62900558c25d at pc 0x55fd433dca1a bp 0x7fff5dc37490 sp 0x7fff5dc37488
READ of size 1 at 0x62900558c25d thread T0
    #0 0x55fd433dca19 in frame_dealloc /srv/zulip/anders/cpython/Objects/frameobject.c:854:5
    #1 0x55fd434fcfd9 in _PyTrash_thread_destroy_chain /srv/zulip/anders/cpython/Objects/object.c:2276:9
    #2 0x55fd434fcfd9 in _PyTrash_end /srv/zulip/anders/cpython/Objects/object.c:2302:9
    #3 0x55fd43a02ece in tb_dealloc /srv/zulip/anders/cpython/Python/traceback.c:176:5
    #4 0x55fd434fd7de in _Py_Dealloc /srv/zulip/anders/cpython/Objects/object.c:2390:5
    #5 0x55fd43385e52 in Py_DECREF /srv/zulip/anders/cpython/./Include/object.h:527:9
    #6 0x55fd4338f02e in BaseException_clear /srv/zulip/anders/cpython/Objects/exceptions.c:88:5
    #7 0x55fd43582b66 in subtype_clear /srv/zulip/anders/cpython/Objects/typeobject.c:1297:16
    #8 0x55fd43a48c0f in delete_garbage /srv/zulip/anders/cpython/Modules/gcmodule.c:1013:24
    #9 0x55fd43a48c0f in gc_collect_main /srv/zulip/anders/cpython/Modules/gcmodule.c:1287:5
    #10 0x55fd43a45b8f in gc_collect_with_callback /srv/zulip/anders/cpython/Modules/gcmodule.c:1400:14
    #11 0x55fd43a4ce31 in gc_collect_generations /srv/zulip/anders/cpython/Modules/gcmodule.c:1455:17
    #12 0x55fd43a4ce31 in _PyObject_GC_Link /srv/zulip/anders/cpython/Modules/gcmodule.c:2270:9
    #13 0x55fd43a4d79d in gc_alloc /srv/zulip/anders/cpython/Modules/gcmodule.c:2290:5
    #14 0x55fd43a4d615 in _PyObject_GC_New /srv/zulip/anders/cpython/Modules/gcmodule.c:2298:20
    #15 0x55fd433750e3 in PyWrapper_New /srv/zulip/anders/cpython/Objects/descrobject.c:1460:10
    #16 0x55fd43371a6c in wrapperdescr_get /srv/zulip/anders/cpython/Objects/descrobject.c:220:12
    #17 0x55fd43564a44 in super_getattro /srv/zulip/anders/cpython/Objects/typeobject.c:8869:24
    #18 0x55fd434f511c in PyObject_GetAttr /srv/zulip/anders/cpython/Objects/object.c:916:18
    #19 0x55fd434f8901 in _PyObject_GetMethod /srv/zulip/anders/cpython/Objects/object.c:1164:19
    #20 0x55fd437db452 in _PyEval_EvalFrameDefault /srv/zulip/anders/cpython/Python/ceval.c:4492:30
    #21 0x55fd437b8af6 in _PyEval_EvalFrame /srv/zulip/anders/cpython/./Include/internal/pycore_ceval.h:73:16
    #22 0x55fd437b83f1 in _PyEval_Vector /srv/zulip/anders/cpython/Python/ceval.c:6439:24
    #23 0x55fd433379fb in _PyFunction_Vectorcall /srv/zulip/anders/cpython/Objects/call.c
    #24 0x55fd43342c6e in _PyObject_VectorcallTstate /srv/zulip/anders/cpython/./Include/internal/pycore_call.h:92:11
    #25 0x55fd4333f514 in method_vectorcall /srv/zulip/anders/cpython/Objects/classobject.c:59:18
    #26 0x55fd433377d4 in _PyObject_VectorcallTstate /srv/zulip/anders/cpython/./Include/internal/pycore_call.h:92:11
    #27 0x55fd433377d4 in PyObject_CallOneArg /srv/zulip/anders/cpython/Objects/call.c:376:12
    #28 0x55fd435c571a in call_attribute /srv/zulip/anders/cpython/Objects/typeobject.c:7673:11
    #29 0x55fd435ad736 in slot_tp_getattr_hook /srv/zulip/anders/cpython/Objects/typeobject.c:7709:15
    #30 0x55fd434f511c in PyObject_GetAttr /srv/zulip/anders/cpython/Objects/object.c:916:18
    #31 0x55fd437dae27 in _PyEval_EvalFrameDefault /srv/zulip/anders/cpython/Python/ceval.c:3466:29
    #32 0x55fd437b8af6 in _PyEval_EvalFrame /srv/zulip/anders/cpython/./Include/internal/pycore_ceval.h:73:16
    #33 0x55fd437b83f1 in _PyEval_Vector /srv/zulip/anders/cpython/Python/ceval.c:6439:24
    #34 0x55fd433379fb in _PyFunction_Vectorcall /srv/zulip/anders/cpython/Objects/call.c
    #35 0x55fd43333966 in _PyObject_FastCallDictTstate /srv/zulip/anders/cpython/Objects/call.c:141:15
    #36 0x55fd43338483 in _PyObject_Call_Prepend /srv/zulip/anders/cpython/Objects/call.c:482:24
    #37 0x55fd435afad0 in slot_tp_init /srv/zulip/anders/cpython/Objects/typeobject.c:7863:15
    #38 0x55fd4355cce0 in type_call /srv/zulip/anders/cpython/Objects/typeobject.c:1112:19
    #39 0x55fd43334063 in _PyObject_MakeTpCall /srv/zulip/anders/cpython/Objects/call.c:214:18
    #40 0x55fd43336d3a in _PyObject_VectorcallTstate /srv/zulip/anders/cpython/./Include/internal/pycore_call.h:90:16
    #41 0x55fd43336c2e in PyObject_Vectorcall /srv/zulip/anders/cpython/Objects/call.c:299:12
    #42 0x55fd437e1005 in _PyEval_EvalFrameDefault /srv/zulip/anders/cpython/Python/ceval.c
    #43 0x55fd437b8af6 in _PyEval_EvalFrame /srv/zulip/anders/cpython/./Include/internal/pycore_ceval.h:73:16
    #44 0x55fd437b83f1 in _PyEval_Vector /srv/zulip/anders/cpython/Python/ceval.c:6439:24
    #45 0x55fd433379fb in _PyFunction_Vectorcall /srv/zulip/anders/cpython/Objects/call.c
    #46 0x55fd43342c6e in _PyObject_VectorcallTstate /srv/zulip/anders/cpython/./Include/internal/pycore_call.h:92:11
    #47 0x55fd4333f514 in method_vectorcall /srv/zulip/anders/cpython/Objects/classobject.c:59:18
    #48 0x55fd43336802 in _PyVectorcall_Call /srv/zulip/anders/cpython/Objects/call.c:257:24
    #49 0x55fd433370b5 in _PyObject_Call /srv/zulip/anders/cpython/Objects/call.c:328:16
    #50 0x55fd4333765b in PyObject_Call /srv/zulip/anders/cpython/Objects/call.c:355:12
    #51 0x55fd437e68c3 in do_call_core /srv/zulip/anders/cpython/Python/ceval.c
    #52 0x55fd437e68c3 in _PyEval_EvalFrameDefault /srv/zulip/anders/cpython/Python/ceval.c:5381:22
    #53 0x55fd437b8af6 in _PyEval_EvalFrame /srv/zulip/anders/cpython/./Include/internal/pycore_ceval.h:73:16
    #54 0x55fd437b83f1 in _PyEval_Vector /srv/zulip/anders/cpython/Python/ceval.c:6439:24
    #55 0x55fd433379fb in _PyFunction_Vectorcall /srv/zulip/anders/cpython/Objects/call.c
    #56 0x55fd43342c6e in _PyObject_VectorcallTstate /srv/zulip/anders/cpython/./Include/internal/pycore_call.h:92:11
    #57 0x55fd4333f514 in method_vectorcall /srv/zulip/anders/cpython/Objects/classobject.c:59:18
    #58 0x55fd43336802 in _PyVectorcall_Call /srv/zulip/anders/cpython/Objects/call.c:257:24
    #59 0x55fd433370b5 in _PyObject_Call /srv/zulip/anders/cpython/Objects/call.c:328:16
    #60 0x55fd4333765b in PyObject_Call /srv/zulip/anders/cpython/Objects/call.c:355:12
    #61 0x55fd437e68c3 in do_call_core /srv/zulip/anders/cpython/Python/ceval.c
    #62 0x55fd437e68c3 in _PyEval_EvalFrameDefault /srv/zulip/anders/cpython/Python/ceval.c:5381:22
    #63 0x55fd437b8af6 in _PyEval_EvalFrame /srv/zulip/anders/cpython/./Include/internal/pycore_ceval.h:73:16
    #64 0x55fd437b83f1 in _PyEval_Vector /srv/zulip/anders/cpython/Python/ceval.c:6439:24
    #65 0x55fd433379fb in _PyFunction_Vectorcall /srv/zulip/anders/cpython/Objects/call.c
