segfault on creating metadata

[fedya]

Directory walk done - 16721 packages
Temporary output repo path: /share/platforms/cooker/repository/x86_64/main/release/.repodata/
Pool started (with 5 workers)
[New LWP 32734]

createrepo_c --no-database /share/platforms/cooker/repository/x86_64/main/release/

Program received signal SIGSEGV, Segmentation fault.
[Switching to LWP 32734]
0x00007ffff736cc87 in rpmswAdd () from /usr/lib64/librpmio-5.4.so
(gdb) bt
#0 0x00007ffff736cc87 in rpmswAdd () from /usr/lib64/librpmio-5.4.so
#1 0x00007ffff74f076f in rpmtsCleanDig () from /usr/lib64/librpmdb-5.4.so
#2 0x00007ffff74f4428 in rpmReadPackageFile () from /usr/lib64/librpmdb-5.4.so
rpm-software-management#3 0x00007ffff7fd45da in read_header (filename=, hdr=, err=) at /usr/src/debug/createrepo_c-0.10.0/src/parsepkg.c:127
rpm-software-management#4 cr_package_from_rpm_base (filename=0x9af9d0 "/share/platforms/cooker/repository/x86_64/main/release/GConf2-3.2.6-12-omv2015.0.x86_64.rpm", changelog_limit=10, flags=CR_HDRR_NONE, err=0x7ffff56ad518)
at /usr/src/debug/createrepo_c-0.10.0/src/parsepkg.c:164
rpm-software-management#5 0x00007ffff7fcc016 in cr_dumper_thread (data=, user_data=) at /usr/src/debug/createrepo_c-0.10.0/src/dumper_thread.c:242
rpm-software-management#6 0x00007ffff7f2a7fc in ?? () from /lib64/libglib-2.0.so.0
rpm-software-management#7 0x00007ffff7f2a296 in ?? () from /lib64/libglib-2.0.so.0
rpm-software-management#8 0x00007ffff6f4402d in start_thread () from /lib64/libpthread.so.0
rpm-software-management#9 0x00007ffff7b3f10f in clone () from /lib64/libc.so.6

[fedya]

==1848== Invalid free() / delete / delete[] / realloc()
==1848== at 0x4C24E31: free (vg_replace_malloc.c:530)
==1848== by 0x40856B7: ??? (in /lib64/libglib-2.0.so.0.5000.2)
==1848== by 0x4085A2F: ??? (in /lib64/libglib-2.0.so.0.5000.2)
==1848== by 0x4037B92: cr_package_from_header (parsehdr.c:540)
==1848== by 0x40386BF: cr_package_from_rpm_base (parsepkg.c:167)
==1848== by 0x4030015: load_rpm (dumper_thread.c:242)
==1848== by 0x4030015: cr_dumper_thread (dumper_thread.c:380)
==1848== by 0x40AC7FB: ??? (in /lib64/libglib-2.0.so.0.5000.2)
==1848== by 0x40AC295: ??? (in /lib64/libglib-2.0.so.0.5000.2)
==1848== by 0x5ABC02C: start_thread (in /lib64/libpthread-2.24.so)
==1848== by 0x4EE810E: clone (in /lib64/libc-2.24.so)
==1848== Address 0x78e0052 is 1,826 bytes inside a block of size 2,048 alloc'd
==1848== at 0x4C23EB4: malloc (vg_replace_malloc.c:299)
==1848== by 0x4095D9A: g_malloc (in /lib64/libglib-2.0.so.0.5000.2)
==1848== by 0x40A87BA: g_string_chunk_insert_len (in /lib64/libglib-2.0.so.0.5000.2)
==1848== by 0x40375E2: cr_safe_string_chunk_insert (misc.h:341)
==1848== by 0x40375E2: cr_package_from_header (parsehdr.c:301)
==1848== by 0x40386BF: cr_package_from_rpm_base (parsepkg.c:167)
==1848== by 0x4030015: load_rpm (dumper_thread.c:242)
==1848== by 0x4030015: cr_dumper_thread (dumper_thread.c:380)
==1848== by 0x40AC7FB: ??? (in /lib64/libglib-2.0.so.0.5000.2)
==1848== by 0x40AC295: ??? (in /lib64/libglib-2.0.so.0.5000.2)
==1848== by 0x5ABC02C: start_thread (in /lib64/libpthread-2.24.so)
==1848== by 0x4EE810E: clone (in /lib64/libc-2.24.so)

[fedya]

more logs

valgrind: m_mallocfree.c:303 (get_bszB_as_is): Assertion 'bszB_lo == bszB_hi' failed.
valgrind: Heap block lo/hi size mismatch: lo = 368, hi = 7292846455829574197.
This is probably caused by your program erroneously writing past the
end of a heap block and corrupting heap metadata. If you fix any
invalid writes reported by Memcheck, this assertion failure will
probably go away. Please try that before reporting this as a bug.

