Segmentation fault with the version 0.1.58 on Debian 10 and Ubuntu 20.04 machines

[mdedonno1337]

Description of problem:

When doing a xccdf eval on a Debian 10 and Ubuntu 20.04 machines, the scanner will segfault if using the version 0.1.58, but will run normally when using the version 0.1.57.
Note that the report.html file is written OK on disk, and usable without any problems.

The scanner is the same between runs, build from source, version 1.3.5.

The scanner has been also compiled on CentOS 8, and is working with versions 0.1.57 and 0.1.58.

Given that:

• the version 0.1.57 is working on Debian and Ubuntu
• the version 0.1.58 is not working on Debian and Ubuntu
• the two versions 0.1.57 and 0.1.58 are working on CentOS
• the head of master (57fc344) is not working
• the scanner is compiled OK from source on all machines
• the same scanner has been used between each tests for each machine

, I suspect that some changes in the ComplianceAsCode/content between 0.1.57 and 0.1.58 has been done affecting only the Debian familly, and is not patched in the current master branch.

I would like to have some guidance regarding on how to proceed and help finding the source of the issue.
I plan to investigate the issue by compiling myself the version 0.1.57 and 0.1.58, re-test them, and git bisect/recompile until one commit is identified.

PS: exactly the same behaviour is seen with the Debian 11 file in the PR #7715. I thought that it could be an issue with my PR, but not sure anymore.

SCAP Security Guide Version:

OpenSCAP command line tool (oscap) 1.3.5
Copyright 2009--2021 Red Hat Inc., Durham, North Carolina.

==== Supported specifications ====
SCAP Version: 1.3
XCCDF Version: 1.2
OVAL Version: 5.11.1
CPE Version: 2.3
CVSS Version: 2.0
CVE Version: 2.0
Asset Identification Version: 1.1
Asset Reporting Format Version: 1.1
CVRF Version: 1.1

Working one:

mdedonno@openscap:~$ ./openscap/build/oscap_wrapper info scap-security-guide-0.1.57/ssg-debian10-ds.xml
Document type: Source Data Stream
Imported: 2021-07-29T14:53:51

Stream: scap_org.open-scap_datastream_from_xccdf_ssg-debian10-xccdf-1.2.xml
Generated: (null)
Version: 1.3
Checklists:
        Ref-Id: scap_org.open-scap_cref_ssg-debian10-xccdf-1.2.xml
                Status: draft
                Generated: 2021-07-29
                Resolved: true
                Profiles:
                        Title: Profile for ANSSI DAT-NT28 Average (Intermediate) Level
                                Id: xccdf_org.ssgproject.content_profile_anssi_np_nt28_average
                        Title: Profile for ANSSI DAT-NT28 High (Enforced) Level
                                Id: xccdf_org.ssgproject.content_profile_anssi_np_nt28_high
                        Title: Profile for ANSSI DAT-NT28 Minimal Level
                                Id: xccdf_org.ssgproject.content_profile_anssi_np_nt28_minimal
                        Title: Profile for ANSSI DAT-NT28 Restrictive Level
                                Id: xccdf_org.ssgproject.content_profile_anssi_np_nt28_restrictive
                        Title: Standard System Security Profile for Debian 10
                                Id: xccdf_org.ssgproject.content_profile_standard
                Referenced check files:
                        ssg-debian10-oval.xml
                                system: http://oval.mitre.org/XMLSchema/oval-definitions-5
                        ssg-debian10-ocil.xml
                                system: http://scap.nist.gov/schema/ocil/2
Checks:
        Ref-Id: scap_org.open-scap_cref_ssg-debian10-oval.xml
        Ref-Id: scap_org.open-scap_cref_ssg-debian10-ocil.xml
        Ref-Id: scap_org.open-scap_cref_ssg-debian10-cpe-oval.xml
Dictionaries:
        Ref-Id: scap_org.open-scap_cref_ssg-debian10-cpe-dictionary.xml

Not working one:

mdedonno@openscap:~$ ./openscap/build/oscap_wrapper info scap-security-guide-0.1.58/ssg-debian10-ds.xml
Document type: Source Data Stream
Imported: 2021-09-24T15:53:26

Stream: scap_org.open-scap_datastream_from_xccdf_ssg-debian10-xccdf-1.2.xml
Generated: (null)
Version: 1.3
Checklists:
        Ref-Id: scap_org.open-scap_cref_ssg-debian10-xccdf-1.2.xml
                Status: draft
                Generated: 2021-09-24
                Resolved: true
                Profiles:
                        Title: Profile for ANSSI DAT-NT28 Average (Intermediate) Level
                                Id: xccdf_org.ssgproject.content_profile_anssi_np_nt28_average
                        Title: Profile for ANSSI DAT-NT28 High (Enforced) Level
                                Id: xccdf_org.ssgproject.content_profile_anssi_np_nt28_high
                        Title: Profile for ANSSI DAT-NT28 Minimal Level
                                Id: xccdf_org.ssgproject.content_profile_anssi_np_nt28_minimal
                        Title: Profile for ANSSI DAT-NT28 Restrictive Level
                                Id: xccdf_org.ssgproject.content_profile_anssi_np_nt28_restrictive
                        Title: Standard System Security Profile for Debian 10
                                Id: xccdf_org.ssgproject.content_profile_standard
                Referenced check files:
                        ssg-debian10-oval.xml
                                system: http://oval.mitre.org/XMLSchema/oval-definitions-5
                        ssg-debian10-ocil.xml
                                system: http://scap.nist.gov/schema/ocil/2
Checks:
        Ref-Id: scap_org.open-scap_cref_ssg-debian10-oval.xml
        Ref-Id: scap_org.open-scap_cref_ssg-debian10-ocil.xml
        Ref-Id: scap_org.open-scap_cref_--__w--content--content--build--ssg-debian10-cpe-oval.xml
Dictionaries:
        Ref-Id: scap_org.open-scap_cref_--__w--content--content--build--ssg-debian10-cpe-dictionary.xml

Operating System Version:

mdedonno@openscap:~$ uname -a
Linux openscap 4.19.0-18-amd64 #1 SMP Debian 4.19.208-1 (2021-09-29) x86_64 GNU/Linux
mdedonno@openscap:~$ cat /etc/debian_version
10.11

Steps to Reproduce:

1. Install Debian 10 or Ubuntu 20.04, no particular options
2. Build the scanner from source
3. wget https://github.com/ComplianceAsCode/content/releases/download/v0.1.58/scap-security-guide-0.1.58.zip
4. ./openscap/build/oscap_wrapper xccdf eval --profile xccdf_org.ssgproject.content_profile_standard --report report.html scap-security-guide-0.1.58/ssg-debian10-ds.xml

Actual Results:

The not working scan:

mdedonno@openscap:~$ ./openscap/build/oscap_wrapper xccdf eval --profile xccdf_org.ssgproject.content_profile_standard --report report.html scap-security-guide-0.1.58/ssg-debian10-ds.xml

...

Title   Disable SSH Root Login
Rule    xccdf_org.ssgproject.content_rule_sshd_disable_root_login
Result  fail

./openscap/build/oscap_wrapper: line 31:  2822 Segmentation fault      "$b/run" "$b/utils/oscap" "$@"
mdedonno@openscap:~$

The working scan:

mdedonno@openscap:~$ ./openscap/build/oscap_wrapper xccdf eval --profile xccdf_org.ssgproject.content_profile_standard --report report.html scap-security-guide-0.1.57/ssg-debian10-ds.xml

...

Title   Disable SSH Root Login
Rule    xccdf_org.ssgproject.content_rule_sshd_disable_root_login
Result  fail

mdedonno@openscap:~$

Expected Results:

Not segfault

[mdedonno1337]

Procedure applied:

git checkout v0.1.58
git bisect start
git bisect bad
git checkout v0.1.57
git bisect good

The compilation of all the profiles has been done with this env:

FROM centos:8

RUN yum install -y cmake make openscap-utils openscap-scanner python3-pyyaml python3-jinja2 python3
RUN yum --enablerepo=powertools install -y ninja-build

RUN mkdir /data

COPY . /data

WORKDIR /data/build

RUN cmake -G Ninja ../
ENV SOURCE_DATE_EPOCH=1614699939
RUN ninja-build debian10

and the command docker build -t content --no-cache -f Dockerfiles/centos8bis .

