Bug 214110

Summary: yum check-update segfaults
Product: [Fedora] Fedora Reporter: Kasper Dupont <bugzilla>
Component: rpmAssignee: Paul Nasrat <nobody+pnasrat>
Status: CLOSED DUPLICATE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 5CC: chitlesh, vedran
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-07-17 12:07:51 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Kasper Dupont 2006-11-05 20:12:27 UTC 
Description of problem:
Running yum check-update resulted in Segmentation fault (core dumped)

Version-Release number of selected component (if applicable):
yum-2.6.1-0.fc5

How reproducible:
Any attempt to run yum after the problem occurred results in yum getting stuck
in a futex call.

Steps to Reproduce:
1. yum check-update
  
Actual results:
Loading "installonlyn" plugin
Setting up repositories
core                                                                 [1/3]
updates                                                              [2/3]
extras                                                               [3/3]
Reading repository metadata in from local files
Segmentation fault (core dumped)


Expected results:
Yum terminates cleanly

Additional info:
Here is a stack trace in case that might be any help. The machine where I saw
the problem does not have gdb installed, so this stack trace is produced by
copying the core file to a different machine. Both are running FC5 with all updates:
#0  0x007f5757 in __memp_fget_rpmdb () from /usr/lib/librpmdb-4.4.so
#1  0x007c6850 in __db_goff_rpmdb () from /usr/lib/librpmdb-4.4.so
#2  0x007ce15d in __db_ret_rpmdb () from /usr/lib/librpmdb-4.4.so
#3  0x007b948d in __db_c_get_rpmdb () from /usr/lib/librpmdb-4.4.so
#4  0x007bf946 in __db_c_get_pp_rpmdb () from /usr/lib/librpmdb-4.4.so
#5  0x0074f946 in tagType () from /usr/lib/librpmdb-4.4.so
#6  0x00749f73 in rpmdbNextIterator () from /usr/lib/librpmdb-4.4.so
#7  0x00d18fd9 in hdr_fiFromHeader () from
/usr/lib/python2.4/site-packages/rpm/_rpmmodule.so
#8  0x02081855 in PyEval_EvalFrame () from /usr/lib/libpython2.4.so.1.0
#9  0x020858cc in PyEval_EvalFrame () from /usr/lib/libpython2.4.so.1.0
#10 0x020858cc in PyEval_EvalFrame () from /usr/lib/libpython2.4.so.1.0
#11 0x02086758 in PyEval_EvalCodeEx () from /usr/lib/libpython2.4.so.1.0
#12 0x02084b0b in PyEval_EvalFrame () from /usr/lib/libpython2.4.so.1.0
#13 0x02086758 in PyEval_EvalCodeEx () from /usr/lib/libpython2.4.so.1.0
#14 0x02084b0b in PyEval_EvalFrame () from /usr/lib/libpython2.4.so.1.0
#15 0x020858cc in PyEval_EvalFrame () from /usr/lib/libpython2.4.so.1.0
#16 0x02086758 in PyEval_EvalCodeEx () from /usr/lib/libpython2.4.so.1.0
#17 0x02084b0b in PyEval_EvalFrame () from /usr/lib/libpython2.4.so.1.0
#18 0x02086758 in PyEval_EvalCodeEx () from /usr/lib/libpython2.4.so.1.0
#19 0x020867e3 in PyEval_EvalCode () from /usr/lib/libpython2.4.so.1.0
#20 0x020a3548 in Py_CompileString () from /usr/lib/libpython2.4.so.1.0
#21 0x020a4c58 in PyRun_SimpleFileExFlags () from /usr/lib/libpython2.4.so.1.0
#22 0x020a533a in PyRun_AnyFileExFlags () from /usr/lib/libpython2.4.so.1.0
#23 0x020abd65 in Py_Main () from /usr/lib/libpython2.4.so.1.0
#24 0x080485b2 in main ()
Comment 1 Jeff Johnson 2006-11-06 23:21:35 UTC 
You need to do
    rm -f /var/lib/rpm/__db*
after *every* exceptional event like a segfault.
Comment 2 Kasper Dupont 2006-11-19 03:13:33 UTC 
Might the following be another symptom of the same bug, or is it a different bug?

