Bug 556584 - crash when running createrepo due to glibc's malloc checking
crash when running createrepo due to glibc's malloc checking
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: glibc (Show other bugs)
rawhide
All Linux
low Severity medium
: ---
: ---
Assigned To: Andreas Schwab
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2010-01-18 14:08 EST by Bill Nottingham
Modified: 2014-03-16 23:21 EDT (History)
12 users (show)

See Also:
Fixed In Version: glibc-2.11.90-15
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-03-14 09:44:48 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Backtrace provided by notting (5.21 KB, text/plain)
2010-01-18 15:27 EST, Dave Malcolm
no flags Details
A patch to use unsigned conditional jump (16.78 KB, patch)
2010-02-12 10:29 EST, H.J. Lu
no flags Details | Diff
A patch to fix memcpy (717 bytes, patch)
2010-02-22 12:23 EST, H.J. Lu
no flags Details | Diff

  None (edit)
Description Bill Nottingham 2010-01-18 14:08:37 EST
Description of problem:

Seen when attempting to build rawhide:

*** glibc detected *** /usr/bin/python: free(): corrupted unsorted chunks: 0x12246038 ***
======= Backtrace: =========
/lib/libc.so.6(+0x704e1)[0xc894e1]
/usr/lib/libpython2.6.so.1.0(PyObject_Free+0x1c0)[0x8aa9e0]
/usr/lib/libpython2.6.so.1.0(+0x9149b)[0x8cf49b]
/usr/lib/libpython2.6.so.1.0(PyUnicodeUCS4_Concat+0x101)[0x8dbb11]
/usr/lib/libpython2.6.so.1.0(+0x74b1c)[0x8b2b1c]
/usr/lib/libpython2.6.so.1.0(PyNumber_InPlaceAdd+0xc0)[0x8678b0]
/usr/lib/libpython2.6.so.1.0(PyEval_EvalFrameEx+0x28c2)[0x901112]
/usr/lib/libpython2.6.so.1.0(PyEval_EvalFrameEx+0x5840)[0x904090]
/usr/lib/libpython2.6.so.1.0(PyEval_EvalCodeEx+0x7aa)[0x904c5a]
/usr/lib/libpython2.6.so.1.0(PyEval_EvalFrameEx+0x48c9)[0x903119]
/usr/lib/libpython2.6.so.1.0(PyEval_EvalFrameEx+0x5840)[0x904090]
/usr/lib/libpython2.6.so.1.0(PyEval_EvalFrameEx+0x5840)[0x904090]
/usr/lib/libpython2.6.so.1.0(PyEval_EvalFrameEx+0x5840)[0x904090]
/usr/lib/libpython2.6.so.1.0(PyEval_EvalCodeEx+0x7aa)[0x904c5a]
/usr/lib/libpython2.6.so.1.0(PyEval_EvalFrameEx+0x48c9)[0x903119]
/usr/lib/libpython2.6.so.1.0(PyEval_EvalCodeEx+0x7aa)[0x904c5a]
/usr/lib/libpython2.6.so.1.0(PyEval_EvalFrameEx+0x48c9)[0x903119]
/usr/lib/libpython2.6.so.1.0(PyEval_EvalCodeEx+0x7aa)[0x904c5a]
/usr/lib/libpython2.6.so.1.0(PyEval_EvalFrameEx+0x48c9)[0x903119]
/usr/lib/libpython2.6.so.1.0(PyEval_EvalFrameEx+0x5840)[0x904090]
/usr/lib/libpython2.6.so.1.0(PyEval_EvalCodeEx+0x7aa)[0x904c5a]
/usr/lib/libpython2.6.so.1.0(PyEval_EvalCode+0x64)[0x904dc4]
/usr/lib/libpython2.6.so.1.0(+0xe207c)[0x92007c]
/usr/lib/libpython2.6.so.1.0(PyRun_FileExFlags+0x93)[0x920143]
/usr/lib/libpython2.6.so.1.0(PyRun_SimpleFileExFlags+0xe1)[0x9216e1]
/usr/lib/libpython2.6.so.1.0(PyRun_AnyFileExFlags+0x82)[0x921f82]
/usr/lib/libpython2.6.so.1.0(Py_Main+0xb95)[0x92ea25]
/usr/bin/python(main+0x28)[0x80485c8]
/lib/libc.so.6(__libc_start_main+0xe6)[0xc2fc96]
/usr/bin/python[0x8048501]
======= Memory map: ========
00110000-00138000 r-xp 00000000 fd:00 2855795    /lib/libm-2.11.90.so
00138000-00139000 r--p 00027000 fd:00 2855795    /lib/libm-2.11.90.so
00139000-0013a000 rw-p 00028000 fd:00 2855795    /lib/libm-2.11.90.so
0013a000-0013c000 r-xp 00000000 fd:00 3049248    /usr/lib/python2.6/lib-dynload/_functoolsmodule.so
0013c000-0013d000 rw-p 00001000 fd:00 3049248    /usr/lib/python2.6/lib-dynload/_functoolsmodule.so
0013d000-00140000 r-xp 00000000 fd:00 3049253    /usr/lib/python2.6/lib-dynload/_localemodule.so
00140000-00141000 rw-p 00003000 fd:00 3049253    /usr/lib/python2.6/lib-dynload/_localemodule.so
00141000-0014c000 r-xp 00000000 fd:00 3049262    /usr/lib/python2.6/lib-dynload/_socketmodule.so
0014c000-0014f000 rw-p 0000b000 fd:00 3049262    /usr/lib/python2.6/lib-dynload/_socketmodule.so
0014f000-0017c000 r-xp 00000000 fd:00 2857044    /lib/libgssapi_krb5.so.2.2
0017c000-0017d000 rw-p 0002d000 fd:00 2857044    /lib/libgssapi_krb5.so.2.2
0017d000-0018e000 r-xp 00000000 fd:00 3050030    /usr/lib/python2.6/site-packages/rpm/_rpmmodule.so
0018e000-00190000 rw-p 00011000 fd:00 3050030    /usr/lib/python2.6/site-packages/rpm/_rpmmodule.so
00190000-00193000 r-xp 00000000 fd:00 2856244    /lib/libcap.so.2.17
