Re: sshd signal 11 on -current

On Jan 17, 2024, at 11:55, bob prohaska <fbsd@www.zefox.net> wrote:
> 
> On Wed, Jan 17, 2024 at 09:34:28AM -0800, Mark Millard wrote:
>> On Jan 17, 2024, at 08:00, bob prohaska <fbsd@www.zefox.net> wrote:
>> 
>>> A Pi4 running -current reported:
>>> 
>>> Jan 13 16:23:10 nemesis kernel: pid 53604 (sshd), jid 0, uid 22: exited on signal 11 (no core dump - bad address)
>>> repeatedly.
>> 
>> I assume that the pid changed from message to message, in addition
>> to the time but the rest of each message text matched exactly.
>> 
> 
> I've put a copy of the relevant lines from nemesis's /var/log/messages
> at http://www.zefox.net/~fbsd/tiptrouble/sshfaults.log
> 
> 
>>> There's no obvious  disruption of operation, existing
>>> ssh connections seem undisturbed.
>> 
> 
> I'll take that statement back. The host ns2.zefox.net
> crashed and rebooted while I was writing this note.
> 
> After logging back in to ns2.zefox.net the session was again
> terminated by a "Corrupted MAC on input message:
> 
> Last login: Wed Jan 17 11:28:45 2024 from nemesis.zefox.com
> FreeBSD 12.4-STABLE r373269 GENERIC 
> 
> Welcome to FreeBSD!
> 
> Release Notes, Errata: https://www.FreeBSD.org/releases/
> Security Advisories:   https://www.FreeBSD.org/security/
> FreeBSD Handbook:      https://www.FreeBSD.org/handbook/
> FreeBSD FAQ:           https://www.FreeBSD.org/faq/
> Questions List: https://lists.FreeBSD.org/mailman/listinfo/freebsd-questions/
> FreeBSD Forums:        https://forums.FreeBSD.org/
> 
> Documents installed with the system are in the /usr/local/share/doc/freebsd/
> directory, or can be installed later with:  pkg install en-freebsd-doc
> For other languages, replace "en" with a language code like de or fr.
> 
> Show the version of FreeBSD installed:  freebsd-version ; uname -a
> Please include that output and any error messages when posting questions.
> Introduction to manual pages:  man man
> FreeBSD directory layout:      man hier
> 
> Edit /etc/motd to change this login announcement.
> To change an environment variable in tcsh you use: setenv NAME "value"
> where NAME is the name of the variable and "value" its new value.
> bob@ns2:~ % uptime
> 11:30AM  up 21 mins, 1 user, load averages: 0.00, 0.00, 0.00
> bob@ns2:~ % grep -i ssh /var/log/messages
> Jan  1 00:38:20 ns2 sshd[8068]: error: Fssh_kex_exchange_identification: Connection closed by remote host
> Jan  1 01:04:47 ns2 sshd[8182]: error: Fssh_kex_exchange_identification: Connection closed by remote host
> Jan  1 01:49:21 ns2 sshd[8242]: error: PAM: Authentication error for illegal user info from 185.11.61.234
> Jan  1 02:19:41 ns2 sshd[8292]: error: PAM: Authentication error for illegal user cromados from 85.209.11.226
> Jan  1 02:26:04 ns2 sshd[8308]: error: Fssh_kex_exchange_identification: Connection closed by remote host
> Jan  1 03:09:31 ns2 sshd[8623]: error: Fssh_kex_exchange_identification: Connection closed by remote host
> Corrupted MAC on input.
> ssh_dispatch_run_fatal: Connection to 50.1.20.30 port 22: message authentication code incorrect
> bob@raspberrypi:~ $ 
> 
> 
> It's very curious that logging back in to ns2.zefox.net goes 
> without error, but attempts to look at /var/log/messages
> simply repeats the "corrupted MAC..." message with ssh disconnection:
> 
> Last login: Wed Jan 17 11:41:19 2024 from gateway.zefox.net
> FreeBSD 12.4-STABLE r373269 GENERIC 
> 
> Welcome to FreeBSD!
> 
> Release Notes, Errata: https://www.FreeBSD.org/releases/
> Security Advisories:   https://www.FreeBSD.org/security/
> FreeBSD Handbook:      https://www.FreeBSD.org/handbook/
> FreeBSD FAQ:           https://www.FreeBSD.org/faq/
> Questions List: https://lists.FreeBSD.org/mailman/listinfo/freebsd-questions/
> FreeBSD Forums:        https://forums.FreeBSD.org/
> 
> Documents installed with the system are in the /usr/local/share/doc/freebsd/
> directory, or can be installed later with:  pkg install en-freebsd-doc
> For other languages, replace "en" with a language code like de or fr.
> 
> Show the version of FreeBSD installed:  freebsd-version ; uname -a
> Please include that output and any error messages when posting questions.
> Introduction to manual pages:  man man
> FreeBSD directory layout:      man hier
> 
> Edit /etc/motd to change this login announcement.
> When using ZFS as the file system the "df" command is reporting the pool size
> and not file system sizes. It also does not know about descendent ZFS
> datasets, snapshots, quotas, and reservations with their individual space usage. 
> Use the built-in "zfs list" command to get a better overview of space usage:
> 
> zfs list -o space
> 
> -- Benedict Reuschling <bcr@FreeBSD.org>
> bob@ns2:~ % more /var/log/messages
> Corrupted MAC on input.
> ssh_dispatch_run_fatal: Connection to 50.1.20.30 port 22: message authentication code incorrect
> 
> bob@raspberrypi:~ $ 
> 
> Despite this ns2.zefox.net still answers queries sent via
> nslookup:
> 
> bob@raspberrypi:~ $ nslookup
>> server ns2.zefox.net
> Default server: ns2.zefox.net
> Address: 50.1.20.30#53
>> www.zefox.org
> Server: ns2.zefox.net
> Address: 50.1.20.30#53
> 
> Name: www.zefox.org
> Address: 50.1.20.28
>> www.zefox.net
> Server: ns2.zefox.net
> Address: 50.1.20.30#53
> 
> Name: www.zefox.net
> Address: 50.1.20.27
> 
> Outwardly, ns2.zefox.net appears to work as intended. 
> 

Does connecting to ns2.zefox.net from the Mac workstation
also end up seeing "Corrupted MAC on input" eventually
when you then look at /various/log/messages somehow (more,
grep, . . .)?

Does connecting to ns2.zefox.net from "pi4 RasPiOS workstation"
also end up seeing "Corrupted MAC on input" eventually?

Does connecting to ns2.zefox.net from "gateway.zefox.net"
also end up seeing "Corrupted MAC on input" eventually?

Does connecting to ns2.zefox.net from "ns1.zefox.net"
also end up seeing "Corrupted MAC on input" eventually?

. . .

Does connecting to ns2.zefox.net from "www.zefox.org"
also end up seeing "Corrupted MAC on input" eventually?

Which see the problem and which do not (if any)?

I'm not claiming answering the questions are easy.

===
Mark Millard
marklmi at yahoo.com