Bug 85504 - rpm produces segmentation fault when installing or removing some packages
rpm produces segmentation fault when installing or removing some packages
Status: CLOSED WORKSFORME
Product: Red Hat Linux
Classification: Retired
Component: rpm (Show other bugs)
8.0
i686 Linux
medium Severity high
: ---
: ---
Assigned To: Jeff Johnson
Mike McLean
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2003-03-03 15:30 EST by Keith Lea
Modified: 2007-04-18 12:51 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2003-03-22 15:18:47 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
strace output for rpm -e freetype-utils (40.60 KB, text/plain)
2003-03-04 23:45 EST, Keith Lea
no flags Details

  None (edit)
Description Keith Lea 2003-03-03 15:30:30 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4a) Gecko/20030114

Description of problem:
first, it hangs when attempting to install gtk2 from the apt repository
described at http://people.ecsc.co.uk/~matt/repository.html:

---

[root@localhost rpm]# apt-get install libbonoboui
Reading Package Lists... Done
Collecting File Provides... Done
Building Dependency Tree... Done
The following extra packages will be installed:
  GConf2 GConf2-devel XFree86 XFree86-Xnest XFree86-Xvfb XFree86-base-fonts
  XFree86-devel XFree86-libs XFree86-libs-data XFree86-twm XFree86-xdm
  XFree86-xfs bonobo-activation bonobo-activation-devel freetype
  freetype-devel gnome-vfs2 gnome-vfs2-devel gtk2 gtk2-devel libbonobo
  libbonobo-devel libbonoboui-devel libglade2 libglade2-devel libgnome
  libgnome-devel libgnomecanvas libgnomecanvas-devel libgsf-1 librsvg2
  librsvg2-devel libxml2 libxml2-devel pango
The following packages will be upgraded
  GConf2 GConf2-devel XFree86 XFree86-Xnest XFree86-Xvfb XFree86-base-fonts
  XFree86-devel XFree86-libs XFree86-twm XFree86-xdm XFree86-xfs
  bonobo-activation bonobo-activation-devel freetype freetype-devel gnome-vfs2
  gnome-vfs2-devel gtk2 gtk2-devel libbonobo libbonobo-devel libbonoboui
  libbonoboui-devel libglade2 libglade2-devel libgnome libgnome-devel
  libgnomecanvas libgnomecanvas-devel librsvg2 librsvg2-devel libxml2
  libxml2-devel pango
The following packages will be REPLACED:
  XFree86-xtrap-clients (by XFree86)  Xft (by XFree86-libs)  Xft-devel (by
  XFree86-devel)
The following packages will be REMOVED:
  eel2-devel freetype-demos freetype-utils libgnomeui-devel libxml2-python
  pango-devel redhat-config-packages
The following NEW packages will be installed:
  XFree86-libs-data libgsf-1
34 packages upgraded, 2 newly installed, 3 replaced, 7 removed and 29 not upgraded.
Need to get 0B/45.9MB of archives. After unpacking 13.9MB will be used.
Do you want to continue? [Y/n] y
Executing RPM (-e)...
Executing RPM (-Uvh)...
error: Failed dependencies:
        freetype = 2.1.2-7 is needed by (installed) freetype-utils-2.1.2-7
        freetype = 2.1.2-7 is needed by (installed) freetype-demos-2.1.2-7
        pango = 1.1.1 is needed by (installed) pango-devel-1.1.1-1
        libxml2 = 2.4.23 is needed by (installed) libxml2-python-2.4.23-1
E: Sub-process /bin/rpm recieved a segmentation fault.
E: Sub-process /bin/rpm returned an error code (36)


---

but then it segfaults when I try to remove freetype-utils:

---

[root@localhost rpm]# gdb rpm
<..>
(gdb) run -e freetype-utils-2.1.2-7
Starting program: /bin/rpm -e freetype-utils-2.1.2-7

