Call for testing: OpenSSH-6.5

Hisashi T Fujinaka htodd at twofifty.com
Sat Jan 25 14:55:54 EST 2014 

On Sat, 25 Jan 2014, Damien Miller wrote:

> On Fri, 24 Jan 2014, Hisashi T Fujinaka wrote:
>
>>>> I think I'm doing something wrong because I'm still stuck at the copy.
>>>> Maybe I can get it to dump a core file.
>>
>> Duh. No wonder I was getting nothing. I was looking in the wrong directory.
>>
>> Here's what I have before the last patch.
>
> Right - we know it is hanging in poll because pfd.events is being
> set incorrectly when -fstack-protector redirects the 'read' function.
> Darren's patch should fix that by testing against write instead.
>
> If you are able to get gdb attached to each, then the following
> info would help:
>
> The test that is running and, for each scp process (there are two, one
> started from scp.sh and another from scp-ssh-wrapper.sh) via gdb:
>
> 'up' until you are in atomicio6()
> print f
> print read
> print write
> print pfd.events

I may have done this incorrectly, but here's what I saw.

ra:~/openssh > ps auxw | grep ssh
root      773  0.0  0.0  57544  3012 ?     Is    8:15PM 0:00.01 /usr/sbin/sshd
root      780  0.0  0.1  76624  5952 ?     Is    8:15PM 0:00.02 sshd: htodd [priv]
htodd    1041  0.0  0.0  76624  4152 ?     S     8:15PM 0:01.38 sshd: htodd at pts/0 (sshd)
htodd    1045  0.0  0.0  19532  2452 ?     Is    8:15PM 0:00.22 ssh-agent
htodd     804  0.0  0.0  13304  1524 pts/1 I+    5:35PM 0:00.00 sh /home/htodd/openssh/regress/test-exec.sh /home/htodd/openssh/reg
htodd    8150  0.0  0.0  19344  2400 pts/1 I+    5:35PM 0:00.00 /home/htodd/openssh/scp -q -S /home/htodd/openssh/regress/scp-ssh-w
htodd   26374  0.0  0.0  19344  2364 pts/1 I+    5:35PM 0:00.00 /home/htodd/openssh/scp -t /home/htodd/openssh/regress/copy
htodd   21579  0.0  0.0   2240    48 pts/2 R+    7:51PM 0:00.00 grep ssh
htodd at mara:~/openssh > gdb ssh
ssh               ssh-agent         ssh-keyscan       ssh-pkcs11-helper
ssh-add           ssh-keygen        ssh-keysign       sshd
htodd at mara:~/openssh > gdb ssh 8150
GNU gdb (GDB) 7.6.1
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64--netbsd".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /home/htodd/openssh/ssh...done.
Attaching to program: /home/htodd/openssh/ssh, process 8150
Reading symbols from /usr/libexec/ld.elf_so...Reading symbols from /usr/libdata/debug/libexec/ld.elf_so.debug...done.
done.
Loaded symbols for /usr/libexec/ld.elf_so
0x00007f7ff623b06a in .rtld_start () from /usr/libexec/ld.elf_so
(gdb) up
#1  0x0000000000407f6d in ssh_confirm_remote_forward (type=4203424, seq=<optimized out>, ctxt=0x6) at ssh.c:1230
1230            if (++remote_forward_confirms_received == options.num_remote_forwards) {
(gdb) up
#2  0x0000000000010000 in ?? ()
(gdb) up
#3  0x0000000000000000 in ?? ()
(gdb) up
Initial frame selected; you cannot go up.
(gdb) down
#2  0x0000000000010000 in ?? ()
(gdb) down
#1  0x0000000000407f6d in ssh_confirm_remote_forward (type=4203424, seq=<optimized out>, ctxt=0x6) at ssh.c:1230
1230            if (++remote_forward_confirms_received == options.num_remote_forwards) {
(gdb) print read
Cannot access memory at address 0x43fe00
(gdb) print write
$1 = {<text variable, no debug info>} 0x7f7ff624474a <write>
(gdb) q
A debugging session is active.

         Inferior 1 [process 8150] will be detached.

Quit anyway? (y or n) y
Detaching from program: /home/htodd/openssh/ssh, process 8150
htodd at mara:~/openssh > gdb ssh 26374
GNU gdb (GDB) 7.6.1
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64--netbsd".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /home/htodd/openssh/ssh...done.
Attaching to program: /home/htodd/openssh/ssh, process 26374
Reading symbols from /usr/libexec/ld.elf_so...Reading symbols from /usr/libdata/debug/libexec/ld.elf_so.debug...done.
done.
Loaded symbols for /usr/libexec/ld.elf_so
0x00007f7ff623b06a in .rtld_start () from /usr/libexec/ld.elf_so
(gdb) up
#1  0x0000000000407f6d in ssh_confirm_remote_forward (type=4204499, seq=<optimized out>, ctxt=0x0) at ssh.c:1230
1230            if (++remote_forward_confirms_received == options.num_remote_forwards) {
(gdb) print read
Cannot access memory at address 0x43fe00
(gdb) print write
$1 = {<text variable, no debug info>} 0x7f7ff624474a <write>
(gdb) print pfd.events
No symbol "pfd" in current context.
(gdb) q
A debugging session is active.

         Inferior 1 [process 26374] will be detached.

Quit anyway? (y or n) y
Detaching from program: /home/htodd/openssh/ssh, process 26374
htodd at mara:~/openssh >

-- 
Hisashi T Fujinaka - htodd at twofifty.com
BSEE(6/86) + BSChem(3/95) + BAEnglish(8/95) + MSCS(8/03) + $2.50 = latte

More information about the openssh-unix-dev mailing list