Re: Re: sshd refuses connections since upgrade to 2.4.0-1

Re: Re: sshd refuses connections since upgrade to 2.4.0-1

[Patrick Schmitt]

>> Hi!
>> 
>> Long time Cygwin user but first time error reporter to this mailing list.
>> Since upgrading my 32-bit Cygwin installation on Win7SP1 x64 from
>> 2.3.1-1 to the current 2.4.0-1 (and also 2.5.0-0.1 in my despair) I
>> can't connect to sshd running as a service anymore.
>> The service starts and spawns a child in order to handle the
>> connection request, but that fails even when connecting from
>> localhost.
>> I triaged the problem by trying snapshots between the two releases and
>> traced it to a change after 20151129:
>> cygwin1-20151129.dll works
>> cygwin1-20151203.dll fails
>> 
>> The sshd.log remains empty.
>> In order to create more information to go on I ran strace on the
>> parent (cyg_server spawned) sshd and tried to connect, the strace-log
>> (sshd_cygwin2.4.0_20160109) is attached together with a slightly
>> redacted cygcheck.out
>> 
>> Thanks for looking into this!
>> 
>> P.S. As can be seen from the strace I'm running Agnitum Outpost
>> Firewall Pro and the current EMET - both has never been a problem with
>> Cygwin's sshd (in this installation since May 2010).
>
>An "Access denied" error occurs, apparently in a Windows DLL while
>loading Windows DLLs.  It's hard to tell what the reason is, but what
>strikes me as weird is that the crash occurs right after this Agnitum
>thingy has been injected into the process:
>
>--- Process 17828 loaded C:\PROGRA~1\Agnitum\OUTPOS~1\wl_hook.dll at 10000000
>--- Process 17828 unloaded DLL at 10000000
>--- Process 17828 loaded C:\PROGRA~1\Agnitum\OUTPOS~1\wl_hook.dll at 01280000
>--- Process 17828 loaded C:\Windows\SysWOW64\shell32.dll at 762F0000
>--- Process 17828 loaded C:\Windows\SysWOW64\shlwapi.dll at 75DE0000
>--- Process 17828 thread 18284 exited with status 0xc0000022
>--- Process 17828 thread 18412 exited with status 0xc0000022
>--- Process 17828 thread 17624 exited with status 0xc0000022
>--- Process 17828 exited with status 0xc0000022
>154769 11583429 [waitproc] sshd 8404 pinfo::status_exit: *** STATUS_0xC0000022
>
>Did you try excluding sshd from the checks of that scanner?
>
>
>Corinna
>

After some debugging and playing with different settings in Microsoft's Enhanced Mitigation Experience Toolkit
( https://technet.microsoft.com/de-de/security/jj653751 )
I managed to determine the following as a "cause" for my sshd problems.
My firewall (Agnitum Outpost Firewall Pro) does not play any role.

With the current release version 5.2 of EMET on Win7SP1 x64 before cygwin1-20151203.dll:
All mitigations except ASR (Attack Surface Reduction) could be used (ASR is not needed).

Since cygwin1-20151203.dll: 
The following mitigations must be disabled for sshd to allow connections:
* EAF+ (Export Address Table Access Filtering Plus)
* Stack Pivot
But getting a shell still fails (connection closes before shell starts ?!).
For fully working sshd additionally the following mitigation must also be disabled:
* Sim Exec Flow (ROP Mitigation)

The question is what changes/new codepaths in cygwin1.dll trigger the three mitigations mentioned above since 20151203 ?

I would assume especially users in enterprise environments might suffer this "problem"...


P.S. I'm sorry for breaking threading, but apparently my freemail provider (gmx.net) does not allow sending email to addresses longer than 60 characters. 
The subscription confirmation addresses for the list (ezmlm) are at least in my case longer than that (here 88 chars) :(

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: Re: sshd refuses connections since upgrade to 2.4.0-1

[Corinna Vinschen]

[-- Attachment #1: Type: text/plain, Size: 2611 bytes --]

On Jan 29 17:05, Patrick Schmitt wrote:
> >> P.S. As can be seen from the strace I'm running Agnitum Outpost
> >> Firewall Pro and the current EMET - both has never been a problem with
> >> Cygwin's sshd (in this installation since May 2010).
> >
> >An "Access denied" error occurs, apparently in a Windows DLL while
> >loading Windows DLLs.  It's hard to tell what the reason is, but what
> >strikes me as weird is that the crash occurs right after this Agnitum
> >thingy has been injected into the process:
> >[...]
> >Did you try excluding sshd from the checks of that scanner?
> 
> After some debugging and playing with different settings in
> Microsoft's Enhanced Mitigation Experience Toolkit
> ( https://technet.microsoft.com/de-de/security/jj653751 )
> I managed to determine the following as a "cause" for my sshd problems.
> My firewall (Agnitum Outpost Firewall Pro) does not play any role.
> 
> With the current release version 5.2 of EMET on Win7SP1 x64 before
> cygwin1-20151203.dll: All mitigations except ASR (Attack Surface
> Reduction) could be used (ASR is not needed).
> 
> Since cygwin1-20151203.dll: 
> The following mitigations must be disabled for sshd to allow connections:
> * EAF+ (Export Address Table Access Filtering Plus)
> * Stack Pivot
> But getting a shell still fails (connection closes before shell starts
> ?!).  For fully working sshd additionally the following mitigation
> must also be disabled:
> * Sim Exec Flow (ROP Mitigation)
> 
> The question is what changes/new codepaths in cygwin1.dll trigger the
> three mitigations mentioned above since 20151203 ?

Well, I have no idea.  Cygwin is not doing anything weird (unless you
think everything Cygwin is doing to emulate a POSIX environment on
Windows is weird).  I took a quick glance over the changes between 11/29
and 12/03 and nothing catches my attention.  In fact, part of the
changes try to clean up code, e.g., using NtCurrentTeb() rather than
direct calls to "%fs:4" etc when accessing the TEB.  A lot of other
changes were only affecting 64 bit Cygwin (e.g., moving the main thread
stack to a Cygwin-defined address)

If you want to find out, feel free to use git blame on the Cygwin
sources.  But dependent on the outcome I give no guarantee that this can
be changed back.  You might want to excempt the Cygwin DLL from the
scanner if the scanner is not grok'ing that Cygwin is doing nothing bad.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]

Re: sshd refuses connections since upgrade to 2.4.0-1

[Achim Gratz]

Patrick Schmitt writes:
> P.S. I'm sorry for breaking threading, but apparently my freemail
> provider (gmx.net) does not allow sending email to addresses longer
> than 60 characters.  The subscription confirmation addresses for the
> list (ezmlm) are at least in my case longer than that (here 88 chars)
> :(

Then use gmane.org already.


Regards,
Achim.
-- 
+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+

Factory and User Sound Singles for Waldorf Q+, Q and microQ:
http://Synth.Stromeko.net/Downloads.html#WaldorfSounds

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: sshd refuses connections since upgrade to 2.4.0-1

[Corinna Vinschen]

[-- Attachment #1: Type: text/plain, Size: 2301 bytes --]

On Jan 28 19:56, prs_cygwin@quantentunnel.de wrote:
> Hi!
> 
> Long time Cygwin user but first time error reporter to this mailing list.
> Since upgrading my 32-bit Cygwin installation on Win7SP1 x64 from
> 2.3.1-1 to the current 2.4.0-1 (and also 2.5.0-0.1 in my despair) I
> can't connect to sshd running as a service anymore.
> The service starts and spawns a child in order to handle the
> connection request, but that fails even when connecting from
> localhost.
> I triaged the problem by trying snapshots between the two releases and
> traced it to a change after 20151129:
> cygwin1-20151129.dll works
> cygwin1-20151203.dll fails
> 
> The sshd.log remains empty.
> In order to create more information to go on I ran strace on the
> parent (cyg_server spawned) sshd and tried to connect, the strace-log
> (sshd_cygwin2.4.0_20160109) is attached together with a slightly
> redacted cygcheck.out
> 
> Thanks for looking into this!
> 
> P.S. As can be seen from the strace I'm running Agnitum Outpost
> Firewall Pro and the current EMET - both has never been a problem with
> Cygwin's sshd (in this installation since May 2010).

