Bug 605502 - python fails with a backtrace
python fails with a backtrace
Status: CLOSED NOTABUG
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: rpm (Show other bugs)
6.0
All Linux
high Severity high
: rc
: ---
Assigned To: Panu Matilainen
BaseOS QE Security Team
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2010-06-18 02:35 EDT by Rakesh Pandit
Modified: 2011-03-15 09:59 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-07-13 02:36:30 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Rakesh Pandit 2010-06-18 02:35:06 EDT
Description of problem:

Attached is core dump

*** glibc detected *** python: double free or corruption (fasttop): 0x00007fb8e81ca610 ***
======= Backtrace: =========
/lib64/libc.so.6(+0x75746)[0x7fb9036c0746]
/lib64/libc.so.6(+0x7ab90)[0x7fb9036c5b90]
/lib64/libc.so.6(realloc+0xe5)[0x7fb9036c5d85]
/usr/lib64/librpmio.so.1(rrealloc+0x18)[0x7fb8f95dd4f8]
/usr/lib64/librpm.so.1(+0x1bab3)[0x7fb8f9f8fab3]
/usr/lib64/librpm.so.1(+0x1d1f0)[0x7fb8f9f911f0]
/usr/lib64/librpm.so.1(rpmdbOpen+0x4c)[0x7fb8f9f915cc]
/usr/lib64/librpm.so.1(rpmtsOpenDB+0x4b)[0x7fb8f9fbce2b]
/usr/lib64/librpm.so.1(rpmtsInitIterator+0x253)[0x7fb8f9fbd0f3]
/usr/lib64/librpm.so.1(+0x492b1)[0x7fb8f9fbd2b1]
/usr/lib64/librpm.so.1(rpmtsGetKeyring+0x2d)[0x7fb8f9fbd48d]
/usr/lib64/librpm.so.1(rpmReadPackageFile+0x33)[0x7fb8f9fa6dc3]
/usr/lib64/python2.6/site-packages/rpm/_rpmmodule.so(+0xe24a)[0x7fb8fa1ec24a]
/usr/lib64/libpython2.6.so.1.0(PyObject_Call+0x53)[0x7fb9042b4ae3]
/usr/lib64/libpython2.6.so.1.0(PyEval_CallObjectWithKeywords+0x43)[0x7fb904347e23]
/usr/lib64/libpython2.6.so.1.0(+0x5e03c)[0x7fb9042cf03c]
/usr/lib64/libpython2.6.so.1.0(PyObject_Call+0x53)[0x7fb9042b4ae3]
/usr/lib64/libpython2.6.so.1.0(PyEval_EvalFrameEx+0x45a0)[0x7fb90434cf00]
/usr/lib64/libpython2.6.so.1.0(PyEval_EvalFrameEx+0x6391)[0x7fb90434ecf1]
/usr/lib64/libpython2.6.so.1.0(PyEval_EvalCodeEx+0x871)[0x7fb90434f5d1]
/usr/lib64/libpython2.6.so.1.0(PyEval_EvalFrameEx+0x5169)[0x7fb90434dac9]
/usr/lib64/libpython2.6.so.1.0(PyEval_EvalCodeEx+0x871)[0x7fb90434f5d1]
/usr/lib64/libpython2.6.so.1.0(PyEval_EvalFrameEx+0x5169)[0x7fb90434dac9]
/usr/lib64/libpython2.6.so.1.0(PyEval_EvalFrameEx+0x6391)[0x7fb90434ecf1]
/usr/lib64/libpython2.6.so.1.0(PyEval_EvalCodeEx+0x871)[0x7fb90434f5d1]
/usr/lib64/libpython2.6.so.1.0(+0x6dc4d)[0x7fb9042dec4d]
/usr/lib64/libpython2.6.so.1.0(PyObject_Call+0x53)[0x7fb9042b4ae3]
/usr/lib64/libpython2.6.so.1.0(PyEval_EvalFrameEx+0x3e06)[0x7fb90434c766]
/usr/lib64/libpython2.6.so.1.0(PyEval_EvalFrameEx+0x6391)[0x7fb90434ecf1]
======= Memory map: ========
00400000-00401000 r-xp 00000000 fd:00 1059327                            /usr/bin/python
00600000-00601000 rw-p 00000000 fd:00 1059327                            /usr/bin/python
02441000-02d13000 rw-p 00000000 00:00 0                                  [heap]
7fb8e0000000-7fb8e0368000 rw-p 00000000 00:00 0 
7fb8e0368000-7fb8e4000000 ---p 00000000 00:00 0 
7fb8e8000000-7fb8e8309000 rw-p 00000000 00:00 0 
7fb8e8309000-7fb8ec000000 ---p 00000000 00:00 0 
7fb8eebfe000-7fb8eebff000 ---p 00000000 00:00 0 
7fb8eebff000-7fb8ef5ff000 rw-p 00000000 00:00 0 
7fb8ef5ff000-7fb8ef600000 ---p 00000000 00:00 0 
7fb8ef600000-7fb8f0000000 rw-p 00000000 00:00 0 
7fb8f0000000-7fb8f046b000 rw-p 00000000 00:00 0 
7fb8f046b000-7fb8f4000000 ---p 00000000 00:00 0 
7fb8f4195000-7fb8f4196000 ---p 00000000 00:00 0 
7fb8f4196000-7fb8f4b96000 rw-p 00000000 00:00 0 