Program received signal SIGSEGV, Segmentation fault.
0x081cadeb in elf_machine_rel.0 ()
(gdb) backtrace
#0  0x081cadeb in elf_machine_rel.0 ()
#1  0x081cb209 in elf_dynamic_do_rel.7 ()
#2  0x081cb47f in _dl_relocate_object ()
#3  0x081c3743 in dl_open_worker ()
#4  0x081c2323 in _dl_catch_error ()
#5  0x081c3303 in _dl_open ()
#6  0x081a238e in do_dlopen ()
#7  0x081c2323 in _dl_catch_error ()
#8  0x081a22a3 in __libc_dlopen ()
#9  0x08199a4e in __nss_lookup_function ()
#10 0x0819a3d2 in __nss_lookup ()
#11 0x0819aa12 in __nss_passwd_lookup ()
#12 0x08184633 in getpwnam_r ()
#13 0x081841dc in getpwnam ()
#14 0x08062a12 in rpmpsmStage ()
#15 0x080616d7 in rpmpsmStage ()
#16 0x080628a9 in rpmpsmStage ()
#17 0x0807ce6c in rpmtsRun ()
#18 0x0806e873 in rpmErase ()
#19 0x08048ced in main ()
#20 0x0815ad62 in __libc_start_main ()
(gdb)

---

I have run rpm --rebuilddb, --initdb, rm -f'd locks. db_verify Packages returns
no errors.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. Execute rpm -e freetype-utils on my machine :)
    

Additional info:
Comment 1 Jeff Johnson 2003-03-04 19:58:53 EST
Hmmm, are you using LDAP passwords? If so,
you need to run nscd to avoid a segfault that affects statically linked
binaries like /bin/rpm.
Comment 2 Keith Lea 2003-03-04 20:07:21 EST
I don't know what LDAP is, so no, I'm not using LDAP passwords. (And there's no
administrator who would've installed such a thing for me - this is my own machine.)
Comment 3 Jeff Johnson 2003-03-04 20:12:17 EST
Are you running nscd?

If not, can you start "/sbin/service nscd restart" and repeat?
Comment 4 Keith Lea 2003-03-04 20:39:49 EST
no, it was not running. after starting it I still get the same segfault with the
same backtrace running rpm -e freetype-utils.
Comment 5 Jeff Johnson 2003-03-04 20:53:31 EST
OK.

What's in /etc/nssswitch.conf? Try files first, make sure
that all the users in the freetype package are known.

What glibc?
Comment 6 Keith Lea 2003-03-04 21:03:01 EST
passwd:     files nisplus
shadow:     files nisplus
group:      files nisplus

hosts:      files nisplus dns
bootparams: nisplus [NOTFOUND=return] files

ethers:     files
netmasks:   files
networks:   files
protocols:  files nisplus
rpc:        files
services:   files nisplus

netgroup:   files nisplus

publickey:  nisplus

automount:  files nisplus
aliases:    files nisplus

--

[root@localhost root]# rpm -q glibc
glibc-2.3.1-51

--

I think you're assuming I know more about rpm and ns* than I do. What does "Try
files first, make sure that all the users in the freetype package are known" mean?
Comment 7 Jeff Johnson 2003-03-04 21:10:59 EST
Ah, sorry.

The backtrace from getpwnam on is trying to look up a user name
for a file through glibc (see man 3 getpwnam).

The dl_* routines are an indication that something (like LDAP,
one means to look up users, NIS is another, /etc/passwd
aka files is a 3rd way) is fubar.

A segfault often happens with /bin/rpm, a statically linked binary,
which is more sensitive to structure changes (there are a few) and
linkage through helper libraries.

So, you have files first, which should use /etc/passwd, but there
appears to be a further lookup through nisplus.

What happens if you edit /etc/nssswitch.conf and delete "nisplus"
on the passwd/shadow/group lines? Save a copy, duh ...
Comment 8 Keith Lea 2003-03-04 21:46:28 EST
same problem. do I need to restart anything after editing it?
Comment 9 Jeff Johnson 2003-03-04 21:59:57 EST
OK. No nothing needs restarting.

An strace should give a hint as to what file is being loaded, and
from that I might be able to guess what is happening.

Can you try
    strace -f -o /tmp/xxx the_command_here
and attach /tmp/xxx? Thanks.
Comment 10 Keith Lea 2003-03-04 23:45:05 EST
Created attachment 90469 [details]
strace output for rpm -e freetype-utils

here you go.
Comment 11 Keith Lea 2003-03-15 16:05:59 EST
please help me Jeff, I still can't install or remove packages at all :(
Comment 12 Jeff Johnson 2003-03-15 16:19:16 EST
OK. The strace indicates nscd running with successful
root lookup.

Can you try attaching the output of
    strace -o /tmp/xxx rpm -evv freetype-utils
The -vv will help me figger where the program is segfaulting.
Comment 13 Keith Lea 2003-03-16 12:41:34 EST
if you want the /tmp/xxx too, I can attach that, but i assume it's the same as
last time...

