kern/85816: maxproc=1 in login.conf causes kernel panic when
logging into account via ssh
Robert Watson
rwatson at FreeBSD.org
Sat Nov 12 03:20:27 PST 2005
The following reply was made to PR kern/85816; it has been noted by GNATS.
From: Robert Watson <rwatson at FreeBSD.org>
To: Gleb Smirnoff <glebius at FreeBSD.org>
Cc: bug-followup at FreeBSD.org
Subject: Re: kern/85816: maxproc=1 in login.conf causes kernel panic when
logging into account via ssh
Date: Sat, 12 Nov 2005 11:14:49 +0000 (GMT)
On Wed, 14 Sep 2005, Gleb Smirnoff wrote:
> #8 0xc05743c3 in unp_discard (fp=0xc1ca6e58) at
> /usr/src/sys/kern/uipc_usrreq.c:1887
> No locals.
> #9 0xc0572b2b in unp_freerights (rp=0xc1b4ad28, fdcount=1)
> at /usr/src/sys/kern/uipc_usrreq.c:1272
> i = 0
> fp = (struct file *) 0x0
> #10 0xc0572df7 in unp_externalize (control=0xc1b4ad00, controlp=0xe1b7dc54)
> at /usr/src/sys/kern/uipc_usrreq.c:1321
> td = (struct thread *) 0xc1c597d0
> cm = (struct cmsghdr *) 0xc1b4ad18
> i = -1068065433
> fdp = (int *) 0xe1b7dbc8
> rp = (struct file **) 0xc1b4ad24
> fp = (struct file *) 0xc1c70000
> data = (void *) 0xc1c70000
> clen = 16
This coulid well be related to the UNIX domain socket garbage collector
bugs I fixed in HEAD a day or two ago. Could you try to reproduce this
with uipc_usrreq.c:1.159? Likely, sshd's privsep (or some related notion)
is resulting in closing of a UNIX domains socket while a descriptor is in
flight, which turns out to be broken in several revisions of 5.x and 6.x
(and with additional bugs in 4.x). I believe I've fixed most known bugs
in this code with the above mentioned revision, so it may now work better.
Robert N M Watson
More information about the freebsd-bugs
mailing list