Your message dated Sun, 7 Jul 2019 17:48:51 +0200
with message-id <[email protected]>
and subject line Re: Bug#931462: pcscd: Hangs after a ykman info
has caused the Debian Bug report #931462,
regarding pcscd: Hangs after a ykman info
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
931462: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931462
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: pcscd
Version: 1.8.25-1
Severity: normal
When I use the following sequence of commands:
$ ssh-add -s /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so
$ ssh remote_host hostname
$ ykman info
$ ssh remote_host hostname
the 2nd ssh won't work, I'll get: sign_and_send_pubkey: signing
failed: agent refused operation
If I run ykman info afterwards, it freezes.
I tried stracing pcscd a bit and found it waiting indefinitly in a
nanosleep loop (strace start during a ykman info, before it freezes,
so you have a bit of context):
[pid 14245] accept(3, {sa_family=AF_UNIX}, [110->2]) = 16
[pid 14245] clone(strace: Process 14801 attached
child_stack=0x7f0bd161df30,
flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID\
, parent_tidptr=0x7f0bd161e9d0, tls=0x7f0bd161e700,
child_tidptr=0x7f0bd161e9d0) = 14801
[pid 14801] set_robust_list(0x7f0bd161e9e0, 24 <unfinished ...>
[pid 14245] alarm(0 <unfinished ...>
[pid 14801] <... set_robust_list resumed> ) = 0
[pid 14245] <... alarm resumed> ) = 0
[pid 14801] read(16, "\f\0\0\0\21\0\0\0", 8) = 8
[pid 14801] read(16, "\4\0\0\0\4\0\0\0\0\0\0\0", 12) = 12
[pid 14801] sendto(16, "\4\0\0\0\4\0\0\0\0\0\0\0", 12, MSG_NOSIGNAL, NULL, 0) =
12
[pid 14801] read(16, "\f\0\0\0\1\0\0\0", 8) = 8
[pid 14801] read(16, "\0\0\0\0\0\0\0\0\0\0\0\0", 12) = 12
[pid 14801] sendto(16, "\0\0\0\0f*Y?\0\0\0\0", 12, MSG_NOSIGNAL, NULL, 0) = 12
[pid 14801] read(16, "\230\0\0\0\4\0\0\0", 8) = 8
[pid 14801] read(16, "f*Y?Yubico YubiKey OTP+FIDO+CCID"..., 152) = 152
[pid 14801] nanosleep({tv_sec=0, tv_nsec=100000000}, NULL) = 0
[pid 14801] nanosleep({tv_sec=0, tv_nsec=100000000}, NULL) = 0
[pid 14801] nanosleep({tv_sec=0, tv_nsec=100000000}, NULL) = 0
[pid 14801] nanosleep({tv_sec=0, tv_nsec=100000000}, NULL) = 0
[pid 14801] nanosleep({tv_sec=0, tv_nsec=100000000}, NULL) = 0
[pid 14801] nanosleep({tv_sec=0, tv_nsec=100000000}, NULL) = 0
(at vitam eternam)
Strage thing: there is not a single ioctl during the freez, so I bet
the nanosleep is here to wait for a previous ioctl reply. The process
being waited is the one calling ioctl USBDEVFS_REAPURBNDELAY and it
looks waiting for a poll([{fd=10, events=POLLIN}, {fd=12,
events=POLLIN}, {fd=13, events=POLLOUT}], 3, 60000 <unfinished ...> 13
being the fd for the Yubikey.
When this process does a poll it typically get a ([{fd=13,
revents=POLLOUT}]) almost immediatly (I did not straced with timings
though).
Running:
ssh-add -e /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so
stops the nanosleep loop and everything works again, I do not need to
unplug-replug the key. I tried with two distinct Yubikey 4, one a bit
old and one almost new.
During the ssh failure I see:
[pid 16285] write(1, "03008905 ccid_usb.c:898:ReadUSB() read failed (2/3): -7
LIBUSB_ERROR_TIMEOUT\n", 77) = 77
[pid 16285] write(1, "00000123 ifdwrapper.c:543:IFDTransmit() Card not
transacted: 612\n", 65) = 65
[pid 16285] write(1, "00000092 winscard.c:1626:SCardTransmit() Card not
transacted: 0x80100016\n", 73) = 73
Tell me if you're interested in my digging more deeply.
-- System Information:
Debian Release: 10.0
APT prefers testing
APT policy: (900, 'testing'), (200, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-4-amd64 (SMP w/8 CPU cores)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE,
TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL
set to en_US.utf8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set
to en_US.utf8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages pcscd depends on:
ii libc6 2.28-10
ii libccid [pcsc-ifd-handler] 1.4.30-1
ii libpcsclite1 1.8.25-1
ii libsystemd0 241-5
ii libudev1 241-5
ii lsb-base 10.2019051400
pcscd recommends no packages.
Versions of packages pcscd suggests:
ii systemd 241-5
-- no debconf information
--- End Message ---
--- Begin Message ---
Le 05/07/2019 à 17:38, Ludovic Rousseau a écrit :
The reader reports an error 0xFC Overrun error.
According to the CCID specification it is "Overrun error while talking to the
ICC". ICC is the smart card. In your case it is the chip inside the token.
I have no idea why the token reports such an error. I reader firmware issue?
It looks like it is a reader firmware issue. Possibly already known by Yubico.
--
Dr. Ludovic Rousseau
--- End Message ---
