2017-06-25 22:28 UTC

View Issue Details Jump to Notes ]
IDProjectCategoryView StatusLast Update
0009772CentOS-7pythonpublic2017-02-17 00:56
Reporterrjt 
PrioritynormalSeveritymajorReproducibilityalways
StatusnewResolutionopen 
Platformx86_64OSCentOSOS Version7
Product Version7.1-1503 
Target VersionFixed in Version 
Summary0009772: python help segfaults python --> help() --> modules spam
Descriptionpython help() is segfaulting
Steps To Reproducepython
help()
modules spam

The Fedora 17 suggestions involved specifying which gtk module to use, but python still core dumps.


$ LD_PRELOAD=/usr/lib64/libgtk-3.so.0 python (or just python)
Python 2.7.5 (default, Jun 24 2015, 00:41:19)
[GCC 4.8.3 20140911 (Red Hat 4.8.3-9)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> help()

Welcome to Python 2.7! This is the online help utility.

If this is your first time using Python, you should definitely check out
the tutorial on the Internet at http://docs.python.org/2.7/tutorial/.

Enter the name of any module, keyword, or topic to get help on writing
Python programs and using Python modules. To quit this help utility and
return to the interpreter, just type "quit".

To get a list of available modules, keywords, or topics, type "modules",
"keywords", or "topics". Each module also comes with a one-line summary
of what it does; to list the modules whose summaries contain a given word
such as "spam", type "modules spam".

help> modules spam

Here is a list of matching modules. Enter any module name to get more help.

dm.c: 1693: not running as root returning empty list
Segmentation fault (core dumped)
Additional Information
dm.c: 1693: not running as root returning empty list

http://dev.centos.org/c7.00.02/initial-setup/20140529190539/0.3.9.12-1.el7.x86_64/build.log

Was never fixed before Fedora17 end-of-lifed.
https://bugzilla.redhat.com/show_bug.cgi?id=842403
Tagscentos-release, python, QA-6.6, x86_64
abrt_hash
URL
Attached Files

-Relationships
+Relationships

-Notes

~0024867

rjt (reporter)

When i run as sudo, python exits and dmesg shows libc segfaults:

[Mon Nov 16 16:06:16 2015] python[14385]: segfault at 7ffcb325efe8 ip 00007f2d71ef6dbc sp 00007ffcb325eff0 error 6 in libc-2.17.so[7f2d71eae000+1b6000]

Looks like a potential vulnerablity.

~0024868

rjt (reporter)

On CentOS6.7,
dm.c: 1640: not running as root returning empty list
but python does not crash.

~0024883

rjt (reporter)

Using KDE and konsole:

$ python
Python 2.7.5 (default, Jun 24 2015, 00:41:19)
[GCC 4.8.3 20140911 (Red Hat 4.8.3-9)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> help()

Welcome to Python 2.7! This is the online help utility.

If this is your first time using Python, you should definitely check out
the tutorial on the Internet at http://docs.python.org/2.7/tutorial/.

Enter the name of any module, keyword, or topic to get help on writing
Python programs and using Python modules. To quit this help utility and
return to the interpreter, just type "quit".

To get a list of available modules, keywords, or topics, type "modules",
"keywords", or "topics". Each module also comes with a one-line summary
of what it does; to list the modules whose summaries contain a given word
such as "spam", type "modules spam".

help> modules

Please wait a moment while I gather a list of all available modules...

dm.c: 1693: not running as root returning empty list
/usr/lib64/python2.7/site-packages/gobject/constants.py:24: Warning: g_boxed_type_register_static: assertion 'g_type_from_name (name) == 0' failed
  import gobject._gobject
/usr/lib64/python2.7/site-packages/gtk-2.0/gtk/__init__.py:40: Warning: specified class size for type 'PyGtkGenericCellRenderer' is smaller than the parent type's 'GtkCellRenderer' class size
  from gtk import _gtk
/usr/lib64/python2.7/site-packages/gtk-2.0/gtk/__init__.py:40: Warning: g_type_get_qdata: assertion 'node != NULL' failed
  from gtk import _gtk
Segmentation fault (core dumped)
$

~0028590

kabe (reporter)

This problem still persists in CentOS 7.3.1611 .

There's easier way to reproduce this:

$ pydoc -k zqwykjv
dm.c: 1693: not running as root returning empty list
Segmentation fault (core dumped)
$_

The problem is not python itself, but *.so modules loaded in.

There seems to be two bugs involved here;
one is the "not running as root" message,
other is the SIGSEGV.

