When trying to sign git commits (i.e. git commit --gpg-sign) in Gentoo Linux, the gpg-agent service crashes in the background after pin entry.
gpg-agent was started using the arguments --homedir ${HOME}/.gnupg --daemon.
GDB log:
(gdb) thread apply all bt Thread 2 (Thread 0x7f0c8bd10640 (LWP 51364) "gpg-agent"): #0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:49 #1 0x00007f0c8bd38538 in __GI_abort () at abort.c:79 #2 0x00007f0c8bd90947 in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7f0c8be9b3c2 "%s\n") at ../sysdeps/posix/libc_fatal.c:155 #3 0x00007f0c8bd9839c in malloc_printerr (str=str@entry=0x7f0c8be99593 "free(): invalid pointer") at malloc.c:5389 #4 0x00007f0c8bd99754 in _int_free (av=<optimized out>, p=<optimized out>, have_lock=0) at malloc.c:4201 #5 0x00007f0c8bf4aa05 in _gcry_free (p=0x7f0c8c065100 <_gcry_pubkey_spec_ecc>) at /var/tmp/portage/dev-libs/libgcrypt-1.9.0/work/libgcrypt-1.9.0/src/global.c:1035 #6 0x00007f0c8bf5faa9 in _gcry_pk_util_free_encoding_ctx (ctx=ctx@entry=0x7f0c8bd0fb10) at /var/tmp/portage/dev-libs/libgcrypt-1.9.0/work/libgcrypt-1.9.0/cipher/pubkey-util.c:651 #7 0x00007f0c8bfcf5ea in ecc_sign (r_sig=0x7f0c8bd0fc20, s_data=<optimized out>, keyparms=<optimized out>) at /var/tmp/portage/dev-libs/libgcrypt-1.9.0/work/libgcrypt-1.9.0/cipher/ecc.c:766 #8 0x00007f0c8bf5e270 in _gcry_pk_sign (r_sig=r_sig@entry=0x7f0c8bd0fc20, s_hash=s_hash@entry=0x7f0c84003e80, s_skey=s_skey@entry=0x7f0c8c091010) at /var/tmp/portage/dev-libs/libgcrypt-1.9.0/work/libgcrypt-1.9.0/cipher/pubkey.c:430 #9 0x00007f0c8bf47cd6 in gcry_pk_sign (result=result@entry=0x7f0c8bd0fc20, data=0x7f0c84003e80, skey=0x7f0c8c091010) at /var/tmp/portage/dev-libs/libgcrypt-1.9.0/work/libgcrypt-1.9.0/src/visibility.c:1002 #10 0x0000558e6185b8bb in agent_pksign_do (ctrl=ctrl@entry=0x558e62cdeeb0, cache_nonce=cache_nonce@entry=0x0, desc_text=<optimized out>, signature_sexp=signature_sexp@entry=0x7f0c8bd0fcb0, cache_mode=cache_mode@entry=CACHE_MODE_NORMAL, lookup_ttl=lookup_ttl@entry=0x0, overridedata=0x0, overridedatalen=0) at pksign.c:484 #11 0x0000558e6185bf87 in agent_pksign (ctrl=ctrl@entry=0x558e62cdeeb0, cache_nonce=cache_nonce@entry=0x0, desc_text=<optimized out>, outbuf=outbuf@entry=0x7f0c8bd0fd00, cache_mode=cache_mode@entry=CACHE_MODE_NORMAL) at pksign.c:550 #12 0x0000558e6184e18a in cmd_pksign (ctx=0x7f0c84000bc0, line=<optimized out>) at command.c:776 #13 0x00007f0c8bf02a65 in dispatch_command (ctx=0x7f0c84000bc0, line=0x7f0c84000d16 "", linelen=<optimized out>) at assuan-handler.c:676 #14 0x00007f0c8bf02e59 in process_request (ctx=0x7f0c84000bc0) at assuan-handler.c:872 #15 assuan_process (ctx=0x7f0c84000bc0) at assuan-handler.c:895 #16 0x0000558e6184ff28 in start_command_handler (ctrl=ctrl@entry=0x558e62cdeeb0, listen_fd=listen_fd@entry=-1, fd=9) at command.c:3555 #17 0x0000558e618480a6 in do_start_connection_thread (ctrl=0x558e62cdeeb0) at gpg-agent.c:2712 #18 0x00007f0c8bef549e in thread_start (startup_arg=<optimized out>) at npth.c:306 #19 0x00007f0c8bedaf9e in start_thread (arg=0x7f0c8bd10640) at pthread_create.c:463 #20 0x00007f0c8be1075f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95 Thread 1 (Thread 0x7f0c8bd11740 (LWP 51344) "gpg-agent"): #0 0x00007f0c8be08116 in __pselect (nfds=nfds@entry=9, readfds=readfds@entry=0x7ffdd97d5fa0, writefds=writefds@entry=0x0, exceptfds=exceptfds@entry=0x0, timeout=<optimized out>, timeout@entry=0x7ffdd97d5e00, sigmask=0x7ffdd97d5d10, sigmask@entry=0x7f0c8bef9120 <sigev_unblock>) at ../sysdeps/unix/sysv/linux/pselect.c:48 #1 0x00007f0c8bef5bcf in npth_pselect (nfd=nfd@entry=9, rfds=rfds@entry=0x7ffdd97d5fa0, wfds=wfds@entry=0x0, efds=efds@entry=0x0, timeout=timeout@entry=0x7ffdd97d5e00, sigmask=0x7f0c8bef9120 <sigev_unblock>) at npth.c:626 #2 0x0000558e618491d6 in handle_connections (listen_fd=listen_fd@entry=3, listen_fd_extra=listen_fd_extra@entry=4, listen_fd_browser=listen_fd_browser@entry=5, listen_fd_ssh=listen_fd_ssh@entry=6) at gpg-agent.c:2995 #3 0x0000558e6184685b in main (argc=<optimized out>, argv=<optimized out>) at gpg-agent.c:1790 (gdb) bt full #0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:49 set = {__val = {18947, 7, 32, 24, 139689516335106, 16, 64, 0, 206158430210, 0, 0, 0, 511101108315, 532575944814, 0, 0}} pid = <optimized out> tid = <optimized out> ret = <optimized out> #1 0x00007f0c8bd38538 in __GI_abort () at abort.c:79 save_stage = 1 act = {__sigaction_handler = {sa_handler = 0x1, sa_sigaction = 0x1}, sa_mask = {__val = {139691865236869, 1, 0, 139691730937744, 139691865238746, 139691862063360, 139691862063360, 1, 139691864399886, 139691862063328, 11612996636591345152, 139691862063464, 24, 139691862063360, 139691864405888, 139691730944224}}, sa_flags = -1512747520, sa_restorer = 0x1} sigs = {__val = {32, 139691862063184, 8, 139691864399886, 139691730937968, 2, 139691730938000, 8, 139691862063184, 139691864405888, 139691730937968, 11612996636591345152, 139691730944288, 139691730937744, 1, 139691864406304}} #2 0x00007f0c8bd90947 in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7f0c8be9b3c2 "%s\n") at ../sysdeps/posix/libc_fatal.c:155 ap = {{gp_offset = 24, fp_offset = 32524, overflow_arg_area = 0x7f0c8bd0fa40, reg_save_area = 0x7f0c8bd0f9d0}} fd = <optimized out> list = <optimized out> nlist = <optimized out> cp = <optimized out> #3 0x00007f0c8bd9839c in malloc_printerr (str=str@entry=0x7f0c8be99593 "free(): invalid pointer") at malloc.c:5389 No locals. #4 0x00007f0c8bd99754 in _int_free (av=<optimized out>, p=<optimized out>, have_lock=0) at malloc.c:4201 size = 0 fb = <optimized out> nextchunk = <optimized out> nextsize = <optimized out> nextinuse = <optimized out> prevsize = <optimized out> bck = <optimized out> fwd = <optimized out> __PRETTY_FUNCTION__ = "_int_free" #5 0x00007f0c8bf4aa05 in _gcry_free (p=0x7f0c8c065100 <_gcry_pubkey_spec_ecc>) at /var/tmp/portage/dev-libs/libgcrypt-1.9.0/work/libgcrypt-1.9.0/src/global.c:1035 save_errno = 2 #6 0x00007f0c8bf5faa9 in _gcry_pk_util_free_encoding_ctx (ctx=ctx@entry=0x7f0c8bd0fb10) at /var/tmp/portage/dev-libs/libgcrypt-1.9.0/work/libgcrypt-1.9.0/cipher/pubkey-util.c:651 No locals. #7 0x00007f0c8bfcf5ea in ecc_sign (r_sig=0x7f0c8bd0fc20, s_data=<optimized out>, keyparms=<optimized out>) at /var/tmp/portage/dev-libs/libgcrypt-1.9.0/work/libgcrypt-1.9.0/cipher/ecc.c:766 rc = GPG_ERR_INV_OBJ ctx = {op = 1657663472, nbits = 21902, encoding = PUBKEY_ENC_PKCS1_RAW, flags = 0, hash_algo = -2080359072, label = 0x7f0c8c065100 <_gcry_pubkey_spec_ecc> "\022", labellen = 0, saltlen = 139691864402437, verify_cmp = 0x558e62cdeff0, verify_arg = 0x7f0c8bf16ff8 <_gpg_err_set_errno+8>} data = 0x0 sig_r = 0x0 sig_s = 0x0 ec = 0x0 flags = 36864 #8 0x00007f0c8bf5e270 in _gcry_pk_sign (r_sig=r_sig@entry=0x7f0c8bd0fc20, s_hash=s_hash@entry=0x7f0c84003e80, s_skey=s_skey@entry=0x7f0c8c091010) at /var/tmp/portage/dev-libs/libgcrypt-1.9.0/work/libgcrypt-1.9.0/cipher/pubkey.c:430 rc = <optimized out> spec = 0x7f0c8c065100 <_gcry_pubkey_spec_ecc> keyparms = 0x7f0c84003d60 #9 0x00007f0c8bf47cd6 in gcry_pk_sign (result=result@entry=0x7f0c8bd0fc20, data=0x7f0c84003e80, skey=0x7f0c8c091010) at /var/tmp/portage/dev-libs/libgcrypt-1.9.0/work/libgcrypt-1.9.0/src/visibility.c:1002 No locals. #10 0x0000558e6185b8bb in agent_pksign_do (ctrl=ctrl@entry=0x558e62cdeeb0, cache_nonce=cache_nonce@entry=0x0, desc_text=<optimized out>, signature_sexp=signature_sexp@entry=0x7f0c8bd0fcb0, cache_mode=cache_mode@entry=CACHE_MODE_NORMAL, lookup_ttl=lookup_ttl@entry=0x0, overridedata=0x0, overridedatalen=0) at pksign.c:484 dsaalgo = <optimized out> err = 0 s_skey = 0x7f0c8c091010 s_sig = 0x0 s_hash = 0x7f0c84003e80 s_pkey = 0x0 shadow_info = 0x0 data = 0x558e62cdeef4 "\370\225\346\035\244\253\342.ڶ\375\025\065\252\274Ѫ\246\336A\251\321Ai\326e\222\360\217.\302<" datalen = <optimized out> check_signature = 0 #11 0x0000558e6185bf87 in agent_pksign (ctrl=ctrl@entry=0x558e62cdeeb0, cache_nonce=cache_nonce@entry=0x0, desc_text=<optimized out>, outbuf=outbuf@entry=0x7f0c8bd0fd00, cache_mode=cache_mode@entry=CACHE_MODE_NORMAL) at pksign.c:550 err = <optimized out> s_sig = 0x0 buf = 0x0 len = 0 __FUNCTION__ = "agent_pksign" #12 0x0000558e6184e18a in cmd_pksign (ctx=0x7f0c84000bc0, line=<optimized out>) at command.c:776 err = <optimized out> cache_mode = CACHE_MODE_NORMAL ctrl = 0x558e62cdeeb0 outbuf = {len = 0, size = 512, buf = 0x7f0c84001fd0 "\001@\310\360\a", out_of_core = 0} cache_nonce = 0x0 p = <optimized out> #13 0x00007f0c8bf02a65 in dispatch_command (ctx=0x7f0c84000bc0, line=0x7f0c84000d16 "", linelen=<optimized out>) at assuan-handler.c:676 err = <optimized out> p = <optimized out> s = <optimized out> shift = 6 i = <optimized out> #14 0x00007f0c8bf02e59 in process_request (ctx=0x7f0c84000bc0) at assuan-handler.c:872 rc = 0 rc = <optimized out> #15 assuan_process (ctx=0x7f0c84000bc0) at assuan-handler.c:895 rc = <optimized out> #16 0x0000558e6184ff28 in start_command_handler (ctrl=ctrl@entry=0x558e62cdeeb0, listen_fd=listen_fd@entry=-1, fd=9) at command.c:3555 client_pid = <optimized out> rc = <optimized out> ctx = 0x7f0c84000bc0 #17 0x0000558e618480a6 in do_start_connection_thread (ctrl=0x558e62cdeeb0) at gpg-agent.c:2712 No locals. #18 0x00007f0c8bef549e in thread_start (startup_arg=<optimized out>) at npth.c:306 startup = <optimized out> start_routine = 0x558e618487a0 <start_connection_thread_std> arg = 0x558e62cdeeb0 result = <optimized out> #19 0x00007f0c8bedaf9e in start_thread (arg=0x7f0c8bd10640) at pthread_create.c:463 ret = <optimized out> pd = 0x7f0c8bd10640 unwind_buf = {cancel_jmp_buf = {{jmp_buf = {139691862066752, -3528773724256371730, 140728252324910, 140728252324911, 0, 8396800, 3539355827841760238, 3539355577167608814}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}} not_first_call = 0 #20 0x00007f0c8be1075f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95 No locals.
Valgrind output:
==51164== Parent PID: 51162 ==51164== ==51164== Thread 2: ==51164== Conditional jump or move depends on uninitialised value(s) ==51164== at 0x488F9B3: _gcry_free (global.c:1025) ==51164== by 0x49145E9: ecc_sign (ecc.c:766) ==51164== by 0x48A326F: _gcry_pk_sign (pubkey.c:430) ==51164== by 0x488CCD5: gcry_pk_sign (visibility.c:1002) ==51164== by 0x1288BA: agent_pksign_do (pksign.c:484) ==51164== by 0x128F86: agent_pksign (pksign.c:550) ==51164== by 0x11B189: cmd_pksign (command.c:776) ==51164== by 0x49DCA64: dispatch_command.isra.0 (assuan-handler.c:676) ==51164== by 0x49DCE58: process_request (assuan-handler.c:872) ==51164== by 0x49DCE58: assuan_process (assuan-handler.c:895) ==51164== by 0x11CF27: start_command_handler (command.c:3555) ==51164== by 0x1150A5: do_start_connection_thread (gpg-agent.c:2712) ==51164== by 0x49EC49D: thread_start (npth.c:306) ==51164== Uninitialised value was created by a stack allocation ==51164== at 0x49144A0: ecc_sign (ecc.c:682) ==51164== ==51164== ==51164== HEAP SUMMARY: ==51164== in use at exit: 55,660 bytes in 72 blocks ==51164== total heap usage: 343 allocs, 271 frees, 193,647 bytes allocated ==51164== ==51164== Thread 1: ==51164== 34 bytes in 1 blocks are definitely lost in loss record 32 of 58 ==51164== at 0x483877F: malloc (vg_replace_malloc.c:307) ==51164== by 0x488F00D: do_malloc.constprop.0.isra.0 (global.c:920) ==51164== by 0x48905A4: _gcry_malloc (global.c:942) ==51164== by 0x48905A4: _gcry_realloc_core (global.c:996) ==51164== by 0x49B3D6C: _gpgrt_realloc (init.c:247) ==51164== by 0x49B3D6C: _gpgrt_strdup (init.c:348) ==51164== by 0x49C64A7: _gpgrt_argparser (argparse.c:1672) ==51164== by 0x1129A5: main (gpg-agent.c:1163) ==51164== ==51164== 39 bytes in 1 blocks are definitely lost in loss record 36 of 58 ==51164== at 0x483877F: malloc (vg_replace_malloc.c:307) ==51164== by 0x488F00D: do_malloc.constprop.0.isra.0 (global.c:920) ==51164== by 0x48905A4: _gcry_malloc (global.c:942) ==51164== by 0x48905A4: _gcry_realloc_core (global.c:996) ==51164== by 0x49B3D6C: _gpgrt_realloc (init.c:247) ==51164== by 0x49B3D6C: _gpgrt_strdup (init.c:348) ==51164== by 0x49C4231: _gpgrt_argparse.part.0 (argparse.c:1237) ==51164== by 0x49C5DAF: _gpgrt_argparse (argparse.c:968) ==51164== by 0x49C5DAF: _gpgrt_argparser (argparse.c:1809) ==51164== by 0x1129A5: main (gpg-agent.c:1163) ==51164== ==51164== LEAK SUMMARY: ==51164== definitely lost: 73 bytes in 2 blocks ==51164== indirectly lost: 0 bytes in 0 blocks ==51164== possibly lost: 0 bytes in 0 blocks ==51164== still reachable: 55,587 bytes in 70 blocks ==51164== suppressed: 0 bytes in 0 blocks
Output of emerge -qpv --nodeps glibc libgcrypt gnupg:
[ebuild R ] sys-libs/glibc-2.32-r5 USE="caps (crypt) doc multiarch profile (ssp) (static-libs) -audit (-cet) -compile-locales -custom-cflags -gd -headers-only (-multilib) -nscd (-selinux) -static-pie -suid -systemtap -test (-vanilla)" [ebuild R ] dev-libs/libgcrypt-1.9.0 USE="asm doc static-libs -o-flag-munging" [ebuild R ] app-crypt/gnupg-2.2.27 USE="bzip2 doc readline smartcard ssl tools usb -ldap -nls -scd-shared-access (-selinux) -tofu -user-socket -wks-server"