D: opening  db environment /var/lib/rpm/Packages joinenv
D: opening  db index       /var/lib/rpm/Packages rdonly mode=0x0
D: locked   db index       /var/lib/rpm/Packages
D: opening  db index       /var/lib/rpm/Name rdonly mode=0x0
D: opening  db index       /var/lib/rpm/Pubkeys rdonly mode=0x0
D:  read h#     663 Header sanity check: OK
D: ========== DSA pubkey id 219180cddb42a60e
D:  read h#     819 Header V3 DSA signature: OK, key ID db42a60e
D: ========== --- freetype-utils-2.1.2-7
D: opening  db index       /var/lib/rpm/Requirename rdonly mode=0x0
D: closed   db index       /var/lib/rpm/Pubkeys
D: closed   db index       /var/lib/rpm/Requirename
D: closed   db index       /var/lib/rpm/Name
D: closed   db index       /var/lib/rpm/Packages
D: closed   db environment /var/lib/rpm/Packages
D: opening  db environment /var/lib/rpm/Packages joinenv
D: opening  db index       /var/lib/rpm/Packages create mode=0x42
D: getting list of mounted filesystems
D: sanity checking 1 elments
D: computing 4 file fingerprints
D: computing file dispositions
D: opening  db index       /var/lib/rpm/Basenames create mode=0x42
D: ========== --- freetype-utils-2.1.2-7
D:     erase: freetype-utils-2.1.2-7 has 4 files, test = 0
D: opening  db index       /var/lib/rpm/Name create mode=0x42
D:  read h#     819 Header V3 DSA signature: OK, key ID db42a60e
Comment 14 Jeff Johnson 2003-03-19 16:00:22 EST
If that's all the output, then instance #819
is probably damaged.

Can you give me a pointer (i.e. URL, attachments won't work)
to a tarball of you database
   cd /var/lib
    tar czvf /tmp/rpmdb-85504.tar.gz rpm
and I'll zap record #819
Comment 15 Keith Lea 2003-03-19 16:54:47 EST
note that freetype-utils isn't the only package that crashes on erase.

http://www.kano.net/in/rpmdb.tar.gz
Comment 16 Jeff Johnson 2003-03-19 17:17:09 EST
Hmmm, you database looks fine, signatures/digests
are being verified, so it's impossible that the
data is corrupt or modified.

Here's what I see for, say, freetype-utils:
...
D:  read h#     819 Header V3 DSA signature: OK, key ID db42a60e
D:   +++ h#     484 Header V3 DSA signature: OK, key ID db42a60e
D: adding "freetype-utils" to Name index.
D: adding 4 entries to Basenames index.
D: adding "System Environment/Libraries" to Group index.
D: adding 9 entries to Requirename index.
D: adding "freetype-utils" to Providename index.
D: adding "/usr/bin/" to Dirnames index.
D: adding 9 entries to Requireversion index.
D: adding "2.1.2-7" to Provideversion index.
D: adding 1 entries to Installtid index.
D: adding 1 entries to Sigmd5 index.
D: adding "dd89f5af8c5406f45bfcb2a0360a1fdedc008c01" to Sha1header index.
D: adding 4 entries to Filemd5s index.


So there's something else local to your machine that's causing
the problem

Let's see if this problem can't be bracketed. You're currently
running rpm-4.1-1.06. Can you try rpm-4.1-9 packages from
    ftp://people.redhat.com/jbj/test-4.1

You'll have to install manually, so do the following:
    cd /var/tmp
    <download all the packages, don't forget popt>
    mkdir xxx
    cd xxx
    for i in ../{rpm,popt}-*.rpm
    do
        echo $i ---
        rpm2cpio $i | cpio -dim
    done
    find . -type d -exec chmod 755 {} \;
    tar cf - . | (cd /; tar xvf -)

and see if same segfault?

If segfault then there's something wrong with your pam
modules is my guess.
Comment 17 Keith Lea 2003-03-19 21:06:26 EST
everything works now :) thanks a ton. is there anything else I should do?
Comment 18 Jeff Johnson 2003-03-22 15:18:47 EST
If you added "private" to /etc/rpm/macros, then you might
want to remove. Otherwise, maybe a --rebuilddb.

You ought to figger what happened, however. If a manual
rpm2cpio "fix"ed, then your files were damaged somehow.
Comment 19 Pekka Savola 2003-10-08 03:36:18 EDT
We noticed the same problems with RHL8 rpm.  The same procedure for replacing
RPM worked fine for us.

Note You need to log in before you can comment on or make changes to this bug.