search

notaryproject / notary

Notary is a project that allows anyone to have trust over arbitrary collections of data
Apache License 2.0
3.23k stars 510 forks source link

Yubikey Signing Malloc Error #1372

Open dviator opened 6 years ago

dviator commented 6 years ago

Hey guys,

Been working on setting up a notary service at my company, and was planning on storing root keys on yubikey4C devices. Unfortunately performing signing with these yubikeys has been flaky. About 50% of the time it works, but the other 50% of the time it results in an error. I sometimes get different error outputs, though I'm guessing they are closely related, so I've included two of the error outputs below.

Context for my environment, I am using the notary installed with docker for mac: notary Version: 0.6.1 Git commit: d6e1431f

And the yubico-piv-tool installed by brew: yubico-piv-tool --version yubico-piv-tool 1.5.0

Error #1: notary -D init yubitesting200 DEBU[0000] Using the following trust directory: /Users/dveenstra/.notary DEBU[0000] Initialized PKCS11 library /usr/local/lib/libykcs11.dylib and started HSM session DEBU[0000] Found 1 objects matching list filters DEBU[0000] Making dir path: /Users/dveenstra/.notary/tuf/yubitesting200/changelist Root key found, using: ca0114a2fc49ee08c21753376a58a0a44f2d4851fb67ab6ee1dee33a462f8d27 DEBU[0000] Initialized PKCS11 library /usr/local/lib/libykcs11.dylib and started HSM session DEBU[0000] Initialized PKCS11 library /usr/local/lib/libykcs11.dylib and started HSM session Please touch the attached Yubikey to perform signing. notary(24776,0x7000100dd000) malloc: error for object 0x4b02db0: incorrect checksum for freed object - object was probably modified after being freed. set a breakpoint in malloc_error_break to debug [1] 24776 abort notary -D init yubitesting200

Error #2: notary -D init yubitesting205 DEBU[0000] Using the following trust directory: /Users/dveenstra/.notary DEBU[0000] Initialized PKCS11 library /usr/local/lib/libykcs11.dylib and started HSM session DEBU[0000] Found 1 objects matching list filters DEBU[0000] Making dir path: /Users/dveenstra/.notary/tuf/yubitesting205/changelist Root key found, using: ca0114a2fc49ee08c21753376a58a0a44f2d4851fb67ab6ee1dee33a462f8d27 DEBU[0000] Initialized PKCS11 library /usr/local/lib/libykcs11.dylib and started HSM session DEBU[0000] Initialized PKCS11 library /usr/local/lib/libykcs11.dylib and started HSM session Please touch the attached Yubikey to perform signing. notary(24826,0x7fff95eaf380) malloc: error for object 0x4a0a980: incorrect checksum for freed object - object was probably modified after being freed. set a breakpoint in malloc_error_break to debug SIGABRT: abort PC=0x7fff5d4c0b6e m=0 sigcode=0

