0.10.5 segfaults in ssh_poll_ctx_dopoll on s390x
The libssh 0.10.4 -> 0.10.5 update in Ubuntu is currently blocked on tests regressions on ppc64el and s390x. The problem is tracked on launchpad in https://bugs.launchpad.net/ubuntu/+source/libssh/+bug/2024064
I've poked at the issue on a s390x Ubuntu cloud instance
The test program used by the Debian/Ubuntu CI is https://salsa.debian.org/debian/libssh/-/blob/debian/debian/tests/mock-sshd.c
and it's run from that script https://salsa.debian.org/debian/libssh/-/blob/debian/debian/tests/libssh-server
Trying to run it manually and attaching gdb $ ./mock-sshd --user=bug --port 1234 -v
and then issuing the client cmd $ ssh -i test_rsa -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -p 1234 bug@localhost cat /etc/os-release
leads to this server segfault
Program received signal SIGSEGV, Segmentation fault.
0x000002aa02e02e84 in fd_data (fd=<error reading variable: Cannot access memory at address 0x3ffce57fe94>,
revents=<error reading variable: Cannot access memory at address 0x3ffce57fe90>,
user_data=<error reading variable: Cannot access memory at address 0x3ffce57fe88>) at mock-sshd.c:164
164 {
(gdb) bt
#0 0x000002aa02e02e84 in fd_data (fd=<error reading variable: Cannot access memory at address 0x3ffce57fe94>,
revents=<error reading variable: Cannot access memory at address 0x3ffce57fe90>,
user_data=<error reading variable: Cannot access memory at address 0x3ffce57fe88>) at mock-sshd.c:164
#1 0x000003ffa9b32128 in ssh_poll_ctx_dopoll (ctx=ctx@entry=0x2aa04d545a0, timeout=timeout@entry=-1)
at /usr/src/libssh-0.10.5-2/src/poll.c:736
#2 0x000003ffa9b33732 in ssh_handle_packets (session=session@entry=0x2aa04d54ae0, timeout=timeout@entry=-1)
at /usr/src/libssh-0.10.5-2/src/session.c:682
#3 0x000003ffa9b338e4 in ssh_handle_packets_termination (session=session@entry=0x2aa04d54ae0, timeout=<optimized out>,
fct=fct@entry=0x3ffa9b33d30 <ssh_flush_termination>, user=user@entry=0x2aa04d54ae0)
at /usr/src/libssh-0.10.5-2/src/session.c:751
#4 0x000003ffa9b33dc6 in ssh_blocking_flush (session=0x2aa04d54ae0, timeout=<optimized out>)
at /usr/src/libssh-0.10.5-2/src/session.c:550
#5 0x000003ffa9b1a0dc in ssh_channel_flush (channel=0x2aa04db9bd0) at /usr/src/libssh-0.10.5-2/src/channels.c:1433
#6 ssh_channel_send_eof (channel=0x2aa04db9bd0) at /usr/src/libssh-0.10.5-2/src/channels.c:1316
...