Actually looks like this has nothing to do with LTO and there is no such symbol in plugins/audit_json/audit_json.c and plugins/audit_json/audit_json.exp exports only audit_json.

I think you may be confused by the fact that there are now multiple audit plugins.

The audit_json.so plugin exports the audit_json symbol

The sudoers.so plugin exports the sudoers_audit symbol

There was a bug in sudo 1.9.1 where the sudoers_audit symbol was missing from plugins/sudoers/sudoers.exp but that was fixed in sudo 1.9.2.

I built sudo 1.9.2 on Ubuntu 20.04 with "gcc -flto" and it worked fine for me.

If this is still a problem, can you provide more details about what OS you are running, which compiler and what the compiler options are?  Also, any Plugin lines from your sudo.conf file if you have one.

> Actually looks like this has nothing to do with LTO and there is no such symbol in plugins/audit_json/audit_json.c and plugins/audit_json/audit_json.exp exports only audit_json.

OK. So still I cannot figure out why sudo compiled by me fails with reported message.

Do you have any idea with what kind conditions this may happen?

I don't see in my own package anything like sudoers_audit plugin and I don't see something like that in Fedora package as well

$ rpm -qlv sudo | grep so$
-rw-r--r--    1 root     root                    64784 Oct  4 12:11 /usr/lib64/modules/sudo/audit_json.so
-rw-r--r--    1 root     root                    34080 Oct  4 12:11 /usr/lib64/modules/sudo/group_file.so
-rw-r--r--    1 root     root                    28344 Oct  4 12:11 /usr/lib64/modules/sudo/sample_approval.so
-rw-r--r--    1 root     root                  2173992 Oct  4 12:11 /usr/lib64/modules/sudo/sudoers.so
-rw-r--r--    1 root     root                    24216 Oct  4 12:11 /usr/lib64/modules/sudo/system_group.so
-rw-r--r--    1 root     root                    28944 Oct  4 12:11 /usr/libexec/sudo/sudo_noexec.so

Even stranger is trat in strace output I don't see that sudo is trying to download any laodable module:

[root@barrel etc]# strace -fe trace=file sudo -Hi
execve("/usr/bin/sudo", ["sudo", "-Hi"], 0x7ffe5f3e1238 /* 26 vars */) = 0
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib64/modules/sudo/tls/haswell/avx512_1/x86_64/libselinux.so.1", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
stat("/usr/lib64/modules/sudo/tls/haswell/avx512_1/x86_64", 0x7fff957c80f0) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib64/modules/sudo/tls/haswell/avx512_1/libselinux.so.1", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
stat("/usr/lib64/modules/sudo/tls/haswell/avx512_1", 0x7fff957c80f0) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib64/modules/sudo/tls/haswell/x86_64/libselinux.so.1", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
stat("/usr/lib64/modules/sudo/tls/haswell/x86_64", 0x7fff957c80f0) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib64/modules/sudo/tls/haswell/libselinux.so.1", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
stat("/usr/lib64/modules/sudo/tls/haswell", 0x7fff957c80f0) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib64/modules/sudo/tls/avx512_1/x86_64/libselinux.so.1", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
stat("/usr/lib64/modules/sudo/tls/avx512_1/x86_64", 0x7fff957c80f0) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib64/modules/sudo/tls/avx512_1/libselinux.so.1", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
stat("/usr/lib64/modules/sudo/tls/avx512_1", 0x7fff957c80f0) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib64/modules/sudo/tls/x86_64/libselinux.so.1", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
stat("/usr/lib64/modules/sudo/tls/x86_64", 0x7fff957c80f0) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib64/modules/sudo/tls/libselinux.so.1", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
stat("/usr/lib64/modules/sudo/tls", 0x7fff957c80f0) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib64/modules/sudo/haswell/avx512_1/x86_64/libselinux.so.1", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
stat("/usr/lib64/modules/sudo/haswell/avx512_1/x86_64", 0x7fff957c80f0) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib64/modules/sudo/haswell/avx512_1/libselinux.so.1", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
stat("/usr/lib64/modules/sudo/haswell/avx512_1", 0x7fff957c80f0) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib64/modules/sudo/haswell/x86_64/libselinux.so.1", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
stat("/usr/lib64/modules/sudo/haswell/x86_64", 0x7fff957c80f0) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib64/modules/sudo/haswell/libselinux.so.1", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
stat("/usr/lib64/modules/sudo/haswell", 0x7fff957c80f0) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib64/modules/sudo/avx512_1/x86_64/libselinux.so.1", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
stat("/usr/lib64/modules/sudo/avx512_1/x86_64", 0x7fff957c80f0) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib64/modules/sudo/avx512_1/libselinux.so.1", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
stat("/usr/lib64/modules/sudo/avx512_1", 0x7fff957c80f0) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib64/modules/sudo/x86_64/libselinux.so.1", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
stat("/usr/lib64/modules/sudo/x86_64", 0x7fff957c80f0) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib64/modules/sudo/libselinux.so.1", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
stat("/usr/lib64/modules/sudo", {st_mode=S_IFDIR|0755, st_size=166, ...}) = 0
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
openat(AT_FDCWD, "/lib64/libselinux.so.1", O_RDONLY|O_CLOEXEC) = 3
openat(AT_FDCWD, "/usr/lib64/modules/sudo/libutil.so.1", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/lib64/libutil.so.1", O_RDONLY|O_CLOEXEC) = 3
openat(AT_FDCWD, "/usr/lib64/modules/sudo/libsudo_util.so.0", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/lib64/libsudo_util.so.0", O_RDONLY|O_CLOEXEC) = 3
openat(AT_FDCWD, "/usr/lib64/modules/sudo/sudoers.so", O_RDONLY|O_CLOEXEC) = 3
openat(AT_FDCWD, "/usr/lib64/modules/sudo/libaudit.so.1", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/lib64/libaudit.so.1", O_RDONLY|O_CLOEXEC) = 3
openat(AT_FDCWD, "/usr/lib64/modules/sudo/libpthread.so.0", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/lib64/libpthread.so.0", O_RDONLY|O_CLOEXEC) = 3
openat(AT_FDCWD, "/usr/lib64/modules/sudo/libc.so.6", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/lib64/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
openat(AT_FDCWD, "/lib64/libpcre2-8.so.0", O_RDONLY|O_CLOEXEC) = 3
openat(AT_FDCWD, "/lib64/libdl.so.2", O_RDONLY|O_CLOEXEC) = 3
openat(AT_FDCWD, "/lib64/libcrypto.so.1.1", O_RDONLY|O_CLOEXEC) = 3
openat(AT_FDCWD, "/lib64/libpam.so.0", O_RDONLY|O_CLOEXEC) = 3
openat(AT_FDCWD, "/lib64/libldap_r-2.4.so.2", O_RDONLY|O_CLOEXEC) = 3
openat(AT_FDCWD, "/lib64/liblber-2.4.so.2", O_RDONLY|O_CLOEXEC) = 3
openat(AT_FDCWD, "/lib64/libssl.so.1.1", O_RDONLY|O_CLOEXEC) = 3
openat(AT_FDCWD, "/lib64/libz.so.1", O_RDONLY|O_CLOEXEC) = 3
openat(AT_FDCWD, "/lib64/libcap-ng.so.0", O_RDONLY|O_CLOEXEC) = 3
openat(AT_FDCWD, "/lib64/libresolv.so.2", O_RDONLY|O_CLOEXEC) = 3
openat(AT_FDCWD, "/lib64/libsasl2.so.3", O_RDONLY|O_CLOEXEC) = 3
openat(AT_FDCWD, "/proc/sys/crypto/fips_enabled", O_RDONLY) = 3
access("/etc/system-fips", F_OK)        = -1 ENOENT (No such file or directory)
statfs("/sys/fs/selinux", {f_type=SELINUX_MAGIC, f_bsize=4096, f_blocks=0, f_bfree=0, f_bavail=0, f_files=0, f_ffree=0, f_fsid={val=[0, 0]}, f_namelen=255, f_frsize=4096, f_flags=ST_VALID|ST_RELATIME}) = 0
statfs("/sys/fs/selinux", {f_type=SELINUX_MAGIC, f_bsize=4096, f_blocks=0, f_bfree=0, f_bavail=0, f_files=0, f_ffree=0, f_fsid={val=[0, 0]}, f_namelen=255, f_frsize=4096, f_flags=ST_VALID|ST_RELATIME}) = 0
access("/etc/selinux/config", F_OK)     = 0
openat(AT_FDCWD, "/usr/lib/locale/locale-archive", O_RDONLY|O_CLOEXEC) = 3
openat(AT_FDCWD, "/etc/localtime", O_RDONLY|O_CLOEXEC) = 3
stat("/etc/sudo.conf", {st_mode=S_IFREG|0644, st_size=4003, ...}) = 0
openat(AT_FDCWD, "/etc/sudo.conf", O_RDONLY) = 3
stat("/etc/sudo.conf", {st_mode=S_IFREG|0644, st_size=4003, ...}) = 0
openat(AT_FDCWD, "/etc/sudo.conf", O_RDONLY) = 3
openat(AT_FDCWD, "/dev/tty", O_RDWR)    = 3
openat(AT_FDCWD, "/etc/nsswitch.conf", O_RDONLY|O_CLOEXEC) = 3
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
openat(AT_FDCWD, "/lib64/libnss_sss.so.2", O_RDONLY|O_CLOEXEC) = 3
openat(AT_FDCWD, "/var/lib/sss/mc/passwd", O_RDONLY|O_CLOEXEC) = 3
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 5
openat(AT_FDCWD, "/lib64/libnss_files.so.2", O_RDONLY|O_CLOEXEC) = 5
openat(AT_FDCWD, "/etc/passwd", O_RDONLY|O_CLOEXEC) = 5
openat(AT_FDCWD, "/proc/sys/kernel/ngroups_max", O_RDONLY) = 5
getcwd("/etc", 4096)                    = 5
openat(AT_FDCWD, "/proc/self/stat", O_RDONLY|O_NOFOLLOW) = 5
stat("/dev/console", {st_mode=S_IFCHR|0620, st_rdev=makedev(0x5, 0x1), ...}) = 0
stat("/dev/pts/18", {st_mode=S_IFCHR|0620, st_rdev=makedev(0x88, 0x12), ...}) = 0
openat(AT_FDCWD, "/usr/share/locale/locale.alias", O_RDONLY|O_CLOEXEC) = 5
openat(AT_FDCWD, "/usr/share/locale/en_GB.UTF-8/LC_MESSAGES/sudo.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/share/locale/en_GB.utf8/LC_MESSAGES/sudo.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/share/locale/en_GB/LC_MESSAGES/sudo.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/share/locale/en.UTF-8/LC_MESSAGES/sudo.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/share/locale/en.utf8/LC_MESSAGES/sudo.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/share/locale/en/LC_MESSAGES/sudo.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
sudo: error in /etc/sudo.conf, line 16 while loading plugin "sudoers_audit"
sudo: unable to find symbol "sudoers_audit" in sudoers.so
sudo: fatal error, unable to load plugins
+++ exited with 1 +++

