| Summary: | ssh segmentation fault | ||
|---|---|---|---|
| Product: | Portable OpenSSH | Reporter: | qianliguo <qianliguo2002> |
| Component: | ssh | Assignee: | Assigned to nobody <unassigned-bugs> |
| Status: | CLOSED INVALID | ||
| Severity: | critical | CC: | djm, dtucker |
| Priority: | P1 | ||
| Version: | 4.6p1 | ||
| Hardware: | ARM | ||
| OS: | Linux | ||
|
Description
qianliguo
2008-02-28 13:43:36 AEDT
# strace ssh
execve("/usr/bin/ssh", ["ssh"], [/* 16 vars */]) = 0
mmap2(NULL, 20, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40005000
stat("/etc/ld.so.cache", {st_mode=S_IFREG|0644, st_size=1796, ...}) = 0
open("/etc/ld.so.cache", O_RDONLY) = 4
mmap2(NULL, 1796, PROT_READ, MAP_SHARED, 4, 0) = 0x40006000
close(4) = 0
open("/lib/libcrypto.so.0.9.8", O_RDONLY) = 4
fstat(4, {st_mode=S_IFREG|0644, st_size=1136576, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40007000
read(4, "\177ELF\1\1\1a\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0,X\3\0004"..., 4096) = 4096
mmap2(NULL, 1183744, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x4000e000
mmap2(0x4000e000, 1060052, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 4, 0) = 0x4000e000
mmap2(0x40119000, 74620, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 4, 0x103) = 0x40119000
mmap2(0x4012c000, 10364, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x4012c000
close(4) = 0
munmap(0x40007000, 4096) = 0
open("/lib/libutil.so.0", O_RDONLY) = 4
fstat(4, {st_mode=S_IFREG|0644, st_size=4656, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40007000
read(4, "\177ELF\1\1\1a\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0008\10\0\000"..., 4096) = 4096
mmap2(NULL, 36864, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x4012f000
mmap2(0x4012f000, 3160, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 4, 0) = 0x4012f000
mmap2(0x40137000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 4, 0) = 0x40137000
close(4) = 0
munmap(0x40007000, 4096) = 0
open("/lib/libz.so.1", O_RDONLY) = 4
fstat(4, {st_mode=S_IFREG|0644, st_size=71984, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40007000
read(4, "\177ELF\1\1\1a\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\304\26\0"..., 4096) = 4096
mmap2(NULL, 106496, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40138000
mmap2(0x40138000, 70176, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 4, 0) = 0x40138000
mmap2(0x40151000, 1260, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 4, 0x11) = 0x40151000
close(4) = 0
munmap(0x40007000, 4096) = 0
open("/lib/libcrypt.so.0", O_RDONLY) = 4
fstat(4, {st_mode=S_IFREG|0644, st_size=12892, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40007000
read(4, "\177ELF\1\1\1a\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\234\4\0\000"..., 4096) = 4096
mmap2(NULL, 118784, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40152000
mmap2(0x40152000, 9380, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 4, 0) = 0x40152000
mmap2(0x4015c000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 4, 0x2) = 0x4015c000
mmap2(0x4015d000, 70864, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x4015d000
close(4) = 0
munmap(0x40007000, 4096) = 0
open("/lib/libresolv.so.0", O_RDONLY) = 4
fstat(4, {st_mode=S_IFREG|0644, st_size=4640, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40007000
read(4, "\177ELF\1\1\1a\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\204\2\0\000"..., 4096) = 4096
mmap2(NULL, 36864, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x4016f000
mmap2(0x4016f000, 668, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 4, 0) = 0x4016f000
mmap2(0x40177000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 4, 0) = 0x40177000
close(4) = 0
munmap(0x40007000, 4096) = 0
