Bug 85504

Summary: rpm produces segmentation fault when installing or removing some packages
Product: [Retired] Red Hat Linux Reporter: Keith Lea <keith>
Component: rpmAssignee: Jeff Johnson <jbj>
Status: CLOSED WORKSFORME QA Contact: Mike McLean <mikem>
Severity: high Docs Contact:
Priority: medium    
Version: 8.0CC: pekkas
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2003-03-22 20:18:47 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
strace output for rpm -e freetype-utils none

Description Keith Lea 2003-03-03 20:30:30 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4a) Gecko/20030114

Description of problem:
first, it hangs when attempting to install gtk2 from the apt repository
described at http://people.ecsc.co.uk/~matt/repository.html:

---

[root@localhost rpm]# apt-get install libbonoboui
Reading Package Lists... Done
Collecting File Provides... Done
Building Dependency Tree... Done
The following extra packages will be installed:
  GConf2 GConf2-devel XFree86 XFree86-Xnest XFree86-Xvfb XFree86-base-fonts
  XFree86-devel XFree86-libs XFree86-libs-data XFree86-twm XFree86-xdm
  XFree86-xfs bonobo-activation bonobo-activation-devel freetype
  freetype-devel gnome-vfs2 gnome-vfs2-devel gtk2 gtk2-devel libbonobo
  libbonobo-devel libbonoboui-devel libglade2 libglade2-devel libgnome
  libgnome-devel libgnomecanvas libgnomecanvas-devel libgsf-1 librsvg2
  librsvg2-devel libxml2 libxml2-devel pango
The following packages will be upgraded
  GConf2 GConf2-devel XFree86 XFree86-Xnest XFree86-Xvfb XFree86-base-fonts
  XFree86-devel XFree86-libs XFree86-twm XFree86-xdm XFree86-xfs
  bonobo-activation bonobo-activation-devel freetype freetype-devel gnome-vfs2
  gnome-vfs2-devel gtk2 gtk2-devel libbonobo libbonobo-devel libbonoboui
  libbonoboui-devel libglade2 libglade2-devel libgnome libgnome-devel
  libgnomecanvas libgnomecanvas-devel librsvg2 librsvg2-devel libxml2
  libxml2-devel pango
The following packages will be REPLACED:
  XFree86-xtrap-clients (by XFree86)  Xft (by XFree86-libs)  Xft-devel (by
  XFree86-devel)
The following packages will be REMOVED:
  eel2-devel freetype-demos freetype-utils libgnomeui-devel libxml2-python
  pango-devel redhat-config-packages
The following NEW packages will be installed:
  XFree86-libs-data libgsf-1
34 packages upgraded, 2 newly installed, 3 replaced, 7 removed and 29 not upgraded.
Need to get 0B/45.9MB of archives. After unpacking 13.9MB will be used.
Do you want to continue? [Y/n] y
Executing RPM (-e)...
Executing RPM (-Uvh)...
error: Failed dependencies:
        freetype = 2.1.2-7 is needed by (installed) freetype-utils-2.1.2-7
        freetype = 2.1.2-7 is needed by (installed) freetype-demos-2.1.2-7
        pango = 1.1.1 is needed by (installed) pango-devel-1.1.1-1
        libxml2 = 2.4.23 is needed by (installed) libxml2-python-2.4.23-1
E: Sub-process /bin/rpm recieved a segmentation fault.
E: Sub-process /bin/rpm returned an error code (36)


---

but then it segfaults when I try to remove freetype-utils:

---

[root@localhost rpm]# gdb rpm
<..>
(gdb) run -e freetype-utils-2.1.2-7
Starting program: /bin/rpm -e freetype-utils-2.1.2-7

Program received signal SIGSEGV, Segmentation fault.
0x081cadeb in elf_machine_rel.0 ()
(gdb) backtrace
#0  0x081cadeb in elf_machine_rel.0 ()
#1  0x081cb209 in elf_dynamic_do_rel.7 ()
#2  0x081cb47f in _dl_relocate_object ()
#3  0x081c3743 in dl_open_worker ()
#4  0x081c2323 in _dl_catch_error ()
#5  0x081c3303 in _dl_open ()
#6  0x081a238e in do_dlopen ()
#7  0x081c2323 in _dl_catch_error ()
#8  0x081a22a3 in __libc_dlopen ()
#9  0x08199a4e in __nss_lookup_function ()
#10 0x0819a3d2 in __nss_lookup ()
#11 0x0819aa12 in __nss_passwd_lookup ()
#12 0x08184633 in getpwnam_r ()
#13 0x081841dc in getpwnam ()
#14 0x08062a12 in rpmpsmStage ()
#15 0x080616d7 in rpmpsmStage ()
#16 0x080628a9 in rpmpsmStage ()
#17 0x0807ce6c in rpmtsRun ()
#18 0x0806e873 in rpmErase ()
#19 0x08048ced in main ()
#20 0x0815ad62 in __libc_start_main ()
(gdb)