Result:

The first bad commit is c233c92

More tests

git checkout v0.1.58
git revert c233c92d0

and building with the same env and same machine, the segfault is not present anymore.

Same result if the commit is reverted on master.

[mdedonno1337]

With this patch-file, the segfault is not present anymore.
However, I'm not convinced that this should be done this way...

diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/group.yml b/linux_os/guide/system/auditing/auditd_configure_rules/group.yml
index 35fa526203..9afcdf01e8 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/group.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/group.yml
@@ -39,4 +39,4 @@ description: |-
     editing as needed, the new rules can be activated as follows:
     <pre>$ sudo service auditd restart</pre>

-platform: audit
+platform: machine
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/group.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/group.yml
index d3acf3d6ce..a89b8a0c0c 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/group.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/group.yml
@@ -36,4 +36,4 @@ description: |-
     larger than the maximum amount of data <tt>auditd</tt> will retain
     normally.</i>

-platform: audit
+platform: machine
diff --git a/linux_os/guide/system/auditing/service_auditd_enabled/rule.yml b/linux_os/guide/system/auditing/service_auditd_enabled/rule.yml
index 539e2a4a8a..1b04794353 100644
--- a/linux_os/guide/system/auditing/service_auditd_enabled/rule.yml
+++ b/linux_os/guide/system/auditing/service_auditd_enabled/rule.yml
@@ -62,7 +62,7 @@ references:
 ocil: |-
     {{{ ocil_service_enabled(service="auditd") }}}

-platform: audit
+platform: machine

 template:
     name: service_enabled

[ggbecker]

Can you run the oscap command with --verbose DEVEL option so we understand what's going on with these checks that are segfaulting the platform: audit?

[mdedonno1337]

mdedonno@debian10openscap:~$ ./openscap/build/oscap_wrapper --verbose DEVEL --verbose-log-file eval.log xccdf eval --profile xccdf_org.ssgproject.content_profile_anssi_np_nt28_restrictive --report report.html ssg-debian10-ds.xml