goroutine 0 [idle]: runtime: unknown pc 0x7fff5d4c0b6e stack: frame={sp:0x7ffeefbff2d8, fp:0x0} stack=[0x7ffeefb801e0,0x7ffeefbff660) 00007ffeefbff1d8: 00007fff5d531960 00007ffeefbff220 00007ffeefbff1e8: 00007fff5d67fd5e 0033000004946010 00007ffeefbff1f8: 0000000000000003 00000000049f4000 00007ffeefbff208: 00007ffeefbff898 00007ffeefbff320 00007ffeefbff218: 00007fff5d533a85 00007ffeefbff260 00007ffeefbff228: 00007fff5d52916d 00007fff95eaf380 00007ffeefbff238: 00007fff5d4bf773 00007fff95e9c2cc 00007ffeefbff248: 0000000004a0a980 0000000000000000 00007ffeefbff258: 00000000400000c0 00007ffeefbff340 00007ffeefbff268: 00007fff5d528c07 0000003000000020 00007ffeefbff278: 00000000049f3028 0000000000000000 00007ffeefbff288: 00000000049f3028 0000000000000000 00007ffeefbff298: 0000000000000000 0000000004a0a980 00007ffeefbff2a8: 00007fff5d534845 0000000000000000 00007ffeefbff2b8: 0000000004a0a8c0 00007ffeefbff438 00007ffeefbff2c8: 00007ffeefbff338 0000000000000001 00007ffeefbff2d8: <00007fff5d68b080 00007fff95eaf380 00007ffeefbff2e8: 00007ffeefbff328 0000000000000001 00007ffeefbff2f8: 00000000049f3000 0000000000000000 00007ffeefbff308: 00000000400000c0 00007ffeefbff340 00007ffeefbff318: 00007fff5d41c1ae 0000003000000010 00007ffeefbff328: 00007ffeffffffdf ffffffff04a0a980 00007ffeefbff338: 0000000004a0a980 00007ffeefbff460 00007ffeefbff348: 00007fff5d525ad4 0000000080100003 00007ffeefbff358: 0000000000000001 00007ffeefbff3d0 00007ffeefbff368: 00007fff3fc2dd2b 000000000494f600 00007ffeefbff378: 0000000004a0a8c0 000000000494f600 00007ffeefbff388: 0000000000000005 0000000004949080 00007ffeefbff398: 0000000004b00000 00007ffeefbff400 00007ffeefbff3a8: 00007fff5d531256 00007fff95d71cc0 00007ffeefbff3b8: 0000000004b06e90 00007ffeefbff400 00007ffeefbff3c8: 0000000000000001 00007ffeefbff3f0 runtime: unknown pc 0x7fff5d4c0b6e stack: frame={sp:0x7ffeefbff2d8, fp:0x0} stack=[0x7ffeefb801e0,0x7ffeefbff660) 00007ffeefbff1d8: 00007fff5d531960 00007ffeefbff220 00007ffeefbff1e8: 00007fff5d67fd5e 0033000004946010 00007ffeefbff1f8: 0000000000000003 00000000049f4000 00007ffeefbff208: 00007ffeefbff898 00007ffeefbff320 00007ffeefbff218: 00007fff5d533a85 00007ffeefbff260 00007ffeefbff228: 00007fff5d52916d 00007fff95eaf380 00007ffeefbff238: 00007fff5d4bf773 00007fff95e9c2cc 00007ffeefbff248: 0000000004a0a980 0000000000000000 00007ffeefbff258: 00000000400000c0 00007ffeefbff340 00007ffeefbff268: 00007fff5d528c07 0000003000000020 00007ffeefbff278: 00000000049f3028 0000000000000000 00007ffeefbff288: 00000000049f3028 0000000000000000 00007ffeefbff298: 0000000000000000 0000000004a0a980 00007ffeefbff2a8: 00007fff5d534845 0000000000000000 00007ffeefbff2b8: 0000000004a0a8c0 00007ffeefbff438 00007ffeefbff2c8: 00007ffeefbff338 0000000000000001 00007ffeefbff2d8: <00007fff5d68b080 00007fff95eaf380 00007ffeefbff2e8: 00007ffeefbff328 0000000000000001 00007ffeefbff2f8: 00000000049f3000 0000000000000000 00007ffeefbff308: 00000000400000c0 00007ffeefbff340 00007ffeefbff318: 00007fff5d41c1ae 0000003000000010 00007ffeefbff328: 00007ffeffffffdf ffffffff04a0a980 00007ffeefbff338: 0000000004a0a980 00007ffeefbff460 00007ffeefbff348: 00007fff5d525ad4 0000000080100003 00007ffeefbff358: 0000000000000001 00007ffeefbff3d0 00007ffeefbff368: 00007fff3fc2dd2b 000000000494f600 00007ffeefbff378: 0000000004a0a8c0 000000000494f600 00007ffeefbff388: 0000000000000005 0000000004949080 00007ffeefbff398: 0000000004b00000 00007ffeefbff400 00007ffeefbff3a8: 00007fff5d531256 00007fff95d71cc0 00007ffeefbff3b8: 0000000004b06e90 00007ffeefbff400 00007ffeefbff3c8: 0000000000000001 00007ffeefbff3f0

