[New-bugs-announce] [issue27542] Segfault in gcmodule.c:360 visit_decref

Julien report at bugs.python.org
Sun Jul 17 07:31:26 EDT 2016 

New submission from Julien:

Was running `python -m pip install ansible` when I got a "segmentation fault".

bt is:

(gdb) bt
#0  0x00000000004a7ec4 in visit_decref () at ../Modules/gcmodule.c:360
#1  0x00000000004a7fa9 in dict_traverse () at ../Objects/dictobject.c:2144
#2  0x00000000004a6f88 in subtract_refs () at ../Modules/gcmodule.c:385
#3  collect.lto_priv () at ../Modules/gcmodule.c:925
#4  0x0000000000500d2e in PyGC_Collect () at ../Modules/gcmodule.c:1440
#5  0x0000000000500184 in Py_Finalize () at ../Python/pythonrun.c:448
#6  0x0000000000525148 in Py_Exit (sts=0) at ../Python/pythonrun.c:1783
#7  0x0000000000522553 in handle_system_exit () at ../Python/pythonrun.c:1151
#8  0x0000000000521e46 in PyErr_PrintEx () at ../Python/pythonrun.c:1161
#9  0x0000000000520dc9 in RunModule.lto_priv.1258 () at ../Modules/main.c:194
#10 0x000000000049de26 in Py_Main () at ../Modules/main.c:587
#11 0x00007fddb03e25f0 in __libc_start_main (main=0x49d710 <main>, argc=6, argv=0x7ffdfcb8cfe8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, 
    stack_end=0x7ffdfcb8cfd8) at libc-start.c:291
#12 0x000000000049d639 in _start ()

Problem looks obvious:
(gdb) p (((PyObject*)(op))->ob_type)
$86202 = (struct _typeobject *) 0x0

But `subtract_refs()` from `Modules/gcmodule.c:385` is iterating a very long chained list, and I'm not sure it's of any help iterating over it.

Can provide core dump if of any help.

Python version: Python 2.7.12
PIP version: pip 8.1.2 from /usr/lib/python2.7/dist-packages (python 2.7)

Looks reproductible:

```
$ python -m pip install --user ansible
Collecting ansible
Collecting jinja2 (from ansible)
  Using cached Jinja2-2.8-py2.py3-none-any.whl
Collecting setuptools (from ansible)
  Using cached setuptools-24.0.3-py2.py3-none-any.whl
Collecting PyYAML (from ansible)
Collecting pycrypto>=2.6 (from ansible)
Collecting paramiko (from ansible)
  Using cached paramiko-2.0.1-py2.py3-none-any.whl
Collecting MarkupSafe (from jinja2->ansible)
Collecting cryptography>=1.1 (from paramiko->ansible)
Collecting pyasn1>=0.1.7 (from paramiko->ansible)
  Using cached pyasn1-0.1.9-py2.py3-none-any.whl
Collecting enum34 (from cryptography>=1.1->paramiko->ansible)
  Using cached enum34-1.1.6-py2-none-any.whl
Collecting idna>=2.0 (from cryptography>=1.1->paramiko->ansible)
  Using cached idna-2.1-py2.py3-none-any.whl
Collecting cffi>=1.4.1 (from cryptography>=1.1->paramiko->ansible)
  Using cached cffi-1.7.0-cp27-cp27mu-manylinux1_x86_64.whl
Collecting ipaddress (from cryptography>=1.1->paramiko->ansible)
  Using cached ipaddress-1.0.16-py27-none-any.whl
Collecting six>=1.4.1 (from cryptography>=1.1->paramiko->ansible)
  Using cached six-1.10.0-py2.py3-none-any.whl
Collecting pycparser (from cffi>=1.4.1->cryptography>=1.1->paramiko->ansible)
Installing collected packages: MarkupSafe, jinja2, setuptools, PyYAML, pycrypto, enum34, idna, pycparser, cffi, ipaddress, six, pyasn1, cryptography, paramiko, ansible
Successfully installed MarkupSafe-0.23 PyYAML-3.11 ansible-2.1.0.0 cffi-1.7.0 cryptography-1.4 enum34-1.1.6 idna-2.1 ipaddress-1.0.16 jinja2-2.8 paramiko-2.0.1 pyasn1-0.1.9 pycparser-2.14 pycrypto-2.6.1 setuptools-24.0.3 six-1.10.0
Segmentation fault (core dumped)
```

I tried installing only a few packages to see if one in particular causes the bug and yes, cffi may be the one:

```
$ python -m pip install --user cffi
Collecting cffi
  Using cached cffi-1.7.0-cp27-cp27mu-manylinux1_x86_64.whl
Collecting pycparser (from cffi)
Installing collected packages: pycparser, cffi
Successfully installed cffi-1.7.0 pycparser-2.14
Segmentation fault (core dumped)
```

But not pycparser alone:

```
$ python -m pip install --user pycparser
Collecting pycparser
Installing collected packages: pycparser
Successfully installed pycparser-2.14
```

----------
components: Interpreter Core
messages: 270633
nosy: sizeof
priority: normal
severity: normal
status: open
title: Segfault in gcmodule.c:360 visit_decref
versions: Python 2.7

_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue27542>
_______________________________________

More information about the New-bugs-announce mailing list