mdedonno@debian10openscap:~$ tail -n 100 eval.log
D: oscap:     Extracting item from the cache queue: cnt=1, beg=72 [oscap(1847):icache_worker(7f0754ff9700):icache.c:220:probe_icache_worker]
D: oscap:     Signaling `notfull' [oscap(1847):icache_worker(7f0754ff9700):icache.c:241:probe_icache_worker]
D: oscap:     Handling NOP [oscap(1847):icache_worker(7f0754ff9700):icache.c:265:probe_icache_worker]
D: oscap:     Sync [oscap(1847):probe_worker(7f073a649700):icache.c:477:probe_icache_nop]
D: oscap:     old flag: 0, new flag: 4. [oscap(1847):probe_worker(7f073a649700):probe-api.c:688:probe_cobj_set_flag]
D: oscap:     handler result = 0x7f07500b35c0, return code = 0 [oscap(1847):probe_worker(7f073a649700):worker.c:95:probe_worker_runfn]
D: oscap:     probe thread deleted [oscap(1847):probe_worker(7f073a649700):worker.c:115:probe_worker_runfn]
D: oscap:     Sorting blocks & building iterator array [oscap(1847):probe_worker(7f073a649700):sexp-manip.c:1408:SEXP_list_sort]
D: oscap:     Iterator count = 0 [oscap(1847):probe_worker(7f073a649700):sexp-manip.c:1442:SEXP_list_sort]
D: oscap:     cnt = 0 [oscap(1847):probe_worker(7f073a649700):seap-message.c:138:SEAP_msgattr_exists]
D: oscap:     no-reply not set: sending full reply [oscap(1847):probe_worker(7f073a649700):seap.c:481:SEAP_reply]
D: oscap:     MSG -> SEXP [oscap(1847):probe_worker(7f073a649700):seap-packet.c:260:SEAP_packet_msg2sexp]
D: oscap: ("seap.msg" ":id" 36 ":reply-id" 36 (4 () () () ) ) [oscap(1847):probe_worker(7f073a649700):seap-packet.c:261:SEAP_packet_msg2sexp]
D: oscap:     packet size: 569 [oscap(1847):probe_worker(7f073a649700):seap-packet.c:262:SEAP_packet_msg2sexp]
D: oscap:     name=reply-id, value=0x7f0750059e20 [oscap(1847):probe_worker(7f073a649700):seap-message.c:73:SEAP_msg_free]
D: oscap:     probe_worker_runfn has finished [oscap(1847):probe_worker(7f073a649700):worker.c:175:probe_worker_runfn]
D: oscap:     Received packet [oscap(1847):oscap(7f078f53bd40):seap-packet.c:794:SEAP_packet_recv]
D: oscap: ("seap.msg" ":id" 36 ":reply-id" 36 (4 () () () ) ) [oscap(1847):oscap(7f078f53bd40):seap-packet.c:795:SEAP_packet_recv]
D: oscap:     packet size: 569 [oscap(1847):oscap(7f078f53bd40):seap-packet.c:796:SEAP_packet_recv]
D: oscap:     Message received. [oscap(1847):oscap(7f078f53bd40):oval_probe_ext.c:579:oval_probe_comm]
D: oscap:     name=(null), value=0x7f07500a1800 [oscap(1847):oscap(7f078f53bd40):seap-message.c:73:SEAP_msg_free]
I: oscap:     Test 'oval:ssg-test_sshd_disable_root_login:tst:1' requires that every object defined by 'oval:ssg-obj_sshd_disable_root_login:obj:1' exists on the system. [oscap(1847):oscap(7f078f53bd40):oval_resultTest.c:900:_oval_result_test_evaluate_items]
I: oscap:     0 objects defined by 'oval:ssg-obj_sshd_disable_root_login:obj:1' exist on the system. [oscap(1847):oscap(7f078f53bd40):oval_resultTest.c:918:_oval_result_test_evaluate_items]
I: oscap:     No item matching object 'oval:ssg-obj_sshd_disable_root_login:obj:1' was found on the system. (flag=does not exist) [oscap(1847):oscap(7f078f53bd40):oval_resultTest.c:954:_oval_result_test_evaluate_items]
I: oscap:   Test 'oval:ssg-test_sshd_disable_root_login:tst:1' evaluated as false. [oscap(1847):oscap(7f078f53bd40):oval_resultTest.c:1164:oval_result_test_eval]
I: oscap: Definition 'oval:ssg-sshd_disable_root_login:def:1' evaluated as false. [oscap(1847):oscap(7f078f53bd40):oval_resultDefinition.c:170:oval_result_definition_eval]
D: oscap: rbt_str_add: non-zero return code [oscap(1847):oscap(7f078f53bd40):oval_string_map.c:211:oval_string_map_put]
D: oscap: rbt_str_add: non-zero return code [oscap(1847):oscap(7f078f53bd40):oval_string_map.c:211:oval_string_map_put]
D: oscap: rbt_str_add: non-zero return code [oscap(1847):oscap(7f078f53bd40):oval_string_map.c:211:oval_string_map_put]
D: oscap: rbt_str_add: non-zero return code [oscap(1847):oscap(7f078f53bd40):oval_string_map.c:211:oval_string_map_put]
D: oscap: rbt_str_add: non-zero return code [oscap(1847):oscap(7f078f53bd40):oval_string_map.c:211:oval_string_map_put]
D: oscap: rbt_str_add: non-zero return code [oscap(1847):oscap(7f078f53bd40):oval_string_map.c:211:oval_string_map_put]
D: oscap: rbt_str_add: non-zero return code [oscap(1847):oscap(7f078f53bd40):oval_string_map.c:211:oval_string_map_put]
D: oscap: rbt_str_add: non-zero return code [oscap(1847):oscap(7f078f53bd40):oval_string_map.c:211:oval_string_map_put]
D: oscap: rbt_str_add: non-zero return code [oscap(1847):oscap(7f078f53bd40):oval_string_map.c:211:oval_string_map_put]
D: oscap: rbt_str_add: non-zero return code [oscap(1847):oscap(7f078f53bd40):oval_string_map.c:211:oval_string_map_put]
D: oscap: rbt_str_add: non-zero return code [oscap(1847):oscap(7f078f53bd40):oval_string_map.c:211:oval_string_map_put]
D: oscap: rbt_str_add: non-zero return code [oscap(1847):oscap(7f078f53bd40):oval_string_map.c:211:oval_string_map_put]
D: oscap: rbt_str_add: non-zero return code [oscap(1847):oscap(7f078f53bd40):oval_string_map.c:211:oval_string_map_put]
D: oscap: rbt_str_add: non-zero return code [oscap(1847):oscap(7f078f53bd40):oval_string_map.c:211:oval_string_map_put]
D: oscap: rbt_str_add: non-zero return code [oscap(1847):oscap(7f078f53bd40):oval_string_map.c:211:oval_string_map_put]
D: oscap: rbt_str_add: non-zero return code [oscap(1847):oscap(7f078f53bd40):oval_string_map.c:211:oval_string_map_put]
D: oscap: rbt_str_add: non-zero return code [oscap(1847):oscap(7f078f53bd40):oval_string_map.c:211:oval_string_map_put]
D: oscap: rbt_str_add: non-zero return code [oscap(1847):oscap(7f078f53bd40):oval_string_map.c:211:oval_string_map_put]
D: oscap: rbt_str_add: non-zero return code [oscap(1847):oscap(7f078f53bd40):oval_string_map.c:211:oval_string_map_put]
D: oscap: rbt_str_add: non-zero return code [oscap(1847):oscap(7f078f53bd40):oval_string_map.c:211:oval_string_map_put]
D: oscap: rbt_str_add: non-zero return code [oscap(1847):oscap(7f078f53bd40):oval_string_map.c:211:oval_string_map_put]
D: oscap: rbt_str_add: non-zero return code [oscap(1847):oscap(7f078f53bd40):oval_string_map.c:211:oval_string_map_put]
D: oscap: rbt_str_add: non-zero return code [oscap(1847):oscap(7f078f53bd40):oval_string_map.c:211:oval_string_map_put]
D: oscap: rbt_str_add: non-zero return code [oscap(1847):oscap(7f078f53bd40):oval_string_map.c:211:oval_string_map_put]
D: oscap: rbt_str_add: non-zero return code [oscap(1847):oscap(7f078f53bd40):oval_string_map.c:211:oval_string_map_put]
D: oscap: rbt_str_add: non-zero return code [oscap(1847):oscap(7f078f53bd40):oval_string_map.c:211:oval_string_map_put]
D: oscap: rbt_str_add: non-zero return code [oscap(1847):oscap(7f078f53bd40):oval_string_map.c:211:oval_string_map_put]
D: oscap: rbt_str_add: non-zero return code [oscap(1847):oscap(7f078f53bd40):oval_string_map.c:211:oval_string_map_put]
D: oscap: rbt_str_add: non-zero return code [oscap(1847):oscap(7f078f53bd40):oval_string_map.c:211:oval_string_map_put]
D: oscap: rbt_str_add: non-zero return code [oscap(1847):oscap(7f078f53bd40):oval_string_map.c:211:oval_string_map_put]
D: oscap: rbt_str_add: non-zero return code [oscap(1847):oscap(7f078f53bd40):oval_string_map.c:211:oval_string_map_put]
D: oscap: rbt_str_add: non-zero return code [oscap(1847):oscap(7f078f53bd40):oval_string_map.c:211:oval_string_map_put]
D: oscap: rbt_str_add: non-zero return code [oscap(1847):oscap(7f078f53bd40):oval_string_map.c:211:oval_string_map_put]
D: oscap: rbt_str_add: non-zero return code [oscap(1847):oscap(7f078f53bd40):oval_string_map.c:211:oval_string_map_put]
D: oscap: rbt_str_add: non-zero return code [oscap(1847):oscap(7f078f53bd40):oval_string_map.c:211:oval_string_map_put]
D: oscap: rbt_str_add: non-zero return code [oscap(1847):oscap(7f078f53bd40):oval_string_map.c:211:oval_string_map_put]
D: oscap: probe_common_main_cleanup started [oscap(1847):common_main(7f07557fa700):probe_main.c:143:probe_common_main_cleanup]
D: oscap: probe_input_handler thread has joined with status -1 [oscap(1847):common_main(7f07557fa700):probe_main.c:157:probe_common_main_cleanup]
D: oscap: probe_common_main_cleanup finished [oscap(1847):common_main(7f07557fa700):probe_main.c:170:probe_common_main_cleanup]
D: oscap: probe_common_main_cleanup started [oscap(1847):common_main(7f073ce4e700):probe_main.c:143:probe_common_main_cleanup]
D: oscap: probe_input_handler thread has joined with status -1 [oscap(1847):common_main(7f073ce4e700):probe_main.c:157:probe_common_main_cleanup]
D: oscap: probe_common_main_cleanup finished [oscap(1847):common_main(7f073ce4e700):probe_main.c:170:probe_common_main_cleanup]
D: oscap: probe_common_main_cleanup started [oscap(1847):common_main(7f078f536700):probe_main.c:143:probe_common_main_cleanup]
D: oscap: probe_input_handler thread has joined with status -1 [oscap(1847):common_main(7f078f536700):probe_main.c:157:probe_common_main_cleanup]
D: oscap: probe_common_main_cleanup finished [oscap(1847):common_main(7f078f536700):probe_main.c:170:probe_common_main_cleanup]
D: oscap: probe_common_main_cleanup started [oscap(1847):common_main(7f074b7fe700):probe_main.c:143:probe_common_main_cleanup]
D: oscap: probe_input_handler thread has joined with status -1 [oscap(1847):common_main(7f074b7fe700):probe_main.c:157:probe_common_main_cleanup]
D: oscap: probe_common_main_cleanup finished [oscap(1847):common_main(7f074b7fe700):probe_main.c:170:probe_common_main_cleanup]
D: oscap: probe_common_main_cleanup started [oscap(1847):common_main(7f07567fc700):probe_main.c:143:probe_common_main_cleanup]
D: oscap: probe_input_handler thread has joined with status -1 [oscap(1847):common_main(7f07567fc700):probe_main.c:157:probe_common_main_cleanup]
D: oscap: probe_common_main_cleanup finished [oscap(1847):common_main(7f07567fc700):probe_main.c:170:probe_common_main_cleanup]
D: oscap: probe_common_main_cleanup started [oscap(1847):common_main(7f073fe54700):probe_main.c:143:probe_common_main_cleanup]
D: oscap: probe_input_handler thread has joined with status -1 [oscap(1847):common_main(7f073fe54700):probe_main.c:157:probe_common_main_cleanup]
D: oscap: probe_common_main_cleanup finished [oscap(1847):common_main(7f073fe54700):probe_main.c:170:probe_common_main_cleanup]
D: oscap: probe_common_main_cleanup started [oscap(1847):common_main(7f073ee52700):probe_main.c:143:probe_common_main_cleanup]
D: oscap: probe_input_handler thread has joined with status -1 [oscap(1847):common_main(7f073ee52700):probe_main.c:157:probe_common_main_cleanup]
D: oscap: probe_common_main_cleanup finished [oscap(1847):common_main(7f073ee52700):probe_main.c:170:probe_common_main_cleanup]
D: oscap: probe_common_main_cleanup started [oscap(1847):common_main(7f073be4c700):probe_main.c:143:probe_common_main_cleanup]
D: oscap: probe_input_handler thread has joined with status -1 [oscap(1847):common_main(7f073be4c700):probe_main.c:157:probe_common_main_cleanup]
D: oscap: probe_common_main_cleanup finished [oscap(1847):common_main(7f073be4c700):probe_main.c:170:probe_common_main_cleanup]
D: oscap: probe_common_main_cleanup started [oscap(1847):common_main(7f0739647700):probe_main.c:143:probe_common_main_cleanup]
D: oscap: probe_input_handler thread has joined with status -1 [oscap(1847):common_main(7f0739647700):probe_main.c:157:probe_common_main_cleanup]
D: oscap: probe_common_main_cleanup finished [oscap(1847):common_main(7f0739647700):probe_main.c:170:probe_common_main_cleanup]
D: oscap: probe_common_main_cleanup started [oscap(1847):common_main(7f07777fe700):probe_main.c:143:probe_common_main_cleanup]
D: oscap: probe_input_handler thread has joined with status -1 [oscap(1847):common_main(7f07777fe700):probe_main.c:157:probe_common_main_cleanup]
D: oscap: probe_common_main_cleanup finished [oscap(1847):common_main(7f07777fe700):probe_main.c:170:probe_common_main_cleanup]
D: oscap: probe_common_main_cleanup started [oscap(1847):common_main(7f0757fff700):probe_main.c:143:probe_common_main_cleanup]
D: oscap: probe_input_handler thread has joined with status -1 [oscap(1847):common_main(7f0757fff700):probe_main.c:157:probe_common_main_cleanup]
D: oscap: probe_common_main_cleanup finished [oscap(1847):common_main(7f0757fff700):probe_main.c:170:probe_common_main_cleanup]
D: oscap: probe_common_main_cleanup started [oscap(1847):common_main(7f078dd33700):probe_main.c:143:probe_common_main_cleanup]
D: oscap: probe_input_handler thread has joined with status -1 [oscap(1847):common_main(7f078dd33700):probe_main.c:157:probe_common_main_cleanup]
D: oscap: probe_common_main_cleanup finished [oscap(1847):common_main(7f078dd33700):probe_main.c:170:probe_common_main_cleanup]
D: oscap: probe_common_main_cleanup started [oscap(1847):common_main(7f0743fff700):probe_main.c:143:probe_common_main_cleanup]
D: oscap: probe_input_handler thread has joined with status -1 [oscap(1847):common_main(7f0743fff700):probe_main.c:157:probe_common_main_cleanup]