    #66 0x55fd433377d4 in _PyObject_VectorcallTstate /srv/zulip/anders/cpython/./Include/internal/pycore_call.h:92:11
    #67 0x55fd433377d4 in PyObject_CallOneArg /srv/zulip/anders/cpython/Objects/call.c:376:12
    #68 0x55fd433768f5 in property_descr_get /srv/zulip/anders/cpython/Objects/descrobject.c:1630:12
    #69 0x55fd434f6db1 in _PyObject_GenericGetAttrWithDict /srv/zulip/anders/cpython/Objects/object.c:1278:19
    #70 0x55fd434f6a3c in PyObject_GenericGetAttr /srv/zulip/anders/cpython/Objects/object.c:1368:12
    #71 0x55fd434f511c in PyObject_GetAttr /srv/zulip/anders/cpython/Objects/object.c:916:18
    #72 0x55fd437dae27 in _PyEval_EvalFrameDefault /srv/zulip/anders/cpython/Python/ceval.c:3466:29
    #73 0x55fd437b8af6 in _PyEval_EvalFrame /srv/zulip/anders/cpython/./Include/internal/pycore_ceval.h:73:16
    #74 0x55fd437b83f1 in _PyEval_Vector /srv/zulip/anders/cpython/Python/ceval.c:6439:24
    #75 0x55fd433379fb in _PyFunction_Vectorcall /srv/zulip/anders/cpython/Objects/call.c
    #76 0x55fd4357a005 in _PyObject_VectorcallTstate /srv/zulip/anders/cpython/./Include/internal/pycore_call.h:92:11
    #77 0x55fd435c53ec in vectorcall_unbound /srv/zulip/anders/cpython/Objects/typeobject.c:1650:12
    #78 0x55fd435c53ec in vectorcall_method /srv/zulip/anders/cpython/Objects/typeobject.c:1681:24
    #79 0x55fd435c3663 in slot_mp_subscript /srv/zulip/anders/cpython/Objects/typeobject.c:7404:1
    #80 0x55fd432b37d7 in PyObject_GetItem /srv/zulip/anders/cpython/Objects/abstract.c:157:26
    #81 0x55fd437da9d9 in _PyEval_EvalFrameDefault /srv/zulip/anders/cpython/Python/ceval.c:2137:29
    #82 0x55fd437b8af6 in _PyEval_EvalFrame /srv/zulip/anders/cpython/./Include/internal/pycore_ceval.h:73:16
    #83 0x55fd437b83f1 in _PyEval_Vector /srv/zulip/anders/cpython/Python/ceval.c:6439:24
    #84 0x55fd433379fb in _PyFunction_Vectorcall /srv/zulip/anders/cpython/Objects/call.c
    #85 0x55fd43342c6e in _PyObject_VectorcallTstate /srv/zulip/anders/cpython/./Include/internal/pycore_call.h:92:11
    #86 0x55fd4333f514 in method_vectorcall /srv/zulip/anders/cpython/Objects/classobject.c:59:18
    #87 0x55fd433377d4 in _PyObject_VectorcallTstate /srv/zulip/anders/cpython/./Include/internal/pycore_call.h:92:11
    #88 0x55fd433377d4 in PyObject_CallOneArg /srv/zulip/anders/cpython/Objects/call.c:376:12
    #89 0x55fd435c571a in call_attribute /srv/zulip/anders/cpython/Objects/typeobject.c:7673:11
    #90 0x55fd435ad7fc in slot_tp_getattr_hook /srv/zulip/anders/cpython/Objects/typeobject.c:7714:15
    #91 0x55fd434f511c in PyObject_GetAttr /srv/zulip/anders/cpython/Objects/object.c:916:18
    #92 0x55fd437dae27 in _PyEval_EvalFrameDefault /srv/zulip/anders/cpython/Python/ceval.c:3466:29
    #93 0x55fd437b8af6 in _PyEval_EvalFrame /srv/zulip/anders/cpython/./Include/internal/pycore_ceval.h:73:16
    #94 0x55fd437b83f1 in _PyEval_Vector /srv/zulip/anders/cpython/Python/ceval.c:6439:24
    #95 0x55fd433379fb in _PyFunction_Vectorcall /srv/zulip/anders/cpython/Objects/call.c
    #96 0x55fd433368db in _PyVectorcall_Call /srv/zulip/anders/cpython/Objects/call.c:245:16
    #97 0x55fd433370b5 in _PyObject_Call /srv/zulip/anders/cpython/Objects/call.c:328:16
    #98 0x55fd4333765b in PyObject_Call /srv/zulip/anders/cpython/Objects/call.c:355:12
    #99 0x55fd437e68c3 in do_call_core /srv/zulip/anders/cpython/Python/ceval.c
    #100 0x55fd437e68c3 in _PyEval_EvalFrameDefault /srv/zulip/anders/cpython/Python/ceval.c:5381:22
    #101 0x55fd437b8af6 in _PyEval_EvalFrame /srv/zulip/anders/cpython/./Include/internal/pycore_ceval.h:73:16
    #102 0x55fd437b83f1 in _PyEval_Vector /srv/zulip/anders/cpython/Python/ceval.c:6439:24
    #103 0x55fd433379fb in _PyFunction_Vectorcall /srv/zulip/anders/cpython/Objects/call.c
    #104 0x55fd433368db in _PyVectorcall_Call /srv/zulip/anders/cpython/Objects/call.c:245:16
    #105 0x55fd433370b5 in _PyObject_Call /srv/zulip/anders/cpython/Objects/call.c:328:16
    #106 0x55fd4333765b in PyObject_Call /srv/zulip/anders/cpython/Objects/call.c:355:12
    #107 0x55fd437e68c3 in do_call_core /srv/zulip/anders/cpython/Python/ceval.c
    #108 0x55fd437e68c3 in _PyEval_EvalFrameDefault /srv/zulip/anders/cpython/Python/ceval.c:5381:22
    #109 0x55fd437b8af6 in _PyEval_EvalFrame /srv/zulip/anders/cpython/./Include/internal/pycore_ceval.h:73:16
    #110 0x55fd437b83f1 in _PyEval_Vector /srv/zulip/anders/cpython/Python/ceval.c:6439:24
    #111 0x55fd433379fb in _PyFunction_Vectorcall /srv/zulip/anders/cpython/Objects/call.c
    #112 0x55fd433368db in _PyVectorcall_Call /srv/zulip/anders/cpython/Objects/call.c:245:16
    #113 0x55fd433370b5 in _PyObject_Call /srv/zulip/anders/cpython/Objects/call.c:328:16
    #114 0x55fd4333765b in PyObject_Call /srv/zulip/anders/cpython/Objects/call.c:355:12
    #115 0x55fd437e68c3 in do_call_core /srv/zulip/anders/cpython/Python/ceval.c
    #116 0x55fd437e68c3 in _PyEval_EvalFrameDefault /srv/zulip/anders/cpython/Python/ceval.c:5381:22
    #117 0x55fd437b8af6 in _PyEval_EvalFrame /srv/zulip/anders/cpython/./Include/internal/pycore_ceval.h:73:16
    #118 0x55fd437b83f1 in _PyEval_Vector /srv/zulip/anders/cpython/Python/ceval.c:6439:24
    #119 0x55fd433379fb in _PyFunction_Vectorcall /srv/zulip/anders/cpython/Objects/call.c
    #120 0x55fd433368db in _PyVectorcall_Call /srv/zulip/anders/cpython/Objects/call.c:245:16
    #121 0x55fd433370b5 in _PyObject_Call /srv/zulip/anders/cpython/Objects/call.c:328:16
    #122 0x55fd4333765b in PyObject_Call /srv/zulip/anders/cpython/Objects/call.c:355:12
    #123 0x55fd437e68c3 in do_call_core /srv/zulip/anders/cpython/Python/ceval.c
    #124 0x55fd437e68c3 in _PyEval_EvalFrameDefault /srv/zulip/anders/cpython/Python/ceval.c:5381:22
    #125 0x55fd437b8af6 in _PyEval_EvalFrame /srv/zulip/anders/cpython/./Include/internal/pycore_ceval.h:73:16
    #126 0x55fd437b83f1 in _PyEval_Vector /srv/zulip/anders/cpython/Python/ceval.c:6439:24
    #127 0x55fd433379fb in _PyFunction_Vectorcall /srv/zulip/anders/cpython/Objects/call.c
    #128 0x55fd433368db in _PyVectorcall_Call /srv/zulip/anders/cpython/Objects/call.c:245:16
    #129 0x55fd433370b5 in _PyObject_Call /srv/zulip/anders/cpython/Objects/call.c:328:16
    #130 0x55fd4333765b in PyObject_Call /srv/zulip/anders/cpython/Objects/call.c:355:12
    #131 0x55fd437e68c3 in do_call_core /srv/zulip/anders/cpython/Python/ceval.c
    #132 0x55fd437e68c3 in _PyEval_EvalFrameDefault /srv/zulip/anders/cpython/Python/ceval.c:5381:22
