Invalid `free()` attempting to instantiate an expression with Arch Linux Nix package #10644

LordMZTE · 2024-05-04T10:12:50Z

Describe the bug

Instantiating the below Nix expression will lead to memory corruption. In the case of the following example, this manifests itself as an invalid free() call, but in a flake where I first encountered this, it caused a segmentation fault.

Steps To Reproduce

Create a file bug.nix:

with import <nixpkgs> { };
(pkgs.mkYarnPackage {
  name = "yamlls";
  src = pkgs.fetchFromGitHub {
    owner = "redhat-developer";
    repo = "yaml-language-server";
    rev = "dfccc6fc095faeb5d07051b51f308478cdac70fd";
    hash = "sha256-klgAyp7rZvKhVPsOetaubizG5ZoynjdVd33vj/50/CM=";
  };
})

nix-instantiate bug.nix

free(): invalid next size (fast)
fish: Job 2, 'nix-instantiate bug.nix' terminated by signal SIGABRT (Abort)

Expected behavior

The expression is instantiated successfully.

nix-env --version output
nix-env (Nix) 2.22.0

Additional context

OS: Arch Linux 6.8.8
A nix daemon is in use but does not report any errors
lib.trivial.version of the nixpkgs used: 24.05pre588366.9a9dae8f6319

