[Bug 292248] security/openssh-portable: sshd-session crash on FreeBSD 15.0-RELEASE on arm64

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: <bugzilla-noreply_at_freebsd.org>
Date: Wed, 07 Jan 2026 17:56:35 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=292248

            Bug ID: 292248
           Summary: security/openssh-portable: sshd-session crash on
                    FreeBSD 15.0-RELEASE on arm64
           Product: Ports & Packages
           Version: Latest
          Hardware: arm64
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: Individual Port(s)
          Assignee: bdrewery@FreeBSD.org
          Reporter: matt@mystile.com
             Flags: maintainer-feedback?(bdrewery@FreeBSD.org)
          Assignee: bdrewery@FreeBSD.org

On FreeBSD 15.0-RELEASE on arm64, sshd-session often crashes when closing a
connection that was using the chacha20-poly1305@openssh.com cipher.

This issue does NOT appear to occur on amd64 or with other ciphers. It occurs
for both local and remote clients.

Steps to Reproduce:

On a fresh FreeBSD 15.0 system on arm64 with an SSH key configured:

root@freebsd:~# ssh localhost whoami; echo $?; tail -n 3 /var/log/messages

Actual Results:

root
Connection to localhost closed by remote host.
255
Jan  7 17:11:26 freebsd sshd-session[3848]: error: server_loop2: osigset
sigprocmask: Invalid argument
Jan  7 17:11:26 freebsd sshd-session[3857]: fatal: wait_until_can_do_something:
ppoll: Invalid argument
Jan  7 17:16:06 freebsd sshd-session[3893]: error: server_loop2: bsigset
sigprocmask: Invalid argument

Expected Results:

root
0

Software Versions:

# uname -a
FreeBSD freebsd 15.0-RELEASE FreeBSD 15.0-RELEASE
releng/15.0-n280995-7aedc8de6446 GENERIC arm64

# ssh -V
OpenSSH_10.0p2, OpenSSL 3.5.4 30 Sep 2025

# Additional Information

This was tested on multiple c8g.large instances in AWS region us-east-1 using
AMI ami-0dc8a8e918bf0aab6.

In addition to reproducing using local connections, this issue can be seen from
remote clients when using the chacha20-poly1305@openssh.com cipher, either by
default, or by using the -c option, including from:

* Ubuntu 24.04: OpenSSH_9.6p1 Ubuntu-3ubuntu13.14, OpenSSL 3.0.13 30 Jan 2024
* Alpine 3.22: OpenSSH_10.0p2, OpenSSL 3.5.4 30 Sep 2025
* macOS 26.1: OpenSSH_10.0p2, LibreSSL 3.3.6

Remote clients seem to reproduce the issue consistently, while local
connections occasionally succeed.

# Special Thanks

I'd like to thank my colleague, Matt Davis (mrd@redhat.com), for helping with
testing and narrowing down the scope of the issue. In particular, he figured
out that it was the cipher that determined whether or not a given client
triggered the issue.

-- 
You are receiving this mail because:
You are the assignee for the bug.