    #133 0x55fd437b8af6 in _PyEval_EvalFrame /srv/zulip/anders/cpython/./Include/internal/pycore_ceval.h:73:16
    #134 0x55fd437b83f1 in _PyEval_Vector /srv/zulip/anders/cpython/Python/ceval.c:6439:24
    #135 0x55fd433379fb in _PyFunction_Vectorcall /srv/zulip/anders/cpython/Objects/call.c
    #136 0x55fd433368db in _PyVectorcall_Call /srv/zulip/anders/cpython/Objects/call.c:245:16
    #137 0x55fd433370b5 in _PyObject_Call /srv/zulip/anders/cpython/Objects/call.c:328:16
    #138 0x55fd4333765b in PyObject_Call /srv/zulip/anders/cpython/Objects/call.c:355:12
    #139 0x55fd437e68c3 in do_call_core /srv/zulip/anders/cpython/Python/ceval.c
    #140 0x55fd437e68c3 in _PyEval_EvalFrameDefault /srv/zulip/anders/cpython/Python/ceval.c:5381:22
    #141 0x55fd437b8af6 in _PyEval_EvalFrame /srv/zulip/anders/cpython/./Include/internal/pycore_ceval.h:73:16
    #142 0x55fd437b83f1 in _PyEval_Vector /srv/zulip/anders/cpython/Python/ceval.c:6439:24
    #143 0x55fd433379fb in _PyFunction_Vectorcall /srv/zulip/anders/cpython/Objects/call.c
    #144 0x55fd433368db in _PyVectorcall_Call /srv/zulip/anders/cpython/Objects/call.c:245:16
    #145 0x55fd433370b5 in _PyObject_Call /srv/zulip/anders/cpython/Objects/call.c:328:16
    #146 0x55fd4333765b in PyObject_Call /srv/zulip/anders/cpython/Objects/call.c:355:12
    #147 0x55fd437e68c3 in do_call_core /srv/zulip/anders/cpython/Python/ceval.c
    #148 0x55fd437e68c3 in _PyEval_EvalFrameDefault /srv/zulip/anders/cpython/Python/ceval.c:5381:22
    #149 0x55fd437b8af6 in _PyEval_EvalFrame /srv/zulip/anders/cpython/./Include/internal/pycore_ceval.h:73:16
    #150 0x55fd437b83f1 in _PyEval_Vector /srv/zulip/anders/cpython/Python/ceval.c:6439:24
    #151 0x55fd433379fb in _PyFunction_Vectorcall /srv/zulip/anders/cpython/Objects/call.c
    #152 0x55fd433368db in _PyVectorcall_Call /srv/zulip/anders/cpython/Objects/call.c:245:16
    #153 0x55fd433370b5 in _PyObject_Call /srv/zulip/anders/cpython/Objects/call.c:328:16
    #154 0x55fd4333765b in PyObject_Call /srv/zulip/anders/cpython/Objects/call.c:355:12
    #155 0x55fd437e68c3 in do_call_core /srv/zulip/anders/cpython/Python/ceval.c
    #156 0x55fd437e68c3 in _PyEval_EvalFrameDefault /srv/zulip/anders/cpython/Python/ceval.c:5381:22
    #157 0x55fd437b8af6 in _PyEval_EvalFrame /srv/zulip/anders/cpython/./Include/internal/pycore_ceval.h:73:16
    #158 0x55fd437b83f1 in _PyEval_Vector /srv/zulip/anders/cpython/Python/ceval.c:6439:24
    #159 0x55fd433379fb in _PyFunction_Vectorcall /srv/zulip/anders/cpython/Objects/call.c
    #160 0x55fd43333966 in _PyObject_FastCallDictTstate /srv/zulip/anders/cpython/Objects/call.c:141:15
    #161 0x55fd43338483 in _PyObject_Call_Prepend /srv/zulip/anders/cpython/Objects/call.c:482:24
    #162 0x55fd435ad2f1 in slot_tp_call /srv/zulip/anders/cpython/Objects/typeobject.c:7632:15
    #163 0x55fd43334063 in _PyObject_MakeTpCall /srv/zulip/anders/cpython/Objects/call.c:214:18
    #164 0x55fd43336d3a in _PyObject_VectorcallTstate /srv/zulip/anders/cpython/./Include/internal/pycore_call.h:90:16
    #165 0x55fd43336c2e in PyObject_Vectorcall /srv/zulip/anders/cpython/Objects/call.c:299:12
    #166 0x55fd437e1005 in _PyEval_EvalFrameDefault /srv/zulip/anders/cpython/Python/ceval.c
    #167 0x55fd437b8af6 in _PyEval_EvalFrame /srv/zulip/anders/cpython/./Include/internal/pycore_ceval.h:73:16
    #168 0x55fd437b83f1 in _PyEval_Vector /srv/zulip/anders/cpython/Python/ceval.c:6439:24
    #169 0x55fd433379fb in _PyFunction_Vectorcall /srv/zulip/anders/cpython/Objects/call.c
    #170 0x55fd43333966 in _PyObject_FastCallDictTstate /srv/zulip/anders/cpython/Objects/call.c:141:15
    #171 0x55fd43338483 in _PyObject_Call_Prepend /srv/zulip/anders/cpython/Objects/call.c:482:24
    #172 0x55fd435ad2f1 in slot_tp_call /srv/zulip/anders/cpython/Objects/typeobject.c:7632:15
    #173 0x55fd43334063 in _PyObject_MakeTpCall /srv/zulip/anders/cpython/Objects/call.c:214:18
    #174 0x55fd43336d3a in _PyObject_VectorcallTstate /srv/zulip/anders/cpython/./Include/internal/pycore_call.h:90:16
    #175 0x55fd43336c2e in PyObject_Vectorcall /srv/zulip/anders/cpython/Objects/call.c:299:12
    #176 0x55fd437e1005 in _PyEval_EvalFrameDefault /srv/zulip/anders/cpython/Python/ceval.c
    #177 0x55fd437b8af6 in _PyEval_EvalFrame /srv/zulip/anders/cpython/./Include/internal/pycore_ceval.h:73:16
    #178 0x55fd437b83f1 in _PyEval_Vector /srv/zulip/anders/cpython/Python/ceval.c:6439:24
    #179 0x55fd433379fb in _PyFunction_Vectorcall /srv/zulip/anders/cpython/Objects/call.c
    #180 0x55fd43333966 in _PyObject_FastCallDictTstate /srv/zulip/anders/cpython/Objects/call.c:141:15
    #181 0x55fd43338483 in _PyObject_Call_Prepend /srv/zulip/anders/cpython/Objects/call.c:482:24
    #182 0x55fd435ad2f1 in slot_tp_call /srv/zulip/anders/cpython/Objects/typeobject.c:7632:15
    #183 0x55fd43334063 in _PyObject_MakeTpCall /srv/zulip/anders/cpython/Objects/call.c:214:18
    #184 0x55fd43336d3a in _PyObject_VectorcallTstate /srv/zulip/anders/cpython/./Include/internal/pycore_call.h:90:16
    #185 0x55fd43336c2e in PyObject_Vectorcall /srv/zulip/anders/cpython/Objects/call.c:299:12
    #186 0x55fd437e1005 in _PyEval_EvalFrameDefault /srv/zulip/anders/cpython/Python/ceval.c
    #187 0x55fd437b8af6 in _PyEval_EvalFrame /srv/zulip/anders/cpython/./Include/internal/pycore_ceval.h:73:16
    #188 0x55fd437b83f1 in _PyEval_Vector /srv/zulip/anders/cpython/Python/ceval.c:6439:24
    #189 0x55fd433379fb in _PyFunction_Vectorcall /srv/zulip/anders/cpython/Objects/call.c
    #190 0x55fd43333966 in _PyObject_FastCallDictTstate /srv/zulip/anders/cpython/Objects/call.c:141:15
    #191 0x55fd43338483 in _PyObject_Call_Prepend /srv/zulip/anders/cpython/Objects/call.c:482:24
    #192 0x55fd435ad2f1 in slot_tp_call /srv/zulip/anders/cpython/Objects/typeobject.c:7632:15
    #193 0x55fd43334063 in _PyObject_MakeTpCall /srv/zulip/anders/cpython/Objects/call.c:214:18
    #194 0x55fd43336d3a in _PyObject_VectorcallTstate /srv/zulip/anders/cpython/./Include/internal/pycore_call.h:90:16
    #195 0x55fd43336c2e in PyObject_Vectorcall /srv/zulip/anders/cpython/Objects/call.c:299:12
    #196 0x55fd437e1005 in _PyEval_EvalFrameDefault /srv/zulip/anders/cpython/Python/ceval.c
    #197 0x55fd437b8af6 in _PyEval_EvalFrame /srv/zulip/anders/cpython/./Include/internal/pycore_ceval.h:73:16
    #198 0x55fd437b83f1 in _PyEval_Vector /srv/zulip/anders/cpython/Python/ceval.c:6439:24
    #199 0x55fd433379fb in _PyFunction_Vectorcall /srv/zulip/anders/cpython/Objects/call.c