open("/lib/libgcc_s.so.1", O_RDONLY) = 4
fstat(4, {st_mode=S_IFREG|0644, st_size=31736, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40007000
read(4, "\177ELF\1\1\1a\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0X\25\0\000"..., 4096) = 4096
mmap2(NULL, 65536, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40178000
mmap2(0x40178000, 28800, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 4, 0) = 0x40178000
mmap2(0x40187000, 548, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 4, 0x7) = 0x40187000
close(4) = 0
munmap(0x40007000, 4096) = 0
open("/lib/libc.so.0", O_RDONLY) = 4
fstat(4, {st_mode=S_IFREG|0644, st_size=309856, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40007000
read(4, "\177ELF\1\1\1a\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0 \251\0\000"..., 4096) = 4096
mmap2(NULL, 360448, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40188000
mmap2(0x40188000, 303940, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 4, 0) = 0x40188000
mmap2(0x401da000, 5172, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 4, 0x4a) = 0x401da000
mmap2(0x401dc000, 16020, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x401dc000
close(4) = 0
munmap(0x40007000, 4096) = 0
open("/lib/libdl.so.0", O_RDONLY) = 4
fstat(4, {st_mode=S_IFREG|0644, st_size=8900, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40007000
read(4, "\177ELF\1\1\1a\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0(\10\0\000"..., 4096) = 4096
mmap2(NULL, 40960, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x401e0000
mmap2(0x401e0000, 5868, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 4, 0) = 0x401e0000
mmap2(0x401e9000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 4, 0x1) = 0x401e9000
close(4) = 0
munmap(0x40007000, 4096) = 0
open("/lib/libgcc_s.so.1", O_RDONLY) = 4
fstat(4, {st_mode=S_IFREG|0644, st_size=31736, ...}) = 0
close(4) = 0
open("/lib/libc.so.0", O_RDONLY) = 4
fstat(4, {st_mode=S_IFREG|0644, st_size=309856, ...}) = 0
close(4) = 0
open("/lib/libc.so.0", O_RDONLY) = 4
fstat(4, {st_mode=S_IFREG|0644, st_size=309856, ...}) = 0
close(4) = 0
open("/lib/libgcc_s.so.1", O_RDONLY) = 4
fstat(4, {st_mode=S_IFREG|0644, st_size=31736, ...}) = 0
close(4) = 0
open("/lib/libc.so.0", O_RDONLY) = 4
fstat(4, {st_mode=S_IFREG|0644, st_size=309856, ...}) = 0
close(4) = 0
open("/lib/libc.so.0", O_RDONLY) = 4
fstat(4, {st_mode=S_IFREG|0644, st_size=309856, ...}) = 0
close(4) = 0
open("/lib/libc.so.0", O_RDONLY) = 4
fstat(4, {st_mode=S_IFREG|0644, st_size=309856, ...}) = 0
close(4) = 0
open("/lib/libc.so.0", O_RDONLY) = 4
fstat(4, {st_mode=S_IFREG|0644, st_size=309856, ...}) = 0
close(4) = 0
open("/lib/libc.so.0", O_RDONLY) = 4
fstat(4, {st_mode=S_IFREG|0644, st_size=309856, ...}) = 0
close(4) = 0
munmap(0x40006000, 1796) = 0
stat("/lib/ld-uClibc.so.0", {st_mode=S_IFREG|0755, st_size=21096, ...}) = 0
mprotect(0x40137000, 4096, PROT_READ) = 0
mprotect(0x4015c000, 4096, PROT_READ) = 0
mprotect(0x40177000, 4096, PROT_READ) = 0
mprotect(0x401da000, 4096, PROT_READ) = 0
mprotect(0x401e9000, 4096, PROT_READ) = 0
mprotect(0x4000c000, 4096, PROT_READ) = 0
ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, {B115200 opost isig icanon echo ...}) = 0
ioctl(1, SNDCTL_TMR_TIMEBASE or TCGETS, {B115200 opost isig icanon echo ...}) = 0
open("/dev/null", O_RDWR|O_LARGEFILE) = 4
close(4) = 0
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
+++ killed by SIGSEGV +++
Process 343 detached
Unfortunately the strace is not very helpful. Can you run ssh under a debugger and get a stack trace? Did you not read the notice asking not to post long debug traces? Please provide output from running ssh under gdb. It isn't entirely clear that you have even made it into ssh code from ld.so and crt0. |