Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Auditbeat - panic while scanning file system #6005

Closed
andrewkroh opened this issue Jan 5, 2018 · 2 comments
Closed

Auditbeat - panic while scanning file system #6005

andrewkroh opened this issue Jan 5, 2018 · 2 comments

Comments

@andrewkroh
Copy link
Member

andrewkroh commented Jan 5, 2018

Auditbeat panic'ed while doing a large file integrity scan.

For confirmed bugs, please report:

  • Version: auditbeat version 7.0.0-alpha1 (amd64), libbeat 7.0.0-alpha1 [51f0db4 built 2018-01-05 18:22:01 +0000 UTC]
  • Operating System: darwin
  • Steps to Reproduce: Not sure Configure recursive file integrity monitoring on OS X.

if !info.IsDir() || dir == path {

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x20 pc=0x49cf1fb]

goroutine 86 [running]:
github.com/elastic/beats/auditbeat/module/file_integrity.(*scanner).walkDir.func1(0xc420aaa000, 0x77, 0x0, 0x0, 0x52a04e0, 0xc420130e40, 0x0, 0x0)
	/Users/akroh/go/src/github.com/elastic/beats/auditbeat/module/file_integrity/scanner.go:126 +0x35b
path/filepath.walk(0xc420078420, 0x5f, 0x52b35a0, 0xc420143040, 0xc420362180, 0x0, 0x0)
	/Users/akroh/.gvm/versions/go1.9.2.darwin.amd64/src/path/filepath/path.go:377 +0x2eb
path/filepath.walk(0xc420078300, 0x5a, 0x52b35a0, 0xc420142f70, 0xc420362180, 0x0, 0x0)
	/Users/akroh/.gvm/versions/go1.9.2.darwin.amd64/src/path/filepath/path.go:381 +0x39a
path/filepath.walk(0xc420e62320, 0x4f, 0x52b35a0, 0xc420142ea0, 0xc420362180, 0x0, 0x0)
	/Users/akroh/.gvm/versions/go1.9.2.darwin.amd64/src/path/filepath/path.go:381 +0x39a
path/filepath.walk(0xc420e62190, 0x48, 0x52b35a0, 0xc420142dd0, 0xc420362180, 0x0, 0x0)
	/Users/akroh/.gvm/versions/go1.9.2.darwin.amd64/src/path/filepath/path.go:381 +0x39a
path/filepath.walk(0xc420e62050, 0x44, 0x52b35a0, 0xc420142d00, 0xc420362180, 0x0, 0x0)
	/Users/akroh/.gvm/versions/go1.9.2.darwin.amd64/src/path/filepath/path.go:381 +0x39a
path/filepath.walk(0xc4202aaf80, 0x3f, 0x52b35a0, 0xc420142680, 0xc420362180, 0x0, 0x0)
	/Users/akroh/.gvm/versions/go1.9.2.darwin.amd64/src/path/filepath/path.go:381 +0x39a
path/filepath.walk(0xc4202aaec0, 0x3a, 0x52b35a0, 0xc4201425b0, 0xc420362180, 0x0, 0x0)
	/Users/akroh/.gvm/versions/go1.9.2.darwin.amd64/src/path/filepath/path.go:381 +0x39a
path/filepath.walk(0xc4202aad00, 0x36, 0x52b35a0, 0xc4201420d0, 0xc420362180, 0x0, 0x0)
	/Users/akroh/.gvm/versions/go1.9.2.darwin.amd64/src/path/filepath/path.go:381 +0x39a
path/filepath.walk(0xc420536180, 0x31, 0x52b35a0, 0xc420526340, 0xc420362180, 0x0, 0x0)
	/Users/akroh/.gvm/versions/go1.9.2.darwin.amd64/src/path/filepath/path.go:381 +0x39a
path/filepath.walk(0xc4200184e0, 0x1f, 0x52b35a0, 0xc42043e680, 0xc420362180, 0x0, 0x0)
	/Users/akroh/.gvm/versions/go1.9.2.darwin.amd64/src/path/filepath/path.go:381 +0x39a
path/filepath.walk(0xc42038c4c0, 0x12, 0x52b35a0, 0xc4205265b0, 0xc420362180, 0x0, 0x0)
	/Users/akroh/.gvm/versions/go1.9.2.darwin.amd64/src/path/filepath/path.go:381 +0x39a
path/filepath.walk(0xc420464770, 0xe, 0x52b35a0, 0xc420142c30, 0xc420362180, 0x0, 0x0)
	/Users/akroh/.gvm/versions/go1.9.2.darwin.amd64/src/path/filepath/path.go:381 +0x39a
path/filepath.walk(0xc420464608, 0x8, 0x52b35a0, 0xc420081d40, 0xc420362180, 0x0, 0x0)
	/Users/akroh/.gvm/versions/go1.9.2.darwin.amd64/src/path/filepath/path.go:381 +0x39a
path/filepath.walk(0xc4203d19d8, 0x1, 0x52b35a0, 0xc4203f7860, 0xc420362180, 0x0, 0x40)
	/Users/akroh/.gvm/versions/go1.9.2.darwin.amd64/src/path/filepath/path.go:381 +0x39a
path/filepath.Walk(0xc4203d19d8, 0x1, 0xc420362180, 0xc42023bd90, 0x415ba75)
	/Users/akroh/.gvm/versions/go1.9.2.darwin.amd64/src/path/filepath/path.go:403 +0x11d
github.com/elastic/beats/auditbeat/module/file_integrity.(*scanner).walkDir(0xc4200ae180, 0xc4203d19d8, 0x1, 0x1, 0x0)
	/Users/akroh/go/src/github.com/elastic/beats/auditbeat/module/file_integrity/scanner.go:103 +0x155
github.com/elastic/beats/auditbeat/module/file_integrity.(*scanner).scan(0xc4200ae180)
	/Users/akroh/go/src/github.com/elastic/beats/auditbeat/module/file_integrity/scanner.go:83 +0x3d8
created by github.com/elastic/beats/auditbeat/module/file_integrity.(*scanner).Start
	/Users/akroh/go/src/github.com/elastic/beats/auditbeat/module/file_integrity/scanner.go:64 +0x87
@andrewkroh
Copy link
Member Author

