I'm at a loss as to why Kerberos should affect this particular thing, at least when there's no actual Kerberos authentication involved. Silly question, but you don't have a modified OpenSSL or anything related to it, do you, and what exact package version of libssl1.0.0 do you have installed? Also, if you put --with-kerberos5=/usr back and remove --with-ssl-engine, does that also cure the crash?
I'm not entirely convinced about your reported value for EVP_Cipher_nid(cc->evp), since as far as I can see 0x480c0 isn't a valid NID. Something seems fishy there. In general that's a very odd place to see a socket being created, unless we're somehow hitting RAND_query_egd_bytes - but in that case I think I'd expect to see an attempt to open /dev/urandom between the getpid and the socket. The next thing I can think of to try is to allow the network monitor to use this system call and see what else happens around it. Obviously do this very cautiously, and do not run with the attached patch in production (I'm pretty sure the socket syscall is deliberately forbidden in this context), but it should be enough to get a more complete strace and (probably more usefully) to try Seth's perf idea again: with this patch, the socket syscall should actually make it as far as the tracepoint, so we should be able to get a stack trace for it. ** Patch added: "sshd-enable-socket.patch" https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1690485/+attachment/4997957/+files/sshd-enable-socket.patch -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1690485 Title: openssh-server SIGSYS with 'UsePrivilegeSeparation sandbox' Status in openssh package in Ubuntu: New Bug description: The 'sshd' process gets 'authentication failure' and refuses to allow any login. dmesg indicates that the problem is SIGSYS on a call to 'socket' (syscall #41, signal #31). On a hunch, I decided to test whether the problem is related to 'seccomp' and changed /etc/ssh/sshd_config from the default # UsePrivilegeSeparation sandbox to the former standard value UsePrivilegeSeparation yes and logins started to work again. Obviously, I'd like to have the additional protection that sandboxing would give me. ProblemType: Bug DistroRelease: Ubuntu 17.04 Package: openssh-server 1:7.4p1-10 ProcVersionSignature: Ubuntu 4.10.0-20.22-generic 4.10.8 Uname: Linux 4.10.0-20-generic x86_64 ApportVersion: 2.20.4-0ubuntu4 Architecture: amd64 CurrentDesktop: XFCE Date: Fri May 12 21:06:20 2017 InstallationDate: Installed on 2017-04-08 (35 days ago) InstallationMedia: SourcePackage: openssh UpgradeStatus: Upgraded to zesty on 2017-04-24 (19 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1690485/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
