Description of problem: When building rawhide glibc, rpmbuild segfaults. Version-Release number of selected component (if applicable): http://koji.fedoraproject.org/koji/buildinfo?buildID=366626 How reproducible: Steps to Reproduce: 1. fedpkg clone glibc 2. cd glibc 3. fedpkg build Actual results: Build fails. It's not obvious, but it's failing because rpmbuild segfaults (determined using a local mock build) Expected results: Build succeeds. Additional info: Valgrind report. Of particular interest is the invalid free report with a backtrace that is consistent when the one I get using gdb on a coredump from rpmbuild valgrind rpmbuild -bl --short-circuit glibc.spec ==11039== Memcheck, a memory error detector ==11039== Copyright (C) 2002-2012, and GNU GPL'd, by Julian Seward et al. ==11039== Using Valgrind-3.8.1 and LibVEX; rerun with -h for copyright info ==11039== Command: rpmbuild -bl --short-circuit glibc.spec ==11039== ==11039== Invalid read of size 4 ==11039== at 0x6F9D888: ??? (in /usr/lib64/libpopt.so.0.0.0) ==11039== by 0x6F9E6B5: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.0) ==11039== by 0x4E42E5E: parseDescription (parseDescription.c:38) ==11039== by 0x4E48FEF: parseSpec (parseSpec.c:607) ==11039== by 0x402B30: buildForTarget.constprop.1 (rpmbuild.c:447) ==11039== by 0x402E22: build.constprop.0 (rpmbuild.c:490) ==11039== by 0x401FC2: main (rpmbuild.c:625) ==11039== Address 0x8afe6a4 is 4 bytes inside a block of size 5 alloc'd ==11039== at 0x4C2C87C: malloc (vg_replace_malloc.c:270) ==11039== by 0x6F9D79E: ??? (in /usr/lib64/libpopt.so.0.0.0) ==11039== by 0x6F9E6B5: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.0) ==11039== by 0x4E42E5E: parseDescription (parseDescription.c:38) ==11039== by 0x4E48FEF: parseSpec (parseSpec.c:607) ==11039== by 0x402B30: buildForTarget.constprop.1 (rpmbuild.c:447) ==11039== by 0x402E22: build.constprop.0 (rpmbuild.c:490) ==11039== by 0x401FC2: main (rpmbuild.c:625) ==11039== ==11039== Invalid read of size 4 ==11039== at 0x6F9D888: ??? (in /usr/lib64/libpopt.so.0.0.0) ==11039== by 0x6F9E6B5: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.0) ==11039== by 0x4E45C07: doSetupMacro (parsePrep.c:266) ==11039== by 0x4E46BC2: parsePrep (parsePrep.c:514) ==11039== by 0x4E48FC7: parseSpec (parseSpec.c:595) ==11039== by 0x402B30: buildForTarget.constprop.1 (rpmbuild.c:447) ==11039== by 0x402E22: build.constprop.0 (rpmbuild.c:490) ==11039== by 0x401FC2: main (rpmbuild.c:625) ==11039== Address 0x8e17774 is 20 bytes inside a block of size 23 alloc'd ==11039== at 0x4C2C87C: malloc (vg_replace_malloc.c:270) ==11039== by 0x6F9D79E: ??? (in /usr/lib64/libpopt.so.0.0.0) ==11039== by 0x6F9E6B5: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.0) ==11039== by 0x4E45C07: doSetupMacro (parsePrep.c:266) ==11039== by 0x4E46BC2: parsePrep (parsePrep.c:514) ==11039== by 0x4E48FC7: parseSpec (parseSpec.c:595) ==11039== by 0x402B30: buildForTarget.constprop.1 (rpmbuild.c:447) ==11039== by 0x402E22: build.constprop.0 (rpmbuild.c:490) ==11039== by 0x401FC2: main (rpmbuild.c:625) ==11039== ==11039== Invalid read of size 4 ==11039== at 0x6F9D888: ??? (in /usr/lib64/libpopt.so.0.0.0) ==11039== by 0x6F9E635: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.0) ==11039== by 0x4E45C07: doSetupMacro (parsePrep.c:266) ==11039== by 0x4E46BC2: parsePrep (parsePrep.c:514) ==11039== by 0x4E48FC7: parseSpec (parseSpec.c:595) ==11039== by 0x402B30: buildForTarget.constprop.1 (rpmbuild.c:447) ==11039== by 0x402E22: build.constprop.0 (rpmbuild.c:490) ==11039== by 0x401FC2: main (rpmbuild.c:625) ==11039== Address 0x8e13010 is 0 bytes inside a block of size 2 alloc'd ==11039== at 0x4C2C87C: malloc (vg_replace_malloc.c:270) ==11039== by 0x6F9D79E: ??? (in /usr/lib64/libpopt.so.0.0.0) ==11039== by 0x6F9E635: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.0) ==11039== by 0x4E45C07: doSetupMacro (parsePrep.c:266) ==11039== by 0x4E46BC2: parsePrep (parsePrep.c:514) ==11039== by 0x4E48FC7: parseSpec (parseSpec.c:595) ==11039== by 0x402B30: buildForTarget.constprop.1 (rpmbuild.c:447) ==11039== by 0x402E22: build.constprop.0 (rpmbuild.c:490) ==11039== by 0x401FC2: main (rpmbuild.c:625) ==11039== ==11039== Invalid read of size 4 ==11039== at 0x6F9D888: ??? (in /usr/lib64/libpopt.so.0.0.0) ==11039== by 0x6F9E6B5: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.0) ==11039== by 0x4E464A7: doPatchMacro (parsePrep.c:430) ==11039== by 0x4E46B62: parsePrep (parsePrep.c:516) ==11039== by 0x4E48FC7: parseSpec (parseSpec.c:595) ==11039== by 0x402B30: buildForTarget.constprop.1 (rpmbuild.c:447) ==11039== by 0x402E22: build.constprop.0 (rpmbuild.c:490) ==11039== by 0x401FC2: main (rpmbuild.c:625) ==11039== Address 0x8b885c4 is 4 bytes inside a block of size 5 alloc'd ==11039== at 0x4C2C87C: malloc (vg_replace_malloc.c:270) ==11039== by 0x6F9D79E: ??? (in /usr/lib64/libpopt.so.0.0.0) ==11039== by 0x6F9E6B5: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.0) ==11039== by 0x4E464A7: doPatchMacro (parsePrep.c:430) ==11039== by 0x4E46B62: parsePrep (parsePrep.c:516) ==11039== by 0x4E48FC7: parseSpec (parseSpec.c:595) ==11039== by 0x402B30: buildForTarget.constprop.1 (rpmbuild.c:447) ==11039== by 0x402E22: build.constprop.0 (rpmbuild.c:490) ==11039== by 0x401FC2: main (rpmbuild.c:625) ==11039== ==11039== Invalid read of size 4 ==11039== at 0x6F9D888: ??? (in /usr/lib64/libpopt.so.0.0.0) ==11039== by 0x6F9E635: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.0) ==11039== by 0x4E464E0: doPatchMacro (parsePrep.c:430) ==11039== by 0x4E46B62: parsePrep (parsePrep.c:516) ==11039== by 0x4E48FC7: parseSpec (parseSpec.c:595) ==11039== by 0x402B30: buildForTarget.constprop.1 (rpmbuild.c:447) ==11039== by 0x402E22: build.constprop.0 (rpmbuild.c:490) ==11039== by 0x401FC2: main (rpmbuild.c:625) ==11039== Address 0x8bc6c30 is 0 bytes inside a block of size 2 alloc'd ==11039== at 0x4C2C87C: malloc (vg_replace_malloc.c:270) ==11039== by 0x6F9D79E: ??? (in /usr/lib64/libpopt.so.0.0.0) ==11039== by 0x6F9E635: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.0) ==11039== by 0x4E464E0: doPatchMacro (parsePrep.c:430) ==11039== by 0x4E46B62: parsePrep (parsePrep.c:516) ==11039== by 0x4E48FC7: parseSpec (parseSpec.c:595) ==11039== by 0x402B30: buildForTarget.constprop.1 (rpmbuild.c:447) ==11039== by 0x402E22: build.constprop.0 (rpmbuild.c:490) ==11039== by 0x401FC2: main (rpmbuild.c:625) ==11039== ==11039== Invalid read of size 4 ==11039== at 0x6F9D888: ??? (in /usr/lib64/libpopt.so.0.0.0) ==11039== by 0x6F9E6B5: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.0) ==11039== by 0x4E47567: parseScript (parseScript.c:208) ==11039== by 0x4E49007: parseSpec (parseSpec.c:621) ==11039== by 