[Bug 289475] sshd dumps core after freebsd-update to 14.3-RELEASE-p2
Date: Sun, 19 Apr 2026 22:19:08 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289475
--- Comment #10 from John W. O'Brien <john@saltant.com> ---
I hit a problem today that seems very much like this after deploying a new
instance on the Vultr cloud in their US ORD data center. The host was
provisioned from the hoster's FreeBSD 14 image and came up as 14.4-RELEASE-p1.
From the logs:
root@swivet:~ # grep fatal /var/log/auth.log
Apr 19 16:50:32 swivet sshd[891]: fatal: pack_hostkeys: serialize hostkey
private: string is too large
Apr 19 19:21:35 swivet sshd[1012]: fatal: pack_hostkeys: serialize hostkey
private: incomplete message
Apr 19 21:58:14 swivet sshd[8072]: fatal: pack_hostkeys: serialize hostkey
private: string is too large
From a core dump with a filesystem timestamp of "Apr 19 21:40", which oddly
doesn't match any of the log entries:
root@swivet:/ # lldb /usr/libexec/sshd-session -c sshd-session.core
(lldb) target create "/usr/libexec/sshd-session" --core "sshd-session.core"
Core file '/sshd-session.core' (x86_64) was loaded.o.11...
(lldb) bt
* thread #1, name = 'sshd-session', stop reason = signal SIGSEGV
* frame #0: 0x00003bcf05420f35 libcrypto.so.30`___lldb_unnamed_symbol8978 +
1493
frame #1: 0x00003bcf0541f205 libcrypto.so.30`___lldb_unnamed_symbol8972 +
229
frame #2: 0x00003bcf0540f99d libcrypto.so.30`___lldb_unnamed_symbol8901 +
109
frame #3: 0x00003bcf05406ad9 libcrypto.so.30`___lldb_unnamed_symbol8877 +
3433
frame #4: 0x00003bcf054051f3 libcrypto.so.30`BN_mod_exp_mont + 179
frame #5: 0x00003bcf05402a06 libcrypto.so.30`BN_BLINDING_create_param + 406
frame #6: 0x00003bcf055ab8cb libcrypto.so.30`RSA_setup_blinding + 155
frame #7: 0x00003bcf055ab7fa libcrypto.so.30`RSA_blinding_on + 74
frame #8: 0x00003bcf0004efd8 libprivatessh.so.5`___lldb_unnamed_symbol2268
+ 392
frame #9: 0x00003bcf00017b0d
libprivatessh.so.5`Fssh_sshkey_private_deserialize + 365
frame #10: 0x00003bc6de0ba0e7 sshd-session`___lldb_unnamed_symbol1094 + 759
frame #11: 0x00003bc6de0b91c6 sshd-session`___lldb_unnamed_symbol1093 +
1654
frame #12: 0x00003bcf058342f0 libc.so.7`__libc_start1 + 336
frame #13: 0x00003bc6de0b8521 sshd-session`___lldb_unnamed_symbol1081 + 33
I've been trying to induce the crash by adjusting my ssh client config, but so
far no luck.
From dmesg (manually excerpted):
CPU: Intel Xeon Processor (Skylake, IBRS) (2594.06-MHz K8-class CPU)
Origin="GenuineIntel" Id=0x50654 Family=0x6 Model=0x55 Stepping=4
Features=0x783fbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE,SSE2>
Features2=0xfffa3203<SSE3,PCLMULQDQ,SSSE3,FMA,CX16,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,TSCDLT,AESNI,XSAVE,OSXSAVE,AVX,F16C,RDRAND,HV>
AMD Features=0x2c100800<SYSCALL,NX,Page1GB,RDTSCP,LM>
AMD Features2=0x21<LAHF,ABM>
Structured Extended
Features=0xd10307a9<FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,AVX512F,AVX512DQ,CLWB,AVX512CD,AVX512BW,AVX512VL>
Structured Extended Features2=0x18<PKU,OSPKE>
Structured Extended Features3=0x84000000<IBPB,SSBD>
XSAVE Features=0x1<XSAVEOPT>
Loader config (as provisioned):
root@swivet:~ # cat /boot/loader.conf
aesni_load="YES"
cc_htcp_load="YES"
crypto_load="YES"
cryptodev_load="YES"
virtio_random_load="YES"
Also maybe related:
https://forums.freebsd.org/threads/sshd-frequent-crashes-segfault-and-fatal-during-key-checks.102252/#post-754827
--
You are receiving this mail because:
You are the assignee for the bug.