From 23a2bb750547a9a5251cbc44c5ceb1d05303befe Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Tue, 2 Sep 2025 19:30:07 +1000
Subject: [PATCH] replace remaining manual logging of __func__

Use the appropriate log macro that prepends the function name
(e.g. logit_f/debug2_f/etc).
---
 audit-bsm.c              |  2 +-
 audit-linux.c            |  2 +-
 auth-pam.c               | 86 ++++++++++++++++++++--------------------
 auth-shadow.c            |  4 +-
 auth2.c                  |  2 +-
 channels.c               |  2 +-
 loginrec.c               | 36 ++++++++---------
 misc.c                   |  2 +-
 monitor.c                | 43 ++++++++++----------
 monitor_fdpass.c         |  2 +-
 monitor_wrap.c           | 70 ++++++++++++++++----------------
 sandbox-capsicum.c       |  8 ++--
 sandbox-darwin.c         |  6 +--
 sandbox-seccomp-filter.c | 10 ++---
 ssh-pkcs11.c             |  6 +--
 sshd-session.c           |  2 +-
 sshd.c                   |  2 +-
 sshlogin.c               |  2 +-
 sshpty.c                 |  2 +-
 uidswap.c                |  8 ++--
 20 files changed, 148 insertions(+), 149 deletions(-)

diff --git a/audit-bsm.c b/audit-bsm.c
index ccfcf6f7f..4bce22c37 100644
--- a/audit-bsm.c
+++ b/audit-bsm.c
@@ -449,7 +449,7 @@ audit_event(struct ssh *ssh, ssh_audit_event_t event)
 		break;
 
 	default:
-		debug("%s: unhandled event %d", __func__, event);
+		debug_f("unhandled event %d", event);
 	}
 }
 #endif /* BSM */
diff --git a/audit-linux.c b/audit-linux.c
index 3fcbe5c53..8b9854f73 100644
--- a/audit-linux.c
+++ b/audit-linux.c
@@ -117,7 +117,7 @@ audit_event(struct ssh *ssh, ssh_audit_event_t event)
 		    ssh_remote_ipaddr(ssh), "sshd", 0);
 		break;
 	default:
-		debug("%s: unhandled event %d", __func__, event);
+		debug_f("unhandled event %d", event);
 		break;
 	}
 }
diff --git a/auth-pam.c b/auth-pam.c
index 2481db45f..00d30ee9c 100644
--- a/auth-pam.c
+++ b/auth-pam.c
@@ -229,7 +229,7 @@ pthread_join(sp_pthread_t thread, void **value)
 	while (waitpid(thread, &status, 0) == -1) {
 		if (errno == EINTR)
 			continue;
-		fatal("%s: waitpid: %s", __func__, strerror(errno));
+		fatal_f("waitpid: %s", strerror(errno));
 	}
 	return (status);
 }
@@ -287,10 +287,10 @@ sshpam_chauthtok_ruid(pam_handle_t *pamh, int flags)
 	if (sshpam_authctxt == NULL)
 		fatal("PAM: sshpam_authctxt not initialized");
 	if (setreuid(sshpam_authctxt->pw->pw_uid, -1) == -1)
-		fatal("%s: setreuid failed: %s", __func__, strerror(errno));
+		fatal_f("setreuid failed: %s", strerror(errno));
 	result = pam_chauthtok(pamh, flags);
 	if (setreuid(0, -1) == -1)
-		fatal("%s: setreuid failed: %s", __func__, strerror(errno));
+		fatal_f("setreuid failed: %s", strerror(errno));
 	return result;
 }
 # define pam_chauthtok(a,b)	(sshpam_chauthtok_ruid((a), (b)))
@@ -302,9 +302,9 @@ sshpam_password_change_required(int reqd)
 	extern struct sshauthopt *auth_opts;
 	static int saved_port, saved_agent, saved_x11;
 
-	debug3("%s %d", __func__, reqd);
+	debug3_f("reqd=%d", reqd);
 	if (sshpam_authctxt == NULL)
-		fatal("%s: PAM authctxt not initialized", __func__);
+		fatal_f("PAM authctxt not initialized");
 	sshpam_authctxt->force_pwchange = reqd;
 	if (reqd) {
 		saved_port = auth_opts->permit_port_forwarding_flag;
@@ -331,22 +331,22 @@ import_environments(struct sshbuf *b)
 	u_int n, i, num_env;
 	int r;
 
-	debug3("PAM: %s entering", __func__);
+	debug3_f("entering");
 
 #ifndef UNSUPPORTED_POSIX_THREADS_HACK
 	/* Import variables set by do_pam_account */
 	if ((r = sshbuf_get_u32(b, &n)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "buffer error");
 	if (n > INT_MAX)
-		fatal("%s: invalid PAM account status %u", __func__, n);
+		fatal_f("invalid PAM account status %u", n);
 	sshpam_account_status = (int)n;
 	if ((r = sshbuf_get_u32(b, &n)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "buffer error");
 	sshpam_password_change_required(n != 0);
 
 	/* Import environment from subprocess */
 	if ((r = sshbuf_get_u32(b, &num_env)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "buffer error");
 	if (num_env > 1024) {
 		fatal_f("received %u environment variables, expected <= 1024",
 		    num_env);
@@ -355,13 +355,13 @@ import_environments(struct sshbuf *b)
 	debug3("PAM: num env strings %u", num_env);
 	for(i = 0; i < num_env; i++) {
 		if ((r = sshbuf_get_cstring(b, &(sshpam_env[i]), NULL)) != 0)
-			fatal("%s: buffer error: %s", __func__, ssh_err(r));
+			fatal_fr(r, "buffer error");
 	}
 	sshpam_env[num_env] = NULL;
 
 	/* Import PAM environment from subprocess */
 	if ((r = sshbuf_get_u32(b, &num_env)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "buffer error");
 	if (num_env > 1024) {
 		fatal_f("received %u PAM env variables, expected <= 1024",
 		    num_env);
@@ -369,7 +369,7 @@ import_environments(struct sshbuf *b)
 	debug("PAM: num PAM env strings %u", num_env);
 	for (i = 0; i < num_env; i++) {
 		if ((r = sshbuf_get_cstring(b, &env, NULL)) != 0)
-			fatal("%s: buffer error: %s", __func__, ssh_err(r));
+			fatal_fr(r, "buffer error");
 		/* Errors are not fatal here */
 		if ((r = pam_putenv(sshpam_handle, env)) != PAM_SUCCESS) {
 			error("PAM: pam_putenv: %s",
@@ -397,7 +397,7 @@ sshpam_thread_conv(int n, sshpam_const struct pam_message **msg,
 	int r, i;
 	u_char status;
 