An "Access denied" error occurs, apparently in a Windows DLL while
loading Windows DLLs.  It's hard to tell what the reason is, but what
strikes me as weird is that the crash occurs right after this Agnitum
thingy has been injected into the process:

--- Process 17828 loaded C:\PROGRA~1\Agnitum\OUTPOS~1\wl_hook.dll at 10000000
--- Process 17828 unloaded DLL at 10000000
--- Process 17828 loaded C:\PROGRA~1\Agnitum\OUTPOS~1\wl_hook.dll at 01280000
--- Process 17828 loaded C:\Windows\SysWOW64\shell32.dll at 762F0000
--- Process 17828 loaded C:\Windows\SysWOW64\shlwapi.dll at 75DE0000
--- Process 17828 thread 18284 exited with status 0xc0000022
--- Process 17828 thread 18412 exited with status 0xc0000022
--- Process 17828 thread 17624 exited with status 0xc0000022
--- Process 17828 exited with status 0xc0000022
154769 11583429 [waitproc] sshd 8404 pinfo::status_exit: *** STATUS_0xC0000022

Did you try excluding sshd from the checks of that scanner?


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]

sshd refuses connections since upgrade to 2.4.0-1

[prs_cygwin]

[-- Attachment #1: Type: text/plain, Size: 1033 bytes --]

Hi!

Long time Cygwin user but first time error reporter to this mailing list.
Since upgrading my 32-bit Cygwin installation on Win7SP1 x64 from 2.3.1-1 to the current 2.4.0-1 (and also 2.5.0-0.1 in my despair) I can't connect to sshd running as a service anymore.
The service starts and spawns a child in order to handle the connection request, but that fails even when connecting from localhost.
I triaged the problem by trying snapshots between the two releases and traced it to a change after 20151129:
cygwin1-20151129.dll works
cygwin1-20151203.dll fails

The sshd.log remains empty.
In order to create more information to go on I ran strace on the parent (cyg_server spawned) sshd and tried to connect, the strace-log (sshd_cygwin2.4.0_20160109) is attached together with a slightly redacted cygcheck.out

Thanks for looking into this!

P.S. As can be seen from the strace I'm running Agnitum Outpost Firewall Pro and the current EMET - both has never been a problem with Cygwin's sshd (in this installation since May 2010).


[-- Attachment #2: cygcheck_prs.out --]
[-- Type: application/octet-stream, Size: 86408 bytes --]

[-- Attachment #3: sshd_cygwin2.4.0_20160109 --]
[-- Type: application/octet-stream, Size: 37469 bytes --]