00193000-00194000 rw-p 00002000 fd:00 2856244    /lib/libcap.so.2.17
00194000-0019b000 r-xp 00000000 fd:00 2856241    /lib/libacl.so.1.1.0
0019b000-0019c000 rw-p 00006000 fd:00 2856241    /lib/libacl.so.1.1.0
0019c000-001ac000 r-xp 00000000 fd:00 2856185    /lib/libbz2.so.1.0.4
001ac000-001ad000 rw-p 00010000 fd:00 2856185    /lib/libbz2.so.1.0.4
001ad000-001b5000 r-xp 00000000 fd:00 2856191    /lib/libpopt.so.0.0.0
001b5000-001b6000 rw-p 00007000 fd:00 2856191    /lib/libpopt.so.0.0.0
001b6000-001ba000 r-xp 00000000 fd:00 2856239    /lib/libattr.so.1.1.0
001ba000-001bb000 rw-p 00003000 fd:00 2856239    /lib/libattr.so.1.1.0
001bb000-001bc000 r-xp 00000000 fd:00 3049232    /usr/lib/python2.6/lib-dynload/_bisectmodule.so
001bc000-001bd000 rw-p 00001000 fd:00 3049232    /usr/lib/python2.6/lib-dynload/_bisectmodule.so
001bd000-001d5000 r-xp 00000000 fd:00 2855811    /lib/libpthread-2.11.90.so
001d5000-001d6000 r--p 00017000 fd:00 2855811    /lib/libpthread-2.11.90.so
001d6000-001d7000 rw-p 00018000 fd:00 2855811    /lib/libpthread-2.11.90.so
001d7000-001d9000 rw-p 001d7000 00:00 0 
001d9000-0028c000 r-xp 00000000 fd:00 2857050    /lib/libkrb5.so.3.3
0028c000-00292000 rw-p 000b3000 fd:00 2857050    /lib/libkrb5.so.3.3
00292000-0029a000 r-xp 00000000 fd:00 2855815    /lib/librt-2.11.90.so
0029a000-0029b000 r--p 00007000 fd:00 2855815    /lib/librt-2.11.90.so
0029b000-0029c000 rw-p 00008000 fd:00 2855815    /lib/librt-2.11.90.so
0029c000-0029d000 r-xp 00000000 fd:00 3049266    /usr/lib/python2.6/lib-dynload/_weakref.so
0029d000-0029e000 rw-p 00000000 fd:00 3049266    /usr/lib/python2.6/lib-dynload/_weakref.so
0029e000-002b3000 r-xp 00000000 fd:00 2855813    /lib/libresolv-2.11.90.so
002b3000-002b4000 r--p 00014000 fd:00 2855813    /lib/libresolv-2.11.90.so
002b4000-002b5000 rw-p 00015000 fd:00 2855813    /lib/libresolv-2.11.90.so
002b5000-002b7000 rw-p 002b5000 00:00 0 
002b7000-002bf000 r-xp 00000000 fd:00 2857052    /lib/libkrb5support.so.0.1
002bf000-002c0000 rw-p 00008000 fd:00 2857052    /lib/libkrb5support.so.0.1
002c0000-00323000 r-xp 00000000 fd:00 2860839    /usr/lib/librpm.so.1.0.0
00323000-00327000 rw-p 00062000 fd:00 2860839    /usr/lib/librpm.so.1.0.0
00327000-00328000 rw-p 00327000 00:00 0 
00328000-00350000 r-xp 00000000 fd:00 2860843    /usr/lib/librpmio.so.1.0.0
00350000-00352000 rw-p 00028000 fd:00 2860843    /usr/lib/librpmio.so.1.0.0
00352000-00354000 rw-p 00352000 00:00 0 
00354000-0036a000 r-xp 00000000 fd:00 2856186    /usr/lib/libelf-0.144.so
0036a000-0036b000 r--p 00015000 fd:00 2856186    /usr/lib/libelf-0.144.so
0036b000-0036c000 rw-p 00016000 fd:00 2856186    /usr/lib/libelf-0.144.so
0036c000-0038f000 r-xp 00000000 fd:00 2856222    /usr/lib/liblzma.so.0.0.0
0038f000-00390000 rw-p 00023000 fd:00 2856222    /usr/lib/liblzma.so.0.0.0
00390000-003bc000 r-xp 00000000 fd:00 2856274    /usr/lib/liblua-5.1.so
003bc000-003bd000 rw-p 0002c000 fd:00 2856274    /usr/lib/liblua-5.1.so
003bd000-003c0000 r-xp 00000000 fd:00 2856166    /lib/libplds4.so
003c0000-003c1000 rw-p 00002000 fd:00 2856166    /lib/libplds4.so
003c1000-003c3000 r-xp 00000000 fd:00 3049258    /usr/lib/python2.6/lib-dynload/_randommodule.so
003c3000-003c4000 rw-p 00002000 fd:00 3049258    /usr/lib/python2.6/lib-dynload/_randommodule.so
003c6000-003ca000 r-xp 00000000 fd:00 3049296    /usr/lib/python2.6/lib-dynload/stropmodule.so
003ca000-003cc000 rw-p 00004000 fd:00 3049296    /usr/lib/python2.6/lib-dynload/stropmodule.so
003cc000-003e9000 r-xp 00000000 fd:00 2855754    /lib/libgcc_s-4.4.2-20091222.so.1
003e9000-003ea000 rw-p 0001c000 fd:00 2855754    /lib/libgcc_s-4.4.2-20091222.so.1
003ea000-00401000 r-xp 00000000 fd:00 2856184    /usr/lib/libnssutil3.so
00401000-00404000 rw-p 00017000 fd:00 2856184    /usr/lib/libnssutil3.so
00404000-00409000 r-xp 00000000 fd:00 3049285    /usr/lib/python2.6/lib-dynload/mathmodule.so
00409000-0040b000 rw-p 00004000 fd:00 3049285    /usr/lib/python2.6/lib-dynload/mathmodule.so
0040b000-0040d000 r-xp 00000000 fd:00 3050264    /usr/lib/python2.6/site-packages/OpenSSL/rand.so
0040d000-0040e000 rw-p 00001000 fd:00 3050264    /usr/lib/python2.6/site-packages/OpenSSL/rand.so
