NetBSD Problem Report #38391
From kilbi@kilbi.de Wed Apr 9 10:56:13 2008
Return-Path: <kilbi@kilbi.de>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
by narn.NetBSD.org (Postfix) with ESMTP id 9F8FD63B293
for <gnats-bugs@gnats.NetBSD.org>; Wed, 9 Apr 2008 10:56:13 +0000 (UTC)
Message-Id: <20080409105549.1F42B13865@mail.kilbi.de>
Date: Wed, 9 Apr 2008 12:55:48 +0200 (MEST)
From: mk@kilbi.de
Reply-To: mk@kilbi.de
To: gnats-bugs@gnats.NetBSD.org
Subject: Recently imported OpenSSH 5.0 crashes cobalt kernel via its sshd binary
X-Send-Pr-Version: 3.95
>Number: 38391
>Category: kern
>Synopsis: Recently imported OpenSSH 5.0 crashes kernel via its sshd binary
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: mlelstv
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Wed Apr 09 11:00:00 +0000 2008
>Closed-Date: Thu Jun 05 05:22:21 +0000 2008
>Last-Modified: Tue Apr 14 09:05:11 +0000 2009
>Originator: Markus W Kilbinger
>Release: NetBSD 4.99.58
>Organization:
>Environment:
System: NetBSD qube 4.99.58 NetBSD 4.99.58 (QUBE) #0: Wed Apr 9 11:30:34 MEST 2008 kilbi@qie:/usr/src/sys/arch/cobalt/compile/QUBE cobalt
Architecture: mipsel
Machine: cobalt
>Description:
After updating my cobalt qube 2 to actual -current after
import of OpenSSH 5.0 I can reproducibly crash the machine by
trying to connect to its running new sshd daemon:
NetBSD 4.99.58 (QUBE) #0: Mon Apr 7 14:34:52 MEST 2008
root@qie:/usr/src/sys/arch/cobalt/compile/QUBE
Cobalt Qube 2
total memory = 256 MB
avail memory = 246 MB
[...]
NetBSD/cobalt (qube) (tty00)
login:
trap: address error (load or I-fetch) in kernel mode
status=0xfc03, cause=0x10, epc=0x8029c43c, vaddr=0x23
pid=1322 cmd=sshd usp=0x7fffcd78 ksp=0xcc993c80
Stopped in pid 1322.1 (sshd) at netbsd:mutex_enter: ll
t0,a0,0
db> bt
mutex_enter+0 (23,80238a70,1,0) ra 80238a98 sz 0
unp_discard+28 (23,80238a70,1,0) ra 80238cdc sz 32
unp_scan+ec (23,80238a70,1,0) ra 8023adb8 sz 48
uipc_usrreq+270 (23,80238a70,1,0) ra 80233898 sz 56
sosend+54c (813ac968,0,cc993e18,845e6900) ra 80237a10 sz 96
do_sys_sendmsg+360 (813ac968,0,cc993e18,845e6900) ra 80237b78 sz 192
sys_sendmsg+5c (813ac968,0,cc993e18,845e6900) ra 802a23d0 sz 80
syscall_plain+130 (813ac968,0,cc993e18,845e6900) ra 8029b4dc sz 80
mips3_SystemCall+bc (813ac968,0,cc993e18,845e6900) ra 7d75c720 sz 0
PC 0x7d75c720: not in kernel space
0+7d75c720 (813ac968,0,cc993e18,845e6900) ra 0 sz 0
User-level: pid 1322.1
db>
Kernel and userland are cross compiled on my i386 machine
using cpuflags '-mips2 -mtune=r5000' optimization (as usual).
Rebuilding everything from scratch does not solve/change this
problem on my qube.
My i386 machines kernel and userland based on the same source
tree do not show this problem, so it seems cobalt/mips(el)
sepcific.
What can a binary do to crash the kernel!?
Maybe some kind of a (formerly) hidden kernel bug is triggered
that way...
>How-To-Repeat:
Try to connect to a -current (after OpenSSH 5.0 import) cobalt
machine's sshd and see how it crashes.
>Fix:
Workaround: Reverting to an older sshd binary (and its still
existing libssh.7*):
$ /usr/sbin/sshd --version
sshd: unknown option -- -
OpenSSH_4.7 NetBSD_Secure_Shell-20071217, OpenSSL 0.9.8e 23 Feb 2007
made the machine accepting and running sshd connections
again/as before.
