First Last Prev Next    This bug is not in your last search results.
Bug 435329 - [RHEL5.2] audit tests cause oom-kills
[RHEL5.2] audit tests cause oom-kills
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: audit (Show other bugs)
5.2
All Linux
high Severity high
: rc
: ---
Assigned To: Steve Grubb
Brian Brock
: Regression, TestBlocker
: 436810 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-02-28 13:55 EST by Don Zickus
Modified: 2008-05-21 10:32 EDT (History)
3 users (show)

See Also:
Fixed In Version: RHEA-2008-0358
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-05-21 10:32:50 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Don Zickus 2008-02-28 13:55:39 EST 
Description of problem:
running the standard audit tests against the beta kernels, we noticed oom-kills
that were not present in U1.

Running the tests manually, we can see audispd eats 100% of the cpu and 90% of
memory within seconds of kicking off the tests.

Sample console output.
http://rhts.redhat.com/cgi-bin/rhts/test_log.cgi?id=2046108
http://rhts.redhat.com/cgi-bin/rhts/test_log.cgi?id=2046150
http://rhts.redhat.com/cgi-bin/rhts/test_log.cgi?id=2046183

Version-Release number of selected component (if applicable):
RHEL5.2-Server-20080225.2 distro
kernel-2.6.18-83.el5
/kernel/security/audit/audit-test-2088 - audit tests

How reproducible:
very

Steps to Reproduce:
1.grab a RHEL-5 box with U2 installed and run the above audit testsuite
2.run top to notice the adverse cpu/memory conditions
3.check dmesg for the oom-kills after about 10 minutes
  
Actual results:
oom-kills (about 4)

Expected results:
no oom-kills

Additional info:
On the same machine with a U1 distro and the same kernel, we did _not_ see
oom-kills.  Upgrading to a U2 distro causes oom-kills
Comment 1 Steve Grubb 2008-03-03 15:59:22 EST 
OK, I think I found the memory leak. I think you hit this when the internal
queue for audispd is max'ed out. From then on you potentially leak memory.
Comment 7 Steve Grubb 2008-03-04 17:54:45 EST 
audit-1.6.5-3 was built to resolve this bug.
Comment 9 Eduard Benes 2008-03-05 10:35:59 EST 
Observed the oom-kills also in the failed results for these two audit test-
suites:
  /kernel/security/audit/audit-test-1195
  /kernel/security/audit/audit-test-1212

RHTS job:
  http://rhts.redhat.com/cgi-bin/rhts/jobs.cgi?id=16883
Comment 11 Steve Grubb 2008-03-14 11:01:32 EDT 
ok, I found the culprit. Audispd was not detecting end of file when auditd
exited, closing the comm pipe, and it was still reading stdin. Each read
allocates memory. audit-1.6.5-4.el5 was built to re-address this problem.
Comment 12 Steve Grubb 2008-03-14 11:03:38 EDT 
*** Bug 436810 has been marked as a duplicate of this bug. ***
Comment 13 Jeff Burke 2008-03-14 17:33:44 EDT 
Tested with RHEL5.2-Server-20080306.0 + audit-1.6.5-4.el5 and the
audit-test-2088 syscalls test did not report any OOM-Kills.
Comment 16 errata-xmlrpc 2008-05-21 10:32:50 EDT 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHEA-2008-0358.html
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.