> On Apr 10, 2023, at 7:24 AM, Darren Tucker <dtucker@xxxxxxxxxxx> wrote: > > On Mon, 10 Apr 2023 at 07:07, Peter Stuge <peter@xxxxxxxx> wrote: >> >> Brian Candler wrote: >>>> What's odd is that the length is *always* 1231976033 (which is >>>> 0x496E7661 or "Inva" in ASCII). > > One thing that can cause this is if the libc writes to stderr (ie fd > 2) on some classes of error. This is something libc should probably > not do, since in things that are not simple command line tools (say, a > ssh daemon) may be using fd 2 for something else entirely. > >>> Could you get a tcpdump when this happens? >> >> Or debug output from at least the client (run ssh with -vvv) or >> preferably the server (run sshd with -ddd). > > That's probably not going to show it, but strace'ing either the client > or the server will probably capture the error message in full. > > Since you're using 9.1, the message could be an "Invalid free", since > there was a double-free bug in that release :-( > Forgot to ask: does this bug manifest at any particular time, or just connection initiation? Because I can see it happen on a connection that's been up for days... either idle or experiencing heavy traffic... etc. -Philip _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