---

I have run rpm --rebuilddb, --initdb, rm -f'd locks. db_verify Packages returns
no errors.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. Execute rpm -e freetype-utils on my machine :)
    

Additional info:
Comment 1 Jeff Johnson 2003-03-05 00:58:53 UTC 
Hmmm, are you using LDAP passwords? If so,
you need to run nscd to avoid a segfault that affects statically linked
binaries like /bin/rpm.
Comment 2 Keith Lea 2003-03-05 01:07:21 UTC 
I don't know what LDAP is, so no, I'm not using LDAP passwords. (And there's no
administrator who would've installed such a thing for me - this is my own machine.)
Comment 3 Jeff Johnson 2003-03-05 01:12:17 UTC 
Are you running nscd?

If not, can you start "/sbin/service nscd restart" and repeat?
Comment 4 Keith Lea 2003-03-05 01:39:49 UTC 
no, it was not running. after starting it I still get the same segfault with the
same backtrace running rpm -e freetype-utils.
Comment 5 Jeff Johnson 2003-03-05 01:53:31 UTC 
OK.

What's in /etc/nssswitch.conf? Try files first, make sure
that all the users in the freetype package are known.

What glibc?
Comment 6 Keith Lea 2003-03-05 02:03:01 UTC 
passwd:     files nisplus
shadow:     files nisplus
group:      files nisplus

hosts:      files nisplus dns
bootparams: nisplus [NOTFOUND=return] files

ethers:     files
netmasks:   files
networks:   files
protocols:  files nisplus
rpc:        files
services:   files nisplus

netgroup:   files nisplus

publickey:  nisplus

automount:  files nisplus
aliases:    files nisplus

--

[root@localhost root]# rpm -q glibc
glibc-2.3.1-51

--

I think you're assuming I know more about rpm and ns* than I do. What does "Try
files first, make sure that all the users in the freetype package are known" mean?
Comment 7 Jeff Johnson 2003-03-05 02:10:59 UTC 
Ah, sorry.

The backtrace from getpwnam on is trying to look up a user name
for a file through glibc (see man 3 getpwnam).

The dl_* routines are an indication that something (like LDAP,
one means to look up users, NIS is another, /etc/passwd
aka files is a 3rd way) is fubar.

A segfault often happens with /bin/rpm, a statically linked binary,
which is more sensitive to structure changes (there are a few) and
linkage through helper libraries.

So, you have files first, which should use /etc/passwd, but there
appears to be a further lookup through nisplus.

What happens if you edit /etc/nssswitch.conf and delete "nisplus"
on the passwd/shadow/group lines? Save a copy, duh ...
Comment 8 Keith Lea 2003-03-05 02:46:28 UTC 
same problem. do I need to restart anything after editing it?
Comment 9 Jeff Johnson 2003-03-05 02:59:57 UTC 
OK. No nothing needs restarting.

An strace should give a hint as to what file is being loaded, and
from that I might be able to guess what is happening.

Can you try
    strace -f -o /tmp/xxx the_command_here
and attach /tmp/xxx? Thanks.
Comment 10 Keith Lea 2003-03-05 04:45:05 UTC 
Created attachment 90469 [details]
strace output for rpm -e freetype-utils

here you go.
Comment 11 Keith Lea 2003-03-15 21:05:59 UTC 
please help me Jeff, I still can't install or remove packages at all :(
Comment 12 Jeff Johnson 2003-03-15 21:19:16 UTC 
OK. The strace indicates nscd running with successful
root lookup.

Can you try attaching the output of
    strace -o /tmp/xxx rpm -evv freetype-utils
The -vv will help me figger where the program is segfaulting.
Comment 13 Keith Lea 2003-03-16 17:41:34 UTC 
if you want the /tmp/xxx too, I can attach that, but i assume it's the same as
last time...