    #200 0x55fd43333966 in _PyObject_FastCallDictTstate /srv/zulip/anders/cpython/Objects/call.c:141:15
    #201 0x55fd43338483 in _PyObject_Call_Prepend /srv/zulip/anders/cpython/Objects/call.c:482:24
    #202 0x55fd435ad2f1 in slot_tp_call /srv/zulip/anders/cpython/Objects/typeobject.c:7632:15
    #203 0x55fd43334063 in _PyObject_MakeTpCall /srv/zulip/anders/cpython/Objects/call.c:214:18
    #204 0x55fd43336d3a in _PyObject_VectorcallTstate /srv/zulip/anders/cpython/./Include/internal/pycore_call.h:90:16
    #205 0x55fd43336c2e in PyObject_Vectorcall /srv/zulip/anders/cpython/Objects/call.c:299:12
    #206 0x55fd437e1005 in _PyEval_EvalFrameDefault /srv/zulip/anders/cpython/Python/ceval.c
    #207 0x55fd437b8af6 in _PyEval_EvalFrame /srv/zulip/anders/cpython/./Include/internal/pycore_ceval.h:73:16
    #208 0x55fd437b83f1 in _PyEval_Vector /srv/zulip/anders/cpython/Python/ceval.c:6439:24
    #209 0x55fd433379fb in _PyFunction_Vectorcall /srv/zulip/anders/cpython/Objects/call.c
    #210 0x55fd43333966 in _PyObject_FastCallDictTstate /srv/zulip/anders/cpython/Objects/call.c:141:15
    #211 0x55fd43338483 in _PyObject_Call_Prepend /srv/zulip/anders/cpython/Objects/call.c:482:24
    #212 0x55fd435ad2f1 in slot_tp_call /srv/zulip/anders/cpython/Objects/typeobject.c:7632:15
    #213 0x55fd43334063 in _PyObject_MakeTpCall /srv/zulip/anders/cpython/Objects/call.c:214:18
    #214 0x55fd43336d3a in _PyObject_VectorcallTstate /srv/zulip/anders/cpython/./Include/internal/pycore_call.h:90:16
    #215 0x55fd43336c2e in PyObject_Vectorcall /srv/zulip/anders/cpython/Objects/call.c:299:12
    #216 0x55fd437e1005 in _PyEval_EvalFrameDefault /srv/zulip/anders/cpython/Python/ceval.c
    #217 0x55fd437b8af6 in _PyEval_EvalFrame /srv/zulip/anders/cpython/./Include/internal/pycore_ceval.h:73:16
    #218 0x55fd437b83f1 in _PyEval_Vector /srv/zulip/anders/cpython/Python/ceval.c:6439:24
    #219 0x55fd433379fb in _PyFunction_Vectorcall /srv/zulip/anders/cpython/Objects/call.c
    #220 0x55fd43333966 in _PyObject_FastCallDictTstate /srv/zulip/anders/cpython/Objects/call.c:141:15
    #221 0x55fd43338483 in _PyObject_Call_Prepend /srv/zulip/anders/cpython/Objects/call.c:482:24
    #222 0x55fd435ad2f1 in slot_tp_call /srv/zulip/anders/cpython/Objects/typeobject.c:7632:15
    #223 0x55fd43334063 in _PyObject_MakeTpCall /srv/zulip/anders/cpython/Objects/call.c:214:18
    #224 0x55fd43336d3a in _PyObject_VectorcallTstate /srv/zulip/anders/cpython/./Include/internal/pycore_call.h:90:16
    #225 0x55fd43336c2e in PyObject_Vectorcall /srv/zulip/anders/cpython/Objects/call.c:299:12
    #226 0x55fd437e1005 in _PyEval_EvalFrameDefault /srv/zulip/anders/cpython/Python/ceval.c
    #227 0x55fd437b8af6 in _PyEval_EvalFrame /srv/zulip/anders/cpython/./Include/internal/pycore_ceval.h:73:16
    #228 0x55fd437b83f1 in _PyEval_Vector /srv/zulip/anders/cpython/Python/ceval.c:6439:24
    #229 0x55fd433379fb in _PyFunction_Vectorcall /srv/zulip/anders/cpython/Objects/call.c
    #230 0x55fd43333966 in _PyObject_FastCallDictTstate /srv/zulip/anders/cpython/Objects/call.c:141:15
    #231 0x55fd43338483 in _PyObject_Call_Prepend /srv/zulip/anders/cpython/Objects/call.c:482:24
    #232 0x55fd435ad2f1 in slot_tp_call /srv/zulip/anders/cpython/Objects/typeobject.c:7632:15
    #233 0x55fd43334063 in _PyObject_MakeTpCall /srv/zulip/anders/cpython/Objects/call.c:214:18
    #234 0x55fd43336d3a in _PyObject_VectorcallTstate /srv/zulip/anders/cpython/./Include/internal/pycore_call.h:90:16
    #235 0x55fd43336c2e in PyObject_Vectorcall /srv/zulip/anders/cpython/Objects/call.c:299:12
    #236 0x55fd437e1005 in _PyEval_EvalFrameDefault /srv/zulip/anders/cpython/Python/ceval.c
    #237 0x55fd437b8af6 in _PyEval_EvalFrame /srv/zulip/anders/cpython/./Include/internal/pycore_ceval.h:73:16
    #238 0x55fd437b83f1 in _PyEval_Vector /srv/zulip/anders/cpython/Python/ceval.c:6439:24
    #239 0x55fd433379fb in _PyFunction_Vectorcall /srv/zulip/anders/cpython/Objects/call.c
    #240 0x55fd43333966 in _PyObject_FastCallDictTstate /srv/zulip/anders/cpython/Objects/call.c:141:15
    #241 0x55fd43338483 in _PyObject_Call_Prepend /srv/zulip/anders/cpython/Objects/call.c:482:24
    #242 0x55fd435ad2f1 in slot_tp_call /srv/zulip/anders/cpython/Objects/typeobject.c:7632:15
    #243 0x55fd43334063 in _PyObject_MakeTpCall /srv/zulip/anders/cpython/Objects/call.c:214:18
    #244 0x55fd43336d3a in _PyObject_VectorcallTstate /srv/zulip/anders/cpython/./Include/internal/pycore_call.h:90:16
    #245 0x55fd43336c2e in PyObject_Vectorcall /srv/zulip/anders/cpython/Objects/call.c:299:12
    #246 0x55fd437e1005 in _PyEval_EvalFrameDefault /srv/zulip/anders/cpython/Python/ceval.c
    #247 0x55fd437b8af6 in _PyEval_EvalFrame /srv/zulip/anders/cpython/./Include/internal/pycore_ceval.h:73:16
    #248 0x55fd437b83f1 in _PyEval_Vector /srv/zulip/anders/cpython/Python/ceval.c:6439:24
    #249 0x55fd433379fb in _PyFunction_Vectorcall /srv/zulip/anders/cpython/Objects/call.c
    #250 0x55fd43333966 in _PyObject_FastCallDictTstate /srv/zulip/anders/cpython/Objects/call.c:141:15
    #251 0x55fd43338483 in _PyObject_Call_Prepend /srv/zulip/anders/cpython/Objects/call.c:482:24
    #252 0x55fd435ad2f1 in slot_tp_call /srv/zulip/anders/cpython/Objects/typeobject.c:7632:15
    #253 0x55fd43334063 in _PyObject_MakeTpCall /srv/zulip/anders/cpython/Objects/call.c:214:18
    #254 0x55fd43336d3a in _PyObject_VectorcallTstate /srv/zulip/anders/cpython/./Include/internal/pycore_call.h:90:16
    #255 0x55fd43336c2e in PyObject_Vectorcall /srv/zulip/anders/cpython/Objects/call.c:299:12
    #256 0x55fd437e1005 in _PyEval_EvalFrameDefault /srv/zulip/anders/cpython/Python/ceval.c
    #257 0x55fd437b8af6 in _PyEval_EvalFrame /srv/zulip/anders/cpython/./Include/internal/pycore_ceval.h:73:16
    #258 0x55fd437b83f1 in _PyEval_Vector /srv/zulip/anders/cpython/Python/ceval.c:6439:24
    #259 0x55fd433379fb in _PyFunction_Vectorcall /srv/zulip/anders/cpython/Objects/call.c
    #260 0x55fd43333966 in _PyObject_FastCallDictTstate /srv/zulip/anders/cpython/Objects/call.c:141:15
    #261 0x55fd43338483 in _PyObject_Call_Prepend /srv/zulip/anders/cpython/Objects/call.c:482:24
    #262 0x55fd435ad2f1 in slot_tp_call /srv/zulip/anders/cpython/Objects/typeobject.c:7632:15
    #263 0x55fd43334063 in _PyObject_MakeTpCall /srv/zulip/anders/cpython/Objects/call.c:214:18
    #264 0x55fd43336d3a in _PyObject_VectorcallTstate /srv/zulip/anders/cpython/./Include/internal/pycore_call.h:90:16