goroutine 1 [syscall]: runtime.cgocall(0x44391b0, 0xc42019a818, 0x0) /usr/local/go/src/runtime/cgocall.go:128 +0x64 fp=0xc42019a7e8 sp=0xc42019a7b0 pc=0x4003dd4 github.com/theupdateframework/notary/vendor/github.com/miekg/pkcs11._Cfunc_Finalize(0x4a0a1b0, 0x0) _cgo_gotypes.go:812 +0x4a fp=0xc42019a818 sp=0xc42019a7e8 pc=0x43b5caa github.com/theupdateframework/notary/vendor/github.com/miekg/pkcs11.(Ctx).Finalize.func1(0x4a0a1b0, 0xc42019a870) /go/src/github.com/theupdateframework/notary/vendor/github.com/miekg/pkcs11/pkcs11.go:863 +0x56 fp=0xc42019a850 sp=0xc42019a818 pc=0x43c0b16 github.com/theupdateframework/notary/vendor/github.com/miekg/pkcs11.(Ctx).Finalize(0xc4200c61b0, 0xc42019a8d8, 0x43baa61) /go/src/github.com/theupdateframework/notary/vendor/github.com/miekg/pkcs11/pkcs11.go:863 +0x37 fp=0xc42019a890 sp=0xc42019a850 pc=0x43b9447 github.com/theupdateframework/notary/trustmanager/yubikey.finalizeAndDestroy(0x45bd620, 0xc4200c61b0) /go/src/github.com/theupdateframework/notary/trustmanager/yubikey/yubikeystore.go:817 +0x35 fp=0xc42019a8e8 sp=0xc42019a890 pc=0x43ce555 github.com/theupdateframework/notary/trustmanager/yubikey.cleanup(0x45bd620, 0xc4200c61b0, 0x51b660) /go/src/github.com/theupdateframework/notary/trustmanager/yubikey/yubikeystore.go:813 +0x66 fp=0xc42019a940 sp=0xc42019a8e8 pc=0x43ce476 github.com/theupdateframework/notary/trustmanager/yubikey.(YubiPrivateKey).Sign(0xc420368300, 0x45b4280, 0xc4200b4de0, 0xc42022c420, 0x20, 0x20, 0x45b50a0, 0xc4203a6fd8, 0xc42021d880, 0x40, ...) /go/src/github.com/theupdateframework/notary/trustmanager/yubikey/yubikeystore.go:208 +0x2c8 fp=0xc42019aa20 sp=0xc42019a940 pc=0x43c7d88 crypto/x509.CreateCertificate(0x45b4280, 0xc4200b4de0, 0xc4204a8680, 0xc4204a8680, 0x44eeb00, 0xc4204858e0, 0x4505860, 0xc420368300, 0xc4204a8680, 0x0, ...) /usr/local/go/src/crypto/x509/x509.go:2133 +0x8f7 fp=0xc42019b478 sp=0xc42019aa20 pc=0x429c627 github.com/theupdateframework/notary/cryptoservice.generateCertificate(0x45b6cc0, 0xc420368300, 0x7ffeefbff8a7, 0xe, 0xbec6ca28a596be01, 0x332a6b22, 0x4839560, 0xc379cae8a596be01, 0x460623ffb886b22, 0x4839560, ...) /go/src/github.com/theupdateframework/notary/cryptoservice/certificate.go:30 +0x245 fp=0xc42019b598 sp=0xc42019b478 pc=0x4399f95 github.com/theupdateframework/notary/cryptoservice.GenerateCertificate(0x45bb840, 0xc420368280, 0x7ffeefbff8a7, 0xe, 0xbec6ca28a596be01, 0x332a6b22, 0x4839560, 0xc379cae8a596be01, 0x460623ffb886b22, 0x4839560, ...) /go/src/github.com/theupdateframework/notary/cryptoservice/certificate.go:21 +0xd2 fp=0xc42019b630 sp=0xc42019b598 pc=0x4399c32 github.com/theupdateframework/notary/client.rootCertKey(0x7ffeefbff8a7, 0xe, 0x45bb840, 0xc420368280, 0xc420485200, 0xc42020b8f0, 0x1, 0x1) /go/src/github.com/theupdateframework/notary/client/client.go:169 +0xd9 fp=0xc42019b700 sp=0xc42019b630 pc=0x43d0819 github.com/theupdateframework/notary/client.(repository).createNewPublicKeyFromKeyIDs(0xc42012a4d0, 0xc42020b8d0, 0x1, 0x1, 0xc4200beea0, 0x1a0, 0xc42019b818, 0x4034a1b, 0x4013b7c) /go/src/github.com/theupdateframework/notary/client/client.go:276 +0x140 fp=0xc42019b7a8 sp=0xc42019b700 pc=0x43d1710 github.com/theupdateframework/notary/client.(repository).initialize(0xc42012a4d0, 0xc42020b8d0, 0x1, 0x1, 0xc42020b8e0, 0x0, 0x1, 0x0, 0x0, 0x0, ...) /go/src/github.com/theupdateframework/notary/client/client.go:222 +0x425 fp=0xc42019ba70 sp=0xc42019b7a8 pc=0x43d0e45 github.com/theupdateframework/notary/client.(repository).InitializeWithCertificate(0xc42012a4d0, 0xc42020b8d0, 0x1, 0x1, 0xc42020b8e0, 0x0, 0x1, 0x0, 0x0, 0x0, ...) /go/src/github.com/theupdateframework/notary/client/client.go:366 +0x400 fp=0xc42019bc10 sp=0xc42019ba70 pc=0x43d2380 main.(tufCommander).tufInit(0xc4200b7ad0, 0xc42034d200, 0xc420269200, 0x1, 0x2, 0x0, 0x0) /go/src/github.com/theupdateframework/notary/cmd/notary/tuf.go:505 +0x232 fp=0xc42019bcd8 sp=0xc42019bc10 pc=0x442f602 main.(tufCommander).(main.tufInit)-fm(0xc42034d200, 0xc420269200, 0x1, 0x2, 0x0, 0x0) /go/src/github.com/theupdateframework/notary/cmd/notary/tuf.go:139 +0x52 fp=0xc42019bd20 sp=0xc42019bcd8 pc=0x4435462 github.com/theupdateframework/notary/vendor/github.com/spf13/cobra.(Command).execute(0xc42034d200, 0xc4202691c0, 0x2, 0x2, 0xc42034d200, 0xc4202691c0) /go/src/github.com/theupdateframework/notary/vendor/github.com/spf13/cobra/command.go:698 +0x46d fp=0xc42019bdc8 sp=0xc42019bd20 pc=0x4171a0d github.com/theupdateframework/notary/vendor/github.com/spf13/cobra.(Command).ExecuteC(0xc4200d4fc0, 0x0, 0x0, 0x0) /go/src/github.com/theupdateframework/notary/vendor/github.com/spf13/cobra/command.go:783 +0x2e4 fp=0xc42019bef8 sp=0xc42019bdc8 pc=0x4172184 github.com/theupdateframework/notary/vendor/github.com/spf13/cobra.(*Command).Execute(0xc4200d4fc0, 0xc4200d4fc0, 0x0) /go/src/github.com/theupdateframework/notary/vendor/github.com/spf13/cobra/command.go:736 +0x2b fp=0xc42019bf28 sp=0xc42019bef8 pc=0x4171e7b main.main() /go/src/github.com/theupdateframework/notary/cmd/notary/main.go:196 +0x6a fp=0xc42019bf88 sp=0xc42019bf28 pc=0x442866a runtime.main() /usr/local/go/src/runtime/proc.go:198 +0x212 fp=0xc42019bfe0 sp=0xc42019bf88 pc=0x402d512 runtime.goexit() /usr/local/go/src/runtime/asm_amd64.s:2361 +0x1 fp=0xc42019bfe8 sp=0xc42019bfe0 pc=0x4057771