D: opening  db environment /var/lib/rpm/Packages joinenv
D: opening  db index       /var/lib/rpm/Packages rdonly mode=0x0
D: locked   db index       /var/lib/rpm/Packages
D: opening  db index       /var/lib/rpm/Name rdonly mode=0x0
D: opening  db index       /var/lib/rpm/Pubkeys rdonly mode=0x0
D:  read h#     663 Header sanity check: OK
D: ========== DSA pubkey id 219180cddb42a60e
D:  read h#     819 Header V3 DSA signature: OK, key ID db42a60e
D: ========== --- freetype-utils-2.1.2-7
D: opening  db index       /var/lib/rpm/Requirename rdonly mode=0x0
D: closed   db index       /var/lib/rpm/Pubkeys
D: closed   db index       /var/lib/rpm/Requirename
D: closed   db index       /var/lib/rpm/Name
D: closed   db index       /var/lib/rpm/Packages
D: closed   db environment /var/lib/rpm/Packages
D: opening  db environment /var/lib/rpm/Packages joinenv
D: opening  db index       /var/lib/rpm/Packages create mode=0x42
D: getting list of mounted filesystems
D: sanity checking 1 elments
D: computing 4 file fingerprints
D: computing file dispositions
D: opening  db index       /var/lib/rpm/Basenames create mode=0x42
D: ========== --- freetype-utils-2.1.2-7
D:     erase: freetype-utils-2.1.2-7 has 4 files, test = 0
D: opening  db index       /var/lib/rpm/Name create mode=0x42
D:  read h#     819 Header V3 DSA signature: OK, key ID db42a60e
Comment 14 Jeff Johnson 2003-03-19 21:00:22 UTC 
If that's all the output, then instance #819
is probably damaged.

Can you give me a pointer (i.e. URL, attachments won't work)
to a tarball of you database
   cd /var/lib
    tar czvf /tmp/rpmdb-85504.tar.gz rpm
and I'll zap record #819
Comment 15 Keith Lea 2003-03-19 21:54:47 UTC 
note that freetype-utils isn't the only package that crashes on erase.

http://www.kano.net/in/rpmdb.tar.gz
Comment 16 Jeff Johnson 2003-03-19 22:17:09 UTC 
Hmmm, you database looks fine, signatures/digests
are being verified, so it's impossible that the
data is corrupt or modified.

Here's what I see for, say, freetype-utils:
...
D:  read h#     819 Header V3 DSA signature: OK, key ID db42a60e
D:   +++ h#     484 Header V3 DSA signature: OK, key ID db42a60e
D: adding "freetype-utils" to Name index.
D: adding 4 entries to Basenames index.
D: adding "System Environment/Libraries" to Group index.
D: adding 9 entries to Requirename index.
D: adding "freetype-utils" to Providename index.
D: adding "/usr/bin/" to Dirnames index.
D: adding 9 entries to Requireversion index.
D: adding "2.1.2-7" to Provideversion index.
D: adding 1 entries to Installtid index.
D: adding 1 entries to Sigmd5 index.
D: adding "dd89f5af8c5406f45bfcb2a0360a1fdedc008c01" to Sha1header index.
D: adding 4 entries to Filemd5s index.


So there's something else local to your machine that's causing
the problem

Let's see if this problem can't be bracketed. You're currently
running rpm-4.1-1.06. Can you try rpm-4.1-9 packages from
    ftp://people.redhat.com/jbj/test-4.1

You'll have to install manually, so do the following:
    cd /var/tmp
    <download all the packages, don't forget popt>
    mkdir xxx
    cd xxx
    for i in ../{rpm,popt}-*.rpm
    do
        echo $i ---
        rpm2cpio $i | cpio -dim
    done
    find . -type d -exec chmod 755 {} \;
    tar cf - . | (cd /; tar xvf -)

and see if same segfault?

If segfault then there's something wrong with your pam
modules is my guess.
Comment 17 Keith Lea 2003-03-20 02:06:26 UTC 
everything works now :) thanks a ton. is there anything else I should do?
Comment 18 Jeff Johnson 2003-03-22 20:18:47 UTC 
If you added "private" to /etc/rpm/macros, then you might
want to remove. Otherwise, maybe a --rebuilddb.

You ought to figger what happened, however. If a manual
rpm2cpio "fix"ed, then your files were damaged somehow.
Comment 19 Pekka Savola 2003-10-08 07:36:18 UTC 
We noticed the same problems with RHL8 rpm.  The same procedure for replacing
RPM worked fine for us.