This happens with all the python versions I tried (amd64, ~amd64, 2.7, 3.4, 3.5), but only on hardened profile and not on default profile. Funnily it does *not* segfault when running python inside sandbox. localhost ~ # python2.7 Python 2.7.10 (default, Oct 24 2016, 12:02:13) [GCC 4.9.3] on linux2 Type "help", "copyright", "credits" or "license" for more information. >>> import pty >>> pty.spawn('echo') Segmentation fault (core dumped) localhost ~ # gdb -q -batch -c core -ex "thread apply all bt full" -ex "quit" python2.7 [New LWP 24247] warning: Could not load shared library symbols for linux-vdso.so.1. Do you need "set solib-search-path" or "set sysroot"? [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib64/libthread_db.so.1". Core was generated by `python2.7'. Program terminated with signal SIGSEGV, Segmentation fault. #0 0x0000000000000000 in ?? () Thread 1 (Thread 0x7f021ab18700 (LWP 24247)): #0 0x0000000000000000 in ?? () No symbol table info available. #1 0x00007f0219b436c3 in forkpty (amaster=amaster@entry=0x7ffe6b73a6b4, name=name@entry=0x0, termp=termp@entry=0x0, winp=winp@entry=0x0) at forkpty.c:37 master = 3 slave = 4 pid = <optimized out> #2 0x00007f021a64a8a8 in posix_forkpty (self=self@entry=0x0, noargs=noargs@entry=0x0) at /var/tmp/portage/dev-lang/python-2.7.10-r1/work/Python-2.7.10/Modules/posixmodule.c:4012 master_fd = -1 result = 0 pid = <optimized out> #3 0x00007f021a60d799 in call_function (pp_stack=pp_stack@entry=0x7ffe6b73a7f0, oparg=oparg@entry=0) at /var/tmp/portage/dev-lang/python-2.7.10-r1/work/Python-2.7.10/Python/ceval.c:4019 meth = 0x7f021a64a859 <posix_forkpty> self = 0x0 flags = <optimized out> tstate = 0x55b2fc96c0a0 na = 0 nk = <optimized out> n = <optimized out> pfunc = 0x7f021aacabc8 func = <built-in function forkpty> x = <optimized out> w = <optimized out> #4 0x00007f021a60bb6f in PyEval_EvalFrameEx (f=f@entry=Frame 0x7f021aacaa28, for file /usr/lib64/python2.7/pty.py, line 95, in fork (), throwflag=throwflag@entry=0) at /var/tmp/portage/dev-lang/python-2.7.10-r1/work/Python-2.7.10/Python/ceval.c:2681 sp = 0x7f021aacabd0 stack_pointer = 0x7f021aacabd0 next_instr = 0x7f021aac0b60 "\\\002" opcode = <optimized out> oparg = 0 why = WHY_NOT err = 0 x = <built-in function forkpty> v = <optimized out> w = 'forkpty' u = <optimized out> t = <optimized out> stream = 0x0 fastlocals = 0x7f021aacaba0 freevars = 0x7f021aacabc8 retval = 0x0 tstate = 0x55b2fc96c0a0 co = 0x7f021a9bb6b0 instr_ub = -1 instr_lb = 0 instr_prev = -1 first_instr = 0x7f021aac0b54 "y\026" names = ('os', 'forkpty', 'AttributeError', 'OSError', 'CHILD', 'setsid', 'openpty', 'fork', 'close', 'dup2', 'STDIN_FILENO', 'STDOUT_FILENO', 'STDERR_FILENO', 'open', 'ttyname', 'O_RDWR') consts = ('fork() -> (pid, master_fd)\n Fork and make the child a session leader with a controlling terminal.',) #5 0x00007f021a60d574 in fast_function (func=func@entry=<function at remote 0x7f021a9cad70>, pp_stack=pp_stack@entry=0x7ffe6b73a990, n=n@entry=0, na=na@entry=0, nk=nk@entry=0) at /var/tmp/portage/dev-lang/python-2.7.10-r1/work/Python-2.7.10/Python/ceval.c:4121 retval = 0x0 fastlocals = 0x7f021aacaba0 i = <optimized out> f = Frame 0x7f021aacaa28, for file /usr/lib64/python2.7/pty.py, line 95, in fork () tstate = 0x55b2fc96c0a0 stack = <optimized out> co = <optimized out> globals = <optimized out> argdefs = <optimized out> d = 0x0 nd = 0 #6 0x00007f021a60da4e in call_function (pp_stack=pp_stack@entry=0x7ffe6b73a990, oparg=oparg@entry=0) at /var/tmp/portage/dev-lang/python-2.7.10-r1/work/Python-2.7.10/Python/ceval.c:4056 na = 0 nk = 0 n = 0 pfunc = 0x55b2fca45b30 func = <function at remote 0x7f021a9cad70> x = <optimized out> w = <optimized out> #7 0x00007f021a60bb6f in PyEval_EvalFrameEx (f=f@entry=Frame 0x55b2fca45980, for file /usr/lib64/python2.7/pty.py, line 165, in spawn (argv=('echo',), master_read=<function at remote 0x7f021a9cae60>, stdin_read=<function at remote 0x7f021a9cae60>), throwflag=throwflag@entry=0) at /var/tmp/portage/dev-lang/python-2.7.10-r1/work/Python-2.7.10/Python/ceval.c:2681 sp = 0x55b2fca45b38 stack_pointer = 0x55b2fca45b38 next_instr = 0x7f021aa5b73e "\\\002" opcode = <optimized out> oparg = 0 why = WHY_NOT err = 0 x = <function at remote 0x7f021a9cad70> v = <optimized out> w = 'fork' u = <optimized out> t = <optimized out> stream = 0x0 fastlocals = 0x55b2fca45af8 freevars = 0x55b2fca45b30 retval = 0x0 tstate = 0x55b2fc96c0a0 co = 0x7f021a9c0c30 instr_ub = -1 instr_lb = 0 instr_prev = -1 first_instr = 0x7f021aa5b714 "t" names = ('type', 'fork', 'CHILD', 'os', 'execlp', 'tty', 'tcgetattr', 'STDIN_FILENO', 'setraw', 'error', '_copy', 'IOError', 'OSError', 'tcsetattr', 'TCSAFLUSH', 'close') consts = ('Create a spawned process.', '', 0, 1, None) #8 0x00007f021a60cf73 in PyEval_EvalCodeEx (co=0x7f021a9c0c30, globals=<optimized out>, locals=locals@entry=0x0, args=<optimized out>, argcount=argcount@entry=1, kws=0x7f021ab00da8, kwcount=0, defs=0x7f021a9aac38, defcount=2, closure=0x0) at /var/tmp/portage/dev-lang/python-2.7.10-r1/work/Python-2.7.10/Python/ceval.c:3267 f = Frame 0x55b2fca45980, for file /usr/lib64/python2.7/pty.py, line 165, in spawn (argv=('echo',), master_read=<function at remote 0x7f021a9cae60>, stdin_read=<function at remote 0x7f021a9cae60>) retval = 0x0 fastlocals = 0x55b2fca45af8 freevars = 0x55b2fca45b30 tstate = 0x55b2fc96c0a0 x = <optimized out> u = <optimized out> #9 0x00007f021a60d5ef in fast_function (func=func@entry=<function at remote 0x7f021a9caf50>, pp_stack=pp_stack@entry=0x7ffe6b73ac00, n=n@entry=1, na=na@entry=1, nk=nk@entry=0) at /var/tmp/portage/dev-lang/python-2.7.10-r1/work/Python-2.7.10/Python/ceval.c:4131 co = <optimized out> globals = <optimized out> argdefs = <optimized out> d = <optimized out> nd = 2 #10 0x00007f021a60da4e in call_function (pp_stack=pp_stack@entry=0x7ffe6b73ac00, oparg=oparg@entry=1) at /var/tmp/portage/dev-lang/python-2.7.10-r1/work/Python-2.7.10/Python/ceval.c:4056 na = 1 nk = 0 n = 1 pfunc = 0x7f021ab00d98 func = <function at remote 0x7f021a9caf50> x = <optimized out> w = <optimized out> #11 0x00007f021a60bb6f in PyEval_EvalFrameEx (f=f@entry=Frame 0x7f021ab00c20, for file <stdin>, line 1, in <module> (), throwflag=throwflag@entry=0) at /var/tmp/portage/dev-lang/python-2.7.10-r1/work/Python-2.7.10/Python/ceval.c:2681 sp = 0x7f021ab00da8 stack_pointer = 0x7f021ab00da8 next_instr = 0x7f021a9cfe60 "Fd\001" opcode = <optimized out> oparg = 1 why = WHY_NOT err = 0 x = 'echo' v = <optimized out> w = 'spawn' u = <optimized out> t = <optimized out> stream = 0x0 fastlocals = 0x7f021ab00d98 freevars = 0x7f021ab00d98 retval = 0x0 tstate = 0x55b2fc96c0a0 co = 0x7f021aa10930 instr_ub = -1 instr_lb = 0 instr_prev = -1 first_instr = 0x7f021a9cfe54 "e" names = ('pty', 'spawn') consts = ('echo', None) #12 0x00007f021a60cf73 in PyEval_EvalCodeEx (co=co@entry=0x7f021aa10930, globals=globals@entry={'__builtins__': <module at remote 0x7f021aad7b08>, '__name__': '__main__', '__doc__': None, 'pty': <module at