The chdir in session.c around line 1736 appears to be performed while sshd is running as the root user. This fails on systems where root does not have access to the users home directory. Examples are NFS mounted directories where the client machine does not have root trust (root user is mapped to nobody etc). I think sshd should either change uid to the target user before this segment of code is executed and maintain euid root or vice versa. I will experiment with a fix myself.
More info: This seems to occur only if use_login is set. If not, the uid has already been set to the target user and all works as expected. One fix is if running as root, set the effective uid of the process to the target user before the call to chdir and reset euid to root after the rc files have been read. A better fix is to avoid the while chdir and rc file stuff if use_login is set.
UseLogin was deprecated some time ago, the only remaining chdir() definitely happens after privileges are dropped. The calls occur in the same function: https://github.com/openssh/openssh-portable/blob/V_8_1_P1/session.c#L1546 https://github.com/openssh/openssh-portable/blob/V_8_1_P1/session.c#L1622
closing resolved bugs as of 8.6p1 release