0x62900558c25d is located 93 bytes inside of 16384-byte region [0x62900558c200,0x629005590200)
freed by thread T0 here:
    #0 0x55fd42f60bc2 in free (/srv/zulip/anders/cpython/python+0xa0dbc2) (BuildId: 2805b43d8a9ad47b1cbf8f8d1e83c8be78721c21)
    #1 0x55fd435005fb in _PyObject_ArenaFree /srv/zulip/anders/cpython/Objects/obmalloc.c:176:5
    #2 0x55fd434ffa86 in _PyObject_VirtualFree /srv/zulip/anders/cpython/Objects/obmalloc.c:566:5
    #3 0x55fd439a6efc in _PyThreadState_PopFrame /srv/zulip/anders/cpython/Python/pystate.c:2229:9
    #4 0x55fd43829cbc in _PyEvalFrameClearAndPop /srv/zulip/anders/cpython/Python/ceval.c:6413:5
    #5 0x55fd437b84f9 in _PyEval_Vector /srv/zulip/anders/cpython/Python/ceval.c:6444:5
    #6 0x55fd433379fb in _PyFunction_Vectorcall /srv/zulip/anders/cpython/Objects/call.c
    #7 0x55fd43342c6e in _PyObject_VectorcallTstate /srv/zulip/anders/cpython/./Include/internal/pycore_call.h:92:11
    #8 0x55fd4333f839 in method_vectorcall /srv/zulip/anders/cpython/Objects/classobject.c:67:20
    #9 0x55fd433368db in _PyVectorcall_Call /srv/zulip/anders/cpython/Objects/call.c:245:16
    #10 0x55fd433370b5 in _PyObject_Call /srv/zulip/anders/cpython/Objects/call.c:328:16
    #11 0x55fd4333765b in PyObject_Call /srv/zulip/anders/cpython/Objects/call.c:355:12
    #12 0x55fd437e68c3 in do_call_core /srv/zulip/anders/cpython/Python/ceval.c
    #13 0x55fd437e68c3 in _PyEval_EvalFrameDefault /srv/zulip/anders/cpython/Python/ceval.c:5381:22
    #14 0x55fd437b8af6 in _PyEval_EvalFrame /srv/zulip/anders/cpython/./Include/internal/pycore_ceval.h:73:16
    #15 0x55fd437b83f1 in _PyEval_Vector /srv/zulip/anders/cpython/Python/ceval.c:6439:24
    #16 0x55fd433379fb in _PyFunction_Vectorcall /srv/zulip/anders/cpython/Objects/call.c
    #17 0x55fd43333966 in _PyObject_FastCallDictTstate /srv/zulip/anders/cpython/Objects/call.c:141:15
    #18 0x55fd43338483 in _PyObject_Call_Prepend /srv/zulip/anders/cpython/Objects/call.c:482:24
    #19 0x55fd435ad2f1 in slot_tp_call /srv/zulip/anders/cpython/Objects/typeobject.c:7632:15
    #20 0x55fd43334063 in _PyObject_MakeTpCall /srv/zulip/anders/cpython/Objects/call.c:214:18
    #21 0x55fd433377ff in _PyObject_VectorcallTstate /srv/zulip/anders/cpython/./Include/internal/pycore_call.h:90:16
    #22 0x55fd433377ff in PyObject_CallOneArg /srv/zulip/anders/cpython/Objects/call.c:376:12
    #23 0x55fd436bf2b3 in handle_callback /srv/zulip/anders/cpython/Objects/weakrefobject.c:928:26
    #24 0x55fd436be4cc in PyObject_ClearWeakRefs /srv/zulip/anders/cpython/Objects/weakrefobject.c:974:21
    #25 0x55fd43c380ee in partial_dealloc /srv/zulip/anders/cpython/./Modules/_functoolsmodule.c:179:9
    #26 0x55fd434fd7de in _Py_Dealloc /srv/zulip/anders/cpython/Objects/object.c:2390:5
    #27 0x55fd433e0972 in Py_DECREF /srv/zulip/anders/cpython/./Include/object.h:527:9
    #28 0x55fd433dc796 in frame_dealloc /srv/zulip/anders/cpython/Objects/frameobject.c:875:13
    #29 0x55fd434fd7de in _Py_Dealloc /srv/zulip/anders/cpython/Objects/object.c:2390:5
    #30 0x55fd433e0972 in Py_DECREF /srv/zulip/anders/cpython/./Include/object.h:527:9
    #31 0x55fd433dc950 in frame_dealloc /srv/zulip/anders/cpython/Objects/frameobject.c:878:5