0x402B30: buildForTarget.constprop.1 (rpmbuild.c:447) ==11039== by 0x402E22: build.constprop.0 (rpmbuild.c:490) ==11039== by 0x401FC2: main (rpmbuild.c:625) ==11039== Address 0x8ae48c4 is 4 bytes inside a block of size 6 alloc'd ==11039== at 0x4C2C87C: malloc (vg_replace_malloc.c:270) ==11039== by 0x6F9D79E: ??? (in /usr/lib64/libpopt.so.0.0.0) ==11039== by 0x6F9E6B5: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.0) ==11039== by 0x4E47567: parseScript (parseScript.c:208) ==11039== by 0x4E49007: parseSpec (parseSpec.c:621) ==11039== by 0x402B30: buildForTarget.constprop.1 (rpmbuild.c:447) ==11039== by 0x402E22: build.constprop.0 (rpmbuild.c:490) ==11039== by 0x401FC2: main (rpmbuild.c:625) ==11039== ==11039== Invalid read of size 4 ==11039== at 0x6F9D888: ??? (in /usr/lib64/libpopt.so.0.0.0) ==11039== by 0x6F9E6B5: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.0) ==11039== by 0x4E4320D: parseFiles (parseFiles.c:39) ==11039== by 0x4E48FA7: parseSpec (parseSpec.c:625) ==11039== by 0x402B30: buildForTarget.constprop.1 (rpmbuild.c:447) ==11039== by 0x402E22: build.constprop.0 (rpmbuild.c:490) ==11039== by 0x401FC2: main (rpmbuild.c:625) ==11039== Address 0x8c8d08c is 12 bytes inside a block of size 13 alloc'd ==11039== at 0x4C2C87C: malloc (vg_replace_malloc.c:270) ==11039== by 0x6F9D79E: ??? (in /usr/lib64/libpopt.so.0.0.0) ==11039== by 0x6F9E6B5: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.0) ==11039== by 0x4E4320D: parseFiles (parseFiles.c:39) ==11039== by 0x4E48FA7: parseSpec (parseSpec.c:625) ==11039== by 0x402B30: buildForTarget.constprop.1 (rpmbuild.c:447) ==11039== by 0x402E22: build.constprop.0 (rpmbuild.c:490) ==11039== by 0x401FC2: main (rpmbuild.c:625) ==11039== ==11039== Invalid read of size 4 ==11039== at 0x6F9D89D: ??? (in /usr/lib64/libpopt.so.0.0.0) ==11039== by 0x6F9E6B5: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.0) ==11039== by 0x4E4320D: parseFiles (parseFiles.c:39) ==11039== by 0x4E48FA7: parseSpec (parseSpec.c:625) ==11039== by 0x402B30: buildForTarget.constprop.1 (rpmbuild.c:447) ==11039== by 0x402E22: build.constprop.0 (rpmbuild.c:490) ==11039== by 0x401FC2: main (rpmbuild.c:625) ==11039== Address 0xfd605f0 is 16 bytes inside a block of size 17 alloc'd ==11039== at 0x4C2C87C: malloc (vg_replace_malloc.c:270) ==11039== by 0x6F9D79E: ??? (in /usr/lib64/libpopt.so.0.0.0) ==11039== by 0x6F9E6B5: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.0) ==11039== by 0x4E4320D: parseFiles (parseFiles.c:39) ==11039== by 0x4E48FA7: parseSpec (parseSpec.c:625) ==11039== by 0x402B30: buildForTarget.constprop.1 (rpmbuild.c:447) ==11039== by 0x402E22: build.constprop.0 (rpmbuild.c:490) ==11039== by 0x401FC2: main (rpmbuild.c:625) ==11039== ==11039== Invalid read of size 1 ==11039== at 0x4C2D1E2: strlen (mc_replace_strmem.c:404) ==11039== by 0x506CA98: dataLength (header.c:363) ==11039== by 0x506E992: headerPut (header.c:1461) ==11039== by 0x506C37D: headerPutType (headerutil.c:188) ==11039== by 0x506C84C: headerPutString (headerutil.c:208) ==11039== by 0x4E3D065: genCpioListAndHeader (files.c:1111) ==11039== by 0x4E3F624: processBinaryFiles (files.c:1918) ==11039== by 0x4E3B600: buildSpec (build.c:254) ==11039== by 0x402B69: buildForTarget.constprop.1 (rpmbuild.c:457) ==11039== by 0x402E22: build.constprop.0 (rpmbuild.c:490) ==11039== by 0x401FC2: main (rpmbuild.c:625) ==11039== Address 0xfcb38c0 is 0 bytes inside a block of size 30 free'd ==11039== at 0x4C2B7E6: free (vg_replace_malloc.c:446) ==11039== by 0x54E6DE1: rpmExpand (macro.c:1579) ==11039== by 0x54EE387: rpmGetPath (rpmfileutil.c:527) ==11039== by 0x54EE418: rpmGenPath (rpmfileutil.c:467) ==11039== by 0x4E3DD3D: processBinaryFile.isra.7 (files.c:1615) ==11039== by 0x4E40447: processBinaryFiles (files.c:1896) ==11039== by 0x4E3B600: buildSpec (build.c:254) ==11039== by 0x402B69: buildForTarget.constprop.1 (rpmbuild.c:457) ==11039== by 0x402E22: build.constprop.0 (rpmbuild.c:490) ==11039== by 0x401FC2: main (rpmbuild.c:625) ==11039== ==11039== Invalid read of size 1 ==11039== at 0x4C2D1F4: strlen (mc_replace_strmem.c:404) ==11039== by 0x506CA98: dataLength (header.c:363) ==11039== by 0x506E992: headerPut (header.c:1461) ==11039== by 0x506C37D: headerPutType (headerutil.c:188) ==11039== by 0x506C84C: headerPutString (headerutil.c:208) ==11039== by 0x4E3D065: genCpioListAndHeader (files.c:1111) ==11039== by 0x4E3F624: processBinaryFiles (files.c:1918) ==11039== by 0x4E3B600: buildSpec (build.c:254) ==11039== by 0x402B69: buildForTarget.constprop.1 (rpmbuild.c:457) ==11039== by 0x402E22: build.constprop.0 (rpmbuild.c:490) ==11039== by 0x401FC2: main (rpmbuild.c:625) ==11039== Address 0xfcb38c1 is 1 bytes inside a block of size 30 free'd ==11039== at 0x4C2B7E6: free (vg_replace_malloc.c:446) ==11039== by 0x54E6DE1: rpmExpand (macro.c:1579) ==11039== by 0x54EE387: rpmGetPath (rpmfileutil.c:527) ==11039== by 0x54EE418: rpmGenPath (rpmfileutil.c:467) ==11039== by 0x4E3DD3D: processBinaryFile.isra.7 (files.c:1615) ==11039== by 0x4E40447: processBinaryFiles (files.c:1896) ==11039== by 0x4E3B600: buildSpec (build.c:254) ==11039== by 0x402B69: buildForTarget.constprop.1 (rpmbuild.c:457) ==11039== by 0x402E22: build.constprop.0 (rpmbuild.c:490) ==11039== by 0x401FC2: main (rpmbuild.c:625) ==11039== ==11039== Invalid read of size 1 ==11039== at 0x506C9D0: copyData (header.c:1368) ==11039== by 0x506E9D1: headerPut (header.c:1473) ==11039== by 0x506C37D: headerPutType (headerutil.c:188) ==11039== by 0x506C84C: headerPutString (headerutil.c:208) ==11039== by 0x4E3D065: genCpioListAndHeader (files.c:1111) ==11039== by 0x4E3F624: processBinaryFiles (files.c:1918) ==11039== by 0x4E3B600: buildSpec (build.c:254) ==11039== by 0x402B69: buildForTarget.constprop.1 (rpmbuild.c:457) ==11039== by 0x402E22: build.constprop.0 (rpmbuild.c:490) ==11039== by 0x401FC2: main (rpmbuild.c:625) ==11039== Address 0xfcb38c0 is 0 bytes inside a block of size 30 free'd ==11039== at 0x4C2B7E6: free (vg_replace_malloc.c:446) ==11039== by 0x54E6DE1: rpmExpand (macro.c:1579) ==11039== by 0x54EE387: rpmGetPath (rpmfileutil.c:527) ==11039== by 0x54EE418: rpmGenPath (rpmfileutil.c:467) ==11039== by 0x4E3DD3D: processBinaryFile.isra.7 (files.c:1615) ==11039== by 0x4E40447: processBinaryFiles (files.c:1896) ==11039== by 0x4E3B600: buildSpec (build.c:254) ==11039== by 0x402B69: buildForTarget.constprop.1 (rpmbuild.c:457) ==11039== by 0x402E22: build.constprop.0 (rpmbuild.c:490) ==11039== by 0x401FC2: main (rpmbuild.c:625) ==11039== ==11039== Invalid read of size 1 ==11039== at 0x506C9DD: copyData (header.c:1369) ==11039== by 0x506E9D1: headerPut (header.c:1473) ==11039== by 0x506C37D: headerPutType (headerutil.c:188) ==11039== by 