185320 – rpm -Va fails on 2.6.155-1.183*

Bug 185320 - rpm -Va fails on 2.6.155-1.183*

Summary: rpm -Va fails on 2.6.155-1.183*

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	rpm
Sub Component:
Version:	4
Hardware:	i386
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Paul Nasrat
QA Contact:	Mike McLean
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2006-03-13 18:17 UTC by Ben Walton
Modified:	2007-11-30 22:11 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2006-03-14 12:07:53 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Ben Walton 2006-03-13 18:17:54 UTC

Description of problem:
After upgrading (from 2.6.13) to the 2.6.15 series of kernels, rpm -Va now
aborts (glibc complains of invalid pointer being freed) leaving behind HELD
locks in /var/lib/rpm/__db*.  After this, any further rpm action that requires
write access to the db's fails.

Version-Release number of selected component (if applicable):


How reproducible:  ALWAYS


Steps to Reproduce:
1.  Upgrade kernel from 2.6.13* to latest 2.6.15 (1833, now I believe)
2.  Run rpm -Va
3.  View locks: (cd /var/lib/rpm && /usr/lib/rpm/rpmdb_stat -CA)
4.  Try upgrading, installing or removing a package.  (Should hang RPM)


Actual results:
# rpm -Va
<snip>
........C   /usr/lib/qt-3.3/plugins/designer/libgladeplugin.so
........C   /usr/lib/qt-3.3/plugins/designer/libkdevdlgplugin.so
........C   /usr/lib/qt-3.3/plugins/designer/librcplugin.so
........C   /usr/lib/qt-3.3/plugins/designer/libwizards.so
........C   /usr/lib/libesd.so.0.2.36
........C   /usr/lib/libesddsp.so.0.2.36
........C   /usr/lib/libgucharmap.so.4.0.3
..?......   /usr/src/kernels/2.6.13-1.1532_FC4-i686/include/config/MARKER
..?...... c /var/lib/nfs/etab
..?...... c /var/lib/nfs/rmtab
*** glibc detected *** /usr/lib/rpm/rpmv: free(): invalid pointer: 0x0a0340d0 ***
======= Backtrace: =========
/lib/libc.so.6[0x79f124]
/lib/libc.so.6(__libc_free+0x77)[0x79f65f]
/lib/libselinux.so.1(freecon+0x1d)[0xba38dd]
/usr/lib/librpm-4.4.so(rpmVerifyFile+0x5ed)[0x30b580]
/usr/lib/librpm-4.4.so(showVerifyPackage+0x25c)[0x30ba53]
/usr/lib/librpm-4.4.so[0x2e512e]
/usr/lib/librpm-4.4.so(rpmQueryVerify+0xfb)[0x2e5d9c]
/usr/lib/librpm-4.4.so(rpmcliArgIter+0x2b9)[0x2e6b3e]
/usr/lib/librpm-4.4.so(rpmcliVerify+0x8f)[0x30aeef]
/usr/lib/rpm/rpmv[0x8049ba2]
/lib/libc.so.6(__libc_start_main+0xdf)[0x750d5f]
/usr/lib/rpm/rpmv[0x8049301]
======= Memory map: ========
00111000-0011a000 r-xp 00000000 03:09 72340      /lib/libnss_files-2.3.5.so
0011a000-0011b000 r-xp 00008000 03:09 72340      /lib/libnss_files-2.3.5.so
0011b000-0011c000 rwxp 00009000 03:09 72340      /lib/libnss_files-2.3.5.so
00212000-00281000 r-xp 00000000 03:02 1310362    /usr/lib/libkrb5.so.3.2
00281000-00284000 rwxp 0006e000 03:02 1310362    /usr/lib/libkrb5.so.3.2
00286000-002bb000 r-xp 00000000 03:09 73142      /lib/libssl.so.0.9.7f
002bb000-002be000 rwxp 00035000 03:09 73142      /lib/libssl.so.0.9.7f
002c0000-00319000 r-xp 00000000 03:02 1311798    /usr/lib/librpm-4.4.so
