Bug 164130 - Crash when verifying nfs-utils
Crash when verifying nfs-utils
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: rpm (Show other bugs)
4
x86_64 Linux
medium Severity high
: ---
: ---
Assigned To: Paul Nasrat
Mike McLean
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-07-25 03:09 EDT by Ian Burrell
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-01-06 07:49:14 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
backtrace from rpmv -- glibc detected invalid pointer (6.93 KB, text/plain)
2005-08-29 19:46 EDT, Matthew Hannigan
no flags Details

  None (edit)
Description Ian Burrell 2005-07-25 03:09:31 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.7.10) Gecko/20050720 Fedora/1.0.6-1.1.fc4 Firefox/1.0.6

Description of problem:
rpm verify is crashing with a free invalid pointer on a particular package.  It could crash on other packages; nfs-utils is the first when doing '-Va'.  It 
Run 'rpm -V nfs-utils'.  It dies with the following message:

.........   /var/lib/nfs
..?...... c /var/lib/nfs/etab
..?...... c /var/lib/nfs/rmtab
*** glibc detected *** /usr/lib/rpm/rpmv: free(): invalid pointer: 0x0000000000afc0b4 ***
======= Backtrace: =========
/lib64/libc.so.6[0x30b356a94e]
/lib64/libc.so.6(__libc_free+0x6e)[0x30b356ae7e]
/usr/lib64/librpm-4.4.so(rpmVerifyFile+0x51e)[0x3bf3949478]
/usr/lib64/librpm-4.4.so(showVerifyPackage+0x24a)[0x3bf39498c9]
/usr/lib64/librpm-4.4.so(rpmcliShowMatches+0x26)[0x3bf3927ffd]
/usr/lib64/librpm-4.4.so(rpmQueryVerify+0x1fd)[0x3bf3928c3f]
/usr/lib64/librpm-4.4.so(rpmcliArgIter+0x80)[0x3bf39293ec]
/usr/lib64/librpm-4.4.so(rpmcliVerify+0x8d)[0x3bf3948ecd]
/usr/lib/rpm/rpmv[0x40214f]
/lib64/libc.so.6(__libc_start_main+0xdc)[0x30b351c4cc]
/usr/lib/rpm/rpmv[0x4019a9]
======= Memory map: ========
<memory map snipped>


Version-Release number of selected component (if applicable):
rpm-4.4.1-22.x86_64

How reproducible:
Always

Steps to Reproduce:
1. rpm -V nfs-utils
2. Crash

  

Additional info:
Comment 1 Ian Burrell 2005-07-25 22:48:25 EDT
It still crashes after the nfs-utils update.  And removing and reinstalling
nfs-utils does not fix it.  After removing nfs-utils, it crashes 

Here is a stack trace:

(gdb) bt
#0  0x00000030b352f3b0 in *__GI_raise (sig=Variable "sig" is not available.
) at ../nptl/sysdeps/unix/sysv/linux/raise.c:67
#1  0x00000030b3530860 in *__GI_abort () at ../sysdeps/generic/abort.c:88
#2  0x00000030b3564caf in __libc_message (do_abort=Variable "do_abort" is not
available.
) at ../sysdeps/unix/sysv/linux/libc_fatal.c:170
#3  0x00000030b356a94e in _int_free (av=0x30b3733680, mem=Variable "mem" is not
available.
) at malloc.c:5578
#4  0x00000030b356ae7e in *__GI___libc_free (mem=Variable "mem" is not available.
) at malloc.c:3419
#5  0x0000003bf3949478 in rpmVerifyFile (ts=Variable "ts" is not available.
) at verify.c:142
#6  0x0000003bf39498c9 in showVerifyPackage (qva=0x3bf3a8eb60, ts=0x52c510,
h=0xaee880) at verify.c:316
#7  0x0000003bf3927ffd in rpmcliShowMatches (qva=0x3bf3a8eb60, ts=0x52c510) at
query.c:394
#8  0x0000003bf3928c3f in rpmQueryVerify (qva=0x3bf3a8eb60, ts=0x52c510,
arg=0xade4e0 "nfs-utils") at query.c:672
#9  0x0000003bf39293ec in rpmcliArgIter (ts=0x52c510, qva=0x3bf3a8eb60,
argv=Variable "argv" is not available.
) at query.c:754
#10 0x0000003bf3948ecd in rpmcliVerify (ts=0x52c510, qva=0x3bf3a8eb60,
argv=0x506320) at verify.c:534
#11 0x000000000040214f in main (argc=4, argv=Variable "argv" is not available.
) at ./rpmqv.c:813
#12 0x00000030b351c4cc in __libc_start_main (main=0x401a90 <main>, argc=4,
ubp_av=0x7ffffff92578,
    init=0x402260 <__libc_csu_init>, fini=Variable "fini" is not available.
) at ../sysdeps/generic/libc-start.c:228
#13 0x00000000004019a9 in _start ()
#14 0x00007ffffff92568 in ?? ()
#15 0x0000000000000000 in ?? ()
Comment 2 Ian Burrell 2005-07-26 02:09:06 EDT
Oops.  Forgot to complete the message.  What I meant to say, is that after
removing nfs-utils, there are no other crashes.  The crash only seems to happen
when verifying nfs-utils package.
Comment 3 Jeff Johnson 2005-08-25 13:30:54 EDT
Hmmm, this smells like the selinux MLS double free problem.
Comment 4 Matthew Hannigan 2005-08-29 19:46:49 EDT
Created attachment 118233 [details]
backtrace from rpmv -- glibc detected invalid pointer
Comment 5 Matthew Hannigan 2005-08-29 19:55:20 EDT
I've confirmed the above backtrace also occurs for just verifying nfs-utils.
It also happens for a non-root user, in case it matters.

I note that the rpm -V almost finishes; assuming that the
it's the same order as rpm -ql, the only files after the rmtab
are:
   /var/lib/nfs/rpc_pipefs
   /var/lib/nfs/statd
   /var/lib/nfs/state
   /var/lib/nfs/xtab



First few lines of bt mention libselinux:

# rpm -qV nfs-utils
..?...... c /var/lib/nfs/etab
..?...... c /var/lib/nfs/rmtab
*** glibc detected *** /usr/lib/rpm/rpmq: free(): invalid pointer: 0x08ee4730 ***
======= Backtrace: =========
/lib/libc.so.6[0xb67124]
/lib/libc.so.6(__libc_free+0x77)[0xb6765f]
/lib/libselinux.so.1(freecon+0x1d)[0xa0a91d]
/usr/lib/librpm-4.4.so(rpmVerifyFile+0x5ed)[0x65c580]
/usr/lib/librpm-4.4.so(showVerifyPackage+0x25c)[0x65ca53]
/usr/lib/librpm-4.4.so(rpmcliShowMatches+0x3e)[0x636183]
/usr/lib/librpm-4.4.so(rpmQueryVerify+0x22f)[0x636ed0]
/usr/lib/librpm-4.4.so(rpmcliArgIter+0xa8)[0x63792d]
/usr/lib/librpm-4.4.so(rpmcliVerify+0x8f)[0x65beef]
/usr/lib/rpm/rpmq[0x8049ba2]
/lib/libc.so.6(__libc_start_main+0xdf)[0xb18d5f]
/usr/lib/rpm/rpmq[0x8049301]
Comment 6 Need Real Name 2005-11-21 00:59:03 EST
I'm also having this problem as well as with the filesystem rpm.

SELinux is enabled, but set to passive.
Comment 7 Paul Nasrat 2005-11-28 13:59:36 EST
Please confirm if this occurs with rpm from FC5 test1
Comment 8 Tomasz Ostrowski 2005-12-08 07:08:15 EST
I'm not reporter but I've had similar problem. I've recompiled
rpm-4.4.2-7.src.rpm from FC5-test1 and installed it and now I can do "rpm -Va"
without a crash.

My crash after "rpm -V filesystem" looked very similar to comment #5:
*** glibc detected *** /usr/lib/rpm/rpmv: free(): invalid pointer: 0x08de15ee ***
======= Backtrace: =========
/lib/libc.so.6[0x202124]
/lib/libc.so.6(__libc_free+0x77)[0x20265f]
/lib/libselinux.so.1(freecon+0x1d)[0x38991d]
/usr/lib/librpm-4.4.so(rpmVerifyFile+0x5ed)[0xc05580]
/usr/lib/librpm-4.4.so(showVerifyPackage+0x25c)[0xc05a53]
/usr/lib/librpm-4.4.so(rpmcliShowMatches+0x3e)[0xbdf183]
/usr/lib/librpm-4.4.so(rpmQueryVerify+0x22f)[0xbdfed0]
/usr/lib/librpm-4.4.so(rpmcliArgIter+0xa8)[0xbe092d]
/usr/lib/librpm-4.4.so(rpmcliVerify+0x8f)[0xc04eef]
/usr/lib/rpm/rpmv[0x8049ba2]
/lib/libc.so.6(__libc_start_main+0xdf)[0x1b3d5f]
/usr/lib/rpm/rpmv[0x8049301]
Comment 9 Ian Burrell 2005-12-22 02:46:24 EST
rpm -Va works fine on Rawhide with rpm-4.4.2-11.x86_64.
Comment 10 Tomasz Ostrowski 2006-01-17 05:21:58 EST
Please provide errata rpm package for FC4. "rpm -V" is very useful when
upgrading, migrating etc. but it does not work now. Also, when rpm crashes, it
can leave its database in locked state - it is not obvious that man have to
unlock it with:
    rm -f /var/lib/rpm/__db.*

Note You need to log in before you can comment on or make changes to this bug.