On another computer also running FC5 /etc/cron.daily/rpm got stuck in an
infinite loop. Using strace I could see it was just burning CPU cycles never
making any system calls. Here is the output I got using gdb on the process:

gdb /usr/lib/rpm/rpmq 5199
GNU gdb Red Hat Linux (6.3.0.0-1.134.fc5rh)
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux-gnu"...Using host libthread_db
library "/lib/libthread_db.so.1".

Attaching to program: /usr/lib/rpm/rpmq, process 5199
Reading symbols from shared object read from target memory...done.
Loaded system supplied DSO at 0xe1b000
`shared object read from target memory' has disappeared; keeping its symbols.
Reading symbols from /usr/lib/librpmbuild-4.4.so...Reading symbols from
/usr/lib/debug/usr/lib/librpmbuild-4.4.so.debug...done.
done.
Loaded symbols for /usr/lib/librpmbuild-4.4.so
Reading symbols from /usr/lib/librpm-4.4.so...Reading symbols from
/usr/lib/debug/usr/lib/librpm-4.4.so.debug...done.
done.
Loaded symbols for /usr/lib/librpm-4.4.so
Reading symbols from /usr/lib/librpmdb-4.4.so...Reading symbols from
/usr/lib/debug/usr/lib/librpmdb-4.4.so.debug...done.
done.
Loaded symbols for /usr/lib/librpmdb-4.4.so
Reading symbols from /lib/libselinux.so.1...done.
Loaded symbols for /lib/libselinux.so.1
Reading symbols from /usr/lib/librpmio-4.4.so...Reading symbols from
/usr/lib/debug/usr/lib/librpmio-4.4.so.debug...done.
done.
Loaded symbols for /usr/lib/librpmio-4.4.so
Reading symbols from /usr/lib/libpopt.so.0...Reading symbols from
/usr/lib/debug/usr/lib/libpopt.so.0.0.0.debug...done.
done.
Loaded symbols for /usr/lib/libpopt.so.0
Reading symbols from /usr/lib/libsqlite3.so.0...done.
Loaded symbols for /usr/lib/libsqlite3.so.0
Reading symbols from /usr/lib/libelf.so.1...done.
Loaded symbols for /usr/lib/libelf.so.1
Reading symbols from /usr/lib/libbeecrypt.so.6...done.
Loaded symbols for /usr/lib/libbeecrypt.so.6
Reading symbols from /usr/lib/libneon.so.25...done.
Loaded symbols for /usr/lib/libneon.so.25
Reading symbols from /lib/libm.so.6...done.
Loaded symbols for /lib/libm.so.6
Reading symbols from /lib/libdl.so.2...done.
Loaded symbols for /lib/libdl.so.2
Reading symbols from /usr/lib/libz.so.1...done.
Loaded symbols for /usr/lib/libz.so.1
Reading symbols from /lib/librt.so.1...done.
Loaded symbols for /lib/librt.so.1
Reading symbols from /lib/libpthread.so.0...done.
[Thread debugging using libthread_db enabled]
[New Thread -1208543008 (LWP 5199)]
Loaded symbols for /lib/libpthread.so.0
Reading symbols from /usr/lib/libbz2.so.1...done.
Loaded symbols for /usr/lib/libbz2.so.1
Reading symbols from /lib/libc.so.6...done.
Loaded symbols for /lib/libc.so.6
Reading symbols from /lib/libsepol.so.1...done.
Loaded symbols for /lib/libsepol.so.1
Reading symbols from /lib/libgcc_s.so.1...done.
Loaded symbols for /lib/libgcc_s.so.1
Reading symbols from /usr/lib/libstdc++.so.6...done.
Loaded symbols for /usr/lib/libstdc++.so.6
Reading symbols from /lib/libssl.so.6...done.
Loaded symbols for /lib/libssl.so.6
Reading symbols from /lib/libcrypto.so.6...done.
Loaded symbols for /lib/libcrypto.so.6
Reading symbols from /usr/lib/libgssapi_krb5.so.2...done.
Loaded symbols for /usr/lib/libgssapi_krb5.so.2
Reading symbols from /usr/lib/libkrb5.so.3...done.
Loaded symbols for /usr/lib/libkrb5.so.3
Reading symbols from /usr/lib/libk5crypto.so.3...done.
Loaded symbols for /usr/lib/libk5crypto.so.3