sudoers.so implements a policy plugin (symbol sudoers_policy), an I/O logging plugin (symbol sudoers_io) and an audit plugin (sudoers_audit).

You haven't included the configure arguments you're using when building sudo which makes it difficult to help you.  There was a bug prior to sudo 1.9.3 where if you built the sudoers plugin statically (via the --enable-static-sudoers configure option), sudoers_audit was not found.

Without more details of how you are building sudo there isn't much I can do.

I just tested that using exactly the same build procedure which configures source soce using:

%build
autoreconf -fiv
%configure \
        --disable-root-mailer \
        --disable-rpath \
        --disable-static \
        --enable-static-sudoers \
        --enable-tmpfiles.d=%{_tmpfilesdir} \
        --with-editor=%{_bindir}/vi \
        --with-env-editor \
        --with-ignore-dot \
        --with-ldap \
        --with-linux-audit \
        --with-logfac=authpriv \
        --with-logging=syslog \
        --with-pam \
        --with-pam-login \
        --with-passprompt="[sudo] password for %p: " \
        --with-plugindir=%{_libdir}/modules/sudo \
        --with-selinux \
        --with-sendmail=%{_prefix}/lib/sendmail \
        --with-sssd \
        --with-tty-tickets \
        %{nil}
%make_build

1.9.1 is OK and 1.9.2 binaries fails with reporeted on the beggining messges.

Sudo 1.9.3 should work for you.  Or you could apply the following change as a patch: https://www.sudo.ws/repos/sudo/rev/f0bd4b5cd7b3

OK I've just tested 1.9.3p1 and looks like everything is OK now.

Thx :)