0040e000-00420000 r-xp 00000000 fd:00 2856099    /lib/libz.so.1.2.3
00420000-00421000 rw-p 00011000 fd:00 2856099    /lib/libz.so.1.2.3
00421000-00425000 r-xp 00000000 fd:00 3049294    /usr/lib/python2.6/lib-dynload/selectmodule.so
00425000-00427000 rw-p 00003000 fd:00 3049294    /usr/lib/python2.6/lib-dynload/selectmodule.so
00427000-0042b000 r-xp 00000000 fd:00 3049303    /usr/lib/python2.6/lib-dynload/zlibmodule.so
0042b000-0042d000 rw-p 00003000 fd:00 3049303    /usr/lib/python2.6/lib-dynload/zlibmodule.so
0042e000-0043d000 r-xp 00000000 fd:00 3049275    /usr/lib/python2.6/lib-dynload/datetime.so
0043d000-00440000 rw-p 0000f000 fd:00 3049275    /usr/lib/python2.6/lib-dynload/datetime.so
00440000-00573000 r-xp 00000000 fd:00 2860778    /usr/lib/libnss3.so
00573000-00577000 rw-p 00132000 fd:00 2860778    /usr/lib/libnss3.so
00577000-00578000 rw-p 00577000 00:00 0 
00578000-00583000 r-xp 00000000 fd:00 3050263    /usr/lib/python2.6/site-packages/OpenSSL/crypto.so
00583000-00589000 rw-p 0000a000 fd:00 3050263    /usr/lib/python2.6/site-packages/OpenSSL/crypto.so
00589000-0058b000 r-xp 00000000 fd:00 3049281    /usr/lib/python2.6/lib-dynload/grpmodule.so
0058b000-0058c000 rw-p 00001000 fd:00 3049281    /usr/lib/python2.6/lib-dynload/grpmodule.so
0058c000-00592000 r-xp 00000000 fd:00 3049264    /usr/lib/python2.6/lib-dynload/_ssl.so
00592000-00593000 rw-p 00006000 fd:00 3049264    /usr/lib/python2.6/lib-dynload/_ssl.so
00594000-0059b000 r-xp 00000000 fd:00 3049288    /usr/lib/python2.6/lib-dynload/operator.so
0059b000-0059d000 rw-p 00006000 fd:00 3049288    /usr/lib/python2.6/lib-dynload/operator.so
0059d000-005d6000 r-xp 00000000 fd:00 2856164    /lib/libnspr4.so
005d6000-005d7000 rw-p 00039000 fd:00 2856164    /lib/libnspr4.so
005d7000-005d9000 rw-p 005d7000 00:00 0 
005d9000-00614000 r-xp 00000000 fd:00 2856502    /usr/lib/libsoftokn3.so
00614000-00615000 rw-p 0003b000 fd:00 2856502    /usr/lib/libsoftokn3.so
00615000-0061b000 r-xp 00000000 fd:00 3049270    /usr/lib/python2.6/lib-dynload/bz2.so
0061b000-0061d000 rw-p 00006000 fd:00 3049270    /usr/lib/python2.6/lib-dynload/bz2.so
0061d000-00620000 r-xp 00000000 fd:00 2860871    /lib/libgpg-error.so.0.5.0
00620000-00621000 rw-p 00002000 fd:00 2860871    /lib/libgpg-error.so.0.5.0
00622000-00624000 r-xp 00000000 fd:00 2855819    /lib/libutil-2.11.90.so
00624000-00625000 r--p 00001000 fd:00 2855819    /lib/libutil-2.11.90.so
00625000-00626000 rw-p 00002000 fd:00 2855819    /lib/libutil-2.11.90.so
00626000-00634000 r-xp 00000000 fd:00 3050101    /usr/lib/python2.6/site-packages/pycurl.so
00634000-00636000 rw-p 0000d000 fd:00 3050101    /usr/lib/python2.6/site-packages/pycurl.so
00636000-00639000 r-xp 00000000 fd:00 3049298    /usr/lib/python2.6/lib-dynload/termios.so
00639000-0063b000 rw-p 00002000 fd:00 3049298    /usr/lib/python2.6/lib-dynload/termios.so
0063e000-0064f000 r-xp 00000000 fd:00 3049271    /usr/lib/python2.6/lib-dynload/cPickle.so
0064f000-00650000 rw-p 00011000 fd:00 3049271    /usr/lib/python2.6/lib-dynload/cPickle.so
00656000-0065c000 r-xp 00000000 fd:00 3049241    /usr/lib/python2.6/lib-dynload/_collectionsmodule.so
0065c000-0065d000 rw-p 00005000 fd:00 3049241    /usr/lib/python2.6/lib-dynload/_collectionsmodule.so
0065d000-006a2000 r-xp 00000000 fd:00 2855766    /usr/lib/libfreebl3.so
006a2000-006a3000 rw-p 00044000 fd:00 2855766    /usr/lib/libfreebl3.so
006a3000-006a7000 rw-p 006a3000 00:00 0 
006a7000-006c9000 r-xp 00000000 fd:00 2860841    /usr/lib/librpmbuild.so.1.0.0
006c9000-006cb000 rw-p 00022000 fd:00 2860841    /usr/lib/librpmbuild.so.1.0.0
006cb000-006cf000 rw-p 006cb000 00:00 0 
006cf000-006d7000 r-xp 00000000 fd:00 3049246    /usr/lib/python2.6/lib-dynload/_elementtree.so
006d7000-006d8000 rw-p 00008000 fd:00 3049246    /usr/lib/python2.6/lib-dynload/_elementtree.so
006d9000-006dc000 r-xp 00000000 fd:00 3049272    /usr/lib/python2.6/lib-dynload/cStringIO.so
006dc000-006dd000 rw-p 00003000 fd:00 3049272    /usr/lib/python2.6/lib-dynload/cStringIO.so
006dd000-006eb000 r-xp 00000000 fd:00 2856373    /usr/lib/libcares.so.2.0.0
006eb000-006ec000 rw-p 0000d000 fd:00 2856373    /usr/lib/libcares.so.2.0.0
