This has been going on for quite a while--since the late 8XXX versions of SVN. I opened up a bug ticket on it back in the 9XXXs but nobody picked it up.
It isn't a deal buster because I've figured out a workaround that might provide a clue fpr whomever tries to fix the bug someday: it never happens when ssh is run as root, OR when it's run by a user who has been su'ed from the root account. Thus I assume it's a permissions thing in the end, but I don't have a clue as to how to go about finding it.
I just built 10107 and it's still there.
Here's the ring buffer log message:
Unhandled kernel unaligned access[#1]:
Cpu 0
$ 0 : 00000000 10009800 fffffff3 fffffff3
$ 4 : 812d49e8 00000002 00000000 00000000
$ 8 : 81e7b080 00000000 0000000c 00000000
$12 : 477dc30b 00000000 477dc30b 00000000
$16 : 80200000 818c7304 818c74f4 818c7570
$20 : 81ef6aa8 818c7380 fffffff3 818c73fc
$24 : 00000000 00000000
$28 : 81cc2000 81cc3df0 00000000 800ca880
Hi : e8587466
Lo : d2125283
epc : 800ca884 Tainted: P
ra : 800ca880 Status: 10009803 KERNEL EXL IE
Cause : 00000010
BadVA : fffffffb
PrId : 00029007
Modules linked in: ath_pci wlan_xauth wlan_wep wlan_tkip wlan_ccmp wlan_acl ath_rate_minstrel ath_hal(P) wlan_scan_sta wlan_scan_ap wlan ppp_async ppp_generic slhc crc_ccitt usbcore switch_robo switch_core diag
Process ssh (pid: 570, threadinfo=81cc2000, task=812d49e8)
Stack : 81e56280 800cfc18 818ed808 818c7380 00000004 80270000 00000000 818c7304
818c74f4 818c7570 81ef6aa8 818c7380 818c7380 818c73fc 00000000 800cf750
00000000 80270000 818ee60c 81cc3ed0 00000001 80080320 818c73fc 818ee60c
81cc3ed0 81cc3ec8 81ef6aa8 00000002 00000095 0047e5a5 0047e758 80080474
81074760 81cc3ec8 000001c0 81cc3ec8 81cc3ec8 00000001 000001c0 81c8d000
...
Call Trace:[<800cfc18>][<800cf750>][<80080320>][<80080474>][<80080504>][<8008076c>][<80083e5c>][<80083e48>][<800880dc>][<80077b34>][<8000c12c>][<8000c12c>]
Code: 0c02046f 02202821 0040b021 <8c420008> 14400005 00000000 0c022ffd 02c02021 08032ad2