Reading symbols from /usr/lib/libkrb5support.so.0...done.
Loaded symbols for /usr/lib/libkrb5support.so.0
Reading symbols from /lib/libcom_err.so.2...done.
Loaded symbols for /lib/libcom_err.so.2
Reading symbols from /lib/libresolv.so.2...done.
Loaded symbols for /lib/libresolv.so.2
Reading symbols from /lib/libexpat.so.0...done.
Loaded symbols for /lib/libexpat.so.0
Reading symbols from /lib/ld-linux.so.2...done.
Loaded symbols for /lib/ld-linux.so.2
Reading symbols from /lib/libsetrans.so.0...done.
Loaded symbols for /lib/libsetrans.so.0
0x003fa5ac in __db_shalloc_rpmdb (infop=0x82cbbc0, len=4223, align=Variable
"align" is not available.
) at ../db/dist/../env/db_salloc.c:171
171     ../db/dist/../env/db_salloc.c: No such file or directory.
        in ../db/dist/../env/db_salloc.c
(gdb) bt
#0  0x003fa5ac in __db_shalloc_rpmdb (infop=0x82cbbc0, len=4223, align=Variable
"align" is not available.
) at ../db/dist/../env/db_salloc.c:171
#1  0x00420411 in __memp_alloc_rpmdb (dbmp=0x82cbb70, infop=0x82cbbc0,
mfp=0xb7f6d4f8, len=4223, offsetp=0x0, retp=0xbfc3ace8) at
../db/dist/../mp/mp_alloc.c:88
#2  0x00421a80 in __memp_fget_rpmdb (dbmfp=0x82cbf78, pgnoaddr=0xbfc3ad6c,
flags=0, addrp=0xbfc3ad48) at ../db/dist/../mp/mp_fget.c:369
#3  0x003f2850 in __db_goff_rpmdb (dbp=0x82cbc78, dbt=0x82cd32c, tlen=200168,
pgno=22422, bpp=0x82cc104, bpsz=0x82cc10c) at ../db/dist/../db/db_overflow.c:147
#4  0x003fa15d in __db_ret_rpmdb (dbp=0x82cbc78, h=0xb7e5649c, indx=59,
dbt=0x82cd32c, memp=0x82cc104, memsize=0x82cc10c) at ../db/dist/../db/db_ret.c:50
#5  0x003e548d in __db_c_get_rpmdb (dbc_arg=0x82cc0b8, key=0x82cd314,
data=0x82cd32c, flags=Variable "flags" is not available.
) at ../db/dist/../db/db_cam.c:778
#6  0x003eb946 in __db_c_get_pp_rpmdb (dbc=0x82cc0b8, key=0x82cd314,
data=0x82cd32c, flags=18) at ../db/dist/../db/db_iface.c:1741
#7  0x0037b946 in db3cget (dbi=0x82cb6d0, dbcursor=0x82cc0b8, key=0x82cd314,
data=0x82cd32c, flags=18) at db3.c:612
#8  0x00375f73 in rpmdbNextIterator (mi=0x82cd2f8) at rpmdb.h:591
#9  0x0075931f in rpmgiNext (gi=0x82cb528) at rpmgi.c:504
#10 0x0074aa2b in rpmgiShowMatches (qva=0x7b5680, ts=0x82cb2f0) at query.c:372
#11 0x0074b032 in rpmQueryVerify (qva=0x7b5680, ts=0x82cb2f0, arg=0x0) at
query.c:448
#12 0x0074be9e in rpmcliArgIter (ts=0x82cb2f0, qva=0x7b5680, argv=0x0) at
query.c:728
#13 0x0074c002 in rpmcliQuery (ts=0x82cb2f0, qva=0x7b5680, argv=0x0) at query.c:807
#14 0x08049afc in main (argc=5, argv=0xbfc3c1d4) at ./rpmqv.c:804
#15 0x00b3f4e4 in __libc_start_main () from /lib/libc.so.6
#16 0x08049251 in _start ()
Comment 3 Chitlesh GOORAH 2006-11-22 08:33:52 UTC 
I have the same segfault bug . And I have to rm -f /var/lib/rpm/__db*. However
to me this occurs after a successful yum install/update.
Comment 4 Vedran Miletić 2006-11-25 19:08:31 UTC 
Either this is a duplicate of 213963 or the other way round. Someone with 
apropriate permissions should decide.
Comment 5 Jeff Johnson 2006-12-03 18:29:27 UTC 
Segafualts and loss of data are likely due to removing an rpmdb environment
without correcting other problems in the rpmdb.
FYI: Most rpmdb "hangs" are now definitely fixed by purging stale read locks when opening
a database environment in rpm-4.4.8-0.4. There's more todo, but I'm quite sure that a
large class of problems with symptoms of "hang" are now corrected.

