Bug 84769

Summary: rpm -qf /dir/file segfaults on some files
Product: [Retired] Red Hat Linux Reporter: Andrei Gaponenko <andr>
Component: rpmAssignee: Jeff Johnson <jbj>
Status: CLOSED WORKSFORME QA Contact: Mike McLean <mikem>
Severity: medium Docs Contact:
Priority: medium    
Version: 8.0   
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2003-02-25 22:46:21 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
The result of "strace -f /bin/rpm -qf /bin/df" none

Description Andrei Gaponenko 2003-02-21 03:50:00 UTC 
Description of problem:

rpm crashes with segmentation fault when trying to identify a package containing
a given file for *some* files. Notably /bin/df, /bin/cp, ... I observed this on
a couple of different RH8.0 machines, both as root and as a normal user.  
Removing stale /var/lib/rpm/__db*  files did not help.

Version-Release number of selected component (if applicable):

rach ~$ /bin/rpm -qf /bin/rpm
rpm-4.1-1.06

(Note that it worked!)

How reproducible:  Always

Steps to Reproduce:

rach ~$ /bin/rpm -qf /bin/df 
Segmentation fault
rach ~$ /bin/rpm -qf /bin/cp
Segmentation fault

On some files it works:

rach ~$ /bin/rpm -qf /bin/sync
fileutils-4.1.9-11

Actual results: rpm killed by SIGSEGV.

Expected results: Output of a package name.


Additional info:
Comment 1 Jeff Johnson 2003-02-25 00:05:52 UTC 
Can you characterize this problem any further? As
described, I'm not going to be able to reproduce
meaningfully.
Comment 2 Andrei Gaponenko 2003-02-25 01:49:05 UTC 
Created attachment 90337 [details]
The result of "strace -f  /bin/rpm -qf /bin/df"

The problem persists on my machine. I am attaching a strace of a failed rpm
execution.  We can give you a temporary account on the machine.  Please contact
me off forum with your ssh public key or suggest another way to arrange the
access if it may be useful in debugging the problem.
Comment 3 Jeff Johnson 2003-02-25 02:23:01 UTC 
Hmmm, you're segfaulting while accessing /var/lib/rpm/Pubkeys.

What happens if you do
    rm -f /var/lib/rpm/__db*
    mv /var/lib/rpm/Pubkeys /var/lib/rpm/Pubkeys-ORIG
and repeat the failing command.

If that works, what happens if you do
    rpm --rebuilddb -vv
Comment 4 Andrei Gaponenko 2003-02-25 05:31:14 UTC 
I tried this. The details are below, and here is the summary:

1) Hiding Pubkeys prevented the crash. 

2) After rebuilddb "rpm -qf ....." worked. 

3) HOWEVER, the Pubkeys file alone does not cause the crash. Rebuilddb
   changed something else, so that even returning the old Pubkeys does
   not cause the crash any more.


I still have another system where rpm segfaults on the query. BTW,
RH8.0 was installed there from scratch just several days ago.  If you
want to investigate further, there is the possibility.  Looks like
running a rebuilddb there would get rid of the problem, but not of the
bug?

================================================================
rach ~$ rpm -qf /bin/df
Segmentation fault

[root@rach rpm]# mv Pubkeys Pubkeys.orig

rach ~$ rpm -qf /bin/df
error: cannot open Pubkeys index using db3 - No such file or directory (2)
fileutils-4.1.9-11

1) So, the removal of Pubkeys prevented the crash.

[root@rach rpm]# pwd
/var/lib/rpm
[root@rach rpm]# ls
Basenames     Filemd5s    Name         Provideversion  Requirename     Sigmd5
Conflictname  Group       Packages     Pubkeys.new     Requireversion  Triggername
Dirnames      Installtid  Providename  Pubkeys.orig    Sha1header
[root@rach rpm]# 
[root@rach rpm]# rpm --rebuilddb -vv > ~/rrr2.txt 2>&1
[root@rach rpm]# ls
Basenames     Filemd5s    Name         Provideversion  Pubkeys.orig   
Sha1header   __db.001
Conflictname  Group       Packages     Pubkeys         Requirename     Sigmd5  
    __db.002
Dirnames      Installtid  Providename  Pubkeys.new     Requireversion 
Triggername  __db.003
[root@rach rpm]# 


(Note the left over __db* files after a --rebuilddb. Looks like
another bug.)

rach ~$ rpm -qf /bin/df
fileutils-4.1.9-11

2) OK, it works after --rebuilddb.  Was the Pubkeys really the
   culprit?

