From: "Brown, Thomas" <thomas_brown@mentor.com>
To: <linux-audit@redhat.com>
Subject: BUG: segfault on systemctl auditd stop
Date: Wed, 11 Aug 2021 13:32:37 -0400 [thread overview]
Message-ID: <e09b40ec-26b3-f545-4a58-2c2d79beeea9@mentor.com> (raw)
[-- Attachment #1.1: Type: text/plain, Size: 3765 bytes --]
Hello,
The following auditd segfault occurs during shutdown but can be
reproduced using the service stop command...
service auditd stop 2root@aug-test:/# 2021 Aug 4 12:47:22 aug-test
Process 687 (auditd) of user 0 dumped core. 34Stack trace of thread 687:
5#0 0x00007f18bb1657e4 fclose (libc.so.6) 6#1 0x000055b88ab50ec0 n/a
(auditd) 7#2 0x000055b88ab4e421 n/a (auditd) 8#3 0x000055b88ab4d9a7 n/a
(auditd) 9#4 0x00007f18bb11a09b __libc_start_main (libc.so.6) 10#5
0x000055b88ab4df4a n/a (auditd)
Setting AUDIT_WRITE_LOGS to "yes" corrects this problem however we have
a requirement to disable these logs (i.e. AUDIT_WRITE_LOGS needs to be
set to "no")
After perusing the source I suspect that one of these unconditional
fclose()s is causing the problem...
git diff ./src/aureport.c
diff --git a/src/aureport.c b/src/aureport.c
index 22618f0..6359144 100644
--- a/src/aureport.c
+++ b/src/aureport.c
@@ -277,7 +277,8 @@ static int process_log_fd(const char *filename)
list_clear(entries);
free(entries);
} while (ret == 0);
- fclose(log_fd);
+ if (log_fd)
+ fclose(log_fd);
// This is the per file action items
very_last_event.sec = last_event.sec;
very_last_event.milli = last_event.milli;
git diff ./src/ausearch.c
diff --git a/src/ausearch.c b/src/ausearch.c
index 4a6bdae..df14df5 100644
--- a/src/ausearch.c
+++ b/src/ausearch.c
@@ -481,7 +481,8 @@ static int process_log_fd(void)
checkpt_failure |= CP_CORRUPTED;
list_clear(entries);
free(entries);
- fclose(log_fd);
+ if (log_fd)
+ fclose(log_fd);
return 10;
}
if (just_one) {
@@ -497,7 +498,8 @@ static int process_log_fd(void)
if (set_ChkPtLastEvent(&entries->e)) {
list_clear(entries);
free(entries);
- fclose(log_fd);
+ if (log_fd)
+ fclose(log_fd);
return 4; /* no memory */
}
}
@@ -505,7 +507,8 @@ static int process_log_fd(void)
list_clear(entries);
free(entries);
} while (ret == 0);
- fclose(log_fd);
+ if (log_fd)
+ fclose(log_fd);
return 0;
}
However I have not tested these changes. Even though this is a benign
problem I believe that it warrants a correction. Please open a ticket
and respond with the ticket id so that we can track this problem/solution.
--
Kind Regards,
Thomas Brown
Linux Developer
EPS PBU RT Solution Services
411 Leggett Drive
Suite 502
Kanata, ON, Canada
K2K 3C9
Tel: 613-963-1016
Fax: 613-599-1060
[-- Attachment #1.2: Type: text/html, Size: 19765 bytes --]
[-- Attachment #2: Type: text/plain, Size: 106 bytes --]
--
Linux-audit mailing list
Linux-audit@redhat.com
https://listman.redhat.com/mailman/listinfo/linux-audit
next reply other threads:[~2021-08-11 18:28 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-11 17:32 Brown, Thomas [this message]
2021-08-11 19:04 ` BUG: segfault on systemctl auditd stop Steve Grubb
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=e09b40ec-26b3-f545-4a58-2c2d79beeea9@mentor.com \
--to=thomas_brown@mentor.com \
--cc=linux-audit@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).