I'm seeing osqueryd segfaulting on some of our instances, what can I check here to see why?

on mac os you could look for

/Library/Logs/DiagnosticReports/*osquery*.crash

this is on rhel itself

I’ve seen a bug report about the

magic

table, is there any chance it is being used in your query packs? EDIT: fixed the table name

no, we're just getting a list of packages and processes

There should be a

osquery-debuginfo

package to be installed so that symbols are available when looking at stack traces

how do I use that?

That package exists only to install the debug symbols; to get a stack trace you either have to run osquery under a debugger (gdb), or have core dumps enabled and point gdb to it.

it's not clear how to enable core dumps for osquery

You might want to look at https://access.redhat.com/solutions/56021. There’s no specific way for osquery, it’s a system feature to enable system wide or temporarily in a shell where you would then launch osquery. The procedure differs slightly from distro to distro and versions; that link should help.