Bug#953035: openssh-client: SIGABRT with “corrupted size vs. prev_size”

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#953035: openssh-client: SIGABRT with “corrupted size vs. prev_size”
From: Thorsten Glaser <tg@mirbsd.de>
Date: Tue, 03 Mar 2020 17:30:09 +0100
Message-id: <[🔎] 158325300940.7077.12277464399526491581.reportbug@tglase.lan.tarent.de>
Reply-to: Thorsten Glaser <tg@mirbsd.de>, 953035@bugs.debian.org

Package: openssh-client
Version: 1:8.2p1-4
Severity: normal

An ssh session with port forwarding just crashed for me.

Backtrace:

(gdb) bt
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1  0xf7a75513 in __GI_abort () at abort.c:79
#2  0xf7acc82c in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0xf7bd4a3a "%s\n")
    at ../sysdeps/posix/libc_fatal.c:181
#3  0xf7ad2b38 in malloc_printerr (str=str@entry=0xf7bd2b56 "corrupted size vs. prev_size") at malloc.c:5366
#4  0xf7ad3325 in unlink_chunk (p=p@entry=0x57634968, av=0xf7c06880 <main_arena>) at malloc.c:1468
#5  0xf7ad460b in _int_free (av=<optimized out>, p=0x57634878, have_lock=<optimized out>) at malloc.c:4354
#6  0x565b7422 in channel_garbage_collect (c=0x57634880, ssh=0x576267d0) at ../../channels.c:2417
#7  channel_handler (ssh=ssh@entry=0x576267d0, table=table@entry=0, readset=<optimized out>,
    writeset=<optimized out>, unpause_secs=unpause_secs@entry=0xfff54ac8) at ../../channels.c:2464
#8  0x565b7f62 in channel_prepare_select (ssh=ssh@entry=0x576267d0, readsetp=readsetp@entry=0xfff54ab8,
    writesetp=writesetp@entry=0xfff54abc, maxfdp=maxfdp@entry=0xfff54ac0, nallocp=nallocp@entry=0xfff54ac4,
    minwait_secs=minwait_secs@entry=0xfff54ac8) at ../../channels.c:2523
#9  0x56595d35 in client_wait_until_can_do_something (rekeying=0, nallocp=0xfff54ac4, maxfdp=0xfff54ac0,
    writesetp=0xfff54abc, readsetp=0xfff54ab8, ssh=0x576267d0) at ../../clientloop.c:524
#10 client_loop (ssh=<optimized out>, have_pty=1, escape_char_arg=<optimized out>, ssh2_chan_id=<optimized out>)
    at ../../clientloop.c:1379
#11 0x56589c54 in ssh_session2 (pw=<optimized out>, pw=<optimized out>, ssh=0x576267d0) at ../../ssh.c:2077
#12 main (ac=<optimized out>, av=<optimized out>) at ../../ssh.c:1610


-- System Information:
Debian Release: bullseye/sid
  APT prefers unreleased
  APT policy: (500, 'unreleased'), (500, 'buildd-unstable'), (500, 'unstable'), (100, 'experimental')
Architecture: x32 (x86_64)
Foreign Architectures: i386, amd64

Kernel: Linux 5.4.0-4-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_FIRMWARE_WORKAROUND
Locale: LANG=C, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=C (charmap=UTF-8)
Shell: /bin/sh linked to /bin/lksh
Init: sysvinit (via /sbin/init)

Versions of packages openssh-client depends on:
ii  adduser           3.118
ii  dpkg              1.19.7
ii  libc6             2.29-10
ii  libedit2          3.1-20191231-1
ii  libfido2-1        1.3.1-1
ii  libgssapi-krb5-2  1.17-6
ii  libselinux1       3.0-1
ii  libssl1.1         1.1.1d-2
ii  passwd            1:4.8.1-1
ii  zlib1g            1:1.2.11.dfsg-2

Versions of packages openssh-client recommends:
ii  xauth  1:1.0.10-1

Versions of packages openssh-client suggests:
pn  keychain                  <none>
ii  kwalletcli [ssh-askpass]  3.02-1
pn  libpam-ssh                <none>
pn  monkeysphere              <none>

-- Configuration Files:
/etc/ssh/ssh_config changed:
Include /etc/ssh/ssh_config.d/*.conf
Host *
   VisualHostKey no
    SendEnv LANG LC_*
    HashKnownHosts no
    GSSAPIAuthentication yes
    ServerAliveCountMax 10000
    ServerAliveInterval 600
    HostKeyAlgorithms ssh-rsa,rsa-sha2-256


-- no debconf information

Reply to:

Next by Date: Bug#953080: create and store ssh private host keys in tpm?
Next by thread: Bug#953080: create and store ssh private host keys in tpm?
Index(es):
- Date
- Thread