mdedonno@debian10openscap:~$ uname -a
Linux debian10openscap 4.19.0-18-amd64 #1 SMP Debian 4.19.208-1 (2021-09-29) x86_64 GNU/Linux
mdedonno@debian10openscap:~$ cat /etc/debian_version
10.11

The full eval.log file is present here: https://gist.githubusercontent.com/mdedonno1337/9a94a61175a060df0f1b0ca6639a8af7/raw/e5cdf6826b1294cc28f9a507030f46899fbcee8c/eval.log

[ggbecker]

Let's try running it as sudo or root just to see what happens... many checks need root permissions to read protected files and such.

[mdedonno1337]

Same segfault

mdedonno@debian10openscap:~$ sudo ./openscap/build/oscap_wrapper --verbose DEVEL --verbose-log-file eval_root.log xccdf eval --profile xccdf_org.ssgproject.content_profile_anssi_np_nt28_restrictive --report report.html ssg-debian10-ds.xml 

...
./openscap/build/oscap_wrapper: line 31:  2238 Segmentation fault      "$b/run" "$b/utils/oscap" "$@"

mdedonno@debian10openscap:~$ tail -n 100 eval_root.log
D: oscap:     Waiting for icache worker to handle the NOP [oscap(2071):probe_worker(7f4c1d9fc700):icache.c:469:probe_icache_nop]
D: oscap:     Extracting item from the cache queue: cnt=1, beg=72 [oscap(2071):icache_worker(7f4c397fa700):icache.c:220:probe_icache_worker]
D: oscap:     Signaling `notfull' [oscap(2071):icache_worker(7f4c397fa700):icache.c:241:probe_icache_worker]
D: oscap:     Handling NOP [oscap(2071):icache_worker(7f4c397fa700):icache.c:265:probe_icache_worker]
D: oscap:     Sync [oscap(2071):probe_worker(7f4c1d9fc700):icache.c:477:probe_icache_nop]
D: oscap:     old flag: 0, new flag: 4. [oscap(2071):probe_worker(7f4c1d9fc700):probe-api.c:688:probe_cobj_set_flag]
D: oscap:     handler result = 0x7f4c300512a0, return code = 0 [oscap(2071):probe_worker(7f4c1d9fc700):worker.c:95:probe_worker_runfn]
D: oscap:     probe thread deleted [oscap(2071):probe_worker(7f4c1d9fc700):worker.c:115:probe_worker_runfn]
D: oscap:     Sorting blocks & building iterator array [oscap(2071):probe_worker(7f4c1d9fc700):sexp-manip.c:1408:SEXP_list_sort]
D: oscap:     Iterator count = 0 [oscap(2071):probe_worker(7f4c1d9fc700):sexp-manip.c:1442:SEXP_list_sort]
D: oscap:     cnt = 0 [oscap(2071):probe_worker(7f4c1d9fc700):seap-message.c:138:SEAP_msgattr_exists]
D: oscap:     no-reply not set: sending full reply [oscap(2071):probe_worker(7f4c1d9fc700):seap.c:481:SEAP_reply]
D: oscap:     MSG -> SEXP [oscap(2071):probe_worker(7f4c1d9fc700):seap-packet.c:260:SEAP_packet_msg2sexp]
D: oscap: ("seap.msg" ":id" 36 ":reply-id" 36 (4 () () () ) ) [oscap(2071):probe_worker(7f4c1d9fc700):seap-packet.c:261:SEAP_packet_msg2sexp]
D: oscap:     packet size: 569 [oscap(2071):probe_worker(7f4c1d9fc700):seap-packet.c:262:SEAP_packet_msg2sexp]
D: oscap:     name=reply-id, value=0x7f4c300088c0 [oscap(2071):probe_worker(7f4c1d9fc700):seap-message.c:73:SEAP_msg_free]
D: oscap:     probe_worker_runfn has finished [oscap(2071):probe_worker(7f4c1d9fc700):worker.c:175:probe_worker_runfn]
D: oscap:     Received packet [oscap(2071):oscap(7f4c73f4dd40):seap-packet.c:794:SEAP_packet_recv]
D: oscap: ("seap.msg" ":id" 36 ":reply-id" 36 (4 () () () ) ) [oscap(2071):oscap(7f4c73f4dd40):seap-packet.c:795:SEAP_packet_recv]
D: oscap:     packet size: 569 [oscap(2071):oscap(7f4c73f4dd40):seap-packet.c:796:SEAP_packet_recv]
D: oscap:     Message received. [oscap(2071):oscap(7f4c73f4dd40):oval_probe_ext.c:579:oval_probe_comm]
D: oscap:     name=(null), value=0x7f4c300103c0 [oscap(2071):oscap(7f4c73f4dd40):seap-message.c:73:SEAP_msg_free]
I: oscap:     Test 'oval:ssg-test_sshd_disable_root_login:tst:1' requires that every object defined by 'oval:ssg-obj_sshd_disable_root_login:obj:1' exists on the system. [oscap(2071):oscap(7f4c73f4dd40):oval_resultTest.c:900:_oval_result_test_evaluate_items]
I: oscap:     0 objects defined by 'oval:ssg-obj_sshd_disable_root_login:obj:1' exist on the system. [oscap(2071):oscap(7f4c73f4dd40):oval_resultTest.c:918:_oval_result_test_evaluate_items]
I: oscap:     No item matching object 'oval:ssg-obj_sshd_disable_root_login:obj:1' was found on the system. (flag=does not exist) [oscap(2071):oscap(7f4c73f4dd40):oval_resultTest.c:954:_oval_result_test_evaluate_items]
I: oscap:   Test 'oval:ssg-test_sshd_disable_root_login:tst:1' evaluated as false. [oscap(2071):oscap(7f4c73f4dd40):oval_resultTest.c:1164:oval_result_test_eval]
I: oscap: Definition 'oval:ssg-sshd_disable_root_login:def:1' evaluated as false. [oscap(2071):oscap(7f4c73f4dd40):oval_resultDefinition.c:170:oval_result_definition_eval]
D: oscap: rbt_str_add: non-zero return code [oscap(2071):oscap(7f4c73f4dd40):oval_string_map.c:211:oval_string_map_put]
D: oscap: rbt_str_add: non-zero return code [oscap(2071):oscap(7f4c73f4dd40):oval_string_map.c:211:oval_string_map_put]
D: oscap: rbt_str_add: non-zero return code [oscap(2071):oscap(7f4c73f4dd40):oval_string_map.c:211:oval_string_map_put]
D: oscap: rbt_str_add: non-zero return code [oscap(2071):oscap(7f4c73f4dd40):oval_string_map.c:211:oval_string_map_put]
D: oscap: rbt_str_add: non-zero return code [oscap(2071):oscap(7f4c73f4dd40):oval_string_map.c:211:oval_string_map_put]
D: oscap: rbt_str_add: non-zero return code [oscap(2071):oscap(7f4c73f4dd40):oval_string_map.c:211:oval_string_map_put]
D: oscap: rbt_str_add: non-zero return code [oscap(2071):oscap(7f4c73f4dd40):oval_string_map.c:211:oval_string_map_put]
D: oscap: rbt_str_add: non-zero return code [oscap(2071):oscap(7f4c73f4dd40):oval_string_map.c:211:oval_string_map_put]
D: oscap: rbt_str_add: non-zero return code [oscap(2071):oscap(7f4c73f4dd40):oval_string_map.c:211:oval_string_map_put]
D: oscap: rbt_str_add: non-zero return code [oscap(2071):oscap(7f4c73f4dd40):oval_string_map.c:211:oval_string_map_put]
D: oscap: rbt_str_add: non-zero return code [oscap(2071):oscap(7f4c73f4dd40):oval_string_map.c:211:oval_string_map_put]
D: oscap: rbt_str_add: non-zero return code [oscap(2071):oscap(7f4c73f4dd40):oval_string_map.c:211:oval_string_map_put]
D: oscap: rbt_str_add: non-zero return code [oscap(2071):oscap(7f4c73f4dd40):oval_string_map.c:211:oval_string_map_put]
D: oscap: rbt_str_add: non-zero return code [oscap(2071):oscap(7f4c73f4dd40):oval_string_map.c:211:oval_string_map_put]
D: oscap: rbt_str_add: non-zero return code [oscap(2071):oscap(7f4c73f4dd40):oval_string_map.c:211:oval_string_map_put]
D: oscap: rbt_str_add: non-zero return code [oscap(2071):oscap(7f4c73f4dd40):oval_string_map.c:211:oval_string_map_put]
D: oscap: rbt_str_add: non-zero return code [oscap(2071):oscap(7f4c73f4dd40):oval_string_map.c:211:oval_string_map_put]
D: oscap: rbt_str_add: non-zero return code [oscap(2071):oscap(7f4c73f4dd40):oval_string_map.c:211:oval_string_map_put]
D: oscap: rbt_str_add: non-zero return code [oscap(2071):oscap(7f4c73f4dd40):oval_string_map.c:211:oval_string_map_put]
D: oscap: rbt_str_add: non-zero return code [oscap(2071):oscap(7f4c73f4dd40):oval_string_map.c:211:oval_string_map_put]
D: oscap: rbt_str_add: non-zero return code [oscap(2071):oscap(7f4c73f4dd40):oval_string_map.c:211:oval_string_map_put]
D: oscap: rbt_str_add: non-zero return code [oscap(2071):oscap(7f4c73f4dd40):oval_string_map.c:211:oval_string_map_put]
D: oscap: rbt_str_add: non-zero return code [oscap(2071):oscap(7f4c73f4dd40):oval_string_map.c:211:oval_string_map_put]
D: oscap: rbt_str_add: non-zero return code [oscap(2071):oscap(7f4c73f4dd40):oval_string_map.c:211:oval_string_map_put]
D: oscap: rbt_str_add: non-zero return code [oscap(2071):oscap(7f4c73f4dd40):oval_string_map.c:211:oval_string_map_put]
D: oscap: rbt_str_add: non-zero return code [oscap(2071):oscap(7f4c73f4dd40):oval_string_map.c:211:oval_string_map_put]
D: oscap: rbt_str_add: non-zero return code [oscap(2071):oscap(7f4c73f4dd40):oval_string_map.c:211:oval_string_map_put]
D: oscap: rbt_str_add: non-zero return code [oscap(2071):oscap(7f4c73f4dd40):oval_string_map.c:211:oval_string_map_put]
D: oscap: rbt_str_add: non-zero return code [oscap(2071):oscap(7f4c73f4dd40):oval_string_map.c:211:oval_string_map_put]
D: oscap: rbt_str_add: non-zero return code [oscap(2071):oscap(7f4c73f4dd40):oval_string_map.c:211:oval_string_map_put]
D: oscap: rbt_str_add: non-zero return code [oscap(2071):oscap(7f4c73f4dd40):oval_string_map.c:211:oval_string_map_put]
D: oscap: rbt_str_add: non-zero return code [oscap(2071):oscap(7f4c73f4dd40):oval_string_map.c:211:oval_string_map_put]
D: oscap: rbt_str_add: non-zero return code [oscap(2071):oscap(7f4c73f4dd40):oval_string_map.c:211:oval_string_map_put]
D: oscap: rbt_str_add: non-zero return code [oscap(2071):oscap(7f4c73f4dd40):oval_string_map.c:211:oval_string_map_put]
D: oscap: rbt_str_add: non-zero return code [oscap(2071):oscap(7f4c73f4dd40):oval_string_map.c:211:oval_string_map_put]
D: oscap: probe_common_main_cleanup started [oscap(2071):common_main(7f4c39ffb700):probe_main.c:143:probe_common_main_cleanup]
D: oscap: probe_input_handler thread has joined with status -1 [oscap(2071):common_main(7f4c39ffb700):probe_main.c:157:probe_common_main_cleanup]
D: oscap: probe_common_main_cleanup finished [oscap(2071):common_main(7f4c39ffb700):probe_main.c:170:probe_common_main_cleanup]
D: oscap: probe_common_main_cleanup started [oscap(2071):common_main(7f4c23a08700):probe_main.c:143:probe_common_main_cleanup]
D: oscap: probe_input_handler thread has joined with status -1 [oscap(2071):common_main(7f4c23a08700):probe_main.c:157:probe_common_main_cleanup]
D: oscap: probe_common_main_cleanup finished [oscap(2071):common_main(7f4c23a08700):probe_main.c:170:probe_common_main_cleanup]
D: oscap: probe_common_main_cleanup started [oscap(2071):common_main(7f4c73f48700):probe_main.c:143:probe_common_main_cleanup]
D: oscap: probe_input_handler thread has joined with status -1 [oscap(2071):common_main(7f4c73f48700):probe_main.c:157:probe_common_main_cleanup]
D: oscap: probe_common_main_cleanup finished [oscap(2071):common_main(7f4c73f48700):probe_main.c:170:probe_common_main_cleanup]
D: oscap: probe_common_main_cleanup started [oscap(2071):common_main(7f4c2ffff700):probe_main.c:143:probe_common_main_cleanup]
D: oscap: probe_input_handler thread has joined with status -1 [oscap(2071):common_main(7f4c2ffff700):probe_main.c:157:probe_common_main_cleanup]
D: oscap: probe_common_main_cleanup finished [oscap(2071):common_main(7f4c2ffff700):probe_main.c:170:probe_common_main_cleanup]
D: oscap: probe_common_main_cleanup started [oscap(2071):common_main(7f4c3b7fe700):probe_main.c:143:probe_common_main_cleanup]
D: oscap: probe_input_handler thread has joined with status -1 [oscap(2071):common_main(7f4c3b7fe700):probe_main.c:157:probe_common_main_cleanup]
D: oscap: probe_common_main_cleanup finished [oscap(2071):common_main(7f4c3b7fe700):probe_main.c:170:probe_common_main_cleanup]
D: oscap: probe_common_main_cleanup started [oscap(2071):common_main(7f4c2520b700):probe_main.c:143:probe_common_main_cleanup]
D: oscap: probe_input_handler thread has joined with status -1 [oscap(2071):common_main(7f4c2520b700):probe_main.c:157:probe_common_main_cleanup]
D: oscap: probe_common_main_cleanup finished [oscap(2071):common_main(7f4c2520b700):probe_main.c:170:probe_common_main_cleanup]
D: oscap: probe_common_main_cleanup started [oscap(2071):common_main(7f4c23207700):probe_main.c:143:probe_common_main_cleanup]
D: oscap: probe_input_handler thread has joined with status -1 [oscap(2071):common_main(7f4c23207700):probe_main.c:157:probe_common_main_cleanup]
D: oscap: probe_common_main_cleanup finished [oscap(2071):common_main(7f4c23207700):probe_main.c:170:probe_common_main_cleanup]
D: oscap: probe_common_main_cleanup started [oscap(2071):common_main(7f4c20a02700):probe_main.c:143:probe_common_main_cleanup]
D: oscap: probe_input_handler thread has joined with status -1 [oscap(2071):common_main(7f4c20a02700):probe_main.c:157:probe_common_main_cleanup]
D: oscap: probe_common_main_cleanup finished [oscap(2071):common_main(7f4c20a02700):probe_main.c:170:probe_common_main_cleanup]
D: oscap: probe_common_main_cleanup started [oscap(2071):common_main(7f4c1e9fe700):probe_main.c:143:probe_common_main_cleanup]
D: oscap: probe_input_handler thread has joined with status -1 [oscap(2071):common_main(7f4c1e9fe700):probe_main.c:157:probe_common_main_cleanup]
D: oscap: probe_common_main_cleanup finished [oscap(2071):common_main(7f4c1e9fe700):probe_main.c:170:probe_common_main_cleanup]
D: oscap: probe_common_main_cleanup started [oscap(2071):common_main(7f4c70f35700):probe_main.c:143:probe_common_main_cleanup]
D: oscap: probe_input_handler thread has joined with status -1 [oscap(2071):common_main(7f4c70f35700):probe_main.c:157:probe_common_main_cleanup]
D: oscap: probe_common_main_cleanup finished [oscap(2071):common_main(7f4c70f35700):probe_main.c:170:probe_common_main_cleanup]
D: oscap: probe_common_main_cleanup started [oscap(2071):common_main(7f4c517fa700):probe_main.c:143:probe_common_main_cleanup]
D: oscap: probe_input_handler thread has joined with status -1 [oscap(2071):common_main(7f4c517fa700):probe_main.c:157:probe_common_main_cleanup]
D: oscap: probe_common_main_cleanup finished [oscap(2071):common_main(7f4c517fa700):probe_main.c:170:probe_common_main_cleanup]
D: oscap: probe_common_main_cleanup started [oscap(2071):common_main(7f4c72745700):probe_main.c:143:probe_common_main_cleanup]
D: oscap: probe_input_handler thread has joined with status -1 [oscap(2071):common_main(7f4c72745700):probe_main.c:157:probe_common_main_cleanup]
D: oscap: probe_common_main_cleanup finished [oscap(2071):common_main(7f4c72745700):probe_main.c:170:probe_common_main_cleanup]
D: oscap: probe_common_main_cleanup started [oscap(2071):common_main(7f4c2ca0a700):probe_main.c:143:probe_common_main_cleanup]
D: oscap: probe_input_handler thread has joined with status -1 [oscap(2071):common_main(7f4c2ca0a700):probe_main.c:157:probe_common_main_cleanup]

