SSH 5.8p1 hang in kernel mode / AIX 7.1
Flavien
flavien-ssh at lebarbe.net
Fri Mar 22 00:53:21 EST 2013
Hello,
The bug I'm triggering has been confirmed by IBM. They are currently
investigating it and we're waiting for a fix. The workaround they
proposed for now is to disable PKCS so that the buggy code is not
triggered.
Flavien.
> Hello,
>
>
> Replying to self, for the archives.
>
> This really looking like an AIX kernel bug that SSH is triggering
> somehow (once every 5000/6000 runs here on a test machine). We have
> an open issue with IBM on this. Here's the stack we got from kdb.
> It's related to CLiC (CryptoLite for C kernel, a kernel extension).
>
>
> Flavien.
>
> 0)> f
> pvthread+01A000 STACK:
> [F1000000C0339E84].RdTBR+000004 ()
> [F1000000C02F9D64]CLiC__trng+000104 (F1000102135279A8)
> [F1000000C02FA280]CLiC_rng_seed+0001A0 (F100010213527A80, 0000000000000000,
> 0000000000000014)
> [F1000000C02FA448]clic_ctxrng_init+000068 (F100010213527980, 0000000400000004)
> [F1000000C02FA74C]CLiC_context+00018C (F10001021355B550, 0000000200000002,
> 0000000400000004, F1000000C03C3A98, F1000000C03C3AB0)
> [F1000000C036D2E8]P11_CLiC_app_init+000108 (F10001021355B458, F00000002FF45FC8)
> [F1000000C02C5A9C]p11_init_crypto_ctx+00011C (F10001021355B458, F00000002FF45FC8)
> [F1000000C02C5F28]p11_acquire_context+000268 (00000000011E00DC, 0000000100000001,
> F00000002FF45FC8)
> [F1000000C02C567C]p11_dd_open+0000FC (8000002200000000, 0000000000000001,
> 000BB003000BB003, 0000000000000000)
> [00014D70].hkey_legacy_gate+00004C ()
> [005769C0]devcopen+000480 (??, ??, ??, ??, ??)
> [00576020]rdevopen+000140 (??, ??, ??, ??, ??)
> [007E2D90]mpx_open+000070 (F10001020FE0D5F0, 0000000100000001,
> 0000000000000000)
> [00753E7C]spec_open+0000FC (??, ??, ??, ??, ??)
> [005A44F8]vnop_open+0004F8 (??, ??, ??, ??, ??)
> [0063FEAC]openpnp+0006EC (??, ??, ??, ??, ??, ??, ??, ??)
> [0064056C]openpath+00028C (??, ??, ??, ??, ??, ??, ??, ??)
> [00640934]copen+000314 (FFFFFFFEFFFFFFFE, 00000000F084A164,
> 0000000000000000, 0000000800000008, 0000000000000000, F00000002FF47580)
> [0063F744]kopen+000024 (??, ??, ??)
> [0000386C]ovlya_addr_sc_flih_main+00014C ()
> [D0119A54]open+0000F4 (F084A164, 00000000, 00000008, 00000001,
> 11A000C5, 01A000C5, 00000000, F0731A54)
> [D232F934]C_Initialize+000394 (00000000)
> [D100DBAC]D100DBAC ()
> [D100BA18]D100BA18 ()
> [D100B9B0]D100B9B0 ()
> [D10109CC]D10109CC ()
> [D1009AEC]D1009AEC ()
> [10060334]ssh_SSLeay_add_all_algorithms+000014 ()
> [100032F0]main+001290 (00000001, 2FF22800)
> [100001E8]__start+000098 ()
>
>
>
> Flavien Lebarbe wrote :
> > Hello,
> >
> >
> >
> > An AIX machine runs a program that forks ssh client in order to
> > launch commands on a remote. I'm first seting up a Master connection
> > with a ControlPath, then using that connection to launch various
> > commands on the remote, and killing the master by issuing a
> > "-O exit" command.
> >
> > SSH client version on that machine is :
> > # ssh -V
> > OpenSSH_5.8p1, OpenSSL 0.9.8r 8 Feb 2011
> > # uname -nrsv
> > AIX P7_AIX7 1 7
> >
> > The program runs every 5 minutes for about 10s or so, gathering the
> > information from the remote just fine.
> >
> > Now, I'm looking at the output of "ps" and see some left-over processes :
> > root 5832832 1 69 22 nov - 5424:59 ssh -o BatchMode=yes -o ControlPath=/opt/data/ssh-socket_A-10.10.14.126 -o User=foobar 10.10.14.126 remote_command
> >
> > This instance of ssh client should not be there anymore.
> >
> > Having a deeper look:
> > * kill -9 on that process does not kill it.
> > * The corresponding ControlPath socket does not exist anymore on the system,
> > nor does the ssh master process for this socket.
> > * truss on that process does not show any activity at all: the process is
> > apparently inside a system call.
> > * kernel activity on the machine as reported by topas is 99%
> > * ls -l /proc/5832832/fd only shows 3 FDs :
> > # ls -l /proc/5832832/fd
> > 0 total
> > c--------- 1 root system 2, 2 14 d� 11:22 0
> > p--------- 0 root system 0 22 nov 06:18 1
> > c--------- 1 root system 2, 2 14 d� 11:22 2
> >
> > I have currently 6 of those processes running on this system. Some of them
> > are running for weeks like the above. Others are running for days.
> >
> > This situation looks like a kernel bug to me. Do you have any idea of
> > anything that might be triggering it in the OpenSSH code in this old
> > version of OpenSSH ?
> >
> >
> > Thanks,
> > Flavien.
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
--
More information about the openssh-unix-dev
mailing list