Bug one:
"not running as root" is emitted by
/usr/lib/python2.7/site-packages/block/dmmodule.so .

Workaround:
chmod 700 /usr/lib64/python2.7/site-packages/block/

That is, let it be invisible except for root.
python-pyblock package is only used by anaconda, and you're not likely to
invoke anaconda in running machine, so affections should be minimai.

~0028591

kabe (reporter)

Bug two: the SIGSEGV.

I've narrowed down to packages below; all of them must be installed to
reproduce the bug. KDE desktop installation will have them.

pykde4-4.10.5-4.el7.i686
pycairo-1.8.10-8.el7.i686
pygobject2-2.28.6-11.el7.i686
gnome-abrt-0.3.4-8.el7.i686
pygtk2-2.24.0-9.el7.i686

gdb session follows; it looks like
/usr/lib64/python2.7/site-packages/gobject/_gobject.so had gone into
infinite recursive loop, exhaused, tried to emit error message and failed.


$ gdb /bin/python
GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-94.el7
...
Missing separate debuginfos, use: debuginfo-install python-2.7.5-48.el7.x86_64

(gdb) run /bin/pydoc -k qwerty

Starting program: /bin/python /bin/pydoc -k qwerty
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Detaching after fork from child process 2536.
Detaching after fork from child process 2538.
Detaching after fork from child process 2540.

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff6d731bd in vfprintf () from /lib64/libc.so.6

(gdb) where

#0 0x00007ffff6d731bd in vfprintf () from /lib64/libc.so.6
#1 0x00007ffff6e3aa15 in __vasprintf_chk () from /lib64/libc.so.6
#2 0x00007fffe632cb79 in g_vasprintf () from /lib64/libglib-2.0.so.0
#3 0x00007fffe6307b8d in g_strdup_vprintf () from /lib64/libglib-2.0.so.0
#4 0x00007fffe62f13c0 in g_logv () from /lib64/libglib-2.0.so.0
#5 0x00007fffe62f17bf in g_log () from /lib64/libglib-2.0.so.0
#6 0x00007fffe6608974 in g_type_get_qdata () from /lib64/libgobject-2.0.so.0
#7 0x00007fffdf04bd31 in pygobject_lookup_class ()
   from /usr/lib64/python2.7/site-packages/gobject/_gobject.so
#8 0x00007fffdf04bda4 in pyg_type_get_bases ()
   from /usr/lib64/python2.7/site-packages/gobject/_gobject.so
#9 0x00007fffdf04c142 in pygobject_new_with_interfaces ()
   from /usr/lib64/python2.7/site-packages/gobject/_gobject.so
#10 0x00007fffdf04bd55 in pygobject_lookup_class ()
   from /usr/lib64/python2.7/site-packages/gobject/_gobject.so
#11 0x00007fffdf04bda4 in pyg_type_get_bases ()
   from /usr/lib64/python2.7/site-packages/gobject/_gobject.so
#12 0x00007fffdf04c142 in pygobject_new_with_interfaces ()
   from /usr/lib64/python2.7/site-packages/gobject/_gobject.so
#13 0x00007fffdf04bd55 in pygobject_lookup_class ()
   from /usr/lib64/python2.7/site-packages/gobject/_gobject.so
#14 0x00007fffdf04bda4 in pyg_type_get_bases ()
   from /usr/lib64/python2.7/site-packages/gobject/_gobject.so
#15 0x00007fffdf04c142 in pygobject_new_with_interfaces ()
   from /usr/lib64/python2.7/site-packages/gobject/_gobject.so
#16 0x00007fffdf04bd55 in pygobject_lookup_class ()
   from /usr/lib64/python2.7/site-packages/gobject/_gobject.so
#17 0x00007fffdf04bda4 in pyg_type_get_bases ()
   from /usr/lib64/python2.7/site-packages/gobject/_gobject.so
---Type <return> to continue, or q <return> to quit---q

~0028592

kabe (reporter)

Sorry, the packages noted above is .i686, but applies to .x86_64 as well.


As noted in ancient Fedora bugreport
"modules command in python help is hanging"
https://bugzilla.redhat.com/show_bug.cgi?id=842403

correct fix is to sandbox the process which loads the *.so modules
to a separate forked process.
That will involve major plumbing of pydoc.

