Bug 617204

Summary:

Segfault on updating packages

Product:

Red Hat Enterprise Linux 6

Reporter:

Amit Shah <amit.shah>

Component:

rpm

Assignee:

Panu Matilainen <pmatilai>

Status:

CLOSED DUPLICATE

QA Contact:

BaseOS QE Security Team <qe-baseos-security>

Severity:

medium

Docs Contact:

Priority:

low

Version:

6.0

CC:

amit.shah, ddumas, ebenes, notting

Target Milestone:

Target Release:

---

Hardware:

All

OS:

Linux

Whiteboard:

Fixed In Version:

Doc Type:

Bug Fix

Doc Text:

Story Points:

---

Clone Of:

Environment:

Last Closed:

2010-07-29 04:36:44 UTC

Type:

---

Regression:

---

Mount Type:

---

Documentation:

---

CRM:

Verified Versions:

Category:

---

oVirt Team:

---

RHEL 7.3 requirements from Atomic Host:

Cloudforms Team:

---

Target Upstream Version:

Embargoed:

Attachments:

Description	Flags
Complete backtrace for the crash	none
List of packages being updated	none

Description Amit Shah 2010-07-22 13:33:30 UTC

Created attachment 433696 [details]
Complete backtrace for the crash

Description of problem:

Attached is the invalid pointer crash I get on updating some packages, snippet below:

Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Updating       : glib2-2.22.5-4.el6.x86_64                              1/437
  Updating       : 1:dbus-libs-1.2.24-2.el6 [                         ]   2/437*** glibc detected *** /usr/bin/python: free(): invalid pointer: 0x00000000068484d0 ***
======= Backtrace: =========
/lib64/libc.so.6(+0x75736)[0x7f063d00d736]
/lib64/libselinux.so.1(selinux_trans_to_raw_context+0x8e)[0x7f063a3fdb1e]
/lib64/libselinux.so.1(lsetfilecon+0x28)[0x7f063a3fab58]
/usr/lib64/librpm.so.1(+0x2ceb7)[0x7f0634105eb7]
/usr/lib64/librpm.so.1(+0x2f158)[0x7f0634108158]
/usr/lib64/librpm.so.1(+0x2f4e0)[0x7f06341084e0]
/usr/lib64/librpm.so.1(+0x2ccfd)[0x7f0634105cfd]
/usr/lib64/librpm.so.1(fsmSetup+0x17b)[0x7f063410988b]
/usr/lib64/librpm.so.1(+0x35dd6)[0x7f063410edd6]
/usr/lib64/librpm.so.1(+0x35714)[0x7f063410e714]
/usr/lib64/librpm.so.1(rpmtsRun+0x86b)[0x7f0634127afb]
/usr/lib64/python2.6/site-packages/rpm/_rpmmodule.so(+0xe51c)[0x7f063435151c]

...

# rpm -q rpm
Freeing read locks for locker 0xe: 1864/139664788297472
Freeing read locks for locker 0x10: 1864/139664788297472
Freeing read locks for locker 0x11: 1864/139664788297472
Freeing read locks for locker 0x12: 1864/139664788297472
Freeing read locks for locker 0x7e1: 1864/139664788297472
Freeing read locks for locker 0x7e3: 1864/139664788297472
Freeing read locks for locker 0x7e4: 1864/139664788297472
Freeing read locks for locker 0x7e5: 1864/139664788297472
Freeing read locks for locker 0x7e6: 1864/139664788297472
Freeing read locks for locker 0x7e7: 1864/139664788297472
Freeing read locks for locker 0x7e8: 1864/139664788297472
Freeing read locks for locker 0x7e9: 1864/139664788297472
Freeing read locks for locker 0x7ea: 1864/139664788297472
Freeing read locks for locker 0x7eb: 1864/139664788297472
Freeing read locks for locker 0x7ec: 1864/139664788297472
Freeing read locks for locker 0x7ed: 1864/139664788297472
Freeing read locks for locker 0x7ee: 1864/139664788297472
Freeing read locks for locker 0x7ef: 1864/139664788297472
rpm-4.8.0-10.el6.x86_64
[root@localhost ~]# rpm -q yum
yum-3.2.27-12.el6.noarch


This is always reproducible for me on this VM so I'm happy to try out anything you want me to.