>Release-Note:
>Audit-Trail:
From: christos@zoulas.com (Christos Zoulas)
To: Nick Hudson <nick.hudson@dsl.pipex.com>, gnats-bugs@netbsd.org
Cc: port-cobalt-maintainer@netbsd.org, gnats-admin@netbsd.org,
netbsd-bugs@netbsd.org, Izumi Tsutsui <tsutsui@ceres.dti.ne.jp>
Subject: Re: port-cobalt/38391: Recently imported OpenSSH 5.0 crashes cobalt kernel via its sshd binary
Date: Mon, 14 Apr 2008 13:00:59 -0400
On Apr 14, 5:47pm, nick.hudson@dsl.pipex.com (Nick Hudson) wrote:
-- Subject: Re: port-cobalt/38391: Recently imported OpenSSH 5.0 crashes coba
| On Wednesday 09 April 2008 12:00:00 mk@kilbi.de wrote:
| > >Number: 38391
| > >Synopsis: Recently imported OpenSSH 5.0 crashes kernel via its sshd
| > trap: address error (load or I-fetch) in kernel mode
| > status=0xfc03, cause=0x10, epc=0x8029c43c, vaddr=0x23
|
| A similar unaligned and garbage lock address is seen on NetBSD/hp700.
I think it is file descriptor stuff. Try a Feb-15 kernel.
christos
From: Izumi Tsutsui <tsutsui@ceres.dti.ne.jp>
To: gnats-bugs@NetBSD.org
Cc: port-cobalt-maintainer@NetBSD.org, gnats-admin@NetBSD.org,
netbsd-bugs@NetBSD.org, tsutsui@ceres.dti.ne.jp
Subject: Re: port-cobalt/38391: Recently imported OpenSSH 5.0 crashes cobalt
kernel via its sshd binary
Date: Tue, 15 Apr 2008 01:02:31 +0900
> >Synopsis: Recently imported OpenSSH 5.0 crashes kernel via its sshd binary
> trap: address error (load or I-fetch) in kernel mode
> status=0xfc03, cause=0x10, epc=0x8029c43c, vaddr=0x23
> pid=1322 cmd=sshd usp=0x7fffcd78 ksp=0xcc993c80
> Stopped in pid 1322.1 (sshd) at netbsd:mutex_enter: ll
> t0,a0,0
This also happens on pmax emulated by gxemul (R3000 3max)
so it might be mips generic problem.
---
Izumi Tsutsui
From: Nick Hudson <nick.hudson@dsl.pipex.com>
To: gnats-bugs@netbsd.org
Cc: port-cobalt-maintainer@netbsd.org,
gnats-admin@netbsd.org,
netbsd-bugs@netbsd.org,
Izumi Tsutsui <tsutsui@ceres.dti.ne.jp>
Subject: Re: port-cobalt/38391: Recently imported OpenSSH 5.0 crashes cobalt kernel via its sshd binary
Date: Mon, 14 Apr 2008 17:47:01 +0100
On Wednesday 09 April 2008 12:00:00 mk@kilbi.de wrote:
> >Number: 38391
> >Synopsis: Recently imported OpenSSH 5.0 crashes kernel via its sshd
> trap: address error (load or I-fetch) in kernel mode
> status=0xfc03, cause=0x10, epc=0x8029c43c, vaddr=0x23
A similar unaligned and garbage lock address is seen on NetBSD/hp700.
Nick
From: Izumi Tsutsui <tsutsui@ceres.dti.ne.jp>
To: christos@zoulas.com
Cc: nick.hudson@dsl.pipex.com, gnats-bugs@NetBSD.org,
port-cobalt-maintainer@NetBSD.org, gnats-admin@NetBSD.org,
netbsd-bugs@NetBSD.org, tsutsui@ceres.dti.ne.jp
Subject: Re: port-cobalt/38391: Recently imported OpenSSH 5.0 crashes cobalt
kernel via its sshd binary
Date: Wed, 16 Apr 2008 00:41:28 +0900
christos@zoulas.com wrote:
> I think it is file descriptor stuff. Try a Feb-15 kernel.
