Vladimir, stracing reveals that si_code is set to BUS_ADRALN so there is a problem with address alignment.
strace curl https://example.com --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRALN, si_addr=0x3efd151115865b} --- +++ killed by SIGBUS (core dumped) +++ Bus error (core dumped) The fault is raised by the CPU in response to a misaligned address and the respective handler in the kernel is being invoked to assert a signal to the process: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=52d7523d84d534c241ebac5ac89f5c0a6cb51e41 https://paste.ubuntu.com/p/yHJrJW2gSF/ (package & distro details) ---- By the looks of it the alignment fault is caused by just trying to call the public key method init function in the PKA engine. Below we have: 1) pmeth->init is at 0xc82028bf65604647 When it is attempted to be called, si_addr has the same value: 2) _sigfault = {si_addr = 0x2028bf65604647} (gdb) r The program being debugged has been started already. Start it from the beginning? (y or n) y Starting program: /usr/bin/curl https://example.com [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/aarch64-linux-gnu/libthread_db.so.1". [New Thread 0xfffff6372f90 (LWP 2486506)] [Thread 0xfffff6372f90 (LWP 2486506) exited] Thread 1 "curl" hit Breakpoint 1, int_ctx_new (pkey=pkey@entry=0x0, e=e@entry=0x0, id=1034) at ../crypto/evp/pmeth_lib.c:113 113 if (id == -1) { (gdb) n 119 if (e == NULL && pkey != NULL) (gdb) 122 if (e) { (gdb) 128 e = ENGINE_get_pkey_meth_engine(id); (gdb) 135 if (e) (gdb) 136 pmeth = ENGINE_get_pkey_meth(e, id); (gdb) 141 if (pmeth == NULL) { (gdb) 149 ret = OPENSSL_zalloc(sizeof(*ret)); (gdb) 150 if (ret == NULL) { (gdb) 157 ret->engine = e; (gdb) 159 ret->operation = EVP_PKEY_OP_UNDEFINED; (gdb) 161 if (pkey != NULL) (gdb) 164 if (pmeth->init) { (gdb) 165 if (pmeth->init(ret) <= 0) { (gdb) print *pmeth $10 = {pkey_id = -1784943492, flags = -364887078, init = 0xc82028bf65604647, copy = 0x9c17b192eb068c0b, cleanup = 0xedbe7dcdf413f1c0, paramgen_init = 0xc28e015828ce4282, paramgen = 0x6fce6fa0a7ee471f, keygen_init = 0xdf9a9579438d24eb, keygen = 0xc63719742b8964b9, sign_init = 0x78f4d90cba7ad854, sign = 0xb0d4f1b3df1a9e13, verify_init = 0x7b5f10ffa4c58586, verify = 0x96e16d3250d67446, verify_recover_init = 0xe11ef96099ea206c, verify_recover = 0x8ed096c03e046773, signctx_init = 0xc6ea05c3bdb5153c, signctx = 0xdd1cb7963c7185, verifyctx_init = 0xd19718983089e1f8, verifyctx = 0x6143e92bef937feb, encrypt_init = 0x94450e0e52af0bcd, encrypt = 0x2a4633c02797f8b, decrypt_init = 0xa69b08bdbfea813, decrypt = 0x84b9264be5facf60, derive_init = 0x99bcf2700df9fc7e, derive = 0x9961eec79bc58dfb, ctrl = 0x1779f7901d10471b, ctrl_str = 0x763a1ebbf28338f0, digestsign = 0xacc57ce435798e94, digestverify = 0xae611fd83700f11f, check = 0x6b8d5f0b7cf4a89b, public_check = 0xef347940990e67fb, param_check = 0xe, digest_custom = 0xfffff797ec60 <aes_v8_encrypt>} (gdb) print pmeth->init $11 = (int (*)(EVP_PKEY_CTX *)) 0xc82028bf65604647 (gdb) n Thread 1 "curl" received signal SIGBUS, Bus error. 0x002028bf65604647 in ?? () (gdb) p $_siginfo $12 = {si_signo = 7, si_errno = 0, si_code = 1, _sifields = {_pad = {1700808263, 2107583, 0 <repeats 26 times>}, _kill = {si_pid = 1700808263, si_uid = 2107583}, _timer = {si_tid = 1700808263, si_overrun = 2107583, si_sigval = {sival_int = 0, sival_ptr = 0x0}}, _rt = {si_pid = 1700808263, si_uid = 2107583, si_sigval = {sival_int = 0, sival_ptr = 0x0}}, _sigchld = {si_pid = 1700808263, si_uid = 2107583, si_status = 0, si_utime = 0, si_stime = 0}, _sigfault = {si_addr = 0x2028bf65604647}, _sigpoll = {si_band = 9052001759413831, si_fd = 0}}} -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1921518 Title: OpenSSL "double free" error Status in openssl package in Ubuntu: Incomplete Status in openssl source package in Focal: Incomplete Bug description: "double free" error is seen when using curl utility. Error is from libcrypto.so which is part of the OpenSSL package. This happens only when OpenSSL is configured to use a dynamic engine. OpenSSL version is 1.1.1f The issue is not encountered if http://www.openssl.org/source/openssl-1.1.1f.tar.gz is used instead. OpenSSL can be configured to use a dynamic engine by editing the default openssl config file which is located at '/etc/ssl/openssl.cnf' on Ubuntu systems. On Bluefield systems, config diff to enable PKA dynamic engine, is as below: +openssl_conf = conf_section + # Extra OBJECT IDENTIFIER info: #oid_file = $ENV::HOME/.oid oid_section = new_oids +[ conf_section ] +engines = engine_section + +[ engine_section ] +bf = bf_section + +[ bf_section ] +engine_id=pka +dynamic_path=/usr/lib/aarch64-linux-gnu/engines-1.1/pka.so +init=0 + engine_id above refers to dynamic engine name/identifier. dynamic_path points to the .so file for the dynamic engine. # curl -O https://tpo.pe/pathogen.vim double free or corruption (out) Aborted (core dumped) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1921518/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