remote 0x7f021a9cf830>, '__package__': None}, locals=locals@entry={'__builtins__': <module at remote 0x7f021aad7b08>, '__name__': '__main__', '__doc__': None, 'pty': <module at remote 0x7f021a9cf830>, '__package__': None}, args=args@entry=0x0, argcount=argcount@entry=0, kws=kws@entry=0x0, kwcount=0, defs=0x0, defcount=0, closure=0x0) at /var/tmp/portage/dev-lang/python-2.7.10-r1/work/Python-2.7.10/Python/ceval.c:3267 f = Frame 0x7f021ab00c20, for file <stdin>, line 1, in <module> () retval = 0x0 fastlocals = 0x7f021ab00d98 freevars = 0x7f021ab00d98 tstate = 0x55b2fc96c0a0 x = <optimized out> u = <optimized out> #13 0x00007f021a60d059 in PyEval_EvalCode (co=co@entry=0x7f021aa10930, globals=globals@entry={'__builtins__': <module at remote 0x7f021aad7b08>, '__name__': '__main__', '__doc__': None, 'pty': <module at remote 0x7f021a9cf830>, '__package__': None}, locals=locals@entry={'__builtins__': <module at remote 0x7f021aad7b08>, '__name__': '__main__', '__doc__': None, 'pty': <module at remote 0x7f021a9cf830>, '__package__': None}) at /var/tmp/portage/dev-lang/python-2.7.10-r1/work/Python-2.7.10/Python/ceval.c:669 No locals. #14 0x00007f021a62b5e4 in run_mod (mod=mod@entry=0x55b2fca40be0, filename=filename@entry=0x7f021a6791ff "<stdin>", globals={'__builtins__': <module at remote 0x7f021aad7b08>, '__name__': '__main__', '__doc__': None, 'pty': <module at remote 0x7f021a9cf830>, '__package__': None}, locals={'__builtins__': <module at remote 0x7f021aad7b08>, '__name__': '__main__', '__doc__': None, 'pty': <module at remote 0x7f021a9cf830>, '__package__': None}, flags=flags@entry=0x7ffe6b73aea0, arena=arena@entry=0x55b2fc9c6040) at /var/tmp/portage/dev-lang/python-2.7.10-r1/work/Python-2.7.10/Python/pythonrun.c:1371 co = 0x7f021aa10930 v = <optimized out> #15 0x00007f021a62db04 in PyRun_InteractiveOneFlags (fp=fp@entry=0x7f021a2ee900 <_IO_2_1_stdin_>, filename=filename@entry=0x7f021a6791ff "<stdin>", flags=flags@entry=0x7ffe6b73aea0) at /var/tmp/portage/dev-lang/python-2.7.10-r1/work/Python-2.7.10/Python/pythonrun.c:858 m = <optimized out> d = <optimized out> v = '>>> ' w = '... ' mod = 0x55b2fca40be0 arena = 0x55b2fc9c6040 ps1 = 0x7f021a9a8ce4 ">>> " ps2 = <optimized out> errcode = 0 #16 0x00007f021a62dc71 in PyRun_InteractiveLoopFlags (fp=fp@entry=0x7f021a2ee900 <_IO_2_1_stdin_>, filename=filename@entry=0x7f021a6791ff "<stdin>", flags=flags@entry=0x7ffe6b73aea0) at /var/tmp/portage/dev-lang/python-2.7.10-r1/work/Python-2.7.10/Python/pythonrun.c:778 v = <optimized out> ret = <optimized out> local_flags = {cf_flags = 1802743328} #17 0x00007f021a62e16a in PyRun_AnyFileExFlags (fp=fp@entry=0x7f021a2ee900 <_IO_2_1_stdin_>, filename=0x7f021a6791ff "<stdin>", closeit=0, flags=flags@entry=0x7ffe6b73aea0) at /var/tmp/portage/dev-lang/python-2.7.10-r1/work/Python-2.7.10/Python/pythonrun.c:747 err = <optimized out> #18 0x00007f021a6416fb in Py_Main (argc=<optimized out>, argv=0x7ffe6b73b098) at /var/tmp/portage/dev-lang/python-2.7.10-r1/work/Python-2.7.10/Modules/main.c:640 c = <optimized out> sts = -1 command = 0x0 filename = 0x0 module = 0x0 fp = 0x7f021a2ee900 <_IO_2_1_stdin_> p = <optimized out> unbuffered = <optimized out> skipfirstline = 0 stdin_is_interactive = 1 help = <optimized out> version = <optimized out> saw_unbuffered_flag = <optimized out> cf = {cf_flags = 0} #19 0x000055b2fa9f99fd in main (argc=<optimized out>, argv=<optimized out>) at /var/tmp/portage/dev-lang/python-2.7.10-r1/work/Python-2.7.10/Modules/python.c:23 No locals.