previously allocated by thread T0 here:
    #0 0x55fd42f60e6e in __interceptor_malloc (/srv/zulip/anders/cpython/python+0xa0de6e) (BuildId: 2805b43d8a9ad47b1cbf8f8d1e83c8be78721c21)
    #1 0x55fd435005eb in _PyObject_ArenaMalloc /srv/zulip/anders/cpython/Objects/obmalloc.c:170:12
    #2 0x55fd434ffa63 in _PyObject_VirtualAlloc /srv/zulip/anders/cpython/Objects/obmalloc.c:560:12
    #3 0x55fd439a5f54 in allocate_chunk /srv/zulip/anders/cpython/Python/pystate.c:731:26
    #4 0x55fd439a5f54 in push_chunk /srv/zulip/anders/cpython/Python/pystate.c:2184:26
    #5 0x55fd439a5f54 in _PyThreadState_BumpFramePointerSlow /srv/zulip/anders/cpython/Python/pystate.c:2214:35
    #6 0x55fd4382819a in _PyThreadState_BumpFramePointer /srv/zulip/anders/cpython/./Include/internal/pycore_frame.h:218:12
    #7 0x55fd4382d907 in _PyEvalFramePushAndInit /srv/zulip/anders/cpython/Python/ceval.c:6371:34
    #8 0x55fd437b83d8 in _PyEval_Vector /srv/zulip/anders/cpython/Python/ceval.c:6434:34
    #9 0x55fd433379fb in _PyFunction_Vectorcall /srv/zulip/anders/cpython/Objects/call.c
    #10 0x55fd43342c6e in _PyObject_VectorcallTstate /srv/zulip/anders/cpython/./Include/internal/pycore_call.h:92:11
    #11 0x55fd4333f839 in method_vectorcall /srv/zulip/anders/cpython/Objects/classobject.c:67:20
    #12 0x55fd433368db in _PyVectorcall_Call /srv/zulip/anders/cpython/Objects/call.c:245:16
    #13 0x55fd433370b5 in _PyObject_Call /srv/zulip/anders/cpython/Objects/call.c:328:16
    #14 0x55fd4333765b in PyObject_Call /srv/zulip/anders/cpython/Objects/call.c:355:12
    #15 0x55fd437e68c3 in do_call_core /srv/zulip/anders/cpython/Python/ceval.c
    #16 0x55fd437e68c3 in _PyEval_EvalFrameDefault /srv/zulip/anders/cpython/Python/ceval.c:5381:22
    #17 0x55fd437b8af6 in _PyEval_EvalFrame /srv/zulip/anders/cpython/./Include/internal/pycore_ceval.h:73:16
    #18 0x55fd437b83f1 in _PyEval_Vector /srv/zulip/anders/cpython/Python/ceval.c:6439:24
    #19 0x55fd433379fb in _PyFunction_Vectorcall /srv/zulip/anders/cpython/Objects/call.c
    #20 0x55fd43333966 in _PyObject_FastCallDictTstate /srv/zulip/anders/cpython/Objects/call.c:141:15
    #21 0x55fd43338483 in _PyObject_Call_Prepend /srv/zulip/anders/cpython/Objects/call.c:482:24
    #22 0x55fd435ad2f1 in slot_tp_call /srv/zulip/anders/cpython/Objects/typeobject.c:7632:15
    #23 0x55fd43334063 in _PyObject_MakeTpCall /srv/zulip/anders/cpython/Objects/call.c:214:18
    #24 0x55fd433377ff in _PyObject_VectorcallTstate /srv/zulip/anders/cpython/./Include/internal/pycore_call.h:90:16
    #25 0x55fd433377ff in PyObject_CallOneArg /srv/zulip/anders/cpython/Objects/call.c:376:12
    #26 0x55fd436bf2b3 in handle_callback /srv/zulip/anders/cpython/Objects/weakrefobject.c:928:26
    #27 0x55fd436be4cc in PyObject_ClearWeakRefs /srv/zulip/anders/cpython/Objects/weakrefobject.c:974:21
    #28 0x55fd43c380ee in partial_dealloc /srv/zulip/anders/cpython/./Modules/_functoolsmodule.c:179:9
    #29 0x55fd434fd7de in _Py_Dealloc /srv/zulip/anders/cpython/Objects/object.c:2390:5
    #30 0x55fd433e0972 in Py_DECREF /srv/zulip/anders/cpython/./Include/object.h:527:9
    #31 0x55fd433dc796 in frame_dealloc /srv/zulip/anders/cpython/Objects/frameobject.c:875:13
    #32 0x55fd434fd7de in _Py_Dealloc /srv/zulip/anders/cpython/Objects/object.c:2390:5
    #33 0x55fd433e0972 in Py_DECREF /srv/zulip/anders/cpython/./Include/object.h:527:9