https://gist.githubusercontent.com/mdedonno1337/06aa099fafdec9e68388c2dde87891a0/raw/cb454a736512419c41ab3a367f578afd709f8fa6/eval_root.log

Please take note that the report is written on disk and usage without any problems.
I suspect that the issue is after the write of the report on disk.

[ggbecker]

Unfortunately I don't see anything obvious. Maybe @jan-cerny or @evgenyz can think of something here. Note that the report is written on disk so it somehow finishes the scan.

[mdedonno1337]

I'm trying to run the scanner in gdb, here is the segfault:

Title   Disable SSH Root Login
Rule    xccdf_org.ssgproject.content_rule_sshd_disable_root_login
[Thread 0x7fff5b7fe700 (LWP 20570) exited]
[New Thread 0x7fff5b7fe700 (LWP 20571)]
Result  fail

[Thread 0x7fff5b7fe700 (LWP 20571) exited]
--Type <RET> for more, q to quit, c to continue without paging--c

Thread 32 "common_main" received signal SIG32, Real-time event 32.
[Switching to Thread 0x7fffb97fa700 (LWP 20446)]
__pthread_clockjoin_ex (threadid=140736297146112, thread_return=thread_return@entry=0x7fffb97f9968, clockid=clockid@entry=0, abstime=abstime@entry=0x0, block=block@entry=true) at pthread_join_common.c:145
145     pthread_join_common.c: No such file or directory.
(gdb)
(gdb) c
Continuing.

Thread 34 "input_handler" received signal SIG32, Real-time event 32.
[Switching to Thread 0x7fffb8ff9700 (LWP 20448)]
futex_wait_cancelable (private=0, expected=0, futex_word=0x55555a3162bc) at ../sysdeps/nptl/futex-internal.h:186
186     ../sysdeps/nptl/futex-internal.h: No such file or directory.
(gdb)
Continuing.
[Thread 0x7fffb8ff9700 (LWP 20448) exited]

Thread 33 "icache_worker" received signal SIG32, Real-time event 32.
[Switching to Thread 0x7fffb9ffb700 (LWP 20447)]
futex_wait_cancelable (private=0, expected=0, futex_word=0x7fffa4004a44) at ../sysdeps/nptl/futex-internal.h:186
186     in ../sysdeps/nptl/futex-internal.h
(gdb)
Continuing.
[Thread 0x7fffb9ffb700 (LWP 20447) exited]
[Thread 0x7fffb97fa700 (LWP 20446) exited]

Thread 62 "common_main" received signal SIG32, Real-time event 32.
[Switching to Thread 0x7fff78ff9700 (LWP 20479)]
__pthread_clockjoin_ex (threadid=140734862714624, thread_return=thread_return@entry=0x7fff78ff8968,
    clockid=clockid@entry=0, abstime=abstime@entry=0x0, block=block@entry=true) at pthread_join_common.c:145
145     pthread_join_common.c: No such file or directory.
(gdb)
Continuing.

Thread 64 "input_handler" received signal SIG32, Real-time event 32.
[Switching to Thread 0x7fff637fe700 (LWP 20481)]
futex_wait_cancelable (private=0, expected=0, futex_word=0x55555a331cfc) at ../sysdeps/nptl/futex-internal.h:186
186     ../sysdeps/nptl/futex-internal.h: No such file or directory.
(gdb)
Continuing.
[Thread 0x7fff637fe700 (LWP 20481) exited]

Thread 63 "icache_worker" received signal SIG32, Real-time event 32.
[Switching to Thread 0x7fff63fff700 (LWP 20480)]
futex_wait_cancelable (private=0, expected=0, futex_word=0x7fff7c001390) at ../sysdeps/nptl/futex-internal.h:186
186     in ../sysdeps/nptl/futex-internal.h
(gdb)
Continuing.
[Thread 0x7fff63fff700 (LWP 20480) exited]
[Thread 0x7fff78ff9700 (LWP 20479) exited]

Thread 2 "common_main" received signal SIG32, Real-time event 32.
[Switching to Thread 0x7ffff3ca9700 (LWP 20416)]
__pthread_clockjoin_ex (threadid=140737266743040, thread_return=thread_return@entry=0x7ffff3ca8968,
    clockid=clockid@entry=0, abstime=abstime@entry=0x0, block=block@entry=true) at pthread_join_common.c:145
145     pthread_join_common.c: No such file or directory.
(gdb)
Continuing.

Thread 4 "input_handler" received signal SIG32, Real-time event 32.
[Switching to Thread 0x7ffff2ca7700 (LWP 20418)]
futex_wait_cancelable (private=0, expected=0, futex_word=0x55555a2b20a8) at ../sysdeps/nptl/futex-internal.h:186
186     ../sysdeps/nptl/futex-internal.h: No such file or directory.
(gdb)
Continuing.
[Thread 0x7ffff2ca7700 (LWP 20418) exited]

Thread 3 "icache_worker" received signal SIG32, Real-time event 32.
[Switching to Thread 0x7ffff34a8700 (LWP 20417)]
futex_wait_cancelable (private=0, expected=0, futex_word=0x7fffec000ec4) at ../sysdeps/nptl/futex-internal.h:186
186     in ../sysdeps/nptl/futex-internal.h
(gdb)
Continuing.
[Thread 0x7ffff34a8700 (LWP 20417) exited]
[Thread 0x7ffff3ca9700 (LWP 20416) exited]

Thread 39 "common_main" received signal SIG32, Real-time event 32.
[Switching to Thread 0x7fff97fff700 (LWP 20453)]
__pthread_clockjoin_ex (threadid=140735692060416, thread_return=thread_return@entry=0x7fff97ffe968,
    clockid=clockid@entry=0, abstime=abstime@entry=0x0, block=block@entry=true) at pthread_join_common.c:145
145     pthread_join_common.c: No such file or directory.
(gdb)
Continuing.