On RaQ1, with userland fetched from NetBSD-daily/HEAD/200804080000Z,
today's (2008/04/15 ~14:40 UTC) kernel:
---
Enter passphrase for key '/home/tsutsui/.ssh/id_rsa':
trap: address error (load or I-fetch) in kernel mode
status=0xfc03, cause=0x10, epc=0x8028f7fc, vaddr=0x23
pid=596 cmd=sshd usp=0x7fffcdc0 ksp=0xc6889c88
Stopped in pid 596.1 (sshd) at netbsd:mutex_enter: ll t0,a0,0
db> tr
mutex_enter+0 (23,802403f0,1,0) ra 80240418 sz 0
unp_discard+28 (23,802403f0,1,0) ra 802405f0 sz 32
unp_scan+ec (23,802403f0,1,0) ra 80242498 sz 48
uipc_usrreq+210 (23,802403f0,1,0) ra 8023b7cc sz 56
sosend+4b8 (82daf138,0,c6889e18,83a76e00) ra 8023f3ec sz 88
do_sys_sendmsg+344 (82daf138,0,c6889e18,83a76e00) ra 8023f534 sz 192
sys_sendmsg+5c (82daf138,0,c6889e18,83a76e00) ra 80294d50 sz 80
syscall_plain+130 (82daf138,0,c6889e18,83a76e00) ra 8028e8fc sz 80
mips3_SystemCall+bc (82daf138,0,c6889e18,83a76e00) ra 7d72caf0 sz 0
PC 0x7d72caf0: not in kernel space
0+7d72caf0 (82daf138,0,c6889e18,83a76e00) ra 0 sz 0
User-level: pid 596.1
db>
---
2008/03/21 00:00:00 UTC kernel:
---
Enter passphrase for key '/home/tsutsui/.ssh/id_rsa':
trap: address error (load or I-fetch) in kernel mode
status=0xfc03, cause=0x10, epc=0x8028c03c, vaddr=0x3b
pid=563 cmd=sshd usp=0x7fffcdc0 ksp=0xc687bc80
Stopped in pid 563.1 (sshd) at netbsd:mutex_enter: ll t0,a0,0
db> tr
mutex_enter+0 (3b,8023c4f0,1,0) ra 8023c518 sz 0
unp_discard+28 (3b,8023c4f0,1,0) ra 8023c71c sz 32
unp_scan+ec (3b,8023c4f0,1,0) ra 8023e6d4 sz 48
uipc_usrreq+248 (3b,8023c4f0,1,0) ra 80236dd8 sz 56
sosend+4c8 (82610dc8,0,c687be18,83a8be00) ra 8023b09c sz 96
do_sys_sendmsg+350 (82610dc8,0,c687be18,83a8be00) ra 8023b22c sz 192
sys_sendmsg+5c (82610dc8,0,c687be18,83a8be00) ra 80291590 sz 80
syscall_plain+130 (82610dc8,0,c687be18,83a8be00) ra 8028b13c sz 80
mips3_SystemCall+bc (82610dc8,0,c687be18,83a8be00) ra 7d72caf0 sz 0
PC 0x7d72caf0: not in kernel space
0+7d72caf0 (82610dc8,0,c687be18,83a8be00) ra 0 sz 0
User-level: pid 563.1
db>
2008/02/15 00:00:00 UTC kernel:
---
Enter passphrase for key '/home/tsutsui/.ssh/id_rsa':
trap: address error (load or I-fetch) in kernel mode
status=0xfc03, cause=0x10, epc=0x8028ab8c, vaddr=0x3b
pid=596 cmd=sshd usp=0x7fffcdc0 ksp=0xc687bc80
Stopped in pid 596.1 (sshd) at netbsd:mutex_enter: ll t0,a0,0
db> tr
mutex_enter+0 (3b,8023b0c0,1,0) ra 8023b0e8 sz 0
unp_discard+28 (3b,8023b0c0,1,0) ra 8023b2ec sz 32
unp_scan+ec (3b,8023b0c0,1,0) ra 8023d2a4 sz 48
uipc_usrreq+248 (3b,8023b0c0,1,0) ra 802359d4 sz 56
sosend+4c8 (82609dc8,0,c687be18,83a8c500) ra 80239c6c sz 96
do_sys_sendmsg+350 (82609dc8,0,c687be18,83a8c500) ra 80239dfc sz 192
sys_sendmsg+5c (82609dc8,0,c687be18,83a8c500) ra 802900e0 sz 80
syscall_plain+130 (82609dc8,0,c687be18,83a8c500) ra 80289c8c sz 80
mips3_SystemCall+bc (82609dc8,0,c687be18,83a8c500) ra 7d72caf0 sz 0
PC 0x7d72caf0: not in kernel space
0+7d72caf0 (82609dc8,0,c687be18,83a8c500) ra 0 sz 0
User-level: pid 596.1
db>
---
2008/01/01 00:00:00 UTC kernel:
---
Enter passphrase for key '/home/tsutsui/.ssh/id_rsa':
trap: address error (load or I-fetch) in kernel mode
status=0xfc03, cause=0x10, epc=0x802852ac, vaddr=0x43
pid=563 cmd=sshd usp=0x7fffbdc0 ksp=0xc6865c80
Stopped in pid 563.1 (sshd) at netbsd:mutex_enter: ll t0,a0,0
db> tr
mutex_enter+0 (43,80236b10,1,0) ra 80236b38 sz 0
unp_discard+28 (43,80236b10,1,0) ra 80236d3c sz 32
unp_scan+ec (43,80236b10,1,0) ra 80238d10 sz 48
uipc_usrreq+248 (43,80236b10,1,0) ra 80231254 sz 56
sosend+4c4 (82c24388,0,c6865e18,83a9a300) ra 802356bc sz 96
do_sys_sendmsg+350 (82c24388,0,c6865e18,83a9a300) ra 8023584c sz 192
sys_sendmsg+5c (82c24388,0,c6865e18,83a9a300) ra 8028a800 sz 80
syscall_plain+130 (82c24388,0,c6865e18,83a9a300) ra 802843ac sz 80
mips3_SystemCall+bc (82c24388,0,c6865e18,83a9a300) ra 7d72caf0 sz 0
PC 0x7d72caf0: not in kernel space
0+7d72caf0 (82c24388,0,c6865e18,83a9a300) ra 0 sz 0
User-level: pid 563.1
db>
---
Hmm...
