Bug 909618

Summary: rpm: rpmbuild segfaults when rebuilding SRPM
Product: [Fedora] Fedora Reporter: Mikolaj Izdebski <mizdebsk>
Component: rpmAssignee: Packaging Maintenance Team <packaging-team-maint>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 19CC: ffesti, jzeleny, packaging-team-maint, pknirsch, pmatilai
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: rpm-4.11.1-1.fc19 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-07-08 00:54:55 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Mikolaj Izdebski 2013-02-09 21:42:01 UTC 
Description of problem:
rpmbuild segfaults when trying to rebuild SRPM.

Version-Release number of selected component (if applicable):
4.11.0.1-1.fc19

Steps to Reproduce:
1. wget http://kojipkgs.fedoraproject.org/packages/xmvn/0.3.1/1.fc19/src/xmvn-0.3.1-1.fc19.src.rpm
2. rpm -Uvh --nodeps --nosignature --nodigest --nofiledigest xmvn-0.3.1-1.fc19.src.rpm
3. rpmbuild --nodeps -bs $HOME/rpmbuild/SPECS/xmvn.spec
  
Actual results:
Subprocess was killed with signal 11 (core dumped).

Expected results:
No segfault

Additional info:
Core was generated by `rpmbuild --nodeps -bs /root/rpmbuild/SPECS/xmvn.spec'.
Program terminated with signal 11, Segmentation fault.
#0  0x00007f4160779662 in __memcpy_sse2 () from /lib64/libc.so.6
(gdb) bt full
#0  0x00007f4160779662 in __memcpy_sse2 () from /lib64/libc.so.6
No symbol table info available.
#1  0x00007f4162b99e96 in memcpy (__len=<optimized out>, __src=0x0, __dest=0x7fff23835bd0)
    at /usr/include/bits/string3.h:51
No locals.
#2  rpmDoDigest (algo=8, fn=<optimized out>, asAscii=asAscii@entry=1, 
    digest=digest@entry=0x7fff23835bd0 "", fsizep=fsizep@entry=0x0) at rpmfileutil.c:196
        path = 0x10f6240 "/root/rpmbuild/SOURCES/xmvn-0.3.1.tar.xz"
        dig = 0x0
        diglen = 33
        buf = "\375\067zXZ\000\000\004\346\326\264F\002\000!\001\026\000\000\000t/\345\243\343G\377]R]\000\070\030Kvl\331\nN\270\232\263\317\241\263\004\253%x\374\236\245\315\242\a\250!k\021\240\240{\341E\030\304+\274j\230\253J\033~\273p\333k\323x\203\345p\212\024\213k\r|/c\b\036z\302\263y\244\362\377\071\332\031\203\337\r\226\372A(.\372\232+\302#Z\313\071\001^\225\351\060\257s\230.\320\367\214tCB\b\317\322@ \\\356\377\360O\023u\335\033\037\065\300(c$\035\305\067<qm\re\004\206N\305\177R\360\"t:\000\224\023\320K\327\006\342\377\ai\036\240U\037\256:E0\343\247\063\357of\253\273\355"...
        fd = <optimized out>
        fsize = <optimized out>
        pid = <optimized out>
        rc = 0
#3  0x00007f416323bacb in genCpioListAndHeader (fl=fl@entry=0x7fff23837c40, 
    fip=fip@entry=0x10f2138, h=0x1111630, isSrc=isSrc@entry=1) at files.c:1115
        fileid = 0
        _addDotSlash = <optimized out>
        apathlen = 18
        dpathlen = <optimized out>
        skipLen = 0
        flp = 0x10f1eb0
        buf = "\000\347$cA\177\000\000pg\022\001\000\000\000\000@\\\203#\377\177\000\000 \\\203#\377\177\000\000\210g\022\001\000\000\000\000\024\\\203#\377\177\000\000\311\001", '\000' <repeats 14 times>, "X\026\021\001\001\000\000\000\320h\022\001\000\000\000\000\200m\017\001\000\000\000\000\060\226\017\001\000\000\000\000\035\000\000\000\000\000\000\000@\226\017\001\000\000\000\000C\000\017\001\000\000\000\000x\036$cA\177\000\000\000\000\000\000\000\000\000\000@\226\017\001\000\000\000\000A\004\000\000\000\000\000\000\000\000\000\000\001\000\000\000\206\350$cA\177\000\000\260\036\017\001\000\000\000\000\340\\\203#\377\177\000\000\300\\\203#\377\177\000\000\310\036\017\001\000\000\000\000"...
