[Bug 1085] Intermittent ssh core dumps

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Mon Sep 26 20:38:08 EST 2005


http://bugzilla.mindrot.org/show_bug.cgi?id=1085





------- Additional Comments From cptsalek at gmail.com  2005-09-26 20:38 -------
Hi there,

I have the same problem when connecting with
OpenSSH_4.2p1, OpenSSL 0.9.8 05 Jul 2005

The compiler is a gcc version 3.4.3 (csl-sol210-3_4-branch+sol_rpath). I
followed this bug and rebuild zlib and libopenssl.
Solaris Version is 5.10 Generic_118822-02 sun4u sparc SUNW,Sun-Fire-V240. 

I executed "make tests" a couple of times, and had a number of Segfaults. The
last run produced the following output:

run test exit-status.sh ...
test remote exit status: proto 1 status 0
test remote exit status: proto 1 status 1
test remote exit status: proto 1 status 4
test remote exit status: proto 1 status 5
test remote exit status: proto 1 status 44
test remote exit status: proto 2 status 0
Write failed: Broken pipe
exit code (with sleep) mismatch for protocol 2: 255 != 0
test remote exit status: proto 2 status 1
Segmentation Fault - core dumped
exit code mismatch for protocol 2: 139 != 1
Segmentation Fault - core dumped
exit code (with sleep) mismatch for protocol 2: 139 != 1
test remote exit status: proto 2 status 4
Write failed: Broken pipe
exit code mismatch for protocol 2: 255 != 4
Segmentation Fault - core dumped
exit code (with sleep) mismatch for protocol 2: 139 != 4
test remote exit status: proto 2 status 5
test remote exit status: proto 2 status 44
failed remote exit status
make[1]: *** [t-exec] Error 1
make[1]: Leaving directory `/opt/gad/sources/openssh-4.2p1/regress'
make: *** [tests] Error 2


Running "ssh -vvv" produced the following output:
OpenSSH_4.2p1, OpenSSL 0.9.8 05 Jul 2005
debug1: Reading configuration data /etc/ssh/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to gszulg01 [10.64.10.84] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /.ssh/identity type -1
debug1: identity file /.ssh/id_rsa type -1
debug1: identity file /.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_4.1
debug1: match: OpenSSH_4.1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.2
debug2: fd 4 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit:
diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib at openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib at openssh.com,zlib
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: kex_parse_kexinit:
diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
Segmentation Fault (core dumped)

Backtrace is as follows:
# adb core
core file = core -- program ``/usr/bin/ssh'' on platform SUNW,Sun-Fire-V240
SIGSEGV: Segmentation Fault
$C
ffbfee20 bn_sub_words+0x3c(16b850, 16b3e0, 16b400, 7, 1, 9da20)
ffbfee90 bn_mul_recursive+0x40c(1, 20, 0, 10, 0, ffffffff)
ffbfef10 bn_mul_recursive+0x2e4(1, 40, 0, 20, 0, ffffffff)
ffbfef90 bn_mul_recursive+0x2e4(1, 80, 0, 40, 0, ffffffff)
ffbff010 BN_mul+0x2c4(159634, 16b530, 15960c, 159820, 2, 1)
ffbff088 BN_mod_mul_montgomery+0x3c(0, 1595f8, 15960c, 159858, 159820, 80)
ffbff0f8 BN_mod_exp_mont_consttime+0x56c(1595f8, 16b320, 100, d, 159820, 159858)
ffbff180 BN_mod_exp_mont+0x70(156308, 1562a8, ffbff2e0, 156288, 159820, 159858)
ffbff278 generate_key+0x94(15b7f0, 20, 1562e8, 0, 43, 149360)
ffbff308 DH_generate_key+0xc(15b7f0, 1562e8, 20, 0, c3, 0)
ffbff378 dh_gen_key+0x7c(15b7f0, 100, 1f, 7e0, ff000, ff)
ffbff3e8 kexgex_client+0x174(1586d0, 400, 916c8, 4e2fc, 2000, 1000)
ffbff488 kex_input_kexinit+0x5fc(1, 6, 1586d0, 158098, 169c10, 1586e0)
ffbff500 dispatch_run+0x94(0, 158714, 1586d0, 156248, 52ddc, 14e400)
ffbff578 ssh_kex2+0x17c(163688, 140c00, ffbff764, 15625c, 1, 0)
ffbff5e8 ssh_login+0x334(5, ffbff850, 4, 4, 1538b0, 152000)
ffbff860 main+0xce8(152064, 161ca0, 151c00, 151800, 153f48, 153400)
ffbffb20 _start+0x5c(0, 0, 0, 0, 0, 0)

Regards,
Christian

PS: Sorry for asking, but I searched the documentation, the net and even looked
at the configure script, but I didn't find a clue of how to enable debugging
during compile time. Did I miss something, and if so, could you advice of how to
enable debugging?



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.




More information about the openssh-bugs mailing list