Description of problem: After upgrading (from 2.6.13) to the 2.6.15 series of kernels, rpm -Va now aborts (glibc complains of invalid pointer being freed) leaving behind HELD locks in /var/lib/rpm/__db*. After this, any further rpm action that requires write access to the db's fails. Version-Release number of selected component (if applicable): How reproducible: ALWAYS Steps to Reproduce: 1. Upgrade kernel from 2.6.13* to latest 2.6.15 (1833, now I believe) 2. Run rpm -Va 3. View locks: (cd /var/lib/rpm && /usr/lib/rpm/rpmdb_stat -CA) 4. Try upgrading, installing or removing a package. (Should hang RPM) Actual results: # rpm -Va <snip> ........C /usr/lib/qt-3.3/plugins/designer/libgladeplugin.so ........C /usr/lib/qt-3.3/plugins/designer/libkdevdlgplugin.so ........C /usr/lib/qt-3.3/plugins/designer/librcplugin.so ........C /usr/lib/qt-3.3/plugins/designer/libwizards.so ........C /usr/lib/libesd.so.0.2.36 ........C /usr/lib/libesddsp.so.0.2.36 ........C /usr/lib/libgucharmap.so.4.0.3 ..?...... /usr/src/kernels/2.6.13-1.1532_FC4-i686/include/config/MARKER ..?...... c /var/lib/nfs/etab ..?...... c /var/lib/nfs/rmtab *** glibc detected *** /usr/lib/rpm/rpmv: free(): invalid pointer: 0x0a0340d0 *** ======= Backtrace: ========= /lib/libc.so.6[0x79f124] /lib/libc.so.6(__libc_free+0x77)[0x79f65f] /lib/libselinux.so.1(freecon+0x1d)[0xba38dd] /usr/lib/librpm-4.4.so(rpmVerifyFile+0x5ed)[0x30b580] /usr/lib/librpm-4.4.so(showVerifyPackage+0x25c)[0x30ba53] /usr/lib/librpm-4.4.so[0x2e512e] /usr/lib/librpm-4.4.so(rpmQueryVerify+0xfb)[0x2e5d9c] /usr/lib/librpm-4.4.so(rpmcliArgIter+0x2b9)[0x2e6b3e] /usr/lib/librpm-4.4.so(rpmcliVerify+0x8f)[0x30aeef] /usr/lib/rpm/rpmv[0x8049ba2] /lib/libc.so.6(__libc_start_main+0xdf)[0x750d5f] /usr/lib/rpm/rpmv[0x8049301] ======= Memory map: ======== 00111000-0011a000 r-xp 00000000 03:09 72340 /lib/libnss_files-2.3.5.so 0011a000-0011b000 r-xp 00008000 03:09 72340 /lib/libnss_files-2.3.5.so 0011b000-0011c000 rwxp 00009000 03:09 72340 /lib/libnss_files-2.3.5.so 00212000-00281000 r-xp 00000000 03:02 1310362 /usr/lib/libkrb5.so.3.2 00281000-00284000 rwxp 0006e000 03:02 1310362 /usr/lib/libkrb5.so.3.2 00286000-002bb000 r-xp 00000000 03:09 73142 /lib/libssl.so.0.9.7f 002bb000-002be000 rwxp 00035000 03:09 73142 /lib/libssl.so.0.9.7f 002c0000-00319000 r-xp 00000000 03:02 1311798 /usr/lib/librpm-4.4.so 00319000-0031d000 rwxp 00058000 03:02 1311798 /usr/lib/librpm-4.4.so 0031d000-0034f000 rwxp 0031d000 00:00 0 00447000-0044f000 r-xp 00000000 03:09 72478 /lib/librt-2.3.5.so 0044f000-00450000 r-xp 00007000 03:09 72478 /lib/librt-2.3.5.so 00450000-00451000 rwxp 00008000 03:09 72478 /lib/librt-2.3.5.so 00451000-0045b000 rwxp 00451000 00:00 0 0048c000-00493000 r-xp 00000000 03:02 1310212 /usr/lib/libpopt.so.0.0.0 00493000-00494000 rwxp 00006000 03:02 1310212 /usr/lib/libpopt.so.0.0.0 0049b000-004be000 r-xp 00000000 03:02 1310207 /usr/lib/libk5crypto.so.3.0 004be000-004bf000 rwxp 00023000 03:02 1310207 /usr/lib/libk5crypto.so.3.0 004c1000-004c3000 r-xp 00000000 03:02 1310206 /usr/lib/libkrb5support.so.0.0 004c3000-004c4000 rwxp 00001000 03:02 1310206 /usr/lib/libkrb5support.so.0.0 0058f000-00687000 r-xp 00000000 03:09 73141 /lib/libcrypto.so.0.9.7f 00687000-00699000 rwxp 000f8000 03:09 73141 /lib/libcrypto.so.0.9.7f 00699000-0069c000 rwxp 00699000 00:00 0 0071e000-00738000 r-xp 00000000 03:09 72290 /lib/ld-2.3.5.so 00738000-00739000 r-xp 00019000 03:09 72290 /lib/ld-2.3.5.so 00739000-0073a000 rwxp 0001a000 03:09 72290 /lib/ld-2.3.5.so 0073c000-0085f000 r-xp 00000000 03:09 72306 /lib/libc-2.3.5.so 0085f000-00861000 r-xp 00123000 03:09 72306 /lib/libc-2.3.5.so 00861000-00863000 rwxp 00125000 03:09 72306 /lib/libc-2.3.5.so 00863000-00865000 rwxp 00863000 00:00 0 00867000-0088a000 r-xp 00000000 03:09 72315 /lib/libm-2.3.5.so 0088a000-0088b000 r-xp 00022000 03:09 72315 /lib/libm-2.3.5.so 0088b000-0088c000 rwxp 00023000 03:09 72315 /lib/libm-2.3.5.so 0088e000-00890000 r-xp 00000000 03:09 72321 /lib/libdl-2.3.5.so 00890000-00891000 r-xp 00001000 03:09 72321 /lib/libdl-2.3.5.so 00891000-00892000 rwxp 00002000 03:09 72321 /lib/libdl-2.3.5.so 00894000-008ad000 r-xp 00000000 03:02 1311633 /usr/lib/libneon.so.24.0.7 008ad000-008ae000 rwxp 00019000 03:02 1311633 /usr/lib/libneon.so.24.0.7 008fc000-0094f000 r-xp 00000000 03:02 1311594 /usr/lib/libsqlite3.so.0.8.6 0094f000-00951000 rwxp 00052000 03:02 1311594 /usr/lib/libsqlite3.so.0.8.6 0097b000-0098d000 r-xp 00000000 03:02 1305668 /usr/lib/libz.so.1.2.2.2 0098d000-0098e000 rwxp 00011000 03:02 1305668 /usr/lib/libz.so.1.2.2.2 00990000-0099e000 r-xp 00000000 03:09 72323 /lib/libpthread-2.3.5.so 0099e000-0099f000 r-xp 0000d000 03:09 72323 /lib/libpthread-2.3.5.so 0099f000-009a0000 rwxp 0000e000 03:09 72323 /lib/libpthread-2.3.5.so 009a0000-009a2000 rwxp 009a0000 00:00 0 009cb000-009e8000 r-xp 00000000 03:02 1309909 /usr/lib/libexpat.so.0.5.0 009e8000-009ea000 rwxp 0001c000 03:02 1309909 /usr/lib/libexpat.so.0.5.0 009ec000-009fe000 r-xp 00000000 03:02 1309501 /usr/lib/libelf-0.108.so 009fe000-009ff000 rwxp 00012000 03:02 1309501 /usr/lib/libelf-0.108.so 00a01000-00a72000 r-xp 00000000 03:02 1310365 /usr/lib/librpmio-4.4.so 00a72000-00a75000 rwxp 00070000 03:02 1310365 /usr/lib/librpmio-4.4.so 00a75000-00a98000 rwxp 00a75000 00:00 0 00aaf000-00ab8000 r-xp 00000000 03:09 72402 /lib/libgcc_s-4.0.2-20051126.so.1 00ab8000-00ab9000 rwxp 00009000 03:09 72402 /lib/libgcc_s-4.0.2-20051126.so.1 00abb000-00b90000 r-xp 00000000 03:02 1309735 /usr/lib/libstdc++.so.6.0.7 00b90000-00b95000 rwxp 000d5000 03:02 1309735 /usr/lib/libstdc++.so.6.0.7 00b95000-00b9a000 rwxp 00b95000 00:00 0 00b9c000-00bac000 r-xp 00000000 03:09 72320 /lib/libselinux.so.1 00bac000-00bad000 rwxp 00010000 03:09 72320 /lib/libselinux.so.1 00bb1000-00bc0000 r-xp 00000000 03:09 72351 /lib/libresolv-2.3.5.so 00bc0000-00bc1000 r-xp 0000e000 03:09 72351 /lib/libresolv-2.3.5.so 00bc1000-00bc2000 rwxp 0000f000 03:09 72351 /lib/libresolv-2.3.5.so 00bc2000-00bc4000 rwxp 00bc2000 00:00 0 00bc6000-00cce000 r-xp 00000000 03:02 1312330 /usr/lib/librpmdb-4.4.so 00cce000-00cd3000 rwxp 00107000 03:02 1312330 /usr/lib/librpmdb-4.4.so 00cd7000-00cd9000 r-xp 00000000 03:09 72428 /lib/libcom_err.so.2.1 00cd9000-00cda000 rwxp 00001000 03:09 72428 /lib/libcom_err.so.2.1 00cf9000-00d40000 r-xp 00000000 03:02 1313012 /usr/lib/libbeecrypt.so.6.4.0 00d40000-00d43000 rwxp 00046000 03:02 1313012 /usr/lib/libbeecrypt.so.6.4.0 00d45000-00d68000 r-xp 00000000 03:02 1312728 /usr/lib/librpmbuild-4.4.so 00d68000-00d6a000 rwxp 00023000 03:02 1312728 /usr/lib/librpmbuild-4.4.so 00d6a000-00d76000 rwxp 00d6a000 00:00 0 00dca000-00de1000 r-xp 00000000 03:02 1312315 /usr/lib/libgssapi_krb5.so.2.2 00de1000-00de2000 rwxp 00017000 03:02 1312315 /usr/lib/libgssapi_krb5.so.2.2 00ee3000-00ee4000 r-xp 00ee3000 00:00 0 [vdso] 079b6000-079c7000 r-xp 00000000 03:02 1307635 /usr/lib/libbz2.so.1.0.2 079c7000-079c8000 rwxp 00010000 03:02 1307635 /usr/lib/libbz2.so.1.0.2 08048000-0804b000 r-xp 00000000 03:02 1312166 /usr/lib/rpm/rpmq 0804b000-0804d000 rw-p 00002000 03:02 1312166 /usr/lib/rpm/rpmq 091b1000-0a1b9000 rw-p 091b1000 00:00 0 [heap] b7600000-b7621000 rw-p b7600000 00:00 0 b7621000-b7700000 ---p b7621000 00:00 0 b7791000-b7876000 rw-p b79e3000 00:00 0 b7876000-b795b000 rw-p b795b000 00:00 0 b799c000-b7a60000 rw-p b7a7c000 00:00 0 b7aa7000-b7b8d000 rw-p b7aa7000 00:00 0 b7b8d000-b7bfb000 rw-s 00000000 03:03 212387 /var/lib/rpm/__db.003 b7bfb000-b7d3d000 rw-s 00000000 03:03 212384 /var/lib/rpm/__db.002 b7d3d000-b7d43000 r--s 00000000 03:02 1305869 /usr/lib/gconv/gconv-modules.cache b7d45000-b7d46000 r--p 0031d000 03:02 1314740 /usr/lib/locale/locale-archive b7d46000-b7d7a000 r--p 0021c000 03:02 1314740 /usr/lib/locale/locale-archive b7d7a000-b7f7a000 r--p 00000000 03:02 1314740 /usr/lib/locale/locale-archive b7f7a000-b7f81000 rw-p b7f7a000 00:00 0 b7f96000-b7f9c000 rw-s 00000000 03:03 212358 /var/lib/rpm/__db.001 b7f9c000-b7f9d000 rw-p b7f9c000 00:00 0 bfe4e000-bfe9d000 rw-p bfe4e000 00:00 0 [stack] # uname -r 2.6.15-1.1833_FC4 # cd /var/lib/rpm # /usr/lib/rpm/rpmdb_stat -CA Default locking region information: 715 Last allocated locker ID 0x7fffffff Current maximum unused locker ID 5 Number of lock modes 1000 Maximum number of locks possible 1000 Maximum number of lockers possible 1000 Maximum number of lock objects possible 18 Number of current locks 20 Maximum number of locks at any one time 18 Number of current lockers 19 Maximum number of lockers at any one time 6 Number of current lock objects 15 Maximum number of lock objects at any one time 172409 Total number of locks requested 146584 Total number of locks released 0 Total number of lock requests failing because DB_LOCK_NOWAIT was set 0 Total number of locks not immediately available due to conflicts 0 Number of deadlocks 0 Lock timeout value 0 Number of locks that have timed out 0 Transaction timeout value 0 Number of transactions that have timed out 440KB The size of the lock region 0 The number of region locks that required waiting (0%) =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Lock REGINFO information: Lock Region type 3 Region ID __db.003 Region name 0xb7dab000 Original region address 0xb7dab000 Region address 0xb7e18f40 Region primary address 0 Region maximum allocation 0 Region allocated REGION_JOIN_OK Region flags =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Lock region parameters: 1031 locker table size 1031 object table size 442080 obj_off 0 osynch_off 433824 locker_off 0 lsynch_off 0 need_dd =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Lock conflict matrix: 0 0 0 0 0 0 0 1 0 0 0 1 1 1 1 0 0 0 0 0 0 0 1 0 1 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Locks grouped by lockers: Locker Mode Count Status ----------------- Object --------------- 