Subject: Crash in embedded system

Crash in embedded system

From: Mark Smith <>
Date: Mon, 14 Jun 2010 13:09:04 +0100

I've been puzzling over this and I think I need some assistance.

I have an embedded system that performs log rotation and backup overnight
(started at 3:30:04am in this case) which makes it impossible to debug
anything - although I can add messages and re-run (and wait!). I can't even
provide a code snippet that reproduces the problem since I can't make it
happen in my debug environment (same ssh server in both cases), but I've
attached the fragment I think may be the cause. I think this crash occurred
shortly after that at 3.30:33am - both server and client logs seem to agree.

I'm currently using 1.2.5, I haven't had time to test 1.2.6 yet, that's next
on my list. In the meantime I'm guessing it's something I'm doing wrong
since it seems to have my server banner in the packet buffer rather than a
packet length. I also believe it must have previously been connected based
on the state of the files and the fact that it had finished the rotation and
was flushing the files.

I've kept the coredump so if any other info would assist in working out
exactly what's gone wrong, just yell.

(gdb) bt
#0 0xb7683bbf in memcpy () from /lib/
#1 0xb7768998 in _libssh2_transport_read (session=0x805ff00)
    at transport.c:557
#2 0xb775b05e in _libssh2_packet_require (session=0x805ff00,
    packet_type=20 '\024', data=0x8064258, data_len=0x806425c, match_ofs=0,
    match_buf=0x0, match_len=0, state=0x80641a0) at packet.c:1047
#3 0xb7759e8f in libssh2_kex_exchange (session=0x805ff00, reexchange=0,
    key_state=0x806419c) at kex.c:1694
#4 0xb7760cff in libssh2_session_startup (session=0x805ff00, sock=4)
    at session.c:625
#5 0x0804a02c in do_connect () at sftp_backup.c:288
#6 0x0804a30b in flushfile (file=0) at sftp_backup.c:376
#7 0x0804cad1 in main (argc=Cannot access memory at address 0x8
) at sftp_backup.c:1367
(gdb) p session->packet
$3 = {
  buf = "SSH-2.0-OpenSSH_5.1p1 Debian-5avco0\r\n", '\0' <repeats 16346
  init = "\000\000\000\000", writeidx = 37, readidx = 5,
  packet_length = 1397966893, padding_length = 50, data_num = 0,
  total_num = 1397966892, payload = 0x0, wptr = 0x0, outbuf = 0x0,
  ototal_num = 0, odata = 0x0, olen = 0, osent = 0}

Extract from transport.c: (v1.2.5)
554: /* if there are bytes to copy that aren't decrypted, simply
555: copy them as-is to the target buffer */
556: if (numbytes > 0) {
557: memcpy(p->wptr, &p->buf[p->readidx], numbytes);

The server logged only the following messages at that time:

Jun 12 03:30:33 server sshd[7258]: Did not receive identification string
Jun 12 03:30:33 server sshd[7261]: Bad protocol version identification ''

Any assistance greatly received!

Mark Smith


Received on 2010-06-14