Bug 1406666
Summary: | [x86_64] sshd dies with SIGSYS | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Shawn Starr <shawn.starr> | ||||||||
Component: | openssh | Assignee: | Jakub Jelen <jjelen> | ||||||||
Status: | CLOSED CURRENTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||||||
Severity: | unspecified | Docs Contact: | |||||||||
Priority: | unspecified | ||||||||||
Version: | 26 | CC: | extras-qa, jjelen, mattias.ellert, mgrepl, mjuszkie, pbrobinson, plautrba, rjones, tmraz | ||||||||
Target Milestone: | --- | Keywords: | Reopened | ||||||||
Target Release: | --- | ||||||||||
Hardware: | x86_64 | ||||||||||
OS: | Linux | ||||||||||
Whiteboard: | |||||||||||
Fixed In Version: | Doc Type: | If docs needed, set a value | |||||||||
Doc Text: | Story Points: | --- | |||||||||
Clone Of: | 1197051 | Environment: | |||||||||
Last Closed: | 2017-04-28 12:48:49 UTC | Type: | Bug | ||||||||
Regression: | --- | Mount Type: | --- | ||||||||
Documentation: | --- | CRM: | |||||||||
Verified Versions: | Category: | --- | |||||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||||
Embargoed: | |||||||||||
Bug Depends On: | 1197051, 1398370 | ||||||||||
Bug Blocks: | |||||||||||
Attachments: |
|
Description
Shawn Starr
2016-12-21 07:46:46 UTC
Created attachment 1234254 [details]
audit logs from sshd failing sig 31
Both kernels tested: kernel-4.8.6-300.fc25.x86_64 kernel-4.10.0-0.rc0.git4.1.fc26.x86_64 In Fedora 25 in: /etc/crypto-policies/back-ends I do not have openssh.config symlinked to /usr/share/crypto-policies/DEFAULT/openssh.txt Rawhide: crypto-policies-20161111-1.gita2363ce.fc26.noarch Fedora 25 does not have openssh.config packaged crypto-policies-20160921-2.git75b9b04.fc25.noarch *** Bug 1406665 has been marked as a duplicate of this bug. *** Works for me with openssh-7.3p1-7.fc26.x86_64 glibc-2.24.90-24.fc26.x86_64 kernel-4.10.0-0.rc0.git2.2.fc26.x86_64 Please attach a relevant part of /var/log/secure from the server with LogLevel at least DEBUG. Created attachment 1234260 [details]
sshd with LogLevel DEBUG output from /var/log/secure from sshd run
SELinux is disabled in both Fedora 25 and the Rawhide servers, I've also disabled audit in kernel for now but can turn it back on.
(In reply to Shawn Starr from comment #1) > Created attachment 1234254 [details] > audit logs from sshd failing sig 31 type=SECCOMP msg=audit(1482303545.271:344): auid=4294967295 uid=74 gid=74 ses=4294967295 pid=4564 comm="sshd" exe="/usr/sbin/sshd" sig=31 arch=c000003e syscall=20 compat=0 ip=0x7f89e7135328 code=0x0 According to my syscalls table [1] this is writev() syscall. 1. https://fedora.juszkiewicz.com.pl/syscalls.html Whats also interesting is as known in bug #1398370 for Fedora 25, but I do not get SECCOMP triggering this signal kill. So, what is different in rawhide vs Fedora 25 where the bug above does not cause this to trip? Reproduced this with today/yesterday rawhide in same machine and in a KVM 64bit instance. I've attached my kickstart reproduction Created attachment 1234943 [details]
Kickstart file
If you disable the custom repos such as rpmfusion/google the problem remains. Some packages in the kickstart are missing/obsolete/custom and can be skipped to complete the installation. Fedora rawhide and 25 are the same in git now. The only significant difference is OpenSSL which is it build against (1.1.0 and 1.0.2 or so), which is using different code paths. But this is not related to this. I can reproduce the same when I install gssntlmssp package (trigger also for the bug #1389881 -- duplicate of your referenced bug #1398370). I don't think there is anything we can do about it in OpenSSH. We have workaround (disable GSSAPIAuthentication and GSSAPIKeyExchange in sshd_config; uninstall gssntlmssp), but it needs to get resolved in glibc. Thanks, this workaround will do until GNU libc is fixed up. Confirmed on Rawhide this PASSES, no error using: glibc-2.24.90-25.fc26.x86_64 This is now resolved in rawhide. This bug appears to have been reported against 'rawhide' during the Fedora 26 development cycle. Changing version to '26'. |