On Sat, 25 Jan 2014, Damien Miller wrote: > On Fri, 24 Jan 2014, Hisashi T Fujinaka wrote: > >>>> I think I'm doing something wrong because I'm still stuck at the copy. >>>> Maybe I can get it to dump a core file. >> >> Duh. No wonder I was getting nothing. I was looking in the wrong directory. >> >> Here's what I have before the last patch. > > Right - we know it is hanging in poll because pfd.events is being > set incorrectly when -fstack-protector redirects the 'read' function. > Darren's patch should fix that by testing against write instead. > > If you are able to get gdb attached to each, then the following > info would help: > > The test that is running and, for each scp process (there are two, one > started from scp.sh and another from scp-ssh-wrapper.sh) via gdb: > > 'up' until you are in atomicio6() > print f > print read > print write > print pfd.events I may have done this incorrectly, but here's what I saw. ra:~/openssh > ps auxw | grep ssh root 773 0.0 0.0 57544 3012 ? Is 8:15PM 0:00.01 /usr/sbin/sshd root 780 0.0 0.1 76624 5952 ? Is 8:15PM 0:00.02 sshd: htodd [priv] htodd 1041 0.0 0.0 76624 4152 ? S 8:15PM 0:01.38 sshd: htodd at pts/0 (sshd) htodd 1045 0.0 0.0 19532 2452 ? Is 8:15PM 0:00.22 ssh-agent htodd 804 0.0 0.0 13304 1524 pts/1 I+ 5:35PM 0:00.00 sh /home/htodd/openssh/regress/test-exec.sh /home/htodd/openssh/reg htodd 8150 0.0 0.0 19344 2400 pts/1 I+ 5:35PM 0:00.00 /home/htodd/openssh/scp -q -S /home/htodd/openssh/regress/scp-ssh-w htodd 26374 0.0 0.0 19344 2364 pts/1 I+ 5:35PM 0:00.00 /home/htodd/openssh/scp -t /home/htodd/openssh/regress/copy htodd 21579 0.0 0.0 2240 48 pts/2 R+ 7:51PM 0:00.00 grep ssh htodd at mara:~/openssh > gdb ssh ssh ssh-agent ssh-keyscan ssh-pkcs11-helper ssh-add ssh-keygen ssh-keysign sshd htodd at mara:~/openssh > gdb ssh 8150 GNU gdb (GDB) 7.6.1 Copyright (C) 2013 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64--netbsd". For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>... Reading symbols from /home/htodd/openssh/ssh...done. Attaching to program: /home/htodd/openssh/ssh, process 8150 Reading symbols from /usr/libexec/ld.elf_so...Reading symbols from /usr/libdata/debug/libexec/ld.elf_so.debug...done. done. Loaded symbols for /usr/libexec/ld.elf_so 0x00007f7ff623b06a in .rtld_start () from /usr/libexec/ld.elf_so (gdb) up #1 0x0000000000407f6d in ssh_confirm_remote_forward (type=4203424, seq=<optimized out>, ctxt=0x6) at ssh.c:1230 1230 if (++remote_forward_confirms_received == options.num_remote_forwards) { (gdb) up #2 0x0000000000010000 in ?? () (gdb) up #3 0x0000000000000000 in ?? () (gdb) up Initial frame selected; you cannot go up. (gdb) down #2 0x0000000000010000 in ?? () (gdb) down #1 0x0000000000407f6d in ssh_confirm_remote_forward (type=4203424, seq=<optimized out>, ctxt=0x6) at ssh.c:1230 1230 if (++remote_forward_confirms_received == options.num_remote_forwards) { (gdb) print read Cannot access memory at address 0x43fe00 (gdb) print write $1 = {<text variable, no debug info>} 0x7f7ff624474a <write> (gdb) q A debugging session is active. Inferior 1 [process 8150] will be detached. Quit anyway? (y or n) y Detaching from program: /home/htodd/openssh/ssh, process 8150 htodd at mara:~/openssh > gdb ssh 26374 GNU gdb (GDB) 7.6.1 Copyright (C) 2013 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64--netbsd". For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>... Reading symbols from /home/htodd/openssh/ssh...done. Attaching to program: /home/htodd/openssh/ssh, process 26374 Reading symbols from /usr/libexec/ld.elf_so...Reading symbols from /usr/libdata/debug/libexec/ld.elf_so.debug...done. done. Loaded symbols for /usr/libexec/ld.elf_so 0x00007f7ff623b06a in .rtld_start () from /usr/libexec/ld.elf_so (gdb) up #1 0x0000000000407f6d in ssh_confirm_remote_forward (type=4204499, seq=<optimized out>, ctxt=0x0) at ssh.c:1230 1230 if (++remote_forward_confirms_received == options.num_remote_forwards) { (gdb) print read Cannot access memory at address 0x43fe00 (gdb) print write $1 = {<text variable, no debug info>} 0x7f7ff624474a <write> (gdb) print pfd.events No symbol "pfd" in current context. (gdb) q A debugging session is active. Inferior 1 [process 26374] will be detached. Quit anyway? (y or n) y Detaching from program: /home/htodd/openssh/ssh, process 26374 htodd at mara:~/openssh > -- Hisashi T Fujinaka - htodd at twofifty.com BSEE(6/86) + BSChem(3/95) + BAEnglish(8/95) + MSCS(8/03) + $2.50 = latte