--- Process 11820 created
--- Process 11820 loaded C:\Windows\SysWOW64\ntdll.dll at 774A0000
--- Process 11820 thread 16432 created
--- Process 11820 thread 10784 created
--- Process 11820 thread 11368 created
--- Process 11820 thread 16468 created
--- Process 11820 thread 16960 created
--- Process 11820 thread 1692 created
--- Process 11820 thread 12112 created
--- Process 11820 thread 11952 created
--- Process 11820 thread 10128 created
--- Process 11820 loaded C:\Windows\SysWOW64\kernel32.dll at 76F90000
--- Process 11820 loaded C:\Windows\SysWOW64\KernelBase.dll at 75340000
--- Process 11820 loaded C:\cygwin\bin\cygcrypt-0.dll at 696A0000
--- Process 11820 loaded C:\cygwin\bin\cygwin1.dll at 61000000
--- Process 11820 loaded C:\cygwin\bin\cygcrypto-1.0.0.dll at 69310000
--- Process 11820 loaded C:\cygwin\bin\cygz.dll at 62FD0000
--- Process 11820 loaded C:\cygwin\bin\cyggcc_s-1.dll at 68AC0000
--- Process 11820 loaded C:\cygwin\bin\cyggssapi_krb5-2.dll at 67370000
--- Process 11820 loaded C:\cygwin\bin\cygk5crypto-3.dll at 65620000
--- Process 11820 loaded C:\cygwin\bin\cygkrb5support-0.dll at 654B0000
--- Process 11820 loaded C:\cygwin\bin\cygintl-8.dll at 65A20000
--- Process 11820 loaded C:\cygwin\bin\cygiconv-2.dll at 67020000
--- Process 11820 loaded C:\cygwin\bin\cygkrb5-3.dll at 654D0000
--- Process 11820 loaded C:\cygwin\bin\cygcom_err-2.dll at 696F0000
--- Process 11820 loaded C:\cygwin\bin\cygssp-0.dll at 63AF0000
--- Process 11820 loaded C:\Windows\SysWOW64\apphelp.dll at 73E20000
--- Process 11820 loaded C:\Windows\AppPatch\EMET.dll at 73470000
--- Process 11820 loaded C:\Windows\SysWOW64\msvcrt.dll at 754F0000
--- Process 11820 loaded C:\Windows\SysWOW64\advapi32.dll at 74EE0000
--- Process 11820 loaded C:\Windows\SysWOW64\sechost.dll at 75E60000
--- Process 11820 loaded C:\Windows\SysWOW64\rpcrt4.dll at 75F00000
--- Process 11820 loaded C:\Windows\SysWOW64\sspicli.dll at 74E00000
--- Process 11820 loaded C:\Windows\SysWOW64\cryptbase.dll at 74DF0000
--- Process 11820 loaded C:\Windows\SysWOW64\ws2_32.dll at 74E60000
--- Process 11820 loaded C:\Windows\SysWOW64\nsi.dll at 759F0000
--- Process 11820 loaded C:\Windows\SysWOW64\mswsock.dll at 74810000
--- Process 11820 loaded C:\Windows\SysWOW64\user32.dll at 75220000
--- Process 11820 loaded C:\Windows\SysWOW64\gdi32.dll at 76000000
--- Process 11820 loaded C:\Windows\SysWOW64\lpk.dll at 75640000
--- Process 11820 loaded C:\Windows\SysWOW64\usp10.dll at 74F90000
--- Process 11820 loaded C:\Windows\SysWOW64\imm32.dll at 76290000
--- Process 11820 loaded C:\Windows\SysWOW64\msctf.dll at 75150000
--- Process 11820 loaded C:\PROGRA~1\Agnitum\OUTPOS~1\wl_hook.dll at 01D70000
--- Process 11820 loaded C:\Windows\SysWOW64\shell32.dll at 762F0000
--- Process 11820 loaded C:\Windows\SysWOW64\shlwapi.dll at 75DE0000
--- Process 11820 loaded C:\Windows\SysWOW64\wship6.dll at 745D0000
--- Process 11820 loaded C:\Windows\SysWOW64\WSHTCPIP.DLL at 74800000
--- Process 11820 loaded C:\Windows\SysWOW64\netapi32.dll at 73EE0000
--- Process 11820 loaded C:\Windows\SysWOW64\netutils.dll at 73ED0000
--- Process 11820 loaded C:\Windows\SysWOW64\srvcli.dll at 73EB0000
--- Process 11820 loaded C:\Windows\SysWOW64\wkscli.dll at 73EA0000
--- Process 11820 loaded C:\Windows\SysWOW64\samcli.dll at 73E90000
--- Process 11820 loaded C:\Windows\SysWOW64\samlib.dll at 73E70000
--- Process 11820 thread 16092 created
--- Process 11820 thread 16092 exited with status 0x0
    2       2 [sig] sshd 8404 **********************************************
  239     241 [sig] sshd 8404 Program name: C:\cygwin\usr\sbin\sshd.exe (pid 8404, ppid 9160, windows pid 11820)
   61     302 [sig] sshd 8404 OS version:   Windows NT-6.1
   53     355 [sig] sshd 8404 **********************************************
1158341 1158696 [unknown (0x69C)] sshd 8404 _cygtls::remove: wait 0
--- Process 11820 thread 1692 exited with status 0x0
 2041 1160737 [unknown (0x4054)] sshd 8404 _cygtls::remove: wait 0
--- Process 11820 thread 16468 exited with status 0x0
9910795 11071532 [socksel] sshd 8404 peek_socket: read_ready: 1, write_ready: 0, except_ready: 0
48293 11119825 [socksel] sshd 8404 peek_socket: read_ready: 0, write_ready: 0, except_ready: 0
  167 11119992 [socksel] sshd 8404 thread_socket: leaving thread_socket
   78 11120070 [main] sshd 8404 select_stuff::wait: wait_ret 2, m = 3.  verifying
  390 11120460 [main] sshd 8404 select_stuff::wait: gotone 1
  279 11120739 [main] sshd 8404 select_stuff::wait: returning 0
   67 11120806 [main] sshd 8404 select: res 0
  154 11120960 [main] sshd 8404 peek_socket: read_ready: 1, write_ready: 0, except_ready: 0
  151 11121111 [main] sshd 8404 set_bits: me 0x80057988, testing fd 4 ()
   66 11121177 [main] sshd 8404 set_bits: ready 1
   87 11121264 [main] sshd 8404 peek_socket: read_ready: 0, write_ready: 0, except_ready: 0
  182 11121446 [main] sshd 8404 select_stuff::cleanup: calling cleanup routines
  122 11121568 [main] sshd 8404 socket_cleanup: si 0x800579B8 si->thread 0x611BDDB0
  231 11121799 [main] sshd 8404 socket_cleanup: returning
   57 11121856 [main] sshd 8404 socket_cleanup: si 0x0 si->thread 0x0
   74 11121930 [main] sshd 8404 select_stuff::destroy: deleting select records
  206 11122136 [main] sshd 8404 select_stuff::cleanup: calling cleanup routines
  105 11122241 [main] sshd 8404 select_stuff::destroy: deleting select records
   82 11122323 [main] sshd 8404 cygwin_select: 1 = select(7, 0x800578D8, 0x0, 0x0, 0x0)
  264 11122587 [main] sshd 8404 build_fh_pc: fh 0x6130EDE8, dev 001E0024
  184 11122771 [main] sshd 8404 fhandler_base::set_flags: flags 0x10002, supplied_bin 0x0
  701 11123472 [main] sshd 8404 fhandler_base::set_flags: O_TEXT/O_BINARY set in flags 0x10000
  203 11123675 [main] sshd 8404 fhandler_base::set_flags: filemode set to binary
  123 11123798 [main] sshd 8404 fdsock: fd 5, name '', soc 0x1F0
  559 11124357 [main] sshd 8404 fhandler_socket::accept4: res 5
  664 11125021 [main] sshd 8404 cygwin_accept: 5 = accept(4, 0x28C368, 0x28C308)
  384 11125405 [main] sshd 8404 fcntl64: fcntl(5, 3, ...)
  348 11125753 [main] sshd 8404 fhandler_base::fcntl: GETFL: 0x14002
  265 11126018 [main] sshd 8404 fcntl64: 81922 = fcntl(5, 3, 0x0)
  393 11126411 [main] sshd 8404 fcntl64: fcntl(5, 4, ...)
  277 11126688 [main] sshd 8404 fhandler_socket::ioctl: socket is now blocking
   83 11126771 [main] sshd 8404 fhandler_socket::ioctl: 0 = ioctl_socket(8004667E, 0x28C11C)
   77 11126848 [main] sshd 8404 fhandler_base::set_flags: flags 0x10002, supplied_bin 0x0
  106 11126954 [main] sshd 8404 fhandler_base::set_flags: O_TEXT/O_BINARY set in flags 0x10000
   73 11127027 [main] sshd 8404 fhandler_base::set_flags: filemode set to binary
   53 11127080 [main] sshd 8404 fcntl64: 0 = fcntl(5, 4, 0x10002)
   66 11127146 [main] sshd 8404 fhandler_pipe::create: name \\.\pipe\cygwin-c5e39b7a9d22bafb-11820-pipe-0x2, size 65536, mode PIPE_TYPE_MESSAGE
  316 11127462 [main] sshd 8404 fhandler_pipe::create: pipe read handle 0x240
  380 11127842 [main] sshd 8404 fhandler_pipe::create: CreateFile: name \\.\pipe\cygwin-c5e39b7a9d22bafb-11820-pipe-0x2
--- Process 11820, exception c0000005 at 734D5FD5
  962 11128804 [main] sshd 8404 fhandler_pipe::create: pipe write handle 0x2A0
  494 11129298 [main] sshd 8404 build_fh_pc: fh 0x6130EBB8, dev 000000C6
  305 11129603 [main] sshd 8404 build_fh_pc: fh 0x6130F468, dev 000000C5
   99 11129702 [main] sshd 8404 fhandler_base::set_flags: flags 0x10000, supplied_bin 0x0
   65 11129767 [main] sshd 8404 fhandler_base::set_flags: O_TEXT/O_BINARY set in flags 0x10000
  140 11129907 [main] sshd 8404 fhandler_base::set_flags: filemode set to binary
   62 11129969 [main] sshd 8404 fhandler_base::init: created new fhandler_base for handle 0x240, bin 1
   96 11130065 [main] sshd 8404 fhandler_base::set_flags: flags 0x10001, supplied_bin 0x0
  584 11130649 [main] sshd 8404 fhandler_base::set_flags: O_TEXT/O_BINARY set in flags 0x10000
  622 11131271 [main] sshd 8404 fhandler_base::set_flags: filemode set to binary
  317 11131588 [main] sshd 8404 fhandler_base::init: created new fhandler_base for handle 0x2A0, bin 1
  256 11131844 [main] sshd 8404 fhandler_pipe::create: 0 = pipe([0x6130EBB8, 0x6130F468], 65536, 0x10000)
  376 11132220 [main] sshd 8404 pipe: 0 = pipe([6, 7])
142602 11274822 [main] sshd 8404 build_fh_pc: fh 0x6130F260, dev 001E0079
  196 11275018 [main] sshd 8404 fhandler_base::set_flags: flags 0x10002, supplied_bin 0x0
  119 11275137 [main] sshd 8404 fhandler_base::set_flags: O_TEXT/O_BINARY set in flags 0x10000
  142 11275279 [main] sshd 8404 fhandler_base::set_flags: filemode set to binary
   82 11275361 [main] sshd 8404 fdsock: fd 8, name '', soc 0x260
  229 11275590 [main] sshd 8404 getpid: 8404 = getpid()
  122 11275712 [main] sshd 8404 build_fh_pc: fh 0x6130F018, dev 001E0079
  106 11275818 [main] sshd 8404 fhandler_base::set_flags: flags 0x10002, supplied_bin 0x0
  161 11275979 [main] sshd 8404 fhandler_base::set_flags: O_TEXT/O_BINARY set in flags 0x10000
   80 11276059 [main] sshd 8404 fhandler_base::set_flags: filemode set to binary
   62 11276121 [main] sshd 8404 fdsock: fd 9, name '', soc 0x29C
  178 11276299 [main] sshd 8404 getpid: 8404 = getpid()
  172 11276471 [main] sshd 8404 socketpair: 0 = socketpair(...)
  152 11276623 [main] sshd 8404 child_info::child_info: subproc_ready 0x27C
  180 11276803 [main] sshd 8404 fork: entering
 2667 11279470 [main] sshd 8404 sig_send: sendsig 0xA8, pid 8404, signal -40, its_me 1
  464 11279934 [main] sshd 8404 sig_send: wakeup 0x28C
  392 11280326 [main] sshd 8404 sig_send: Waiting for pack.wakeup 0x28C
  612 11280938 [sig] sshd 8404 wait_sig: signalling pack.wakeup 0x28C
  722 11281660 [main] sshd 8404 sig_send: returning 0x0 from sending signal -40
  621 11282281 [main] sshd 8404 frok::parent: priority class 32
--- Process 11820, exception c0000005 at 734D5FD5
 1435 11283716 [main] sshd 8404 frok::parent: stack - bottom 0x290000, top 0x28C0F0, addr 0x90000, guardsize 0x1000
  600 11284316 [main] sshd 8404 frok::parent: CreateProcessW (C:\cygwin\usr\sbin\sshd.exe, C:\cygwin\usr\sbin\sshd.exe, 0, 0, 1, 0x420, 0, 0, 0x28C08C, 0x28C060)
--- Process 11820 loaded C:\cygwin\usr\sbin\sshd.exe at 02260000
--- Process 11820 unloaded DLL at 02260000
--- Process 11820 loaded C:\cygwin\usr\sbin\sshd.exe at 02270000
--- Process 11820, exception 80000004 at 774D019E
--- Process 11820 unloaded DLL at 02270000
--- Process 11820, exception 80000004 at 774D019E
--- Process 11820, exception 80000004 at 774D019E
20469 11304785 [main] sshd 8404 frok::parent: forked pid 17828
  989 11305774 [main] sshd 8404 child_info::sync: n 2, waiting for subproc_ready(0x27C) and child process(0x2AC)
--- Process 17828 created
--- Process 17828 loaded C:\Windows\SysWOW64\ntdll.dll at 774A0000
--- Process 17828 unloaded DLL at 771A0000
--- Process 17828 unloaded DLL at 76F90000
--- Process 17828 unloaded DLL at 771A0000
--- Process 17828 unloaded DLL at 770A0000
--- Process 17828 loaded C:\Windows\SysWOW64\kernel32.dll at 76F90000
--- Process 17828 loaded C:\Windows\SysWOW64\KernelBase.dll at 75340000
--- Process 17828 loaded C:\cygwin\bin\cygcrypt-0.dll at 696A0000
--- Process 17828 loaded C:\cygwin\bin\cygwin1.dll at 61000000
--- Process 17828 loaded C:\cygwin\bin\cygcrypto-1.0.0.dll at 69310000
--- Process 17828 loaded C:\cygwin\bin\cygz.dll at 62FD0000
--- Process 17828 loaded C:\cygwin\bin\cyggcc_s-1.dll at 68AC0000
--- Process 17828 loaded C:\cygwin\bin\cyggssapi_krb5-2.dll at 67370000
--- Process 17828 loaded C:\cygwin\bin\cygk5crypto-3.dll at 65620000
--- Process 17828 loaded C:\cygwin\bin\cygkrb5support-0.dll at 654B0000
--- Process 17828 loaded C:\cygwin\bin\cygintl-8.dll at 65A20000
--- Process 17828 loaded C:\cygwin\bin\cygiconv-2.dll at 67020000
--- Process 17828 loaded C:\cygwin\bin\cygkrb5-3.dll at 654D0000
--- Process 17828 loaded C:\cygwin\bin\cygcom_err-2.dll at 696F0000
--- Process 17828 loaded C:\cygwin\bin\cygssp-0.dll at 63AF0000
--- Process 17828 loaded C:\Windows\SysWOW64\apphelp.dll at 73E20000
--- Process 17828 loaded C:\Windows\AppPatch\EMET.dll at 73470000
--- Process 17828 loaded C:\Windows\SysWOW64\msvcrt.dll at 754F0000
--- Process 17828 loaded C:\Windows\SysWOW64\advapi32.dll at 74EE0000
--- Process 17828 loaded C:\Windows\SysWOW64\sechost.dll at 75E60000
--- Process 17828 loaded C:\Windows\SysWOW64\rpcrt4.dll at 75F00000
--- Process 17828 loaded C:\Windows\SysWOW64\sspicli.dll at 74E00000
--- Process 17828 loaded C:\Windows\SysWOW64\cryptbase.dll at 74DF0000
--- Process 17828 thread 17624 created
    4       4 [main] sshd (17828) **********************************************
  346     350 [main] sshd (17828) Program name: C:\cygwin\usr\sbin\sshd.exe (windows pid 17828)
  173     523 [main] sshd (17828) OS version:   Windows NT-6.1
  148     671 [main] sshd (17828) **********************************************
  184     855 [main] sshd (17828) sigprocmask: 0 = sigprocmask (0, 0x0, 0x612CBB48)
  360    1215 [main] sshd 17828 child_copy: cygheap - hp 0x278 low 0x61304400, high 0x6130F700, res 1
   82    1297 [main] sshd 17828 child_copy: done
  158    1455 [main] sshd 17828 open_shared: name shared.5, n 5, shared 0x60FF0000 (wanted 0x60FF0000), h 0x8C, *m 6
  280    1735 [main] sshd 17828 user_heap_info::init: heap base 0x80000000, heap top 0x80090000, heap size 0x18000000 (402653184)
  318    2053 [main] sshd 17828 open_shared: name (null), n 1, shared 0x60FE0000 (wanted 0x60FE0000), h 0xC8, *m 6
  124    2177 [main] sshd 17828 user_info::create: opening user shared for '' at 0x60FE0000
  226    2403 [main] sshd 17828 user_info::create: user shared version AB1FCCE8
  259    2662 [main] sshd (17828) open_shared: name cygpid.17828, n 17828, shared 0x60FD0000 (wanted 0x60FD0000), h 0x94, *m 2
  193    2855 [main] sshd (17828) time: 1454002617 = time(0x0)
  202    3057 [main] sshd 17828 pinfo::thisproc: myself dwProcessId 17828
  183    3240 [main] sshd 17828 child_copy: dll data - hp 0x278 low 0x611B4000, high 0x611BD834, res 1
11369702 11372942 [main] sshd 17828 child_copy: dll bss - hp 0x278 low 0x61285000, high 0x612CE258, res 1
  592 11373534 [main] sshd 17828 child_copy: user heap - hp 0x278 low 0x80000000, high 0x80090000, res 1
  159 11373693 [main] sshd 17828 child_copy: done
  974 11374667 [main] sshd 17828 child_copy: data - hp 0x278 low 0x472000, high 0x4724E4, res 1
  218 11374885 [main] sshd 17828 child_copy: bss - hp 0x278 low 0x4B9000, high 0x4BE3D8, res 1
  200 11375085 [main] sshd 17828 child_copy: done
  162 11375247 [main] sshd 17828 fixup_mmaps_after_fork: succeeded
  210 11375457 [main] sshd 17828 fhandler_pipe::create: name \\.\pipe\cygwin-c5e39b7a9d22bafb-17828-sigwait, size 5412, mode PIPE_TYPE_MESSAGE
  298 11375755 [main] sshd 17828 fhandler_pipe::create: pipe read handle 0xA0
  115 11375870 [main] sshd 17828 fhandler_pipe::create: CreateFile: name \\.\pipe\cygwin-c5e39b7a9d22bafb-17828-sigwait
  238 11376108 [main] sshd 17828 fhandler_pipe::create: pipe write handle 0xA4
  228 11376336 [main] sshd 17828 dll_crt0_0: finished dll_crt0_0 initialization
--- Process 17828 thread 17424 created
 3604 11379940 [main] sshd 17828 sync_with_parent: signalling parent: after longjmp
  227 11380167 [sig] sshd 17828 wait_sig: entering ReadFile loop, my_readsig 0xA0, my_sendsig 0xA4
74404 11380178 [main] sshd 8404 child_info::sync: pid 17828, WFMO returned 0, exit_code 0x103, res 1
  121 11380288 [main] sshd 17828 child_info::ready: signalled 0x27C that I was ready
  252 11380430 [main] sshd 8404 open_shared: name cygpid.17828, n 17828, shared 0x1EE0000 (wanted 0x0), h 0x2A4, *m 6
  244 11380674 [main] sshd 8404 time: 1454002617 = time(0x0)
  401 11381075 [main] sshd 8404 proc_subproc: args: 1, 2670704
  804 11381879 [main] sshd 8404 pinfo::wait: created tracking thread for pid 17828, winpid 0x45A4, rd_proc_pipe 0x298
  244 11382123 [main] sshd 8404 proc_subproc: added pid 17828 to proc table, slot 0
  385 11382508 [main] sshd 8404 proc_subproc: returning 1
  337 11382845 [main] sshd 8404 frok::parent: child is alive (but stopped)
  469 11383314 [main] sshd 8404 child_copy: stack - hp 0x2AC low 0x28C0F0, high 0x290000, res 1
  536 11383850 [main] sshd 8404 child_copy: done
  385 11384235 [main] sshd 8404 frok::parent: copying data/bss of a linked dll
  447 11384682 [main] sshd 8404 child_copy: linked dll data - hp 0x2AC low 0x696A2000, high 0x696A23E4, res 1
11376 11396058 [main] sshd 8404 child_copy: linked dll bss - hp 0x2AC low 0x696A4000, high 0x696A4458, res 1
  730 11396788 [main] sshd 8404 child_copy: done
  545 11397333 [main] sshd 8404 frok::parent: copying data/bss of a linked dll
  441 11397774 [main] sshd 8404 child_copy: linked dll data - hp 0x2AC low 0x68AD6000, high 0x68AD6044, res 1
  257 11398031 [main] sshd 8404 child_copy: linked dll bss - hp 0x2AC low 0x68ADD000, high 0x68ADD148, res 1
  663 11398694 [main] sshd 8404 child_copy: done
  534 11399228 [main] sshd 8404 frok::parent: copying data/bss of a linked dll
  522 11399750 [main] sshd 8404 child_copy: linked dll data - hp 0x2AC low 0x62FDE000, high 0x62FDE084, res 1
  555 11400305 [main] sshd 8404 child_copy: linked dll bss - hp 0x2AC low 0x62FE7000, high 0x62FE711C, res 1
  448 11400753 [main] sshd 8404 child_copy: done
  275 11401028 [main] sshd 8404 frok::parent: copying data/bss of a linked dll
  493 11401521 [main] sshd 8404 child_copy: linked dll data - hp 0x2AC low 0x69461000, high 0x69467444, res 1
  207 11401728 [main] sshd 8404 child_copy: linked dll bss - hp 0x2AC low 0x694D9000, high 0x694DB330, res 1
  151 11401879 [main] sshd 8404 child_copy: done
  146 11402025 [main] sshd 8404 frok::parent: copying data/bss of a linked dll
  249 11402274 [main] sshd 8404 child_copy: linked dll data - hp 0x2AC low 0x67038000, high 0x67038044, res 1
  340 11402614 [main] sshd 8404 child_copy: linked dll bss - hp 0x2AC low 0x6711F000, high 0x6711F1D8, res 1
   72 11402686 [main] sshd 8404 child_copy: done
   59 11402745 [main] sshd 8404 frok::parent: copying data/bss of a linked dll
  129 11402874 [main] sshd 8404 child_copy: linked dll data - hp 0x2AC low 0x65A27000, high 0x65A27064, res 1
  130 11403004 [main] sshd 8404 child_copy: linked dll bss - hp 0x2AC low 0x65A2B000, high 0x65A2B1A0, res 1
   69 11403073 [main] sshd 8404 child_copy: done
   66 11403139 [main] sshd 8404 frok::parent: copying data/bss of a linked dll
  135 11403274 [main] sshd 8404 child_copy: linked dll data - hp 0x2AC low 0x654B7000, high 0x654B70C4, res 1
  486 11403760 [main] sshd 8404 child_copy: linked dll bss - hp 0x2AC low 0x654BC000, high 0x654BC158, res 1
  274 11404034 [main] sshd 8404 child_copy: done
  131 11404165 [main] sshd 8404 frok::parent: copying data/bss of a linked dll
  160 11404325 [main] sshd 8404 child_copy: linked dll data - hp 0x2AC low 0x6563E000, high 0x6563E064, res 1
  275 11404600 [main] sshd 8404 child_copy: linked dll bss - hp 0x2AC low 0x65650000, high 0x65651020, res 1
  485 11405085 [main] sshd 8404 child_copy: done
  482 11405567 [main] sshd 8404 frok::parent: copying data/bss of a linked dll
  233 11405800 [main] sshd 8404 child_copy: linked dll data - hp 0x2AC low 0x696F2000, high 0x696F2044, res 1
  454 11406254 [main] sshd 8404 child_copy: linked dll bss - hp 0x2AC low 0x696F6000, high 0x696F6138, res 1
  638 11406892 [main] sshd 8404 child_copy: done
  378 11407270 [main] sshd 8404 frok::parent: copying data/bss of a linked dll
  429 11407699 [main] sshd 8404 child_copy: linked dll data - hp 0x2AC low 0x65528000, high 0x65528A04, res 1
  235 11407934 [main] sshd 8404 child_copy: linked dll bss - hp 0x2AC low 0x65578000, high 0x65578158, res 1
  204 11408138 [main] sshd 8404 child_copy: done
   64 11408202 [main] sshd 8404 frok::parent: copying data/bss of a linked dll
  301 11408503 [main] sshd 8404 child_copy: linked dll data - hp 0x2AC low 0x673A0000, high 0x673A0524, res 1
  695 11409198 [main] sshd 8404 child_copy: linked dll bss - hp 0x2AC low 0x673B1000, high 0x673B1198, res 1
  443 11409641 [main] sshd 8404 child_copy: done
   94 11409735 [main] sshd 8404 frok::parent: copying data/bss of a linked dll
  161 11409896 [main] sshd 8404 child_copy: linked dll data - hp 0x2AC low 0x63AF2000, high 0x63AF2044, res 1
  156 11410052 [main] sshd 8404 child_copy: linked dll bss - hp 0x2AC low 0x63AF6000, high 0x63AF6118, res 1
   92 11410144 [main] sshd 8404 child_copy: done
   81 11410225 [main] sshd 8404 resume_child: signalled child
29947 11410235 [main] sshd 17828 sync_with_parent: awake
   73 11410298 [main] sshd 8404 child_info::sync: n 2, waiting for subproc_ready(0x27C) and child process(0x2AC)
   75 11410310 [main] sshd 17828 sync_with_parent: no problems
  138 11410448 [main] sshd 17828 frok::child: child is running.  pid 17828, ppid 8404, stack here 0x28C0E8
  169 11410617 [main] sshd 17828 frok::child: hParent 0x278, load_dlls 0
  115 11410732 [main] sshd 17828 dtable::fixup_after_fork: fd 3 ()
  166 11410898 [main] sshd 17828 fhandler_base::fork_fixup: handle 0x204 already opened
  275 11411173 [main] sshd 17828 fhandler_base::fork_fixup: handle 0x208 already opened
  260 11411433 [main] sshd 17828 fhandler_base::fixup_after_fork: inheriting '' from parent
  191 11411624 [main] sshd 17828 fhandler_base::fork_fixup: handle 0x180 already opened
  165 11411789 [main] sshd 17828 dtable::fixup_after_fork: fd 4 ()
  231 11412020 [main] sshd 17828 fhandler_base::fork_fixup: handle 0x218 already opened
  242 11412262 [main] sshd 17828 fhandler_base::fork_fixup: handle 0x21C already opened
  224 11412486 [main] sshd 17828 fhandler_base::fixup_after_fork: inheriting '' from parent
  204 11412690 [main] sshd 17828 fhandler_base::fork_fixup: handle 0x210 already opened
  213 11412903 [main] sshd 17828 dtable::fixup_after_fork: fd 5 ()
  207 11413110 [main] sshd 17828 fhandler_base::fork_fixup: handle 0x238 already opened
  226 11413336 [main] sshd 17828 fhandler_base::fork_fixup: handle 0x23C already opened
  327 11413663 [main] sshd 17828 fhandler_base::fixup_after_fork: inheriting '' from parent
  226 11413889 [main] sshd 17828 fhandler_base::fork_fixup: handle 0x1F0 already opened
  271 11414160 [main] sshd 17828 dtable::fixup_after_fork: fd 6 (/dev/fd/pipe:[6])
  238 11414398 [main] sshd 17828 fhandler_base::fixup_after_fork: inheriting '/dev/fd/pipe:[6]' from parent
  254 11414652 [main] sshd 17828 fhandler_base::fork_fixup: handle 0x240 already opened
   73 11414725 [main] sshd 17828 dtable::fixup_after_fork: fd 7 (pipe:[7])
  211 11414936 [main] sshd 17828 fhandler_base::fixup_after_fork: inheriting 'pipe:[7]' from parent
  279 11415215 [main] sshd 17828 fhandler_base::fork_fixup: handle 0x2A0 already opened
  212 11415427 [main] sshd 17828 dtable::fixup_after_fork: fd 8 ()
  183 11415610 [main] sshd 17828 fhandler_base::fork_fixup: handle 0x1DC already opened
   72 11415682 [main] sshd 17828 fhandler_base::fork_fixup: handle 0x26C already opened
   79 11415761 [main] sshd 17828 fhandler_base::fixup_after_fork: inheriting '' from parent
  221 11415982 [main] sshd 17828 fhandler_base::fork_fixup: handle 0x260 already opened
  213 11416195 [main] sshd 17828 dtable::fixup_after_fork: fd 9 ()
  209 11416404 [main] sshd 17828 fhandler_base::fork_fixup: handle 0x254 already opened
  277 11416681 [main] sshd 17828 fhandler_base::fork_fixup: handle 0x25C already opened
  135 11416816 [main] sshd 17828 fhandler_base::fixup_after_fork: inheriting '' from parent
   70 11416886 [main] sshd 17828 fhandler_base::fork_fixup: handle 0x29C already opened
   71 11416957 [main] sshd 17828 sync_with_parent: signalling parent: performed fork fixup
   75 11417032 [main] sshd 17828 child_info::ready: signalled 0x27C that I was ready
 6741 11417039 [main] sshd 8404 child_info::sync: pid 17828, WFMO returned 0, exit_code 0x103, res 1
  142 11417181 [main] sshd 8404 sig_send: sendsig 0xA8, pid 8404, signal -41, its_me 1
  232 11417413 [main] sshd 8404 sig_send: wakeup 0x28C
   85 11417498 [main] sshd 8404 sig_send: Waiting for pack.wakeup 0x28C
   93 11417591 [sig] sshd 8404 wait_sig: signalling pack.wakeup 0x28C
   88 11417679 [main] sshd 8404 sig_send: returning 0x0 from sending signal -41
  571 11418250 [main] sshd 8404 fork: 17828 = fork()
   61 11418311 [main] sshd 8404 close: close(7)
 1291 11418323 [main] sshd 17828 fork: 0 = fork()
   71 11418382 [main] sshd 8404 fhandler_base::close: closing 'pipe:[7]' handle 0x2A0
  104 11418427 [main] sshd 17828 close: close(6)
   83 11418465 [main] sshd 8404 close: 0 = close(7)
  121 11418548 [main] sshd 17828 fhandler_base::close: closing '/dev/fd/pipe:[6]' handle 0x240
   77 11418625 [main] sshd 17828 close: 0 = close(6)
  210 11418675 [main] sshd 8404 write: write(8, 0x28C217, 5)
   83 11418708 [main] sshd 17828 close: close(3)
  152 11418827 [main] sshd 8404 write: 5 = write(8, 0x28C217, 5)
  178 11419005 [main] sshd 8404 write: write(8, 0x80057040, 408)
  215 11419220 [main] sshd 8404 write: 408 = write(8, 0x80057040, 408)
--- Process 17828 loaded C:\Windows\SysWOW64\ws2_32.dll at 74E60000
  314 11419534 [main] sshd 8404 close: close(8)
--- Process 17828, exception 80000004 at 774D019E
  492 11420026 [main] sshd 8404 fhandler_socket::close: 0 = fhandler_socket::close()
  355 11420381 [main] sshd 8404 close: 0 = close(8)
  168 11420549 [main] sshd 8404 close: close(9)
   92 11420641 [main] sshd 8404 fhandler_socket::close: 0 = fhandler_socket::close()
  218 11420859 [main] sshd 8404 close: 0 = close(9)
   76 11420935 [main] sshd 8404 close: close(5)
   90 11421025 [main] sshd 8404 fhandler_socket::close: 0 = fhandler_socket::close()
   80 11421105 [main] sshd 8404 close: 0 = close(5)
  148 11421253 [main] sshd 8404 open: open(/dev/random, 0x40000)
   86 11421339 [main] sshd 8404 normalize_posix_path: src /dev/random
   71 11421410 [main] sshd 8404 normalize_posix_path: /dev/random = normalize_posix_path (/dev/random)
  135 11421545 [main] sshd 8404 mount_info::conv_to_win32_path: conv_to_win32_path (/dev/random)
   83 11421628 [main] sshd 8404 mount_info::conv_to_win32_path: src_path /dev/random, dst \Device\Null, flags 0x2, rc 0
   83 11421711 [main] sshd 8404 build_fh_pc: fh 0x6130EDE8, dev 00010008
   64 11421775 [main] sshd 8404 fhandler_base::open: (\Device\Null, 0x48000)
--- Process 17828 thread 18412 created
  147 11421922 [main] sshd 8404 fhandler_base::set_flags: flags 0x48000, supplied_bin 0x10000
   94 11422016 [main] sshd 8404 fhandler_base::set_flags: filemode set to text
   47 11422063 [main] sshd 8404 fhandler_base::open: 0x0 = NtCreateFile (0x1F0, 0x80100000, \Device\Null, io, NULL, 0x0, 0x7, 0x1, 0x4020, NULL, 0)
   65 11422128 [main] sshd 8404 fhandler_base::open: 1 = fhandler_base::open(\Device\Null, 0x48000)
   65 11422193 [main] sshd 8404 open: 5 = open(/dev/random, 0x48000)
   77 11422270 [main] sshd 8404 read: read(5, 0x28C1D4, 128) blocking
--- Process 17828 loaded C:\Windows\SysWOW64\wtsapi32.dll at 74120000
--- Process 17828 loaded C:\Windows\SysWOW64\winsta.dll at 741F0000
 3443 11425713 [main] sshd 8404 read: 128 = read(5, 0x28C1D4, 128)
   65 11425778 [main] sshd 8404 close: close(5)
   94 11425872 [main] sshd 8404 fhandler_base::close: closing '/dev/random' handle 0x1F0
  136 11426008 [main] sshd 8404 close: 0 = close(5)
   96 11426104 [main] sshd 8404 getpid: 8404 = getpid()
  418 11426522 [main] sshd 8404 getpid: 8404 = getpid()
  474 11426996 [main] sshd 8404 cygwin_select: select(7, 0x800578D8, 0x0, 0x0, 0x0)
   65 11427061 [main] sshd 8404 cygwin_select: to NULL, ms FFFFFFFF
  167 11427228 [main] sshd 8404 dtable::select_read:  fd 3
  221 11427449 [main] sshd 8404 dtable::select_read:  fd 4
  212 11427661 [main] sshd 8404 dtable::select_read: /dev/fd/pipe:[6] fd 6
   67 11427728 [main] sshd 8404 select: sel.always_ready 0
  351 11428079 [main] sshd 8404 start_thread_socket: stuff_start 0x28C194
  243 11428322 [main] sshd 8404 select_stuff::wait: m 4, ms 4294967295
   75 11428397 [socksel] sshd 8404 thread_socket: stuff_start 0x28C194, timeout 4294967295
  144 11428541 [socksel] sshd 8404 peek_socket: read_ready: 0, write_ready: 0, except_ready: 0
  119 11428660 [socksel] sshd 8404 peek_socket: read_ready: 0, write_ready: 0, except_ready: 0
--- Process 17828 loaded C:\Windows\SysWOW64\user32.dll at 75220000
--- Process 17828 loaded C:\Windows\SysWOW64\gdi32.dll at 76000000
--- Process 17828 loaded C:\Windows\SysWOW64\lpk.dll at 75640000
--- Process 17828 loaded C:\Windows\SysWOW64\usp10.dll at 74F90000
--- Process 17828 loaded C:\Windows\SysWOW64\imm32.dll at 76290000
--- Process 17828 loaded C:\Windows\SysWOW64\msctf.dll at 75150000
--- Process 17828 loaded C:\PROGRA~1\Agnitum\OUTPOS~1\wl_hook.dll at 10000000
--- Process 17828 unloaded DLL at 10000000
--- Process 17828 loaded C:\PROGRA~1\Agnitum\OUTPOS~1\wl_hook.dll at 01280000
--- Process 17828 loaded C:\Windows\SysWOW64\shell32.dll at 762F0000
--- Process 17828 loaded C:\Windows\SysWOW64\shlwapi.dll at 75DE0000
--- Process 17828 thread 18284 exited with status 0xc0000022
--- Process 17828 thread 18412 exited with status 0xc0000022
--- Process 17828 thread 17624 exited with status 0xc0000022
--- Process 17828 exited with status 0xc0000022
154769 11583429 [waitproc] sshd 8404 pinfo::status_exit: *** STATUS_0xC0000022
  814 11584243 [waitproc] sshd 8404 pinfo::maybe_set_exit_code_from_windows: pid 17828, exit value - old 0x0, windows 0xC0000022, cygwin 0x8007F00
   74 11584317 [waitproc] sshd 8404 sig_send: sendsig 0xA8, pid 8404, signal 20, its_me 1
   64 11584381 [waitproc] sshd 8404 sig_send: Not waiting for sigcomplete.  its_me 1 signal 20
   56 11584437 [waitproc] sshd 8404 sig_send: returning 0x0 from sending signal 20
   48 11584485 [sig] sshd 8404 sigpacket::process: signal 20 processing
   81 11584566 [sig] sshd 8404 init_cygheap::find_tls: sig 20
   62 11584628 [sig] sshd 8404 sigpacket::process: using tls 0x28CE64
  108 11584736 [waitproc] sshd 8404 proc_waiter: exiting wait thread for pid 17828
  114 11584850 [pipesel] sshd 8404 peek_pipe: read: /dev/fd/pipe:[6], n -1
  104 11584954 [sig] sshd 8404 sigpacket::process: signal 20, signal handler 0x401460
   43 11584997 [sig] sshd 8404 sigpacket::setup_handler: controlled interrupt. stackptr 0x28DD5C, stack 0x28DD58, stackptr[-1] 0x46FCD1
   40 11585037 [sig] sshd 8404 proc_subproc: args: 5, 1
   36 11585073 [sig] sshd 8404 proc_subproc: clear waiting threads
   37 11585110 [sig] sshd 8404 proc_subproc: finished clearing
   39 11585149 [sig] sshd 8404 proc_subproc: returning 1
   39 11585188 [sig] sshd 8404 _cygtls::interrupt_setup: armed signal_arrived 0x220, signal 20
   37 11585225 [sig] sshd 8404 sigpacket::setup_handler: signal 20 delivered
   43 11585268 [sig] sshd 8404 sigpacket::process: returning 1
   43 11585311 [sig] sshd 8404 proc_subproc: args: 5, 0
   43 11585354 [sig] sshd 8404 proc_subproc: looking for processes to reap, nprocs 1
   43 11585397 [sig] sshd 8404 proc_subproc: finished processing terminated/stopped child
   42 11585439 [sig] sshd 8404 proc_subproc: returning 1
   59 11585498 [main] sshd 8404 select_stuff::wait: wait_ret 0, m = 4.  verifying
  207 11585705 [main] sshd 8404 select_stuff::wait: signal received
   58 11585763 [main] sshd 8404 select_stuff::cleanup: calling cleanup routines
  113 11585876 [main] sshd 8404 socket_cleanup: si 0x800579F8 si->thread 0x611BDE10
