Version-Release number of selected component: openssh-clients-8.0p1-5.fc30 Additional info: reporter: libreport-2.10.1 backtrace_rating: 4 cmdline: ssh 192.168.4.105 crash_function: k5_plugin_register executable: /usr/bin/ssh journald_cursor: s=828c2c95fedc40dbb2a024bf164df9d1;i=3c35c;b=e61305e641bb4b589a78a45863c105e2;m=ef37e4a2b;t=5915cb3333a19;x=5150fd8e4594bed5 kernel: 5.2.9-200.fc30.x86_64 rootdir: / runlevel: N 5 type: CCpp uid: 0 Truncated backtrace: Thread no. 1 (9 frames) #0 k5_plugin_register at plugin.c:456 #1 get_modules at hostrealm.c:105 #2 load_hostrealm_modules at hostrealm.c:105 #3 krb5_get_host_realm at hostrealm.c:370 #4 krb5_sname_to_principal at sn2princ.c:185 #5 krb5_gss_import_name at import_name.c:166 #6 gssint_import_internal_name at g_glue.c:400 #7 gss_init_sec_context at g_init_sec_context.c:167 #8 ??
Created attachment 1619526 [details] File: backtrace
Created attachment 1619527 [details] File: cgroup
Created attachment 1619528 [details] File: core_backtrace
Created attachment 1619529 [details] File: cpuinfo
Created attachment 1619530 [details] File: dso_list
Created attachment 1619531 [details] File: environ
Created attachment 1619532 [details] File: exploitable
Created attachment 1619533 [details] File: limits
Created attachment 1619534 [details] File: maps
Created attachment 1619535 [details] File: mountinfo
Created attachment 1619536 [details] File: open_fds
Created attachment 1619537 [details] File: proc_pid_status
Looks to me more like a crash inside of krb5 (which got called by openssh).
Agreed, it doesn't look like an openssh problem. But I don't see how it can crash there. The only unchecked deref is context->plugins[id], but I'm pretty sure that's set up at context creation time - maybe we've a corrupted context? Any chance of a coredump? If it's reproducible, can you reproduce under valgrind?