(In reply to Hans Petter Jansson from comment #3) > Thanks for the core dump. This seems to be happening in a few locations, but > I haven't been able to repro it here yet, not even with valgrind. > > The dump makes it looks like a sshcipher_ctx struct has been partially > overwritten with garbage. In cipher_free() it crashes on this line: > > > if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) { > > ...because cc->cipher points to a bad location (but it's not NULL). > > Questions: > > 1) Do you know more precisely when this started happening? I'm suspecting > patches added to openssh or openssl this autumn. sorry, no, but has been for 3 or 4 or more months > 2) Could you run sshd like this (as root): > > /usr/sbin/sshd -Dddd -p 2048 > > Then from a different shell session, connect to it like this: > > ssh localhost -p 2048 > > ...and trigger the crash, then attach the sshd debug output here? I will but I do not know what triggers the crash. I will start the session you describe and leave it open until I observe another crash, then report.