[root@rach rpm]# cmp Pubkeys Pubkeys.orig 
Pubkeys Pubkeys.orig differ: char 53, line 1

[root@rach rpm]# mv Pubkeys Pubkeys.new
[root@rach rpm]# ln Pubkeys.orig Pubkeys 

rach ~$ rpm -qf /bin/df
fileutils-4.1.9-11

3) NO, the old Pubkeys file alone does not cause the crash!
Comment 5 Jeff Johnson 2003-02-25 22:46:21 UTC 
1) No, __db files are persistent since rpm-4.1.

2) & 3) Dunno what the problem was, but prefer the
Pubkeys file (re-)generated by --rebuilddb
Comment 6 Andrei Gaponenko 2003-08-20 21:18:12 UTC 
The same problem showed up on *several* RH8 machines again.
I've noticed more details this time, so posting it here.
Namely, there is a pattern to these rpm crashes.

At the start, it crashes when run by a regular user:

tw11 ~$ rpm -qf /bin/df
Segmentation fault (core dumped)
tw11 ~$ rpm -qf /bin/df
Segmentation fault (core dumped)

When run by root, it works on the first attempt, but crashes on the
second on the same file in most cases (but notice /bin/ls):

tw11 ~$ su -
Password: 
[root@tw11 root]# rpm -qf /bin/df
fileutils-4.1.9-11
[root@tw11 root]# rpm -qf /bin/df
Segmentation fault
[root@tw11 root]# rpm -qf /bin/sync
fileutils-4.1.9-11
[root@tw11 root]# rpm -qf /bin/sync
Segmentation fault
[root@tw11 root]# rpm -qf /bin/ls  
Segmentation fault
[root@tw11 root]# rpm -qf /bin/dd
fileutils-4.1.9-11
[root@tw11 root]# rpm -qf /bin/dd
Segmentation fault


Removing the _db* files fixes it. Or rather, gives you one more
execution:

[root@tw11 root]# rm /var/lib/rpm/__db.00*
rm: remove regular file `/var/lib/rpm/__db.001'? y
rm: remove regular file `/var/lib/rpm/__db.002'? y
rm: remove regular file `/var/lib/rpm/__db.003'? y
[root@tw11 root]# rpm -qf /bin/df
fileutils-4.1.9-11
[root@tw11 root]# rpm -qf /bin/df
Segmentation fault
[root@tw11 root]# rm /var/lib/rpm/__db.00*
rm: remove regular file `/var/lib/rpm/__db.001'? y
rm: remove regular file `/var/lib/rpm/__db.002'? y
rm: remove regular file `/var/lib/rpm/__db.003'? y
[root@tw11 root]# rpm -qf /bin/df
fileutils-4.1.9-11
[root@tw11 root]# rpm -qf /bin/df
Segmentation fault

This is still rpm-4.1-1.06, and strace output looks pretty much the
same as the one attached.  It crashes on Pubkeys:

================
....
access("/var/lib/rpm/__db.001", F_OK)   = 0
access("/var/lib/rpm/Pubkeys", F_OK)    = 0
open("/var/lib/rpm/Pubkeys", O_RDONLY|O_LARGEFILE) = 5
fcntl64(5, F_SETFD, FD_CLOEXEC)         = 0
fstat64(5, {st_mode=S_IFREG|0644, st_size=12288, ...}) = 0
_llseek(5, 0, [0], SEEK_SET)            = 0
read(5, "\0\0\0\0\0\0\0\0\0\0\0\0a\25\6\0\7\0\0\0\0\20\0\0\0\10"..., 256) = 256
close(5)                                = 0
open("/var/lib/rpm/Pubkeys", O_RDONLY|O_LARGEFILE) = 5
fcntl64(5, F_SETFD, FD_CLOEXEC)         = 0
fstat64(5, {st_mode=S_IFREG|0644, st_size=12288, ...}) = 0
brk(0x806d000)                          = 0x806d000
brk(0x806e000)                          = 0x806e000
brk(0x806f000)                          = 0x806f000
brk(0x8071000)                          = 0x8071000
brk(0x8072000)                          = 0x8072000
rt_sigprocmask(SIG_BLOCK, ~[], [RTMIN], 8) = 0
rt_sigprocmask(SIG_SETMASK, [RTMIN], NULL, 8) = 0
--- SIGSEGV (Segmentation fault) ---
+++ killed by SIGSEGV +++
================

Removing _db*, Pubkeys, and rebuilding the database fixes the problem.