---
Izumi Tsutsui
From: christos@zoulas.com (Christos Zoulas)
To: Izumi Tsutsui <tsutsui@ceres.dti.ne.jp>
Cc: nick.hudson@dsl.pipex.com, gnats-bugs@NetBSD.org,
port-cobalt-maintainer@NetBSD.org, gnats-admin@NetBSD.org,
netbsd-bugs@NetBSD.org
Subject: Re: port-cobalt/38391: Recently imported OpenSSH 5.0 crashes cobalt kernel via its sshd binary
Date: Tue, 15 Apr 2008 13:15:24 -0400
On Apr 16, 12:41am, tsutsui@ceres.dti.ne.jp (Izumi Tsutsui) wrote:
-- Subject: Re: port-cobalt/38391: Recently imported OpenSSH 5.0 crashes coba
| christos@zoulas.com wrote:
|
| > I think it is file descriptor stuff. Try a Feb-15 kernel.
|
| On RaQ1, with userland fetched from NetBSD-daily/HEAD/200804080000Z,
| today's (2008/04/15 ~14:40 UTC) kernel:
| ---
| Enter passphrase for key '/home/tsutsui/.ssh/id_rsa':
| trap: address error (load or I-fetch) in kernel mode
| status=0xfc03, cause=0x10, epc=0x8028f7fc, vaddr=0x23
| pid=596 cmd=sshd usp=0x7fffcdc0 ksp=0xc6889c88
| Stopped in pid 596.1 (sshd) at netbsd:mutex_enter: ll t0,a0,0
| db> tr
| mutex_enter+0 (23,802403f0,1,0) ra 80240418 sz 0
| unp_discard+28 (23,802403f0,1,0) ra 802405f0 sz 32
| unp_scan+ec (23,802403f0,1,0) ra 80242498 sz 48
| uipc_usrreq+210 (23,802403f0,1,0) ra 8023b7cc sz 56
| sosend+4b8 (82daf138,0,c6889e18,83a76e00) ra 8023f3ec sz 88
| do_sys_sendmsg+344 (82daf138,0,c6889e18,83a76e00) ra 8023f534 sz 192
| sys_sendmsg+5c (82daf138,0,c6889e18,83a76e00) ra 80294d50 sz 80
| syscall_plain+130 (82daf138,0,c6889e18,83a76e00) ra 8028e8fc sz 80
| mips3_SystemCall+bc (82daf138,0,c6889e18,83a76e00) ra 7d72caf0 sz 0
| PC 0x7d72caf0: not in kernel space
| 0+7d72caf0 (82daf138,0,c6889e18,83a76e00) ra 0 sz 0
| User-level: pid 596.1
| db>
| ---
|
| 2008/03/21 00:00:00 UTC kernel:
| ---
| Enter passphrase for key '/home/tsutsui/.ssh/id_rsa':
| trap: address error (load or I-fetch) in kernel mode
| status=0xfc03, cause=0x10, epc=0x8028c03c, vaddr=0x3b
| pid=563 cmd=sshd usp=0x7fffcdc0 ksp=0xc687bc80
| Stopped in pid 563.1 (sshd) at netbsd:mutex_enter: ll t0,a0,0
| db> tr
| mutex_enter+0 (3b,8023c4f0,1,0) ra 8023c518 sz 0
| unp_discard+28 (3b,8023c4f0,1,0) ra 8023c71c sz 32
| unp_scan+ec (3b,8023c4f0,1,0) ra 8023e6d4 sz 48
| uipc_usrreq+248 (3b,8023c4f0,1,0) ra 80236dd8 sz 56
| sosend+4c8 (82610dc8,0,c687be18,83a8be00) ra 8023b09c sz 96
| do_sys_sendmsg+350 (82610dc8,0,c687be18,83a8be00) ra 8023b22c sz 192
| sys_sendmsg+5c (82610dc8,0,c687be18,83a8be00) ra 80291590 sz 80
| syscall_plain+130 (82610dc8,0,c687be18,83a8be00) ra 8028b13c sz 80
| mips3_SystemCall+bc (82610dc8,0,c687be18,83a8be00) ra 7d72caf0 sz 0
| PC 0x7d72caf0: not in kernel space
| 0+7d72caf0 (82610dc8,0,c687be18,83a8be00) ra 0 sz 0
| User-level: pid 563.1
| db>
|
| 2008/02/15 00:00:00 UTC kernel:
| ---
| Enter passphrase for key '/home/tsutsui/.ssh/id_rsa':
| trap: address error (load or I-fetch) in kernel mode
| status=0xfc03, cause=0x10, epc=0x8028ab8c, vaddr=0x3b
| pid=596 cmd=sshd usp=0x7fffcdc0 ksp=0xc687bc80
| Stopped in pid 596.1 (sshd) at netbsd:mutex_enter: ll t0,a0,0
| db> tr
| mutex_enter+0 (3b,8023b0c0,1,0) ra 8023b0e8 sz 0
| unp_discard+28 (3b,8023b0c0,1,0) ra 8023b2ec sz 32
| unp_scan+ec (3b,8023b0c0,1,0) ra 8023d2a4 sz 48
| uipc_usrreq+248 (3b,8023b0c0,1,0) ra 802359d4 sz 56
| sosend+4c8 (82609dc8,0,c687be18,83a8c500) ra 80239c6c sz 96
| do_sys_sendmsg+350 (82609dc8,0,c687be18,83a8c500) ra 80239dfc sz 192
| sys_sendmsg+5c (82609dc8,0,c687be18,83a8c500) ra 802900e0 sz 80
| syscall_plain+130 (82609dc8,0,c687be18,83a8c500) ra 80289c8c sz 80
| mips3_SystemCall+bc (82609dc8,0,c687be18,83a8c500) ra 7d72caf0 sz 0
| PC 0x7d72caf0: not in kernel space
| 0+7d72caf0 (82609dc8,0,c687be18,83a8c500) ra 0 sz 0
| User-level: pid 596.1
| db>
| ---
|
| 2008/01/01 00:00:00 UTC kernel:
| ---
| Enter passphrase for key '/home/tsutsui/.ssh/id_rsa':
| trap: address error (load or I-fetch) in kernel mode
| status=0xfc03, cause=0x10, epc=0x802852ac, vaddr=0x43
| pid=563 cmd=sshd usp=0x7fffbdc0 ksp=0xc6865c80
| Stopped in pid 563.1 (sshd) at netbsd:mutex_enter: ll t0,a0,0
| db> tr
| mutex_enter+0 (43,80236b10,1,0) ra 80236b38 sz 0
| unp_discard+28 (43,80236b10,1,0) ra 80236d3c sz 32
| unp_scan+ec (43,80236b10,1,0) ra 80238d10 sz 48
| uipc_usrreq+248 (43,80236b10,1,0) ra 80231254 sz 56
| sosend+4c4 (82c24388,0,c6865e18,83a9a300) ra 802356bc sz 96
| do_sys_sendmsg+350 (82c24388,0,c6865e18,83a9a300) ra 8023584c sz 192
| sys_sendmsg+5c (82c24388,0,c6865e18,83a9a300) ra 8028a800 sz 80
| syscall_plain+130 (82c24388,0,c6865e18,83a9a300) ra 802843ac sz 80
| mips3_SystemCall+bc (82c24388,0,c6865e18,83a9a300) ra 7d72caf0 sz 0
| PC 0x7d72caf0: not in kernel space
| 0+7d72caf0 (82c24388,0,c6865e18,83a9a300) ra 0 sz 0
| User-level: pid 563.1
| db>
| ---
|
| Hmm...
