port-alpha/56196: ssh-keygen dumps core on Qemu Alpha virtual machines

To: port-alpha-maintainer%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: port-alpha/56196: ssh-keygen dumps core on Qemu Alpha virtual machines
From: thorpej%me.com@localhost
Date: Sat, 22 May 2021 15:35:01 +0000 (UTC)

>Number:         56196
>Category:       port-alpha
>Synopsis:       ssh-keygen dumps core on Qemu Alpha virtual machines
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    port-alpha-maintainer
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat May 22 15:35:00 +0000 2021
>Originator:     Jason Thorpe
>Release:        NetBSD 9.99.82
>Organization:
RISCy Business
>Environment:
NetBSD alpha-vm 9.99.82 NetBSD 9.99.82 (GENERIC-$Revision: 1.410 $) #2: Sat May 22 08:06:26 PDT 2021  thorpej@the-ripe-vessel:/space/src/sys/arch/alpha/compile/GENERIC alpha
>Description:
ssh-keygen crashes when creating the RSA host key on NetBSD/alpha running under Qemu.  I don't know if this happens on real hardware.

Reading symbols from /usr/bin/ssh-keygen...
(No debugging symbols found in /usr/bin/ssh-keygen)
[New process 998]
Core was generated by `ssh-keygen'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x000003fffdcf0d08 in BN_CTX_start () from /usr/lib/libcrypto.so.14
(gdb) where
#0  0x000003fffdcf0d08 in BN_CTX_start () from /usr/lib/libcrypto.so.14
warning: Hit heuristic-fence-post without finding enclosing function for address 0x3fffdd4bdce


Added some debugging messages to get the exact arguments being passed to ssh-keygen:

/usr/bin/ssh-keygen -t dsa -b 1024 -f /etc/ssh/ssh_host_dsa_key -N  -q
ssh-keygen: 1024 SHA256:4NCLqKx+CGyYIs2vyvzM3mkTLmHvh+dHqt/wd0hJWhk root@alpha-vm (DSA)
/usr/bin/ssh-keygen -t ecdsa -b 521 -f /etc/ssh/ssh_host_ecdsa_key -N  -q
ssh-keygen: 521 SHA256:BSfmj5WuI+3H7Vbe6EEQ3uT5lMUG+J6RnEkIILxrUpc root@alpha-vm (ECDSA)
/usr/bin/ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -N  -q
ssh-keygen: 256 SHA256:7waQ1e+WY2kQsiUzfpw0yDXjF7DdLX9QSxHU/kBe+fs root@alpha-vm (ED25519)
/usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N  -q
[  28.9988173] pid 1151 (ssh-keygen): unaligned access: va=0x37 pc=0x0 ra=0x3fffdc98fec sp=0x1fffff0b8 op=ldl
[1]   Segmentation fault (core dumped) "${keygen}" -t "${type}" ${bitarg} -f "${f}" -...
/etc/rc.d/sshd exited with code 1

This happens 100% reliably **but only when the system is initially booting**.  After the system has finished booting and I log in as root on the console:

alpha-vm# /etc/rc.d/sshd start
/usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N  -q
ssh-keygen: 3072 SHA256:StODHaqOFh38PjOhh4ppNkgbWUQ1GmXBoTQeIKaOQR0 root@alpha-vm (RSA)
Starting sshd.
alpha-vm# 

>How-To-Repeat:
See above.
>Fix:
N/A

Prev by Date: Re: bin/56042 (Timezone names bugs in parsedate(3) manual page)
Next by Date: Re: port-mac68k/6112: Adding external cache support of DayStar PowerCache accelerator
Previous by Thread: Re: lib/38482: C compiler can generate non-restartable code within a RAS.
Next by Thread: port-alpha/56197: ATF lib/libc/sys/t_ptrace_wait bytes_transfer_eof_pt_read_d hard hang on Alpha under Qemu
Indexes:

Home | Main Index | Thread Index | Old Index