localhost ~ # python3.4 Python 3.4.3 (default, Oct 24 2016, 12:04:58) [GCC 4.9.3] on linux Type "help", "copyright", "credits" or "license" for more information. >>> import pty >>> pty.spawn('echo') Segmentation fault (core dumped) localhost ~ # !! gdb -q -batch -c core -ex "thread apply all bt full" -ex "quit" python3.4 [New LWP 24262] warning: Could not load shared library symbols for linux-vdso.so.1. Do you need "set solib-search-path" or "set sysroot"? [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib64/libthread_db.so.1". Core was generated by `python3.4'. Program terminated with signal SIGSEGV, Segmentation fault. #0 0x0000000000000000 in ?? () Thread 1 (Thread 0x7f1b23905700 (LWP 24262)): #0 0x0000000000000000 in ?? () No symbol table info available. #1 0x00007f1b228616c3 in forkpty (amaster=amaster@entry=0x7ffcfe7b3a04, name=name@entry=0x0, termp=termp@entry=0x0, winp=winp@entry=0x0) at forkpty.c:37 master = 3 slave = 4 pid = <optimized out> #2 0x00007f1b233ab9d9 in posix_forkpty (self=self@entry=<module at remote 0x7f1b238544a8>, noargs=noargs@entry=0x0) at /var/tmp/portage/dev-lang/python-3.4.3-r1/work/Python-3.4.3/Modules/posixmodule.c:6109 master_fd = -1 result = 0 pid = <optimized out> #3 0x00007f1b23362aef in call_function (pp_stack=pp_stack@entry=0x7ffcfe7b3b40, oparg=oparg@entry=0) at /var/tmp/portage/dev-lang/python-3.4.3-r1/work/Python-3.4.3/Python/ceval.c:4220 meth = 0x7f1b233ab98a <posix_forkpty> self = <module at remote 0x7f1b238544a8> flags = <optimized out> tstate = 0x564c8b358140 na = 0 nk = <optimized out> n = <optimized out> pfunc = 0x564c8b44b208 func = <built-in method forkpty of module object at remote 0x7f1b238544a8> x = <optimized out> w = <optimized out> #4 0x00007f1b23360a10 in PyEval_EvalFrameEx (f=f@entry=Frame 0x564c8b44b068, for file /usr/lib64/python3.4/pty.py, line 84, in fork (), throwflag=throwflag@entry=0) at /var/tmp/portage/dev-lang/python-3.4.3-r1/work/Python-3.4.3/Python/ceval.c:2838 sp = 0x564c8b44b210 res = <optimized out> stack_pointer = 0x564c8b44b210 next_instr = 0x7f1b238f65dc "\\\002" opcode = 131 oparg = 0 why = <optimized out> fastlocals = 0x564c8b44b1e0 freevars = 0x564c8b44b208 retval = 0x0 tstate = 0x564c8b358140 co = 0x7f1b237ff930 instr_ub = -1 instr_lb = 0 instr_prev = -1 first_instr = 0x7f1b238f65d0 "y\026" names = ('os', 'forkpty', 'AttributeError', 'OSError', 'CHILD', 'setsid', 'openpty', 'fork', 'close', 'dup2', 'STDIN_FILENO', 'STDOUT_FILENO', 'STDERR_FILENO', 'open', 'ttyname', 'O_RDWR') consts = ('fork() -> (pid, master_fd)\n Fork and make the child a session leader with a controlling terminal.',) opcode_targets = {0x7f1b233613c1 <PyEval_EvalFrameEx+25140>, ... <repeats 107 times>} #5 0x00007f1b233628a8 in fast_function (func=func@entry=<function at remote 0x7f1b23760510>, pp_stack=pp_stack@entry=0x7ffcfe7b3d00, n=n@entry=0, na=na@entry=0, nk=nk@entry=0) at /var/tmp/portage/dev-lang/python-3.4.3-r1/work/Python-3.4.3/Python/ceval.c:4334 retval = 0x0 fastlocals = 0x564c8b44b1e0 i = <optimized out> f = Frame 0x564c8b44b068, for file /usr/lib64/python3.4/pty.py, line 84, in fork () tstate = 0x564c8b358140 stack = <optimized out> co = <optimized out> globals = <optimized out> argdefs = <optimized out> kwdefs = <optimized out> d = 0x0 nd = 0 #6 0x00007f1b23362dc5 in call_function (pp_stack=pp_stack@entry=0x7ffcfe7b3d00, oparg=oparg@entry=0) at /var/tmp/portage/dev-lang/python-3.4.3-r1/work/Python-3.4.3/Python/ceval.c:4262 na = 0 nk = 0 n = 0 pfunc = 0x564c8b444be8 func = <function at remote 0x7f1b23760510> x = <optimized out> w = <optimized out> #7 0x00007f1b23360a10 in PyEval_EvalFrameEx (f=f@entry=Frame 0x564c8b444a38, for file /usr/lib64/python3.4/pty.py, line 154, in spawn (argv=('echo',), master_read=<function at remote 0x7f1b23760620>, stdin_read=<function