Channels
doorman
infrastructure
random
zercurity
community-feeds
fleet-dev
code-review
queryhub
apple-silicon
carving
tls
fim
goquery
zentral
aws
querycon
golang
zeek
file-carving
fuzzing
auditing-warroom
linen-dev
fleetosquery
plugins
jobs
arm-architecture
darkbytes
process-auditing
uptycs
android_tests
selfgroup
vendor-feeds
fleet
eclecticiq-polylogyx-extension
ebpf
website
core
general
macos
kolide
osctrl
extensions
foundation
sql
officehours
linux
windows
Title
s
sanjaykcse
03/05/2021, 10:41 AMI am getting peculiar issue with osquery daemon. In my setup , osquery daemon is taking to fleet and configure to send log/results to fleet.
If fleet is down or there is no connectivity between fleet and osqueryd for 3- mins to 1hr , the worker thread is getting segfault and core dumps continuously . If I set logger_plugin to filesystem , fleed does not receive results also .
Any suggestion , how to fix this ?
👀 1
I seems the worker thread is not starting and getting SIGSEGV again and again ( due to some resource limit ????)
warning: Unable to find libthread_db matching inferior's thread library, thread debugging will not be available.
Core was generated by `osquery                         '.
Program terminated with signal SIGSEGV, Segmentation fault.
#0Â 0x00005558cba9552d in ?? ()
[Current thread is 1 (LWP 6886)]
(gdb) bt
#0Â 0x00005558cba9552d in ?? ()
#1Â 0x00005558cbad13fa in ?? ()
#2Â 0x00005558cbad205f in ?? ()
#3Â 0x00005558cbad1f24 in ?? ()
#4Â 0x00005558cbad1b0e in ?? ()
#5Â 0x00005558cbad6867 in ?? ()
#6Â 0x00005558cc77d799 in ?? ()
#7Â 0x00005558cc6de1da in ?? ()
#8Â 0x00005558cc6dc313 in ?? ()
#9Â 0x00005558cc6b25ba in ?? ()
#10 0x00005558cc6b0f97 in ?? ()
#11 0x00005558cc6b0d88 in ?? ()
#12 0x00005558cc580044 in ?? ()
#13 0x00005558cbb89b78 in ?? ()
#14 0x00005558cbb8a0f2 in ?? ()
#15 0x00005558cbb897ff in ?? ()
#16 0x00007f9b70346a97 in __libc_start_main () from /lib/x86_64-linux-gnu/libc.so.6
#17 0x00005558cba45029 in ?? ()
#18 0x00007ffee2524648 in ?? ()
#19 0x000000000000001c in ?? ()
#20 0x0000000000000005 in ?? ()
#21 0x00007ffee2524ae3 in ?? ()
#22 0x00007ffee2524aeb in ?? ()
#23 0x00007ffee2524af3 in ?? ()
#24 0x00007ffee2524af7 in ?? ()
#25 0x00007ffee2524b02 in ?? ()
#26 0x0000000000000000 in ?? ()
flags:
--enroll_secret_path=/etc/osquery/cert/secret
--tls_server_certs=/etc/osquery/cert/serv.crt
--tls_hostname=< fleet URL>:8080
--config_refresh=10
--logger_plugin=tls
--logger_tls_endpoint=/api/v1/osquery/log
--logger_tls_period=10
--database_path=/tmp/osquery.db
--pidfile=/tmp/osquery.pid
--host_identifier=uuid
--force=true
--config_plugin=tls
--config_tls_endpoint=/api/v1/osquery/config
--config_tls_refresh=30
--disable_distributed=false
--distributed_interval=3
--distributed_plugin=tls
--config_tls_max_attempts=3
--distributed_tls_max_attempts=3
--distributed_tls_read_endpoint=/api/v1/osquery/distributed/read
--distributed_tls_write_endpoint=/api/v1/osquery/distributed/write
--hash_delay=20
--pack_refresh_interval=60
--schedule_splay_percent=20
--table_delay=20
--enroll_tls_endpoint=/api/v1/osquery/enroll
--disable_watchdog=false
--watchdog_delay=120
--watchdog_level=1
--watchdog_memory_limit=100
--watchdog_utilization_limit=5
--buffered_log_max=10000
--tls_dump=true
--verbose
seems this got fixed recently https://github.com/osquery/osquery/issues/6887 by @theopolis