search

cloudflare / gokeyless

Go implementation of the keyless protocol
https://blog.cloudflare.com/keyless-ssl-the-nitty-gritty-technical-details/
Other
472 stars 79 forks source link

Panic with SoftHSM2 on CentOS 8 #324

Closed cicku closed 1 year ago

cicku commented 1 year ago 
> cat /etc/centos-release 
CentOS Stream release 8
execve("/usr/local/bin/gokeyless", ["gokeyless", "-c", "/root/test.yaml"], 0x7fffcfea69c0 /* 29 vars */) = 0
brk(NULL)                               = 0x32f2000
brk(0x32f31c0)                          = 0x32f31c0
arch_prctl(ARCH_SET_FS, 0x32f2880)      = 0
uname({sysname="Linux", nodename="REDACTED", ...}) = 0
set_tid_address(0x32f2b50)              = 143463
set_robust_list(0x32f2b60, 24)          = 0
rt_sigaction(SIGRTMIN, {sa_handler=0xb419e0, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0xb40fb0}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {sa_handler=0xb41a80, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0xb40fb0}, NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/usr/local/bin/gokeyless", 4096) = 24
brk(0x33141c0)                          = 0x33141c0
brk(0x3315000)                          = 0x3315000
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
sched_getaffinity(0, 8192, [0])         = 8
openat(AT_FDCWD, "/sys/kernel/mm/transparent_hugepage/hpage_pmd_size", O_RDONLY) = 3
read(3, "2097152\n", 20)                = 8
close(3)                                = 0
mmap(NULL, 262144, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f180223a000
mmap(NULL, 131072, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f180221a000
mmap(NULL, 1048576, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f180211a000
mmap(NULL, 8388608, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f180191a000
mmap(NULL, 67108864, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17fd91a000
mmap(NULL, 536870912, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17dd91a000
mmap(0xc000000000, 67108864, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xc000000000
mmap(NULL, 33554432, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17db91a000
mmap(NULL, 2165776, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17db709000
mmap(0xc000000000, 4194304, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xc000000000
mmap(0x7f180221a000, 131072, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f180221a000
mmap(0x7f180219a000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f180219a000
mmap(0x7f1801d20000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f1801d20000
mmap(0x7f17ff94a000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f17ff94a000
mmap(0x7f17eda9a000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f17eda9a000
mmap(NULL, 1048576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17db609000
mmap(NULL, 65536, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17db5f9000
mmap(NULL, 65536, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17db5e9000
rt_sigprocmask(SIG_SETMASK, NULL, [], 8) = 0
sigaltstack(NULL, {ss_sp=NULL, ss_flags=SS_DISABLE, ss_size=0}) = 0
sigaltstack({ss_sp=0xc000002000, ss_flags=0, ss_size=32768}, NULL) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
gettid()                                = 143463
rt_sigaction(SIGHUP, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGHUP, {sa_handler=0x468f80, sa_mask=~[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0xb40fb0}, NULL, 8) = 0
rt_sigaction(SIGINT, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGINT, {sa_handler=0x468f80, sa_mask=~[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0xb40fb0}, NULL, 8) = 0
rt_sigaction(SIGQUIT, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGQUIT, {sa_handler=0x468f80, sa_mask=~[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0xb40fb0}, NULL, 8) = 0
rt_sigaction(SIGILL, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGILL, {sa_handler=0x468f80, sa_mask=~[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0xb40fb0}, NULL, 8) = 0
rt_sigaction(SIGTRAP, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGTRAP, {sa_handler=0x468f80, sa_mask=~[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0xb40fb0}, NULL, 8) = 0
