[Bug 3666] sshd crash

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Mon Feb 12 18:13:01 AEDT 2024 

https://bugzilla.mindrot.org/show_bug.cgi?id=3666

--- Comment #6 from Pawan Badganchi <pawan.badganchi at kpit.com> ---
(In reply to Darren Tucker from comment #4)
> (In reply to Pawan Badganchi from comment #3)
> > > > What makes you think this is a crash?
> > > 
> > We are checking post test crash for openssh, so there this issue is
> > observed.
> 
> What do you mean by "check post test crash"?  Is there a core dump? 
> If so, can you get a backtrace?  ("gdb /path/to/sshd
> /path/to/coredump" the "bt").

Please find the backtrace below.

(gdb) bt full
#0  0x0000ffffb5aa3c50 in __GI___libc_write (fd=3,
buf=buf at entry=0xffffd89e5fe8, nbytes=36) at
../sysdeps/unix/sysv/linux/write.c:26
        _x2tmp = 36
        _x0tmp = 3
        _x0 = -27
        _x2 = 36
        _x8 = 64
        _x1tmp = 281474316001256
        _x1 = 281474316001256
        _sys_result = <optimized out>
        _sys_result = <optimized out>
        _x0tmp = <optimized out>
        _x0 = <optimized out>
        sc_ret = <optimized out>
        _sys_result = <optimized out>
        _sys_result = <optimized out>
        _x1tmp = <optimized out>
        _x1 = <optimized out>
        sc_cancel_oldtype = <optimized out>
        _x2tmp = <optimized out>
        _x2 = <optimized out>
        _x8 = <optimized out>
#1  0x0000aaaad4054dc4 in do_log (level=level at entry=SYSLOG_LEVEL_FATAL,
fmt=<optimized out>, args=...) at log.c:467
        msgbuf = "mm_log_handler: write: Broken
pipe\r\n\000\000\000\000\360`\236\330\377\377\000\000\354\235\242\265\377\377\000\000\\`\236\330\377\377\000\000\300c\236\330\377\377\000\000\060.000\377\000\000\360a\236\330\377\377\000\000\000\000\000\000\000\000\000\000\060\000\000\000.\000\000\000\060\000\000\000\060\000\000\000\060\000\000\000\377\377\000\000\350\377\377\377\200\377\377\377",
'\000' <repeats 42 times>, "\060r\225\333t\272\342\230\357\006", '\000'
<repeats 43 times>...
        fmtbuf = "mm_log_handler: write: Broken
pipe\000\377\001\000\000\000\377\377\377\377\377\377\377\377`t\236\330\377\377\000\000
\000\000\000\000\000\000\000\063\000\000\000\000\000\000\000\n\000\000\000\377\377\000\000u\000\000\000\000\000\000\000
\000\000\000\203#\024", '\000' <repeats 25 times>,
"\030\004\260\265\377\377\000\000\220d\236\330\377\377\000\000\000j\236\330\377\377\000\000\030\343\244\265\377\377\000\000Pk\236\330\377\377\000\000\377\003\000\000\000\000\000\000\257q\b\324\252\252\000\000\240k\236\330\377\377\000\000x\330\a\324\252\252\000\000\002\000\000\000\000\000\000\000"...
        txt = <optimized out>
        pri = <optimized out>
        saved_errno = <optimized out>
        tmp_handler = <optimized out>
#2  0x0000aaaad405313c in fatal (fmt=<optimized out>) at fatal.c:42
        args = {__stack = 0xffffd89e6970, __gr_top = 0xffffd89e6970,
__vr_top = 0xffffd89e6930, __gr_offs = -56, __vr_offs = -128}
#3  0x0000aaaad4036bfc in mm_log_handler
(level=level at entry=SYSLOG_LEVEL_INFO, msg=msg at entry=0xffffd89e6df8
"Connection closed by authenticating user root UNKNOWN port 65535",
ctx=<optimized out>)
    at monitor_wrap.c:101
        log_msg = 0xaaab05c77c10
        mon = <optimized out>
        r = <optimized out>
        len = <optimized out>
        __func__ = "mm_log_handler"
#4  0x0000aaaad4054cc8 in do_log (level=level at entry=SYSLOG_LEVEL_INFO,
fmt=<optimized out>, args=...) at log.c:462
        msgbuf = "Connection closed by authenticating user root UNKNOWN
port
65535\000\000\000\000\000\000\000\000\060w\346\265\377\377\000\000\000\220\f\324\252\252\000\000\254\222\f\324\252\252\000\000\a\000\000\000\000\000\000\000\220j\236\330\377\377\000\000\234\352\003\324\001\000\000\000\060\024\307\005\253\252\000\000\230\237\f\324\252\252\000\000\240j\236\330\377\377\000\000\350\064\245\265\377\377\000\000\b#\307\005\253\252\000\000\310L\005\324\252\252\000\000
k\236\330\377\377\000\000\340\315\243\265\377\377\000\000&\000\000\000\000\000\000\000\360p\236\330\377\377\000\000"...
        fmtbuf = "Connection closed by authenticating user root UNKNOWN
port 65535\000c delay 0.000ms", '\000' <repeats 16 times>,
"\001\000\000\000\000\000\000\000\000p\342\265\377\377\000\000mm_request_receive
entering\000q\353 )\221\333\033G\307\311\303\270\026BY\351q\353
*\221\333\033G\307\311\303\270\340n\236\330\377\377\000\000d\006\320\265\377\377\000\000\350S\307\005\253\252\000\000\b\000\000\000\000\000\000\000"...
        txt = <optimized out>
        pri = <optimized out>
        saved_errno = <optimized out>
        tmp_handler = 0xaaaad4036b58 <mm_log_handler>
--Type <RET> for more, q to quit, c to continue without paging--
#5  0x0000aaaad4054f78 in logdie (fmt=<optimized out>) at log.c:191
        args = {__stack = 0xffffd89e7380, __gr_top = 0xffffd89e7380,
__vr_top = 0xffffd89e7340, __gr_offs = -56, __vr_offs = -128}
#6  0x0000aaaad4058634 in sshpkt_vfatal (ssh=ssh at entry=0xaaab05c77e50,
r=-52, fmt=fmt at entry=0xaaaad407a38c "%s", ap=...) at packet.c:1860
        tag = 0x0
        remote_id = "authenticating user root UNKNOWN port
65535\000\253\252\000\000\260\217\307\005\253\252\000\000\000\000\000\000\000\000\000\000\b\000\000\000\000\000\000\000<\000\000\000\000\000\000\000\000\200\f\324\252\252\000\000P~\307\005\253\252\000\000\020\000\000\000\000\000\000\000\360t\236\330\377\377\000\000\244\264\245\265\377\377\000\000\b\000\000\000\000\000\000\000(z\264\265\377\377\000\000\020o\346\265\377\377\000\000\340*\001\000\000\000\000\000
\225\307\005\253\252\000\000\000\000\000\000\000\000\000\000\331\265\a\324\252\252\000\000\332/\b\324\252\252\000\000\000\200\a\324\252\252\000\000T\311\a\324\252\252\000\000"...
        oerrno = 1
        __func__ = "sshpkt_vfatal"
#7  0x0000aaaad40587bc in sshpkt_fatal (ssh=ssh at entry=0xaaab05c77e50,
r=<optimized out>, fmt=fmt at entry=0xaaaad407a38c "%s") at packet.c:1908
        ap = {__stack = 0xffffd89e7730, __gr_top = 0xffffd89e7730,
__vr_top = 0xffffd89e7700, __gr_offs = -40, __vr_offs = -128}
#8  0x0000aaaad405ce40 in ssh_dispatch_run_fatal
(ssh=ssh at entry=0xaaab05c77e50, mode=mode at entry=0,
done=done at entry=0xaaab05c76be0) at dispatch.c:134
        r = <optimized out>
        __func__ = "ssh_dispatch_run_fatal"
#9  0x0000aaaad4029bf0 in do_authentication2 (ssh=0xaaab05c77e50) at
auth2.c:178
        authctxt = 0xaaab05c76be0
#10 0x0000aaaad401ea50 in main (ac=<optimized out>, av=<optimized out>)
at sshd.c:2200
        ssh = 0xaaab05c77e50
        r = <optimized out>
        opt = <optimized out>
        on = 1
        already_daemon = <optimized out>
        remote_port = 65535
        sock_in = <optimized out>
        sock_out = <optimized out>
        newsock = <optimized out>
        remote_ip = 0xaaab05c76f50 "UNKNOWN"
        rdomain = <optimized out>
        fp = <optimized out>
        line = <optimized out>
        laddr = <optimized out>
        logfile = <optimized out>
        config_s = {-1, -1}
        i = <optimized out>
        j = <optimized out>
        ibytes = 281470681743560
        obytes = 187651416129664
        new_umask = <optimized out>
        key = 0xaaab05c59900
        pubkey = 0xaaab05c6cab0
        keytype = <optimized out>
        authctxt = 0xaaab05c76be0
        connection_info = <optimized out>
        __func__ = "main"
(gdb)

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

More information about the openssh-bugs mailing list