When there is a connectivity problem between the server and the client (network outage, server crash or reboot), the client indefinitely hangs. Trace: -> packet_write_wait(0xa8706c360, 0x0, 0x0, 0x0, 0x0, 0x600000) -> ssh_packet_write_wait(0xa870151e0, 0x0, 0x0, 0x0, 0x0, 0x600000) -> __addvdi3(0x4, 0x1, 0x0, 0x0, 0x0, 0x600000) <- __addvdi3() = 5 -> ssh_packet_write_poll(0xa870151e0, 0x0, 0x0, 0x2dc, 0x8, 0x101010101010101) -> sshbuf_len(0xa86ffc5d0, 0x0, 0x0, 0x2dc, 0x8, 0x101010101010101) <- sshbuf_len() = 80 -> sshbuf_ptr(0xa86ffc5d0, 0x0, 0x50, 0xf00, 0x8, 0x101010101010101) <- sshbuf_ptr() = 0xa87070ae0 -> roaming_write(0x4, 0xa87070ae0, 0x50, 0xffff80dc43363680, 0x8, 0x101010101010101) write(4, "1F {\004DB e iAC9399FA 8".., 80) Err#32 EPIPE Received signal #13, SIGPIPE [ignored] <- roaming_write() = -1 <- ssh_packet_write_poll() = 0xffffffe8 (SSH_ERR_SYSTEM_ERROR) -> sshbuf_len(0xa86ffc5d0, 0xa87070ae0, 0x20, 0x0, 0x8, 0x101010101010101) <- sshbuf_len() = 80 -> __addvdi3(0x4, 0x1, 0x50, 0xf00, 0x8, 0x101010101010101) <- __addvdi3() = 5 -> __addvdi3(0x4, 0x1, 0x10, 0x4, 0x8, 0x101010101010101) <- __addvdi3() = 5 pollsys(0xFFFF80DC433635E0, 1, 0x00000000, 0x00000000) (sleep) Here write fails with EPIPE, and roaming_write passes errno through. ssh_packet_write_poll returns SSH_ERR_SYSTEM_ERROR. But this error code is ignored in ssh_packet_write_wait. Successive select on broken pipe hangs forever. This looks to be a regression from 4509b5d4. Pre 4509b5d4 EPIPE in ssh_packet_write_poll resulted in immediate fatal. Post 4509b5d4 there is just one ignored error code.
Created attachment 2712 [details] Patch: check ssh_packet_write_poll return value in ssh_packet_write_wait
thanks, I applied a similar fix - ssh_packet_write_wait() should return error for any ssh_packet_write_poll() failure. This will be in OpenSSH 7.2
Close all resolved bugs after 7.3p1 release