SUMMARY: AddressSanitizer: heap-use-after-free /srv/zulip/anders/cpython/Objects/frameobject.c:854:5 in frame_dealloc
Shadow bytes around the buggy address:
  0x0c5280aa97f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c5280aa9800: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c5280aa9810: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c5280aa9820: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c5280aa9830: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c5280aa9840: fd fd fd fd fd fd fd fd fd fd fd[fd]fd fd fd fd
  0x0c5280aa9850: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c5280aa9860: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c5280aa9870: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c5280aa9880: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c5280aa9890: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==4327==ABORTING

Your environment

CPython versions tested on: 3.11.4, 3.12.0b3
Operating system and architecture: NixOS 23.11 x86_64, Debian 12 x86_64

Linked PRs

The text was updated successfully, but these errors were encountered:

Having exactly 17 middlewares, on Python 3.11.0 and above, causes python to segfault when running tests with coverage; see python/cpython#106092 Work around this by adding a no-op middleware if we would hit that unlucky number. We only add it in testing, since coverage is a requirement to trigger it, and there is no reason to burden production with an additional wrapping.

Having exactly 17 or 18 middlewares, on Python 3.11.0 and above, causes python to segfault when running tests with coverage; see python/cpython#106092 Work around this by adding a no-op middleware if we would hit that unlucky number. We only add it in testing, since coverage is a requirement to trigger it, and there is no reason to burden production with an additional wrapping.

andersk · 2023-06-28T00:38:34Z

I think I understand the problem.

_PyFrame_ClearExceptCode is careful to check whether an extra outstanding reference to the PyFrameObject could delay its deallocation, in which case it calls take_ownership to replace the f_frame back-pointer so frame_dealloc doesn’t later dereference f_frame to already-freed memory.

cpython/Python/frame.c

Lines 128 to 137 in f992a60

    
           if (frame->frame_obj) { 
        
               PyFrameObject *f = frame->frame_obj; 
        
               frame->frame_obj = NULL; 
        
               if (Py_REFCNT(f) > 1) { 
        
                   take_ownership(f, frame); 
        
                   Py_DECREF(f); 
        
                   return; 
        
               } 
        
               Py_DECREF(f); 
        
           }

However, that is not the only reason the PyFrameObject’s deallocation could be delayed! If the maximum nesting level is reached, _PyTrash_begin could decide to store the PyFrameObject in the trashcan to be deallocated later. In that case, frame_dealloc will dereference f_frame to already-freed memory anyway.

Cc @markshannon (GH-27077).

Having exactly 17 or 18 middlewares, on Python 3.11.0 and above, causes python to segfault when running tests with coverage; see python/cpython#106092 Work around this by adding a no-op middleware if we would hit that unlucky number. We only add it in testing, since coverage is a requirement to trigger it, and there is no reason to burden production with an additional wrapping.