rt_sigaction(SIGABRT, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGABRT, {sa_handler=0x468f80, sa_mask=~[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0xb40fb0}, NULL, 8) = 0
rt_sigaction(SIGBUS, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGBUS, {sa_handler=0x468f80, sa_mask=~[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0xb40fb0}, NULL, 8) = 0
rt_sigaction(SIGFPE, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGFPE, {sa_handler=0x468f80, sa_mask=~[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0xb40fb0}, NULL, 8) = 0
rt_sigaction(SIGUSR1, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGUSR1, {sa_handler=0x468f80, sa_mask=~[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0xb40fb0}, NULL, 8) = 0
rt_sigaction(SIGSEGV, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGSEGV, {sa_handler=0x468f80, sa_mask=~[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0xb40fb0}, NULL, 8) = 0
rt_sigaction(SIGUSR2, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGUSR2, {sa_handler=0x468f80, sa_mask=~[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0xb40fb0}, NULL, 8) = 0
rt_sigaction(SIGPIPE, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGPIPE, {sa_handler=0x468f80, sa_mask=~[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0xb40fb0}, NULL, 8) = 0
rt_sigaction(SIGALRM, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGALRM, {sa_handler=0x468f80, sa_mask=~[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0xb40fb0}, NULL, 8) = 0
rt_sigaction(SIGTERM, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGTERM, {sa_handler=0x468f80, sa_mask=~[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0xb40fb0}, NULL, 8) = 0
rt_sigaction(SIGSTKFLT, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGSTKFLT, {sa_handler=0x468f80, sa_mask=~[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0xb40fb0}, NULL, 8) = 0
rt_sigaction(SIGCHLD, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGCHLD, {sa_handler=0x468f80, sa_mask=~[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0xb40fb0}, NULL, 8) = 0
rt_sigaction(SIGURG, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGURG, {sa_handler=0x468f80, sa_mask=~[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0xb40fb0}, NULL, 8) = 0
rt_sigaction(SIGXCPU, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGXCPU, {sa_handler=0x468f80, sa_mask=~[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0xb40fb0}, NULL, 8) = 0
rt_sigaction(SIGXFSZ, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGXFSZ, {sa_handler=0x468f80, sa_mask=~[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0xb40fb0}, NULL, 8) = 0
rt_sigaction(SIGVTALRM, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGVTALRM, {sa_handler=0x468f80, sa_mask=~[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0xb40fb0}, NULL, 8) = 0
rt_sigaction(SIGPROF, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGPROF, {sa_handler=0x468f80, sa_mask=~[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0xb40fb0}, NULL, 8) = 0
rt_sigaction(SIGWINCH, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGWINCH, {sa_handler=0x468f80, sa_mask=~[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0xb40fb0}, NULL, 8) = 0
rt_sigaction(SIGIO, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGIO, {sa_handler=0x468f80, sa_mask=~[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0xb40fb0}, NULL, 8) = 0
rt_sigaction(SIGPWR, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGPWR, {sa_handler=0x468f80, sa_mask=~[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0xb40fb0}, NULL, 8) = 0
rt_sigaction(SIGSYS, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGSYS, {sa_handler=0x468f80, sa_mask=~[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0xb40fb0}, NULL, 8) = 0
rt_sigaction(SIGRTMIN, NULL, {sa_handler=0xb419e0, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0xb40fb0}, 8) = 0
rt_sigaction(SIGRTMIN, NULL, {sa_handler=0xb419e0, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0xb40fb0}, 8) = 0
rt_sigaction(SIGRTMIN, {sa_handler=0xb419e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_SIGINFO, sa_restorer=0xb40fb0}, NULL, 8) = 0
rt_sigaction(SIGRT_1, NULL, {sa_handler=0xb41a80, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0xb40fb0}, 8) = 0