00319000-0031d000 rwxp 00058000 03:02 1311798    /usr/lib/librpm-4.4.so
0031d000-0034f000 rwxp 0031d000 00:00 0
00447000-0044f000 r-xp 00000000 03:09 72478      /lib/librt-2.3.5.so
0044f000-00450000 r-xp 00007000 03:09 72478      /lib/librt-2.3.5.so
00450000-00451000 rwxp 00008000 03:09 72478      /lib/librt-2.3.5.so
00451000-0045b000 rwxp 00451000 00:00 0
0048c000-00493000 r-xp 00000000 03:02 1310212    /usr/lib/libpopt.so.0.0.0
00493000-00494000 rwxp 00006000 03:02 1310212    /usr/lib/libpopt.so.0.0.0
0049b000-004be000 r-xp 00000000 03:02 1310207    /usr/lib/libk5crypto.so.3.0
004be000-004bf000 rwxp 00023000 03:02 1310207    /usr/lib/libk5crypto.so.3.0
004c1000-004c3000 r-xp 00000000 03:02 1310206    /usr/lib/libkrb5support.so.0.0
004c3000-004c4000 rwxp 00001000 03:02 1310206    /usr/lib/libkrb5support.so.0.0
0058f000-00687000 r-xp 00000000 03:09 73141      /lib/libcrypto.so.0.9.7f
00687000-00699000 rwxp 000f8000 03:09 73141      /lib/libcrypto.so.0.9.7f
00699000-0069c000 rwxp 00699000 00:00 0
0071e000-00738000 r-xp 00000000 03:09 72290      /lib/ld-2.3.5.so
00738000-00739000 r-xp 00019000 03:09 72290      /lib/ld-2.3.5.so
00739000-0073a000 rwxp 0001a000 03:09 72290      /lib/ld-2.3.5.so
0073c000-0085f000 r-xp 00000000 03:09 72306      /lib/libc-2.3.5.so
0085f000-00861000 r-xp 00123000 03:09 72306      /lib/libc-2.3.5.so
00861000-00863000 rwxp 00125000 03:09 72306      /lib/libc-2.3.5.so
00863000-00865000 rwxp 00863000 00:00 0
00867000-0088a000 r-xp 00000000 03:09 72315      /lib/libm-2.3.5.so
0088a000-0088b000 r-xp 00022000 03:09 72315      /lib/libm-2.3.5.so
0088b000-0088c000 rwxp 00023000 03:09 72315      /lib/libm-2.3.5.so
0088e000-00890000 r-xp 00000000 03:09 72321      /lib/libdl-2.3.5.so
00890000-00891000 r-xp 00001000 03:09 72321      /lib/libdl-2.3.5.so
00891000-00892000 rwxp 00002000 03:09 72321      /lib/libdl-2.3.5.so
00894000-008ad000 r-xp 00000000 03:02 1311633    /usr/lib/libneon.so.24.0.7
008ad000-008ae000 rwxp 00019000 03:02 1311633    /usr/lib/libneon.so.24.0.7
008fc000-0094f000 r-xp 00000000 03:02 1311594    /usr/lib/libsqlite3.so.0.8.6
0094f000-00951000 rwxp 00052000 03:02 1311594    /usr/lib/libsqlite3.so.0.8.6
0097b000-0098d000 r-xp 00000000 03:02 1305668    /usr/lib/libz.so.1.2.2.2
0098d000-0098e000 rwxp 00011000 03:02 1305668    /usr/lib/libz.so.1.2.2.2
00990000-0099e000 r-xp 00000000 03:09 72323      /lib/libpthread-2.3.5.so
0099e000-0099f000 r-xp 0000d000 03:09 72323      /lib/libpthread-2.3.5.so
0099f000-009a0000 rwxp 0000e000 03:09 72323      /lib/libpthread-2.3.5.so
009a0000-009a2000 rwxp 009a0000 00:00 0
009cb000-009e8000 r-xp 00000000 03:02 1309909    /usr/lib/libexpat.so.0.5.0
009e8000-009ea000 rwxp 0001c000 03:02 1309909    /usr/lib/libexpat.so.0.5.0
009ec000-009fe000 r-xp 00000000 03:02 1309501    /usr/lib/libelf-0.108.so
009fe000-009ff000 rwxp 00012000 03:02 1309501    /usr/lib/libelf-0.108.so
00a01000-00a72000 r-xp 00000000 03:02 1310365    /usr/lib/librpmio-4.4.so
