[Bug 257981] Segmentation fault on pkg install

From: <bugzilla-noreply_at_freebsd.org>
Date: Sat, 21 Aug 2021 10:41:41 +0000
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=257981

            Bug ID: 257981
           Summary: Segmentation fault on pkg install
           Product: Base System
           Version: CURRENT
          Hardware: arm64
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: arm
          Assignee: freebsd-arm_at_FreeBSD.org
          Reporter: dan.kotowski_at_a9development.com

For about a week or so I've been experiencing regular segfaults when using
poudriere:

```
=======================<phase: pkg-depends    >============================
===>   dialog4ports-0.1.6 depends on file: /usr/local/sbin/pkg - not found
===>   Installing existing package /packages/All/pkg-1.17.1.pkg
[14arm64-usrports-job-02] Installing pkg-1.17.1...
[14arm64-usrports-job-02] Extracting pkg-1.17.1: .........Child process
pid=27588 terminated abnormally: Segmentation fault
*** Error code 139

Stop.
make: stopped in /usr/ports/ports-mgmt/dialog4ports
=>> Cleaning up wrkdir
===>  Cleaning for dialog4ports-0.1.6
build of ports-mgmt/dialog4ports | dialog4ports-0.1.6 ended at Mon Aug 16
10:14:11 UTC 2021
build time: 00:00:04
!!! build failure encountered !!!
```

Diving into the jail I can reproduce by hand as well:

```
root_at_14arm64-usrports:/tmp # /tmp/usr/local/sbin/pkg-static -d install pkg
DBG(1)[17023]> pkg initialized
Updating local repository catalogue...
DBG(1)[17023]> PkgRepo: verifying update for local
DBG(1)[17023]> PkgRepo: need forced update of local
DBG(1)[17023]> Pkgrepo, begin update of '/var/db/pkg/repo-local.sqlite'
DBG(1)[17023]> Request to fetch file:///packages/meta.conf
DBG(1)[17023]> Fetch: fetcher chosen: file
[14arm64-usrports] Fetching meta.conf: 100%    163 B   0.2kB/s    00:01
DBG(1)[17023]> Request to fetch file:///packages/packagesite.pkg
DBG(1)[17023]> Fetch: fetcher chosen: file
[14arm64-usrports] Fetching packagesite.pkg: 100%    1 KiB   1.1kB/s    00:01
DBG(1)[17023]> PkgRepo: extracting packagesite.yaml of repo local
DBG(1)[17326]> PkgRepo: extracting signature of repo in a sandbox
Sandboxed process pid=17326 terminated abnormally by signal: 11
pkg-static: Repo extraction failed
Unable to update repository local
Error updating repositories!
```

Notice that it terminated abnomrally while extracting the signature. Then the
stack trace:

```
[New LWP 100493]
Core was generated by `pkg-static add /tmp//pkg.pkg.buINJX'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x0000000000000000 in ?? ()
(gdb) bt
#0  0x0000000000000000 in ?? ()
#1  0x00000000006007cc in SHA256_Pad (ctx=0x40cb6928) at
/usr/src/sys/crypto/sha2/sha256c.c:257
#2  _libmd_SHA256_Final (digest=0x40cb68e8 '\245' <repeats 64 times>,
"g\346\tj\205\256g\273r\363n<:\365O\245\177R\016Q\214h\005\233\253ك\037\031\315\340[\200",
ctx=0x40cb6928) at /usr/src/sys/crypto/sha2/sha256c.c:328
#3  0x00000000005f3584 in lzma_sha256_finish (check=0x40cb6928,
check_at_entry=0x40cb68e8) at /usr/src/contrib/xz/src/liblzma/check/check.h:167
#4  0x00000000005f309c in lzma_index_hash_decode (index_hash=0x40cb68c0,
    in=in_at_entry=0x40d2d58d
"(z/\376?\232f8\374\334\061V?\374f0_at_m\n\214\346E卆YE\327\343~4e\232\376-Z\377\a+k\003ļN0\035\022\006\253C\257
L\352`<_\377`ʚ~\362\a\236\273&\021\221\357\306\313=\202\271c\027\066D\217\004\066\377\a\305h\271\260\376\"=\215\252n\023\235\f\022\004L\201\352L\374\237\"z\327\320\037\322\325\325\322\350qa\b\327\017SjY\034j~\351\372]dI$\354\347\237Sz\224\376\355\204W\022\027\365\064\207\241\311\353\302&\276zY\001\311F\352\222>x9\206{?)\246\312\024\202)\036#\227\310{\337\\\002\232\201\354$(\242\261ã\276\b\374:\376\032&\351",
<incomplete sequence \356>, in_pos=in_pos_at_entry=0xffffffff5150,
in_size=<optimized out>, in_size_at_entry=12435) at
/usr/src/contrib/xz/src/liblzma/common/index_hash.c:295
#5  0x00000000005f2010 in stream_decode (coder_ptr=0x40d0d200, allocator=0x0,
    in=0x40d2d58d
"(z/\376?\232f8\374\334\061V?\374f0_at_m\n\214\346E卆YE\327\343~4e\232\376-Z\377\a+k\003ļN0\035\022\006\253C\257
L\352`<_\377`ʚ~\362\a\236\273&\021\221\357\306\313=\202\271c\027\066D\217\004\066\377\a\305h\271\260\376\"=\215\252n\023\235\f\022\004L\201\352L\374\237\"z\327\320\037\322\325\325\322\350qa\b\327\017SjY\034j~\351\372]dI$\354\347\237Sz\224\376\355\204W\022\027\365\064\207\241\311\353\302&\276zY\001\311F\352\222>x9\206{?)\246\312\024\202)\036#\227\310{\337\\\002\232\201\354$(\242\261ã\276\b\374:\376\032&\351",
<incomplete sequence \356>, in_pos=0xffffffff5150, in_size=12435,
out=0x40d398c0 "rotect", out_pos=0xffffffff5148, out_size=65536,
action=LZMA_RUN) at /usr/src/contrib/xz/src/liblzma/common/stream_decoder.c:282
#6  0x00000000005edaa4 in lzma_code (strm=<optimized out>,
strm_at_entry=0x40cdc5c0, action=<optimized out>) at
/usr/src/contrib/xz/src/liblzma/common/common.c:287
#7  0x00000000005a45fc in xz_filter_read (self=0x40cdc500, p=0x40cdc590) at
/usr/src/contrib/libarchive/libarchive/archive_read_support_filter_xz.c:692
#8  0x0000000000595184 in __archive_read_filter_ahead (filter=0x40cdc500,
min=1, avail=0xffffffff5280) at
/usr/src/contrib/libarchive/libarchive/archive_read.c:1385
#9  0x00000000005a5c10 in archive_read_format_tar_read_data (a=0x40c7c800,
buff=0xffffffff52e0, size=0xffffffff52d8, offset=0xffffffff52d0) at
/usr/src/contrib/libarchive/libarchive/archive_read_support_format_tar.c:623
#10 0x000000000059660c in archive_read_data_into_fd (a=0x40c7c800, fd=10) at
/usr/src/contrib/libarchive/libarchive/archive_read_data_into_fd.c:101
#11 0x000000000051b23c in create_regfile ()
#12 0x000000000051bd60 in do_extract_regfile ()
#13 0x0000000000519780 in pkg_add_common ()
#14 0x000000000039e6f0 in exec_add ()
#15 0x00000000003a7dcc in main ()
```

My best guess is that this was introduced somehow by one of
69d8dc20be6ca10cf87c98223121c4121aff42cc or
c81ea895b563c4d1e39468a8525284b7474fe850, but I can't say for sure just yet.

Hardware: SolidRun HoneyComb LX2 Workstation, based on NXP Layerscape LX2160A
16-core Arm Cortex A72

OS Version: CURRENT at 9781c28c6d63

-- 
You are receiving this mail because:
You are the assignee for the bug.
Received on Sat Aug 21 2021 - 10:41:41 UTC

Original text of this message