-	debug3("PAM: %s entering, %d messages", __func__, n);
+	debug3_f("PAM: entering, %d messages", n);
 	*resp = NULL;
 
 	if (data == NULL) {
@@ -474,7 +474,7 @@ check_pam_user(Authctxt *authctxt)
 
 	if (authctxt == NULL || authctxt->pw == NULL ||
 	    authctxt->pw->pw_name == NULL)
-		fatal("%s: PAM authctxt user not initialized", __func__);
+		fatal_f("PAM authctxt user not initialized");
 
 	if ((sshpam_err = pam_get_item(sshpam_handle, PAM_USER,
 	    (sshpam_const void **) &pam_user)) != PAM_SUCCESS)
@@ -533,10 +533,10 @@ sshpam_thread(void *ctxtp)
 	sshpam_conv.appdata_ptr = ctxt;
 
 	if (sshpam_authctxt == NULL)
-		fatal("%s: PAM authctxt not initialized", __func__);
+		fatal_f("PAM authctxt not initialized");
 
 	if ((buffer = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new failed", __func__);
+		fatal_f("sshbuf_new failed");
 
 	sshpam_err = pam_set_item(sshpam_handle, PAM_CONV,
 	    (const void *)&sshpam_conv);
@@ -563,38 +563,38 @@ sshpam_thread(void *ctxtp)
 	}
 
 	if ((r = sshbuf_put_cstring(buffer, "OK")) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "buffer error");
 
 #ifndef UNSUPPORTED_POSIX_THREADS_HACK
 	/* Export variables set by do_pam_account */
 	if ((r = sshbuf_put_u32(buffer, sshpam_account_status)) != 0 ||
 	    (r = sshbuf_put_u32(buffer, sshpam_authctxt->force_pwchange)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "buffer error");
 
 	/* Export any environment strings set in child */
 	for (i = 0; environ[i] != NULL; i++) {
 		/* Count */
 		if (i > INT_MAX)
-			fatal("%s: too many environment strings", __func__);
+			fatal_f("too many environment strings");
 	}
 	if ((r = sshbuf_put_u32(buffer, i)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "buffer error");
 	for (i = 0; environ[i] != NULL; i++) {
 		if ((r = sshbuf_put_cstring(buffer, environ[i])) != 0)
-			fatal("%s: buffer error: %s", __func__, ssh_err(r));
+			fatal_fr(r, "buffer error");
 	}
 	/* Export any environment strings set by PAM in child */
 	env_from_pam = pam_getenvlist(sshpam_handle);
 	for (i = 0; env_from_pam != NULL && env_from_pam[i] != NULL; i++) {
 		/* Count */
 		if (i > INT_MAX)
-			fatal("%s: too many PAM environment strings", __func__);
+			fatal_f("too many PAM environment strings");
 	}
 	if ((r = sshbuf_put_u32(buffer, i)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "buffer error");
 	for (i = 0; env_from_pam != NULL && env_from_pam[i] != NULL; i++) {
 		if ((r = sshbuf_put_cstring(buffer, env_from_pam[i])) != 0)
-			fatal("%s: buffer error: %s", __func__, ssh_err(r));
+			fatal_fr(r, "buffer error");
 	}
 #endif /* UNSUPPORTED_POSIX_THREADS_HACK */
 
@@ -606,7 +606,7 @@ sshpam_thread(void *ctxtp)
  auth_fail:
 	if ((r = sshbuf_put_cstring(buffer,
 	    pam_strerror(sshpam_handle, sshpam_err))) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "buffer error");
 	/* XXX - can't do much about an error here */
 	if (sshpam_err == PAM_ACCT_EXPIRED)
 		ssh_msg_send(ctxt->pam_csock, PAM_ACCT_EXPIRED, buffer);
@@ -625,7 +625,7 @@ sshpam_thread_cleanup(void)
 {
 	struct pam_ctxt *ctxt = cleanup_ctxt;
 
-	debug3("PAM: %s entering", __func__);
+	debug3_f("entering");
 	if (ctxt != NULL && ctxt->pam_thread != 0) {
 		pthread_cancel(ctxt->pam_thread);
 		pthread_join(ctxt->pam_thread, NULL);
@@ -640,7 +640,7 @@ static int
 sshpam_null_conv(int n, sshpam_const struct pam_message **msg,
     struct pam_response **resp, void *data)
 {
-	debug3("PAM: %s entering, %d messages", __func__, n);
+	debug3_f("PAM: entering, %d messages", n);
 	return (PAM_CONV_ERR);
 }
 
@@ -653,7 +653,7 @@ sshpam_store_conv(int n, sshpam_const struct pam_message **msg,
 	struct pam_response *reply;
 	int r, i;
 
-	debug3("PAM: %s called with %d messages", __func__, n);
+	debug3_f("PAM: called with %d messages", n);
 	*resp = NULL;
 
 	if (n <= 0 || n > PAM_MAX_NUM_MSG)
@@ -811,7 +811,7 @@ expose_authinfo(const char *caller)
 		auth_info = xstrdup("");
 	else if ((auth_info = sshbuf_dup_string(
 	    sshpam_authctxt->session_info)) == NULL)
-		fatal("%s: sshbuf_dup_string failed", __func__);
+		fatal_f("sshbuf_dup_string failed");
 
 	debug2("%s: auth information in SSH_AUTH_INFO_0", caller);
 	do_pam_putenv("SSH_AUTH_INFO_0", auth_info);
@@ -824,7 +824,7 @@ sshpam_init_ctx(Authctxt *authctxt)
 	struct pam_ctxt *ctxt;
 	int result, socks[2];
 
-	debug3("PAM: %s entering", __func__);
+	debug3_f("entering");
 	/*
 	 * Refuse to start if we don't have PAM enabled or do_pam_account
 	 * has previously failed.
@@ -874,9 +874,9 @@ sshpam_query(void *ctx, char **name, char **info,
 	size_t len, mlen, nmesg = 0;
 	int r;
 