Andy committed some fixes for unp_discard...
christos
From: Markus W Kilbinger <mk@kilbi.de>
To: gnats-bugs@NetBSD.org
Cc: port-cobalt-maintainer@netbsd.org,
gnats-admin@netbsd.org,
netbsd-bugs@netbsd.org
Subject: Re: port-cobalt/38391: Recently imported OpenSSH 5.0 crashes cobalt kernel via its sshd binary
Date: Wed, 16 Apr 2008 22:52:43 +0200
>>>>> "Christos" == Christos Zoulas <christos@zoulas.com> writes:
Christos> Andy committed some fixes for unp_discard...
An actual kernel of today (containing these fixes?) still shows the
same panic.
Markus.
From: Markus W Kilbinger <mk@kilbi.de>
To: gnats-bugs@NetBSD.org
Cc: port-cobalt-maintainer@netbsd.org,
gnats-admin@netbsd.org,
netbsd-bugs@netbsd.org,
port-mips@netbsd.org
Subject: Re: port-cobalt/38391: Recently imported OpenSSH 5.0 crashes cobalt
kernel via its sshd binary
Date: Fri, 18 Apr 2008 11:11:57 +0200
>>>>> "Izumi" == Izumi Tsutsui <tsutsui@ceres.dti.ne.jp> writes:
>> I think it is file descriptor stuff. Try a Feb-15 kernel.
Izumi> On RaQ1, with userland fetched from
Izumi> NetBSD-daily/HEAD/200804080000Z, today's (2008/04/15
Izumi> ~14:40 UTC) kernel:
Izumi> 2008/03/21 00:00:00 UTC kernel:
Izumi> 2008/02/15 00:00:00 UTC kernel:
Izumi> 2008/01/01 00:00:00 UTC kernel:
Izumi> ---
Izumi> Enter passphrase for key '/home/tsutsui/.ssh/id_rsa':
Izumi> trap: address error (load or I-fetch) in kernel mode
Izumi> [...]
Izumi> Hmm...
What about the other mips platforms? Do they see/show the same panic?
Maybe someone can test and speak up...
Markus.
Responsible-Changed-From-To: port-cobalt-maintainer->kern-bug-people
Responsible-Changed-By: skrll@NetBSD.org
Responsible-Changed-When: Fri, 18 Apr 2008 09:52:01 +0000
Responsible-Changed-Why:
Not cobalt specific
From: Izumi Tsutsui <tsutsui@ceres.dti.ne.jp>
To: mk@kilbi.de
Cc: gnats-bugs@NetBSD.org, port-cobalt-maintainer@NetBSD.org,
gnats-admin@NetBSD.org, netbsd-bugs@NetBSD.org, port-mips@NetBSD.org,
tsutsui@ceres.dti.ne.jp
Subject: Re: port-cobalt/38391: Recently imported OpenSSH 5.0 crashes cobaltkernel
via its sshd binary
Date: Fri, 18 Apr 2008 21:20:36 +0900
> What about the other mips platforms? Do they see/show the same panic?
It also happens on pmax (emulated by gxemul) and arc (R4400).
Nick also said hp700 had the similar lock corruptions.
So this might be an MI issue since kern_descrip.c has been
mutex(9)'fied.
---
Izumi Tsutsui
From: "Erik Bertelsen" <bertelsen.erik@gmail.com>
To: gnats-bugs@netbsd.org, current-users@netbsd.org
Cc: kern-bug-people@netbsd.org, port-cobalt-maintainer@netbsd.org,
netbsd-bugs@netbsd.org, gnats-admin@netbsd.org, skrll@netbsd.org,
mk@kilbi.de
Subject: Re: kern/38391 (Recently imported OpenSSH 5.0 crashes kernel via its sshd binary)
Date: Fri, 18 Apr 2008 21:45:16 +0200
2008/4/18, skrll@netbsd.org <skrll@netbsd.org>:
> Synopsis: Recently imported OpenSSH 5.0 crashes kernel via its sshd binary
>
> Responsible-Changed-From-To: port-cobalt-maintainer->kern-bug-people
> Responsible-Changed-By: skrll@NetBSD.org
> Responsible-Changed-When: Fri, 18 Apr 2008 09:52:01 +0000
> Responsible-Changed-Why:
> Not cobalt specific
>
>
>
>
From: "Erik Bertelsen" <bertelsen.erik@gmail.com>
To: gnats-bugs@netbsd.org
Cc: kern-bug-people@netbsd.org, port-cobalt-maintainer@netbsd.org,
netbsd-bugs@netbsd.org, gnats-admin@netbsd.org, skrll@netbsd.org,
mk@kilbi.de, current-users@netbsd.org
Subject: Re: kern/38391 (Recently imported OpenSSH 5.0 crashes kernel via its sshd binary)
Date: Fri, 18 Apr 2008 21:50:09 +0200
2008/4/18, skrll@netbsd.org <skrll@netbsd.org>:
> Synopsis: Recently imported OpenSSH 5.0 crashes kernel via its sshd binary
>
> Responsible-Changed-From-To: port-cobalt-maintainer->kern-bug-people
> Responsible-Changed-By: skrll@NetBSD.org
> Responsible-Changed-When: Fri, 18 Apr 2008 09:52:01 +0000
> Responsible-Changed-Why:
> Not cobalt specific
>
This may or may not be the same problem, but on a macppc with a dual
G4, I have for several days experienced the following when ssh'ing to
the maching (includning from itself):
trap: pid 16295.1 (sshd): kernel ALI trap @ 0x22 by 0x2c40ec (DSISR 0x140)
panic: trap
Stopped in pid 16295.1 (sshd) at netbsd:cpu_Debugger+0x10: lwz r
0,r1,0x14
The keyboard dies completely after pressing one key so I cannot get a traceback.
