Bug 145424

Summary: OpenSSH Segfaults on VIA EP ML-6000EA board
Product: [openSUSE] SUSE LINUX 10.0 Reporter: Dirk Stoecker <opensuse>
Component: NetworkAssignee: GCC Development Team at SuSE <development-gcc>
Status: RESOLVED DUPLICATE QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P5 - None CC: postadal
Version: Final   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: Other Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Bug Depends on: 114671    
Bug Blocks:    

Description Dirk Stoecker 2006-01-25 10:51:39 UTC 
Hello,

I'm unable to setup ssh daemon for the "VIA Nehemia" CPU.
The tools ssh-keygen and sshd segfault on this processor. The ssh client seems to work.

The other parts of the system also work correctly (thought I did not do in-deep tests due to missing ssh functionality).
Comment 1 Dr. Werner Fink 2006-01-25 11:55:45 UTC 
This sound like a hardware problem like corrupted memory.
This because here around ssh works flawless.
Reduce the Blocker because of this.
Comment 2 Petr Ostadal 2006-01-25 12:14:18 UTC 
Has VIA EP ML-6000EA board some HW crypto support? Send me bt.
Comment 3 Dirk Stoecker 2006-01-25 12:37:58 UTC 
Hi,

I recompiled the current openssh on another computer and tried to match the SuSE settings as good as possible and this version works.

I would not think it to be an hardware error, but an illegal instruction, which the VIA CPU does not know.

The board is a normal mini ITX with onboard graphics, sound, fanless VIA cpu, USB, ... Nothing exceptional, except the VIA CPU I would think.

P.S. Why does the bug now exist 2 times?
Comment 4 Petr Ostadal 2006-01-25 13:03:32 UTC 
*** Bug 145455 has been marked as a duplicate of this bug. ***
Comment 5 Petr Ostadal 2006-01-25 13:08:12 UTC 
...2 times?" You may refresh page, when you filled record bug...

as wrote Werner "Hardware problem or the gcc on SL10 isn't fully conform with i686"

I agree, we should ask gcc guys.
Comment 6 Dirk Stoecker 2006-01-25 13:33:34 UTC 
Anything I can help with? I will have access to this system approximately till 3rd february. Afterwards it will probably be no longer accessible for me.
Comment 7 Michael Matz 2006-01-25 14:39:21 UTC 
Install the openssh-debuginfo rpm.
Run the failing program in gdb, when it fails send use the backtrace,
and also a disassemble of the point around where it segfaulted.

E.g. like so (after installing the -debuginfo rpm):
# suppose ssh-keygen -t rsa breaks, then:
% gdb --args ssh-keygen -t rsa
(gdb) run
#.... it will run and eventually segfault
program received a SIGSEGV at ....
(gdb) bt
#  backtrace is shown, paste this
(gdb) frame 0
(gdb) disassemble $pc-32 $pc+32
#  a block of disassembly will be shown, paste this too.
Comment 8 Cristian Rodríguez 2006-01-25 18:13:12 UTC 
looks like a compiler bug to me, but make sure you have good memory, run memtest.
Comment 9 Dirk Stoecker 2006-01-26 12:42:58 UTC 
Memory test run for 2 hours (about 33%) with no error. Afterwards I aborted the test, as waiting another 4 hours was not possible.

Following the output of the Debugging session: At the program counter there is the "repz" instruction. The testing time is very likely reduced till tomorrow. Hopefully the output helps a bit.

I could not use sshd for tests due to fork() and my inability to get gdb to debug a forked program part and also due to the resulting loss of my network accessability. I thus used ssh-keygen, which showed the same error.

einstein:~ # gdb /usr/bin/ssh-keygen
GNU gdb 6.3
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i586-suse-linux"...Using host libthread_db library "/lib/tls/libthread_db.so.1".

(gdb) run -t dsa -b 1024 -N "" -f ee
Starting program: /usr/bin/ssh-keygen -t dsa -b 1024 -N "" -f ee
Generating public/private dsa key pair.

