[Bug 2908] New: I found that SSHD will crash when I start the application, another applications are same

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Tue Sep 25 02:08:14 AEST 2018


https://bugzilla.mindrot.org/show_bug.cgi?id=2908

            Bug ID: 2908
           Summary: I found that SSHD will crash when I start the
                    application, another applications are same
           Product: Portable OpenSSH
           Version: 7.7p1
          Hardware: ARM
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: sshd
          Assignee: unassigned-bugs at mindrot.org
          Reporter: chengyao.diao at gmail.com

Created attachment 3180
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3180&action=edit
The assembly code for main function

Configure:
./configure --prefix=/usr --target=arm-none-linux-gnueabi
--host=arm-none-linux-gnueabi --build=i686-pc-linux-gnu --prefix=/usr
--with-ssl-engine
--with-ssl-dir=/export/local/hdiao/openssl/install_1.02/usr --with-pam 
CFLAGS='-I/export/local/hdiao/zlib/zlib_install/usr/include/
-I/export/local/hdiao/linux_pam/linux_pam_install/usr/include'
LDFLAGS='-L/export/local/hdiao/zlib/zlib_install/usr/lib
-L/export/local/hdiao/linux_pam/linux_pam_install/lib '
--exec-prefix=/usr --sysconfdir=/etc --localstatedir=/var
--program-prefix="" --disable-gtk-doc --disable-gtk-doc-html
--disable-doc --disable-docs --disable-documentation --with-xmlto=no
--with-fop=no --disable-dependency-tracking --enable-ipv6 --disable-nls
--disable-static --enable-shared  --disable-prelude --disable-isadir
--disable-nis --disable-db --disable-regenerate-docu --libdir=/lib
--disable-selinux


Startup SSHD
Quit anyway? (y or n) y
root at sitara-platform:~# gdb /usr/sbin/sshd
GNU gdb (GDB) 7.4
Copyright (C) 2012 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
<http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show
copying"
and "show warranty" for details.
This GDB was configured as "arm-unknown-linux-gnueabi".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /usr/sbin/sshd...(no debugging symbols
found)...done.
(gdb) set height 0
(gdb) b main
Breakpoint 1 at 0xbca8
(gdb) r
Starting program: /usr/sbin/sshd
warning: Unable to find libthread_db matching inferior's thread
library, thread                                                        
          debugging will not be available.

Breakpoint 1, 0x400b6ca8 in main ()
(gdb) bt
#0  0x400b6ca8 in main ()
(gdb) i r
r0             0x1      1
r1             0xbef6ee34       3203853876
r2             0xbef6ee3c       3203853884
r3             0x400b6ca8       1074490536
r4             0x4018331c       1075327772
r5             0x0      0
r6             0x400b1f98       1074470808
r7             0x0      0
r8             0x0      0
r9             0x0      0
r10            0x40210000       1075904512
r11            0x0      0
r12            0x405a3958       1079654744
sp             0xbef6ece8       0xbef6ece8
lr             0x40490fd4       1078530004
pc             0x400b6ca8       0x400b6ca8 <main>
cpsr           0x60000010       1610612752
(gdb) c
Continuing.

Program received signal SIGSEGV, Segmentation fault.
0x400b6cd8 in main ()
(gdb) bt
#0  0x400b6cd8 in main ()
(gdb) q
A debugging session is active.

        Inferior 1 [process 1866] will be killed.

Quit anyway? (y or n) y
root at sitara-platform:~# gdb /usr/sbin/sshd
GNU gdb (GDB) 7.4
Copyright (C) 2012 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
<http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show
copying"
and "show warranty" for details.
This GDB was configured as "arm-unknown-linux-gnueabi".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /usr/sbin/sshd...(no debugging symbols
found)...done.
(gdb) b main
Breakpoint 1 at 0xbca8
(gdb) r
Starting program: /usr/sbin/sshd
warning: Unable to find libthread_db matching inferior's thread
library, thread                                                        
          debugging will not be available.

Breakpoint 1, 0x400eaca8 in main ()
(gdb) set heigt 0
No symbol "heigt" in current context.
(gdb) set height 0
(gdb) c
Continuing.

Program received signal SIGSEGV, Segmentation fault.
0x400eacd8 in main ()
(gdb) i r
r0             0xbecb0c50       3200978000
r1             0xbecb0e34       3200978484
r2             0x105c68 1072232
r3             0x654    1620
r4             0x401b731c       1075540764
r5             0x0      0
r6             0x400e5f98       1074683800
r7             0x0      0
r8             0x0      0
r9             0x0      0
r10            0x40220000       1075970048
r11            0xbecb0ce4       3200978148
r12            0x405ae958       1079699800
sp             0xbecb0ba0       0xbecb0ba0
lr             0x4049bfd4       1078575060
pc             0x400eacd8       0x400eacd8 <main+48>
cpsr           0x60000010       1610612752
(gdb) x /i $pc
=> 0x400eacd8 <main+48>:        ldr     r3, [r0, r3]
(gdb) disassemble main
Dump of assembler code for function main:
   0x400eaca8 <+0>:     push    {r4, r11, lr}
   0x400eacac <+4>:     add     r11, sp, #8
   0x400eacb0 <+8>:     sub     sp, sp, #316    ; 0x13c
   0x400eacb4 <+12>:    ldr     r2, [pc, #3896] ; 0x400ebbf4
<main+3916>
   0x400eacb8 <+16>:    str     r2, [r11, #-304]        ; 0x130
   0x400eacbc <+20>:    ldr     r3, [r11, #-304]        ; 0x130
   0x400eacc0 <+24>:    add     r3, pc, r3
   0x400eacc4 <+28>:    str     r3, [r11, #-304]        ; 0x130
   0x400eacc8 <+32>:    str     r0, [r11, #-248]        ; 0xf8
   0x400eaccc <+36>:    str     r1, [r11, #-252]        ; 0xfc
   0x400eacd0 <+40>:    ldr     r3, [pc, #3872] ; 0x400ebbf8
<main+3920>
   0x400eacd4 <+44>:    ldr     r0, [r11, #-300]        ; 0x12c
=> 0x400eacd8 <+48>:    ldr     r3, [r0, r3]
   0x400eacdc <+52>:    ldr     r3, [r3]
   0x400eace0 <+56>:    str     r3, [r11, #-16]
   0x400eace4 <+60>:    mov     r3, #0
   0x400eace8 <+64>:    str     r3, [r11, #-28]
   0x400eacec <+68>:    mov     r3, #1



I also found something weird. There are some invalid instructions when
I disassembled main function.



   0x400ebcb8 <+4112>:  ldrdeq  r1, [r0], -r4
   0x400ebcbc <+4116>:                  ; <UNDEFINED> instruction:
0x000011b0
   0x400ebcc0 <+4120>:                  ; <UNDEFINED> instruction:
0xfffc799c
   0x400ebcc4 <+4124>:                  ; <UNDEFINED> instruction:
0xfffc79b8
   0x400ebcc8 <+4128>:                  ; <UNDEFINED> instruction:
0xfffc79c0
   0x400ebccc <+4132>:                  ; <UNDEFINED> instruction:
0xfffc79c8

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list