1c dd= 0 locks held 1 write locks 0 1c READ 1 HELD (33d83 303 cd49d4b1 61cbf 0) handle 0 1d dd= 0 locks held 1 write locks 0 1d READ 1 HELD 0x35400 len: 20 data: 0x83=0x03000x030x0300000xb10xd4I0xcd0xbf0x1c0x060000000000 1e dd= 0 locks held 1 write locks 0 1e READ 1 HELD (33d96 303 972b8f32 1d001f 0) handle 0 20 dd= 0 locks held 1 write locks 0 20 READ 1 HELD (33d85 303 a578318c 929ff 0) handle 0 21 dd= 0 locks held 1 write locks 0 21 READ 1 HELD (33d84 303 e346a51b 7a35f 0) handle 0 23 dd= 0 locks held 1 write locks 0 23 READ 1 HELD (33d87 303 954a6426 ab09f 0) handle 0 117 dd= 0 locks held 1 write locks 0 117 READ 1 HELD (33d83 303 cd49d4b1 61cbf 0) handle 0 118 dd= 0 locks held 1 write locks 0 118 READ 1 HELD 0x35400 len: 20 data: 0x83=0x03000x030x0300000xb10xd4I0xcd0xbf0x1c0x060000000000 119 dd= 0 locks held 1 write locks 0 119 READ 1 HELD (33d96 303 972b8f32 1d001f 0) handle 0 11b dd= 0 locks held 1 write locks 0 11b READ 1 HELD (33d85 303 a578318c 929ff 0) handle 0 11c dd= 0 locks held 1 write locks 0 11c READ 1 HELD (33d84 303 e346a51b 7a35f 0) handle 0 11e dd= 0 locks held 1 write locks 0 11e READ 1 HELD (33d87 303 954a6426 ab09f 0) handle 0 1d9 dd= 0 locks held 1 write locks 0 1d9 READ 1 HELD (33d83 303 cd49d4b1 61cbf 0) handle 0 1da dd= 0 locks held 1 write locks 0 1da READ 1 HELD 0x35400 len: 20 data: 0x83=0x03000x030x0300000xb10xd4I0xcd0xbf0x1c0x060000000000 1db dd= 0 locks held 1 write locks 0 1db READ 1 HELD (33d96 303 972b8f32 1d001f 0) handle 0 1dd dd= 0 locks held 1 write locks 0 1dd READ 1 HELD (33d85 303 a578318c 929ff 0) handle 0 1de dd= 0 locks held 1 write locks 0 1de READ 1 HELD (33d84 303 e346a51b 7a35f 0) handle 0 1e0 dd= 0 locks held 1 write locks 0 1e0 READ 1 HELD (33d87 303 954a6426 ab09f 0) handle 0 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Locks grouped by object: Locker Mode Count Status ----------------- Object --------------- 1d READ 1 HELD 0x35400 len: 20 data: 0x83=0x03000x030x0300000xb10xd4I0xcd0xbf0x1c0x060000000000 118 READ 1 HELD 0x35400 len: 20 data: 0x83=0x03000x030x0300000xb10xd4I0xcd0xbf0x1c0x060000000000 1da READ 1 HELD 0x35400 len: 20 data: 0x83=0x03000x030x0300000xb10xd4I0xcd0xbf0x1c0x060000000000 1c READ 1 HELD (33d83 303 cd49d4b1 61cbf 0) handle 0 117 READ 1 HELD (33d83 303 cd49d4b1 61cbf 0) handle 0 1d9 READ 1 HELD (33d83 303 cd49d4b1 61cbf 0) handle 0 21 READ 1 HELD (33d84 303 e346a51b 7a35f 0) handle 0 11c READ 1 HELD (33d84 303 e346a51b 7a35f 0) handle 0 1de READ 1 HELD (33d84 303 e346a51b 7a35f 0) handle 0 20 READ 1 HELD (33d85 303 a578318c 929ff 0) handle 0 11b READ 1 HELD (33d85 303 a578318c 929ff 0) handle 0 1dd READ 1 HELD (33d85 303 a578318c 929ff 0) handle 0 23 READ 1 HELD (33d87 303 954a6426 ab09f 0) handle 0 11e READ 1 HELD (33d87 303 954a6426 ab09f 0) handle 0 1e0 READ 1 HELD (33d87 303 954a6426 ab09f 0) handle 0 1e READ 1 HELD (33d96 303 972b8f32 1d001f 0) handle 0 119 READ 1 HELD (33d96 303 972b8f32 1d001f 0) handle 0 1db READ 1 HELD (33d96 303 972b8f32 1d001f 0) handle 0 Additional info: I have verified this on multiple machines and they all produce the same behaviour.
*Hangs head* I should also not that I'm using rpm v4.4.1 here. $ rpm -q rpm rpm-4.4.1-22
This looks like the double free of file contexts. Try rpm-4.4.2.