-	debug3("PAM: %s entering", __func__);
+	debug3_f("entering");
 	if ((buffer = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new failed", __func__);
+		fatal_f("sshbuf_new failed");
 	*name = xstrdup("");
 	*info = xstrdup("");
 	*prompts = xmalloc(sizeof(char *));
@@ -888,7 +888,7 @@ sshpam_query(void *ctx, char **name, char **info,
 			fatal_f("too many query messages");
 		if ((r = sshbuf_get_u8(buffer, &type)) != 0 ||
 		    (r = sshbuf_get_cstring(buffer, &msg, &mlen)) != 0)
-			fatal("%s: buffer error: %s", __func__, ssh_err(r));
+			fatal_fr(r, "buffer error");
 		switch (type) {
 		case PAM_PROMPT_ECHO_ON:
 		case PAM_PROMPT_ECHO_OFF:
@@ -989,7 +989,7 @@ fake_password(const char *wire_password)
 	size_t i, l = wire_password != NULL ? strlen(wire_password) : 0;
 
 	if (l >= INT_MAX)
-		fatal("%s: password length too long: %zu", __func__, l);
+		fatal_f("password length too long: %zu", l);
 
 	ret = malloc(l + 1);
 	if (ret == NULL)
@@ -1009,7 +1009,7 @@ sshpam_respond(void *ctx, u_int num, char **resp)
 	char *fake;
 	int r;
 
-	debug2("PAM: %s entering, %u responses", __func__, num);
+	debug2_f("PAM: entering, %u responses", num);
 	switch (ctxt->pam_done) {
 	case 1:
 		sshpam_authenticated = 1;
@@ -1024,16 +1024,16 @@ sshpam_respond(void *ctx, u_int num, char **resp)
 		return (-1);
 	}
 	if ((buffer = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new failed", __func__);
+		fatal_f("sshbuf_new failed");
 	if (sshpam_authctxt->valid &&
 	    (sshpam_authctxt->pw->pw_uid != 0 ||
 	    options.permit_root_login == PERMIT_YES)) {
 		if ((r = sshbuf_put_cstring(buffer, *resp)) != 0)
-			fatal("%s: buffer error: %s", __func__, ssh_err(r));
+			fatal_fr(r, "buffer error");
 	} else {
 		fake = fake_password(*resp);
 		if ((r = sshbuf_put_cstring(buffer, fake)) != 0)
-			fatal("%s: buffer error: %s", __func__, ssh_err(r));
+			fatal_fr(r, "buffer error");
 		free(fake);
 	}
 	if (ssh_msg_send(ctxt->pam_psock, PAM_AUTHTOK, buffer) == -1) {
@@ -1049,7 +1049,7 @@ sshpam_free_ctx(void *ctxtp)
 {
 	struct pam_ctxt *ctxt = ctxtp;
 
-	debug3("PAM: %s entering", __func__);
+	debug3_f("entering");
 	sshpam_thread_cleanup();
 	free(ctxt);
 	/*
@@ -1101,7 +1101,7 @@ finish_pam(void)
 u_int
 do_pam_account(void)
 {
-	debug("%s: called", __func__);
+	debug_f("called");
 	if (sshpam_account_status != -1)
 		return (sshpam_account_status);
 
@@ -1154,7 +1154,7 @@ sshpam_tty_conv(int n, sshpam_const struct pam_message **msg,
 	struct pam_response *reply;
 	int i;
 
-	debug3("PAM: %s called with %d messages", __func__, n);
+	debug3_f("PAM: called with %d messages", n);
 
 	*resp = NULL;
 
@@ -1315,7 +1315,7 @@ sshpam_passwd_conv(int n, sshpam_const struct pam_message **msg,
 	int r, i;
 	size_t len;
 
-	debug3("PAM: %s called with %d messages", __func__, n);
+	debug3_f("PAM: called with %d messages", n);
 
 	*resp = NULL;
 
diff --git a/auth-shadow.c b/auth-shadow.c
index b1e3aa9fc..81b31b56e 100644
--- a/auth-shadow.c
+++ b/auth-shadow.c
@@ -74,7 +74,7 @@ auth_shadow_acctexpired(struct spwd *spw)
 		if ((r = sshbuf_putf(loginmsg, 
 		    "Your account will expire in %lld day%s.\n", daysleft,
 		    daysleft == 1 ? "" : "s")) != 0)
-			fatal("%s: buffer error: %s", __func__, ssh_err(r));
+			fatal_fr(r, "buffer error");
 	}
 
 	return 0;
@@ -133,7 +133,7 @@ auth_shadow_pwexpired(Authctxt *ctxt)
 		if ((r = sshbuf_putf(loginmsg, 
 		    "Your password will expire in %d day%s.\n", daysleft,
 		    daysleft == 1 ? "" : "s")) != 0)
-			fatal("%s: buffer error: %s", __func__, ssh_err(r));
+			fatal_fr(r, "buffer error");
 	}
 
 	return 0;
diff --git a/auth2.c b/auth2.c
index 82f6e6211..b9bb46f59 100644
--- a/auth2.c
+++ b/auth2.c
@@ -145,7 +145,7 @@ userauth_send_banner(struct ssh *ssh, const char *msg)
 	    (r = sshpkt_put_cstring(ssh, "")) != 0 ||	/* language, unused */
 	    (r = sshpkt_send(ssh)) != 0)
 		fatal_fr(r, "send packet");
-	debug("%s: sent", __func__);
+	debug_f("sent");
 }
 
 static void
diff --git a/channels.c b/channels.c
index 61cc8a008..67ee07387 100644
--- a/channels.c
+++ b/channels.c
@@ -5185,7 +5185,7 @@ is_path_to_xsocket(const char *display, char *path, size_t pathlen)
 	struct stat sbuf;
 
 	if (strlcpy(path, display, pathlen) >= pathlen) {
-		error("%s: display path too long", __func__);
+		error_f("display path too long");
 		return 0;
 	}
 	if (display[0] != '/')
diff --git a/loginrec.c b/loginrec.c
index c4a9bd485..953f71d25 100644
--- a/loginrec.c
+++ b/loginrec.c
@@ -853,7 +853,7 @@ utmp_write_direct(struct logininfo *li, struct utmp *ut)
 	endttyent();
 