goroutine 19 [syscall]: os/signal.signal_recv(0x0) /usr/local/go/src/runtime/sigqueue.go:139 +0xa7 os/signal.loop() /usr/local/go/src/os/signal/signal_unix.go:22 +0x22 created by os/signal.init.0 /usr/local/go/src/os/signal/signal_unix.go:28 +0x41

rax 0x0 rbx 0x7fff95eaf380 rcx 0x7ffeefbff2d8 rdx 0x0 rdi 0x307 rsi 0x6 rbp 0x7ffeefbff310 rsp 0x7ffeefbff2d8 r8 0x10 r9 0xfffffff0 r10 0x0 r11 0x206 r12 0x307 r13 0x49f3000 r14 0x6 r15 0x2d rip 0x7fff5d4c0b6e rflags 0x206 cs 0x7 fs 0x0 gs 0x0

justincormack commented 6 years ago

Ugh. I would think this is likely an issue with libykcs11.dylib as Notary itself doesn't call malloc directly, so it may be worth opening an issue on https://github.com/Yubico/yubico-piv-tool as a starting point.

cyli commented 6 years ago

cc @a-dma - Apologies - would you happen to know what this was?

a-dma commented 6 years ago

Not at a glance, too many abstraction layers. If you say that Notary doesn't call malloc then ykcs11 is the next likely suspect, but a tighter scoped/more detailed repro would be needed.

seemethere commented 5 years ago

Also experiencing this as well:

Segmentation fault ``` docker(97141,0x70000daf2000) malloc: Incorrect checksum for freed object 0x7802990: probably modified after being freed. Corrupt value: 0x3d45622d0f5384 docker(97141,0x70000daf2000) malloc: *** set a breakpoint in malloc_error_break to debug SIGABRT: abort PC=0x7fff5d4cdb86 m=15 sigcode=0 goroutine 0 [idle]: runtime: unknown pc 0x7fff5d4cdb86 stack: frame={sp:0x70000daf1b08, fp:0x0} stack=[0x70000da722b0,0x70000daf1eb0) 000070000daf1a08: 0000000000000000 00007fff5d55db1e 000070000daf1a18: 000070000daf1a68 0000003000000020 000070000daf1a28: 0000000007dcd000 000070000daf2000 000070000daf1a38: 00007ffeefbff2d8 00007fff5d55daa9 000070000daf1a48: 0000000000000043 000070000daf1b30 000070000daf1a58: 00007fff5d577085 0000003000000018 000070000daf1a68: 000070000daf1b40 000070000daf1a80 000070000daf1a78: 000070000daf1a30 0000000000000000 000070000daf1a88: 0000000000000000 00007fff5d55daa9 000070000daf1a98: 0000000007dcd04d 0000000000000000 000070000daf1aa8: 0000000000000000 00007fff5d55dda0 000070000daf1ab8: 000070000daf1b28 0000000000000000 000070000daf1ac8: 0000000007dcc000 000070000daf1af8 000070000daf1ad8: 0000000000000043 000070000daf1b10 000070000daf1ae8: 00007fff5d4ca479 000070000daf1b30 000070000daf1af8: 0000000007dcd000 0000000007dcc028 000070000daf1b08: <00007fff5d583c50 000070000daf2000 000070000daf1b18: 000070000daf1b58 0000000000000000 000070000daf1b28: 0000000007dcc000 0000000000000000 000070000daf1b38: 0000000000000043 000070000daf1b70 000070000daf1b48: 00007fff5d4371c9 00007fff8f43d60c 000070000daf1b58: 00000000ffffffdf ffffffff00000000 000070000daf1b68: 0000000007dcc028 000070000daf1bd0 000070000daf1b78: 00007fff5d5456e2 000070000daf1cb0 000070000daf1b88: 000070000daf2000 000070000daf1c90 000070000daf1b98: 0000000000000000 00007fff5d55aa45 000070000daf1ba8: 000000000000000c 0000000022174bb5 000070000daf1bb8: 0000000000000028 0000000000000000 000070000daf1bc8: 0000000000000000 000070000daf1cb0 000070000daf1bd8: 00007fff5d55986c 0000000006ca6800 000070000daf1be8: 0000000000000003 000000000b8fc09c 000070000daf1bf8: 0000000007802990 003d45622d0f5384 runtime: unknown pc 0x7fff5d4cdb86 stack: frame={sp:0x70000daf1b08, fp:0x0} stack=[0x70000da722b0,0x70000daf1eb0) 000070000daf1a08: 0000000000000000 00007fff5d55db1e 000070000daf1a18: 000070000daf1a68 0000003000000020 000070000daf1a28: 0000000007dcd000 000070000daf2000 000070000daf1a38: 00007ffeefbff2d8 00007fff5d55daa9 000070000daf1a48: 0000000000000043 000070000daf1b30 000070000daf1a58: 00007fff5d577085 0000003000000018 000070000daf1a68: 000070000daf1b40 000070000daf1a80 000070000daf1a78: 000070000daf1a30 0000000000000000 000070000daf1a88: 0000000000000000 00007fff5d55daa9 000070000daf1a98: 0000000007dcd04d 0000000000000000 000070000daf1aa8: 0000000000000000 00007fff5d55dda0 000070000daf1ab8: 000070000daf1b28 0000000000000000 000070000daf1ac8: 0000000007dcc000 000070000daf1af8 000070000daf1ad8: 0000000000000043 000070000daf1b10 000070000daf1ae8: 00007fff5d4ca479 000070000daf1b30 000070000daf1af8: 0000000007dcd000 0000000007dcc028 000070000daf1b08: <00007fff5d583c50 000070000daf2000 