Description of problem: Attempting to ssh to an armhfp system running rawhide(f34) fails: ssh root.122.82 Connection reset by 192.168.122.82 port 22 coredumpctl info PID: 10183 (sshd) UID: 74 (sshd) GID: 74 (sshd) Signal: 31 (SYS) Timestamp: Fri 2020-11-13 15:34:15 EST (27s ago) Command Line: sshd: [net] Executable: /usr/sbin/sshd Control Group: /system.slice/sshd.service Unit: sshd.service Slice: system.slice Boot ID: 8d2799bb69bc4036b9a98eb197a3da6d Machine ID: 9bcaadd8e8ba4302b29cfb084eb68089 Hostname: localhost.localdomain Storage: /var/lib/systemd/coredump/core.sshd.74.8d2799bb69bc4036b9a98eb1> Message: Process 10183 (sshd) of user 74 dumped core. Stack trace of thread 10183: #0 0x00000000b6995370 __GI___select64 (libc.so.6 + 0xda370) #1 0x00000000004e96e4 ssh_packet_read_seqnr (sshd + 0x596e4) #2 0x00000000004e97fc ssh_dispatch_run_fatal (sshd + 0x597fc) #3 0x000000000049dcbc do_ssh2_kex (sshd + 0xdcbc) #4 0x000000000049b454 main (sshd + 0xb454) #5 0x00000000b68d639c __libc_start_main (libc.so.6 + 0x1b39c) #6 0x000000000049baf0 .annobin_init.c_end.hot (sshd + 0xbaf0) Version-Release number of selected component (if applicable): openssh-8.4p1-2.fc34.armv7hl How reproducible: Everytime.
Created attachment 1729215 [details] sshd backtrace
Can you check audit for what syscall was used in your case on ARM which failed? Is it called now select64 or something else?
type=SECCOMP msg=audit(1605645779.332:638): auid=4294967295 uid=74 gid=74 ses=4294967295 subj=system_u:system_r:sshd_net_t:s0-s0:c0.c1023 pid=796 comm="sshd" exe="/usr/sbin/sshd" sig=31 arch=40000028 syscall=413 compat=0 ip=0xb68db370 code=0x0AUID="unset" UID="sshd" GID="sshd" ARCH=armeb SYSCALL=unknown-syscall(413) On arm 413 looks to be pselect6_time64
Thank you for report and checking the syscall. This is something new. The following patch should address the issue: diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c index e0768c06..5065ae7e 100644 --- a/sandbox-seccomp-filter.c +++ b/sandbox-seccomp-filter.c @@ -267,6 +267,9 @@ static const struct sock_filter preauth_insns[] = { #ifdef __NR_pselect6 SC_ALLOW(__NR_pselect6), #endif +#ifdef __NR_pselect6_time64 + SC_ALLOW(__NR_pselect6_time64), +#endif #ifdef __NR_read SC_ALLOW(__NR_read), #endif I submitted a scratch build with the patch above. Please, check if it will work for you. Then I can fix it in Fedora and report upstream. https://koji.fedoraproject.org/koji/taskinfo?taskID=55805956
(In reply to Jakub Jelen from comment #4) > I submitted a scratch build with the patch above. Please, check if it will > work for you. Then I can fix it in Fedora and report upstream. > > https://koji.fedoraproject.org/koji/taskinfo?taskID=55805956 Thanks! That works as expected.
FEDORA-2020-413ab3bca3 has been submitted as an update to Fedora 33. https://bodhi.fedoraproject.org/updates/FEDORA-2020-413ab3bca3
FEDORA-2020-413ab3bca3 has been pushed to the Fedora 33 testing repository. In short time you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2020-413ab3bca3` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-413ab3bca3 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2020-413ab3bca3 has been pushed to the Fedora 33 stable repository. If problem still persists, please make note of it in this bug report.