 	if (NULL == ty) {
-		logit("%s: tty not found", __func__);
+		logit_f("tty not found");
 		return (0);
 	}
 #else /* FIXME */
@@ -867,7 +867,7 @@ utmp_write_direct(struct logininfo *li, struct utmp *ut)
 
 		pos = (off_t)tty * sizeof(struct utmp);
 		if ((ret = lseek(fd, pos, SEEK_SET)) == -1) {
-			logit("%s: lseek: %s", __func__, strerror(errno));
+			logit_f("lseek: %s", strerror(errno));
 			close(fd);
 			return (0);
 		}
@@ -889,7 +889,7 @@ utmp_write_direct(struct logininfo *li, struct utmp *ut)
 			memcpy(ut->ut_host, old_ut.ut_host, sizeof(ut->ut_host));
 
 		if ((ret = lseek(fd, pos, SEEK_SET)) == -1) {
-			logit("%s: lseek: %s", __func__, strerror(errno));
+			logit_f("lseek: %s", strerror(errno));
 			close(fd);
 			return (0);
 		}
@@ -922,12 +922,12 @@ utmp_perform_login(struct logininfo *li)
 	construct_utmp(li, &ut);
 # ifdef UTMP_USE_LIBRARY
 	if (!utmp_write_library(li, &ut)) {
-		logit("%s: utmp_write_library() failed", __func__);
+		logit_f("utmp_write_library() failed");
 		return (0);
 	}
 # else
 	if (!utmp_write_direct(li, &ut)) {
-		logit("%s: utmp_write_direct() failed", __func__);
+		logit_f("utmp_write_direct() failed");
 		return (0);
 	}
 # endif
@@ -943,12 +943,12 @@ utmp_perform_logout(struct logininfo *li)
 	construct_utmp(li, &ut);
 # ifdef UTMP_USE_LIBRARY
 	if (!utmp_write_library(li, &ut)) {
-		logit("%s: utmp_write_library() failed", __func__);
+		logit_f("utmp_write_library() failed");
 		return (0);
 	}
 # else
 	if (!utmp_write_direct(li, &ut)) {
-		logit("%s: utmp_write_direct() failed", __func__);
+		logit_f("utmp_write_direct() failed");
 		return (0);
 	}
 # endif
@@ -967,7 +967,7 @@ utmp_write_entry(struct logininfo *li)
 		return (utmp_perform_logout(li));
 
 	default:
-		logit("%s: invalid type field", __func__);
+		logit_f("invalid type field");
 		return (0);
 	}
 }
@@ -1008,7 +1008,7 @@ utmpx_write_library(struct logininfo *li, struct utmpx *utx)
 static int
 utmpx_write_direct(struct logininfo *li, struct utmpx *utx)
 {
-	logit("%s: not implemented!", __func__);
+	logit_f("not implemented!");
 	return (0);
 }
 # endif /* UTMPX_USE_LIBRARY */
@@ -1021,12 +1021,12 @@ utmpx_perform_login(struct logininfo *li)
 	construct_utmpx(li, &utx);
 # ifdef UTMPX_USE_LIBRARY
 	if (!utmpx_write_library(li, &utx)) {
-		logit("%s: utmp_write_library() failed", __func__);
+		logit_f("utmp_write_library() failed");
 		return (0);
 	}
 # else
 	if (!utmpx_write_direct(li, &utx)) {
-		logit("%s: utmp_write_direct() failed", __func__);
+		logit_f("utmp_write_direct() failed");
 		return (0);
 	}
 # endif
@@ -1064,7 +1064,7 @@ utmpx_write_entry(struct logininfo *li)
 	case LTYPE_LOGOUT:
 		return (utmpx_perform_logout(li));
 	default:
-		logit("%s: invalid type field", __func__);
+		logit_f("invalid type field");
 		return (0);
 	}
 }
@@ -1132,7 +1132,7 @@ wtmp_write_entry(struct logininfo *li)
 	case LTYPE_LOGOUT:
 		return (wtmp_perform_logout(li));
 	default:
-		logit("%s: invalid type field", __func__);
+		logit_f("invalid type field");
 		return (0);
 	}
 }
@@ -1311,7 +1311,7 @@ wtmpx_write_entry(struct logininfo *li)
 	case LTYPE_LOGOUT:
 		return (wtmpx_perform_logout(li));
 	default:
-		logit("%s: invalid type field", __func__);
+		logit_f("invalid type field");
 		return (0);
 	}
 }
@@ -1453,7 +1453,7 @@ wtmpdb_write_entry(struct logininfo *li)
 	case LTYPE_LOGOUT:
 		return (wtmpdb_perform_logout(li));
 	default:
-		logit("%s: invalid type field", __func__);
+		logit_f("invalid type field");
 		return (0);
 	}
 }
@@ -1486,7 +1486,7 @@ syslogin_perform_logout(struct logininfo *li)
 	(void)line_stripname(line, li->line, sizeof(line));
 
 	if (!logout(line))
-		logit("%s: logout() returned an error", __func__);
+		logit_f("logout() returned an error");
 #  ifdef HAVE_LOGWTMP
 	else
 		logwtmp(line, "", "");
@@ -1508,7 +1508,7 @@ syslogin_write_entry(struct logininfo *li)
 	case LTYPE_LOGOUT:
 		return (syslogin_perform_logout(li));
 	default:
-		logit("%s: Invalid type field", __func__);
+		logit_f("Invalid type field");
 		return (0);
 	}
 }
@@ -1612,7 +1612,7 @@ lastlog_write_entry(struct logininfo *li)
 		close(fd);
 		return (1);
 	default:
-		logit("%s: Invalid type field", __func__);
+		logit_f("Invalid type field");
 		return (0);
 	}
 }
diff --git a/misc.c b/misc.c
index ef77a6b7f..9ed51a970 100644
--- a/misc.c
+++ b/misc.c
@@ -1986,7 +1986,7 @@ sock_set_v6only(int s)
 #if defined(IPV6_V6ONLY) && !defined(__OpenBSD__)
 	int on = 1;
 
