[Bug 2469] New: ssh connection hangs indefinitely on EPIPE

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Fri Sep 18 19:22:36 AEST 2015 

https://bugzilla.mindrot.org/show_bug.cgi?id=2469

            Bug ID: 2469
           Summary: ssh connection hangs indefinitely on EPIPE
           Product: Portable OpenSSH
           Version: 7.1p1
          Hardware: All
                OS: Solaris
            Status: NEW
          Severity: major
          Priority: P5
         Component: ssh
          Assignee: unassigned-bugs at mindrot.org
          Reporter: tomas.kuthan at oracle.com

When there is a connectivity problem between the server and the client
(network outage, server crash or reboot), the client indefinitely
hangs.

Trace:
 -> packet_write_wait(0xa8706c360, 0x0, 0x0, 0x0, 0x0, 0x600000)
   -> ssh_packet_write_wait(0xa870151e0, 0x0, 0x0, 0x0, 0x0, 0x600000)
     -> __addvdi3(0x4, 0x1, 0x0, 0x0, 0x0, 0x600000)
     <- __addvdi3() = 5
     -> ssh_packet_write_poll(0xa870151e0, 0x0, 0x0, 0x2dc, 0x8,
                              0x101010101010101)    
       -> sshbuf_len(0xa86ffc5d0, 0x0, 0x0, 0x2dc, 0x8, 
                     0x101010101010101)
       <- sshbuf_len() = 80
       -> sshbuf_ptr(0xa86ffc5d0, 0x0, 0x50, 0xf00, 0x8, 
                     0x101010101010101)
       <- sshbuf_ptr() = 0xa87070ae0
       -> roaming_write(0x4, 0xa87070ae0, 0x50, 0xffff80dc43363680,
0x8,
                        0x101010101010101)
 write(4, "1F {\004DB e iAC9399FA 8".., 80)      Err#32 EPIPE
     Received signal #13, SIGPIPE [ignored]
       <- roaming_write() = -1
     <- ssh_packet_write_poll() = 0xffffffe8 (SSH_ERR_SYSTEM_ERROR)
     -> sshbuf_len(0xa86ffc5d0, 0xa87070ae0, 0x20, 0x0, 0x8,
                   0x101010101010101)
     <- sshbuf_len() = 80
     -> __addvdi3(0x4, 0x1, 0x50, 0xf00, 0x8, 0x101010101010101)
     <- __addvdi3() = 5
     -> __addvdi3(0x4, 0x1, 0x10, 0x4, 0x8, 0x101010101010101)
     <- __addvdi3() = 5
 pollsys(0xFFFF80DC433635E0, 1, 0x00000000, 0x00000000) (sleep)

Here write fails with EPIPE, and roaming_write passes errno through.
ssh_packet_write_poll returns SSH_ERR_SYSTEM_ERROR.
But this error code is ignored in ssh_packet_write_wait.
Successive select on broken pipe hangs forever.

This looks to be a regression from 4509b5d4.
Pre 4509b5d4 EPIPE in ssh_packet_write_poll resulted in immediate
fatal.
Post 4509b5d4 there is just one ignored error code.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

More information about the openssh-bugs mailing list