From owner-freebsd-security@freebsd.org Sun Apr 24 14:30:55 2016 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 812CBB1A4C6 for ; Sun, 24 Apr 2016 14:30:55 +0000 (UTC) (envelope-from rustamabd@gmail.com) Received: from mail-vk0-x234.google.com (mail-vk0-x234.google.com [IPv6:2607:f8b0:400c:c05::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 30830126D for ; Sun, 24 Apr 2016 14:30:55 +0000 (UTC) (envelope-from rustamabd@gmail.com) Received: by mail-vk0-x234.google.com with SMTP id t129so188062674vkg.2 for ; Sun, 24 Apr 2016 07:30:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to; bh=kVU14WDs3WFUDzdMrwhB5l/ASG9EqQrkqnWKVrwy/Ms=; b=Pebjm36dI07Qd/bynk/Kfhl36XCoeU9k845TcvLgPEh+XrkE0Dv+RE325OdzqaUOKl uUSjxwMrjudo1XZvV6GD373RO2xbapoYH0gJQKcK1cmaLXUIuOGSnQFU1VLgAJiSRa4H qpr3jOh+i1gXsf3+kakxp7r+yH+Lnl/yzFxdsPcq6+TQ0BMXP9uVxks4nhZyxDe3XhQh UnH3lBGSOO8e/eAPaXdcIg3sRPY9wEaS/slWQfEKOWXeMIxsjP/hFw+rhynGeNZEXmG4 1XsNcsoK3mYiJJxvv6Ow3AvoogJtWHuSDUixRsZ4RSoU+ae6BfK585veCPf1wvL7pe1c U10w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:date:message-id:subject:from:to; bh=kVU14WDs3WFUDzdMrwhB5l/ASG9EqQrkqnWKVrwy/Ms=; b=RRF9IHg6LT25gEW0pUXz1rXZlFyJbYrkfNx45OQL1VAZw95cIF1Wwe2zDAYuSKaa5U g5QYyoi1jufspE5Q5V+2VMLeNSGXirbSHUGVV63mdmcAm2ZJzJNUn23T7n51BHDaQLqA zEqwos0sl6TmaEnkGbHnnxnxemISN3AhmxnskCbzkekhJqcJfQgZgfesO/HRxaojgf6h VGsMooSfQrFeilwiWRHpeMIOnr3MzT+biiLI6AvCGEfMP+PW5o5CHnOLySD41/dwnZaw a9Ips6LSiE8trQgA84md4ynmpi9LBkq6QH3CFyL8Fm6jm7XhuLRLXEiCWea/v6kOPJd+ L6Wg== X-Gm-Message-State: AOPr4FXNvHwLWqHlFVZodby18Zlr/6CY6EHy4QOlckij24H8k0IDhldRfnJiIVBGy5L/S313DG4CtkQCjNdU8A== MIME-Version: 1.0 X-Received: by 10.31.108.90 with SMTP id h87mr17110053vkc.156.1461508254061; Sun, 24 Apr 2016 07:30:54 -0700 (PDT) Received: by 10.176.1.21 with HTTP; Sun, 24 Apr 2016 07:30:54 -0700 (PDT) Date: Sun, 24 Apr 2016 16:30:54 +0200 Message-ID: Subject: Signal 11 dumps in telnetd (freebsd 10.3 release) From: Rustam To: freebsd-security@freebsd.org Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.21 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 24 Apr 2016 14:30:55 -0000 I got a couple of dozen dumps in /usr/libexec/telnetd (signal 11), and I'm wondering what those could be. FreeBSD 10.3-RELEASE, built from source. Dump stack trace: telrcv+333 ttloop+7C doit+1687 main+64D Dump is at address 0x0000000000404713: .text:0004046E2 loc_4046E2: .text:0004046E2 test byte ptr cs:diagnostic, 10h ; jumptable 0004046DB cases 11,12 .text:0004046E9 jz short loc_4046F7 .text:0004046EB mov edi, offset fmt ; "td: recv IAC" .text:0004046F0 mov esi, ebx ; option .text:0004046F2 call printoption .text:0004046F7 loc_4046F7: .text:0004046F7 call ptyflush .text:0004046FC call init_termbuf .text:000404701 cmp ebx, 0F7h .text:000404707 mov eax, 6199D8h .text:00040470C cmovz rax, r14 .text:000404710 mov rax, [rax] .text:000404713 mov al, [rax] ; <========== Signal 11 HERE .text:000404715 cmp al, 0FFh .text:000404717 jz loc_40495A ; jumptable 0004046DB default case .text:00040471D mov rcx, cs:pfrontp .text:000404724 lea rdx, [rcx+1] .text:000404728 mov cs:pfrontp, rdx .text:00040472F mov [rcx], al .text:000404731 mov cs:telrcv_state, 0 .text:00040473B jmp loc_4049A0 Regards, Rustam