-	debug3("%s: set socket %d IPV6_V6ONLY", __func__, s);
+	debug3_f("set socket %d IPV6_V6ONLY", s);
 	if (setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY, &on, sizeof(on)) == -1)
 		error("setsockopt IPV6_V6ONLY: %s", strerror(errno));
 #endif
diff --git a/monitor.c b/monitor.c
index 2179553d3..129ff4ccb 100644
--- a/monitor.c
+++ b/monitor.c
@@ -1011,7 +1011,6 @@ mm_answer_authpassword(struct ssh *ssh, int sock, struct sshbuf *m)
 		fatal_fr(r, "assemble PAM");
 #endif
 
-	debug3("%s: sending result %d", __func__, authenticated);
 	debug3_f("sending result %d", authenticated);
 	mm_request_send(sock, MONITOR_ANS_AUTHPASSWORD, m);
 
@@ -1098,7 +1097,7 @@ int
 mm_answer_pam_start(struct ssh *ssh, int sock, struct sshbuf *m)
 {
 	if (!options.use_pam)
-		fatal("UsePAM not set, but ended up in %s anyway", __func__);
+		fatal_f("UsePAM not set, but ended up in %s anyway", __func__);
 
 	start_pam(ssh);
 
@@ -1116,13 +1115,13 @@ mm_answer_pam_account(struct ssh *ssh, int sock, struct sshbuf *m)
 	int r;
 
 	if (!options.use_pam)
-		fatal("%s: PAM not enabled", __func__);
+		fatal_f("PAM not enabled");
 
 	ret = do_pam_account();
 
 	if ((r = sshbuf_put_u32(m, ret)) != 0 ||
 	    (r = sshbuf_put_stringb(m, loginmsg)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "buffer error");
 
 	mm_request_send(sock, MONITOR_ANS_PAM_ACCOUNT, m);
 
@@ -1138,11 +1137,11 @@ mm_answer_pam_init_ctx(struct ssh *ssh, int sock, struct sshbuf *m)
 	u_int ok = 0;
 	int r;
 
-	debug3("%s", __func__);
+	debug3_f("entering");
 	if (!options.kbd_interactive_authentication)
-		fatal("%s: kbd-int authentication not enabled", __func__);
+		fatal_f("kbd-int authentication not enabled");
 	if (sshpam_ctxt != NULL)
-		fatal("%s: already called", __func__);
+		fatal_f("already called");
 	sshpam_ctxt = (sshpam_device.init_ctx)(authctxt);
 	sshpam_authok = NULL;
 	sshbuf_reset(m);
@@ -1152,7 +1151,7 @@ mm_answer_pam_init_ctx(struct ssh *ssh, int sock, struct sshbuf *m)
 		ok = 1;
 	}
 	if ((r = sshbuf_put_u32(m, ok)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "buffer error");
 	mm_request_send(sock, MONITOR_ANS_PAM_INIT_CTX, m);
 	return (0);
 }
@@ -1164,10 +1163,10 @@ mm_answer_pam_query(struct ssh *ssh, int sock, struct sshbuf *m)
 	u_int i, num = 0, *echo_on = 0;
 	int r, ret;
 
-	debug3("%s", __func__);
+	debug3_f("entering");
 	sshpam_authok = NULL;
 	if (sshpam_ctxt == NULL)
-		fatal("%s: no context", __func__);
+		fatal_f("no context");
 	ret = (sshpam_device.query)(sshpam_ctxt, &name, &info,
 	    &num, &prompts, &echo_on);
 	if (ret == 0 && num == 0)
@@ -1181,13 +1180,13 @@ mm_answer_pam_query(struct ssh *ssh, int sock, struct sshbuf *m)
 	    (r = sshbuf_put_cstring(m, info)) != 0 ||
 	    (r = sshbuf_put_u32(m, sshpam_get_maxtries_reached())) != 0 ||
 	    (r = sshbuf_put_u32(m, num)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "buffer error");
 	free(name);
 	free(info);
 	for (i = 0; i < num; ++i) {
 		if ((r = sshbuf_put_cstring(m, prompts[i])) != 0 ||
 		    (r = sshbuf_put_u32(m, echo_on[i])) != 0)
-			fatal("%s: buffer error: %s", __func__, ssh_err(r));
+			fatal_fr(r, "buffer error");
 		free(prompts[i]);
 	}
 	free(prompts);
@@ -1205,12 +1204,12 @@ mm_answer_pam_respond(struct ssh *ssh, int sock, struct sshbuf *m)
 	u_int i, num;
 	int r, ret;
 
-	debug3("%s", __func__);
+	debug3_f("entering");
 	if (sshpam_ctxt == NULL)
-		fatal("%s: no context", __func__);
+		fatal_f("no context");
 	sshpam_authok = NULL;
 	if ((r = sshbuf_get_u32(m, &num)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "buffer error");
 	if (num > PAM_MAX_NUM_MSG) {
 		fatal_f("Too many PAM messages, got %u, expected <= %u",
 		    num, (unsigned)PAM_MAX_NUM_MSG);
@@ -1231,7 +1230,7 @@ mm_answer_pam_respond(struct ssh *ssh, int sock, struct sshbuf *m)
 	}
 	sshbuf_reset(m);
 	if ((r = sshbuf_put_u32(m, ret)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "buffer error");
 	mm_request_send(sock, MONITOR_ANS_PAM_RESPOND, m);
 	auth_method = "keyboard-interactive";
 	auth_submethod = "pam";
@@ -1245,9 +1244,9 @@ mm_answer_pam_free_ctx(struct ssh *ssh, int sock, struct sshbuf *m)
 {
 	int r = sshpam_authok != NULL && sshpam_authok == sshpam_ctxt;
 
-	debug3("%s", __func__);
+	debug3_f("entering");
 	if (sshpam_ctxt == NULL)
-		fatal("%s: no context", __func__);
+		fatal_f("no context");
 	(sshpam_device.free_ctx)(sshpam_ctxt);
 	sshpam_ctxt = sshpam_authok = NULL;
 	sshbuf_reset(m);
@@ -1778,10 +1777,10 @@ mm_answer_audit_event(struct ssh *ssh, int socket, struct sshbuf *m)
 	ssh_audit_event_t event;
 	int r;
 
