Bug 460146

Summary: rpm segfault installing kernel
Product: [Fedora] Fedora Reporter: jmccann
Component: rpmAssignee: Jindrich Novy <jnovy>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: medium    
Version: rawhideCC: cschalle, ffesti, jnovy, pknirsch, pnasrat, yaneti
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-08-29 19:12:26 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description jmccann 2008-08-26 14:00:33 UTC
Description of problem:
Seg fault installing kernel

Version-Release number of selected component (if applicable):
rpm-4.5.90-0.git8461.2.i386


How reproducible:
Every time

sudo gdb --args rpm -ivh kernel-2.6.27-0.278.rc4.git4.fc10.i686.rpm kernel-firmware-2.6.27-0.278.rc4.git4.fc10.noarch.rpm
GNU gdb Fedora (6.8-20.fc10)
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "i386-redhat-linux-gnu"...
(gdb) r
Starting program: /bin/rpm -ivh kernel-2.6.27-0.278.rc4.git4.fc10.i686.rpm kernel-firmware-2.6.27-0.278.rc4.git4.fc10.noarch.rpm
[Thread debugging using libthread_db enabled]
[New Thread 0xb7fe3710 (LWP 6191)]
Detaching after fork from child process 6204.
Detaching after fork from child process 6205.
Detaching after fork from child process 6206.
Detaching after fork from child process 6207.
Detaching after fork from child process 6208.
Detaching after fork from child process 6209.
Preparing...                ########################################### [100%]

Program received signal SIGSEGV, Segmentation fault.
0x0036635b in strlen () from /lib/libc.so.6
Missing separate debuginfos, use: debuginfo-install gcc.i386 sqlite.i386
(gdb) bt
#0  0x0036635b in strlen () from /lib/libc.so.6
#1  0x003327c6 in _IO_vfprintf_internal (s=<value optimized out>, format=<value optimized out>, 
    ap=<value optimized out>) at vfprintf.c:1581
#2  0x003ea432 in ___vsnprintf_chk (s=<value optimized out>, maxlen=<value optimized out>, 
    flags=<value optimized out>, slen=<value optimized out>, format=<value optimized out>, 
    args=<value optimized out>) at vsnprintf_chk.c:65
#3  0x009fef7d in vsnprintf () at /usr/include/bits/stdio2.h:78
#4  rasprintf (strp=<value optimized out>, fmt=<value optimized out>) at rpmstring.c:153
#5  0x00a58906 in rpmProblemString (prob=<value optimized out>) at rpmps.c:321
#6  0x00a58c06 in rpmpsPrint (fp=<value optimized out>, ps=<value optimized out>) at rpmps.c:405
#7  0x00a57003 in rpmInstall (ts=<value optimized out>, ia=<value optimized out>, 
    fileArgv=<value optimized out>) at rpminstall.c:557
#8  0x0804ace2 in main (argc=4, argv=0xbffff7d4) at rpmqv.c:751

Comment 1 Yanko Kaneti 2008-08-26 14:26:28 UTC
I guess that would be rpm failing while trying to complain about /boot being full.

Comment 2 jmccann 2008-08-26 15:02:51 UTC
Looks like the trigger was indeed /boot being full.  I had 3 x kernel+initrd installed.  I removed the oldest kernel and then I was able to install the latest kernel.

Comment 3 Jindrich Novy 2008-08-26 16:54:37 UTC
Hmm, this one looks interesting. It actually segfaults in a printing function while figuring out final string size from the format string. And yes, rpm just wants to complain about lack of disc space:

    case RPMPROB_DISKSPACE:
        rc = rasprintf(&buf,
            _("installing package %s needs %ld%cB on the %s filesystem"),
                pkgNEVR,
                prob->num1 > (1024*1024)
                    ? (prob->num1 + 1024 * 1024 - 1) / (1024 * 1024)
                    : (prob->num1 + 1023) / 1024,
                prob->num1 > (1024*1024) ? 'M' : 'K',
                str1);
        break;

The p->num1 is uint64_t and rasprintf() eats just long int, maybe that's the problem. Please write me your arch so that I can point you to likely fixed testing rpms. Thanks.

Comment 4 jmccann 2008-08-26 17:28:50 UTC
Arch is i686

Comment 5 Jindrich Novy 2008-08-26 17:54:16 UTC
The rpms are here: http://koji.fedoraproject.org/koji/taskinfo?taskID=787317

Do you still see the sefault with the new rpms?

Comment 6 jmccann 2008-08-29 18:13:09 UTC
The segfault is gone when using:
rpm-4.5.90-0.git8461.3.i386

I now get:
[('installing package kernel-2.6.27-0.290.rc5.fc10.i686 needs 2MB on the /boot filesystem', (9, '/boot', 2012160L))]


Thanks!

Comment 7 Jindrich Novy 2008-08-29 19:12:26 UTC
Thanks for reporting & testing :)

It's now fixed in rawhide.