Bug#498678: locks up sshd processes

To: 498678@bugs.debian.org
Cc: 498678-submitter@bugs.debian.org
Subject: Bug#498678: locks up sshd processes
From: Peter Palfrader <weasel@debian.org>
Date: Mon, 15 Sep 2008 18:05:27 +0200
Message-id: <[🔎] 20080915160527.GT9633@anguilla.noreply.org>
Reply-to: Peter Palfrader <weasel@debian.org>, 498678@bugs.debian.org

Hi,

this bug is affecting debian.org machines in a serious way.

Sometimes sshd's privsep children do not reap their own children.  After
MaxStartup such children have been spawned sshd will not accept any new
connections.

root      3960  0.0  0.0   4932  1100 ?        Ss   Sep12   0:04 /usr/sbin/sshd
root     27129  0.0  0.0   7440  2728 ?        Ss   12:38   0:00  \_ sshd: debbugs [priv]
sshd     27130  0.0  0.0      0     0 ?        Z    12:38   0:00  |   \_ [sshd] <defunct>

the 27129 sshd is stuck here:

(gdb) bt
#0  0xf7c3acd9 in __lll_mutex_lock_wait () from /lib/tls/libc.so.6
#1  0xf7c2a73c in _L_mutex_lock_285 () from /lib/tls/libc.so.6
#2  0x3694a138 in ?? ()
#3  0x00000020 in ?? ()
#4  0x080cd008 in ?? ()
#5  0x00000400 in ?? ()
#6  0x0808df77 in __func__.12408 ()
#7  0xff94a55c in ?? ()
#8  0xff94a15c in ?? ()
#9  0x00000002 in ?? ()
#10 0xff94a968 in ?? ()
#11 0x08075afa in do_log (level=135057416, fmt=0x1 <Address 0x1 out of bounds>, args=0x20 <Address 0x20 out of bounds>) at ../log.c:364
#12 0x08075afa in do_log (level=SYSLOG_LEVEL_FATAL, fmt=0x8086ae4 "Timeout before authentication for %s", args=0xff94a9a4 "XÅ\r\b@\224ÿ") at ../log.c:364
#13 0x08075ec3 in sigdie (fmt=0x8086ae4 "Timeout before authentication for %s") at ../log.c:140
#14 0x0804ddc6 in grace_alarm_handler (sig=14) at ../sshd.c:317
#15 <signal handler called>
#16 0xf7c2ee3c in send () from /lib/tls/libc.so.6
#17 0xf7c2a3c2 in vsyslog () from /lib/tls/libc.so.6
#18 0xf7c2a672 in syslog () from /lib/tls/libc.so.6
#19 0x08075b0f in do_log (level=SYSLOG_LEVEL_INFO, fmt=0x808a150 "%s %s for %s%.100s from %.200s port %d%s", args=0xff94b5c4 "Ý\237\b\bIÃ\b\bnÛ\b\b\020_\r\bXÅ\r\b~€") at ../log.c:365
#20 0x08075e63 in logit (fmt=0x808a150 "%s %s for %s%.100s from %.200s port %d%s") at ../log.c:154
#21 0x08057280 in auth_log (authctxt=0x80d5928, authenticated=1, method=0x808c349 "publickey", info=0x808a86c " ssh2") at ../auth.c:246
#22 0x08062f3b in monitor_child_preauth (_authctxt=0x80d5928, pmonitor=0x80d5fc8) at ../monitor.c:365
#23 0x080508a8 in main (ac=2, av=<value optimized out>) at ../sshd.c:605


I don't know if this lockup condition is triggerable in a reliable way
by (local or remote and/or unauthenticated) users but even if not it
happened several times on rietz.d.o, requiring DSA intervention using
OOB access to the system.

This is really an issue that should be fixed for lenny (if present), and
maybe even for etch, still.

Cheers,
weasel
-- 
                           |  .''`.  ** Debian GNU/Linux **
      Peter Palfrader      | : :' :      The  universal
 http://www.palfrader.org/ | `. `'      Operating System
                           |   `-    http://www.debian.org/

Reply to:

Follow-Ups:
- Bug#498678: locks up sshd processes
  - From: Colin Watson <cjwatson@debian.org>

Prev by Date: Processed: severity of 498678 is important
Next by Date: Processed: severity of 498678 is grave, tagging 498678
Previous by thread: Processed: severity of 498678 is important
Next by thread: Bug#498678: locks up sshd processes
Index(es):
- Date
- Thread