-	debug3("%s entering", __func__);
+	debug3_f("entering");
 
 	if ((r = sshbuf_get_u32(m, &n)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "buffer error");
 	event = (ssh_audit_event_t)n;
 	switch (event) {
 	case SSH_AUTH_FAIL_PUBKEY:
@@ -1806,9 +1805,9 @@ mm_answer_audit_command(struct ssh *ssh, int socket, struct sshbuf *m)
 	char *cmd;
 	int r;
 
-	debug3("%s entering", __func__);
+	debug3_f("entering");
 	if ((r = sshbuf_get_cstring(m, &cmd, NULL)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "buffer error");
 	/* sanity check command, if so how? */
 	audit_run_command(cmd);
 	free(cmd);
diff --git a/monitor_fdpass.c b/monitor_fdpass.c
index a07727a8e..d7bf38979 100644
--- a/monitor_fdpass.c
+++ b/monitor_fdpass.c
@@ -103,7 +103,7 @@ mm_send_fd(int sock, int fd)
 	}
 	return 0;
 #else
-	error("%s: file descriptor passing not supported", __func__);
+	error_f("file descriptor passing not supported");
 	return -1;
 #endif
 }
diff --git a/monitor_wrap.c b/monitor_wrap.c
index fea576213..f9e0ba8f1 100644
--- a/monitor_wrap.c
+++ b/monitor_wrap.c
@@ -692,11 +692,11 @@ mm_start_pam(struct ssh *ssh)
 {
 	struct sshbuf *m;
 
-	debug3("%s entering", __func__);
+	debug3_f("entering");
 	if (!options.use_pam)
-		fatal("UsePAM=no, but ended up in %s anyway", __func__);
+		fatal_f("UsePAM=no, but ended up in %s anyway", __func__);
 	if ((m = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new failed", __func__);
+		fatal_f("sshbuf_new failed");
 	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_START, m);
 
 	sshbuf_free(m);
@@ -711,12 +711,12 @@ mm_do_pam_account(void)
 	size_t msglen;
 	int r;
 
-	debug3("%s entering", __func__);
+	debug3_f("entering");
 	if (!options.use_pam)
-		fatal("UsePAM=no, but ended up in %s anyway", __func__);
+		fatal_f("UsePAM=no, but ended up in %s anyway", __func__);
 
 	if ((m = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new failed", __func__);
+		fatal_f("sshbuf_new failed");
 	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_ACCOUNT, m);
 
 	mm_request_receive_expect(pmonitor->m_recvfd,
@@ -724,12 +724,12 @@ mm_do_pam_account(void)
 	if ((r = sshbuf_get_u32(m, &ret)) != 0 ||
 	    (r = sshbuf_get_cstring(m, &msg, &msglen)) != 0 ||
 	    (r = sshbuf_put(loginmsg, msg, msglen)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "buffer error");
 
 	free(msg);
 	sshbuf_free(m);
 
-	debug3("%s returning %d", __func__, ret);
+	debug3_f("returning %d", ret);
 
 	return (ret);
 }
@@ -740,17 +740,17 @@ mm_sshpam_init_ctx(Authctxt *authctxt)
 	struct sshbuf *m;
 	int r, success;
 
-	debug3("%s", __func__);
+	debug3_f("entering");
 	if ((m = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new failed", __func__);
+		fatal_f("sshbuf_new failed");
 	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_INIT_CTX, m);
-	debug3("%s: waiting for MONITOR_ANS_PAM_INIT_CTX", __func__);
+	debug3_f("waiting for MONITOR_ANS_PAM_INIT_CTX");
 	mm_request_receive_expect(pmonitor->m_recvfd,
 	    MONITOR_ANS_PAM_INIT_CTX, m);
 	if ((r = sshbuf_get_u32(m, &success)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "buffer error");
 	if (success == 0) {
-		debug3("%s: pam_init_ctx failed", __func__);
+		debug3_f("pam_init_ctx failed");
 		sshbuf_free(m);
 		return (NULL);
 	}
@@ -766,19 +766,19 @@ mm_sshpam_query(void *ctx, char **name, char **info,
 	u_int i, n;
 	int r, ret;
 
-	debug3("%s", __func__);
+	debug3_f("entering");
 	if ((m = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new failed", __func__);
+		fatal_f("sshbuf_new failed");
 	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_QUERY, m);
-	debug3("%s: waiting for MONITOR_ANS_PAM_QUERY", __func__);
+	debug3_f("waiting for MONITOR_ANS_PAM_QUERY");
 	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_QUERY, m);
 	if ((r = sshbuf_get_u32(m, &ret)) != 0 ||
 	    (r = sshbuf_get_cstring(m, name, NULL)) != 0 ||
 	    (r = sshbuf_get_cstring(m, info, NULL)) != 0 ||
 	    (r = sshbuf_get_u32(m, &n)) != 0 ||
 	    (r = sshbuf_get_u32(m, num)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
-	debug3("%s: pam_query returned %d", __func__, ret);
+		fatal_fr(r, "buffer error");
+	debug3_f("pam_query returned %d", ret);
 	sshpam_set_maxtries_reached(n);
 	if (*num > PAM_MAX_NUM_MSG)
 		fatal("%s: received %u PAM messages, expected <= %u",
@@ -788,7 +788,7 @@ mm_sshpam_query(void *ctx, char **name, char **info,
 	for (i = 0; i < *num; ++i) {
 		if ((r = sshbuf_get_cstring(m, &((*prompts)[i]), NULL)) != 0 ||
 		    (r = sshbuf_get_u32(m, &((*echo_on)[i]))) != 0)
-			fatal("%s: buffer error: %s", __func__, ssh_err(r));
+			fatal_fr(r, "buffer error");
 	}
 	sshbuf_free(m);
 	return (ret);
@@ -801,23 +801,23 @@ mm_sshpam_respond(void *ctx, u_int num, char **resp)
 	u_int n, i;
 	int r, ret;
 