000070000daf1b18: 000070000daf1b58 0000000000000000 000070000daf1b28: 0000000007dcc000 0000000000000000 000070000daf1b38: 0000000000000043 000070000daf1b70 000070000daf1b48: 00007fff5d4371c9 00007fff8f43d60c 000070000daf1b58: 00000000ffffffdf ffffffff00000000 000070000daf1b68: 0000000007dcc028 000070000daf1bd0 000070000daf1b78: 00007fff5d5456e2 000070000daf1cb0 000070000daf1b88: 000070000daf2000 000070000daf1c90 000070000daf1b98: 0000000000000000 00007fff5d55aa45 000070000daf1ba8: 000000000000000c 0000000022174bb5 000070000daf1bb8: 0000000000000028 0000000000000000 000070000daf1bc8: 0000000000000000 000070000daf1cb0 000070000daf1bd8: 00007fff5d55986c 0000000006ca6800 000070000daf1be8: 0000000000000003 000000000b8fc09c 000070000daf1bf8: 0000000007802990 003d45622d0f5384 goroutine 1 [syscall]: runtime.cgocall(0x529b070, 0xc420648678, 0x0) /usr/local/go/src/runtime/cgocall.go:128 +0x64 fp=0xc420648648 sp=0xc420648610 pc=0x4003b24 github.com/docker/cli/vendor/github.com/miekg/pkcs11._Cfunc_Finalize(0x7e00020, 0x0) _cgo_gotypes.go:847 +0x4a fp=0xc420648678 sp=0xc420648648 pc=0x44ff09a github.com/docker/cli/vendor/github.com/miekg/pkcs11.(*Ctx).Finalize.func1(0x7e00020, 0xc4206486d0) /go/src/github.com/docker/cli/vendor/github.com/miekg/pkcs11/pkcs11.go:865 +0x56 fp=0xc4206486b0 sp=0xc420648678 pc=0x450a5d6 github.com/docker/cli/vendor/github.com/miekg/pkcs11.(*Ctx).Finalize(0xc4203a2540, 0xc420648738, 0x4504261) /go/src/github.com/docker/cli/vendor/github.com/miekg/pkcs11/pkcs11.go:865 +0x37 fp=0xc4206486f0 sp=0xc4206486b0 pc=0x4502c57 github.com/docker/cli/vendor/github.com/theupdateframework/notary/trustmanager/yubikey.finalizeAndDestroy(0x58e5780, 0xc4203a2540) /go/src/github.com/docker/cli/vendor/github.com/theupdateframework/notary/trustmanager/yubikey/yubikeystore.go:817 +0x35 fp=0xc420648748 sp=0xc4206486f0 pc=0x4517c35 github.com/docker/cli/vendor/github.com/theupdateframework/notary/trustmanager/yubikey.cleanup(0x58e5780, 0xc4203a2540, 0x51b660) /go/src/github.com/docker/cli/vendor/github.com/theupdateframework/notary/trustmanager/yubikey/yubikeystore.go:813 +0x66 fp=0xc4206487a0 sp=0xc420648748 pc=0x4517b56 github.com/docker/cli/vendor/github.com/theupdateframework/notary/trustmanager/yubikey.(*YubiPrivateKey).Sign(0xc42003a800, 0x588e420, 0xc4200bc690, 0xc4208c3200, 0x88c, 0x900, 0x0, 0x0, 0xc42003f5c0, 0x40, ...) /go/src/github.com/docker/cli/vendor/github.com/theupdateframework/notary/trustmanager/yubikey/yubikeystore.go:208 +0x2c8 fp=0xc420648880 sp=0xc4206487a0 pc=0x4511468 github.com/docker/cli/vendor/github.com/theupdateframework/notary/tuf/signed.Sign(0x58d2c60, 0xc42088a1a0, 0xc42075cba0, 0xc42073d060, 0x1, 0x1, 0x1, 0xc42073d060, 0x1, 0x1, ...) /go/src/github.com/docker/cli/vendor/github.com/theupdateframework/notary/tuf/signed/sign.go:77 +0x891 fp=0xc420648f00 sp=0xc420648880 pc=0x44e5ba1 github.com/docker/cli/vendor/github.com/theupdateframework/notary/tuf.Repo.sign(0xc420434620, 0xc4202c6480, 0xc4200dce40, 0x0, 0x58d2c60, 0xc42088a1a0, 0xc420273050, 0x56efe8d, 0x4, 0x1, ...) /go/src/github.com/docker/cli/vendor/github.com/theupdateframework/notary/tuf/tuf.go:1064 +0x21a fp=0xc420648fd0 sp=0xc420648f00 pc=0x44f9f9a github.com/docker/cli/vendor/github.com/theupdateframework/notary/tuf.