Version-Release number of selected component (if applicable): openssh-5.6p1-20.fc15 How reproducible: 100% Steps to Reproduce: 1. mock -v -r fedora-devel-x86_64 --init 2. mock -v -r fedora-devel-x86_64 --install openssh-server 3. mock -v -r fedora-devel-x86_64 --install openssh-clients 4. chroot /var/lib/mock/fedora-rawhide-x86_64/root 5. su - mockbuild 6. run the attached script Actual results: debug1: kex: client->server aes128-ctr hmac-md5 none debug3: mm_request_send entering: type 76 debug3: mm_request_receive_expect entering: type 77 debug3: mm_request_receive entering debug3: monitor_read: checking request 76 cannot write into audit debug1: do_cleanup debug1: audit_event: unhandled event 12 debug1: do_cleanup Read from socket failed: Connection reset by peer Expected results: client connects Additional info: will follow
Created attachment 467540 [details] a reproducer
This helps to work around the breakage: $ printf "int audit_log_acct_message() { return 0; }\n" \ | gcc -xc - -fPIC -shared -o bz661394.so $ export LD_PRELOAD=`readlink -f bz661394.so`
Here is caught what happens in libaudit: Breakpoint 3, check_ack (fd=4, seq=1) at netlink.c:253 253 { (gdb) bt #0 check_ack (fd=4, seq=1) at netlink.c:285 #1 audit_send (fd=4, type=2407, data=0x7fffdfb046b0, size=183) at netlink.c:236 #2 audit_send_user_message (fd=4, type=2407, hide_error=REAL_ERR, message=0x7fffdfb046b0 "op=start direction=from-client cipher=aes128-ctr, ksize=128 rport=44557 laddr=127.0.0.1 lport=8999 id=4294967295 exe=\"/usr/sbin/sshd\" hostname=? addr=127.0.0.1 terminal=? res=success") at deprecated.c:47 #3 audit_log_acct_message (audit_fd=4, type=2407, pgname=0x7fffdfb069c0 "\"/usr/sbin/sshd\"", op=0x7fffdfb08ac0 "start direction=from-client cipher=aes128-ctr, ksize=128 rport=44557 laddr=127.0.0.1 lport=8999", name=0x0, id=4294967295, host=0x0, addr=0x7faaaf6d9df0 "127.0.0.1", tty=0x0, result=1) at audit_logging.c:440 #4 audit_kex_body (...) at audit-linux.c:195 #5 kex_choose_conf (...) at kex.c:449 #6 kex_kexinit_finish (...) at kex.c:252 #7 kex_input_kexinit (...) at kex.c:226 #8 dispatch_run (mode=0, done=0x7faaaf6d81d0, ctxt=0x7faaaf6d8160) at dispatch.c:98 #9 do_ssh2_kex (ac=<value optimized out>, av=<value optimized out>) at sshd.c:2457 #10 main (ac=<value optimized out>, av=<value optimized out>) at sshd.c:2041 (gdb) next 254 int rc, retries = 80; (gdb) 259 pfd[0].fd = fd; (gdb) 260 pfd[0].events = POLLIN; (gdb) 262 rc = poll(pfd, 1, 500); /* .5 second */ (gdb) 263 } while (rc < 0 && errno == EINTR); (gdb) 269 rc = audit_get_reply(fd, &rep, GET_REPLY_NONBLOCKING, MSG_PEEK); (gdb) 270 if (rc == -EAGAIN && retries) { (gdb) 273 } else if (rc < 0) (gdb) 275 else if (rc == 0) (gdb) 277 else if (rc > 0 && rep.type == NLMSG_ERROR) { (gdb) 280 (void)audit_get_reply(fd, &rep2, GET_REPLY_NONBLOCKING, 0); (gdb) 283 if (rep.error->error) { (gdb) 284 errno = -rep.error->error; (gdb) 285 return rep.error->error; (gdb) print *rep.error $3 = { error = -1, msg = { nlmsg_len = 200, nlmsg_type = 2407, nlmsg_flags = 5, nlmsg_seq = 1, nlmsg_pid = 0 } }
What is the version of audit and openssh used?
audit-libs-2.0.5-1.fc15 openssh-server-5.6p1-20.fc15
Have you run auditd at that time? Have you audit package installed also?
I tried the following and it made no difference: # yum install audit # service auditd start Did you try to follow my steps to reproduce? It's pretty straightforward. Note it does not happen if you run the script as root. You need to be mockbuild.
Do you Does the auditd start?
*** This bug has been marked as a duplicate of bug 661666 ***