00a72000-00a75000 rwxp 00070000 03:02 1310365    /usr/lib/librpmio-4.4.so
00a75000-00a98000 rwxp 00a75000 00:00 0
00aaf000-00ab8000 r-xp 00000000 03:09 72402      /lib/libgcc_s-4.0.2-20051126.so.1
00ab8000-00ab9000 rwxp 00009000 03:09 72402      /lib/libgcc_s-4.0.2-20051126.so.1
00abb000-00b90000 r-xp 00000000 03:02 1309735    /usr/lib/libstdc++.so.6.0.7
00b90000-00b95000 rwxp 000d5000 03:02 1309735    /usr/lib/libstdc++.so.6.0.7
00b95000-00b9a000 rwxp 00b95000 00:00 0
00b9c000-00bac000 r-xp 00000000 03:09 72320      /lib/libselinux.so.1
00bac000-00bad000 rwxp 00010000 03:09 72320      /lib/libselinux.so.1
00bb1000-00bc0000 r-xp 00000000 03:09 72351      /lib/libresolv-2.3.5.so
00bc0000-00bc1000 r-xp 0000e000 03:09 72351      /lib/libresolv-2.3.5.so
00bc1000-00bc2000 rwxp 0000f000 03:09 72351      /lib/libresolv-2.3.5.so
00bc2000-00bc4000 rwxp 00bc2000 00:00 0
00bc6000-00cce000 r-xp 00000000 03:02 1312330    /usr/lib/librpmdb-4.4.so
00cce000-00cd3000 rwxp 00107000 03:02 1312330    /usr/lib/librpmdb-4.4.so
00cd7000-00cd9000 r-xp 00000000 03:09 72428      /lib/libcom_err.so.2.1
00cd9000-00cda000 rwxp 00001000 03:09 72428      /lib/libcom_err.so.2.1
00cf9000-00d40000 r-xp 00000000 03:02 1313012    /usr/lib/libbeecrypt.so.6.4.0
00d40000-00d43000 rwxp 00046000 03:02 1313012    /usr/lib/libbeecrypt.so.6.4.0
00d45000-00d68000 r-xp 00000000 03:02 1312728    /usr/lib/librpmbuild-4.4.so
00d68000-00d6a000 rwxp 00023000 03:02 1312728    /usr/lib/librpmbuild-4.4.so
00d6a000-00d76000 rwxp 00d6a000 00:00 0
00dca000-00de1000 r-xp 00000000 03:02 1312315    /usr/lib/libgssapi_krb5.so.2.2
00de1000-00de2000 rwxp 00017000 03:02 1312315    /usr/lib/libgssapi_krb5.so.2.2
00ee3000-00ee4000 r-xp 00ee3000 00:00 0          [vdso]
079b6000-079c7000 r-xp 00000000 03:02 1307635    /usr/lib/libbz2.so.1.0.2
079c7000-079c8000 rwxp 00010000 03:02 1307635    /usr/lib/libbz2.so.1.0.2
08048000-0804b000 r-xp 00000000 03:02 1312166    /usr/lib/rpm/rpmq
0804b000-0804d000 rw-p 00002000 03:02 1312166    /usr/lib/rpm/rpmq
091b1000-0a1b9000 rw-p 091b1000 00:00 0          [heap]
b7600000-b7621000 rw-p b7600000 00:00 0
b7621000-b7700000 ---p b7621000 00:00 0
b7791000-b7876000 rw-p b79e3000 00:00 0
b7876000-b795b000 rw-p b795b000 00:00 0
b799c000-b7a60000 rw-p b7a7c000 00:00 0
b7aa7000-b7b8d000 rw-p b7aa7000 00:00 0
b7b8d000-b7bfb000 rw-s 00000000 03:03 212387     /var/lib/rpm/__db.003
b7bfb000-b7d3d000 rw-s 00000000 03:03 212384     /var/lib/rpm/__db.002
b7d3d000-b7d43000 r--s 00000000 03:02 1305869    /usr/lib/gconv/gconv-modules.cache
b7d45000-b7d46000 r--p 0031d000 03:02 1314740    /usr/lib/locale/locale-archive
b7d46000-b7d7a000 r--p 0021c000 03:02 1314740    /usr/lib/locale/locale-archive
b7d7a000-b7f7a000 r--p 00000000 03:02 1314740    /usr/lib/locale/locale-archive
b7f7a000-b7f81000 rw-p b7f7a000 00:00 0
b7f96000-b7f9c000 rw-s 00000000 03:03 212358     /var/lib/rpm/__db.001
b7f9c000-b7f9d000 rw-p b7f9c000 00:00 0
bfe4e000-bfe9d000 rw-p bfe4e000 00:00 0          [stack]