Those affected by this bug:
everyone using pydoc, including compiling python from src.rpm.
The src.rpm uses "make test", which in turn uses pydoc, and fails with

<<<<
OK
test_pydoc
test_html_doc (test.test_pydoc.PyDocDocTest) ... ok
test_input_strip (test.test_pydoc.PyDocDocTest) ... ok
test_issue8225 (test.test_pydoc.PyDocDocTest) ... ok
test_non_str_name (test.test_pydoc.PyDocDocTest) ... ok
test_not_here (test.test_pydoc.PyDocDocTest) ... ok
test_stripid (test.test_pydoc.PyDocDocTest) ... ok
test_text_doc (test.test_pydoc.PyDocDocTest) ... ok
test_apropos_with_bad_package (test.test_pydoc.PydocImportTest) ... FAIL
test_apropos_with_unreadable_dir (test.test_pydoc.PydocImportTest) ... FAIL
test_badimport (test.test_pydoc.PydocImportTest) ... ok
test_class (test.test_pydoc.TestDescriptions) ... ok
test_classic_class (test.test_pydoc.TestDescriptions) ... ok
test_module (test.test_pydoc.TestDescriptions) ... ok
test_namedtuple_public_underscore (test.test_pydoc.TestDescriptions) ... ok
test_builtin (test.test_pydoc.TestHelper) ... ok
test_keywords (test.test_pydoc.TestHelper) ... test test_pydoc failed -- multiple errors occurred
ok

======================================================================
FAIL: test_apropos_with_bad_package (test.test_pydoc.PydocImportTest)
----------------------------------------------------------------------
Traceback (most recent call last):
File "/media/IODATA40Ge/python-c7/BUILD/Python-2.7.5/Lib/test/test_pydoc.py", line 341, in test_apropos_with_bad_package
result = run_pydoc('zqwykjv', '-k', PYTHONPATH=TESTFN)
File "/media/IODATA40Ge/python-c7/BUILD/Python-2.7.5/Lib/test/test_pydoc.py", line 196, in run_pydoc
rc, out, err = assert_python_ok('-B', pydoc.__file__, *args, **env)
File "/media/IODATA40Ge/python-c7/BUILD/Python-2.7.5/Lib/test/script_helper.py", line 55, in assert_python_ok
return _assert_python(True, *args, **env_vars)
File "/media/IODATA40Ge/python-c7/BUILD/Python-2.7.5/Lib/test/script_helper.py", line 47, in _assert_python
"stderr follows:n%s" % (rc, err.decode('ascii', 'ignore')))
AssertionError: Process return code is -11, stderr follows:


======================================================================
FAIL: test_apropos_with_unreadable_dir (test.test_pydoc.PydocImportTest)
----------------------------------------------------------------------
Traceback (most recent call last):
File "/media/IODATA40Ge/python-c7/BUILD/Python-2.7.5/Lib/test/test_pydoc.py", line 351, in test_apropos_with_unreadable_dir
result = run_pydoc('zqwykjv', '-k', PYTHONPATH=TESTFN)
File "/media/IODATA40Ge/python-c7/BUILD/Python-2.7.5/Lib/test/test_pydoc.py", line 196, in run_pydoc
rc, out, err = assert_python_ok('-B', pydoc.__file__, *args, **env)
File "/media/IODATA40Ge/python-c7/BUILD/Python-2.7.5/Lib/test/script_helper.py", line 55, in assert_python_ok
return _assert_python(True, *args, **env_vars)
File "/media/IODATA40Ge/python-c7/BUILD/Python-2.7.5/Lib/test/script_helper.py", line 47, in _assert_python
"stderr follows:n%s" % (rc, err.decode('ascii', 'ignore')))
AssertionError: Process return code is -11, stderr follows:


----------------------------------------------------------------------
Ran 16 tests in 35.305s

FAILED (failures=2)

>>>>

~0028593

kabe (reporter)

Workaround of SIGSEGV bug:
forcibly uninstall gnome-abrt package:

rpm -ev --nodeps gnome-abrt

You can't use the abrt tool on the desktop though.
+Notes

-Issue History
Date Modified Username Field Change
2015-11-16 21:44 rjt New Issue
2015-11-16 22:11 rjt Note Added: 0024867
2015-11-16 22:14 rjt Note Added: 0024868
2015-11-18 14:21 rjt Note Added: 0024883
2015-11-18 14:51 rjt Tag Attached: centos-release
2015-11-18 14:51 rjt Tag Attached: python
2015-11-18 14:51 rjt Tag Attached: QA-6.6
2015-11-18 14:51 rjt Tag Attached: x86_64
2017-02-17 00:32 kabe Note Added: 0028590
2017-02-17 00:40 kabe Note Added: 0028591
2017-02-17 00:56 kabe Note Added: 0028592
2017-02-17 00:56 kabe Note Added: 0028593
+Issue History