strange pkg sig 11 issue

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: mike tancsa <mike_at_sentex.net>
Date: Mon, 21 Jul 2025 23:14:38 UTC
Well, maybe not strange.  But anyway,

On a vm I was debugging some messy x509 chains and I eventually figured 
out the x509 issue, but then noticed pkg was sig11'ing  on pkg update.

doing some debugging eventually let me to running it through gdb

  gdb --args /usr/local/sbin/pkg update
Reading symbols from /usr/local/sbin/pkg...
(gdb)  set follow-fork-mode child
(gdb) run update
Starting program: /usr/local/sbin/pkg update
[Attaching after LWP 100602 of process 20698 fork to child LWP 100603 of 
process 20702]
[New inferior 2 (process 20702)]
[Detaching after fork from parent process 20698]
[Inferior 1 (process 20698) detached]
Updating FreeBSD repository catalogue...
[New LWP 100682 of process 20702]
[LWP 100682 of process 20702 exited]
FreeBSD repository is up to date.
Updating FreeBSD-kmods repository catalogue...
[New LWP 100683 of process 20702]
[LWP 100683 of process 20702 exited]
FreeBSD-kmods repository is up to date.
All repositories are up to date.

Thread 2.1 received signal SIGSEGV, Segmentation fault.
Address not mapped to object.
[Switching to LWP 100603 of process 20702]
rwlock_rdlock_common (rwlock=0x0, abstime=0x0) at 
/usr/src/lib/libthr/thread/thr_rwlock.c:176
warning: 176    /usr/src/lib/libthr/thread/thr_rwlock.c: No such file or 
directory
(gdb) bt full
#0  rwlock_rdlock_common (rwlock=0x0, abstime=0x0) at 
/usr/src/lib/libthr/thread/thr_rwlock.c:176
         prwlock = 0x8014103e0
         curthread = 0x80111d008
         ret = <optimized out>
         flags = <optimized out>
#1  0x000000080099cb69 in CRYPTO_THREAD_read_lock (lock=0x0) at 
/usr/src/crypto/openssl/crypto/threads_pthread.c:95
No locals.
#2  0x000000080098b2bf in ossl_lib_ctx_get_data (ctx=0x800c5f3d0, 
index=index@entry=1, meth=0x800c03000) at 
/usr/src/crypto/openssl/crypto/context.c:377
         data = 0x0
         dynidx = <optimized out>
         end = <optimized out>
#3  0x000000080099b773 in get_provider_store (libctx=0x0) at 
/usr/src/crypto/openssl/crypto/provider_core.c:339
         store = 0x0
#4  ossl_provider_deregister_child_cb (handle=0x801447c40) at 
/usr/src/crypto/openssl/crypto/provider_core.c:1815
         thisprov = 0x801447c40
         libctx = 0x0
         store = 0x0
         max = <optimized out>
         i = <optimized out>
         child_cb = <optimized out>
#5  0x000000080098af52 in OSSL_LIB_CTX_free (ctx=0x801426600) at 
/usr/src/crypto/openssl/crypto/context.c:248
No locals.
#6  0x000000080114e2c6 in legacy_teardown (provctx=0x8014cd520) at 
/usr/src/crypto/openssl/providers/legacyprov.c:168
No locals.
#7  0x000000080099935d in ossl_provider_teardown (prov=0x801447c40) at 
/usr/src/crypto/openssl/crypto/provider_core.c:1567
No locals.
#8  ossl_provider_free (prov=0x801447c40) at 
/usr/src/crypto/openssl/crypto/provider_core.c:703
         ref = <optimized out>
#9  0x0000000800adf420 in evp_cipher_free_int (cipher=0x8014e2700) at 
/usr/src/crypto/openssl/crypto/evp/evp_enc.c:1692
No locals.
#10 EVP_CIPHER_free (cipher=0x8014e2700) at 
/usr/src/crypto/openssl/crypto/evp/evp_enc.c:1707
         i = <optimized out>
#11 0x0000000800798b2a in ssl_evp_cipher_free (cipher=0x8014e2700) at 
/usr/src/crypto/openssl/ssl/ssl_lib.c:6008
No locals.
#12 SSL_CTX_free (a=0x8014ac700) at 
/usr/src/crypto/openssl/ssl/ssl_lib.c:3528
         i = <optimized out>
         j = 11
#13 0x0000000000584681 in ossl_close ()
No symbol table info available.
#14 0x000000000057ab03 in ssl_cf_close ()
No symbol table info available.
#15 0x00000000005476c7 in cf_setup_close ()
No symbol table info available.
#16 0x000000000053dead in cf_hc_close ()
No symbol table info available.
#17 0x000000000054211a in Curl_conn_close ()
No symbol table info available.
#18 0x0000000000590ad7 in Curl_cshutdn_terminate ()
No symbol table info available.
#19 0x0000000000591020 in Curl_cshutdn_destroy ()
No symbol table info available.
#20 0x000000000055ef18 in curl_multi_cleanup ()
No symbol table info available.
#21 0x00000000005394ab in curl_cleanup ()
No symbol table info available.
#22 0x0000000000503ce4 in pkg_repo_free ()
No symbol table info available.
#23 0x0000000000503c2d in pkg_shutdown ()
No symbol table info available.
#24 0x0000000800df5ec4 in __cxa_finalize (dso=dso@entry=0x0) at 
/usr/src/lib/libc/stdlib/atexit.c:246
         phdr_info = {dlpi_addr = 140737488349488, dlpi_name = 
0x80059df7d <_rtld_bind_start+45> 
"H\211D$`A[AZAYAX_^YZX\235H\215d$\020\303f\220H\215\005\351w\001", 
dlpi_phdr = 0x246, dlpi_phnum = 0, dlpi_adds = 0, dlpi_subs = 34377683392,
           dlpi_tls_modid = 0, dlpi_tls_data = 0x80111d1b0}
         has_phdr = -1
         p = <optimized out>
         n = <optimized out>
         fn = {fn_type = 1, fn_ptr = {std_func = 0x503b80 
<pkg_shutdown>, cxa_func = 0x503b80 <pkg_shutdown>}, fn_arg = 0x0, 
fn_dso = <optimized out>}
#25 0x0000000800df646c in exit (status=0) at 
/usr/src/lib/libc/stdlib/exit.c:92
No locals.
#26 0x0000000800d15e3b in __libc_start1 (argc=2, argv=0x7fffffffe9b8, 
env=0x7fffffffe9d0, cleanup=<optimized out>, mainX=0x30b400 <main>) at 
/usr/src/lib/libc/csu/libc_start1.c:157
No locals.
#27 0x00000000003014e0 in _start () at /usr/src/lib/csu/amd64/crt1_s.S:83