Detecting damaged by verifying when needed is well automated in rpm-4.4.8-0.4. Automatically 
correcting all possible damage is going to take more work, but a large class of problems is likely
already fixed in rpm-4.4.8-0.8 as well.

UPSTREAM
Comment 6 Kasper Dupont 2006-12-03 19:11:10 UTC 
I don't see any updates, I did yum check-update just a few hours ago. And now I
see the looping rpmq process again. The stack trace is slightly different from
last time.

Loaded symbols for /lib/ld-linux.so.2
Reading symbols from /lib/libsetrans.so.0...done.
Loaded symbols for /lib/libsetrans.so.0
0x00424bdb in __memp_fput_rpmdb (dbmfp=0x909cf78, pgaddr=0xb7ed1bec,
flags=Variable "flags" is not available.
) at ../db/dist/../mp/mp_fput.c:217
217     ../db/dist/../mp/mp_fput.c: No such file or directory.
        in ../db/dist/../mp/mp_fput.c
(gdb) bt
#0  0x00424bdb in __memp_fput_rpmdb (dbmfp=0x909cf78, pgaddr=0xb7ed1bec,
flags=Variable "flags" is not available.
) at ../db/dist/../mp/mp_fput.c:217
#1  0x003e4aec in __db_c_cleanup (dbc=0x909d0b8, dbc_n=0x90a6a18, failed=0) at
../db/dist/../db/db_cam.c:1485
#2  0x003e5125 in __db_c_get_rpmdb (dbc_arg=0x909d0b8, key=0x909e314,
data=0x909e32c, flags=3085769708)
    at ../db/dist/../db/db_cam.c:808
#3  0x003eb946 in __db_c_get_pp_rpmdb (dbc=0x909d0b8, key=0x909e314,
data=0x909e32c, flags=18)
    at ../db/dist/../db/db_iface.c:1741
#4  0x0037b946 in db3cget (dbi=0x909c6d0, dbcursor=0x909d0b8, key=0x909e314,
data=0x909e32c, flags=18) at db3.c:612
#5  0x00375f73 in rpmdbNextIterator (mi=0x909e2f8) at rpmdb.h:591
#6  0x0075931f in rpmgiNext (gi=0x909c528) at rpmgi.c:504
#7  0x0074aa2b in rpmgiShowMatches (qva=0x7b5680, ts=0x909c2f0) at query.c:372
#8  0x0074b032 in rpmQueryVerify (qva=0x7b5680, ts=0x909c2f0, arg=0x0) at
query.c:448
#9  0x0074be9e in rpmcliArgIter (ts=0x909c2f0, qva=0x7b5680, argv=0x0) at
query.c:728
#10 0x0074c002 in rpmcliQuery (ts=0x909c2f0, qva=0x7b5680, argv=0x0) at query.c:807
#11 0x08049afc in main (argc=5, argv=0xbf879e04) at ./rpmqv.c:804
#12 0x00b3f4e4 in __libc_start_main () from /lib/libc.so.6
#13 0x08049251 in _start ()
(gdb)
Comment 7 Jeff Johnson 2006-12-03 20:00:33 UTC 
rpm-4.4.8-0.4 is not in FC (but the changes should, nay need!, to be in FC).

The rpm-4.4.8-0.4 bits are at

    ftp://wraptastic.org/pub/rpm/i386-linux/{RPMS,SRPMS}

which is also a rpm-metadata repository.
Comment 8 Jeff Johnson 2006-12-03 20:05:45 UTC 
If you actually try rpm-4.4.8-0.4, you will need an additional /etc/rpm/sysinfo file
that is masking out certain problems with FC6 packages and rpm-4.4.8-0.4.

The copy I am currently using is at
    ftp://wraptastic.org/pub/jbj/sysinfo

Copy to /etc/rpm/sysinfo.

Alternatively, get used to invoking rpm -Uvh with additional
    --noparentdirs --nolinktos
(but that will not work with yum, /etc/rpm/sysinfo is the recommended solution)
Comment 9 Panu Matilainen 2007-07-17 12:07:51 UTC 

*** This bug has been marked as a duplicate of 213963 ***