Program received signal SIGSEGV, Segmentation fault.
0x4010b7b9 in ?? ()
(gdb) bt
#0  0x4010b7b9 in ?? ()
#1  0x800218c8 in ?? ()
#2  0x00000599 in ?? ()
#3  0x00000064 in ?? ()
#4  0x4017fd64 in ?? ()
#5  0xbff9a710 in ?? ()
#6  0xbff9a704 in ?? ()
#7  0xbff9a710 in ?? ()
#8  0x4011a95c in ?? ()
#9  0xbff9a710 in ?? ()
#10 0xbff9a7ac in ?? ()
#11 0x00000000 in ?? ()
#12 0x4017fd64 in ?? ()
#13 0x00000014 in ?? ()
#14 0x00000000 in ?? ()
#15 0x8002188c in ?? ()
#16 0x40117950 in ?? ()
#17 0xbff9a7e8 in ?? ()
#18 0x00000014 in ?? ()
#19 0x4017fd64 in ?? ()
#20 0x400f714a in ?? ()
#21 0xbff9a7e8 in ?? ()
#22 0x00000014 in ?? ()
#23 0x00000000 in ?? ()
#24 0x80021b50 in ?? ()
#25 0x00000000 in ?? ()
#26 0x00000001 in ?? ()
#27 0xbff9a7e0 in ?? ()
#28 0xbff9a7e8 in ?? ()
#29 0xbff9a7d4 in ?? ()
#30 0xbff9a7d3 in ?? ()
#31 0xbff9a7c0 in ?? ()
#32 0xbff9a7ac in ?? ()
#33 0x00000000 in ?? ()
#34 0x000003ff in ?? ()
#35 0x403eb308 in ?? ()
#36 0x800218b4 in ?? ()
#37 0x800218dc in ?? ()
#38 0x800218f0 in ?? ()
#39 0x80021918 in ?? ()
#40 0x800218a0 in ?? ()
#41 0x800218c8 in ?? ()
#42 0x80021904 in ?? ()
#43 0x80021388 in ?? ()
#44 0x00000006 in ?? ()
#45 0x00000000 in ?? ()
#46 0x03fe20eb in ?? ()
#47 0x80021068 in ?? ()
#48 0x80021888 in ?? ()
#49 0x80021b50 in ?? ()
#50 0x80021330 in ?? ()
#51 0x00000000 in ?? ()
#52 0x801299ab in ?? ()
#53 0xddd529ee in ?? ()
#54 0xe32db2c0 in ?? ()
#55 0x19c6db52 in ?? ()
#56 0x3846d024 in ?? ()
#57 0x9fdf16b1 in ?? ()
#58 0xfca94c62 in ?? ()
#59 0xce60d4b5 in ?? ()
#60 0x232b9571 in ?? ()
#61 0x33000000 in ?? ()
#62 0xcde38ccb in ?? ()
#63 0xe8d10fb6 in ?? ()
#64 0x6fc4dc1f in ?? ()
#65 0xd4c5c542 in ?? ()
#66 0x9d5a1444 in ?? ()
#67 0xfb896a26 in ?? ()
#68 0xb1984021 in ?? ()
#69 0xe56c3209 in ?? ()
---Type <return> to continue, or q <return> to quit---
#70 0x5b1305a0 in ?? ()
#71 0x32000000 in ?? ()
#72 0xedd76572 in ?? ()
#73 0xfbe83f6f in ?? ()
#74 0x0000e615 in rsa_public_encrypt (out=0x8, in=Cannot access memory at address 0x20
) at string3.h:91
Previous frame inner to this frame (corrupt stack?)
(gdb) frame 0
#0  0x4010b7b9 in ?? ()
(gdb) disassemble $pc-32 $pc+32
Dump of assembler code from 0x4010b799 to 0x4010b7d9:
0x4010b799:     add    %al,(%eax)
0x4010b79b:     add    %cl,0xfc4d8df7(%ecx)
0x4010b7a1:     repz xstorerng
0x4010b7a5:     mov    $0x4,%ecx
0x4010b7aa:     lea    0x24(%esp),%eax
0x4010b7ae:     mov    $0x3,%edx
0x4010b7b3:     mov    %eax,0x14(%esp)
0x4010b7b7:     mov    %eax,%edi
0x4010b7b9:     repz xstorerng
0x4010b7bd:     mov    0x14(%esp),%edx
0x4010b7c1:     lea    (%esi,%ebp,1),%eax
0x4010b7c4:     sub    %ecx,%eax
0x4010b7c6:     mov    %ecx,0x8(%esp)
0x4010b7ca:     mov    %eax,(%esp)
0x4010b7cd:     mov    %edx,0x4(%esp)
0x4010b7d1:     call   0x400c39c8
0x4010b7d6:     add    $0x2c,%esp
End of assembler dump.
Comment 10 Nigel Hathaway 2006-02-13 09:55:16 UTC 

*** This bug has been marked as a duplicate of 114671 ***