No locals.


it seemed to be caused by this in /etc/ssl/openssl.cnf

  diff openssl.cnf openssl.cnf.off
59a60
 > legacy = legacy_sect
73c74,79
< # activate = 1
---
 > activate = 1
 > security_level = 1
 >
 > [legacy_sect]
 > activate = 1
 >


restoring the default openssl.cnf file allows pkg update to work as 
expected.  Note, pkg-static always works, so I am guessing some dynamic 
linking issue of one of the libs ? I am happy its fixed and not 
something really bad about the VM, but still am curious as to how this 
was happening.
ChatGPT said something that seems plausible

When the legacy OpenSSL provider is activated via openssl.cnf, it adds 
cipher and digest algorithms that are not available in the default 
provider — but some applications (like pkg, via libcurl + OpenSSL) 
aren't fully ready to handle their teardown properly.

The crash you observed:

CRYPTO_THREAD_read_lock(lock=0x0)
…occurs during the cleanup phase of OpenSSL’s legacy provider, when it 
attempts to use a threading lock that was never initialized (or already 
freed). This is a known issue when:

Applications don’t register their own thread callbacks correctly

OpenSSL 3’s teardown code runs in the wrong order

The legacy provider uses resources not present in the default context

When you remove or comment out:

[legacy_sect]
activate = 1
…the legacy provider isn't loaded, and OpenSSL doesn’t register or tear 
down the legacy cipher context — so the invalid read lock in 
EVP_CIPHER_free() never happens.

I dont get why pkg-static  would work.

Posting this more out of curiosity than anything


     ---Mike