This still happens with the system built from current sources as of today.
- Erik
ps: sorry for the empty message sent a moment ago ...
From: Matt Fleming <mjf@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/38391 CVS commit: src/sys/kern
Date: Sat, 19 Apr 2008 22:26:52 +0000 (UTC)
Module Name: src
Committed By: mjf
Date: Sat Apr 19 22:26:52 UTC 2008
Modified Files:
src/sys/kern: uipc_usrreq.c
Log Message:
If cm->cmsg_len is not valid for unp_internalize do not use it to work out
where the data is in unp_scan.
Fixes PR/38391
To generate a diff of this commit:
cvs rdiff -r1.109 -r1.110 src/sys/kern/uipc_usrreq.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: Izumi Tsutsui <tsutsui@ceres.dti.ne.jp>
To: gnats-bugs@NetBSD.org
Cc: kern-bug-people@NetBSD.org, gnats-admin@NetBSD.org, mjf@NetBSD.org,
netbsd-bugs@NetBSD.org, mk@kilbi.de, tsutsui@ceres.dti.ne.jp
Subject: Re: PR/38391 CVS commit: src/sys/kern
Date: Sun, 20 Apr 2008 09:40:09 +0900
> Modified Files:
> src/sys/kern: uipc_usrreq.c
>
> Log Message:
> If cm->cmsg_len is not valid for unp_internalize do not use it to work out
> where the data is in unp_scan.
>
> Fixes PR/38391
Yes, kernel no longer crashes and sshd (without fix in PR/38396)
fails (properly?):
>> sshd[491]: error: mm_send_fd: sendmsg(7): Invalid argument
>> sshd[491]: fatal: mm_answer_pty: send fds failed
>> sshd[491]: error: close(s->ptymaster/0): Bad file descriptor
>> sshd[554]: error: mm_receive_fd: recvmsg: expected received 1 got 0
>> sshd[554]: fatal: mm_pty_allocate: receive fds failed
Should also this be pulled up to netbsd-4?
---
Izumi Tsutsui
From: "Erik Bertelsen" <bertelsen.erik@gmail.com>
To: gnats-bugs@netbsd.org
Cc:
Subject: Re: kern/38391 (Recently imported OpenSSH 5.0 crashes kernel via its sshd binary)
Date: Sun, 20 Apr 2008 13:47:13 +0200
2008/4/18, Erik Bertelsen <bertelsen.erik@gmail.com>:
> 2008/4/18, skrll@netbsd.org <skrll@netbsd.org>:
>
> > Synopsis: Recently imported OpenSSH 5.0 crashes kernel via its sshd binary
> >
> > Responsible-Changed-From-To: port-cobalt-maintainer->kern-bug-people
> > Responsible-Changed-By: skrll@NetBSD.org
> > Responsible-Changed-When: Fri, 18 Apr 2008 09:52:01 +0000
> > Responsible-Changed-Why:
> > Not cobalt specific
> >
>
>
> This may or may not be the same problem, but on a macppc with a dual
> G4, I have for several days experienced the following when ssh'ing to
> the maching (includning from itself):
>
> trap: pid 16295.1 (sshd): kernel ALI trap @ 0x22 by 0x2c40ec (DSISR 0x140)
> panic: trap
> Stopped in pid 16295.1 (sshd) at netbsd:cpu_Debugger+0x10: lwz r
> 0,r1,0x14
>
>
> The keyboard dies completely after pressing one key so I cannot get a traceback.
