Bug#953035: openssh-client: SIGABRT with “corrupted size vs. prev_size”
Package: openssh-client
Version: 1:8.2p1-4
Severity: normal
An ssh session with port forwarding just crashed for me.
Backtrace:
(gdb) bt
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1 0xf7a75513 in __GI_abort () at abort.c:79
#2 0xf7acc82c in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0xf7bd4a3a "%s\n")
at ../sysdeps/posix/libc_fatal.c:181
#3 0xf7ad2b38 in malloc_printerr (str=str@entry=0xf7bd2b56 "corrupted size vs. prev_size") at malloc.c:5366
#4 0xf7ad3325 in unlink_chunk (p=p@entry=0x57634968, av=0xf7c06880 <main_arena>) at malloc.c:1468
#5 0xf7ad460b in _int_free (av=<optimized out>, p=0x57634878, have_lock=<optimized out>) at malloc.c:4354
#6 0x565b7422 in channel_garbage_collect (c=0x57634880, ssh=0x576267d0) at ../../channels.c:2417
#7 channel_handler (ssh=ssh@entry=0x576267d0, table=table@entry=0, readset=<optimized out>,
writeset=<optimized out>, unpause_secs=unpause_secs@entry=0xfff54ac8) at ../../channels.c:2464
#8 0x565b7f62 in channel_prepare_select (ssh=ssh@entry=0x576267d0, readsetp=readsetp@entry=0xfff54ab8,
writesetp=writesetp@entry=0xfff54abc, maxfdp=maxfdp@entry=0xfff54ac0, nallocp=nallocp@entry=0xfff54ac4,
minwait_secs=minwait_secs@entry=0xfff54ac8) at ../../channels.c:2523
#9 0x56595d35 in client_wait_until_can_do_something (rekeying=0, nallocp=0xfff54ac4, maxfdp=0xfff54ac0,
writesetp=0xfff54abc, readsetp=0xfff54ab8, ssh=0x576267d0) at ../../clientloop.c:524
#10 client_loop (ssh=<optimized out>, have_pty=1, escape_char_arg=<optimized out>, ssh2_chan_id=<optimized out>)
at ../../clientloop.c:1379
#11 0x56589c54 in ssh_session2 (pw=<optimized out>, pw=<optimized out>, ssh=0x576267d0) at ../../ssh.c:2077
#12 main (ac=<optimized out>, av=<optimized out>) at ../../ssh.c:1610
-- System Information:
Debian Release: bullseye/sid
APT prefers unreleased
APT policy: (500, 'unreleased'), (500, 'buildd-unstable'), (500, 'unstable'), (100, 'experimental')
Architecture: x32 (x86_64)
Foreign Architectures: i386, amd64
Kernel: Linux 5.4.0-4-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_FIRMWARE_WORKAROUND
Locale: LANG=C, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=C (charmap=UTF-8)
Shell: /bin/sh linked to /bin/lksh
Init: sysvinit (via /sbin/init)
Versions of packages openssh-client depends on:
ii adduser 3.118
ii dpkg 1.19.7
ii libc6 2.29-10
ii libedit2 3.1-20191231-1
ii libfido2-1 1.3.1-1
ii libgssapi-krb5-2 1.17-6
ii libselinux1 3.0-1
ii libssl1.1 1.1.1d-2
ii passwd 1:4.8.1-1
ii zlib1g 1:1.2.11.dfsg-2
Versions of packages openssh-client recommends:
ii xauth 1:1.0.10-1
Versions of packages openssh-client suggests:
pn keychain <none>
ii kwalletcli [ssh-askpass] 3.02-1
pn libpam-ssh <none>
pn monkeysphere <none>
-- Configuration Files:
/etc/ssh/ssh_config changed:
Include /etc/ssh/ssh_config.d/*.conf
Host *
VisualHostKey no
SendEnv LANG LC_*
HashKnownHosts no
GSSAPIAuthentication yes
ServerAliveCountMax 10000
ServerAliveInterval 600
HostKeyAlgorithms ssh-rsa,rsa-sha2-256
-- no debconf information
Reply to: