NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

port-cobalt/38391: Recently imported OpenSSH 5.0 crashes cobalt kernel via its sshd binary

>Number:         38391
>Category:       port-cobalt
>Synopsis:       Recently imported OpenSSH 5.0 crashes kernel via its sshd 
>binary
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    port-cobalt-maintainer
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Apr 09 11:00:00 +0000 2008
>Originator:     Markus W Kilbinger
>Release:        NetBSD 4.99.58
>Organization:
>Environment:
        
        
System: NetBSD qube 4.99.58 NetBSD 4.99.58 (QUBE) #0: Wed Apr 9 11:30:34 MEST 
2008 kilbi@qie:/usr/src/sys/arch/cobalt/compile/QUBE cobalt
Architecture: mipsel
Machine: cobalt
>Description:
        After updating my cobalt qube 2 to actual -current after
        import of OpenSSH 5.0 I can reproducibly crash the machine by
        trying to connect to its running new sshd daemon:

          NetBSD 4.99.58 (QUBE) #0: Mon Apr  7 14:34:52 MEST 2008
                  root@qie:/usr/src/sys/arch/cobalt/compile/QUBE
          Cobalt Qube 2
          total memory = 256 MB
          avail memory = 246 MB
          [...]
          NetBSD/cobalt (qube) (tty00)
          
          login:
          
          trap: address error (load or I-fetch) in kernel mode
          status=0xfc03, cause=0x10, epc=0x8029c43c, vaddr=0x23
          pid=1322 cmd=sshd usp=0x7fffcd78 ksp=0xcc993c80
          Stopped in pid 1322.1 (sshd) at netbsd:mutex_enter:     ll
          t0,a0,0
          db> bt
          mutex_enter+0 (23,80238a70,1,0) ra 80238a98 sz 0
          unp_discard+28 (23,80238a70,1,0) ra 80238cdc sz 32
          unp_scan+ec (23,80238a70,1,0) ra 8023adb8 sz 48
          uipc_usrreq+270 (23,80238a70,1,0) ra 80233898 sz 56
          sosend+54c (813ac968,0,cc993e18,845e6900) ra 80237a10 sz 96
          do_sys_sendmsg+360 (813ac968,0,cc993e18,845e6900) ra 80237b78 sz 192
          sys_sendmsg+5c (813ac968,0,cc993e18,845e6900) ra 802a23d0 sz 80
          syscall_plain+130 (813ac968,0,cc993e18,845e6900) ra 8029b4dc sz 80
          mips3_SystemCall+bc (813ac968,0,cc993e18,845e6900) ra 7d75c720 sz 0
          PC 0x7d75c720: not in kernel space
          0+7d75c720 (813ac968,0,cc993e18,845e6900) ra 0 sz 0
          User-level: pid 1322.1
          db> 

        Kernel and userland are cross compiled on my i386 machine
        using cpuflags '-mips2 -mtune=r5000' optimization (as usual).

        Rebuilding everything from scratch does not solve/change this
        problem on my qube.

        My i386 machines kernel and userland based on the same source
        tree do not show this problem, so it seems cobalt/mips(el)
        sepcific.

        What can a binary do to crash the kernel!?

        Maybe some kind of a (formerly) hidden kernel bug is triggered
        that way...
>How-To-Repeat:
        Try to connect to a -current (after OpenSSH 5.0 import) cobalt
        machine's sshd and see how it crashes.
>Fix:
        Workaround: Reverting to an older sshd binary (and its still
        existing libssh.7*):

          $ /usr/sbin/sshd --version
          sshd: unknown option -- -
          OpenSSH_4.7 NetBSD_Secure_Shell-20071217, OpenSSL 0.9.8e 23 Feb 2007

        made the machine accepting and running sshd connections
        again/as before.
Home | Main Index | Thread Index | Old Index