>
> This still happens with the system built from current sources as of today.
>
Yes, this was apparently the same problem as on other ports, at least
updating the kernel a few minutes ago including the change in
uipc_usrreq.c now avoids the kernel trap.
- Erik
From: Markus W Kilbinger <mk@kilbi.de>
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: PR/38391 CVS commit: src/sys/kern
Date: Sun, 27 Apr 2008 12:44:25 +0200
>>>>> "Matt" == Matt Fleming <mjf@netbsd.org> writes:
Matt> Module Name: src Committed By: mjf Date: Sat Apr 19
Matt> 22:26:52 UTC 2008
Matt> Modified Files:
Matt> src/sys/kern: uipc_usrreq.c
Matt> Log Message: If cm->cmsg_len is not valid for
Matt> unp_internalize do not use it to work out where the data is
Matt> in unp_scan.
Matt> Fixes PR/38391
I can confirm that this change fixes the problem for me (, too).
Thanks, Markus.
Responsible-Changed-From-To: kern-bug-people->mlelstv
Responsible-Changed-By: mlelstv@NetBSD.org
Responsible-Changed-When: Sat, 17 May 2008 07:58:51 +0000
Responsible-Changed-Why:
version 1.111 provides a correct fix. I'll ask for a pullup to netbsd-4.
From: Manuel Bouyer <bouyer@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/38391 CVS commit: [netbsd-4] src/sys/kern
Date: Sun, 25 May 2008 19:04:43 +0000 (UTC)
Module Name: src
Committed By: bouyer
Date: Sun May 25 19:04:43 UTC 2008
Modified Files:
src/sys/kern [netbsd-4]: uipc_usrreq.c
Log Message:
Pull up following revision(s) (requested by mlelstv in ticket #1151):
sys/kern/uipc_usrreq.c: revision 1.110, 1.111 via patch
If cm->cmsg_len is not valid for unp_internalize do not use it to work out
where the data is in unp_scan.
Fixes PR/38391
To generate a diff of this commit:
cvs rdiff -r1.94.2.1 -r1.94.2.2 src/sys/kern/uipc_usrreq.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
State-Changed-From-To: open->closed
State-Changed-By: mlelstv@NetBSD.org
State-Changed-When: Thu, 05 Jun 2008 05:22:21 +0000
State-Changed-Why:
fix is in -current and netbsd-4
From: Julian Coleman <jdc@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/38391 CVS commit: [netbsd-3] src/sys/kern
Date: Tue, 14 Apr 2009 09:02:26 +0000
Module Name: src
Committed By: jdc
Date: Tue Apr 14 09:02:25 UTC 2009
Modified Files:
src/sys/kern [netbsd-3]: uipc_usrreq.c
Log Message:
Apply patch (requested by mlelstv in ticket #2005):
Fix a problem with a failure path (see PR kern/38391).
To generate a diff of this commit:
cvs rdiff -u -r1.80.2.5 -r1.80.2.6 src/sys/kern/uipc_usrreq.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: Julian Coleman <jdc@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/38391 CVS commit: [netbsd-3-0] src/sys/kern
Date: Tue, 14 Apr 2009 09:02:40 +0000
Module Name: src
Committed By: jdc
Date: Tue Apr 14 09:02:40 UTC 2009
Modified Files:
src/sys/kern [netbsd-3-0]: uipc_usrreq.c
Log Message:
Apply patch (requested by mlelstv in ticket #2005):
Fix a problem with a failure path (see PR kern/38391).
To generate a diff of this commit:
cvs rdiff -u -r1.80.2.1.2.3 -r1.80.2.1.2.4 src/sys/kern/uipc_usrreq.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: Julian Coleman <jdc@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/38391 CVS commit: [netbsd-3-1] src/sys/kern
Date: Tue, 14 Apr 2009 09:02:52 +0000
Module Name: src
Committed By: jdc
Date: Tue Apr 14 09:02:52 UTC 2009
Modified Files:
src/sys/kern [netbsd-3-1]: uipc_usrreq.c
Log Message:
Apply patch (requested by mlelstv in ticket #2005):
Fix a problem with a failure path (see PR kern/38391).
To generate a diff of this commit:
cvs rdiff -u -r1.80.2.2.2.3 -r1.80.2.2.2.4 src/sys/kern/uipc_usrreq.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
>Unformatted:
Can anyone who's been running into this crash on their machines please
try a kernel with uipc_usrreq.c 1.110
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.
Home