006f4000-00714000 r-xp 00000000 fd:00 2855780    /lib/ld-2.11.90.so
00714000-00715000 r--p 0001f000 fd:00 2855780    /lib/ld-2.11.90.so
00715000-00716000 rw-p 00020000 fd:00 2855780    /lib/ld-2.11.90.so
00716000-00731000 r-xp 00000000 fd:00 2856228    /usr/lib/libmagic.so.1.0.0
00731000-00732000 rw-p 0001a000 fd:00 2856228    /usr/lib/libmagic.so.1.0.0
00732000-00757000 r-xp 00000000 fd:00 2859409    /usr/lib/libssh2.so.1.0.1
00757000-00758000 rw-p 00024000 fd:00 2859409    /usr/lib/libssh2.so.1.0.1
0075a000-0076d000 r-xp 00000000 fd:00 3050423    /usr/lib/python2.6/site-packages/krbVmodule.so
0076d000-0076e000 rw-p 00012000 fd:00 3050423    /usr/lib/python2.6/site-packages/krbVmodule.so
0076e000-0077b000 r-xp 00000000 fd:00 2859420    /usr/lib/liblber-2.4.so.2.5.4
0077b000-0077c000 rw-p 0000c000 fd:00 2859420    /usr/lib/liblber-2.4.so.2.5.4
00780000-00783000 r-xp 00000000 fd:00 2855793    /lib/libdl-2.11.90.so
00783000-00784000 r--p 00002000 fd:00 2855793    /lib/libdl-2.11.90.so
00784000-00785000 rw-p 00003000 fd:00 2855793    /lib/libdl-2.11.90.so
00785000-007b3000 r-xp 00000000 fd:00 3049291    /usr/lib/python2.6/lib-dynload/pyexpat.so
007b3000-007b6000 rw-p 0002e000 fd:00 3049291    /usr/lib/python2.6/lib-dynload/pyexpat.so
007b6000-007c4000 r-xp 00000000 fd:00 3050152    /usr/lib/python2.6/site-packages/gpgme/_gpgme.so
007c4000-007c6000 rw-p 0000e000 fd:00 3050152    /usr/lib/python2.6/site-packages/gpgme/_gpgme.so
007c9000-007cd000 r-xp 00000000 fd:00 2856165    /lib/libplc4.so
007cd000-007ce000 rw-p 00003000 fd:00 2856165    /lib/libplc4.so
007ce000-007f5000 r-xp 00000000 fd:00 2860781    /usr/lib/libsmime3.so
007f5000-007f7000 rw-p 00027000 fd:00 2860781    /usr/lib/libsmime3.so
007f8000-007fa000 r-xp 00000000 fd:00 2856235    /lib/libcom_err.so.2.1
007fa000-007fb000 rw-p 00002000 fd:00 2856235    /lib/libcom_err.so.2.1
007fb000-0082c000 r-xp 00000000 fd:00 2856281    /lib/libidn.so.11.5.38
0082c000-0082d000 rw-p 00030000 fd:00 2856281    /lib/libidn.so.11.5.38
00836000-00838000 r-xp 00000000 fd:00 3049297    /usr/lib/python2.6/lib-dynload/syslog.so
00838000-00839000 rw-p 00001000 fd:00 3049297    /usr/lib/python2.6/lib-dynload/syslog.so
0083e000-0099a000 r-xp 00000000 fd:00 2861404    /usr/lib/libpython2.6.so.1.0
0099a000-009c6000 rw-p 0015c000 fd:00 2861404    /usr/lib/libpython2.6.so.1.0
009c6000-009cf000 rw-p 009c6000 00:00 0 
009cf000-009de000 r-xp 00000000 fd:00 3049263    /usr/lib/python2.6/lib-dynload/_sqlite3.so
009de000-009e0000 rw-p 0000e000 fd:00 3049263    /usr/lib/python2.6/lib-dynload/_sqlite3.so
009e3000-009ff000 r-xp 00000000 fd:00 2856304    /lib/libselinux.so.1
009ff000-00a00000 r--p 0001b000 fd:00 2856304    /lib/libselinux.so.1
00a00000-00a01000 rw-p 0001c000 fd:00 2856304    /lib/libselinux.so.1
00a01000-00a8e000 r-xp 00000000 fd:00 2856494    /usr/lib/libsqlite3.so.0.8.6
00a8e000-00a90000 rw-p 0008d000 fd:00 2856494    /usr/lib/libsqlite3.so.0.8.6
00a90000-00aa9000 r-xp 00000000 fd:00 2856994    /usr/lib/libsasl2.so.2.0.23
00aa9000-00aaa000 rw-p 00018000 fd:00 2856994    /usr/lib/libsasl2.so.2.0.23
00ab2000-00ab3000 r-xp 00ab2000 00:00 0          [vdso]
00ab3000-00b03000 r-xp 00000000 fd:00 2860784    /usr/lib/libcurl.so.4.1.1
00b03000-00b05000 rw-p 0004f000 fd:00 2860784    /usr/lib/libcurl.so.4.1.1
00b05000-00b4a000 r-xp 00000000 fd:00 2859422    /usr/lib/libldap-2.4.so.2.5.4
00b4a000-00b4c000 rw-p 00044000 fd:00 2859422    /usr/lib/libldap-2.4.so.2.5.4
00b55000-00b7f000 r-xp 00000000 fd:00 2857048    /lib/libk5crypto.so.3.1
00b7f000-00b80000 rw-p 0002a000 fd:00 2857048    /lib/libk5crypto.so.3.1
00b84000-00b86000 r-xp 00000000 fd:00 3049278    /usr/lib/python2.6/lib-dynload/fcntlmodule.so
00b86000-00b87000 rw-p 00002000 fd:00 3049278    /usr/lib/python2.6/lib-dynload/fcntlmodule.so
00b87000-00b91000 r-xp 00000000 fd:00 3050034    /usr/lib/python2.6/site-packages/_sqlitecache.so
00b91000-00b92000 rw-p 00009000 fd:00 3050034    /usr/lib/python2.6/site-packages/_sqlitecache.so
00b92000-00b9c000 r-xp 00000000 fd:00 3050418    /usr/lib/python2.6/site-packages/_deltarpmmodule.so
00b9c000-00b9d000 rw-p 00009000 fd:00 3050418    /usr/lib/python2.6/site-packages/_deltarpmmodule.so
