Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 16 Mar 2012 21:34:27 +0530
From: Dhiru Kholia <>
Subject: Re: SSH thread-safety

On Fri, Mar 16, 2012 at 5:16 AM, Solar Designer <> wrote:
> Dhiru, magnum, all -
> It was reported to me off-list that the "SSH" format in 1.7.9-jumbo-5
> crashes on self-test on a 64-way machine running RHEL 6.2 on x86-64.
> I managed to reproduce similar crashes on an 8-core machine by
> increasing OMP_NUM_THREADS:
> $ for n in {1..10000}; do OMP_NUM_THREADS=$n GOMP_SPINCOUNT=1000000 ./john -te -fo=ssh; done &> sshout
> *** glibc detected *** double free or corruption (!prev): 0x0000000013d9ac50 ***
> *** glibc detected *** realloc(): invalid next size: 0x0000000000ba0600 ***
> These crashes correspond to these thread counts:
> $ fgrep Aborted sshout
> Benchmarking: ssh [32/64]... (44xOMP) Aborted
> Benchmarking: ssh [32/64]... (202xOMP) Aborted

I tried to reproduce the problem on my 3-core machine. I don't see any
glibc errors (Aborted messages) but I do see some random segmentation
faults. I have done some cleanups in SSH format but so far I can
trigger the segfaults.

#0  0x00007f3e8017fbe5 in ?? () from /lib/x86_64-linux-gnu/
(gdb) bt
#0  0x00007f3e8017fbe5 in ?? () from /lib/x86_64-linux-gnu/
#1  0x00007f3e8018020c in lh_retrieve () from
#2  0x00007f3e80182c8e in ?? () from /lib/x86_64-linux-gnu/
CULPRIT ==> #3  0x00007f3e80183b41 in ERR_get_state () from
#4  0x00007f3e80184edf in ERR_put_error () from
PROBLEM HERE ==> #5  0x00007f3e801af771 in PEM_do_header () from
PROBLEM HERE ==> #6  0x0000000000467369 in crypt_all._omp_fn.0 () at
#7  0x00007f3e7f5d7eca in ?? () from /usr/lib/x86_64-linux-gnu/
#8  0x00007f3e7f3baefc in start_thread (arg=0x7f3e725f2700) at
#9  0x00007f3e7f0f589d in clone () at

PEM_do_header() runs into some problem (since it call ERR_put_error
function). According to the problem lies in
ERR_get_state being non-thread-safe. I will try adding the callbacks
to fix this (example is at

One thing I don't understand is how CRYPTO_num_locks() returns the
correct number of threads?


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.