Package: pcscd
Version: 1.8.25-1
Severity: normal
When I use the following sequence of commands:
$ ssh-add -s /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so
$ ssh remote_host hostname
$ ykman info
$ ssh remote_host hostname
the 2nd ssh won't work, I'll get: sign_and_send_pubkey: signing
failed: agent refused operation
If I run ykman info afterwards, it freezes.
I tried stracing pcscd a bit and found it waiting indefinitly in a
nanosleep loop (strace start during a ykman info, before it freezes,
so you have a bit of context):
[pid 14245] accept(3, {sa_family=AF_UNIX}, [110->2]) = 16
[pid 14245] clone(strace: Process 14801 attached
child_stack=0x7f0bd161df30,
flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID\
, parent_tidptr=0x7f0bd161e9d0, tls=0x7f0bd161e700,
child_tidptr=0x7f0bd161e9d0) = 14801
[pid 14801] set_robust_list(0x7f0bd161e9e0, 24 <unfinished ...>
[pid 14245] alarm(0 <unfinished ...>
[pid 14801] <... set_robust_list resumed> ) = 0
[pid 14245] <... alarm resumed> ) = 0
[pid 14801] read(16, "\f\0\0\0\21\0\0\0", 8) = 8
[pid 14801] read(16, "\4\0\0\0\4\0\0\0\0\0\0\0", 12) = 12
[pid 14801] sendto(16, "\4\0\0\0\4\0\0\0\0\0\0\0", 12, MSG_NOSIGNAL, NULL, 0) =
12
[pid 14801] read(16, "\f\0\0\0\1\0\0\0", 8) = 8
[pid 14801] read(16, "\0\0\0\0\0\0\0\0\0\0\0\0", 12) = 12
[pid 14801] sendto(16, "\0\0\0\0f*Y?\0\0\0\0", 12, MSG_NOSIGNAL, NULL, 0) = 12
[pid 14801] read(16, "\230\0\0\0\4\0\0\0", 8) = 8
[pid 14801] read(16, "f*Y?Yubico YubiKey OTP+FIDO+CCID"..., 152) = 152
[pid 14801] nanosleep({tv_sec=0, tv_nsec=100000000}, NULL) = 0
[pid 14801] nanosleep({tv_sec=0, tv_nsec=100000000}, NULL) = 0
[pid 14801] nanosleep({tv_sec=0, tv_nsec=100000000}, NULL) = 0
[pid 14801] nanosleep({tv_sec=0, tv_nsec=100000000}, NULL) = 0
[pid 14801] nanosleep({tv_sec=0, tv_nsec=100000000}, NULL) = 0
[pid 14801] nanosleep({tv_sec=0, tv_nsec=100000000}, NULL) = 0
(at vitam eternam)
Strage thing: there is not a single ioctl during the freez, so I bet
the nanosleep is here to wait for a previous ioctl reply. The process
being waited is the one calling ioctl USBDEVFS_REAPURBNDELAY and it
looks waiting for a poll([{fd=10, events=POLLIN}, {fd=12,
events=POLLIN}, {fd=13, events=POLLOUT}], 3, 60000 <unfinished ...> 13
being the fd for the Yubikey.
When this process does a poll it typically get a ([{fd=13,
revents=POLLOUT}]) almost immediatly (I did not straced with timings
though).
Running:
ssh-add -e /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so
stops the nanosleep loop and everything works again, I do not need to
unplug-replug the key. I tried with two distinct Yubikey 4, one a bit
old and one almost new.
During the ssh failure I see:
[pid 16285] write(1, "03008905 ccid_usb.c:898:ReadUSB() read failed (2/3): -7
LIBUSB_ERROR_TIMEOUT\n", 77) = 77
[pid 16285] write(1, "00000123 ifdwrapper.c:543:IFDTransmit() Card not
transacted: 612\n", 65) = 65
[pid 16285] write(1, "00000092 winscard.c:1626:SCardTransmit() Card not
transacted: 0x80100016\n", 73) = 73
Tell me if you're interested in my digging more deeply.
-- System Information:
Debian Release: 10.0
APT prefers testing
APT policy: (900, 'testing'), (200, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-4-amd64 (SMP w/8 CPU cores)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE,
TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL
set to en_US.utf8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set
to en_US.utf8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages pcscd depends on:
ii libc6 2.28-10
ii libccid [pcsc-ifd-handler] 1.4.30-1
ii libpcsclite1 1.8.25-1
ii libsystemd0 241-5
ii libudev1 241-5
ii lsb-base 10.2019051400
pcscd recommends no packages.
Versions of packages pcscd suggests:
ii systemd 241-5
-- no debconf information
