Re: git: 43741377b143 - main - security/openssl: Security update to 1.1.1n

In reply to: Mark Johnston : "Re: git: 43741377b143 - main - security/openssl: Security update to 1.1.1n"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Thomas Zander <riggs_at_freebsd.org>
Date: Sat, 19 Mar 2022 17:02:41 UTC

It's probably not a specific port that allows it to reproduce. I have
seen the problem locally (Xeon Sandy Bridge) on the png and python38
ports.
I also could reproduce the problem on an Azure VM, instance type
"Standard D4as v4" (AMD EPYC 7452), so it does not seem to be limited
to a particular microarchitecture.

On Sat, 19 Mar 2022 at 17:43, Mark Johnston <markj@freebsd.org> wrote:
>
> On Sat, Mar 19, 2022 at 12:40:45PM +0100, Thomas Zander wrote:
> > On Sat, 19 Mar 2022 at 12:11, Rene Ladan <rene@freebsd.org> wrote:
> > >
> > > On Sat, Mar 19, 2022 at 11:04:58AM +0100, Thomas Zander wrote:
> > > > On Sat, 19 Mar 2022 at 09:00, Matthias Fechner <mfechner@freebsd.org> wrote:
> > > >
> > > > > I can confirm now, the problem is definitely related to the -p8 update.
> > > > > I rolled back now to -p7 using `freebsd-update rollback`.
> > > > > [...]
> > > > > System is now up and running again.
> > > > > This all works even if poudriere jail is using -p8. No need to downgrade the jail/base version poudriere is using.
> > > > > It is caused by the kernel so the ZFS patch seems to be broken and -p8 should maybe not rolled out to not break more systems of users.
> > > >
> > > > On top of "stop rollout", there is the question how to identify the
> > > > broken files for the users who have already upgraded to -p8. A `zpool
> > > > scrub` presumably won't help.
> > >
> > > I think it also applies to 13.1-BETA2 ?
> > >
> > > Should we involve/CC some src committers?
> >
> > I have just rolled back to -p7 and run a number of test builds in
> > poudriere (the jails still have the -p8 user land). I see the same as
> > Matthias and Christoph, the rollback to the -p7 kernel/zfs resolved
> > the build problems, there are no NUL byte files generated anymore.
> > Adding markj@ to the discussion. Mark, the TLDR so far:
> > - One of the zfs patches in -p8 seems to cause erroneous writes.
> > - We noticed because of many build failures with poudriere (presumably
> > highly io-loaded during build).
> > - Symptom: Production of files with large runs of NUL-bytes.
>
> I've had zero luck reproducing this locally.  I built several hundred
> ports, including textproc/py-pystemmer mentioned elsewhere in the
> thread, without any failures or instances of zero-filled files.  Another
> member of secteam also hasn't been able to trigger any build failures on
> -p8.  Any hints on a reproducer would be useful.
>
> We can simply push a -p9 which reverts EN-22:10 and :11, but of course
> it would be preferable to precisely identify the problem.