Re: sshd-session (sshd on conect) crashes with signal 6

In reply to: Henryk Paluch : "sshd-session (sshd on conect) crashes with signal 6"
Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Henryk Paluch <henryk.paluch_at_pickering.cz>
Date: Fri, 15 Aug 2025 12:11:12 UTC
Addendum - source code listing:

/usr/src/crypto/openssh/uidswap.c:134

 grep -n . /usr/src/crypto/openssh/uidswap.c | fgrep -A 10 -B 10 134:
124:            fatal("setgroups: %.100s", strerror(errno));
125:#ifndef SAVED_IDS_WORK_WITH_SETEUID
126:    /* Propagate the privileged gid to all of our gids. */
127:#ifdef __FreeBSD__
128:    /*
129:     * FreeBSD traditionally includes the egid as the first element.  If we
130:     * use getegid() here then we effectively propagate user_groups[0],
131:     * which is probably pw->pw_gid.  Fix it to work as intended by using
132:     * the egid we already have stashed off.
133:     */

// here it crashes:
134:    assert(saved_egroupslen > 0);


135:    if (setgid(saved_egroups[0]) == -1)
136:            debug("setgid %u: %.100s", (u_int) saved_egroups[0], strerror(errno));
137:#else
138:    if (setgid(getegid()) == -1)
139:            debug("setgid %u: %.100s", (u_int) getegid(), strerror(errno));
140:#endif
141:    /* Propagate the privileged uid to all of our uids. */
142:    if (setuid(geteuid()) == -1)
143:            debug("setuid %u: %.100s", (u_int) geteuid(), strerror(errno));
144:#endif /* SAVED_IDS_WORK_WITH_SETEUID */


----- Original Message -----
> From: "henryk paluch" <henryk.paluch@pickering.cz>
> To: "freebsd-current" <freebsd-current@FreeBSD.org>
> Sent: Friday, August 15, 2025 2:06:20 PM
> Subject: sshd-session (sshd on conect) crashes with signal 6

> Hello!
> 
> After one week following current I recently started experiencing
> sshd-session crashes on 2 machines running latest 15.0-PRERELEASE (git Main
> branch).
> 
> Anytime I try to SSH login to my 15.0-PRERELASE, sshd crashes on  sshd-sesson
> subprocess with:
> 
> pid 1217 (sshd-session), jid 0, uid 0: exited on signal 6
> 
> More details:
> 
> gdb /usr/libexec/sshd-session  /sshd-session.core
> 
> Core was generated by `sshd-session: ansible [priv]'.
> Program terminated with signal SIGABRT, Aborted.
> Sent by thr_kill() from pid 15843 and user 0.
> #0  thr_kill () at thr_kill.S:4
> warning: Source file is more recent than executable.
> 4       RSYSCALL(thr_kill)
> (gdb) bt
> #0  thr_kill () at thr_kill.S:4
> #1  0x000019ceda634fa4 in __raise (s=s@entry=6) at
> /usr/src/lib/libc/gen/raise.c:48
> #2  0x000019ceda6e52a9 in abort () at /usr/src/lib/libc/stdlib/abort.c:61
> #3  0x000019ceda617d51 in __assert (func=<optimized out>, file=<optimized out>,
> line=line@entry=134,
>    failedexpr=<optimized out>) at /usr/src/lib/libc/gen/assert.c:47
> #4  0x000019c6b21029c3 in temporarily_use_uid (pw=pw@entry=0x3c3261215280) at
> /usr/src/crypto/openssh/uidswap.c:134
> #5  0x000019c6b20e8517 in user_key_allowed2 (pw=0x3c3261215280,
> key=0x3c32612e5820,
>    file=0x3c3261233e30 "/home/ansible/.ssh/authorized_keys",
>    remote_ip=0x3c3261212da0 "192.168.122.1",
>    remote_host=0x3c3261212dd0 "192.168.122.1", authoptsp=0x19ced2ed0590) at
>    /usr/src/crypto/openssh/auth2-pubkey.c:599
> #6  user_key_allowed (ssh=ssh@entry=0x3c32612f4000, pw=0x3c3261215280,
> key=0x3c32612e5820, auth_attempt=<optimized out>,
>    authoptsp=authoptsp@entry=0x19ced2ed0688) at
>    /usr/src/crypto/openssh/auth2-pubkey.c:783
> #7  0x000019c6b20ed99d in mm_answer_keyallowed (ssh=0x3c32612f4000, sock=7,
> m=0x3c3261214d40)
>    at /usr/src/crypto/openssh/monitor.c:1205
> #8  0x000019c6b20f034d in monitor_read (ssh=ssh@entry=0x3c32612f4000,
> pmonitor=pmonitor@entry=0x3c32612c4cc0,
>    ent=0x19c6b210a720 <mon_dispatch_proto20+208>, pent=pent@entry=0x19ced2ed0758)
>    at /usr/src/crypto/openssh/monitor.c:523
> #9  0x000019c6b20efdf2 in monitor_child_preauth (ssh=ssh@entry=0x3c32612f4000,
> pmonitor=0x3c32612c4cc0)
>    at /usr/src/crypto/openssh/monitor.c:298
> #10 0x000019c6b20cac27 in privsep_preauth (ssh=ssh@entry=0x3c32612f4000) at
> /usr/src/crypto/openssh/sshd-session.c:353
> #11 0x000019c6b20c9e3b in main (ac=2, av=<optimized out>) at
> /usr/src/crypto/openssh/sshd-session.c:1322
> (gdb) q
> 
> 
> Encountered on 2 machines:
> 
> Machine 1 "fbsd-next":
> 
> uname -v        -> FreeBSD 15.0-PRERELEASE #1 main-n279622-c992ac621327: Fri Aug
> 15 12:55:01 CEST 2025
> root@fbsd-next:/usr/obj/usr/src/amd64.amd64/sys/GENERIC
> freebsd-version ->  15.0-PRERELEASE
> uname -UK       -> 1500060 1500060
> git branch -v   -> * main c992ac621327 ipheth(4): Add CDC-NCM support for RX
> git describe    -> vendor/NetBSD/bmake/20250804-302114-gc992ac621327
> 
> 
> (Machine 2 is currently rebuilding):
> 
> git branch -v -> * main 5205b32de3fb libc: Drop incorrect qsort optimization
> git describe  -> vendor/NetBSD/bmake/20250804-302115-g5205b32de3fb
> 
> Is anybody else experiencing same problem?
> 
> Best regards
>   --Henryk Paluch