        i = 0
        defaultalgo = <optimized out>
        digestalgo = 8
        totalFileSize = 23956
#4  0x00007f416323ce76 in processSourceFiles (spec=spec@entry=0x10f2080, pkgFlags=0)
    at files.c:2049
        srcPtr = <optimized out>
        fl = {buildRoot = 0x0, processingFailed = 0, haveCaps = 0, largeFiles = 0, docDirs = 0x0, 
          pkgFlags = 0, files = {recs = 0x10f1eb0, alloced = 2, used = 2}, def = {attrFlags = 0, 
            specdFlags = 0, verifyFlags = 0, ar = {ar_fmodestr = 0x0, ar_dmodestr = 0x0, 
              ar_user = 0x0, ar_group = 0x0, ar_fmode = 0, ar_dmode = 0}, langs = 0x0, caps = 0x0, 
            devtype = 0, devmajor = 0, devminor = 0, isDir = 0}, cur = {attrFlags = 0, 
            specdFlags = 0, verifyFlags = 0, ar = {ar_fmodestr = 0x0, ar_dmodestr = 0x0, 
              ar_user = 0x0, ar_group = 0x0, ar_fmode = 0, ar_dmode = 0}, langs = 0x0, caps = 0x0, 
            devtype = 0, devmajor = 0, devminor = 0, isDir = 0}}
        files = 0x10f2460
        pkg = <optimized out>
        _srcdefattr = 0x0
        oneshot = 1
#5  0x00007f416323963a in buildSpec (buildArgs=buildArgs@entry=0x605a20 <rpmBTArgs>, 
    spec=spec@entry=0x10f2080, what=64) at build.c:249
        didBuild = 0
        rc = RPMRC_OK
        test = 0
        cookie = 0x0
#6  0x00007f4163239821 in rpmSpecBuild (spec=spec@entry=0x10f2080, 
    buildArgs=buildArgs@entry=0x605a20 <rpmBTArgs>) at build.c:302
No locals.
#7  0x0000000000402b85 in buildForTarget (ts=ts@entry=0x10f8d90, 
    arg=arg@entry=0x7fff23838773 "/root/rpmbuild/SPECS/xmvn.spec", ba=0x605a20 <rpmBTArgs>)
    at rpmbuild.c:457
        buildAmount = 64
        buildRootURL = 0x0
        specFile = 0x10f9600 "/root/rpmbuild/SPECS/xmvn.spec"
        spec = 0x10f2080
        rc = 1
        justRm = 0
        specFlags = 1
        buildtree = 0x4032b0 "%{_topdir}:%{_specdir}:%{_sourcedir}:%{_builddir}:%{_rpmdir}:%{_srcrpmdir}:%{_buildrootdir}"
        rootdir = <optimized out>
        st = {st_dev = 33, st_ino = 23027, st_nlink = 1, st_mode = 33204, st_uid = 0, st_gid = 0, 
          __pad0 = 0, st_rdev = 0, st_size = 3847, st_blksize = 4096, st_blocks = 8, st_atim = {
            tv_sec = 1360444693, tv_nsec = 364641362}, st_mtim = {tv_sec = 1360247375, 
            tv_nsec = 0}, st_ctim = {tv_sec = 1360444683, tv_nsec = 299414560}, __unused = {0, 0, 
            0}}
#8  0x0000000000402e43 in build (ts=ts@entry=0x10f8d90, 
    arg=0x7fff23838773 "/root/rpmbuild/SPECS/xmvn.spec", rcfile=0x0, ba=0x605a20 <rpmBTArgs>)
    at rpmbuild.c:490
        rc = 0
        targets = 0x0
        cleanFlags = 0
        vsflags = <optimized out>
        ovsflags = 0
#9  0x0000000000401fdb in main (argc=<optimized out>, argv=<optimized out>) at rpmbuild.c:625
        ts = 0x10f8d90
        bigMode = <optimized out>
        ba = 0x605a20 <rpmBTArgs>
        pkg = <optimized out>
        ec = 0
        optCon = 0x10b92d0
Comment 1 Mikolaj Izdebski 2013-02-09 22:18:10 UTC 
I reproduced the segfault on another machine with /bin/rpm (not rpmbuild), with the same version of rpm package. Segfault again occured in memcpy() called from rpmDoDigest(). (Sorry for lack of debuginfo.)