00ba1000-00bac000 r-xp 00000000 fd:00 2855803    /lib/libnss_files-2.11.90.so
00bac000-00bad000 r--p 0000a000 fd:00 2855803    /lib/libnss_files-2.11.90.so
00bad000-00bae000 rw-p 0000b000 fd:00 2855803    /lib/libnss_files-2.11.90.so
00baf000-00c02000 r-xp 00000000 fd:00 2859377    /usr/lib/libssl.so.1.0.0
00c02000-00c06000 rw-p 00052000 fd:00 2859377    /usr/lib/libssl.so.1.0.0
00c19000-00d9d000 r-xp 00000000 fd:00 2855787    /lib/libc-2.11.90.so
00d9d000-00d9f000 r--p 00184000 fd:00 2855787    /lib/libc-2.11.90.so
00d9f000-00da0000 rw-p 00186000 fd:00 2855787    /lib/libc-2.11.90.so
00da0000-00da3000 rw-p 00da0000 00:00 0 
00daf000-00db7000 r-xp 00000000 fd:00 3049267    /usr/lib/python2.6/lib-dynload/arraymodule.so
00db7000-00db9000 rw-p 00007000 fd:00 3049267    /usr/lib/python2.6/lib-dynload/arraymodule.so
00db9000-00dea000 r-xp 00000000 fd:00 2860782    /usr/lib/libssl3.so
00dea000-00dec000 rw-p 00030000 fd:00 2860782    /usr/lib/libssl3.so
00e00000-00e27000 r-xp 00000000 fd:00 2856500    /usr/lib/libnssdbm3.so
00e27000-00e28000 rw-p 00026000 fd:00 2856500    /usr/lib/libnssdbm3.so
00e3d000-00e3f000 r-xp 00000000 fd:00 3050029    /usr/lib/python2.6/site-packages/rpm/_rpmbmodule.so
00e3f000-00e40000 rw-p 00001000 fd:00 3050029    /usr/lib/python2.6/site-packages/rpm/_rpmbmodule.so
00e40000-00e48000 r-xp 00000000 fd:00 2855791    /lib/libcrypt-2.11.90.so
00e48000-00e49000 r--p 00007000 fd:00 2855791    /lib/libcrypt-2.11.90.so
00e49000-00e4a000 rw-p 00008000 fd:00 2855791    /lib/libcrypt-2.11.90.so
00e4a000-00e71000 rw-p 00e4a000 00:00 0 
00e71000-00ea1000 r-xp 00000000 fd:00 2861129    /usr/lib/libgpgme.so.11.6.6
00ea1000-00ea2000 rw-p 00030000 fd:00 2861129    /usr/lib/libgpgme.so.11.6.6
00ea2000-00ea3000 rw-p 00ea2000 00:00 0 
00ea4000-00eac000 r-xp 00000000 fd:00 3050261    /usr/lib/python2.6/site-packages/OpenSSL/SSL.so
00eac000-00eb0000 rw-p 00008000 fd:00 3050261    /usr/lib/python2.6/site-packages/OpenSSL/SSL.so
00efc000-00efe000 r-xp 00000000 fd:00 2857038    /lib/libkeyutils-1.2.so
00efe000-00eff000 rw-p 00001000 fd:00 2857038    /lib/libkeyutils-1.2.so
00f03000-00f07000 r-xp 00000000 fd:00 3049269    /usr/lib/python2.6/lib-dynload/binascii.so
00f07000-00f08000 rw-p 00004000 fd:00 3049269    /usr/lib/python2.6/lib-dynload/binascii.so
00f1b000-00f1e000 r-xp 00000000 fd:00 3049299    /usr/lib/python2.6/lib-dynload/timemodule.so
00f1e000-00f20000 rw-p 00002000 fd:00 3049299    /usr/lib/python2.6/lib-dynload/timemodule.so
00f22000-00f24000 r-xp 00000000 fd:00 3049249    /usr/lib/python2.6/lib-dynload/_hashlib.so
00f24000-00f25000 rw-p 00002000 fd:00 3049249    /usr/lib/python2.6/lib-dynload/_hashlib.so
00f25000-00f6f000 r-xp 00000000 fd:00 3050205    /usr/lib/python2.6/site-packages/libxml2mod.so
00f6f000-00f74000 rw-p 0004a000 fd:00 3050205    /usr/lib/python2.6/site-packages/libxml2mod.so
00f9d000-00fa4000 r-xp 00000000 fd:00 3049265    /usr/lib/python2.6/lib-dynload/_struct.so
00fa4000-00fa6000 rw-p 00006000 fd:00 3049265    /usr/lib/python2.6/lib-dynload/_struct.so
00fa6000-01118000 r-xp 00000000 fd:00 2859375    /usr/lib/libcrypto.so.1.0.0
01118000-0112c000 rw-p 00171000 fd:00 2859375    /usr/lib/libcrypto.so.1.0.0
0112c000-0112f000 rw-p 0112c000 00:00 0 
014eb000-015d4000 r-xp 00000000 fd:00 2861424    /lib/libglib-2.0.so.0.2300.1
015d4000-015d5000 rw-p 000e8000 fd:00 2861424    /lib/libglib-2.0.so.0.2300.1
016e9000-01867000 r-xp 00000000 fd:00 2856167    /lib/libdb-4.8.so
01867000-0186a000 rw-p 0017e000 fd:00 2856167    /lib/libdb-4.8.so
04a3f000-04b83000 r-xp 00000000 fd:00 2860928    /usr/lib/libxml2.so.2.7.6
04b83000-04b88000 rw-p 00143000 fd:00 2860928    /usr/lib/libxml2.so.2.7.6
04b88000-04b89000 rw-p 04b88000 00:00 0 
08048000-08049000 r-xp 00000000 fd:00 2861420    /usr/bin/python
08049000-0804a000 rw-p 00000000 fd:00 2861420    /usr/bin/python
08b01000-1343c000 rw-p 08b01000 00:00 0 
b7902000-b7c64000 rw-p b7902000 00:00 0 
b7cf4000-b7d55000 rw-p b7cf4000 00:00 0 
b7d55000-b7f55000 r--p 00000000 fd:00 2857439    /usr/lib/locale/locale-archive
b7f55000-b7f98000 rw-p b7f55000 00:00 0 
b7f99000-b7f9e000 rw-p b7f99000 00:00 0 
bfb8c000-bfbbc000 rw-p bffcf000 00:00 0          [stack]

Version-Release number of selected component (if applicable):

python-2.6.4-6.fc13
createrepo-0.9.8-4.fc13

How reproducible:

100%

Steps to Reproduce:
1. Build rawhide.
  
Actual results:

Crash.

Expected results:

No crash.

Additional info:

How rawhide is built:
- Take EL-5 box
- Make rawhide chroot
- In that chroot, run mash to build the rawhide tree

For whatever reason, the following createrepos succeed:
- source/SRPMS
- i386/debug

The following crash:
- i386/os
- x86_64/os
- x86_64/debug
Comment 1 Dave Malcolm 2010-01-18 14:18:50 EST
python-2.6.4-6.fc13 was only just built; python-2.6.4-5.fc13 was built on Friday IIRC (for bug #555943); so more likely to be that.
Comment 2 Dave Malcolm 2010-01-18 14:26:59 EST
FWIW the specific error checking within free():
  errstr = "free(): corrupted unsorted chunks";
seems to have been added to glibc in this upstream commit:
http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=f6887a0d9a55f5c80c567d9cb153c1c6582410f9

Not sure if this error checking is highlighting an already present bug, or if there's an issue (false-positive?) in this error checking.
Comment 3 Dave Malcolm 2010-01-18 15:27:07 EST
Created attachment 385233 [details]
Backtrace provided by notting

Looks like a "<str> + <unicode>" operation (frame 8).
Comment 4 Dave Malcolm 2010-01-18 16:28:24 EST
If you add the following to the top of the script you'll get a ton of debug information, which may provide further hints as to what's going wrong (but may obscure the crash):

def tf(frame, event, arg):
    print "frame: %s, code: %s, locals: %s, event: %s, arg: %s" \
          % (frame, frame.f_code, frame.f_locals, event, arg)
import sys
sys.settrace(tf)
Comment 5 Dave Malcolm 2010-01-18 16:55:21 EST
Here's a version of tf that tries to indent, based on stack depth:

def tf(frame, event, arg):
    def depth(f):
        if f.f_back:
            return depth(f.f_back) + 1
        else:
            return 0
    print "%scode: %s, locals: %s, event: %s, arg: %s" \
          % (' ' * depth(frame), frame.f_code, frame.f_locals, event, arg)
Comment 6 Dave Malcolm 2010-01-18 20:06:12 EST
According to IRC chat: most locals optimized out, but notting was able to query this, in either frame 9 or 10:
(gdb) p (PyTypeObject *)v->ob_type->tp_str
"str"
(gdb) p (char*)((PyStringObject*)v)->ob_sval
$19 = 0x85c197c "\n<package pkgid=\"c06516a49e897ff1592bba62ea48176212a35fccf10b0507eae2251ecc3a2bd4\" name=\"crystalspace-debuginfo\" arch=\"x86_64\">\n    <version epoch=\"0\" ver=\"1.2.1\" rel=\"6.fc12\"/>\n"

so the code is doing "<str> + <unicode>, with the left-hand side as above.

Appeared that "unicode" may have be NULL in call to unicode_dealloc, which shouldn't happen; possibly a refcounting error in a unicode?
Comment 7 Dave Malcolm 2010-01-18 22:04:42 EST
(In reply to comment #6)
> (gdb) p (PyTypeObject *)v->ob_type->tp_str
I believe this should read:
(gdb) p ((PyTypeObject *)v->ob_type)->tp_str
Comment 8 Bill Nottingham 2010-01-19 00:12:52 EST
Testing it with ElectricFence yields the following crash.

Breakpoint 2, __memcpy_ssse3_rep ()
  at ../sysdeps/i386/i686/multiarch/memcpy-ssse3-rep.S:121
121 ENTRANCE
  0xbfffbccc: 0xad2abc <PyUnicodeUCS4_Concat+172> 0xb1ff7c58 0xb215cc58 0x883a4


Assuming that's actually the length it's trying to copy, that looks high. No obvious reason why it would be doing that, though.
Comment 9 Dave Malcolm 2010-01-19 19:17:32 EST
notting: I filed bug 556975 to track the difficulty we had querying variables in gdb with this build of python.
Comment 10 Andreas Schwab 2010-01-20 05:57:49 EST
That looks like a bug in the optimized memcpy/memset.
Comment 11 H.J. Lu 2010-01-20 09:31:42 EST
Can you send me the output of

# uname -a
# cat /proc/cpu_info
Comment 12 H.J. Lu 2010-01-20 09:34:15 EST
Also please show me how to reproduce the bug with minimum setup.
Comment 13 H.J. Lu 2010-01-20 09:35:48 EST
If you can give me a testcase in C, I will fix it.
Comment 14 Bill Nottingham 2010-01-20 11:03:51 EST
The test case is unfortunately, not very minimal. It's running  createrepo across ~5G of packages.

[notting@bastion2 ~]$ cat /proc/cpuinfo 
processor	: 0
vendor_id	: GenuineIntel
cpu family	: 6
model		: 23
model name	: Intel(R) Xeon(R) CPU           X5450  @ 3.00GHz
stepping	: 6
cpu MHz		: 2992.498
cache size	: 6144 KB
fdiv_bug	: no
hlt_bug		: no
f00f_bug	: no
coma_bug	: no
fpu		: yes
fpu_exception	: yes
cpuid level	: 10
wp		: yes
flags		: fpu tsc msr pae mce cx8 apic mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe lm constant_tsc pni monitor ds_cpl vmx est tm2 ssse3 cx16 xtpr sse4_1 lahf_lm
bogomips	: 7483.59

processor	: 1
vendor_id	: GenuineIntel
cpu family	: 6
model		: 23
model name	: Intel(R) Xeon(R) CPU           X5450  @ 3.00GHz
stepping	: 6
cpu MHz		: 2992.498
cache size	: 6144 KB
fdiv_bug	: no
hlt_bug		: no
f00f_bug	: no
coma_bug	: no
fpu		: yes
fpu_exception	: yes
cpuid level	: 10
wp		: yes
flags		: fpu tsc msr pae mce cx8 apic mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe lm constant_tsc up pni monitor ds_cpl vmx est tm2 ssse3 cx16 xtpr sse4_1 lahf_lm
bogomips	: 7483.59

Kernel is a xen domU, 2.6.18-164.6.1.el5xen.
Comment 15 Bill Nottingham 2010-01-20 11:06:00 EST
Sorry, that was the wrong box. *Actual* /proc/cpuinfo:

[notting@releng2 ~]$ cat /proc/cpuinfo 
processor	: 0
vendor_id	: GenuineIntel
cpu family	: 6
model		: 26
model name	: Intel(R) Xeon(R) CPU           E5530  @ 2.40GHz
stepping	: 5
cpu MHz		: 2400.084
cache size	: 8192 KB
fdiv_bug	: no
hlt_bug		: no
f00f_bug	: no
coma_bug	: no
fpu		: yes
fpu_exception	: yes
cpuid level	: 11
wp		: yes
flags		: fpu tsc msr pae mce cx8 apic mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe nx lm constant_tsc nonstop_tsc pni monitor ds_cpl vmx est tm2 ssse3 cx16 xtpr sse4_1 sse4_2 popcnt lahf_lm [8]
bogomips	: 6002.17

processor	: 1
vendor_id	: GenuineIntel
cpu family	: 6
model		: 26
model name	: Intel(R) Xeon(R) CPU           E5530  @ 2.40GHz
stepping	: 5
cpu MHz		: 2400.084
cache size	: 8192 KB
fdiv_bug	: no
hlt_bug		: no
f00f_bug	: no
coma_bug	: no
fpu		: yes
fpu_exception	: yes
cpuid level	: 11
wp		: yes
flags		: fpu tsc msr pae mce cx8 apic mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe nx lm constant_tsc up nonstop_tsc pni monitor ds_cpl vmx est tm2 ssse3 cx16 xtpr sse4_1 sse4_2 popcnt lahf_lm [8]
bogomips	: 6002.17

processor	: 2
vendor_id	: GenuineIntel
cpu family	: 6
model		: 26
model name	: Intel(R) Xeon(R) CPU           E5530  @ 2.40GHz
stepping	: 5
cpu MHz		: 2400.084
cache size	: 8192 KB
fdiv_bug	: no
hlt_bug		: no
f00f_bug	: no
coma_bug	: no
fpu		: yes
fpu_exception	: yes
cpuid level	: 11
wp		: yes
flags		: fpu tsc msr pae mce cx8 apic mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe nx lm constant_tsc up nonstop_tsc pni monitor ds_cpl vmx est tm2 ssse3 cx16 xtpr sse4_1 sse4_2 popcnt lahf_lm [8]
bogomips	: 6002.17

processor	: 3
vendor_id	: GenuineIntel
cpu family	: 6
model		: 26
model name	: Intel(R) Xeon(R) CPU           E5530  @ 2.40GHz
stepping	: 5
cpu MHz		: 2400.084
cache size	: 8192 KB
fdiv_bug	: no
hlt_bug		: no
f00f_bug	: no
coma_bug	: no
fpu		: yes
fpu_exception	: yes
cpuid level	: 11
wp		: yes
flags		: fpu tsc msr pae mce cx8 apic mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe nx lm constant_tsc up nonstop_tsc pni monitor ds_cpl vmx est tm2 ssse3 cx16 xtpr sse4_1 sse4_2 popcnt lahf_lm [8]
bogomips	: 6002.17

