Bug 1414812 - Setting log_format to NOLOG make auditd core dump - free(): invalid pointer
Summary: Setting log_format to NOLOG make auditd core dump - free(): invalid pointer
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: audit
Version: 7.3
Hardware: x86_64
OS: Linux
urgent
high
Target Milestone: rc
: ---
Assignee: Steve Grubb
QA Contact: Ondrej Moriš
URL: https://fedorahosted.org/audit/change...
Whiteboard:
Depends On:
Blocks: 1415726
TreeView+ depends on / blocked
 
Reported: 2017-01-19 14:18 UTC by Andrea Perotti
Modified: 2020-04-15 15:07 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 1415726 (view as bug list)
Environment:
Last Closed: 2017-08-01 20:53:38 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHEA-2017:2008 0 normal SHIPPED_LIVE audit bug fix update 2017-08-01 18:34:07 UTC

Description Andrea Perotti 2017-01-19 14:18:42 UTC 
Description of problem:

Setting log_format to NOLOG make auditd core dump

# auditd -n
*** Error in `auditd': free(): invalid pointer: 0x00007fc0713196a0 ***
======= Backtrace: =========
/lib64/libc.so.6(+0x7c503)[0x7fc06d835503]
auditd(+0x9bc0)[0x7fc06f46abc0]
auditd(+0x7067)[0x7fc06f468067]
auditd(+0x6137)[0x7fc06f467137]
/lib64/libc.so.6(__libc_start_main+0xf5)[0x7fc06d7dab35]
auditd(+0x6add)[0x7fc06f467add]
======= Memory map: ========
7fc064000000-7fc064021000 rw-p 00000000 00:00 0 
7fc064021000-7fc068000000 ---p 00000000 00:00 0 
7fc06baa0000-7fc06bab5000 r-xp 00000000 fd:01 17961098                   /usr/lib64/libgcc_s-4.8.5-20150702.so.1
7fc06bab5000-7fc06bcb4000 ---p 00015000 fd:01 17961098                   /usr/lib64/libgcc_s-4.8.5-20150702.so.1
7fc06bcb4000-7fc06bcb5000 r--p 00014000 fd:01 17961098                   /usr/lib64/libgcc_s-4.8.5-20150702.so.1
7fc06bcb5000-7fc06bcb6000 rw-p 00015000 fd:01 17961098                   /usr/lib64/libgcc_s-4.8.5-20150702.so.1
7fc06bcb6000-7fc06bcb7000 ---p 00000000 00:00 0 
7fc06bcb7000-7fc06c4b7000 rw-p 00000000 00:00 0                          [stack:3761]
7fc06c4b7000-7fc06c4c3000 r-xp 00000000 fd:01 16819780                   /usr/lib64/libnss_files-2.17.so
7fc06c4c3000-7fc06c6c2000 ---p 0000c000 fd:01 16819780                   /usr/lib64/libnss_files-2.17.so
7fc06c6c2000-7fc06c6c3000 r--p 0000b000 fd:01 16819780                   /usr/lib64/libnss_files-2.17.so
7fc06c6c3000-7fc06c6c4000 rw-p 0000c000 fd:01 16819780                   /usr/lib64/libnss_files-2.17.so
7fc06c6c4000-7fc06c6ca000 rw-p 00000000 00:00 0 
7fc06c6ca000-7fc06c72a000 r-xp 00000000 fd:01 16821024                   /usr/lib64/libpcre.so.1.2.0
7fc06c72a000-7fc06c929000 ---p 00060000 fd:01 16821024                   /usr/lib64/libpcre.so.1.2.0
7fc06c929000-7fc06c92a000 r--p 0005f000 fd:01 16821024                   /usr/lib64/libpcre.so.1.2.0
7fc06c92a000-7fc06c92b000 rw-p 00060000 fd:01 16821024                   /usr/lib64/libpcre.so.1.2.0
7fc06c92b000-7fc06c94f000 r-xp 00000000 fd:01 16819859                   /usr/lib64/libselinux.so.1
7fc06c94f000-7fc06cb4e000 ---p 00024000 fd:01 16819859                   /usr/lib64/libselinux.so.1
7fc06cb4e000-7fc06cb4f000 r--p 00023000 fd:01 16819859                   /usr/lib64/libselinux.so.1
7fc06cb4f000-7fc06cb50000 rw-p 00024000 fd:01 16819859                   /usr/lib64/libselinux.so.1
7fc06cb50000-7fc06cb52000 rw-p 00000000 00:00 0 
7fc06cb52000-7fc06cb68000 r-xp 00000000 fd:01 16819797                   /usr/lib64/libresolv-2.17.so
7fc06cb68000-7fc06cd68000 ---p 00016000 fd:01 16819797                   /usr/lib64/libresolv-2.17.so
7fc06cd68000-7fc06cd69000 r--p 00016000 fd:01 16819797                   /usr/lib64/libresolv-2.17.so
7fc06cd69000-7fc06cd6a000 rw-p 00017000 fd:01 16819797                   /usr/lib64/libresolv-2.17.so
7fc06cd6a000-7fc06cd6c000 rw-p 00000000 00:00 0 
7fc06cd6c000-7fc06cd6f000 r-xp 00000000 fd:01 16820840                   /usr/lib64/libkeyutils.so.1.5