at remote 0x7f1b23760620>), throwflag=throwflag@entry=0) at /var/tmp/portage/dev-lang/python-3.4.3-r1/work/Python-3.4.3/Python/ceval.c:2838 sp = 0x564c8b444bf0 res = <optimized out> stack_pointer = 0x564c8b444bf0 next_instr = 0x7f1b238c09ba "\\\002" opcode = 131 oparg = 0 why = <optimized out> fastlocals = 0x564c8b444bb0 freevars = 0x564c8b444be8 retval = 0x0 tstate = 0x564c8b358140 co = 0x7f1b237ffb70 instr_ub = -1 instr_lb = 0 instr_prev = -1 first_instr = 0x7f1b238c0990 "t" names = ('type', 'fork', 'CHILD', 'os', 'execlp', 'tty', 'tcgetattr', 'STDIN_FILENO', 'setraw', 'error', '_copy', 'OSError', 'tcsetattr', 'TCSAFLUSH', 'close', 'waitpid') consts = ('Create a spawned process.', '', 0, 1) opcode_targets = {0x7f1b233613c1 <PyEval_EvalFrameEx+25140>, ... <repeats 107 times>} #8 0x00007f1b233626e1 in PyEval_EvalCodeEx (_co=<code at remote 0x7f1b237ffb70>, globals=<optimized out>, locals=locals@entry=0x0, args=<optimized out>, argcount=argcount@entry=1, kws=0x564c8b3f4a30, kwcount=0, defs=0x7f1b237646e0, defcount=2, kwdefs=0x0, closure=0x0) at /var/tmp/portage/dev-lang/python-3.4.3-r1/work/Python-3.4.3/Python/ceval.c:3588 co = 0x7f1b237ffb70 f = Frame 0x564c8b444a38, for file /usr/lib64/python3.4/pty.py, line 154, in spawn (argv=('echo',), master_read=<function at remote 0x7f1b23760620>, stdin_read=<function at remote 0x7f1b23760620>) retval = 0x0 fastlocals = 0x564c8b444bb0 freevars = 0x564c8b444be8 tstate = 0x564c8b358140 x = <optimized out> u = <optimized out> total_args = <optimized out> i = <optimized out> n = 1 kwdict = 0x0 #9 0x00007f1b23362929 in fast_function (func=func@entry=<function at remote 0x7f1b23760730>, pp_stack=pp_stack@entry=0x7ffcfe7b3fb0, n=n@entry=1, na=na@entry=1, nk=nk@entry=0) at /var/tmp/portage/dev-lang/python-3.4.3-r1/work/Python-3.4.3/Python/ceval.c:4344 co = <optimized out> globals = <optimized out> argdefs = <optimized out> kwdefs = <optimized out> d = 0x7f1b237646e0 nd = 2 #10 0x00007f1b23362dc5 in call_function (pp_stack=pp_stack@entry=0x7ffcfe7b3fb0, oparg=oparg@entry=1) at /var/tmp/portage/dev-lang/python-3.4.3-r1/work/Python-3.4.3/Python/ceval.c:4262 na = 1 nk = 0 n = 1 pfunc = 0x564c8b3f4a20 func = <function at remote 0x7f1b23760730> x = <optimized out> w = <optimized out> #11 0x00007f1b23360a10 in PyEval_EvalFrameEx (f=f@entry=Frame 0x564c8b3f48a8, for file <stdin>, line 1, in <module> (), throwflag=throwflag@entry=0) at /var/tmp/portage/dev-lang/python-3.4.3-r1/work/Python-3.4.3/Python/ceval.c:2838 sp = 0x564c8b3f4a30 res = <optimized out> stack_pointer = 0x564c8b3f4a30 next_instr = 0x7f1b23763174 "Fd\001" opcode = 131 oparg = 1 why = <optimized out> fastlocals = 0x564c8b3f4a20 freevars = 0x564c8b3f4a20 retval = 0x0 tstate = 0x564c8b358140 co = 0x7f1b237ff420 instr_ub = -1 instr_lb = 0 instr_prev = -1 first_instr = 0x7f1b23763168 "e" names = ('pty', 'spawn') consts = ('echo', None) opcode_targets = {0x7f1b233613c1 <PyEval_EvalFrameEx+25140>, ... <repeats 107 times>} #12 0x00007f1b233626e1 in PyEval_EvalCodeEx (_co=_co@entry=<code at remote 0x7f1b237ff420>, globals=globals@entry={'__package__': None, '__builtins__': <module at remote 0x7f1b238f1c28>, '__name__': '__main__', '__doc__': None, '__loader__': <type at remote 0x564c8b38cb28>, 'pty': <module at remote 0x7f1b2375d8b8>, '__spec__': None}, locals=locals@entry={'__package__': None, '__builtins__': <module at remote 0x7f1b238f1c28>, '__name__': '__main__', '__doc__': None, '__loader__': <type at remote 0x564c8b38cb28>, 'pty': <module at remote 0x7f1b2375d8b8>, '__spec__': None}, args=args@entry=0x0, argcount=argcount@entry=0, kws=kws@entry=0x0, kwcount=0, defs=0x0, defcount=0, kwdefs=0x0, closure=0x0) at /var/tmp/portage/dev-lang/python-3.4.3-r1/work/Python-3.4.3/Python/ceval.c:3588 co = 0x7f1b237ff420 f = Frame 0x564c8b3f48a8, for file <stdin>, line 1, in <module> () retval = 0x0 fastlocals = 0x564c8b3f4a20 freevars = 0x564c8b3f4a20 tstate = 0x564c8b358140 x = <optimized out> u = <optimized out> total_args = <optimized out> i = <optimized out> n = 0 kwdict = 0x0 #13 0x00007f1b233627b3 in PyEval_EvalCode (co=co@entry=<code at remote 0x7f1b237ff420>, globals=globals@entry={'__package__': None, '__builtins__': <module at remote 0x7f1b238f1c28>, '__name__': '__main__', '__doc__': None, '__loader__': <type at remote 0x564c8b38cb28>, 'pty': <module at remote 0x7f1b2375d8b8>, '__spec__': None}, locals=locals@entry={'__package__': None, '__builtins__': <module at remote 0x7f1b238f1c28>, '__name__': '__main__', '__doc__': None, '__loader__': <type at remote 0x564c8b38cb28>, 'pty': <module at remote 0x7f1b2375d8b8>, '__spec__': None}) at /var/tmp/portage/dev-lang/python-3.4.3-r1/work/Python-3.4.3/Python/ceval.c:775 No locals. #14 0x00007f1b23384266 in run_mod (mod=mod@entry=0x564c8b42ec88, filename=filename@entry='<stdin>', globals={'__package__': None, '__builtins__': <module at remote 0x7f1b238f1c28>, '__name__': '__main__', '__doc__': None, '__loader__': <type at remote 0x564c8b38cb28>, 'pty': <module at remote 0x7f1b2375d8b8>, '__spec__': None}, locals={'__package__': None, '__builtins__': <module at remote 0x7f1b238f1c28>, '__name__': '__main__', '__doc__': None, '__loader__': <type at remote 0x564c8b38cb28>, 'pty': <module at remote 0x7f1b2375d8b8>, '__spec__': None}, flags=flags@entry=0x7ffcfe7b42e0, arena=arena@entry=0x564c8b389090) at /var/tmp/portage/dev-lang/python-3.4.3-r1/work/Python-3.4.3/Python/pythonrun.c:2180 co = 0x7f1b237ff420 v = <optimized out> #15 0x00007f1b23386fa8 in PyRun_InteractiveOneObject (fp=fp@entry=0x7f1b2300c900 <_IO_2_1_stdin_>, filename=filename@entry='<stdin>', flags=flags@entry=0x7ffcfe7b42e0) at /var/tmp/portage/dev-lang/python-3.4.3-r1/work/Python-3.4.3/Python/pythonrun.c:1445 m = <optimized out> d = <optimized out> v = '>>> ' w = '... ' oenc = 'ANSI_X3.4-1968' mod_name = '__main__' mod = 0x564c8b42ec88 arena = 0x564c8b389090 ps1 = 0x7f1b2381ee98 ">>> " ps2 = 0x7f1b23758fb0 "... " enc = 0x7f1b238141a0 "ANSI_X3.4-1968" errcode = 0 PyId_encoding = {next = 0x7f1b236a4920 <PyId___main__.13513>, string = 0x7f1b233fed80 "encoding", object = 'encoding'} PyId___main__ = {next = 0x7f1b236a4a80 <PyId_ps2>, string = 0x7f1b234125fa "__main__", object = '__main__'} #16 0x00007f1b2338712b in PyRun_InteractiveLoopFlags (fp=fp@entry=0x7f1b2300c900 <_IO_2_1_stdin_>, filename_str=filename_str@entry=0x7f1b234190c7 "<stdin>", flags=flags@entry=0x7ffcfe7b42e0) at /var/tmp/portage/dev-lang/python-3.4.3-r1/work/Python-3.4.3/Python/pythonrun.c:1324 filename = '<stdin>' v = <optimized out> ret = <optimized out> err = <optimized out> local_flags = {cf_flags = -25476576} #17 0x00007f1b23387f5f in PyRun_AnyFileExFlags (fp=fp@entry=0x7f1b2300c900 <_IO_2_1_stdin_>, filename=0x7f1b234190c7 "<stdin>", closeit=closeit@entry=0, flags=flags@entry=0x7ffcfe7b42e0) at /var/tmp/portage/dev-lang/python-3.4.3-r1/work/Python-3.4.3/Python/pythonrun.c:1286 err = <optimized out> #18 0x00007f1b2339f32d in run_file (fp=fp@entry=0x7f1b2300c900 <_IO_2_1_stdin_>, filename=filename@entry=0x0, p_cf=p_cf@entry=0x7ffcfe7b42e0) at /var/tmp/portage/dev-lang/python-3.4.3-r1/work/Python-3.4.3/Modules/main.c:319 unicode = <optimized out> bytes = 0x0 filename_str = <optimized out> run = <optimized out> #19 0x00007f1b2339fe30 in Py_Main (argc=<optimized out>, argv=0x564c8b358010) at /var/tmp/portage/dev-lang/python-3.4.3-r1/work/Python-3.4.3/Modules/main.c:751 c = <optimized out> sts = -1 command = 0x0 filename = 0x0 module = 0x0 fp = 0x7f1b2300c900 <_IO_2_1_stdin_> p = <optimized out> skipfirstline = 0 stdin_is_interactive = 1 help = <optimized out> version = <optimized out> saw_unbuffered_flag = <optimized out> cf = {cf_flags = 0} #20 0x0000564c89316df3 in main (argc=1, argv=0x7ffcfe7b4528) at /var/tmp/portage/dev-lang/python-3.4.3-r1/work/Python-3.4.3/Modules/python.c:69 argv_copy = 0x564c8b358010 argv_copy2 = 0x564c8b358030 i = 1 res = <optimized out> oldloc = 0x564c8b358050 ""
localhost ~ # emerge --info python:2.7 python:3.4 Portage 2.3.0 (python 3.4.3-final-0, hardened/linux/amd64, gcc-4.9.3, glibc-2.22-r4, 4.4.6-gentoo x86_64) ================================================================= System Settings ================================================================= System uname: Linux-4.4.6-gentoo-x86_64-Intel-R-_Core-TM-_i5-2520M_CPU_@_2.50GHz-with-gentoo-2.2 KiB Mem: 4043380 total, 2722924 free KiB Swap: 0 total, 0 free Timestamp of repository gentoo: Mon, 24 Oct 2016 00:45:01 +0000 sh bash 4.3_p48 ld GNU ld (Gentoo 2.25.1 p1.1) 2.25.1 app-shells/bash: 4.3_p48::gentoo dev-lang/perl: 5.22.2::gentoo dev-lang/python: 2.7.10-r1::gentoo, 3.4.3-r1::gentoo dev-util/pkgconfig: 0.28-r2::gentoo sys-apps/baselayout: 2.2::gentoo sys-apps/openrc: 0.21.7::gentoo sys-apps/sandbox: 2.10-r1::gentoo sys-devel/autoconf: 2.69::gentoo sys-devel/automake: 1.14.1::gentoo, 1.15::gentoo sys-devel/binutils: 2.25.1-r1::gentoo sys-devel/gcc: 4.9.3::gentoo sys-devel/gcc-config: 1.7.3::gentoo sys-devel/libtool: 2.4.6::gentoo sys-devel/make: 4.1-r1::gentoo sys-kernel/linux-headers: 4.3::gentoo (virtual/os-headers) sys-libs/glibc: 2.22-r4::gentoo Repositories: gentoo location: /usr/portage sync-type: rsync sync-uri: rsync://rsync.gentoo.org/gentoo-portage priority: -1000 ACCEPT_KEYWORDS="amd64" ACCEPT_LICENSE="* -@EULA" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-O2 -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/gconf /etc/gentoo-release /etc/sandbox.d /etc/terminfo" CXXFLAGS="-O2 -pipe" DISTDIR="/usr/portage/distfiles" FCFLAGS="-O2 -pipe" FEATURES="assume-digests binpkg-logs config-protect-if-modified distlocks ebuild-locks fixlafiles merge-sync news parallel-fetch preserve-libs protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr" FFLAGS="-O2 -pipe" GENTOO_MIRRORS="http://distfiles.gentoo.org" LDFLAGS="-Wl,-O1 -Wl,--as-needed" MAKEOPTS="" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git" PORTAGE_TMPDIR="/var/tmp" USE="acl amd64 berkdb bindist bzip2 cli cracklib crypt cxx dri gdbm hardened iconv ipv6 justify mmx mmxext modules multilib ncurses nls nptl openmp pam pax_kernel pcre pie readline seccomp session sse sse2 ssl ssp tcpd unicode urandom xattr xtpax zlib" ABI_X86="64" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump author" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ublox ubx" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-6" PYTHON_SINGLE_TARGET="python2_7" PYTHON_TARGETS="python2_7 python3_4" RUBY_TARGETS="ruby20 ruby21" USERLAND="GNU" VIDEO_CARDS="amdgpu fbdev intel nouveau radeon radeonsi vesa dummy v4l" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CC, CPPFLAGS, CTARGET, CXX, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, USE_PYTHON ================================================================= Package Settings ================================================================= dev-lang/python-2.7.10-r1::gentoo was built with the following: USE="gdbm hardened ipv6 ncurses (pie) readline ssl (ssp) (threads) (wide-unicode) xml (-berkdb) -build -doc -examples -sqlite -tk -wininst" ABI_X86="64" CFLAGS="-Og -ggdb -fwrapv" CXXFLAGS="-O2 -pipe -fwrapv" LDFLAGS="-Wl,-O1 -Wl,--as-needed -L." dev-lang/python-3.4.3-r1::gentoo was built with the following: USE="gdbm hardened ipv6 ncurses (pie) readline ssl (ssp) (threads) xml -build -examples -sqlite -tk -wininst" ABI_X86="64" CFLAGS="-Og -ggdb -fwrapv" CXXFLAGS="-O2 -pipe -fwrapv" LDFLAGS="-Wl,-O1 -Wl,--as-needed -L."
Looks like a problem in the C library. Please provide emerge --info.
(In reply to Mike Gilbert from comment #3) > Looks like a problem in the C library. Please provide emerge --info. Indeed. emerge --info is already in comment #2. I forgot to mention, this can be reproduced directly in the hardened stage3 images. Additionally, I do not see segfaults when running this simple program that uses forkpty(): #include <pty.h> int main() { pid_t pid; int master = -1; pid = forkpty(&master, 0, 0, 0); return 0; }
Giving this to hardened.
Created attachment 451340 [details] python2.7 ldd and backtrace Doing some more experimentation, I find the segfaults only happen when glibc is built by hardened gcc (I haven't tried the different hardened specs). As requested by Zorry, ldd of python2.7 and backtrace are attached (I no longer have the executable corresponding to the previously posted backtrace).
(In reply to eroen from comment #6) > > Doing some more experimentation, I find the segfaults only happen when glibc > is built by hardened gcc (I haven't tried the different hardened specs). looking at your emerge --info, it looks like you are not using a hardened-sources kernel. is that correct?
> (In reply to eroen from comment #6) > > Doing some more experimentation, I find the segfaults only happen when glibc > > is built by hardened gcc (I haven't tried the different hardened specs). Update: Segfaults do not happen if glibc is built with x86_64-pc-linux-gnu-4.9.3-vanilla, but they do happen if glibc is built with x86_64-pc-linux-gnu-4.9.3 or x86_64-pc-linux-gnu-4.9.3-hardenednopiessp. (In reply to Anthony Basile from comment #7) > looking at your emerge --info, it looks like you are not using a > hardened-sources kernel. is that correct? This is correct, I ran this with gentoo-sources kernel in hope to simplify triaging. The issue is also present with hardened kernel, but PAX kills the process before it segfaults.
(In reply to eroen from comment #8) > > (In reply to eroen from comment #6) > > > Doing some more experimentation, I find the segfaults only happen when glibc > > > is built by hardened gcc (I haven't tried the different hardened specs). > > Update: Segfaults do not happen if glibc is built with > x86_64-pc-linux-gnu-4.9.3-vanilla, but they do happen if glibc is built with > x86_64-pc-linux-gnu-4.9.3 or x86_64-pc-linux-gnu-4.9.3-hardenednopiessp. If this is an ssp issue, as you findings suggest, then it should happen even with the non-hardened gcc because we now enable ssp by default for the non-hardened profiles. So this is puzzling. > > (In reply to Anthony Basile from comment #7) > > looking at your emerge --info, it looks like you are not using a > > hardened-sources kernel. is that correct? > > This is correct, I ran this with gentoo-sources kernel in hope to simplify > triaging. The issue is also present with hardened kernel, but PAX kills the > process before it segfaults. I have been able to reproduce.
(In reply to Anthony Basile from comment #9) > (In reply to eroen from comment #8) > > > (In reply to eroen from comment #6) > > > > Doing some more experimentation, I find the segfaults only happen when glibc > > > > is built by hardened gcc (I haven't tried the different hardened specs). > > > > Update: Segfaults do not happen if glibc is built with > > x86_64-pc-linux-gnu-4.9.3-vanilla, but they do happen if glibc is built with > > x86_64-pc-linux-gnu-4.9.3 or x86_64-pc-linux-gnu-4.9.3-hardenednopiessp. > > If this is an ssp issue, as you findings suggest, then it should happen even > with the non-hardened gcc because we now enable ssp by default for the > non-hardened profiles. So this is puzzling. Sorry this statement is incorrect. I means no pie and no ssp.
Maybe this is related to stack-check or strict-overflow? Those
Maybe this is related to stack-check or strict-overflow? Those are the two flags I can think of as being relevant in here. In case it helps you can see compilation flags using this command: gcc -E -v - </dev/null 2>&1 | grep cc1
Also, for the record I can't reproduce eroens issues in the following environment: dev-lang/python-2.7.10-r1 (built with gcc 4.8.4
Also, for the record I can't reproduce eroens issues in the following environment: dev-lang/python-2.7.10-r1 (built with gcc 4.8.4). sys-libs/glibc-2.21-r1 (built with gcc 4.8.4) Just in case it helps pinpoint where the issue is.
(In reply to Francisco Blas Izquierdo Riera from comment #14) > Also, for the record I can't reproduce eroens issues in the following > environment: > > dev-lang/python-2.7.10-r1 (built with gcc 4.8.4). > sys-libs/glibc-2.21-r1 (built with gcc 4.8.4) > > Just in case it helps pinpoint where the issue is. can you try gcc-4.9.4 but add -fno-stack-check to the global CFLAGS and CXXFLAGS in your make.conf and see if that fixes the problem.
*** This bug has been marked as a duplicate of bug 575498 ***