-	debug3("%s", __func__);
+	debug3_f("entering");
 	if ((m = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new failed", __func__);
+		fatal_f("sshbuf_new failed");
 	if ((r = sshbuf_put_u32(m, num)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "buffer error");
 	for (i = 0; i < num; ++i) {
 		if ((r = sshbuf_put_cstring(m, resp[i])) != 0)
-			fatal("%s: buffer error: %s", __func__, ssh_err(r));
+			fatal_fr(r, "buffer error");
 	}
 	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_RESPOND, m);
-	debug3("%s: waiting for MONITOR_ANS_PAM_RESPOND", __func__);
+	debug3_f("waiting for MONITOR_ANS_PAM_RESPOND");
 	mm_request_receive_expect(pmonitor->m_recvfd,
 	    MONITOR_ANS_PAM_RESPOND, m);
 	if ((r = sshbuf_get_u32(m, &n)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "buffer error");
 	ret = (int)n; /* XXX */
-	debug3("%s: pam_respond returned %d", __func__, ret);
+	debug3_f("pam_respond returned %d", ret);
 	sshbuf_free(m);
 	return (ret);
 }
@@ -827,11 +827,11 @@ mm_sshpam_free_ctx(void *ctxtp)
 {
 	struct sshbuf *m;
 
-	debug3("%s", __func__);
+	debug3_f("entering");
 	if ((m = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new failed", __func__);
+		fatal_f("sshbuf_new failed");
 	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_FREE_CTX, m);
-	debug3("%s: waiting for MONITOR_ANS_PAM_FREE_CTX", __func__);
+	debug3_f("waiting for MONITOR_ANS_PAM_FREE_CTX");
 	mm_request_receive_expect(pmonitor->m_recvfd,
 	    MONITOR_ANS_PAM_FREE_CTX, m);
 	sshbuf_free(m);
@@ -1000,12 +1000,12 @@ mm_audit_event(struct ssh *ssh, ssh_audit_event_t event)
 	struct sshbuf *m;
 	int r;
 
-	debug3("%s entering", __func__);
+	debug3_f("entering");
 
 	if ((m = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new failed", __func__);
+		fatal_f("sshbuf_new failed");
 	if ((r = sshbuf_put_u32(m, event)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "buffer error");
 
 	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_EVENT, m);
 	sshbuf_free(m);
@@ -1017,12 +1017,12 @@ mm_audit_run_command(const char *command)
 	struct sshbuf *m;
 	int r;
 
-	debug3("%s entering command %s", __func__, command);
+	debug3_f("entering command %s", command);
 
 	if ((m = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new failed", __func__);
+		fatal_f("sshbuf_new failed");
 	if ((r = sshbuf_put_cstring(m, command)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "buffer error");
 
 	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_COMMAND, m);
 	sshbuf_free(m);
diff --git a/sandbox-capsicum.c b/sandbox-capsicum.c
index 9c329aa2e..ec07a7da9 100644
--- a/sandbox-capsicum.c
+++ b/sandbox-capsicum.c
@@ -54,7 +54,7 @@ ssh_sandbox_init(struct monitor *monitor)
 {
 	struct ssh_sandbox *box;
 
-	debug3("%s: preparing capsicum sandbox", __func__);
+	debug3_f("preparing capsicum sandbox");
 	box = xcalloc(1, sizeof(*box));
 	box->m_recvfd = monitor->m_recvfd;
 	box->m_log_sendfd = monitor->m_log_sendfd;
@@ -97,13 +97,13 @@ ssh_sandbox_child(struct ssh_sandbox *box)
 	cap_rights_init(&rights, CAP_READ, CAP_WRITE);
 	if (cap_rights_limit(box->m_recvfd, &rights) < 0 &&
 	    errno != ENOSYS)
-		fatal("%s: failed to limit the network socket", __func__);
+		fatal_f("failed to limit the network socket");
 	cap_rights_init(&rights, CAP_WRITE);
 	if (cap_rights_limit(box->m_log_sendfd, &rights) < 0 &&
 	    errno != ENOSYS)
-		fatal("%s: failed to limit the logging socket", __func__);
+		fatal_f("failed to limit the logging socket");
 	if (cap_enter() < 0 && errno != ENOSYS)
-		fatal("%s: failed to enter capability mode", __func__);
+		fatal_f("failed to enter capability mode");
 
 }
 
diff --git a/sandbox-darwin.c b/sandbox-darwin.c
index 08f4315b0..98a339e58 100644
--- a/sandbox-darwin.c
+++ b/sandbox-darwin.c
@@ -49,7 +49,7 @@ ssh_sandbox_init(struct monitor *monitor)
 	 * Strictly, we don't need to maintain any state here but we need
 	 * to return non-NULL to satisfy the API.
 	 */
-	debug3("%s: preparing Darwin sandbox", __func__);
+	debug3_f("preparing Darwin sandbox");
 	box = xcalloc(1, sizeof(*box));
 	return box;
 }
@@ -60,10 +60,10 @@ ssh_sandbox_child(struct ssh_sandbox *box)
 	char *errmsg;
 	struct rlimit rl_zero;
 
-	debug3("%s: starting Darwin sandbox", __func__);
+	debug3_f("starting Darwin sandbox");
 	if (sandbox_init(kSBXProfilePureComputation, SANDBOX_NAMED,
 	    &errmsg) == -1)
-		fatal("%s: sandbox_init: %s", __func__, errmsg);
+		fatal_f("sandbox_init: %s", errmsg);
 
 	/*
 	 * The kSBXProfilePureComputation still allows sockets, so
diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
index a8f34a76c..a0692dd2f 100644
--- a/sandbox-seccomp-filter.c
+++ b/sandbox-seccomp-filter.c
@@ -486,7 +486,7 @@ ssh_sandbox_init(struct monitor *monitor)
 	 * Strictly, we don't need to maintain any state here but we need
 	 * to return non-NULL to satisfy the API.
 	 */
-	debug3("%s: preparing seccomp filter sandbox", __func__);
+	debug3_f("preparing seccomp filter sandbox");
 	box = xcalloc(1, sizeof(*box));
 	return box;
 }
@@ -513,7 +513,7 @@ ssh_sandbox_child_debugging(void)
 	struct sigaction act;
 	sigset_t mask;
 