(*Repo).SignRoot(0xc4200d4d20, 0xc3cb818c5a3092f5, 0x4606241f79712b0, 0x63c2c20, 0x0, 0x0, 0x0, 0x4438e7f, 0xc4203940a0, 0x572a376) /go/src/github.com/docker/cli/vendor/github.com/theupdateframework/notary/tuf/tuf.go:933 +0x3c1 fp=0xc420649120 sp=0xc420648fd0 pc=0x44f8911 github.com/docker/cli/vendor/github.com/theupdateframework/notary/client.serializeCanonicalRole(0xc4200d4d20, 0x56efe8d, 0x4, 0x0, 0x0, 0x0, 0xc4204e9600, 0xc420649248, 0x400dc65, 0xc420649268, ...) /go/src/github.com/docker/cli/vendor/github.com/theupdateframework/notary/client/helpers.go:256 +0x372 fp=0xc4206491a0 sp=0xc420649120 pc=0x45284e2 github.com/docker/cli/vendor/github.com/theupdateframework/notary/client.(*repository).saveMetadata(0xc420244dc0, 0x1, 0x0, 0xc42003a580) /go/src/github.com/docker/cli/vendor/github.com/theupdateframework/notary/client/client.go:967 +0x9a fp=0xc420649470 sp=0xc4206491a0 pc=0x452053a github.com/docker/cli/vendor/github.com/theupdateframework/notary/client.(*repository).initialize(0xc420244dc0, 0xc4207bc240, 0x1, 0x1, 0x0, 0x0, 0x0, 0xc4207bc250, 0x1, 0x1, ...) /go/src/github.com/docker/cli/vendor/github.com/theupdateframework/notary/client/client.go:261 +0x8bc fp=0xc420649738 sp=0xc420649470 pc=0x451a66c github.com/docker/cli/vendor/github.com/theupdateframework/notary/client.(*repository).Initialize(0xc420244dc0, 0xc4207bc240, 0x1, 0x1, 0xc4207bc250, 0x1, 0x1, 0x0, 0x45) /go/src/github.com/docker/cli/vendor/github.com/theupdateframework/notary/client/client.go:324 +0x8b fp=0xc4206497a8 sp=0xc420649738 pc=0x451b14b github.com/docker/cli/cli/command/trust.getOrGenerateRootKeyAndInitRepo(0x58ec340, 0xc420244dc0, 0x5731ddd, 0x29) /go/src/github.com/docker/cli/cli/command/trust/helpers.go:46 +0x140 fp=0xc420649818 sp=0xc4206497a8 pc=0x518c5f0 github.com/docker/cli/cli/command/trust.addSignerToRepo(0x58e3520, 0xc4203bddd0, 0x7ffeefbff307, 0x2, 0x7ffeefbff30a, 0x1e, 0xc4204626f0, 0x1, 0x1, 0x0, ...) /go/src/github.com/docker/cli/cli/command/trust/signer_add.go:99 +0x302 fp=0xc420649a30 sp=0xc420649818 pc=0x5195b02 github.com/docker/cli/cli/command/trust.addSigner(0x58e3520, 0xc4203bddd0, 0xc420322e80, 0x0, 0x7ffeefbff307, 0x2, 0xc4203842d0, 0x1, 0x3, 0x0, ...) /go/src/github.com/docker/cli/cli/command/trust/signer_add.go:70 +0x351 fp=0xc420649c08 sp=0xc420649a30 pc=0x5195231 github.com/docker/cli/cli/command/trust.newSignerAddCommand.func1(0xc420213900, 0xc4203842c0, 0x2, 0x4, 0x0, 0x0) /go/src/github.com/docker/cli/cli/command/trust/signer_add.go:40 +0xd0 fp=0xc420649c70 sp=0xc420649c08 pc=0x5198520 github.com/docker/cli/vendor/github.com/spf13/cobra.(*Command).execute(0xc420213900, 0xc4200d6040, 0x4, 0x4, 0xc420213900, 0xc4200d6040) /go/src/github.com/docker/cli/vendor/github.com/spf13/cobra/command.go:762 +0x468 fp=0xc420649d60 sp=0xc420649c70 pc=0x4198848 github.com/docker/cli/vendor/github.com/spf13/cobra.(*Command).ExecuteC(0xc4205ab900, 0xc4205c87c0, 0x53fda80, 0xc4205c87d0) /go/src/github.com/docker/cli/vendor/github.com/spf13/cobra/command.go:852 +0x30a fp=0xc420649ea0 sp=0xc420649d60 pc=0x419925a github.com/docker/cli/vendor/github.com/spf13/cobra.(*Command).Execute(0xc4205ab900, 0xc4205ab900, 0x5890b20) /go/src/github.com/docker/cli/vendor/github.com/spf13/cobra/command.go:800 +0x2b fp=0xc420649ed0 sp=0xc420649ea0 pc=0x4198f2b main.main() /go/src/github.com/docker/cli/cmd/docker/docker.go:180 +0xdc fp=0xc420649f88 sp=0xc420649ed0 pc=0x5294f5c runtime.main() /usr/local/go/src/runtime/proc.go:198 +0x212 fp=0xc420649fe0 sp=0xc420649f88 pc=0x402dc22 runtime.goexit() /usr/local/go/src/runtime/asm_amd64.s:2361 +0x1 fp=0xc420649fe8 sp=0xc420649fe0 pc=0x4058101 goroutine 19 [syscall]: os/signal.signal_recv(0x0) /usr/local/go/src/runtime/sigqueue.go:139 +0xa7 os/signal.loop() /usr/local/go/src/os/signal/signal_unix.go:22 +0x22 created by os/signal.init.0 /usr/local/go/src/os/signal/signal_unix.go:28 +0x41 goroutine 7 [chan receive]: github.com/docker/cli/vendor/github.com/golang/glog.(*loggingT).flushDaemon(0x63c2e00) /go/src/github.com/docker/cli/vendor/github.com/golang/glog/glog.go:882 +0x8b created by github.com/docker/cli/vendor/github.com/golang/glog.init.0 /go/src/github.com/docker/cli/vendor/github.com/golang/glog/glog.go:410 +0x203 goroutine 9 [IO wait]: internal/poll.runtime_pollWait(0x7b01030, 0x72, 0xc4201a99a8) /usr/local/go/src/runtime/netpoll.go:173 +0x57 internal/poll.(*pollDesc).wait(0xc4203b4098, 0x72, 0xffffffffffffff00, 0x5892f80, 0x632a8f8) /usr/local/go/src/internal/poll/fd_poll_runtime.go:85 +0x9b internal/poll.(*pollDesc).waitRead(0xc4203b4098, 0xc4201a4000, 0x1000, 0x1000) /usr/local/go/src/internal/poll/fd_poll_runtime.go:90 +0x3d internal/poll.(*FD).Read(0xc4203b4080, 0xc4201a4000, 0x1000, 0x1000, 0x0, 0x0, 0x0) /usr/local/go/src/internal/poll/fd_unix.go:157 +0x1dc net.(*netFD).Read(0xc4203b4080, 0xc4201a4000, 0x1000, 0x1000, 0x40541c0, 0xc420000180, 0x4) /usr/local/go/src/net/fd_unix.go:202 +0x4f net.(*conn).Read(0xc4203a2018, 0xc4201a4000, 0x1000, 0x1000, 0x0, 0x0, 0x0) /usr/local/go/src/net/net.go:176 +0x6a net/http.(*persistConn).Read(0xc4200e45a0, 0xc4201a4000, 0x1000, 0x1000, 0xc4201a9b98, 0x4005b85, 0xc4203de1e0) /usr/local/go/src/net/http/transport.go:1453 +0x136 bufio.(*Reader).fill(0xc4200dc2a0) /usr/local/go/src/bufio/bufio.go:100 +0x11e bufio.(*Reader).Peek(0xc4200dc2a0, 0x1, 0x0, 0x0, 0x0, 0xc4203de240, 0x0) /usr/local/go/src/bufio/bufio.go:132 +0x3a net/http.(*persistConn).readLoop(0xc4200e45a0) /usr/local/go/src/net/http/transport.go:1601 +0x185 created by net/http.(*Transport).dialConn /usr/local/go/src/net/http/transport.go:1237 +0x95a goroutine 10 [select]: net/http.(*persistConn).writeLoop(0xc4200e45a0) /usr/local/go/src/net/http/transport.go:1822 +0x14b created by net/http.(*Transport).dialConn /usr/local/go/src/net/http/transport.go:1238 +0x97f rax 0x0 rbx 0x70000daf2000 rcx 0x70000daf1b08 rdx 0x0 rdi 0x4303 rsi 0x6 rbp 0x70000daf1b40 rsp 0x70000daf1b08 r8 0x0 r9 0x70000daf1a60 r10 0x0 r11 0x206 r12 0x4303 r13 0x7dcc000 r14 0x6 r15 0x2d rip 0x7fff5d4cdb86 rflags 0x206 cs 0x7 fs 0x0 gs 0x0 ```