Thread 41 "input_handler" received signal SIG32, Real-time event 32.
[Switching to Thread 0x7fff94eeb700 (LWP 20457)]
futex_wait_cancelable (private=0, expected=0, futex_word=0x55555a31ad38) at ../sysdeps/nptl/futex-internal.h:186
186     ../sysdeps/nptl/futex-internal.h: No such file or directory.
(gdb)
Continuing.
[Thread 0x7fff94eeb700 (LWP 20457) exited]

Thread 40 "icache_worker" received signal SIG32, Real-time event 32.
[Switching to Thread 0x7fff977fe700 (LWP 20454)]
futex_wait_cancelable (private=0, expected=0, futex_word=0x7fff90004604) at ../sysdeps/nptl/futex-internal.h:186
186     in ../sysdeps/nptl/futex-internal.h
(gdb)
Continuing.
[Thread 0x7fff977fe700 (LWP 20454) exited]
[Thread 0x7fff97fff700 (LWP 20453) exited]

Thread 24 "common_main" received signal SIG32, Real-time event 32.
[Switching to Thread 0x7fffbb7fe700 (LWP 20438)]
__pthread_clockjoin_ex (threadid=140736322324224, thread_return=thread_return@entry=0x7fffbb7fd968, clockid=clockid@entry=0, abstime=abstime@entry=0x0,
    block=block@entry=true) at pthread_join_common.c:145
145     pthread_join_common.c: No such file or directory.
(gdb)
Continuing.

Thread 26 "input_handler" received signal SIG32, Real-time event 32.
[Switching to Thread 0x7fffba7fc700 (LWP 20440)]
futex_wait_cancelable (private=0, expected=0, futex_word=0x55555a310978) at ../sysdeps/nptl/futex-internal.h:186
186     ../sysdeps/nptl/futex-internal.h: No such file or directory.
(gdb)
Continuing.
[Thread 0x7fffba7fc700 (LWP 20440) exited]

Thread 25 "icache_worker" received signal SIG32, Real-time event 32.
[Switching to Thread 0x7fffbaffd700 (LWP 20439)]
futex_wait_cancelable (private=0, expected=0, futex_word=0x7fffa8004644) at ../sysdeps/nptl/futex-internal.h:186
186     in ../sysdeps/nptl/futex-internal.h
(gdb)
Continuing.
[Thread 0x7fffbaffd700 (LWP 20439) exited]
[Thread 0x7fffbb7fe700 (LWP 20438) exited]

Thread 48 "common_main" received signal SIG32, Real-time event 32.
[Switching to Thread 0x7fff7bfff700 (LWP 20465)]
__pthread_clockjoin_ex (threadid=140735256975104, thread_return=thread_return@entry=0x7fff7bffe968, clockid=clockid@entry=0, abstime=abstime@entry=0x0,
    block=block@entry=true) at pthread_join_common.c:145
145     pthread_join_common.c: No such file or directory.
(gdb)
Continuing.

Thread 50 "input_handler" received signal SIG32, Real-time event 32.
[Switching to Thread 0x7fff7affd700 (LWP 20467)]
futex_wait_cancelable (private=0, expected=0, futex_word=0x55555a31c55c) at ../sysdeps/nptl/futex-internal.h:186
186     ../sysdeps/nptl/futex-internal.h: No such file or directory.
(gdb)
Continuing.
[Thread 0x7fff7affd700 (LWP 20467) exited]

Thread 49 "icache_worker" received signal SIG32, Real-time event 32.
[Switching to Thread 0x7fff7b7fe700 (LWP 20466)]
futex_wait_cancelable (private=0, expected=0, futex_word=0x7fff74040b54) at ../sysdeps/nptl/futex-internal.h:186
186     in ../sysdeps/nptl/futex-internal.h
(gdb)
Continuing.
[Thread 0x7fff7b7fe700 (LWP 20466) exited]
[Thread 0x7fff7bfff700 (LWP 20465) exited]

Thread 52 "common_main" received signal SIG32, Real-time event 32.
[Switching to Thread 0x7fff7a7fc700 (LWP 20469)]
__pthread_clockjoin_ex (threadid=140735231796992, thread_return=thread_return@entry=0x7fff7a7fb968, clockid=clockid@entry=0, abstime=abstime@entry=0x0,
    block=block@entry=true) at pthread_join_common.c:145
145     pthread_join_common.c: No such file or directory.
(gdb)
Continuing.

Thread 54 "input_handler" received signal SIG32, Real-time event 32.
[Switching to Thread 0x7fff797fa700 (LWP 20471)]
futex_wait_cancelable (private=0, expected=0, futex_word=0x55555a31daec) at ../sysdeps/nptl/futex-internal.h:186
186     ../sysdeps/nptl/futex-internal.h: No such file or directory.
(gdb)
Continuing.
[Thread 0x7fff797fa700 (LWP 20471) exited]

Thread 53 "icache_worker" received signal SIG32, Real-time event 32.
[Switching to Thread 0x7fff79ffb700 (LWP 20470)]
futex_wait_cancelable (private=0, expected=0, futex_word=0x7fff640067b0) at ../sysdeps/nptl/futex-internal.h:186
186     in ../sysdeps/nptl/futex-internal.h
(gdb)
Continuing.
[Thread 0x7fff79ffb700 (LWP 20470) exited]
[Thread 0x7fff7a7fc700 (LWP 20469) exited]

Thread 70 "common_main" received signal SIG32, Real-time event 32.
[Switching to Thread 0x7fff62ffd700 (LWP 20487)]
__pthread_clockjoin_ex (threadid=140734837536512, thread_return=thread_return@entry=0x7fff62ffc968, clockid=clockid@entry=0, abstime=abstime@entry=0x0,
    block=block@entry=true) at pthread_join_common.c:145
145     pthread_join_common.c: No such file or directory.
(gdb)
Continuing.

Thread 72 "input_handler" received signal SIG32, Real-time event 32.
[Switching to Thread 0x7fff61ffb700 (LWP 20489)]
futex_wait_cancelable (private=0, expected=0, futex_word=0x55555a337aec) at ../sysdeps/nptl/futex-internal.h:186
186     ../sysdeps/nptl/futex-internal.h: No such file or directory.
(gdb)
Continuing.
[Thread 0x7fff61ffb700 (LWP 20489) exited]

Thread 71 "icache_worker" received signal SIG32, Real-time event 32.
[Switching to Thread 0x7fff627fc700 (LWP 20488)]
futex_wait_cancelable (private=0, expected=0, futex_word=0x7fffa80086f0) at ../sysdeps/nptl/futex-internal.h:186
186     in ../sysdeps/nptl/futex-internal.h
(gdb)
Continuing.
[Thread 0x7fff627fc700 (LWP 20488) exited]
[Thread 0x7fff62ffd700 (LWP 20487) exited]

Thread 99 "common_main" received signal SIG32, Real-time event 32.
[Switching to Thread 0x7fff617fa700 (LWP 20516)]
__pthread_clockjoin_ex (threadid=140734736889600, thread_return=thread_return@entry=0x7fff617f9968, clockid=clockid@entry=0, abstime=abstime@entry=0x0,
    block=block@entry=true) at pthread_join_common.c:145
145     pthread_join_common.c: No such file or directory.
(gdb)
Continuing.

Thread 101 "input_handler" received signal SIG32, Real-time event 32.
[Switching to Thread 0x7fff5bfff700 (LWP 20518)]
futex_wait_cancelable (private=0, expected=0, futex_word=0x55555a34fa5c) at ../sysdeps/nptl/futex-internal.h:186
186     ../sysdeps/nptl/futex-internal.h: No such file or directory.
(gdb)
Continuing.
[Thread 0x7fff5bfff700 (LWP 20518) exited]

Thread 100 "icache_worker" received signal SIG32, Real-time event 32.
[Switching to Thread 0x7fff60ff9700 (LWP 20517)]
futex_wait_cancelable (private=0, expected=0, futex_word=0x7fffa4008d80) at ../sysdeps/nptl/futex-internal.h:186
186     in ../sysdeps/nptl/futex-internal.h
(gdb)
Continuing.
[Thread 0x7fff60ff9700 (LWP 20517) exited]
[Thread 0x7fff617fa700 (LWP 20516) exited]

Thread 10 "common_main" received signal SIG32, Real-time event 32.
[Switching to Thread 0x7ffff0c96700 (LWP 20424)]
__pthread_clockjoin_ex (threadid=140736741762816, thread_return=thread_return@entry=0x7ffff0c95968, clockid=clockid@entry=0, abstime=abstime@entry=0x0,
    block=block@entry=true) at pthread_join_common.c:145
145     pthread_join_common.c: No such file or directory.
(gdb)
Continuing.