host stacktrace:
==1848== at 0x38074157: show_sched_status_wrk (m_libcassert.c:343)
==1848== by 0x380743F2: report_and_quit (m_libcassert.c:415)
==1848== by 0x380745C1: vgPlain_assert_fail (m_libcassert.c:481)
==1848== by 0x3807E834: get_bszB_as_is (m_mallocfree.c:301)
==1848== by 0x3807E83C: get_bszB (m_mallocfree.c:311)
==1848== by 0x3807F717: mergeWithFreeNeighbours (m_mallocfree.c:1969)
==1848== by 0x3804AADD: release_oldest_block (mc_malloc_wrappers.c:165)
==1848== by 0x3804AADD: create_MC_Chunk (mc_malloc_wrappers.c:208)
==1848== by 0x3804AC0B: vgMemCheck_new_block (mc_malloc_wrappers.c:366)
==1848== by 0x3804ACC7: vgMemCheck_malloc (mc_malloc_wrappers.c:385)
==1848== by 0x380B34C4: do_client_request (scheduler.c:1866)
==1848== by 0x380B34C4: vgPlain_scheduler (scheduler.c:1425)
==1848== by 0x380BFCE7: thread_wrapper (syswrap-linux.c:103)
==1848== by 0x380BFCE7: run_a_thread_NORETURN (syswrap-linux.c:156)
==1848== by 0x380C009D: vgModuleLocal_start_thread_NORETURN (syswrap-linux.c:325)
==1848== by 0x380E3F03: ??? (in /usr/lib64/valgrind/memcheck-amd64-linux)
==1848== by 0xDEADBEEFDEADBEEE: ???
==1848== by 0xDEADBEEFDEADBEEE: ???
==1848== by 0xDEADBEEFDEADBEEE: ???

sched status:
running_tid=3

Thread 1: status = VgTs_WaitSys (lwpid 1848)
==1848== at 0x4EE4599: syscall (in /lib64/libc-2.24.so)
==1848== by 0x40C1A4D: g_cond_wait (in /lib64/libglib-2.0.so.0.5000.2)
==1848== by 0x40ACEB2: g_thread_pool_free (in /lib64/libglib-2.0.so.0.5000.2)
==1848== by 0x404944: main (createrepo_c.c:845)

Thread 2: status = VgTs_WaitSys (lwpid 1849)
==1848== at 0x4EDDD6D: ??? (in /lib64/libc-2.24.so)
==1848== by 0x4E8C4C5: _IO_file_underflow@@GLIBC_2.2.5 (in /lib64/libc-2.24.so)
==1848== by 0x4E8B97E: _IO_file_xsgetn (in /lib64/libc-2.24.so)
==1848== by 0x4E82B3F: fread (in /lib64/libc-2.24.so)
==1848== by 0x402D07D: cr_checksum_file (checksum.c:157)
==1848== by 0x4030502: get_checksum (dumper_thread.c:196)
==1848== by 0x4030502: load_rpm (dumper_thread.c:271)
==1848== by 0x4030502: cr_dumper_thread (dumper_thread.c:380)
==1848== by 0x40AC7FB: ??? (in /lib64/libglib-2.0.so.0.5000.2)
==1848== by 0x40AC295: ??? (in /lib64/libglib-2.0.so.0.5000.2)
==1848== by 0x5ABC02C: start_thread (in /lib64/libpthread-2.24.so)
==1848== by 0x4EE810E: clone (in /lib64/libc-2.24.so)

Thread 3: status = VgTs_Runnable (lwpid 1850)
==1848== at 0x4C23EB4: malloc (vg_replace_malloc.c:299)
==1848== by 0x56DBBF8: ??? (in /usr/lib64/librpmdb-5.4.so)
==1848== by 0x56F475B: ??? (in /usr/lib64/librpmdb-5.4.so)
==1848== by 0x56E09AA: headerGet (in /usr/lib64/librpmdb-5.4.so)
==1848== by 0x56F5AD5: ??? (in /usr/lib64/librpmdb-5.4.so)
==1848== by 0x56E0D49: headerGet (in /usr/lib64/librpmdb-5.4.so)
==1848== by 0x4038407: headerGetString (parsehdr.c:87)
==1848== by 0x403731F: cr_package_from_header (parsehdr.c:233)
==1848== by 0x40386BF: cr_package_from_rpm_base (parsepkg.c:167)
==1848== by 0x4030015: load_rpm (dumper_thread.c:242)
==1848== by 0x4030015: cr_dumper_thread (dumper_thread.c:380)
==1848== by 0x40AC7FB: ??? (in /lib64/libglib-2.0.so.0.5000.2)
==1848== by 0x40AC295: ??? (in /lib64/libglib-2.0.so.0.5000.2)
==1848== by 0x5ABC02C: start_thread (in /lib64/libpthread-2.24.so)
==1848== by 0x4EE810E: clone (in /lib64/libc-2.24.so)

Thread 4: status = VgTs_WaitSys (lwpid 1851)
==1848== at 0x4EDDD6D: ??? (in /lib64/libc-2.24.so)
==1848== by 0x5789051: ??? (in /usr/lib64/librpmio-5.4.so)
==1848== by 0x57E1C78: ??? (in /usr/lib64/librpmio-5.4.so)
==1848== by 0x56E80A5: ??? (in /usr/lib64/librpmdb-5.4.so)
==1848== by 0x56F0ACE: rpmReadPackageFile (in /usr/lib64/librpmdb-5.4.so)
==1848== by 0x40385D9: read_header (parsepkg.c:127)
==1848== by 0x40385D9: cr_package_from_rpm_base (parsepkg.c:164)
==1848== by 0x4030015: load_rpm (dumper_thread.c:242)
==1848== by 0x4030015: cr_dumper_thread (dumper_thread.c:380)
==1848== by 0x40AC7FB: ??? (in /lib64/libglib-2.0.so.0.5000.2)
==1848== by 0x40AC295: ??? (in /lib64/libglib-2.0.so.0.5000.2)
==1848== by 0x5ABC02C: start_thread (in /lib64/libpthread-2.24.so)
==1848== by 0x4EE810E: clone (in /lib64/libc-2.24.so)

Thread 5: status = VgTs_WaitSys (lwpid 1852)
==1848== at 0x4EDDDCD: ??? (in /lib64/libc-2.24.so)
==1848== by 0x4E8B7E5: _IO_file_write@@GLIBC_2.2.5 (in /lib64/libc-2.24.so)
==1848== by 0x4E8AF9A: new_do_write (in /lib64/libc-2.24.so)
==1848== by 0x4E8BC57: _IO_file_xsputn@@GLIBC_2.2.5 (in /lib64/libc-2.24.so)
==1848== by 0x4E829E8: fputs (in /lib64/libc-2.24.so)
==1848== by 0x40985FB: g_printerr (in /lib64/libglib-2.0.so.0.5000.2)
==1848== by 0x4034C78: cr_log_fn (misc.c:929)
==1848== by 0x409700C: g_logv (in /lib64/libglib-2.0.so.0.5000.2)
==1848== by 0x40971A0: g_log (in /lib64/libglib-2.0.so.0.5000.2)
==1848== by 0x4037BE0: cr_package_from_header (parsehdr.c:522)
==1848== by 0x40386BF: cr_package_from_rpm_base (parsepkg.c:167)
==1848== by 0x4030015: load_rpm (dumper_thread.c:242)
==1848== by 0x4030015: cr_dumper_thread (dumper_thread.c:380)
==1848== by 0x40AC7FB: ??? (in /lib64/libglib-2.0.so.0.5000.2)
==1848== by 0x40AC295: ??? (in /lib64/libglib-2.0.so.0.5000.2)
==1848== by 0x5ABC02C: start_thread (in /lib64/libpthread-2.24.so)
==1848== by 0x4EE810E: clone (in /lib64/libc-2.24.so)

Thread 6: status = VgTs_WaitSys (lwpid 1853)
==1848== at 0x4EDDD6D: ??? (in /lib64/libc-2.24.so)
==1848== by 0x5789051: ??? (in /usr/lib64/librpmio-5.4.so)
==1848== by 0x57E1C78: ??? (in /usr/lib64/librpmio-5.4.so)
==1848== by 0x56F877D: ??? (in /usr/lib64/librpmdb-5.4.so)
==1848== by 0x56F0D2D: rpmReadPackageFile (in /usr/lib64/librpmdb-5.4.so)
==1848== by 0x40385D9: read_header (parsepkg.c:127)
==1848== by 0x40385D9: cr_package_from_rpm_base (parsepkg.c:164)
==1848== by 0x4030015: load_rpm (dumper_thread.c:242)
==1848== by 0x4030015: cr_dumper_thread (dumper_thread.c:380)
==1848== by 0x40AC7FB: ??? (in /lib64/libglib-2.0.so.0.5000.2)
==1848== by 0x40AC295: ??? (in /lib64/libglib-2.0.so.0.5000.2)
==1848== by 0x5ABC02C: start_thread (in /lib64/libpthread-2.24.so)
==1848== by 0x4EE810E: clone (in /lib64/libc-2.24.so)