Bugzilla – Attachment 431 Details for
Bug 687
sshd segfaults under Solaris 2.6
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
truss output and gdb traces
crash (text/plain), 10.71 KB, created by
Martin Siegert
on 2003-09-19 14:58:04 AEST
(
hide
)
Description:
truss output and gdb traces
Filename:
MIME Type:
Creator:
Martin Siegert
Created:
2003-09-19 14:58:04 AEST
Size:
10.71 KB
patch
obsolete
>truss output: > >debug1: auth2_challenge_start: trying authentication method 'pam' >24304: write(2, " d e b u g 1 : a u t h".., 67) = 67 >24304: so_socket(1, 2, 0, "", 1) = 3 >24304: so_socket(1, 2, 0, "", 1) = 9 >24304: so_socketpair(0xEFFFEDA8) = 0 >24304: close(3) = 0 >24304: fork() = 24565 >24565: fork() (returning as child ...) = 24304 >24565: stat64("/usr/lib/security/pam_unix.so.1", 0xEFFFEA88) = 0 >24565: open("/usr/lib/security/pam_unix.so.1", O_RDONLY) = 3 >24565: fstat(3, 0xEFFFE874) = 0 >24565: mmap(0x00000000, 8192, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0xEF770000 >24565: mmap(0x00000000, 163840, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0xEF390000 >24565: munmap(0xEF3A4000, 57344) = 0 >24565: mmap(0xEF3B2000, 17724, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 73728) = 0xEF3B2000 >24565: close(3) = 0 >24565: munmap(0xEF770000, 8192) = 0 >24565: door_info(7, 0xEFFFDD10) = 0 >24565: door_call(7, 0xEFFFDCF8) = 0 >24565: open("/etc/shadow", O_RDONLY) = 3 >24565: fstat64(3, 0xEFFFDF10) = 0 >24565: ioctl(3, TCGETA, 0xEFFFDE9C) Err#25 ENOTTY >24565: read(3, " r o o t : x x x x x x x".., 8192) = 598 >24565: open("/etc/nsswitch.conf", O_RDONLY) = 11 >24565: fstat64(11, 0xEFFFDDD0) = 0 >24565: brk(0x0009BEA0) = 0 >24565: brk(0x0009DEA0) = 0 >24565: ioctl(11, TCGETA, 0xEFFFDD5C) Err#25 ENOTTY >24565: read(11, " #\n # / e t c / n s s".., 8192) = 680 >24565: read(11, 0x0009B89C, 8192) = 0 >24565: llseek(11, 0, SEEK_CUR) = 680 >24565: close(11) = 0 >24565: getpid() = 24565 [24304] >24565: fstat(8, 0xEFFFDC80) = 0 >24565: sigprocmask(SIG_SETMASK, 0xEFFFDC78, 0xEFFFDC68) = 0 >24565: close(8) = 0 >24565: sigprocmask(SIG_SETMASK, 0xEFFFDC68, 0x00000000) = 0 >24565: open("/var/yp/binding/sfu.ca/cache_binding", O_RDONLY) = 8 >24565: fcntl(8, F_GETLK, 0xEFFFDB94) = 0 >24565: fstat64(8, 0xEFFFD940) = 0 >24565: ioctl(8, TCGETA, 0xEFFFD8CC) Err#25 ENOTTY >24565: read(8, "\0\0\001\0\0\001\0\0\001".., 8192) = 152 >24565: llseek(8, 0, SEEK_CUR) = 152 >24565: close(8) = 0 >24565: llseek(8, 0, SEEK_CUR) Err#9 EBADF >24565: open("/dev/udp", O_RDWR) = 8 >24565: ioctl(8, I_FIND, "timod") = 0 >24565: ioctl(8, I_PUSH, "timod") = 0 >24565: sigprocmask(SIG_SETMASK, 0xEFFFDC68, 0xEFFFDC58) = 0 >24565: ioctl(8, I_STR, 0xEFFFDAE0) = 0 >24565: sigprocmask(SIG_SETMASK, 0xEFFFDC58, 0x00000000) = 0 >24565: ioctl(8, I_FLUSH, FLUSHRW) = 0 >24565: sigprocmask(SIG_SETMASK, 0xEFFFDC68, 0xEFFFDC58) = 0 >24565: ioctl(8, I_STR, 0xEFFFDBD0) = 0 >24565: sigprocmask(SIG_SETMASK, 0xEFFFDC58, 0x00000000) = 0 >24565: ioctl(8, I_STR, 0xEFFFDAD8) = 0 >24565: brk(0x0009DEA0) = 0 >24565: brk(0x0009FEA0) = 0 >24565: getpid() = 24565 [24304] >24565: ioctl(8, I_STR, 0xEFFFDB24) = 0 >24565: fstat(8, 0xEFFFDC6C) = 0 >24565: fcntl(8, F_SETFD, 0x00000001) = 0 >24565: fstat(8, 0xEFFFDD40) = 0 >24565: putmsg(8, 0xEFFFDC2C, 0xEFFFDD6C, 0) = 0 >24565: poll(0x0009B90C, 1, 15000) = 1 >24565: getmsg(8, 0xEFFFDC28, 0x00080970, 0xEFFFDC54) = 0 >24565: getpid() = 24565 [24304] >24565: fstat(8, 0xEFFFDC38) = 0 >24565: putmsg(8, 0xEFFFDB24, 0xEFFFDC64, 0) = 0 >24565: poll(0x0009B90C, 1, 15000) = 1 >24565: getmsg(8, 0xEFFFDB20, 0x00080970, 0xEFFFDB4C) = 0 >24565: getpid() = 24565 [24304] >24565: fstat(8, 0xEFFFDC38) = 0 >24565: putmsg(8, 0xEFFFDB24, 0xEFFFDC64, 0) = 0 >24565: poll(0x0009B90C, 1, 15000) = 1 >24565: getmsg(8, 0xEFFFDB20, 0x00080970, 0xEFFFDB4C) = 0 >24565: getpid() = 24565 [24304] >24565: fstat(8, 0xEFFFDC38) = 0 >24565: putmsg(8, 0xEFFFDB24, 0xEFFFDC64, 0) = 0 >24565: poll(0x0009B90C, 1, 15000) = 1 >24565: getmsg(8, 0xEFFFDB20, 0x00080970, 0xEFFFDB4C) = 0 >24565: llseek(3, 0xFFFFFFFFFFFFFFC7, SEEK_CUR) = 541 >24565: close(3) = 0 >24565: Incurred fault #6, FLTBOUNDS %pc = 0x00031730 >24565: siginfo: SIGSEGV SEGV_MAPERR addr=0x00000008 >24565: Received signal #11, SIGSEGV [default] >24565: siginfo: SIGSEGV SEGV_MAPERR addr=0x00000008 >24565: *** process killed *** >24304: read(10, 0xEFFFEC78, 4) (sleeping...) > >======================================================================== > >Parent: >debug1: auth2_challenge_start: trying authentication method 'pam' > >Breakpoint 1, pthread_create (thread=0x869f0, attr=0x0, > thread_start=0x31824 <sshpam_thread>, arg=0x869f0) at auth-pam.c:84 >84 switch ((pid = fork())) { >(gdb) cont >Continuing. >debug3: ssh_msg_recv entering >^C >Program received signal SIGINT, Interrupt. >0xef438680 in _read () from /usr/lib/libc.so.1 >(gdb) where >#0 0xef438680 in _read () from /usr/lib/libc.so.1 >#1 0x410b0 in atomicio (f=0x741a8 <read>, fd=10, _s=0xefffec30, n=4) > at atomicio.c:45 >#2 0x4597c in ssh_msg_recv (fd=10, m=0xefffece0) at msg.c:58 >#3 0x31e70 in sshpam_query (ctx=0x869f0, name=0xefffed9c, info=0xefffed98, > num=0x869e4, prompts=0xefffed94, echo_on=0xefffed90) at auth-pam.c:434 >#4 0x289d8 in send_userauth_info_request (authctxt=0x7fd98) > at auth2-chall.c:223 >#5 0x28978 in auth2_challenge_start (authctxt=0x7fd98) at auth2-chall.c:203 >#6 0x288c4 in auth2_challenge (authctxt=0x7fd98, devs=0x8c8c0 "") > at auth2-chall.c:168 >#7 0x293dc in userauth_kbdint (authctxt=0x7fd98) at auth2-kbdint.c:50 >#8 0x242c4 in input_userauth_request (type=50, seq=7, ctxt=0x7fd98) > at auth2.c:204 >#9 0x42a1c in dispatch_run (mode=0, done=0x7fd98, ctxt=0x7fd98) > at dispatch.c:93 >#10 0x23ef4 in do_authentication2 () at auth2.c:101 >#11 0x1cec4 in main (ac=37, av=0xffffffff) at sshd.c:1479 >(gdb) quit > >============================================================================= > >child: >[this trace was generated by inserting a sleep(20); line into auth-pam.c >in pthread_create: > > case 0: > sleep(20); > thread_start(arg); > _exit(1); > >and then attaching gdb to the child: > ># gdb sshd 10250 >GNU gdb 4.18 >Copyright 1998 Free Software Foundation, Inc. >GDB is free software, covered by the GNU General Public License, and you are >welcome to change it and/or distribute copies of it under certain conditions. >Type "show copying" to see the conditions. >There is absolutely no warranty for GDB. Type "show warranty" for details. >This GDB was configured as "sparc-sun-solaris2.6"... > >/usr/LOCAL/src/openssh-3.7.1p1/10250: No such file or directory. >Attaching to program `/usr/LOCAL/src/openssh-3.7.1p1/sshd', process 10250 >Reading symbols from /usr/lib/libpam.so.1...done. >Reading symbols from /usr/lib/libdl.so.1...done. >Reading symbols from /usr/lib/libposix4.so.1...done. >Reading symbols from /usr/lib/libsocket.so.1...done. >Reading symbols from /usr/lib/libnsl.so.1...done. >Reading symbols from /usr/local/lib/libcrypto.so.0.9.7...done. >Reading symbols from /usr/lib/libc.so.1...done. >Reading symbols from /usr/lib/libaio.so.1...done. >Reading symbols from /usr/lib/libmp.so.2...done. >Reading symbols from /usr/platform/SUNW,Ultra-250/lib/libc_psr.so.1...done. >Reading symbols from /usr/lib/nss_files.so.1...done. >Reading symbols from /usr/lib/nss_compat.so.1...done. >Reading symbols from /usr/lib/nss_nis.so.1...done. >Symbols already loaded for /usr/lib/libpam.so.1 >Symbols already loaded for /usr/lib/libdl.so.1 >Symbols already loaded for /usr/lib/libposix4.so.1 >Symbols already loaded for /usr/lib/libsocket.so.1 >Symbols already loaded for /usr/lib/libnsl.so.1 >Symbols already loaded for /usr/local/lib/libcrypto.so.0.9.7 >Symbols already loaded for /usr/lib/libc.so.1 >Symbols already loaded for /usr/lib/libaio.so.1 >Symbols already loaded for /usr/lib/libmp.so.2 >Symbols already loaded for /usr/platform/SUNW,Ultra-250/lib/libc_psr.so.1 >Symbols already loaded for /usr/lib/nss_files.so.1 >Symbols already loaded for /usr/lib/nss_compat.so.1 >Symbols already loaded for /usr/lib/nss_nis.so.1 >0xef438c44 in _sigsuspend () from /usr/lib/libc.so.1 >(gdb) where >#0 0xef438c44 in _sigsuspend () from /usr/lib/libc.so.1 >#1 0xef44de0c in _libc_sleep () from /usr/lib/libc.so.1 >#2 0x31628 in pthread_create (thread=0x869f0, attr=0x0, > thread_start=0x31824 <sshpam_thread>, arg=0x869f0) at auth-pam.c:89 >#3 0x31c1c in sshpam_init_ctx (authctxt=0x7fd98) at auth-pam.c:354 >#4 0x28964 in auth2_challenge_start (authctxt=0x7fd98) at auth2-chall.c:199 >#5 0x288c4 in auth2_challenge (authctxt=0x7fd98, devs=0x8c8c0 "") > at