Core was generated by `rpm -Uvh --nodeps --nosignature --nodigest --nofiledigest /root/maven-3.0.4-31.'.
Program terminated with signal 11, Segmentation fault.
#0  0x00007f92f6f10662 in __memcpy_sse2 () from /lib64/libc.so.6
(gdb) bt
#0  0x00007f92f6f10662 in __memcpy_sse2 () from /lib64/libc.so.6
#1  0x00007f92f9330e96 in rpmDoDigest () from /lib64/librpmio.so.3
#2  0x00007f92f957ec09 in rpmfiDecideFateIndex () from /lib64/librpm.so.3
#3  0x00007f92f958cbe2 in rpmtsRun () from /lib64/librpm.so.3
#4  0x00007f92f95816dc in rpmcliTransaction.isra.2 () from /lib64/librpm.so.3
#5  0x00007f92f958273d in rpmInstall () from /lib64/librpm.so.3
#6  0x00000000004018ea in main ()
Comment 2 Panu Matilainen 2013-02-11 11:28:08 UTC 
I'm not able to reproduce that with rpm 4.10, 4.11 or git master running on f18.

What's with all those --nodigest and --nofiledigest etc switches? Are you just torture-testing different rpm switches or are you getting other failures without them? This smells like a broken NSS to me... (and quite possibly related to bug 909627 too)
Comment 3 Panu Matilainen 2013-02-11 14:09:40 UTC 
FWIW I'm not able to reproduce this on rawhide either.

Unless I remove libfreebl3.so, after which the symptoms match the ones in here and bug 909627, and kinda explains all those --no-switches too:

nss-softokn-freebl is missing or damaged on your system(s) where this occurs.
Comment 4 Fedora End Of Life 2013-04-03 16:43:45 UTC 
This bug appears to have been reported against 'rawhide' during the Fedora 19 development cycle.
Changing version to '19'.

(As we did not run this process for some time, it could affect also pre-Fedora 19 development
cycle bugs. We are very sorry. It will help us with cleanup during Fedora 19 End Of Life. Thank you.)

More information and reason for this action is here:
https://fedoraproject.org/wiki/BugZappers/HouseKeeping/Fedora19
Comment 5 Fedora Update System 2013-07-05 09:13:50 UTC 
rpm-4.11.1-1.fc19 has been submitted as an update for Fedora 19.
https://admin.fedoraproject.org/updates/rpm-4.11.1-1.fc19
Comment 6 Fedora Update System 2013-07-06 00:54:28 UTC 
Package rpm-4.11.1-1.fc19:
* should fix your issue,
* was pushed to the Fedora 19 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing rpm-4.11.1-1.fc19'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2013-12411/rpm-4.11.1-1.fc19
then log in and leave karma (feedback).
Comment 7 Fedora Update System 2013-07-08 00:54:55 UTC 
rpm-4.11.1-1.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.