rt_sigaction(SIGRT_1, NULL, {sa_handler=0xb41a80, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0xb40fb0}, 8) = 0
rt_sigaction(SIGRT_1, {sa_handler=0xb41a80, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0xb40fb0}, NULL, 8) = 0
rt_sigaction(SIGRT_2, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGRT_3, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGRT_3, {sa_handler=0x468f80, sa_mask=~[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0xb40fb0}, NULL, 8) = 0
rt_sigaction(SIGRT_4, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGRT_4, {sa_handler=0x468f80, sa_mask=~[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0xb40fb0}, NULL, 8) = 0
rt_sigaction(SIGRT_5, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGRT_5, {sa_handler=0x468f80, sa_mask=~[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0xb40fb0}, NULL, 8) = 0
rt_sigaction(SIGRT_6, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGRT_6, {sa_handler=0x468f80, sa_mask=~[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0xb40fb0}, NULL, 8) = 0
rt_sigaction(SIGRT_7, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGRT_7, {sa_handler=0x468f80, sa_mask=~[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0xb40fb0}, NULL, 8) = 0
rt_sigaction(SIGRT_8, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGRT_8, {sa_handler=0x468f80, sa_mask=~[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0xb40fb0}, NULL, 8) = 0
rt_sigaction(SIGRT_9, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGRT_9, {sa_handler=0x468f80, sa_mask=~[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0xb40fb0}, NULL, 8) = 0
rt_sigaction(SIGRT_10, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGRT_10, {sa_handler=0x468f80, sa_mask=~[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0xb40fb0}, NULL, 8) = 0
rt_sigaction(SIGRT_11, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGRT_11, {sa_handler=0x468f80, sa_mask=~[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0xb40fb0}, NULL, 8) = 0
rt_sigaction(SIGRT_12, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGRT_12, {sa_handler=0x468f80, sa_mask=~[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0xb40fb0}, NULL, 8) = 0
rt_sigaction(SIGRT_13, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGRT_13, {sa_handler=0x468f80, sa_mask=~[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0xb40fb0}, NULL, 8) = 0
rt_sigaction(SIGRT_14, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGRT_14, {sa_handler=0x468f80, sa_mask=~[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0xb40fb0}, NULL, 8) = 0
rt_sigaction(SIGRT_15, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGRT_15, {sa_handler=0x468f80, sa_mask=~[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0xb40fb0}, NULL, 8) = 0
rt_sigaction(SIGRT_16, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGRT_16, {sa_handler=0x468f80, sa_mask=~[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0xb40fb0}, NULL, 8) = 0
rt_sigaction(SIGRT_17, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGRT_17, {sa_handler=0x468f80, sa_mask=~[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0xb40fb0}, NULL, 8) = 0
rt_sigaction(SIGRT_18, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGRT_18, {sa_handler=0x468f80, sa_mask=~[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0xb40fb0}, NULL, 8) = 0
rt_sigaction(SIGRT_19, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGRT_19, {sa_handler=0x468f80, sa_mask=~[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0xb40fb0}, NULL, 8) = 0
rt_sigaction(SIGRT_20, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGRT_20, {sa_handler=0x468f80, sa_mask=~[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0xb40fb0}, NULL, 8) = 0
rt_sigaction(SIGRT_21, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGRT_21, {sa_handler=0x468f80, sa_mask=~[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0xb40fb0}, NULL, 8) = 0
rt_sigaction(SIGRT_22, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGRT_22, {sa_handler=0x468f80, sa_mask=~[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0xb40fb0}, NULL, 8) = 0
rt_sigaction(SIGRT_23, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGRT_23, {sa_handler=0x468f80, sa_mask=~[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0xb40fb0}, NULL, 8) = 0
rt_sigaction(SIGRT_24, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGRT_24, {sa_handler=0x468f80, sa_mask=~[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0xb40fb0}, NULL, 8) = 0
rt_sigaction(SIGRT_25, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGRT_25, {sa_handler=0x468f80, sa_mask=~[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0xb40fb0}, NULL, 8) = 0
rt_sigaction(SIGRT_26, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGRT_26, {sa_handler=0x468f80, sa_mask=~[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0xb40fb0}, NULL, 8) = 0
rt_sigaction(SIGRT_27, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGRT_27, {sa_handler=0x468f80, sa_mask=~[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0xb40fb0}, NULL, 8) = 0
rt_sigaction(SIGRT_28, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGRT_28, {sa_handler=0x468f80, sa_mask=~[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0xb40fb0}, NULL, 8) = 0
rt_sigaction(SIGRT_29, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGRT_29, {sa_handler=0x468f80, sa_mask=~[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0xb40fb0}, NULL, 8) = 0
rt_sigaction(SIGRT_30, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGRT_30, {sa_handler=0x468f80, sa_mask=~[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0xb40fb0}, NULL, 8) = 0
rt_sigaction(SIGRT_31, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGRT_31, {sa_handler=0x468f80, sa_mask=~[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0xb40fb0}, NULL, 8) = 0
rt_sigaction(SIGRT_32, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGRT_32, {sa_handler=0x468f80, sa_mask=~[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0xb40fb0}, NULL, 8) = 0
rt_sigprocmask(SIG_SETMASK, ~[RTMIN RT_1], [], 8) = 0
mmap(NULL, 8392704, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17dade8000
mprotect(0x7f17dade9000, 8388608, PROT_READ|PROT_WRITE) = 0
clone(child_stack=0x7f17db5e7e70, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[143464], tls=0x7f17db5e8700, child_tidptr=0x7f17db5e89d0) = 143464
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
rt_sigprocmask(SIG_SETMASK, ~[RTMIN RT_1], [], 8) = 0
mmap(NULL, 8392704, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17da5e7000
mprotect(0x7f17da5e8000, 8388608, PROT_READ|PROT_WRITE) = 0
clone(child_stack=0x7f17dade6e70, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[143465], tls=0x7f17dade7700, child_tidptr=0x7f17dade79d0) = 143465
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
futex(0x16b2650, FUTEX_WAIT_PRIVATE, 0, NULL) = 0
futex(0xc000054950, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0x16b2650, FUTEX_WAIT_PRIVATE, 0, NULL) = 0
rt_sigprocmask(SIG_SETMASK, ~[RTMIN RT_1], [], 8) = 0
mmap(NULL, 8392704, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17d9de6000
mprotect(0x7f17d9de7000, 8388608, PROT_READ|PROT_WRITE) = 0
clone(child_stack=0x7f17da5e5e70, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[143466], tls=0x7f17da5e6700, child_tidptr=0x7f17da5e69d0) = 143466
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
fcntl(0, F_GETFL)                       = 0x2 (flags O_RDWR)
mmap(NULL, 262144, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17d9da6000
fcntl(1, F_GETFL)                       = 0x2 (flags O_RDWR)
fcntl(2, F_GETFL)                       = 0x2 (flags O_RDWR)
readlinkat(AT_FDCWD, "/proc/self/exe", "/usr/local/bin/gokeyless", 128) = 24
openat(AT_FDCWD, "/usr/local/bin/gokeyless", O_RDONLY|O_CLOEXEC) = 3
epoll_create1(EPOLL_CLOEXEC)            = 4
pipe2([5, 6], O_NONBLOCK|O_CLOEXEC)     = 0
epoll_ctl(4, EPOLL_CTL_ADD, 5, {events=EPOLLIN, data={u32=24020784, u64=24020784}}) = 0
epoll_ctl(4, EPOLL_CTL_ADD, 3, {events=EPOLLIN|EPOLLOUT|EPOLLRDHUP|EPOLLET, data={u32=3655006040, u64=139740415981400}}) = -1 EPERM (Operation not permitted)
fstat(3, {st_mode=S_IFREG|0755, st_size=17493528, ...}) = 0
pread64(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\2\0>\0\1\0\0\0p\v@\0\0\0\0\0"..., 64, 0) = 64
pread64(3, "\211|$XH\211D$(H\211\\$HH\213\227`\1\0\0H\213\267X\1\0\0L\213\207h"..., 64, 2186691) = 64