Thread 12 "input_handler" received signal SIG32, Real-time event 32.
[Switching to Thread 0x7fffd37fe700 (LWP 20426)]
futex_wait_cancelable (private=0, expected=0, futex_word=0x55555a248948) at ../sysdeps/nptl/futex-internal.h:186
186     ../sysdeps/nptl/futex-internal.h: No such file or directory.
(gdb)
Continuing.
[Thread 0x7fffd37fe700 (LWP 20426) exited]

Thread 11 "icache_worker" received signal SIG32, Real-time event 32.
[Switching to Thread 0x7fffd3fff700 (LWP 20425)]
futex_wait_cancelable (private=0, expected=0, futex_word=0x7fffd4002ce4) at ../sysdeps/nptl/futex-internal.h:186
186     in ../sysdeps/nptl/futex-internal.h
(gdb)
Continuing.
[Thread 0x7fffd3fff700 (LWP 20425) exited]
[Thread 0x7ffff0c96700 (LWP 20424) exited]

Thread 18 "common_main" received signal SIG32, Real-time event 32.
[Switching to Thread 0x7fffd17fa700 (LWP 20432)]
__pthread_clockjoin_ex (threadid=140736347502336, thread_return=thread_return@entry=0x7fffd17f9968, clockid=clockid@entry=0, abstime=abstime@entry=0x0,
    block=block@entry=true) at pthread_join_common.c:145
145     pthread_join_common.c: No such file or directory.
(gdb)
Continuing.

Thread 20 "input_handler" received signal SIG32, Real-time event 32.
[Switching to Thread 0x7fffbbfff700 (LWP 20434)]
futex_wait_cancelable (private=0, expected=0, futex_word=0x55555a30f768) at ../sysdeps/nptl/futex-internal.h:186
186     ../sysdeps/nptl/futex-internal.h: No such file or directory.
(gdb)
Continuing.
[Thread 0x7fffbbfff700 (LWP 20434) exited]

Thread 19 "icache_worker" received signal SIG32, Real-time event 32.
[Switching to Thread 0x7fffd0ff9700 (LWP 20433)]
futex_wait_cancelable (private=0, expected=0, futex_word=0x7fffc0004574) at ../sysdeps/nptl/futex-internal.h:186
186     in ../sysdeps/nptl/futex-internal.h
(gdb)
Continuing.
[Thread 0x7fffd0ff9700 (LWP 20433) exited]
[Thread 0x7fffd17fa700 (LWP 20432) exited]

Thread 6 "common_main" received signal SIG32, Real-time event 32.
[Switching to Thread 0x7ffff24a6700 (LWP 20420)]
__pthread_clockjoin_ex (threadid=140737241511680, thread_return=thread_return@entry=0x7ffff24a5968, clockid=clockid@entry=0, abstime=abstime@entry=0x0,
    block=block@entry=true) at pthread_join_common.c:145
145     pthread_join_common.c: No such file or directory.
(gdb)
Continuing.

Thread 8 "input_handler" received signal SIG32, Real-time event 32.
[Switching to Thread 0x7ffff1497700 (LWP 20422)]
futex_wait_cancelable (private=0, expected=0, futex_word=0x55555a2d6da8) at ../sysdeps/nptl/futex-internal.h:186
186     ../sysdeps/nptl/futex-internal.h: No such file or directory.
(gdb)
Continuing.
[Thread 0x7ffff1497700 (LWP 20422) exited]

Thread 7 "icache_worker" received signal SIG32, Real-time event 32.
[Switching to Thread 0x7ffff1c98700 (LWP 20421)]
futex_wait_cancelable (private=0, expected=0, futex_word=0x7fffe8002ce4) at ../sysdeps/nptl/futex-internal.h:186
186     in ../sysdeps/nptl/futex-internal.h
(gdb)
Continuing.
[Thread 0x7ffff1c98700 (LWP 20421) exited]
[Thread 0x7ffff24a6700 (LWP 20420) exited]

Thread 43 "common_main" received signal SIG32, Real-time event 32.
[Switching to Thread 0x7fff8ffff700 (LWP 20459)]
__pthread_clockjoin_ex (threadid=140735557842688, thread_return=thread_return@entry=0x7fff8fffe968, clockid=clockid@entry=0,
    abstime=abstime@entry=0x0, block=block@entry=true) at pthread_join_common.c:145
145     pthread_join_common.c: No such file or directory.
(gdb)
Continuing.

Thread 45 "input_handler" received signal SIG32, Real-time event 32.
[Switching to Thread 0x7fff8ceeb700 (LWP 20462)]
futex_wait_cancelable (private=0, expected=0, futex_word=0x55555a31d0c8) at ../sysdeps/nptl/futex-internal.h:186
186     ../sysdeps/nptl/futex-internal.h: No such file or directory.
(gdb)
Continuing.
[Thread 0x7fff8ceeb700 (LWP 20462) exited]

Thread 43 "common_main" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fff8ffff700 (LWP 20459)]
0x00007ffff7360c71 in pkgCacheFile::Close() () from /lib/x86_64-linux-gnu/libapt-pkg.so.6.0
(gdb)
Continuing.
[Thread 0x7fff8ffff700 (LWP 20459) exited]
[Thread 0x7fff8f7fe700 (LWP 20460) exited]
[Thread 0x7fffd1ffb700 (LWP 20430) exited]
[Thread 0x7fffd27fc700 (LWP 20429) exited]
[Thread 0x7ffff3cacb40 (LWP 20410) exited]

Program terminated with signal SIGSEGV, Segmentation fault.
The program no longer exists.
(gdb)
The program is not being run.
(gdb)

A problem with the scanner in the pthread_join function ?
In the libapt-pkg library ?
Still trying to find the line that segfault...

mdedonno@debian11openscap:~$ sudo apt install libapt-pkg-dev
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
libapt-pkg-dev is already the newest version (2.2.4).
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
mdedonno@debian11openscap:~$ sudo apt install libapt-pkg6.0
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
libapt-pkg6.0 is already the newest version (2.2.4).
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

[mdedonno1337]

With this patch in the scanner, the segfault disapears:

diff --git a/src/OVAL/probes/probe/probe_main.c b/src/OVAL/probes/probe/probe_main.c
index 5968c9292..3769c372c 100644
--- a/src/OVAL/probes/probe/probe_main.c
+++ b/src/OVAL/probes/probe/probe_main.c
@@ -158,7 +158,7 @@ static void probe_common_main_cleanup(void *arg)

        probe_fini_function_t fini_function = probe_table_get_fini_function(probe->subtype);
        if (fini_function != NULL) {
-               fini_function(probe->probe_arg);
+               /* fini_function(probe->probe_arg); */
        }

        probe_rcache_free(probe->rcache);

I know that this shall not be done, but at least we can narrow down the problem... Maybe

[mdedonno1337]

(gdb) n
(gdb) s
dpkginfo_probe_fini (ptr=0x7ffff7fc95e0 <g_dpkg>) at /home/mdedonno/openscap/src/OVAL/probes/unix/linux/dpkginfo_probe.c:93
(gdb) b /home/mdedonno/openscap/src/OVAL/probes/unix/linux/dpkginfo_probe.c:93
Breakpoint 2 at 0x7ffff7f5eae0: file /home/mdedonno/openscap/src/OVAL/probes/unix/linux/dpkginfo_probe.c, line 93.
(gdb) n
(gdb) s
dpkginfo_fini () at /home/mdedonno/openscap/src/OVAL/probes/unix/linux/dpkginfo-helper.cxx:136
(gdb) print cgCache
$3 = (pkgCacheFile *) 0x0
(gdb)

Is this OK that the cgCache variable is 0x0, but the code still want to cgCache->Close(); ?

[mdedonno1337]

With this, the scanner is OK and the segfault disapears:

diff --git a/src/OVAL/probes/unix/linux/dpkginfo-helper.cxx b/src/OVAL/probes/unix/linux/dpkginfo-helper.cxx
index ebde65976..497a99835 100644
--- a/src/OVAL/probes/unix/linux/dpkginfo-helper.cxx
+++ b/src/OVAL/probes/unix/linux/dpkginfo-helper.cxx
@@ -133,6 +133,7 @@ int dpkginfo_init()

 int dpkginfo_fini()
 {
+    if (cgCache != NULL)
         cgCache->Close();

         delete cgCache;

I will make the PR on the scanner repo and link here.
Thanks !

[ggbecker]

Thank you for all the effort you put narrowing down the issue.