I too am experiencing a segfault in openssh when connecting to a particular Linux host. This did work fine with the previous version of libssl (I'm running Ubuntu 12.04 so this was 1.0.0 before upgrading to 1.0.1). No core file is created but I can do the gdb backtrace and disassemble.
You've correctly guessed the failing instruction :) but not sure why it's happening. Program received signal SIGSEGV, Segmentation fault. _vpaes_decrypt_core () at vpaes-x86.s:221 221 vpaes-x86.s: No such file or directory. (gdb) bt #0 _vpaes_decrypt_core () at vpaes-x86.s:221 #1 0xb7e369e5 in vpaes_cbc_encrypt () at vpaes-x86.s:641 #2 0x732d6361 in ?? () (gdb) disassemble Dump of assembler code for function _vpaes_decrypt_core: 0xb7e36310 <+0>: mov 0xf0(%edx),%eax 0xb7e36316 <+6>: lea 0x260(%ebp),%ebx 0xb7e3631c <+12>: movdqa %xmm6,%xmm1 0xb7e36320 <+16>: movdqa -0x40(%ebx),%xmm2 0xb7e36325 <+21>: pandn %xmm0,%xmm1 0xb7e36329 <+25>: mov %eax,%ecx 0xb7e3632b <+27>: psrld $0x4,%xmm1 0xb7e36330 <+32>: movdqu (%edx),%xmm5 0xb7e36334 <+36>: shl $0x4,%ecx 0xb7e36337 <+39>: pand %xmm6,%xmm0 0xb7e3633b <+43>: pshufb %xmm0,%xmm2 0xb7e36340 <+48>: movdqa -0x30(%ebx),%xmm0 0xb7e36345 <+53>: xor $0x30,%ecx 0xb7e36348 <+56>: pshufb %xmm1,%xmm0 0xb7e3634d <+61>: and $0x30,%ecx 0xb7e36350 <+64>: pxor %xmm5,%xmm2 0xb7e36354 <+68>: movdqa 0xb0(%ebp),%xmm5 0xb7e3635c <+76>: pxor %xmm2,%xmm0 0xb7e36360 <+80>: add $0x10,%edx 0xb7e36363 <+83>: lea -0x160(%ebx,%ecx,1),%ecx 0xb7e3636a <+90>: jmp 0xb7e363fa <_vpaes_decrypt_core+234> 0xb7e3636f <+95>: nop 0xb7e36370 <+96>: movdqa -0x20(%ebx),%xmm4 ---Type <return> to continue, or q <return> to quit--- 0xb7e36375 <+101>: pshufb %xmm2,%xmm4 0xb7e3637a <+106>: pxor %xmm0,%xmm4 0xb7e3637e <+110>: movdqa -0x10(%ebx),%xmm0 0xb7e36383 <+115>: pshufb %xmm3,%xmm0 0xb7e36388 <+120>: pxor %xmm4,%xmm0 0xb7e3638c <+124>: add $0x10,%edx 0xb7e3638f <+127>: pshufb %xmm5,%xmm0 0xb7e36394 <+132>: movdqa (%ebx),%xmm4 0xb7e36398 <+136>: pshufb %xmm2,%xmm4 0xb7e3639d <+141>: pxor %xmm0,%xmm4 0xb7e363a1 <+145>: movdqa 0x10(%ebx),%xmm0 0xb7e363a6 <+150>: pshufb %xmm3,%xmm0 0xb7e363ab <+155>: pxor %xmm4,%xmm0 0xb7e363af <+159>: sub $0x1,%eax 0xb7e363b2 <+162>: pshufb %xmm5,%xmm0 0xb7e363b7 <+167>: movdqa 0x20(%ebx),%xmm4 0xb7e363bc <+172>: pshufb %xmm2,%xmm4 0xb7e363c1 <+177>: pxor %xmm0,%xmm4 0xb7e363c5 <+181>: movdqa 0x30(%ebx),%xmm0 0xb7e363ca <+186>: pshufb %xmm3,%xmm0 0xb7e363cf <+191>: pxor %xmm4,%xmm0 0xb7e363d3 <+195>: pshufb %xmm5,%xmm0 0xb7e363d8 <+200>: movdqa 0x40(%ebx),%xmm4 0xb7e363dd <+205>: pshufb %xmm2,%xmm4 ---Type <return> to continue, or q <return> to quit--- 0xb7e363e2 <+210>: pxor %xmm0,%xmm4 0xb7e363e6 <+214>: movdqa 0x50(%ebx),%xmm0 0xb7e363eb <+219>: pshufb %xmm3,%xmm0 0xb7e363f0 <+224>: pxor %xmm4,%xmm0 0xb7e363f4 <+228>: palignr $0xc,%xmm5,%xmm5 0xb7e363fa <+234>: movdqa %xmm6,%xmm1 0xb7e363fe <+238>: pandn %xmm0,%xmm1 0xb7e36402 <+242>: psrld $0x4,%xmm1 0xb7e36407 <+247>: pand %xmm6,%xmm0 0xb7e3640b <+251>: movdqa -0x20(%ebp),%xmm2 0xb7e36410 <+256>: pshufb %xmm0,%xmm2 0xb7e36415 <+261>: pxor %xmm1,%xmm0 0xb7e36419 <+265>: movdqa %xmm7,%xmm3 0xb7e3641d <+269>: pshufb %xmm1,%xmm3 0xb7e36422 <+274>: pxor %xmm2,%xmm3 0xb7e36426 <+278>: movdqa %xmm7,%xmm4 0xb7e3642a <+282>: pshufb %xmm0,%xmm4 0xb7e3642f <+287>: pxor %xmm2,%xmm4 0xb7e36433 <+291>: movdqa %xmm7,%xmm2 0xb7e36437 <+295>: pshufb %xmm3,%xmm2 0xb7e3643c <+300>: pxor %xmm0,%xmm2 0xb7e36440 <+304>: movdqa %xmm7,%xmm3 0xb7e36444 <+308>: pshufb %xmm4,%xmm3 0xb7e36449 <+313>: pxor %xmm1,%xmm3 ---Type <return> to continue, or q <return> to quit--- => 0xb7e3644d <+317>: movdqu (%edx),%xmm0 0xb7e36451 <+321>: jne 0xb7e36370 <_vpaes_decrypt_core+96> 0xb7e36457 <+327>: movdqa 0x60(%ebx),%xmm4 0xb7e3645c <+332>: pshufb %xmm2,%xmm4 0xb7e36461 <+337>: pxor %xmm0,%xmm4 0xb7e36465 <+341>: movdqa 0x70(%ebx),%xmm0 0xb7e3646a <+346>: movdqa (%ecx),%xmm2 0xb7e3646e <+350>: pshufb %xmm3,%xmm0 0xb7e36473 <+355>: pxor %xmm4,%xmm0 0xb7e36477 <+359>: pshufb %xmm2,%xmm0 0xb7e3647c <+364>: ret End of assembler dump. (gdb) info reg eax 0x277a77b5 662337461 ecx 0xb7e35fa0 -1209835616 edx 0x80090ff8 -2146889736 ebx 0xb7e360d0 -1209835312 esp 0xbfffb05c 0xbfffb05c ebp 0xb7e35e70 0xb7e35e70 esi 0x80081bd8 -2146952232 edi 0xffffeba0 -5216 eip 0xb7e3644d 0xb7e3644d <_vpaes_decrypt_core+317> eflags 0x10202 [ IF RF ] cs 0x73 115 ss 0x7b 123 ds 0x7b 123 es 0x7b 123 fs 0x0 0 gs 0x33 51 Sincerely, Michael Russo, Systems Engineer PaperSolve, Inc. 268 Watchogue Road Staten Island, NY 10314
I too am experiencing a segfault in openssh when connecting to a particular Linux host. This did work fine with the previous version of libssl (I’m running Ubuntu 12.04
so this was 1.0.0 before upgrading to 1.0.1). No core file is created but I can do the gdb backtrace and disassemble.
You’ve correctly guessed the failing instruction
J but not sure why it’s happening.
Program received signal SIGSEGV, Segmentation fault. _vpaes_decrypt_core () at vpaes-x86.s:221 221 vpaes-x86.s: No such file or directory. (gdb) bt #0 _vpaes_decrypt_core () at vpaes-x86.s:221 #1 0xb7e369e5 in vpaes_cbc_encrypt () at vpaes-x86.s:641 #2 0x732d6361 in ?? () (gdb) disassemble Dump of assembler code for function _vpaes_decrypt_core: 0xb7e36310 <+0>: mov 0xf0(%edx),%eax 0xb7e36316 <+6>: lea 0x260(%ebp),%ebx 0xb7e3631c <+12>: movdqa %xmm6,%xmm1 0xb7e36320 <+16>: movdqa -0x40(%ebx),%xmm2 0xb7e36325 <+21>: pandn %xmm0,%xmm1 0xb7e36329 <+25>: mov %eax,%ecx 0xb7e3632b <+27>: psrld $0x4,%xmm1 0xb7e36330 <+32>: movdqu (%edx),%xmm5 0xb7e36334 <+36>: shl $0x4,%ecx 0xb7e36337 <+39>: pand %xmm6,%xmm0 0xb7e3633b <+43>: pshufb %xmm0,%xmm2 0xb7e36340 <+48>: movdqa -0x30(%ebx),%xmm0 0xb7e36345 <+53>: xor $0x30,%ecx 0xb7e36348 <+56>: pshufb %xmm1,%xmm0 0xb7e3634d <+61>: and $0x30,%ecx 0xb7e36350 <+64>: pxor %xmm5,%xmm2 0xb7e36354 <+68>: movdqa 0xb0(%ebp),%xmm5 0xb7e3635c <+76>: pxor %xmm2,%xmm0 0xb7e36360 <+80>: add $0x10,%edx 0xb7e36363 <+83>: lea -0x160(%ebx,%ecx,1),%ecx 0xb7e3636a <+90>: jmp 0xb7e363fa <_vpaes_decrypt_core+234> 0xb7e3636f <+95>: nop 0xb7e36370 <+96>: movdqa -0x20(%ebx),%xmm4 ---Type <return> to continue, or q <return> to quit--- 0xb7e36375 <+101>: pshufb %xmm2,%xmm4 0xb7e3637a <+106>: pxor %xmm0,%xmm4 0xb7e3637e <+110>: movdqa -0x10(%ebx),%xmm0 0xb7e36383 <+115>: pshufb %xmm3,%xmm0 0xb7e36388 <+120>: pxor %xmm4,%xmm0 0xb7e3638c <+124>: add $0x10,%edx 0xb7e3638f <+127>: pshufb %xmm5,%xmm0 0xb7e36394 <+132>: movdqa (%ebx),%xmm4 0xb7e36398 <+136>: pshufb %xmm2,%xmm4 0xb7e3639d <+141>: pxor %xmm0,%xmm4 0xb7e363a1 <+145>: movdqa 0x10(%ebx),%xmm0 0xb7e363a6 <+150>: pshufb %xmm3,%xmm0 0xb7e363ab <+155>: pxor %xmm4,%xmm0 0xb7e363af <+159>: sub $0x1,%eax 0xb7e363b2 <+162>: pshufb %xmm5,%xmm0 0xb7e363b7 <+167>: movdqa 0x20(%ebx),%xmm4 0xb7e363bc <+172>: pshufb %xmm2,%xmm4 0xb7e363c1 <+177>: pxor %xmm0,%xmm4 0xb7e363c5 <+181>: movdqa 0x30(%ebx),%xmm0 0xb7e363ca <+186>: pshufb %xmm3,%xmm0 0xb7e363cf <+191>: pxor %xmm4,%xmm0 0xb7e363d3 <+195>: pshufb %xmm5,%xmm0 0xb7e363d8 <+200>: movdqa 0x40(%ebx),%xmm4 0xb7e363dd <+205>: pshufb %xmm2,%xmm4 ---Type <return> to continue, or q <return> to quit--- 0xb7e363e2 <+210>: pxor %xmm0,%xmm4 0xb7e363e6 <+214>: movdqa 0x50(%ebx),%xmm0 0xb7e363eb <+219>: pshufb %xmm3,%xmm0 0xb7e363f0 <+224>: pxor %xmm4,%xmm0 0xb7e363f4 <+228>: palignr $0xc,%xmm5,%xmm5 0xb7e363fa <+234>: movdqa %xmm6,%xmm1 0xb7e363fe <+238>: pandn %xmm0,%xmm1 0xb7e36402 <+242>: psrld $0x4,%xmm1 0xb7e36407 <+247>: pand %xmm6,%xmm0 0xb7e3640b <+251>: movdqa -0x20(%ebp),%xmm2 0xb7e36410 <+256>: pshufb %xmm0,%xmm2 0xb7e36415 <+261>: pxor %xmm1,%xmm0 0xb7e36419 <+265>: movdqa %xmm7,%xmm3 0xb7e3641d <+269>: pshufb %xmm1,%xmm3 0xb7e36422 <+274>: pxor %xmm2,%xmm3 0xb7e36426 <+278>: movdqa %xmm7,%xmm4 0xb7e3642a <+282>: pshufb %xmm0,%xmm4 0xb7e3642f <+287>: pxor %xmm2,%xmm4 0xb7e36433 <+291>: movdqa %xmm7,%xmm2 0xb7e36437 <+295>: pshufb %xmm3,%xmm2 0xb7e3643c <+300>: pxor %xmm0,%xmm2 0xb7e36440 <+304>: movdqa %xmm7,%xmm3 0xb7e36444 <+308>: pshufb %xmm4,%xmm3 0xb7e36449 <+313>: pxor %xmm1,%xmm3 ---Type <return> to continue, or q <return> to quit--- => 0xb7e3644d <+317>: movdqu (%edx),%xmm0 0xb7e36451 <+321>: jne 0xb7e36370 <_vpaes_decrypt_core+96> 0xb7e36457 <+327>: movdqa 0x60(%ebx),%xmm4 0xb7e3645c <+332>: pshufb %xmm2,%xmm4 0xb7e36461 <+337>: pxor %xmm0,%xmm4 0xb7e36465 <+341>: movdqa 0x70(%ebx),%xmm0 0xb7e3646a <+346>: movdqa (%ecx),%xmm2 0xb7e3646e <+350>: pshufb %xmm3,%xmm0 0xb7e36473 <+355>: pxor %xmm4,%xmm0 0xb7e36477 <+359>: pshufb %xmm2,%xmm0 0xb7e3647c <+364>: ret
End of assembler dump. (gdb) info reg eax 0x277a77b5 662337461 ecx 0xb7e35fa0 -1209835616 edx 0x80090ff8 -2146889736 ebx 0xb7e360d0 -1209835312 esp 0xbfffb05c 0xbfffb05c ebp 0xb7e35e70 0xb7e35e70 esi 0x80081bd8 -2146952232 edi 0xffffeba0 -5216 eip 0xb7e3644d 0xb7e3644d <_vpaes_decrypt_core+317> eflags 0x10202 [ IF RF ] cs 0x73 115 ss 0x7b 123 ds 0x7b 123 es 0x7b 123 fs 0x0 0 gs 0x33 51 Sincerely, Michael Russo, Systems Engineer PaperSolve, Inc. 268 Watchogue Road Staten Island, NY 10314 |