auth2-chall.c:168 >#6 0x293dc in userauth_kbdint (authctxt=0x7fd98) at auth2-kbdint.c:50 >#7 0x242c4 in input_userauth_request (type=50, seq=7, ctxt=0x7fd98) > at auth2.c:204 >#8 0x42a1c in dispatch_run (mode=0, done=0x7fd98, ctxt=0x7fd98) > at dispatch.c:93 >#9 0x23ef4 in do_authentication2 () at auth2.c:101 >#10 0x1cec4 in main (ac=37, av=0xffffffff) at sshd.c:1479 >(gdb) where >#0 0xef438c44 in _sigsuspend () from /usr/lib/libc.so.1 >#1 0xef44de0c in _libc_sleep () from /usr/lib/libc.so.1 >#2 0x31628 in pthread_create (thread=0x869f0, attr=0x0, > thread_start=0x31824 <sshpam_thread>, arg=0x869f0) at auth-pam.c:89 >#3 0x31c1c in sshpam_init_ctx (authctxt=0x7fd98) at auth-pam.c:354 >#4 0x28964 in auth2_challenge_start (authctxt=0x7fd98) at auth2-chall.c:199 >#5 0x288c4 in auth2_challenge (authctxt=0x7fd98, devs=0x8c8c0 "") > at auth2-chall.c:168 >#6 0x293dc in userauth_kbdint (authctxt=0x7fd98) at auth2-kbdint.c:50 >#7 0x242c4 in input_userauth_request (type=50, seq=7, ctxt=0x7fd98) > at auth2.c:204 >#8 0x42a1c in dispatch_run (mode=0, done=0x7fd98, ctxt=0x7fd98) > at dispatch.c:93 >#9 0x23ef4 in do_authentication2 () at auth2.c:101 >#10 0x1cec4 in main (ac=37, av=0xffffffff) at sshd.c:1479 >(gdb) cont >Continuing. > >Program received signal SIGTRAP, Trace/breakpoint trap. >0xef7c9e38 in ?? () >(gdb) where >#0 0xef7c9e38 in ?? () >#1 0xef7cd12c in ?? () >#2 0xef7cd278 in ?? () >#3 0xef78375c in open_module () from /usr/lib/libpam.so.1 >#4 0xef7832c0 in load_modules () from /usr/lib/libpam.so.1 >#5 0xef7821e8 in pam_authenticate () from /usr/lib/libpam.so.1 >#6 0x318a4 in sshpam_thread (ctxtp=0x77800) at auth-pam.c:219 >#7 0x31630 in pthread_create (thread=0x869f0, attr=0x0, > thread_start=0x31824 <sshpam_thread>, arg=0x869f0) at auth-pam.c:90 >#8 0x31c1c in sshpam_init_ctx (authctxt=0x7fd98) at auth-pam.c:354 >#9 0x28964 in auth2_challenge_start (authctxt=0x7fd98) at auth2-chall.c:199 >#10 0x288c4 in auth2_challenge (authctxt=0x7fd98, devs=0x8c8c0 "") > at auth2-chall.c:168 >#11 0x293dc in userauth_kbdint (authctxt=0x7fd98) at auth2-kbdint.c:50 >#12 0x242c4 in input_userauth_request (type=50, seq=7, ctxt=0x7fd98) > at auth2.c:204 >#13 0x42a1c in dispatch_run (mode=0, done=0x7fd98, ctxt=0x7fd98) > at dispatch.c:93 >#14 0x23ef4 in do_authentication2 () at auth2.c:101 >#15 0x1cec4 in main (ac=37, av=0xffffffff) at sshd.c:1479 >(gdb) up 6 >#6 0x318a4 in sshpam_thread (ctxtp=0x77800) at auth-pam.c:219 >219 sshpam_err = pam_authenticate(sshpam_handle, 0); >(gdb) p sshpam_handle >$1 = (pam_handle_t *) 0x89db0 >(gdb) p pam_user >$2 = 0x7c100 "siegert" >(gdb) quit >The program is running. Quit anyway (and detach it)? (y or n) y >Detaching from program: /usr/LOCAL/src/openssh-3.7.1p1/sshd LWP 1
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=431">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 687
: 431 |
495