Comment 2 RHEL Program Management 2010-07-22 13:58:27 UTC

This issue has been proposed when we are only considering blocker
issues in the current Red Hat Enterprise Linux release.

** If you would still like this issue considered for the current
release, ask your support representative to file as a blocker on
your behalf. Otherwise ask that it be considered for the next
Red Hat Enterprise Linux release. **

Comment 3 Eduard Benes 2010-07-22 14:33:16 UTC

Amit, what packages are you updating? Are you able to reproduce this on an another box with the same rpm version?

Comment 4 Amit Shah 2010-07-22 15:44:03 UTC

The list of packages being updated is attached.

I also tried just updating rpm first to the latest avl. on the repo (4.8.0-12) and got this:

Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Updating       : glib2-2.22.5-4.el6.x86_64                              1/431 
  Updating       : 1:dbus-libs-1.2.24-2.el6.x86_64                        2/431 
  Updating       : libgcc-4.4.4-12.el6.x86_64                             3/431 
  Updating       : libstdc++-4.4.4-12.el6.x86_64                          4/431 
  Updating       : dbus-glib-0.86-5.el6.x86_64                            5/431 
  Updating       : libcom_err-1.41.12-3.el6.x86_64                        6/431 
  Updating       : openssl-1.0.0-4.el6.x86_64                             7/431 
  Updating       : python-libs-2.6.5-3.el6.x86_64                         8/431 
Segmentation fault (core dumped)

Comment 5 Amit Shah 2010-07-22 15:54:50 UTC

Created attachment 433742 [details]
List of packages being updated

Comment 6 Amit Shah 2010-07-22 16:31:38 UTC

Just updating python and python-libs first and then rpm also doesn't help:


Dependencies Resolved

================================================================================
 Package             Arch           Version              Repository        Size
================================================================================
Updating:
 python-libs         x86_64         2.6.5-3.el6          rhel-pnq         617 k
Updating for dependencies:
 python              x86_64         2.6.5-3.el6          rhel-pnq         4.8 M

...


Dependencies Resolved

================================================================================
 Package            Arch           Version               Repository        Size
================================================================================
Updating:
 rpm                x86_64         4.8.0-12.el6          rhel-pnq         895 k
Updating for dependencies:
 rpm-libs           x86_64         4.8.0-12.el6          rhel-pnq         307 k
 rpm-python         x86_64         4.8.0-12.el6          rhel-pnq          51 k

...

# yum update

...

--------------------------------------------------------------------------------
Total                                           4.5 MB/s | 183 MB     00:40     
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Updating       : glib2-2.22.5-4.el6.x86_64                              1/427 
  Updating       : 1:dbus-libs-1.2.24-2.el6.x86_64                        2/427 
  Updating       : libgcc-4.4.4-12.el6.x86_64                             3/427 
*** glibc detected *** /usr/bin/python: malloc(): smallbin double linked list corrupted: 0x0000000004c28610 ***


In this case, I don't get to the prompt, yum just hangs here.

In the previous two cases (direct yum update, yum update after rpm update) I was dropped back to the shell.

Comment 7 Dave Malcolm 2010-07-23 14:51:45 UTC

This may be a duplicate of bug 608710 ; hopefully we can get a scratch build for testing soon.

Comment 8 Denise Dumas 2010-07-28 17:19:26 UTC

And 608710 appears to be caused by 607650, 
which should be fixed in the respun Snap 7 kernel, kernel-2.6.32-44.2.el6 
(this needs to be on the host - guest kernel doesn't matter)

Comment 9 Bill Nottingham 2010-07-28 21:26:22 UTC

Amit - are you running on KVM?

Comment 10 Amit Shah 2010-07-29 04:36:44 UTC

(In reply to comment #9)
> Amit - are you running on KVM?    

Ah; yes. I didn't realise this is the KVM MMU bug since my host kernels were updated but due to a grub screwup I was always booted into an older kernel.

Pointing grub to the newest avl. does solve it. Marking as a dupe of 607650

*** This bug has been marked as a duplicate of bug 607650 ***