There was a missing error check on the err param coming through the filepath.WalkFunc. I'm adding a check and will log a warning.

2018-01-07T12:10:05.697-0500	WARN	[file_integrity]	file_integrity/scanner.go:105	Scanner is skipping a path because of an error	{"scanner_id": 1, "file_path": "/dev/fd/8/var", "error": "lstat /dev/fd/8/var: no such file or directory"}
2018-01-07T12:10:05.697-0500	WARN	[file_integrity]	file_integrity/scanner.go:105	Scanner is skipping a path because of an error	{"scanner_id": 1, "file_path": "/dev/fd/9", "error": "lstat /dev/fd/9: bad file descriptor"}

This affects 6.1.0 and 6.1.1.

@tsg
Copy link
Contributor

tsg commented Jan 7, 2018

We're going to have a 6.1.2 (FF this coming week), so it would make sense to backport this one to the 6.1 branch.

andrewkroh added a commit to andrewkroh/beats that referenced this issue Jan 7, 2018
There was a missing error check in the file_integrity module's scanner that could result in a panic.

Fixes elastic#6005
@tsg tsg closed this as completed in #6007 Jan 7, 2018
tsg pushed a commit that referenced this issue Jan 7, 2018
There was a missing error check in the file_integrity module's scanner that could result in a panic.

Fixes #6005
andrewkroh added a commit to andrewkroh/beats that referenced this issue Jan 7, 2018
There was a missing error check in the file_integrity module's scanner that could result in a panic.

Fixes elastic#6005

(cherry picked from commit e8db561)
exekias pushed a commit that referenced this issue Jan 8, 2018
There was a missing error check in the file_integrity module's scanner that could result in a panic.

Fixes #6005

(cherry picked from commit e8db561)
leweafan pushed a commit to leweafan/beats that referenced this issue Apr 28, 2023
There was a missing error check in the file_integrity module's scanner that could result in a panic.

Fixes elastic#6005

(cherry picked from commit eca195a)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants