Hello,
Same problem here since 1:10.0p1-2 was migrated to testing yesterday.
sshd-session crashes with SIGSEGV at "random" intervals (but many times
in a row, sometimes)
I've tried logging from different systems and openssh versions (Debian
testing, stable, Mint 22.1, Connectbot on Android), and authentication
methods (password, pubkey), all crashed sometimes but I couldn't find a
pattern.
It seems (but I'm' not sure) that there is less chances to crash when
using password authentication (PubkeyAuthentication=no).
Also, on mys system it's easier to cause a crash when logging from the
server itself (either by loopback or ethernet IP address)
Reconfiguring libpam-runtime to exclude ecryptfs doesn't make any
difference, it still crashes
From the client view (-vvv) the connection is reset at different points,
sometimes after the local version string is shown, with an error message:
debug1: Local version string SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u5
debug1: kex_exchange_identification: banner line 0: Not allowed at
this time
kex_exchange_identification: Connection closed by remote host
Connection closed by fe80::... port 22
Sometimes after sending public key
debug1: Next authentication method: publickey
debug1: Offering public key: /home/michel/.ssh/id_rsa RSA
SHA256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx agent
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
Connection closed by fe80::... port 22
As advised I tried installing systemd-coredump, valgrind and also
debuginfod, then modified the script
/usr/local/bin/sshd-session-valgrind like this
DEBUGINFOD_URLS=https://debuginfod.debian.net/ exec valgrind
--leak-check=full --enable-debuginfod=yes /usr/lib/openssh/sshd-session "$@"
Now valgrind shows the name of a function
avril 29 19:57:25 odysseus sshd[4019365]: ==4019365== Cannot map
memory to grow the stack for thread #1 to 0x1ffeffc000
avril 29 19:57:25 odysseus sshd[4019365]: ==4019365==
avril 29 19:57:25 odysseus sshd[4019365]: ==4019365== Process
terminating with default action of signal 11 (SIGSEGV): dumping core
avril 29 19:57:25 odysseus sshd[4019365]: ==4019365== Access not
within mapped region at address 0x1FFEFFCD78
avril 29 19:57:25 odysseus sshd[4019365]: ==4019365== Cannot map
memory to grow the stack for thread #1 to 0x1ffeffc000
avril 29 19:57:25 odysseus sshd[4019365]: ==4019365== at
0x1BCBC9: glob0 (glob.c:476)
Unfortunately I couldn't get a coredump
avril 29 19:57:25 odysseus systemd[1]: Started
systemd-coredump@15-4019403-0.service - Process Core Dump (PID
4019403/UID 0).
avril 29 19:57:25 odysseus systemd-coredump[4019404]: Resource
limits disable core dumping for process 4019365 (memcheck-amd64-).
avril 29 19:57:25 odysseus systemd-coredump[4019404]: [🡕] Process
4019365 (memcheck-amd64-) of user 0 terminated abnormally without
generating a coredump.
avril 29 19:57:25 odysseus systemd[1]:
systemd-coredump@15-4019403-0.service: Deactivated successfully.
No idea why, I thought installing systemd-coredump pushed the limits
Please let me know if you want more tests / logs
Thanks!