7fc06cd6f000-7fc06cf6e000 ---p 00003000 fd:01 16820840                   /usr/lib64/libkeyutils.so.1.5
7fc06cf6e000-7fc06cf6f000 r--p 00002000 fd:01 16820840                   /usr/lib64/libkeyutils.so.1.5
7fc06cf6f000-7fc06cf70000 rw-p 00003000 fd:01 16820840                   /usr/lib64/libkeyutils.so.1.5
7fc06cf70000-7fc06cf72000 r-xp 00000000 fd:01 16819194                   /usr/lib64/libdl-2.17.so
7fc06cf72000-7fc06d172000 ---p 00002000 fd:01 16819194                   /usr/lib64/libdl-2.17.so
7fc06d172000-7fc06d173000 r--p 00002000 fd:01 16819194                   /usr/lib64/libdl-2.17.so
7fc06d173000-7fc06d174000 rw-p 00003000 fd:01 16819194                   /usr/lib64/libdl-2.17.so
7fc06d174000-7fc06d181000 r-xp 00000000 fd:01 16821016                   /usr/lib64/libkrb5support.so.0.1
7fc06d181000-7fc06d381000 ---p 0000d000 fd:01 16821016                   /usr/lib64/libkrb5support.so.0.1
7fc06d381000-7fc06d382000 r--p 0000d000 fd:01 16821016                   /usr/lib64/libkrb5support.so.0.1
7fc06d382000-7fc06d383000 rw-p 0000e000 fd:01 16821016                   /usr/lib64/libkrb5support.so.0.1
7fc06d383000-7fc06d386000 r-xp 00000000 fd:01 16819961                   /usr/lib64/libcom_err.so.2.1
7fc06d386000-7fc06d585000 ---p 00003000 fd:01 16819961                   /usr/lib64/libcom_err.so.2.1
7fc06d585000-7fc06d586000 r--p 00002000 fd:01 16819961                   /usr/lib64/libcom_err.so.2.1
7fc06d586000-7fc06d587000 rw-p 00003000 fd:01 16819961                   /usr/lib64/libcom_err.so.2.1
7fc06d587000-7fc06d5b6000 r-xp 00000000 fd:01 16820686                   /usr/lib64/libk5crypto.so.3.1
7fc06d5b6000-7fc06d7b5000 ---p 0002f000 fd:01 16820686                   /usr/lib64/libk5crypto.so.3.1
7fc06d7b5000-7fc06d7b7000 r--p 0002e000 fd:01 16820686                   /usr/lib64/libk5crypto.so.3.1
7fc06d7b7000-7fc06d7b8000 rw-p 00030000 fd:01 16820686                   /usr/lib64/libk5crypto.so.3.1
7fc06d7b8000-7fc06d7b9000 rw-p 00000000 00:00 0 
7fc06d7b9000-7fc06d96f000 r-xp 00000000 fd:01 16819188                   /usr/lib64/libc-2.17.so
7fc06d96f000-7fc06db6f000 ---p 001b6000 fd:01 16819188                   /usr/lib64/libc-2.17.so
7fc06db6f000-7fc06db73000 r--p 001b6000 fd:01 16819188                   /usr/lib64/libc-2.17.so
7fc06db73000-7fc06db75000 rw-p 001ba000 fd:01 16819188                   /usr/lib64/libc-2.17.so
7fc06db75000-7fc06db7a000 rw-p 00000000 00:00 0 
7fc06db7a000-7fc06dc50000 r-xp 00000000 fd:01 16820703                   /usr/lib64/libkrb5.so.3.3
7fc06dc50000-7fc06de50000 ---p 000d6000 fd:01 16820703                   /usr/lib64/libkrb5.so.3.3
7fc06de50000-7fc06de5e000 r--p 000d6000 fd:01 16820703                   /usr/lib64/libkrb5.so.3.3
7fc06de5e000-7fc06de61000 rw-p 000e4000 fd:01 16820703                   /usr/lib64/libkrb5.so.3.3
7fc06de61000-7fc06deac000 r-xp 00000000 fd:01 16820682                   /usr/lib64/libgssapi_krb5.so.2.2
7fc06deac000-7fc06e0ac000 ---p 0004b000 fd:01 16820682                   /usr/lib64/libgssapi_krb5.so.2.2
7fc06e0ac000-7fc06e0ad000 r--p 0004b000 fd:01 16820682                   /usr/lib64/libgssapi_krb5.so.2.2
7fc06e0ad000-7fc06e0af000 rw-p 0004c000 fd:01 16820682                   /usr/lib64/libgssapi_krb5.so.2.2
7fc06e0af000-7fc06e1af000 r-xp 00000000 fd:01 16819197                   /usr/lib64/libm-2.17.so
7fc06e1af000-7fc06e3af000 ---p 00100000 fd:01 16819197                   /usr/lib64/libm-2.17.so
7fc06e3af000-7fc06e3b0000 r--p 00100000 fd:01 16819197                   /usr/lib64/libm-2.17.so
7fc06e3b0000-7fc06e3b1000 rw-p 00101000 fd:01 16819197                   /usr/lib64/libm-2.17.so
7fc06e3b1000-7fc06e3b8000 r-xp 00000000 fd:01 16819799                   /usr/lib64/librt-2.17.so
7fc06e3b8000-7fc06e5b7000 ---p 00007000 fd:01 16819799                   /usr/lib64/librt-2.17.soAborted (core dumped)

Version-Release number of selected component (if applicable):
audit-2.6.5-3.el7.x86_64

How reproducible:
Always

Steps to Reproduce:
1. kill auditd
2. set log_format = NOLOG in /etc/audit/auditd.conf
3. auditd -n

Actual results:
*** Error in `auditd': free(): invalid pointer: 0x00007fc0713196a0 ***

Expected results:
Just the warn about deprecated option.
Comment 1 Steve Grubb 2017-01-19 16:57:32 UTC 
This is probably the issue reported on linux-audit mail list and fixed in upstream commit 1421.
Comment 5 Steve Grubb 2017-01-20 16:10:38 UTC 
The file audit-2.6.7-segfault-fix.patch has been applied to the srpm.
Comment 8 Ondrej Moriš 2017-04-26 11:03:42 UTC 
Successfully reproduced and verified.

OLD (audit-2.6.5-3.el7)
=======================
# auditd -n &
[1] 2238
[0 root@qeos-114 write-logs]# *** Error in `auditd': free(): invalid pointer: 0x00007f6ad8ff78a0 ***
======= Backtrace: =========
/lib64/libc.so.6(+0x7c503)[0x7f6ad6420503]
auditd(+0x9bc0)[0x7f6ad8055bc0]
auditd(+0x7067)[0x7f6ad8053067]
auditd(+0x6137)[0x7f6ad8052137]
/lib64/libc.so.6(__libc_start_main+0xf5)[0x7f6ad63c5b35]
auditd(+0x6add)[0x7f6ad8052add]
======= Memory map: ========

NEW (audit-2.7.6-1.el7)
=======================
# auditd -n &
[1] 2206

See CR##15626918 and CR#15626924 for more details.
Comment 9 errata-xmlrpc 2017-08-01 20:53:38 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2017:2008
Note You need to log in before you can comment on or make changes to this bug.