  102 11585978 [socksel] sshd 8404 thread_socket: leaving thread_socket
  297 11586275 [main] sshd 8404 socket_cleanup: returning
   76 11586351 [main] sshd 8404 socket_cleanup: si 0x0 si->thread 0x0
   72 11586423 [main] sshd 8404 select_stuff::destroy: deleting select records
  289 11586712 [main] sshd 8404 set_process_mask_delta: oldmask 0, newmask 80000, deltamask 80000
  141 11586853 [main] sshd 8404 wait4: calling proc_subproc, pid -1, options 1
  181 11587034 [main] sshd 8404 proc_subproc: args: 6, 2678056
  134 11587168 [main] sshd 8404 proc_subproc: wval->pid -1, wval->options 1
  137 11587305 [main] sshd 8404 checkstate: nprocs 1
  273 11587578 [main] sshd 8404 stopped_or_terminated: considering pid 17828, pgid 8404, w->pid -1
  287 11587865 [main] sshd 8404 remove_proc: removing procs[0], pid 17828, nprocs 1
  287 11588152 [main] sshd 8404 checkstate: returning 1
  278 11588430 [main] sshd 8404 proc_subproc: released waiting thread
  172 11588602 [main] sshd 8404 proc_subproc: finished processing terminated/stopped child
   74 11588676 [main] sshd 8404 proc_subproc: returning 1
   62 11588738 [main] sshd 8404 wait4: 0 = cygwait (...)
   60 11588798 [main] sshd 8404 wait4: 17828 = wait4(-1, 0x7F00, 1, 0x0)
  117 11588915 [main] sshd 8404 wait4: calling proc_subproc, pid -1, options 1
   74 11588989 [main] sshd 8404 proc_subproc: args: 6, 2678056
   62 11589051 [main] sshd 8404 proc_subproc: wval->pid -1, wval->options 1
   85 11589136 [main] sshd 8404 checkstate: nprocs 0
10169 11599305 [main] sshd 8404 checkstate: no matching terminated children found
  720 11600025 [main] sshd 8404 checkstate: returning 0
  555 11600580 [main] sshd 8404 proc_subproc: waiting thread found no children
  272 11600852 [main] sshd 8404 proc_subproc: finished processing terminated/stopped child
  253 11601105 [main] sshd 8404 proc_subproc: returning 1
   95 11601200 [main] sshd 8404 __set_errno: pid_t wait4(int, int*, int, rusage*):91 setting errno 10
   70 11601270 [main] sshd 8404 wait4: -1 = wait4(-1, 0x0, 1, 0x0), errno 10
  381 11601651 [main] sshd 8404 sigaction_worker: signal 20, newact 0x0, oa 0x401460
  100 11601751 [main] sshd 8404 sigaction: 0 = sigaction(20, 0x0, 0x28BE20)
   72 11601823 [main] sshd 8404 set_signal_mask: setmask 80000, newmask 0, mask_bits 80000
  156 11601979 [main] sshd 8404 select_stuff::wait: returning -3
   83 11602062 [main] sshd 8404 select: res -3
  142 11602204 [main] sshd 8404 select_stuff::cleanup: calling cleanup routines
  139 11602343 [main] sshd 8404 select_stuff::destroy: deleting select records
  122 11602465 [main] sshd 8404 select_stuff::cleanup: calling cleanup routines
  122 11602587 [main] sshd 8404 select_stuff::destroy: deleting select records
   78 11602665 [main] sshd 8404 cygwin_select: -1 = select(7, 0x800578D8, 0x0, 0x0, 0x0), errno 4
 1262 11603927 [main] sshd 8404 cygwin_select: select(7, 0x800578D8, 0x0, 0x0, 0x0)
  547 11604474 [main] sshd 8404 cygwin_select: to NULL, ms FFFFFFFF
  336 11604810 [main] sshd 8404 dtable::select_read:  fd 3
  134 11604944 [main] sshd 8404 dtable::select_read:  fd 4
  206 11605150 [main] sshd 8404 dtable::select_read: /dev/fd/pipe:[6] fd 6
   85 11605235 [main] sshd 8404 select: sel.always_ready 0
  429 11605664 [main] sshd 8404 start_thread_socket: stuff_start 0x28C194
   85 11605749 [pipesel] sshd 8404 peek_pipe: read: /dev/fd/pipe:[6], n -1
  610 11606359 [socksel] sshd 8404 thread_socket: stuff_start 0x28C194, timeout 4294967295
  217 11606576 [main] sshd 8404 select_stuff::wait: m 4, ms 4294967295
   73 11606649 [socksel] sshd 8404 peek_socket: read_ready: 0, write_ready: 0, except_ready: 0
   67 11606716 [main] sshd 8404 select_stuff::wait: wait_ret 2, m = 4.  verifying
   94 11606810 [socksel] sshd 8404 peek_socket: read_ready: 0, write_ready: 0, except_ready: 0
  131 11606941 [main] sshd 8404 set_bits: me 0x800579B8, testing fd 6 (/dev/fd/pipe:[6])
  152 11607093 [main] sshd 8404 set_bits: ready 1
  151 11607244 [main] sshd 8404 select_stuff::wait: gotone 1
  166 11607410 [main] sshd 8404 select_stuff::wait: returning 0
  431 11607841 [main] sshd 8404 select: res 0
   78 11607919 [main] sshd 8404 peek_pipe: /dev/fd/pipe:[6], already ready for read
  100 11608019 [main] sshd 8404 set_bits: me 0x800579B8, testing fd 6 (/dev/fd/pipe:[6])
  119 11608138 [main] sshd 8404 set_bits: ready 1
   82 11608220 [main] sshd 8404 peek_socket: read_ready: 0, write_ready: 0, except_ready: 0
  170 11608390 [main] sshd 8404 peek_socket: read_ready: 0, write_ready: 0, except_ready: 0
   81 11608471 [main] sshd 8404 select_stuff::cleanup: calling cleanup routines
  284 11608755 [main] sshd 8404 socket_cleanup: si 0x800579F8 si->thread 0x611BDDE0
  311 11609066 [socksel] sshd 8404 thread_socket: leaving thread_socket
 1149 11610215 [main] sshd 8404 socket_cleanup: returning
   91 11610306 [main] sshd 8404 socket_cleanup: si 0x0 si->thread 0x0
   89 11610395 [main] sshd 8404 select_stuff::destroy: deleting select records
  961 11611356 [main] sshd 8404 select_stuff::cleanup: calling cleanup routines
  267 11611623 [main] sshd 8404 select_stuff::destroy: deleting select records
  248 11611871 [main] sshd 8404 cygwin_select: 1 = select(7, 0x800578D8, 0x0, 0x0, 0x0)
  381 11612252 [main] sshd 8404 close: close(6)
  370 11612622 [main] sshd 8404 fhandler_base::close: closing '/dev/fd/pipe:[6]' handle 0x240
  271 11612893 [main] sshd 8404 close: 0 = close(6)
  708 11613601 [main] sshd 8404 cygwin_select: select(7, 0x800578D8, 0x0, 0x0, 0x0)
  623 11614224 [main] sshd 8404 cygwin_select: to NULL, ms FFFFFFFF
  564 11614788 [main] sshd 8404 dtable::select_read:  fd 3
  131 11614919 [main] sshd 8404 dtable::select_read:  fd 4
   74 11614993 [main] sshd 8404 select: sel.always_ready 0
  220 11615213 [main] sshd 8404 start_thread_socket: stuff_start 0x28C194
  402 11615615 [socksel] sshd 8404 thread_socket: stuff_start 0x28C194, timeout 4294967295
   88 11615703 [main] sshd 8404 select_stuff::wait: m 3, ms 4294967295
   80 11615783 [socksel] sshd 8404 peek_socket: read_ready: 0, write_ready: 0, except_ready: 0
  122 11615905 [socksel] sshd 8404 peek_socket: read_ready: 0, write_ready: 0, except_ready: 0


[-- Attachment #4: Type: text/plain, Size: 218 bytes --]

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple