Snap-exec segfaults on CentOS 7, 2.57.6-1.el7

_az · December 10, 2022, 9:21pm

We’ve seen reports that our users on CentOS 7 are unable to install the certbot snap after upgrading snapd.

It appears to be encountering a segfault when running the configure hook.

Digging in to this, it appears that running snap-exec (unconfined) is enough to trigger the segfault:

[root@armor-client ~]# /usr/libexec/snapd/snap-exec
fatal error: unexpected signal during runtime execution
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x0]

runtime stack:
runtime.throw({0x7257cd, 0x0})
		/usr/lib/golang/src/runtime/panic.go:1198 +0x71 fp=0x7ffc1b3b41d0 sp=0x7ffc1b3b41a0 pc=0x435291
runtime.sigpanic()
		/usr/lib/golang/src/runtime/signal_unix.go:719 +0x396 fp=0x7ffc1b3b4220 sp=0x7ffc1b3b41d0 pc=0x44aa16

goroutine 1 [syscall, locked to thread]:
runtime.cgocall(0x5e9a70, 0xc0000ab6c0)
		/usr/lib/golang/src/runtime/cgocall.go:156 +0x5c fp=0xc0000ab698 sp=0xc0000ab660 pc=0x40551c
crypto/internal/boring._Cfunc__goboringcrypto_DLOPEN_OPENSSL()
		_cgo_gotypes.go:603 +0x49 fp=0xc0000ab6c0 sp=0xc0000ab698 pc=0x5366c9
crypto/internal/boring.init.0()
		/usr/lib/golang/src/crypto/internal/boring/boring.go:46 +0x45 fp=0xc0000ab6f8 sp=0xc0000ab6c0 pc=0x537445
runtime.doInit(0xad84a0)
		/usr/lib/golang/src/runtime/proc.go:6498 +0x123 fp=0xc0000ab830 sp=0xc0000ab6f8 pc=0x4449a3
runtime.doInit(0xad61a0)
		/usr/lib/golang/src/runtime/proc.go:6475 +0x71 fp=0xc0000ab968 sp=0xc0000ab830 pc=0x4448f1
runtime.doInit(0xad9280)
		/usr/lib/golang/src/runtime/proc.go:6475 +0x71 fp=0xc0000abaa0 sp=0xc0000ab968 pc=0x4448f1
runtime.doInit(0xad8260)
		/usr/lib/golang/src/runtime/proc.go:6475 +0x71 fp=0xc0000abbd8 sp=0xc0000abaa0 pc=0x4448f1
runtime.doInit(0xad9bc0)
		/usr/lib/golang/src/runtime/proc.go:6475 +0x71 fp=0xc0000abd10 sp=0xc0000abbd8 pc=0x4448f1
runtime.doInit(0xad7220)
		/usr/lib/golang/src/runtime/proc.go:6475 +0x71 fp=0xc0000abe48 sp=0xc0000abd10 pc=0x4448f1
runtime.doInit(0xad7fe0)
		/usr/lib/golang/src/runtime/proc.go:6475 +0x71 fp=0xc0000abf80 sp=0xc0000abe48 pc=0x4448f1
runtime.main()
		/usr/lib/golang/src/runtime/proc.go:238 +0x1e6 fp=0xc0000abfe0 sp=0xc0000abf80 pc=0x437926
runtime.goexit()
		/usr/lib/golang/src/runtime/asm_amd64.s:1581 +0x1 fp=0xc0000abfe8 sp=0xc0000abfe0 pc=0x464361

goroutine 2 [force gc (idle)]:
runtime.gopark(0x0, 0x0, 0x0, 0x0, 0x0)
		/usr/lib/golang/src/runtime/proc.go:366 +0xd6 fp=0xc000034fb0 sp=0xc000034f90 pc=0x437d36
runtime.goparkunlock(...)
		/usr/lib/golang/src/runtime/proc.go:372
runtime.forcegchelper()
		/usr/lib/golang/src/runtime/proc.go:306 +0xad fp=0xc000034fe0 sp=0xc000034fb0 pc=0x437bcd
runtime.goexit()
		/usr/lib/golang/src/runtime/asm_amd64.s:1581 +0x1 fp=0xc000034fe8 sp=0xc000034fe0 pc=0x464361
created by runtime.init.8
		/usr/lib/golang/src/runtime/proc.go:294 +0x25

goroutine 3 [GC sweep wait]:
runtime.gopark(0x0, 0x0, 0x0, 0x0, 0x0)
		/usr/lib/golang/src/runtime/proc.go:366 +0xd6 fp=0xc0000357b0 sp=0xc000035790 pc=0x437d36
runtime.goparkunlock(...)
		/usr/lib/golang/src/runtime/proc.go:372
runtime.bgsweep()
		/usr/lib/golang/src/runtime/mgcsweep.go:163 +0x88 fp=0xc0000357e0 sp=0xc0000357b0 pc=0x4243a8
runtime.goexit()
		/usr/lib/golang/src/runtime/asm_amd64.s:1581 +0x1 fp=0xc0000357e8 sp=0xc0000357e0 pc=0x464361
created by runtime.gcenable
		/usr/lib/golang/src/runtime/mgc.go:181 +0x55

goroutine 4 [GC scavenge wait]:
runtime.gopark(0x0, 0x0, 0x0, 0x0, 0x0)
		/usr/lib/golang/src/runtime/proc.go:366 +0xd6 fp=0xc000035f80 sp=0xc000035f60 pc=0x437d36
runtime.goparkunlock(...)
		/usr/lib/golang/src/runtime/proc.go:372
runtime.bgscavenge()
		/usr/lib/golang/src/runtime/mgcscavenge.go:265 +0xcd fp=0xc000035fe0 sp=0xc000035f80 pc=0x4224ad
runtime.goexit()
		/usr/lib/golang/src/runtime/asm_amd64.s:1581 +0x1 fp=0xc000035fe8 sp=0xc000035fe0 pc=0x464361
created by runtime.gcenable
		/usr/lib/golang/src/runtime/mgc.go:182 +0x65

goroutine 5 [finalizer wait]:
runtime.gopark(0xaec640, 0xc000034770, 0xf1, 0x48, 0xad75e0)
		/usr/lib/golang/src/runtime/proc.go:366 +0xd6 fp=0xc000034630 sp=0xc000034610 pc=0x437d36
runtime.goparkunlock(...)
		/usr/lib/golang/src/runtime/proc.go:372
runtime.runfinq()
		/usr/lib/golang/src/runtime/mfinal.go:177 +0xb3 fp=0xc0000347e0 sp=0xc000034630 pc=0x419f33
runtime.goexit()
		/usr/lib/golang/src/runtime/asm_amd64.s:1581 +0x1 fp=0xc0000347e8 sp=0xc0000347e0 pc=0x464361
created by runtime.createfing
		/usr/lib/golang/src/runtime/mfinal.go:157 +0x45
Aborted

The crashing process is this one:

snap-exec        5540   2447     0 /usr/libexec/snapd/snap-exec --hook=configure certbot

Version info:

[root@armor-client ~]# snap version
snap    2.57.6-1.el7
snapd   2.57.6-1.el7
series  16
centos  7
kernel  3.10.0-1160.45.1.el7.x86_64

[root@armor-client ~]# rpm -q snapd
snapd-2.57.6-1.el7.x86_64

[root@armor-client ~]# cat /etc/centos-release
CentOS Linux release 7.9.2009 (Core)

cekoludia · December 11, 2022, 10:56pm

Hello, does anyone have a solution to this problem?

gvde · December 12, 2022, 6:01am

No solution, but temporary workaround: downgrade to the previous version.

# yum downgrade snapd snap-confine snapd-selinux
...
---> Package snap-confine.x86_64 0:2.55.3-1.el7 will be a downgrade
---> Package snap-confine.x86_64 0:2.57.6-1.el7 will be erased
---> Package snapd.x86_64 0:2.55.3-1.el7 will be a downgrade
---> Package snapd.x86_64 0:2.57.6-1.el7 will be erased
---> Package snapd-selinux.noarch 0:2.55.3-1.el7 will be a downgrade
---> Package snapd-selinux.noarch 0:2.57.6-1.el7 will be erased
--> Finished Dependency Resolution
...

I think it’s an issue with 2.57 as there is also the same report for ubuntu: https://bugs.launchpad.net/snapd/+bug/1995102

_az · December 12, 2022, 6:26am

The Ubuntu report looks to have a different cause, something in the CLI parser. It is not the case on CentOS 7 that every snap command segfaults - it is possible to install and run the hello-world snap, for example.

Unfortunately EPEL7 does not keep older versions of packages uploaded, so a yum downgrade would only be possible if it was locally cached, I guess.

gvde · December 12, 2022, 6:45am

If you don’t have it in the cache you should still find those three rpms in a mirror which doesn’t delete old version like https://mirror.lt.ucsc.edu/epel/7/x86_64/Packages/s/.

cekoludia · December 12, 2022, 7:13am

Hello, thank you very much for your help. I did the following:

yum remove snapd
yum remove snap-confine.x86_64
yum remove snapd-selinux.noarch
then I downloaded from https://mirror.lt.ucsc.edu/epel/7/x86_64/Packages/s/ snapd-2.54.4-1.el7.x86_64.rpm, snapd-selinux-2.54.4- 1.el7.noarch.rpm, snap-confine-2.54.4-1.el7.x86_64.rpm
i installed .rpm yum localinstall … Thank you very much again!

boutell · December 12, 2022, 3:26pm

Seeing the same issue. This is really bad news. Can anything be done to fix this issue upstream?

bmw · December 12, 2022, 3:57pm

Just to help show it’s not an obscure Certbot issue, here’s the same thing happening when installing the snapcraft snap:

# snap install snapcraft --classic
error: cannot perform the following tasks:
- Run configure hook of "snapcraft" snap if present (run hook "configure": 
-----
fatal error: unexpected signal during runtime execution
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x0]

runtime stack:
runtime.throw({0x7257cd, 0x0})
	/usr/lib/golang/src/runtime/panic.go:1198 +0x71 fp=0x7ffdc76e55f0 sp=0x7ffdc76e55c0 pc=0x435291
runtime.sigpanic()
	/usr/lib/golang/src/runtime/signal_unix.go:719 +0x396 fp=0x7ffdc76e5640 sp=0x7ffdc76e55f0 pc=0x44aa16

goroutine 1 [syscall, locked to thread]:
runtime.cgocall(0x5e9a70, 0xc0000a76c0)
	/usr/lib/golang/src/runtime/cgocall.go:156 +0x5c fp=0xc0000a7698 sp=0xc0000a7660 pc=0x40551c
crypto/internal/boring._Cfunc__goboringcrypto_DLOPEN_OPENSSL()
	_cgo_gotypes.go:603 +0x49 fp=0xc0000a76c0 sp=0xc0000a7698 pc=0x5366c9
crypto/internal/boring.init.0()
	/usr/lib/golang/src/crypto/internal/boring/boring.go:46 +0x45 fp=0xc0000a76f8 sp=0xc0000a76c0 pc=0x537445
runtime.doInit(0xad84a0)
	/usr/lib/golang/src/runtime/proc.go:6498 +0x123 fp=0xc0000a7830 sp=0xc0000a76f8 pc=0x4449a3
runtime.doInit(0xad61a0)
	/usr/lib/golang/src/runtime/proc.go:6475 +0x71 fp=0xc0000a7968 sp=0xc0000a7830 pc=0x4448f1
runtime.doInit(0xad9280)
	/usr/lib/golang/src/runtime/proc.go:6475 +0x71 fp=0xc0000a7aa0 sp=0xc0000a7968 pc=0x4448f1
runtime.doInit(0xad8260)
	/usr/lib/golang/src/runtime/proc.go:6475 +0x71 fp=0xc0000a7bd8 sp=0xc0000a7aa0 pc=0x4448f1
runtime.doInit(0xad9bc0)
	/usr/lib/golang/src/runtime/proc.go:6475 +0x71 fp=0xc0000a7d10 sp=0xc0000a7bd8 pc=0x4448f1
runtime.doInit(0xad7220)
	/usr/lib/golang/src/runtime/proc.go:6475 +0x71 fp=0xc0000a7e48 sp=0xc0000a7d10 pc=0x4448f1
runtime.doInit(0xad7fe0)
	/usr/lib/golang/src/runtime/proc.go:6475 +0x71 fp=0xc0000a7f80 sp=0xc0000a7e48 pc=0x4448f1
runtime.main()
	/usr/lib/golang/src/runtime/proc.go:238 +0x1e6 fp=0xc0000a7fe0 sp=0xc0000a7f80 pc=0x437926
runtime.goexit()
	/usr/lib/golang/src/runtime/asm_amd64.s:1581 +0x1 fp=0xc0000a7fe8 sp=0xc0000a7fe0 pc=0x464361

goroutine 2 [force gc (idle)]:
runtime.gopark(0x0, 0x0, 0x0, 0x0, 0x0)
	/usr/lib/golang/src/runtime/proc.go:366 +0xd6 fp=0xc000032fb0 sp=0xc000032f90 pc=0x437d36
runtime.goparkunlock(...)
	/usr/lib/golang/src/runtime/proc.go:372
runtime.forcegchelper()
	/usr/lib/golang/src/runtime/proc.go:306 +0xad fp=0xc000032fe0 sp=0xc000032fb0 pc=0x437bcd
runtime.goexit()
	/usr/lib/golang/src/runtime/asm_amd64.s:1581 +0x1 fp=0xc000032fe8 sp=0xc000032fe0 pc=0x464361
created by runtime.init.8
	/usr/lib/golang/src/runtime/proc.go:294 +0x25

goroutine 3 [GC sweep wait]:
runtime.gopark(0x0, 0x0, 0x0, 0x0, 0x0)
	/usr/lib/golang/src/runtime/proc.go:366 +0xd6 fp=0xc0000337b0 sp=0xc000033790 pc=0x437d36
runtime.goparkunlock(...)
	/usr/lib/golang/src/runtime/proc.go:372
runtime.bgsweep()
	/usr/lib/golang/src/runtime/mgcsweep.go:163 +0x88 fp=0xc0000337e0 sp=0xc0000337b0 pc=0x4243a8
runtime.goexit()
	/usr/lib/golang/src/runtime/asm_amd64.s:1581 +0x1 fp=0xc0000337e8 sp=0xc0000337e0 pc=0x464361
created by runtime.gcenable
	/usr/lib/golang/src/runtime/mgc.go:181 +0x55

goroutine 4 [GC scavenge wait]:
runtime.gopark(0x0, 0x0, 0x0, 0x0, 0x0)
	/usr/lib/golang/src/runtime/proc.go:366 +0xd6 fp=0xc000033f80 sp=0xc000033f60 pc=0x437d36
runtime.goparkunlock(...)
	/usr/lib/golang/src/runtime/proc.go:372
runtime.bgscavenge()
	/usr/lib/golang/src/runtime/mgcscavenge.go:265 +0xcd fp=0xc000033fe0 sp=0xc000033f80 pc=0x4224ad
runtime.goexit()
	/usr/lib/golang/src/runtime/asm_amd64.s:1581 +0x1 fp=0xc000033fe8 sp=0xc000033fe0 pc=0x464361
created by runtime.gcenable
	/usr/lib/golang/src/runtime/mgc.go:182 +0x65

goroutine 5 [finalizer wait]:
runtime.gopark(0xaec640, 0xc000032770, 0xf1, 0x48, 0xad75e0)
	/usr/lib/golang/src/runtime/proc.go:366 +0xd6 fp=0xc000032630 sp=0xc000032610 pc=0x437d36
runtime.goparkunlock(...)
	/usr/lib/golang/src/runtime/proc.go:372
runtime.runfinq()
	/usr/lib/golang/src/runtime/mfinal.go:177 +0xb3 fp=0xc0000327e0 sp=0xc000032630 pc=0x419f33
runtime.goexit()
	/usr/lib/golang/src/runtime/asm_amd64.s:1581 +0x1 fp=0xc0000327e8 sp=0xc0000327e0 pc=0x464361
created by runtime.createfing
	/usr/lib/golang/src/runtime/mfinal.go:157 +0x45
-----)

mvo · December 12, 2022, 4:31pm

Thanks for raising this issue. We are currently looking into the certbot issue.

However please note that the segfault of “snap-exec” is most likely unrelated to the certbot issue. The snap-exec tool is run inside the snap namespace so running it directly from the host is not how it’s usually executed.

[edit: looks like that is exactly the issue]

mvo · December 12, 2022, 5:17pm

I wonder if this is somehow related to how the rpm was build. When I our google:centos-7-64:tests/main/classic-confinement spread test and snap install --clasic snapcraft and snap install --classic certbox there I see no failure. During that test the snapd rpm is build in on the test VM so I wonder if something is off with the rpm build somehow ?

_az · December 12, 2022, 11:14pm

Do you use mainline Go to build snapd in those tests?

Based on the segfault’s stack trace, something is going wrong with Go trying to do runtime linking to BoringSSL, which would not happen in mainline Go:

It looks like EPEL7 might be building snapd using the boringcrypto branch of Go.

That could explain a coverage gap in testing.

mvo · December 13, 2022, 8:25am

Indeed, thanks _az! I wonder how to disable this boringcrypto during the build, that might be all that is needed to fix this issue.

bmw · December 13, 2022, 7:38pm

To help make sure we’re all on the same page about the severity here, if a CentOS 7 snapd user upgrades the packages on their system to the newest snap RPM packages in EPEL 7, any classic snap becomes completely unrunnable on their system. The Certbot snap alone has over 50k users on CentOS 7.

I really hope this can be fixed soon.

_az · December 13, 2022, 9:07pm

Filed to EPEL: https://bugzilla.redhat.com/show_bug.cgi?id=2152903

mvo · December 16, 2022, 8:54am

Thanks everyone for reporting this and for your patience. The amazing @mborzecki has fixed this by building snapd without the boringssl change. The build is in https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-4790972cca and should be generally now.

mborzecki1 · December 16, 2022, 9:02am

The update should hit testing soon. For the time being, you can switch to the builds tab in bodhi and grab the RPMs directly from the build system.