0x506C84C: headerPutString (headerutil.c:208) ==11039== by 0x4E3D065: genCpioListAndHeader (files.c:1111) ==11039== by 0x4E3F624: processBinaryFiles (files.c:1918) ==11039== by 0x4E3B600: buildSpec (build.c:254) ==11039== by 0x402B69: buildForTarget.constprop.1 (rpmbuild.c:457) ==11039== by 0x402E22: build.constprop.0 (rpmbuild.c:490) ==11039== by 0x401FC2: main (rpmbuild.c:625) ==11039== Address 0xfcb38c0 is 0 bytes inside a block of size 30 free'd ==11039== at 0x4C2B7E6: free (vg_replace_malloc.c:446) ==11039== by 0x54E6DE1: rpmExpand (macro.c:1579) ==11039== by 0x54EE387: rpmGetPath (rpmfileutil.c:527) ==11039== by 0x54EE418: rpmGenPath (rpmfileutil.c:467) ==11039== by 0x4E3DD3D: processBinaryFile.isra.7 (files.c:1615) ==11039== by 0x4E40447: processBinaryFiles (files.c:1896) ==11039== by 0x4E3B600: buildSpec (build.c:254) ==11039== by 0x402B69: buildForTarget.constprop.1 (rpmbuild.c:457) ==11039== by 0x402E22: build.constprop.0 (rpmbuild.c:490) ==11039== by 0x401FC2: main (rpmbuild.c:625) ==11039== ==11039== Invalid free() / delete / delete[] / realloc() ==11039== at 0x4C2B7E6: free (vg_replace_malloc.c:446) ==11039== by 0x4E3C596: FileRecordsFree (files.c:1239) ==11039== by 0x4E3F657: processBinaryFiles (files.c:1249) ==11039== by 0x4E3B600: buildSpec (build.c:254) ==11039== by 0x402B69: buildForTarget.constprop.1 (rpmbuild.c:457) ==11039== by 0x402E22: build.constprop.0 (rpmbuild.c:490) ==11039== by 0x401FC2: main (rpmbuild.c:625) ==11039== Address 0xfcb38c0 is not stack'd, malloc'd or (recently) free'd ==11039== And from a core dump from a local mock build: #0 0x00007f992d6caa8d in malloc_consolidate () from /lib64/libc.so.6 #1 0x00007f992d6cb6c8 in _int_free () from /lib64/libc.so.6 #2 0x00007f993019e5a6 in FileRecordsFree (files=files@entry=0x7fff063ce908) at files.c:1241 #3 0x00007f99301a1658 in FileListFree (fl=0x7fff063ce8e0) at files.c:1249 #4 processPackageFiles (test=0, installSpecialDoc=4, pkg=<optimized out>, pkgFlags=0, spec=0x2094150) at files.c:1921 #5 processBinaryFiles (spec=spec@entry=0x2094150, pkgFlags=0, installSpecialDoc=installSpecialDoc@entry=4, test=test@entry=0) at files.c:2118 #6 0x00007f993019d601 in buildSpec (buildArgs=buildArgs@entry=0x605a00 <rpmBTArgs>, spec=spec@entry=0x2094150, what=159) at build.c:254 #7 0x00007f993019d7c1 in rpmSpecBuild (spec=spec@entry=0x2094150, buildArgs=buildArgs@entry=0x605a00 <rpmBTArgs>) at build.c:302 #8 0x0000000000402b6a in buildForTarget (ts=ts@entry=0x2094ba0, arg=arg@entry=0x7fff063cf953 "glibc.spec", ba=0x605a00 <rpmBTArgs>) at rpmbuild.c:457 #9 0x0000000000402e23 in build (ts=ts@entry=0x2094ba0, arg=0x7fff063cf953 "glibc.spec", rcfile=0x0, ba=0x605a00 <rpmBTArgs>) at rpmbuild.c:490 #10 0x0000000000401fc3 in main (argc=<optimized out>, argv=<optimized out>) at rpmbuild.c:625 (
Apologies for not seeing this earlier. In case of major failures like this, it's probably best to drop a note to fedora-devel so more people (including rel-eng) know about it. Thanks for reporting, I'll look into this ASAP (hopefully later today), but in the meanwhile I've untagged the new rpm from rawhide.
It turned out to be a silly refactoring mistake causing double-free on %caps, which explains why most packages were not affected. Fixed in rawhide now (rpm-4.10.90-0.git11989.2.fc19)
*** Bug 877568 has been marked as a duplicate of this bug. ***