Crash when loading the rules
Steve Grubb
sgrubb at redhat.com
Wed Jul 6 15:23:50 UTC 2016
On Wednesday, July 6, 2016 4:49:58 PM EDT Laurent Bigonville wrote:
> Hi,
>
> With 2.6.3, when loading the rules, it's crashing and I get the
> following backtrace:
>
> #0 0x00007ffff687e99d in writev () at ../sysdeps/unix/syscall-template.S:84
> #1 0x00005555555610ab in dispatch_event (rep=<optimized out>, is_err=0) at
> ../../../src/auditd-dispatch.c:189
> #2 0x000055555555a700 in distribute_event (e=0x555555779d80) at
> ../../../src/auditd.c:216
> #3 0x000055555555aac8 in netlink_handler (loop=<optimized out>,
> io=<optimized out>, revents=<optimized out>) at ../../../src/auditd.c:500
> #4 0x0000555555562eb7 in ev_invoke_pending (loop=0x555555773e80
> <default_loop_struct>) at ../../../../src/libev/ev.c:3162
> #5 0x000055555556623d in ev_run (loop=0x555555773e80
> <default_loop_struct>, flags=0) at ../../../../src/libev/ev.c:3562
> #6 0x0000555555559e06 in ev_loop (flags=0, loop=0x555555773e80
> <default_loop_struct>) at ../../../src/libev/ev.h:835
> #7 main (argc=<optimized out>, argv=<optimized out>) at
> ../../../src/auditd.c:841
>
> The rules are pretty dump:
>
> -D
> -b 8192
> -f 1
> --backlog_wait_time 0
>
> An idea what's going on?
By any chance does syslog show that the dispatcher exited due to no active
plugins?
-Steve
More information about the Linux-audit
mailing list