Description Marien Zwart (RETIRED) 2005-07-04 05:13:33 UTC

The following command:

python -c "f=file('/tmp/pycrash',
'w+');f.write('b');f.readlines();f.writelines(4097*['a'])"

segfaults on the two hosts I have access to if the file (/tmp/pycrash) is on a
tmpfs or ext3. It seems to work on reiser. The same thing happens for a couple
of people I asked on irc. At first I thought this was a python bug but a small C
program that I think is correct segfaults in the same way.

The following gdb output is from a ~x86 box with a USE=debug FEATURES=nostrip
CFLAGS="-ggdb3 -march=athlon-xp -O2" glibc. The segfault also occurs on my (much
slower) x86 hardened box. I don't have a gdb and USE=debug glibc on that box,
but if it is needed I can build those.

backtrace from python:

(gdb) run
Starting program: /usr/bin/python -c f=file\(\'/tmp/pycrash\',\
\'w+\'\)\;f.write\(\'b\'\)\;f.readlines\(\)\;f.writelines\(4097\*\[\'a\'\]\)
[Thread debugging using libthread_db enabled]
[New Thread -1211435344 (LWP 15734)]
      
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1211435344 (LWP 15734)]
0xb7d0df64 in _IO_new_file_xsputn (f=0x80667f8, data=0xb7ca1274, n=1)
    at fileops.c:1331
1331                *p++ = *s++;
(gdb) bt
#0  0xb7d0df64 in _IO_new_file_xsputn (f=0x80667f8, data=0xb7ca1274, n=1)
    at fileops.c:1331
#1  0xb7d03d73 in _IO_fwrite (buf=0x61, size=1, count=1, fp=0x80667f8)
    at iofwrite.c:45
#2  0xb7f0e790 in file_writelines (f=0xb7c11260, seq=0xb7c1a04c)
    at fileobject.c:1496
#3  0xb7f5ba53 in PyEval_EvalFrame (f=0x80813f4) at ceval.c:3535
#4  0xb7f5d435 in PyEval_EvalCodeEx (co=0xb7ca7c20, globals=0x0, locals=0x61, 
    args=0x0, argcount=0, kws=0x0, kwcount=0, defs=0x0, defcount=0, closure=0x0)
    at ceval.c:2730
#5  0xb7f5d6b3 in PyEval_EvalCode (co=0x61, globals=0x61, locals=0x61)
    at ceval.c:484
#6  0xb7f77d05 in run_node (n=0xb7c6f368, filename=0x0, globals=0x61, 
    locals=0x61, flags=0x61) at pythonrun.c:1265
#7  0xb7f78dc3 in PyRun_SimpleStringFlags (
    command=0x61 <Address 0x61 out of bounds>, flags=0x0) at pythonrun.c:887
#8  0xb7f7f6ce in Py_Main (argc=1, argv=0xbfdf4b04) at main.c:472
#9  0x0804867a in main (argc=97, argv=0x61) at python.c:23

Further information from the C program that (I hope) makes the same
fopen/fwrite/fread calls:

(gdb) run
Starting program: /home/marienz/tmp/tmpfile 

Program received signal SIGSEGV, Segmentation fault.
0xb7f17f64 in _IO_new_file_xsputn (f=0x804a008, data=0x8048638, n=1)
    at fileops.c:1331
1331                *p++ = *s++;
(gdb) bt
#0  0xb7f17f64 in _IO_new_file_xsputn (f=0x804a008, data=0x8048638, n=1)
    at fileops.c:1331
#1  0xb7f0dd73 in _IO_fwrite (buf=0x6e, size=1, count=1, fp=0x804a008)
    at iofwrite.c:45
#2  0x0804850e in main () at tmpfile.c:26

(gdb) info locals
p = 0xb7fe1000 "\177ELF\001\001\001"
i = 0
s = 0x8048639 ""
to_do = 1
must_flush = 0
count = 1

I will produce any further gdb or other output that is requested. I don't know
what is and is not useful here.

emerge info of the box generating the above gdb info:

Gentoo Base System version 1.6.12
Portage 1.589-cvs (default-linux/x86/2005.0, gcc-3.4.4, glibc-2.3.5-r0,
2.6.12-gentoo-r1-m2-initrd-no-usbmon i686)
=================================================================
System uname: 2.6.12-gentoo-r1-m2-initrd-no-usbmon i686 AMD Athlon(tm) XP 2600+
Python:              dev-lang/python-2.4.1-r1 [2.4.1 (#1, Jul  3 2005, 00:23:11)]
distcc: No such file or directory [disabled]
dev-lang/python:     2.4.1-r1
sys-apps/sandbox:    1.2.9
sys-devel/autoconf:  2.59-r7, 2.13
sys-devel/automake:  1.7.9-r1, 1.8.5-r3, 1.5, 1.4_p6, 1.6.3, 1.9.5
sys-devel/binutils:  2.16.1
sys-devel/libtool:   1.5.18-r1
virtual/os-headers:  2.6.11-r2
ACCEPT_KEYWORDS="x86 ~x86"
AUTOCLEAN="yes"
CFLAGS="-O2 -march=athlon-xp -pipe -fomit-frame-pointer -fweb -frename-registers"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config
/usr/lib/X11/xkb /usr/share/config /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/splash /etc/terminfo /etc/texmf/web2c
/etc/env.d"
CXXFLAGS="-O2 -march=athlon-xp -pipe -fomit-frame-pointer -fweb
-frename-registers -fvisibility-inlines-hidden"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoaddcvs autoconfig candy ccache collision-protect distlocks noauto
sandbox sfperms strict userpriv usersandbox verify-rdepend"
GENTOO_MIRRORS="http://ftp.easynet.nl/mirror/gentoo/"
LANG="en_US.UTF-8"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage/private /usr/local/portage/pub
/usr/local/portage/gentopia"
SYNC="rsync://rsync.nl.gentoo.org/gentoo-portage"
USE="x86 3dnow 3dnowex 3dnowext X a52 alsa ansi bonobo bzip2 cairo ccache cdr
crypt eds emacs evo evo2 faad fbcon flac gif glut gnome gstreamer gtk2 hal
javascript jit jpeg kdeenablefinal kqemu libcaca mad maildir md5sum mikmod mmx
mmx2 mmxext mng mono mozdevelop moznomail mozsvg mpeg ncurses nethack network
nfs nls nntp no-helpbrowser no-old-linux nonfsv4 nptl nptlonly ogg oggvorbis
opengl pam png python qemu-fast quicktime readline real rtc sdl softmmu spell
splash sse ssl startup-notification svg symlink tetex theora truetype
truetype-fonts unicode userlocales vorbis win32codecs xinerama xml2 xv zlib
userland_GNU kernel_linux elibc_glibc"
Unset:  ASFLAGS, CBUILD, CTARGET, LC_ALL, LDFLAGS, LINGUAS

Config files: /etc/make.conf, /etc/portage/bashrc, /etc/portage/package.unmask,
/etc/portage/package.keywords

emerge info for the other box, same segfaults, no decent gdb:

Portage 2.0.51.22-r1 (selinux/2004.1/x86, gcc-3.3.5-20050130,
glibc-2.3.4.20041102-r1, 2.6.11-hardened-r14-m1 i686)
=================================================================
System uname: 2.6.11-hardened-r14-m1 i686 Celeron (Mendocino)
Gentoo Base System version 1.6.12
dev-lang/python:     2.4.1-r1
sys-apps/sandbox:    1.2.10
sys-devel/autoconf:  2.13, 2.59-r6
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.5
sys-devel/binutils:  2.15.92.0.2-r10
sys-devel/libtool:   1.5.16
virtual/os-headers:  2.6.8.1-r4
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-Os -march=pentium2 -fomit-frame-pointer -pipe"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config
/usr/share/config /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d"
CXXFLAGS="-Os -march=pentium2 -fomit-frame-pointer -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig distlocks loadpolicy sandbox selinux sfperms strict
userpriv usersandbox"
GENTOO_MIRRORS="http://ftp.easynet.nl/mirror/gentoo/
http://www.gigaload.org/gentoo.org/"
LANG="en_US.UTF-8"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage/pub /usr/local/portage/private"
SYNC="rsync://rsync.nl.gentoo.org/gentoo-portage"
USE="crypt hardened jabber maildir minimal msn ncurses no-old-linux nopop3d nptl
nptlonly ogg pam pic python readline selinux sftplogging sqlite ssl unicode
userlocales vorbis x86 xml2 zlib userland_GNU kernel_linux elibc_glibc"
Unset:  ASFLAGS, CTARGET, LC_ALL, LDFLAGS, LINGUAS


Reproducible: Always
Steps to Reproduce:
python -c "f=file('/tmp/pycrash',
'w+');f.write('b');f.readlines();f.writelines(4097*['a'])"

(it might be needed to make the 4097 a bit larger. 4097 is exactly enough for
the two hosts I tried this on)
Actual Results:  
python segfaulted

Expected Results:  
no segfault.