pread64(3, "\314\314\314\314\314\314\314\314\314\314\314\314\314\314\314\314\314\314\314\314\314\314\314\314\314\314L\215d$\370M"..., 64, 4373382) = 64
pread64(3, "L\211\300\353\276L\211\300\353\233M\205\300\351u\377\377\377\17\37D\0\0\350;4\237\377H\213\204$"..., 64, 6560073) = 64
pread64(3, "\0\0\0\0(:{\10\2\10\10\27\0\0\0\0\0\0\0\0 )\353\0\0\0\0\0\32\177\1\0"..., 64, 8746764) = 64
pread64(3, "\0\35\0\0\0>\0\0\0\262\237\7\0.\0\0\0\4\0\0\0\36\0\0\0\231\0\0\0\367\237\7"..., 64, 10933455) = 64
pread64(3, "\6\v\0050\10\n\7k\n$\t\1\f\1\2\f\ri\0\2\16\240\1\274\1\237\1\1\240\1\241\2"..., 64, 13120146) = 64
pread64(3, "\3\0\0\0\0\0\6\0\261\6\0\17\261\6\0\0\0\0\08\201\337\0\0\0\0\0\260\207\337\0\0"..., 64, 15306837) = 64
close(3)                                = 0
getpid()                                = 143463
newfstatat(AT_FDCWD, "/proc", {st_mode=S_IFDIR|0555, st_size=0, ...}, 0) = 0
futex(0xc000054950, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0x16b2650, FUTEX_WAIT_PRIVATE, 0, NULL) = 0
futex(0xc000054950, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0x16b2650, FUTEX_WAIT_PRIVATE, 0, NULL) = 0
futex(0xc000054950, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0x16b2650, FUTEX_WAIT_PRIVATE, 0, NULL) = 0
futex(0xc000054950, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0x16b2650, FUTEX_WAIT_PRIVATE, 0, NULL) = 0
futex(0xc000054950, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0x16b2650, FUTEX_WAIT_PRIVATE, 0, NULL) = 0
mmap(NULL, 262144, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17d9d66000
futex(0xc000054950, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc000054950, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc000054950, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc000054950, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc000054950, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc000054950, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc000054950, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc000054950, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc000054950, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc000054950, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc000054950, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc000054950, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc000054950, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc000054950, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc000054950, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc000054950, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc000054950, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc000054950, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc000054950, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc000054950, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc000054950, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc000054950, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc000054950, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc000054950, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc000054950, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc000054950, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc000054950, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc000054950, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc000054950, FUTEX_WAKE_PRIVATE, 1) = 1
openat(AT_FDCWD, "/root/test.yaml", O_RDONLY|O_CLOEXEC) = 3
epoll_ctl(4, EPOLL_CTL_ADD, 3, {events=EPOLLIN|EPOLLOUT|EPOLLRDHUP|EPOLLET, data={u32=3655006040, u64=139740415981400}}) = -1 EPERM (Operation not permitted)
fstat(3, {st_mode=S_IFREG|0644, st_size=1320, ...}) = 0
read(3, "# Set the log level (0 = DEBUG, "..., 1832) = 1320
read(3, "", 512)                        = 0
futex(0x16b2650, FUTEX_WAIT_PRIVATE, 0, NULL) = 0
futex(0x16e9c88, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0x16b2650, FUTEX_WAIT_PRIVATE, 0, NULL2023/05/11 04:54:19 [INFO] loading /etc/keyless/keys/REDACTED.key...
2023/05/11 04:54:19 [DEBUG] add signer with SKI: REDACTED(https://crt.sh/?ski=REDACTED)
2023/05/11 04:54:19 [INFO] loading pkcs11:token=test;id=%a0%00?module-path=/usr/lib64/libsofthsm2.so&pin-value=1335&max-sessions=1...
) = 0
madvise(0xc000400000, 2097152, MADV_NOHUGEPAGE) = 0
madvise(0xc0004d6000, 8192, MADV_DONTNEED) = 0
write(6, "\0", 1)                       = 1
epoll_pwait(4, fatal error: unexpected signal during runtime execution
[signal SIGSEGV: segmentation violation code=0x1 addr=0xc8 pc=0x7f17cbc825d2]

runtime stack:
runtime.throw({0xdd4917, 0x1e8})
        /usr/lib/go-1.17/src/runtime/panic.go:1198 +0x71
runtime.sigpanic()
        /usr/lib/go-1.17/src/runtime/signal_unix.go:719 +0x396

goroutine 1 [syscall]:
runtime.cgocall(0xb3a9d0, 0xc00063fa60)
        /usr/lib/go-1.17/src/runtime/cgocall.go:156 +0x5c fp=0xc00063fa38 sp=0xc00063fa00 pc=0x4040fc
github.com/miekg/pkcs11._Cfunc_Initialize(0x7f17c4000b50)
        _cgo_gotypes.go:1204 +0x49 fp=0xc00063fa60 sp=0xc00063fa38 pc=0xac2129
github.com/miekg/pkcs11.(*Ctx).Initialize.func1(0xc0003a0301)
        /go/tmp/vendor/github.com/miekg/pkcs11/pkcs11.go:805 +0x3a fp=0xc00063fa98 sp=0xc00063fa60 pc=0xac533a
github.com/miekg/pkcs11.(*Ctx).Initialize(0xc0000729ce)
        /go/tmp/vendor/github.com/miekg/pkcs11/pkcs11.go:805 +0x19 fp=0xc00063fab0 sp=0xc00063fa98 pc=0xac52b9
github.com/ThalesIgnite/crypto11.Configure(0xc000388720)
        /go/tmp/vendor/github.com/ThalesIgnite/crypto11/crypto11.go:301 +0x397 fp=0xc00063fbb8 sp=0xc00063fab0 pc=0xadc257
github.com/cloudflare/gokeyless/internal/rfc7512.LoadPKCS11Signer(0xc0000aa480)
        /go/tmp/internal/rfc7512/rfc7512.go:206 +0x113 fp=0xc00063fc00 sp=0xc00063fbb8 pc=0xae98b3
github.com/cloudflare/gokeyless/server.DefaultLoadURI({0xc0000729a0, 0x65})
        /go/tmp/server/pkcs11.go:23 +0x77 fp=0xc00063fc48 sp=0xc00063fc00 pc=0xb28477
github.com/cloudflare/gokeyless/server.loadPKCS11URI(...)
        /go/tmp/server/pkcs11.go:31
github.com/cloudflare/gokeyless/server.(*DefaultKeystore).AddFromURI(0xc00037ea08, {0xc0000729a0, 0x65})
        /go/tmp/server/keystore.go:104 +0xb8 fp=0xc00063fcb0 sp=0xc00063fc48 pc=0xb270b8
main.initKeyStore()
        /go/tmp/cmd/gokeyless/gokeyless.go:330 +0xed fp=0xc00063fd38 sp=0xc00063fcb0 pc=0xb35cad
main.main()
        /go/tmp/cmd/gokeyless/gokeyless.go:289 +0x8eb fp=0xc00063ff80 sp=0xc00063fd38 pc=0xb3564b
runtime.main()
        /usr/lib/go-1.17/src/runtime/proc.go:255 +0x227 fp=0xc00063ffe0 sp=0xc00063ff80 pc=0x438de7
runtime.goexit()
        /usr/lib/go-1.17/src/runtime/asm_amd64.s:1581 +0x1 fp=0xc00063ffe8 sp=0xc00063ffe0 pc=0x467401

goroutine 9 [select]:
go.opencensus.io/stats/view.(*worker).start(0xc0000d8b80)
        /go/tmp/vendor/go.opencensus.io/stats/view/worker.go:276 +0xb9
created by go.opencensus.io/stats/view.init.0
        /go/tmp/vendor/go.opencensus.io/stats/view/worker.go:34 +0x92
 <unfinished ...>)       = ?
+++ exited with 2 +++
nickysemenza commented 1 year ago

possibly related to https://github.com/miekg/pkcs11/issues/162 / https://github.com/ThalesIgnite/crypto11/issues/99