processor	: 4
vendor_id	: GenuineIntel
cpu family	: 6
model		: 26
model name	: Intel(R) Xeon(R) CPU           E5530  @ 2.40GHz
stepping	: 5
cpu MHz		: 2400.084
cache size	: 8192 KB
fdiv_bug	: no
hlt_bug		: no
f00f_bug	: no
coma_bug	: no
fpu		: yes
fpu_exception	: yes
cpuid level	: 11
wp		: yes
flags		: fpu tsc msr pae mce cx8 apic mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe nx lm constant_tsc up nonstop_tsc pni monitor ds_cpl vmx est tm2 ssse3 cx16 xtpr sse4_1 sse4_2 popcnt lahf_lm [8]
bogomips	: 6002.17

processor	: 5
vendor_id	: GenuineIntel
cpu family	: 6
model		: 26
model name	: Intel(R) Xeon(R) CPU           E5530  @ 2.40GHz
stepping	: 5
cpu MHz		: 2400.084
cache size	: 8192 KB
fdiv_bug	: no
hlt_bug		: no
f00f_bug	: no
coma_bug	: no
fpu		: yes
fpu_exception	: yes
cpuid level	: 11
wp		: yes
flags		: fpu tsc msr pae mce cx8 apic mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe nx lm constant_tsc up nonstop_tsc pni monitor ds_cpl vmx est tm2 ssse3 cx16 xtpr sse4_1 sse4_2 popcnt lahf_lm [8]
bogomips	: 6002.17

processor	: 6
vendor_id	: GenuineIntel
cpu family	: 6
model		: 26
model name	: Intel(R) Xeon(R) CPU           E5530  @ 2.40GHz
stepping	: 5
cpu MHz		: 2400.084
cache size	: 8192 KB
fdiv_bug	: no
hlt_bug		: no
f00f_bug	: no
coma_bug	: no
fpu		: yes
fpu_exception	: yes
cpuid level	: 11
wp		: yes
flags		: fpu tsc msr pae mce cx8 apic mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe nx lm constant_tsc up nonstop_tsc pni monitor ds_cpl vmx est tm2 ssse3 cx16 xtpr sse4_1 sse4_2 popcnt lahf_lm [8]
bogomips	: 6002.17

processor	: 7
vendor_id	: GenuineIntel
cpu family	: 6
model		: 26
model name	: Intel(R) Xeon(R) CPU           E5530  @ 2.40GHz
stepping	: 5
cpu MHz		: 2400.084
cache size	: 8192 KB
fdiv_bug	: no
hlt_bug		: no
f00f_bug	: no
coma_bug	: no
fpu		: yes
fpu_exception	: yes
cpuid level	: 11
wp		: yes
flags		: fpu tsc msr pae mce cx8 apic mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe nx lm constant_tsc up nonstop_tsc pni monitor ds_cpl vmx est tm2 ssse3 cx16 xtpr sse4_1 sse4_2 popcnt lahf_lm [8]
bogomips	: 6002.17

Kernel is 2.6.18-164.2.1.el5xen.
Comment 16 H.J. Lu 2010-01-20 12:00:30 EST
If you can find a testcase in C which I can use gdb to debug, I will
take a look.

Can you run the same thing with the same glibc on a Core 2 machine?
The different memcpy will be used in this case.
Comment 17 H.J. Lu 2010-01-25 10:47:13 EST
You can use LD_AUDIT to check the parameters passed to memcpy calls.
Comment 18 Dave Malcolm 2010-01-26 16:23:56 EST
(In reply to comment #9)
> notting: I filed bug 556975 to track the difficulty we had querying variables
> in gdb with this build of python.    
notting: it looks like with a newer build of python (python-2.6.4-8) and/or newer gdb this one should be more amenable to debugging; if it can be reproduced with the newer build of python we could use that to try an isolate a more sane reproducer.
Comment 19 Andreas Schwab 2010-02-03 10:48:37 EST
Any news here?
Comment 20 Bill Nottingham 2010-02-03 11:11:11 EST
Have not had time to set up the reproducing case again.
Comment 21 H.J. Lu 2010-02-12 10:29:39 EST
Created attachment 390509 [details]
A patch to use unsigned conditional jump

This patch may fix the problem. memcpy uses signed conditional jump. If
you copy data > 2GB, it will get it wrong. Please give it a try. Thanks.
Comment 23 H.J. Lu 2010-02-16 14:49:03 EST
Any updates? If my patch is the right fix, I'd like to push it upstream. Thanks.
Comment 24 Bill Nottingham 2010-02-16 15:29:22 EST
Haven't had a chance to test.
Comment 25 Fedora Update System 2010-02-22 12:02:22 EST
glibc-2.11.90-13 has been submitted as an update for Fedora 13.
http://admin.fedoraproject.org/updates/glibc-2.11.90-13
Comment 26 H.J. Lu 2010-02-22 12:23:39 EST
Created attachment 395514 [details]
A patch to fix memcpy

I found another bug in memcpy-ssse3-rep.S. This
patch fixes it.
Comment 27 Fedora Update System 2010-02-23 08:44:27 EST
glibc-2.11.90-14 has been submitted as an update for Fedora 13.
http://admin.fedoraproject.org/updates/glibc-2.11.90-14
Comment 28 Fedora Update System 2010-02-23 11:07:05 EST
glibc-2.11.90-14 has been pushed to the Fedora 13 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update glibc'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F13/FEDORA-2010-2658
Comment 29 Fedora Update System 2010-03-09 11:35:25 EST
glibc-2.11.90-15 has been submitted as an update for Fedora 13.
http://admin.fedoraproject.org/updates/glibc-2.11.90-15
Comment 30 Fedora Update System 2010-03-11 02:17:21 EST
glibc-2.11.90-15 has been pushed to the Fedora 13 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update glibc'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/glibc-2.11.90-15
Comment 31 Fedora Update System 2010-03-14 09:44:17 EDT
glibc-2.11.90-15 has been pushed to the Fedora 13 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.