這幾天遇到基於海光服務器的銀河麒麟V10 SP2版本操作系統出現內存無故增長問題。
排查發現auditd服務,佔用了大量內存。
我的環境是銀河麒麟V10 SP2 524,audit版本audit-3.0-5.se.06
==5037== HEAP SUMMARY: ==5037== in use at exit: 3,022 bytes in 210 blocks ==5037== total heap usage: 415 allocs, 205 frees, 159,455 bytes allocated ==5037== ==5037== 122 bytes in 35 blocks are definitely lost in loss record 1 of 6 ==5037== at 0x483479B: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==5037== by 0x488435C: xmalloc (in /usr/lib64/libaudit.so.1.0.0) ==5037== by 0x4884393: xmemdup (in /usr/lib64/libaudit.so.1.0.0) ==5037== by 0x48848FF: ??? (in /usr/lib64/libaudit.so.1.0.0) ==5037== by 0x4884B4C: get_file_sys_info (in /usr/lib64/libaudit.so.1.0.0) ==5037== by 0x11217B: ??? (in /usr/sbin/auditd) ==5037== by 0x112D83: ??? (in /usr/sbin/auditd) ==5037== by 0x10ECA7: ??? (in /usr/sbin/auditd) ==5037== by 0x4BD0B26: (below main) (libc-start.c:308) ==5037== ==5037== 122 bytes in 35 blocks are definitely lost in loss record 2 of 6 ==5037== at 0x483479B: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==5037== by 0x488435C: xmalloc (in /usr/lib64/libaudit.so.1.0.0) ==5037== by 0x4884393: xmemdup (in /usr/lib64/libaudit.so.1.0.0) ==5037== by 0x488494E: ??? (in /usr/lib64/libaudit.so.1.0.0) ==5037== by 0x4884B4C: get_file_sys_info (in /usr/lib64/libaudit.so.1.0.0) ==5037== by 0x11217B: ??? (in /usr/sbin/auditd) ==5037== by 0x112D83: ??? (in /usr/sbin/auditd) ==5037== by 0x10ECA7: ??? (in /usr/sbin/auditd) ==5037== by 0x4BD0B26: (below main) (libc-start.c:308)
分析auditd服務存在內存泄露問題,位置在/usr/lib64/libaudit.so.1.0.0的get_file_sys_info處,malloc以後未釋放。
auditd是審計服務,會對ssh的會話做日誌記錄,該問題出現在寫日誌前判斷分區時的一部分代碼。
經過循環ssh登錄退出,也復現了這個現象。
yum update audit
升級到audit-3.0-5.se.07.ky10及以後版本即可解決
我也找到了官方發佈的補丁:https://www.kylinos.cn/index.php/support/update/6.html