Great, I will go on upgrading to v8.15 then! Thanks a lot for the help!
Best regards, Klearchos -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of EXT Peter Portante Sent: Saturday, December 19, 2015 6:38 PM To: rsyslog-users <[email protected]> Subject: Re: [rsyslog] rsyslog coredumps when sd_journal_get_data() returns <0 On Thu, Dec 17, 2015 at 5:06 PM, David Lang <[email protected]> wrote: > 8.15 fixes a number of bugs, including at least one where referencing an > undefined variable causes problems. > > I don't know if that fixes this, or if this is separate (I think it may be > separate, but I wanted to let you know of the other changes) > > we've also identified another bug in json-c that can cause problems if you > have tags set in mmnormalize. We're working on testing that fix now. > > David Lang > > On Thu, 17 Dec 2015, Chaloulos, Klearchos (Nokia - GR/Athens) wrote: > > Date: Thu, 17 Dec 2015 20:16:40 +0000 >> From: "Chaloulos, Klearchos (Nokia - GR/Athens)" >> <[email protected]> >> Reply-To: rsyslog-users <[email protected]> >> To: "[email protected]" <[email protected]> >> Subject: [rsyslog] rsyslog coredumps when sd_journal_get_data() returns <0 >> >> >> Hello, >> >> We have observed several coredumps of rsyslogd (imjournal plugin), >> receiving signal SIGSEGV. The reason appears to be that that >> sd_journal_get_data() returns <0 when trying to retrieve the MESSAGE field. >> As I saw it, the flow was: >> >> Starting at imjournal.c:247 : if (sd_journal_get_data(j, "MESSAGE", &get, >> &length) < 0) >> >> sd_journal_get_data() returned <0. Then the string message is set to "". >> >> Then enqMsg() was called, with message="" >> After that, SanitizeMsg() was called, with >> pMsg->pszRawMsg = "" >> pMsg->iLenRawMsg = 0, >> > Looks like this commit fixed this problem: https://github.com/rsyslog/rsyslog/commit/833bd4a7746d7084db7c52377a294852c5a4896e It appears to be available in v8.12 and later. -peter > >> which violates the assertions at parser.c:404: >> assert(pMsg != NULL); >> assert(pMsg->iLenRawMsg > 0); >> >> Then rsyslogd received a SIGSEGV at parser.c:483. >> >> Maybe the handling of the case when sd_journal_get_data() returns <0 is >> not the best one, although I do not know the code well in order to suggest >> something better. >> >> Any help is greatly appreciated. >> >> Attached is the backtrace from the coredump, plus the rsyslog >> configuration file. >> >> We use version 8.10.0: >> # /usr/sbin/rsyslogd -version >> rsyslogd 8.10.0, compiled with: >> PLATFORM: x86_64-unknown-linux-gnu >> PLATFORM (lsb_release -d): >> FEATURE_REGEXP: Yes >> GSSAPI Kerberos 5 support: No >> FEATURE_DEBUG (debug build, slow code): No >> 32bit Atomic operations supported: Yes >> 64bit Atomic operations supported: Yes >> memory allocator: system default >> Runtime Instrumentation (slow code): No >> uuid support: Yes >> Number of Bits in RainerScript integers: 64 >> >> # systemctl --version >> systemd 225 >> +PAM +AUDIT -SELINUX -IMA -APPARMOR -SMACK +SYSVINIT +UTMP -LIBCRYPTSETUP >> -GCRYPT -GNUTLS +ACL +XZ -LZ4 -SECCOMP +BLKID +ELFUTILS +KMOD +IDN >> >> Kernel version is 3.18.13. >> >> Best regards, >> >> Klearchos >> >> _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T LIKE THAT. > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