-	debug3("%s: installing SIGSYS handler", __func__);
+	debug3_f("installing SIGSYS handler");
 	memset(&act, 0, sizeof(act));
 	sigemptyset(&mask);
 	sigaddset(&mask, SIGSYS);
@@ -521,7 +521,7 @@ ssh_sandbox_child_debugging(void)
 	act.sa_sigaction = &ssh_sandbox_violation;
 	act.sa_flags = SA_SIGINFO;
 	if (sigaction(SIGSYS, &act, NULL) == -1)
-		fatal("%s: sigaction(SIGSYS): %s", __func__, strerror(errno));
+		fatal_f("sigaction(SIGSYS): %s", strerror(errno));
 	if (sigprocmask(SIG_UNBLOCK, &mask, NULL) == -1)
 		fatal("%s: sigprocmask(SIGSYS): %s",
 		    __func__, strerror(errno));
@@ -554,13 +554,13 @@ ssh_sandbox_child(struct ssh_sandbox *box)
 	ssh_sandbox_child_debugging();
 #endif /* SANDBOX_SECCOMP_FILTER_DEBUG */
 
-	debug3("%s: setting PR_SET_NO_NEW_PRIVS", __func__);
+	debug3_f("setting PR_SET_NO_NEW_PRIVS");
 	if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) == -1) {
 		debug("%s: prctl(PR_SET_NO_NEW_PRIVS): %s",
 		    __func__, strerror(errno));
 		nnp_failed = 1;
 	}
-	debug3("%s: attaching seccomp filter program", __func__);
+	debug3_f("attaching seccomp filter program");
 	if (prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &preauth_program) == -1)
 		debug("%s: prctl(PR_SET_SECCOMP): %s",
 		    __func__, strerror(errno));
diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c
index 5b0ce304e..b2d3cbd80 100644
--- a/ssh-pkcs11.c
+++ b/ssh-pkcs11.c
@@ -2291,7 +2291,7 @@ out:
 int
 pkcs11_init(int interactive)
 {
-	error("%s: dlopen() not supported", __func__);
+	error_f("dlopen() not supported");
 	return (-1);
 }
 
@@ -2299,13 +2299,13 @@ int
 pkcs11_add_provider(char *provider_id, char *pin, struct sshkey ***keyp,
     char ***labelsp)
 {
-	error("%s: dlopen() not supported", __func__);
+	error_f("dlopen() not supported");
 	return (-1);
 }
 
 void
 pkcs11_terminate(void)
 {
-	error("%s: dlopen() not supported", __func__);
+	error_f("dlopen() not supported");
 }
 #endif /* ENABLE_PKCS11 */
diff --git a/sshd-session.c b/sshd-session.c
index 5c0075630..6fc4aa086 100644
--- a/sshd-session.c
+++ b/sshd-session.c
@@ -290,7 +290,7 @@ reseed_prngs(void)
 	RAND_seed(rnd, sizeof(rnd));
 	/* give libcrypto a chance to notice the PID change */
 	if ((RAND_bytes((u_char *)rnd, 1)) != 1)
-		fatal("%s: RAND_bytes failed", __func__);
+		fatal_f("RAND_bytes failed");
 #endif
 
 	explicit_bzero(rnd, sizeof(rnd));
diff --git a/sshd.c b/sshd.c
index f77a4a2ec..86c27c44c 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1233,7 +1233,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s,
 #ifdef WITH_OPENSSL
 			RAND_seed(rnd, sizeof(rnd));
 			if ((RAND_bytes((u_char *)rnd, 1)) != 1)
-				fatal("%s: RAND_bytes failed", __func__);
+				fatal_f("RAND_bytes failed");
 #endif
 			explicit_bzero(rnd, sizeof(rnd));
 		}
diff --git a/sshlogin.c b/sshlogin.c
index 06a7b381a..fb55cadd6 100644
--- a/sshlogin.c
+++ b/sshlogin.c
@@ -106,7 +106,7 @@ store_lastlog_message(const char *user, uid_t uid)
 	if (time_string != NULL) {
 		if ((r = sshbuf_put(loginmsg,
 		    time_string, strlen(time_string))) != 0)
-			fatal("%s: buffer error: %s", __func__, ssh_err(r));
+			fatal_fr(r, "buffer error");
 		free(time_string);
 	}
 # else
diff --git a/sshpty.c b/sshpty.c
index cae0b977a..4867e7f5e 100644
--- a/sshpty.c
+++ b/sshpty.c
@@ -173,7 +173,7 @@ pty_setowner(struct passwd *pw, const char *tty)
 	/* Determine the group to make the owner of the tty. */
 	grp = getgrnam("tty");
 	if (grp == NULL)
-		debug("%s: no tty group", __func__);
+		debug_f("no tty group");
 	gid = (grp != NULL) ? grp->gr_gid : pw->pw_gid;
 	mode = (grp != NULL) ? 0620 : 0600;
 
diff --git a/uidswap.c b/uidswap.c
index 6ed3024d0..793688eb5 100644
--- a/uidswap.c
+++ b/uidswap.c
@@ -163,9 +163,9 @@ restore_uid(void)
 	 * as well.
 	 */
 	if (setuid(getuid()) == -1)
-		fatal("%s: setuid failed: %s", __func__, strerror(errno));
+		fatal_f("setuid failed: %s", strerror(errno));
 	if (setgid(getgid()) == -1)
-		fatal("%s: setgid failed: %s", __func__, strerror(errno));
+		fatal_f("setgid failed: %s", strerror(errno));
 #endif /* SAVED_IDS_WORK_WITH_SETEUID */
 
 	if (setgroups(saved_egroupslen, saved_egroups) == -1)
@@ -212,7 +212,7 @@ permanently_set_uid(struct passwd *pw)
 	/* Try restoration of GID if changed (test clearing of saved gid) */
 	if (old_gid != pw->pw_gid && pw->pw_uid != 0 &&
 	    (setgid(old_gid) != -1 || setegid(old_gid) != -1))
-		fatal("%s: was able to restore old [e]gid", __func__);
+		fatal_f("was able to restore old [e]gid");
 #endif
 
 	/* Verify GID drop was successful */
@@ -226,7 +226,7 @@ permanently_set_uid(struct passwd *pw)
 	/* Try restoration of UID if changed (test clearing of saved uid) */
 	if (old_uid != pw->pw_uid &&
 	    (setuid(old_uid) != -1 || seteuid(old_uid) != -1))
-		fatal("%s: was able to restore old [e]uid", __func__);
+		fatal_f("was able to restore old [e]uid");
 #endif
 
 	/* Verify UID drop was successful */