7fb8f4b96000-7fb8f4b9f000 r-xp 00000000 fd:00 1058405                    /usr/lib64/python2.6/lib-dynload/itertoolsmodule.so
7fb8f4b9f000-7fb8f4d9f000 ---p 00009000 fd:00 1058405                    /usr/lib64/python2.6/lib-dynload/itertoolsmodule.so
7fb8f4d9f000-7fb8f4da3000 rw-p 00009000 fd:00 1058405                    /usr/lib64/python2.6/lib-dynload/itertoolsmodule.so
7fb8f4da3000-7fb8f4de4000 rw-p 00000000 00:00 0 
7fb8f4de4000-7fb8f4dec000 r-xp 00000000 fd:00 1102295                    /usr/lib64/python2.6/lib-dynload/arraymodule.so
7fb8f4dec000-7fb8f4feb000 ---p 00008000 fd:00 1102295                    /usr/lib64/python2.6/lib-dynload/arraymodule.so
7fb8f4feb000-7fb8f4fee000 rw-p 00007000 fd:00 1102295                    /usr/lib64/python2.6/lib-dynload/arraymodule.so
7fb8f4fee000-7fb8f5004000 r-xp 00000000 fd:00 1049787                    /lib64/libnsl-2.12.so
7fb8f5004000-7fb8f5203000 ---p 00016000 fd:00 1049787                    /lib64/libnsl-2.12.so
7fb8f5203000-7fb8f5204000 r--p 00015000 fd:00 1049787                    /lib64/libnsl-2.12.so
7fb8f5204000-7fb8f5205000 rw-p 00016000 fd:00 1049787                    /lib64/libnsl-2.12.so
7fb8f5205000-7fb8f5207000 rw-p 00000000 00:00 0 
7fb8f5207000-7fb8f520e000 r-xp 00000000 fd:00 1049781                    /lib64/libcrypt-2.12.so
7fb8f520e000-7fb8f540e000 ---p 00007000 fd:00 1049781                    /lib64/libcrypt-2.12.so
7fb8f540e000-7fb8f540f000 r--p 00007000 fd:00 1049781                    /lib64/libcrypt-2.12.so
7fb8f540f000-7fb8f5410000 rw-p 00008000 fd:00 1049781                    /lib64/libcrypt-2.12.so
7fb8f5410000-7fb8f543e000 rw-p 00000000 00:00 0 
7fb8f543e000-7fb8f5576000 r-xp 00000000 fd:00 1057360                    /usr/lib64/mysql/libmysqlclient_r.so.16.0.0
7fb8f5576000-7fb8f5776000 ---p 00138000 fd:00 1057360                    /usr/lib64/mysql/libmysqlclient_r.so.16.0.0
7fb8f5776000-7fb8f57c2000 rw-p 00138000 fd:00 1057360                    /usr/lib64/mysql/libmysqlclient_r.so.16.0.0
7fb8f57c2000-7fb8f57c4000 rw-p 00000000 00:00 0 
7fb8f57c4000-7fb8f57ce000 r-xp 00000000 fd:00 1094416                    /usr/lib64/python2.6/site-packages/_mysql.so
7fb8f57ce000-7fb8f59cd000 ---p 0000a000 fd:00 1094416                    /usr/lib64/python2.6/site-packages/_mysql.so
7fb8f59cd000-7fb8f59d2000 rw-p 00009000 fd:00 1094416                    /usr/lib64/python2.6/site-packages/_mysql.so
7fb8f59d2000-7fb8f59e2000 r-xp 00000000 fd:00 1058397                    /usr/lib64/python2.6/lib-dynload/datetime.so
7fb8f59e2000-7fb8f5be2000 ---p 00010000 fd:00 1058397                    /usr/lib64/python2.6/lib-dynload/datetime.so
7fb8f5be2000-7fb8f5be6000 rw-p 00010000 fd:00 1058397                    /usr/lib64/python2.6/lib-dynload/datetime.so
7fb8f5be6000-7fb8f5c68000 rw-p 00000000 00:00 0 
7fb8f5c68000-7fb8f5c69000 r-xp 00000000 fd:00 1102294                    /usr/lib64/python2.6/lib-dynload/_weakref.so
7fb8f5c69000-7fb8f5e69000 ---p 00001000 fd:00 1102294                    /usr/lib64/python2.6/lib-dynload/_weakref.so
7fb8f5e69000-7fb8f5e6a000 rw-p 00001000 fd:00 1102294                    /usr/lib64/python2.6/lib-dynload/_weakref.so
7fb8f5e6a000-7fb8f5eab000 rw-p 00000000 00:00 0 
7fb8f5eab000-7fb8f5ead000 r-xp 00000000 fd:00 1058354                    /usr/lib64/python2.6/lib-dynload/_bisectmodule.so
7fb8f5ead000-7fb8f60ac000 ---p 00002000 fd:00 1058354                    /usr/lib64/python2.6/lib-dynload/_bisectmodule.so
7fb8f60ac000-7fb8f60ad000 rw-p 00001000 fd:00 1058354                    /usr/lib64/python2.6/lib-dynload/_bisectmodule.so
7fb8f60ad000-7fb8f60b3000 r-xp 00000000 fd:00 1058363                    /usr/lib64/python2.6/lib-dynload/_collectionsmodule.so
7fb8f60b3000-7fb8f62b2000 ---p 00006000 fd:00 1058363                    /usr/lib64/python2.6/lib-dynload/_collectionsmodule.so
Aborted (core dumped)
Comment 1 Rakesh Pandit 2010-06-18 02:39:56 EDT
$ gdb --core core.dump
(gdb) Core was generated by `python ./script.py ...'
Program terminated with signal 6, Aborted.
#0  0x00007fb90367d9c5 in raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
64	  return INLINE_SYSCALL (tgkill, 3, pid, selftid, sig);
 ...
(gdb) bt
#0  0x00007fb90367d9c5 in raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1  0x00007fb90367f1a5 in abort () at abort.c:92
#2  0x00007fb9036bae2b in __libc_message (do_abort=2, fmt=0x7fb90378ea98 "*** glibc detected *** %s: %s: 0x%s ***\n")
    at ../sysdeps/unix/sysv/linux/libc_fatal.c:186
#3  0x00007fb9036c0746 in malloc_printerr (action=3, str=0x7fb90378ee20 "double free or corruption (fasttop)", ptr=<value optimized out>)
    at malloc.c:6283
#4  0x00007fb9036c5b90 in _int_realloc (av=0x7fb8e8000020, oldp=0x7fb8e81ca600, oldsize=<value optimized out>, nb=<value optimized out>)
    at malloc.c:5339
#5  0x00007fb9036c5d85 in __libc_realloc (oldmem=0x7fb8e81ca610, bytes=32) at malloc.c:3821
#6  0x00007fb8f95dd4f8 in ?? ()
#7  0x0000000000000008 in ?? ()
#8  0x00007fb8f9f8fab3 in ?? ()
#9  0x0000000000000003 in ?? ()
#10 0x0000000000000000 in ?? ()
(gdb) list
59	    if (__builtin_expect (pid <= 0, 0))
60	      pid = (pid & INT_MAX) == 0 ? selftid : -pid;
61	#endif
62	
63	#if __ASSUME_TGKILL
64	  return INLINE_SYSCALL (tgkill, 3, pid, selftid, sig);
65	#else
66	# ifdef __NR_tgkill
67	  int res = INLINE_SYSCALL (tgkill, 3, pid, selftid, sig);
68	  if (res != -1 || errno != ENOSYS)
Comment 3 Rakesh Pandit 2010-06-18 02:45:10 EDT
http://people.pnq.redhat.com/~rpandit/core.12029 core dump is too big to be attached in BZ, so I have kept it on my internal people page.
Comment 4 RHEL Product and Program Management 2010-06-18 02:53:16 EDT
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux major release.  Product Management has requested further
review of this request by Red Hat Engineering, for potential inclusion in a Red
Hat Enterprise Linux Major release.  This request is not yet committed for
inclusion.
Comment 5 Bill Nottingham 2010-06-18 10:49:35 EDT
Looks like it's in the rpm library routines.
Comment 6 Rakesh Pandit 2010-06-18 12:54:06 EDT
Umm .. I did not looked carefully. Will try to get a reproducible script at least (Monday now :) .. this side of world it is already weekend.
Comment 7 Panu Matilainen 2010-06-29 01:50:46 EDT
Any chance of a reproducer (or is this actually reproducable for you)?
Comment 8 Rakesh Pandit 2010-06-29 01:59:30 EDT
Yes it does on one of our servers. I will try to update with a reproducer today evening.
Comment 9 Panu Matilainen 2010-07-09 01:49:44 EDT
Ping? :)

If a minimal reproducer is tough, a backtrace with all debuginfos installed and/or a pointer to the crashing script, and the exact rpm version involved would be helpful.
Comment 11 Florian Festi 2010-07-13 02:36:30 EDT
It turns out this crash is caused by using the - not thread save - rpmlib in a threaded environment. Moving all calls to the library into one thread or using any other serialization method should fix this.

CLOSING as NOTABUG

Note You need to log in before you can comment on or make changes to this bug.