GDB Backtrace

#0  0x00007ffff72ac194 in ?? () from /usr/lib/libc.so.6
#1  0x00007ffff7258d70 in raise () from /usr/lib/libc.so.6
#2  0x00007ffff72404c0 in abort () from /usr/lib/libc.so.6
#3  0x00007ffff72413c2 in ?? () from /usr/lib/libc.so.6
#4  0x00007ffff72b6305 in ?? () from /usr/lib/libc.so.6
#5  0x00007ffff72b874c in ?? () from /usr/lib/libc.so.6
#6  0x00007ffff72bb07e in free () from /usr/lib/libc.so.6
#7  0x00007ffff7c70d1e in ?? () from /usr/lib/libnixexpr.so
#8  0x00007ffff7c9985d in nix::ExprConcatStrings::eval(nix::EvalState&, nix::Env&, nix::Value&) ()
   from /usr/lib/libnixexpr.so
#9  0x00007ffff7d05856 in ?? () from /usr/lib/libnixexpr.so
#10 0x00007ffff7c936cc in nix::EvalState::callFunction(nix::Value&, unsigned long, nix::Value**, nix::Value&, nix::PosIdx) () from /usr/lib/libnixexpr.so
#11 0x00007ffff7c96714 in nix::ExprCall::eval(nix::EvalState&, nix::Env&, nix::Value&) ()
   from /usr/lib/libnixexpr.so
#12 0x00007ffff7c7b88d in ?? () from /usr/lib/libnixexpr.so
#13 0x00007ffff7d02582 in nix::prim_getAttr(nix::EvalState&, nix::PosIdx, nix::Value**, nix::Value&) ()
   from /usr/lib/libnixexpr.so
#14 0x00007ffff7c936cc in nix::EvalState::callFunction(nix::Value&, unsigned long, nix::Value**, nix::Value&, nix::PosIdx) () from /usr/lib/libnixexpr.so
#15 0x00007ffff7c96714 in nix::ExprCall::eval(nix::EvalState&, nix::Env&, nix::Value&) ()
   from /usr/lib/libnixexpr.so
#16 0x00007ffff7c94bb8 in nix::ExprSelect::eval(nix::EvalState&, nix::Env&, nix::Value&) ()
   from /usr/lib/libnixexpr.so
#17 0x00007ffff7c98782 in nix::EvalState::coerceToString(nix::PosIdx, nix::Value&, std::set<nix::NixStringContextElem, std::less<nix::NixStringContextElem>, std::allocator<nix::NixStringContextElem> >&, std::basic_string_view<char, std::char_traits<char> >, bool, bool, bool) () from /usr/lib/libnixexpr.so
#18 0x00007ffff7c98aa1 in nix::EvalState::coerceToString(nix::PosIdx, nix::Value&, std::set<nix::NixStringContextElem, std::less<nix::NixStringContextElem>, std::allocator<nix::NixStringContextElem> >&, std::basic_string_view<char, std::char_traits<char> >, bool, bool, bool) () from /usr/lib/libnixexpr.so
#19 0x00007ffff7c98f04 in nix::ExprConcatStrings::eval(nix::EvalState&, nix::Env&, nix::Value&) ()
   from /usr/lib/libnixexpr.so
#20 0x00007ffff7c9468f in nix::ExprSelect::eval(nix::EvalState&, nix::Env&, nix::Value&) ()
   from /usr/lib/libnixexpr.so
#21 0x00007ffff7d05856 in ?? () from /usr/lib/libnixexpr.so
#22 0x00007ffff7c936cc in nix::EvalState::callFunction(nix::Value&, unsigned long, nix::Value**, nix::Value&, nix::PosIdx) () from /usr/lib/libnixexpr.so
#23 0x00007ffff7c96714 in nix::ExprCall::eval(nix::EvalState&, nix::Env&, nix::Value&) ()
   from /usr/lib/libnixexpr.so
#24 0x00007ffff7c7b88d in ?? () from /usr/lib/libnixexpr.so
#25 0x00007ffff7d02582 in nix::prim_getAttr(nix::EvalState&, nix::PosIdx, nix::Value**, nix::Value&) ()
   from /usr/lib/libnixexpr.so
#26 0x00007ffff7c936cc in nix::EvalState::callFunction(nix::Value&, unsigned long, nix::Value**, nix::Value&, nix::PosIdx) () from /usr/lib/libnixexpr.so
#27 0x00007ffff7c96714 in nix::ExprCall::eval(nix::EvalState&, nix::Env&, nix::Value&) ()
   from /usr/lib/libnixexpr.so
#28 0x00007ffff7c94bb8 in nix::ExprSelect::eval(nix::EvalState&, nix::Env&, nix::Value&) ()
   from /usr/lib/libnixexpr.so
#29 0x00007ffff7c98782 in nix::EvalState::coerceToString(nix::PosIdx, nix::Value&, std::set<nix::NixStringContextElem, std::less<nix::NixStringContextElem>, std::allocator<nix::NixStringContextElem> >&, std::basic_string_view<char, std::char_traits<char> >, bool, bool, bool) () from /usr/lib/libnixexpr.so
#30 0x00007ffff7c98aa1 in nix::EvalState::coerceToString(nix::PosIdx, nix::Value&, std::set<nix::NixStringContextElem, std::less<nix::NixStringContextElem>, std::allocator<nix::NixStringContextElem> >&, std::basic_string_view<char, std::char_traits<char> >, bool, bool, bool) () from /usr/lib/libnixexpr.so
#31 0x00007ffff7c98f04 in nix::ExprConcatStrings::eval(nix::EvalState&, nix::Env&, nix::Value&) ()
   from /usr/lib/libnixexpr.so
#32 0x00007ffff7d05856 in ?? () from /usr/lib/libnixexpr.so
#33 0x00007ffff7c936cc in nix::EvalState::callFunction(nix::Value&, unsigned long, nix::Value**, nix::Value&, nix::PosIdx) () from /usr/lib/libnixexpr.so
#34 0x00007ffff7c96714 in nix::ExprCall::eval(nix::EvalState&, nix::Env&, nix::Value&) ()
   from /usr/lib/libnixexpr.so
#35 0x00007ffff7c7b88d in ?? () from /usr/lib/libnixexpr.so
#36 0x00007ffff7d02582 in nix::prim_getAttr(nix::EvalState&, nix::PosIdx, nix::Value**, nix::Value&) ()
   from /usr/lib/libnixexpr.so
#37 0x00007ffff7c936cc in nix::EvalState::callFunction(nix::Value&, unsigned long, nix::Value**, nix::Value&, nix::PosIdx) () from /usr/lib/libnixexpr.so
#38 0x00007ffff7c96714 in nix::ExprCall::eval(nix::EvalState&, nix::Env&, nix::Value&) ()
   from /usr/lib/libnixexpr.so
#39 0x00007ffff7c94bb8 in nix::ExprSelect::eval(nix::EvalState&, nix::Env&, nix::Value&) ()
   from /usr/lib/libnixexpr.so
#40 0x00007ffff7c98782 in nix::EvalState::coerceToString(nix::PosIdx, nix::Value&, std::set<nix::NixStringContextElem, std::less<nix::NixStringContextElem>, std::allocator<nix::NixStringContextElem> >&, std::basic_string_view<char, std::char_traits<char> >, bool, bool, bool) () from /usr/lib/libnixexpr.so
#41 0x00007ffff7c98aa1 in nix::EvalState::coerceToString(nix::PosIdx, nix::Value&, std::set<nix::NixStringContextElem, std::less<nix::NixStringContextElem>, std::allocator<nix::NixStringContextElem> >&, std::basic_string_view<char, std::char_traits<char> >, bool, bool, bool) () from /usr/lib/libnixexpr.so
#42 0x00007ffff7ca4638 in nix::EvalState::coerceToPath(nix::PosIdx, nix::Value&, std::set<nix::NixStringContextElem, std::less<nix::NixStringContextElem>, std::allocator<nix::NixStringContextElem> >&, std::basic_string_view<char, std::char_traits<char> >) () from /usr/lib/libnixexpr.so
#43 0x00007ffff7d76e5b in ?? () from /usr/lib/libnixexpr.so
#44 0x00007ffff7cff9af in ?? () from /usr/lib/libnixexpr.so
#45 0x00007ffff7c936cc in nix::EvalState::callFunction(nix::Value&, unsigned long, nix::Value**, nix::Value&, nix::PosIdx) () from /usr/lib/libnixexpr.so
#46 0x00007ffff7c96714 in nix::ExprCall::eval(nix::EvalState&, nix::Env&, nix::Value&) ()
   from /usr/lib/libnixexpr.so
#47 0x00007ffff7c94485 in nix::ExprVar::eval(nix::EvalState&, nix::Env&, nix::Value&) ()
   from /usr/lib/libnixexpr.so
#48 0x00007ffff7c94e14 in nix::ExprOpHasAttr::eval(nix::EvalState&, nix::Env&, nix::Value&) ()
   from /usr/lib/libnixexpr.so
#49 0x00007ffff7c91402 in ?? () from /usr/lib/libnixexpr.so
#50 0x00007ffff7c91639 in nix::ExprIf::eval(nix::EvalState&, nix::Env&, nix::Value&) ()
   from /usr/lib/libnixexpr.so
#51 0x00007ffff7c93493 in nix::EvalState::callFunction(nix::Value&, unsigned long, nix::Value**, nix::Value&, nix::PosIdx) () from /usr/lib/libnixexpr.so
#52 0x00007ffff7c96714 in nix::ExprCall::eval(nix::EvalState&, nix::Env&, nix::Value&) ()
   from /usr/lib/libnixexpr.so
#53 0x00007ffff7c7b88d in ?? () from /usr/lib/libnixexpr.so
#54 0x00007ffff7d0dc10 in ?? () from /usr/lib/libnixexpr.so
#55 0x00007ffff7c936cc in nix::EvalState::callFunction(nix::Value&, unsigned long, nix::Value**, nix::Value&, nix::PosIdx) () from /usr/lib/libnixexpr.so
#56 0x00007ffff7c96714 in nix::ExprCall::eval(nix::EvalState&, nix::Env&, nix::Value&) ()
   from /usr/lib/libnixexpr.so
#57 0x00007ffff7c7b88d in ?? () from /usr/lib/libnixexpr.so
#58 0x00007ffff7d0b5a6 in ?? () from /usr/lib/libnixexpr.so
#59 0x00007ffff7c936cc in nix::EvalState::callFunction(nix::Value&, unsigned long, nix::Value**, nix::Value&, nix::PosIdx) () from /usr/lib/libnixexpr.so
#60 0x00007ffff7c96714 in nix::ExprCall::eval(nix::EvalState&, nix::Env&, nix::Value&) ()
   from /usr/lib/libnixexpr.so
#61 0x00007ffff7d12914 in ?? () from /usr/lib/libnixexpr.so
#62 0x00007ffff7c936cc in nix::EvalState::callFunction(nix::Value&, unsigned long, nix::Value**, nix::Value&, nix::PosIdx) () from /usr/lib/libnixexpr.so
#63 0x00007ffff7c96714 in nix::ExprCall::eval(nix::EvalState&, nix::Env&, nix::Value&) ()
   from /usr/lib/libnixexpr.so
#64 0x00007ffff7d0e652 in ?? () from /usr/lib/libnixexpr.so
#65 0x00007ffff7c936cc in nix::EvalState::callFunction(nix::Value&, unsigned long, nix::Value**, nix::Value&, nix::PosIdx) () from /usr/lib/libnixexpr.so
#66 0x00007ffff7c96714 in nix::ExprCall::eval(nix::EvalState&, nix::Env&, nix::Value&) ()
   from /usr/lib/libnixexpr.so
#67 0x00007ffff7c93493 in nix::EvalState::callFunction(nix::Value&, unsigned long, nix::Value**, nix::Value&, nix::PosIdx) () from /usr/lib/libnixexpr.so
#68 0x00007ffff7c96714 in nix::ExprCall::eval(nix::EvalState&, nix::Env&, nix::Value&) ()
   from /usr/lib/libnixexpr.so
#69 0x00007ffff7c94485 in nix::ExprVar::eval(nix::EvalState&, nix::Env&, nix::Value&) ()
   from /usr/lib/libnixexpr.so
#70 0x00007ffff7c923a3 in nix::ExprOpEq::eval(nix::EvalState&, nix::Env&, nix::Value&) ()
   from /usr/lib/libnixexpr.so
#71 0x00007ffff7c91402 in ?? () from /usr/lib/libnixexpr.so
#72 0x00007ffff7c91639 in nix::ExprIf::eval(nix::EvalState&, nix::Env&, nix::Value&) ()
   from /usr/lib/libnixexpr.so
#73 0x00007ffff7c92d16 in nix::ExprLet::eval(nix::EvalState&, nix::Env&, nix::Value&) ()
   from /usr/lib/libnixexpr.so
#74 0x00007ffff7c93493 in nix::EvalState::callFunction(nix::Value&, unsigned long, nix::Value**, nix::Value&, nix::PosIdx) () from /usr/lib/libnixexpr.so
#75 0x00007ffff7c96714 in nix::ExprCall::eval(nix::EvalState&, nix::Env&, nix::Value&) ()
   from /usr/lib/libnixexpr.so
#76 0x00007ffff7c94485 in nix::ExprVar::eval(nix::EvalState&, nix::Env&, nix::Value&) ()
   from /usr/lib/libnixexpr.so
#77 0x00007ffff7c94503 in nix::ExprSelect::eval(nix::EvalState&, nix::Env&, nix::Value&) ()
   from /usr/lib/libnixexpr.so
#78 0x00007ffff7c92d16 in nix::ExprLet::eval(nix::EvalState&, nix::Env&, nix::Value&) ()
   from /usr/lib/libnixexpr.so
#79 0x00007ffff7c93493 in nix::EvalState::callFunction(nix::Value&, unsigned long, nix::Value**, nix::Value&, nix::PosIdx) () from /usr/lib/libnixexpr.so
#80 0x00007ffff7c96714 in nix::ExprCall::eval(nix::EvalState&, nix::Env&, nix::Value&) ()
   from /usr/lib/libnixexpr.so
#81 0x00007ffff7c94485 in nix::ExprVar::eval(nix::EvalState&, nix::Env&, nix::Value&) ()
   from /usr/lib/libnixexpr.so
#82 0x00007ffff7c98fe8 in nix::ExprConcatStrings::eval(nix::EvalState&, nix::Env&, nix::Value&) ()
   from /usr/lib/libnixexpr.so
#83 0x00007ffff7d05856 in ?? () from /usr/lib/libnixexpr.so
#84 0x00007ffff7c936cc in nix::EvalState::callFunction(nix::Value&, unsigned long, nix::Value**, nix::Value&, nix::PosIdx) () from /usr/lib/libnixexpr.so
#85 0x00007ffff7c96714 in nix::ExprCall::eval(nix::EvalState&, nix::Env&, nix::Value&) ()
   from /usr/lib/libnixexpr.so
#86 0x00007ffff7c7b88d in ?? () from /usr/lib/libnixexpr.so
#87 0x00007ffff7d02582 in nix::prim_getAttr(nix::EvalState&, nix::PosIdx, nix::Value**, nix::Value&) ()
   from /usr/lib/libnixexpr.so
#88 0x00007ffff7c936cc in nix::EvalState::callFunction(nix::Value&, unsigned long, nix::Value**, nix::Value&, nix::PosIdx) () from /usr/lib/libnixexpr.so
#89 0x00007ffff7c96714 in nix::ExprCall::eval(nix::EvalState&, nix::Env&, nix::Value&) ()
   from /usr/lib/libnixexpr.so
#90 0x00007ffff7c94bb8 in nix::ExprSelect::eval(nix::EvalState&, nix::Env&, nix::Value&) ()
   from /usr/lib/libnixexpr.so
#91 0x00007ffff7c98782 in nix::EvalState::coerceToString(nix::PosIdx, nix::Value&, std::set<nix::NixStringContextElem, std::less<nix::NixStringContextElem>, std::allocator<nix::NixStringContextElem> >&, std::basic_string_view<char, std::char_traits<char> >, bool, bool, bool) () from /usr/lib/libnixexpr.so
#92 0x00007ffff7c98aa1 in nix::EvalState::coerceToString(nix::PosIdx, nix::Value&, std::set<nix::NixStringContextElem, std::less<nix::NixStringContextElem>, std::allocator<nix::NixStringContextElem> >&, std::basic_string_view<char, std::char_traits<char> >, bool, bool, bool) () from /usr/lib/libnixexpr.so
#93 0x00007ffff7c98f04 in nix::ExprConcatStrings::eval(nix::EvalState&, nix::Env&, nix::Value&) ()
   from /usr/lib/libnixexpr.so
#94 0x00007ffff7c9468f in nix::ExprSelect::eval(nix::EvalState&, nix::Env&, nix::Value&) ()
   from /usr/lib/libnixexpr.so
#95 0x00007ffff7d05856 in ?? () from /usr/lib/libnixexpr.so
#96 0x00007ffff7c936cc in nix::EvalState::callFunction(nix::Value&, unsigned long, nix::Value**, nix::Value&, nix::PosIdx) () from /usr/lib/libnixexpr.so
#97 0x00007ffff7c96714 in nix::ExprCall::eval(nix::EvalState&, nix::Env&, nix::Value&) ()
   from /usr/lib/libnixexpr.so
#98 0x00007ffff7c94485 in nix::ExprVar::eval(nix::EvalState&, nix::Env&, nix::Value&) ()
   from /usr/lib/libnixexpr.so
#99 0x00007ffff7c94503 in nix::ExprSelect::eval(nix::EvalState&, nix::Env&, nix::Value&) ()
   from /usr/lib/libnixexpr.so
#100 0x00007ffff7c94bb8 in nix::ExprSelect::eval(nix::EvalState&, nix::Env&, nix::Value&) ()
   from /usr/lib/libnixexpr.so
#101 0x00007ffff7c98782 in nix::EvalState::coerceToString(nix::PosIdx, nix::Value&, std::set<nix::NixStringContextElem, std::less<nix::NixStringContextElem>, std::allocator<nix::NixStringContextElem> >&, std::basic_string_view<char, std::char_traits<char> >, bool, bool, bool) () from /usr/lib/libnixexpr.so
#102 0x00007ffff7ca17dc in nix::EvalState::coerceToStorePath(nix::PosIdx, nix::Value&, std::set<nix::NixStringContextElem, std::less<nix::NixStringContextElem>, std::allocator<nix::NixStringContextElem> >&, std::basic_string_view<char, std::char_traits<char> >) () from /usr/lib/libnixexpr.so
#103 0x00007ffff7ce5b74 in nix::PackageInfo::queryDrvPath() const () from /usr/lib/libnixexpr.so
#104 0x00007ffff7ce5c9d in nix::PackageInfo::requireDrvPath() const () from /usr/lib/libnixexpr.so
#105 0x000055555560b1ad in ?? ()
#106 0x000055555560d0ec in ?? ()
#107 0x00005555556719e9 in ?? ()
#108 0x00007ffff7facd7e in nix::handleExceptions(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::function<void ()>) () from /usr/lib/libnixmain.so
#109 0x00005555555c08b2 in ?? ()
#110 0x00007ffff7241d4a in ?? () from /usr/lib/libc.so.6
#111 0x00007ffff7241e0c in __libc_start_main () from /usr/lib/libc.so.6
#112 0x00005555555c5135 in ?? ()

Priorities

Add 👍 to issues you find important.

The text was updated successfully, but these errors were encountered:

LordMZTE · 2024-05-04T11:07:15Z

Note that I cannot reproduce this with Nix from nixpkgs; only with Nix from Arch Linux packages.

RaitoBezarius · 2024-05-04T11:53:22Z

Note that I cannot reproduce this with Nix from nixpkgs; only with Nix from Arch Linux packages.

Can you be precise? Nix 2.22 from nixpkgs or Nix 2.18 from nixpkgs?

LordMZTE · 2024-05-04T19:04:22Z

Can you be precise? Nix 2.22 from nixpkgs or Nix 2.18 from nixpkgs?

Sorry, I was unaware of the version difference. Another check revealed that I was indeed using Nix 2.18 from nixpkgs as opposed to 2.22 from Arch, which is likely the important factor.

Ericson2314 · 2024-05-08T19:16:00Z

Can you check Nix 2.22 not from Arch but our build? nix-store -r a store path from https://releases.nixos.org/nix/nix-2.22.0/fallback-paths.nix for your system and try that.

LordMZTE · 2024-05-08T19:47:44Z

I cannot reproduce this bug with the version you provided. It's probably a packaging issue then.

Ericson2314 · 2024-05-15T20:03:48Z

We can reopen this if we learn more (e.g., as @edolstra just said in the team meeting, if there is a latent issue on our end that only turns up because the way the Arch build works).

LordMZTE added the bug label May 4, 2024

LordMZTE changed the title ~~Invalid free() attempting to instantiate an expression~~ Invalid free() attempting to instantiate an expression with Arch Linux Nix package May 8, 2024

fricklerhandwerk closed this as not planned Won't fix, can't repro, duplicate, stale May 15, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Invalid `free()` attempting to instantiate an expression with Arch Linux Nix package #10644

Invalid `free()` attempting to instantiate an expression with Arch Linux Nix package #10644

LordMZTE commented May 4, 2024

LordMZTE commented May 4, 2024

RaitoBezarius commented May 4, 2024

LordMZTE commented May 4, 2024

Ericson2314 commented May 8, 2024

LordMZTE commented May 8, 2024

Ericson2314 commented May 15, 2024

Invalid free() attempting to instantiate an expression with Arch Linux Nix package #10644

Invalid free() attempting to instantiate an expression with Arch Linux Nix package #10644

Comments

LordMZTE commented May 4, 2024

LordMZTE commented May 4, 2024

RaitoBezarius commented May 4, 2024

LordMZTE commented May 4, 2024

Ericson2314 commented May 8, 2024

LordMZTE commented May 8, 2024

Ericson2314 commented May 15, 2024

Invalid `free()` attempting to instantiate an expression with Arch Linux Nix package #10644

Invalid `free()` attempting to instantiate an expression with Arch Linux Nix package #10644