Comment # 8 on bug 1045340 from Vlastimil Babka

(In reply to Andreas Stieger from comment #7)
> (In reply to Vlastimil Babka from comment #6)
> > How exactly can I get the rpm?
> 
> I am using:
> 
> https://gwclient.innerweb.novell.com/
> https://gwclient.innerweb.novell.com/client/gw802linuxclient.tar.gz

Thanks. I've run it under gdb and when it segfaulted, checked the
/proc/pid/smaps:

ffedd000-fffae000 rwxp 00000000 00:00 0    (this is without the gap)
Size:               1860 kB                (the size however includes gap)
...
VmFlags: rd wr ex mr mw me gd ac           (gd == grows down - a stack)
fffae000-fffb1000 ---p 00000000 00:00 0    (not r/w/x)
Size:                 12 kB
...
VmFlags: mr mw me ac sd                    (doesn't have gd)
1000b1000-ffffe000 rwxp 00000000 00:00 0   (invalid reported start addr as it
adds the full gap size to real vma start)         [stack]
Size:                308 kB                (real size without gap:
fffb1000-ffffe000)
Rss:                  24 kB                (we have used only this much stack
yet)
Pss:                  24 kB
Shared_Clean:          0 kB
Shared_Dirty:          0 kB
Private_Clean:         0 kB
Private_Dirty:        24 kB
Referenced:           24 kB
Anonymous:            24 kB
AnonHugePages:         0 kB
Shared_Hugetlb:        0 kB
Private_Hugetlb:       0 kB
Swap:                  0 kB
SwapPss:               0 kB
KernelPageSize:        4 kB
MMUPageSize:           4 kB
Locked:                0 kB
VmFlags: rd wr ex mr mw me gd ac           (again grows down)

Looks like the same issue as I've seen with jsvc reproducer from debian
bugzilla, that we discussed via mail. The original stack ffedd000-ffffe000 was
split by mprotecting the area 
ffedd000-fffae000 inside the stack. The remaining "upper part"
fffb1000-ffffe000 is now smaller than stack gap, and preceding vma is not a
stack, so faulting a new page in the upper part (where we only have faulted in
24 kB so far) will find this out and fail to enlarge the gap, thus segfault.