Having exactly 17 or 18 middlewares, on Python 3.11.0 and above, causes python to segfault when running tests with coverage; see python/cpython#106092 Work around this by adding one or two no-op middlewares if we would hit those unlucky numbers. We only add them in testing, since coverage is a requirement to trigger it, and there is no reason to burden production with additional wrapping.

Having exactly 17 or 18 middlewares, on Python 3.11.0 and above, causes python to segfault when running tests with coverage; see python/cpython#106092 Work around this by adding one or two no-op middlewares if we would hit those unlucky numbers. We only add them in testing, since coverage is a requirement to trigger it, and there is no reason to burden production with additional wrapping. (cherry picked from commit cf0b803)

currently fails with a segmentation fault. Could be related to python/cpython#106092

It was possible for the trashcan to delay the deallocation of a PyFrameObject until after its corresponding _PyInterpreterFrame has already been freed. So frame_dealloc needs to avoid dereferencing the f_frame pointer unless it first checks that the pointer still points to valid memory. Signed-off-by: Anders Kaseorg <[email protected]>

It was possible for the trashcan to delay the deallocation of a PyFrameObject until after its corresponding _PyInterpreterFrame has already been freed. So frame_dealloc needs to avoid dereferencing the f_frame pointer unless it first checks that the pointer still points to the interpreter frame within the frame object. Signed-off-by: Anders Kaseorg <[email protected]>

…106875) It was possible for the trashcan to delay the deallocation of a PyFrameObject until after its corresponding _PyInterpreterFrame has already been freed. So frame_dealloc needs to avoid dereferencing the f_frame pointer unless it first checks that the pointer still points to the interpreter frame within the frame object. (cherry picked from commit 557b05c) Co-authored-by: Anders Kaseorg <[email protected]> Signed-off-by: Anders Kaseorg <[email protected]>

… (#107533)

… (#107532) gh-106092: Fix use-after-free crash in frame_dealloc (GH-106875) It was possible for the trashcan to delay the deallocation of a PyFrameObject until after its corresponding _PyInterpreterFrame has already been freed. So frame_dealloc needs to avoid dereferencing the f_frame pointer unless it first checks that the pointer still points to the interpreter frame within the frame object. (cherry picked from commit 557b05c) Signed-off-by: Anders Kaseorg <[email protected]> Co-authored-by: Anders Kaseorg <[email protected]>

currently fails with a segmentation fault. Could be related to python/cpython#106092 Co-authored-by: Colton Myers <[email protected]>

This is probably a more effective workaround for python/cpython#106092. Signed-off-by: Anders Kaseorg <[email protected]>

This is probably a more effective workaround for python/cpython#106092. Signed-off-by: Anders Kaseorg <[email protected]> (cherry picked from commit 4f27381)

andersk added the type-crash A hard crash of the interpreter, possibly with a core dump label Jun 25, 2023

AlexWaygood added 3.11 only security fixes 3.12 bugs and security fixes labels Jun 25, 2023

andersk mentioned this issue Jun 28, 2023

new-bugs-announce notifier workflow fails on large bug reports #106217

Closed

beniwohli added a commit to beniwohli/apm-agent-python that referenced this issue Jul 10, 2023

add Python 3.12 to test matrix

4354e1f

currently fails with a segmentation fault. Could be related to python/cpython#106092

beniwohli mentioned this issue Jul 10, 2023

add Python 3.12 to test matrix elastic/apm-agent-python#1873

Merged

andersk mentioned this issue Jul 18, 2023

gh-106092: Fix use-after-free crash in frame_dealloc #106875

Merged

markshannon closed this as completed in #106875 Aug 1, 2023

This was referenced Aug 1, 2023

[3.12] gh-106092: Fix use-after-free crash in frame_dealloc (GH-106875) #107532

Merged

[3.11] gh-106092: Fix use-after-free crash in frame_dealloc (GH-106875) #107533

Merged

pablogsal pushed a commit that referenced this issue Aug 1, 2023

[3.11] gh-106092: Fix use-after-free crash in frame_dealloc (GH-106875)…

46cae02

… (#107533)

Cito mentioned this issue Aug 2, 2023

Segfault during schema parsing graphql-python/graphql-core#207

Closed

basepi added a commit to elastic/apm-agent-python that referenced this issue Aug 24, 2023

add Python 3.12 to test matrix (#1873)

7eadd28

currently fails with a segmentation fault. Could be related to python/cpython#106092 Co-authored-by: Colton Myers <[email protected]>

andersk added a commit to andersk/zulip that referenced this issue Feb 2, 2024

ci: Disable coverage on Debian 12.

7ef481d

This is probably a more effective workaround for python/cpython#106092. Signed-off-by: Anders Kaseorg <[email protected]>

andersk added a commit to zulip/zulip that referenced this issue Feb 6, 2024

ci: Disable coverage on Debian 12.

4f27381

This is probably a more effective workaround for python/cpython#106092. Signed-off-by: Anders Kaseorg <[email protected]>

amaranand360 pushed a commit to amaranand360/zulip that referenced this issue Feb 17, 2024

ci: Disable coverage on Debian 12.

2d6e446

This is probably a more effective workaround for python/cpython#106092. Signed-off-by: Anders Kaseorg <[email protected]>

mananbordia pushed a commit to mananbordia/zulip that referenced this issue Feb 27, 2024

ci: Disable coverage on Debian 12.

1ca9cb9

This is probably a more effective workaround for python/cpython#106092. Signed-off-by: Anders Kaseorg <[email protected]>

andersk added a commit to andersk/zulip that referenced this issue Mar 7, 2024

ci: Disable coverage on Debian 12.

5941cbc

This is probably a more effective workaround for python/cpython#106092. Signed-off-by: Anders Kaseorg <[email protected]> (cherry picked from commit 4f27381)

timabbott pushed a commit to zulip/zulip that referenced this issue Mar 7, 2024

ci: Disable coverage on Debian 12.

81d78cb

This is probably a more effective workaround for python/cpython#106092. Signed-off-by: Anders Kaseorg <[email protected]> (cherry picked from commit 4f27381)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Segmentation fault in 3.11.4, 3.12.0b3; _PyInterpreterFrame ownership issue #106092

Segmentation fault in 3.11.4, 3.12.0b3; _PyInterpreterFrame ownership issue #106092

andersk commented Jun 25, 2023 •

edited by bedevere-bot

Loading

andersk commented Jun 28, 2023

Segmentation fault in 3.11.4, 3.12.0b3; _PyInterpreterFrame ownership issue #106092

Segmentation fault in 3.11.4, 3.12.0b3; _PyInterpreterFrame ownership issue #106092

Comments

andersk commented Jun 25, 2023 • edited by bedevere-bot Loading

Crash report

Error messages

Your environment

Linked PRs

andersk commented Jun 28, 2023

andersk commented Jun 25, 2023 •

edited by bedevere-bot

Loading