# uname -r
2.6.15-1.1833_FC4

# cd /var/lib/rpm
# /usr/lib/rpm/rpmdb_stat -CA
Default locking region information:
715     Last allocated locker ID
0x7fffffff      Current maximum unused locker ID
5       Number of lock modes
1000    Maximum number of locks possible
1000    Maximum number of lockers possible
1000    Maximum number of lock objects possible
18      Number of current locks
20      Maximum number of locks at any one time
18      Number of current lockers
19      Maximum number of lockers at any one time
6       Number of current lock objects
15      Maximum number of lock objects at any one time
172409  Total number of locks requested
146584  Total number of locks released
0       Total number of lock requests failing because DB_LOCK_NOWAIT was set
0       Total number of locks not immediately available due to conflicts
0       Number of deadlocks
0       Lock timeout value
0       Number of locks that have timed out
0       Transaction timeout value
0       Number of transactions that have timed out
440KB   The size of the lock region
0       The number of region locks that required waiting (0%)
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Lock REGINFO information:
Lock    Region type
3       Region ID
__db.003        Region name
0xb7dab000      Original region address
0xb7dab000      Region address
0xb7e18f40      Region primary address
0       Region maximum allocation
0       Region allocated
REGION_JOIN_OK  Region flags
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Lock region parameters:
1031    locker table size
1031    object table size
442080  obj_off
0       osynch_off
433824  locker_off
0       lsynch_off
0       need_dd
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Lock conflict matrix:
0       0       0       0       0
0       0       1       0       0
0       1       1       1       1
0       0       0       0       0
0       0       1       0       1
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Locks grouped by lockers:
Locker   Mode      Count Status  ----------------- Object ---------------
      1c dd= 0 locks held 1    write locks 0
      1c READ          1 HELD    (33d83 303 cd49d4b1 61cbf 0) handle        0
      1d dd= 0 locks held 1    write locks 0
      1d READ          1 HELD    0x35400 len:  20 data:
0x83=0x03000x030x0300000xb10xd4I0xcd0xbf0x1c0x060000000000
      1e dd= 0 locks held 1    write locks 0
      1e READ          1 HELD    (33d96 303 972b8f32 1d001f 0) handle        0
      20 dd= 0 locks held 1    write locks 0
      20 READ          1 HELD    (33d85 303 a578318c 929ff 0) handle        0
      21 dd= 0 locks held 1    write locks 0
      21 READ          1 HELD    (33d84 303 e346a51b 7a35f 0) handle        0
      23 dd= 0 locks held 1    write locks 0
      23 READ          1 HELD    (33d87 303 954a6426 ab09f 0) handle        0
     117 dd= 0 locks held 1    write locks 0
     117 READ          1 HELD    (33d83 303 cd49d4b1 61cbf 0) handle        0
     118 dd= 0 locks held 1    write locks 0
     118 READ          1 HELD    0x35400 len:  20 data:
0x83=0x03000x030x0300000xb10xd4I0xcd0xbf0x1c0x060000000000
     119 dd= 0 locks held 1    write locks 0
     119 READ          1 HELD    (33d96 303 972b8f32 1d001f 0) handle        0
     11b dd= 0 locks held 1    write locks 0
     11b READ          1 HELD    (33d85 303 a578318c 929ff 0) handle        0
     11c dd= 0 locks held 1    write locks 0
     11c READ          1 HELD    (33d84 303 e346a51b 7a35f 0) handle        0
     11e dd= 0 locks held 1    write locks 0
     11e READ          1 HELD    (33d87 303 954a6426 ab09f 0) handle        0
     1d9 dd= 0 locks held 1    write locks 0
     1d9 READ          1 HELD    (33d83 303 cd49d4b1 61cbf 0) handle        0
     1da dd= 0 locks held 1    write locks 0
     1da READ          1 HELD    0x35400 len:  20 data:
0x83=0x03000x030x0300000xb10xd4I0xcd0xbf0x1c0x060000000000
     1db dd= 0 locks held 1    write locks 0
     1db READ          1 HELD    (33d96 303 972b8f32 1d001f 0) handle        0
     1dd dd= 0 locks held 1    write locks 0
     1dd READ          1 HELD    (33d85 303 a578318c 929ff 0) handle        0
     1de dd= 0 locks held 1    write locks 0
     1de READ          1 HELD    (33d84 303 e346a51b 7a35f 0) handle        0
     1e0 dd= 0 locks held 1    write locks 0
     1e0 READ          1 HELD    (33d87 303 954a6426 ab09f 0) handle        0
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Locks grouped by object:
Locker   Mode      Count Status  ----------------- Object ---------------
      1d READ          1 HELD    0x35400 len:  20 data:
0x83=0x03000x030x0300000xb10xd4I0xcd0xbf0x1c0x060000000000
     118 READ          1 HELD    0x35400 len:  20 data:
0x83=0x03000x030x0300000xb10xd4I0xcd0xbf0x1c0x060000000000
     1da READ          1 HELD    0x35400 len:  20 data:
0x83=0x03000x030x0300000xb10xd4I0xcd0xbf0x1c0x060000000000

      1c READ          1 HELD    (33d83 303 cd49d4b1 61cbf 0) handle        0
     117 READ          1 HELD    (33d83 303 cd49d4b1 61cbf 0) handle        0
     1d9 READ          1 HELD    (33d83 303 cd49d4b1 61cbf 0) handle        0

      21 READ          1 HELD    (33d84 303 e346a51b 7a35f 0) handle        0
     11c READ          1 HELD    (33d84 303 e346a51b 7a35f 0) handle        0
     1de READ          1 HELD    (33d84 303 e346a51b 7a35f 0) handle        0

      20 READ          1 HELD    (33d85 303 a578318c 929ff 0) handle        0
     11b READ          1 HELD    (33d85 303 a578318c 929ff 0) handle        0
     1dd READ          1 HELD    (33d85 303 a578318c 929ff 0) handle        0

      23 READ          1 HELD    (33d87 303 954a6426 ab09f 0) handle        0
     11e READ          1 HELD    (33d87 303 954a6426 ab09f 0) handle        0
     1e0 READ          1 HELD    (33d87 303 954a6426 ab09f 0) handle        0

      1e READ          1 HELD    (33d96 303 972b8f32 1d001f 0) handle        0
     119 READ          1 HELD    (33d96 303 972b8f32 1d001f 0) handle        0
     1db READ          1 HELD    (33d96 303 972b8f32 1d001f 0) handle        0




Additional info:
I have verified this on multiple machines and they all produce the same behaviour.

Comment 1 Ben Walton 2006-03-13 18:24:25 UTC

*Hangs head*  I should also not that I'm using rpm v4.4.1 here.

$ rpm -q rpm
rpm-4.4.1-22

Comment 2 Jeff Johnson 2006-03-14 12:07:53 UTC

This looks like the double free of file contexts. Try rpm-4.4.2.

Note You need to log in before you can comment on or make changes to this bug.