[osquery 5.13.1] osqueryd crashing on Fedora 40 host with distributed queries #20594
Comments
dherder
added
bug
|
For whoever looks at this issue, we have repro'd in our cloud eval environment. Please reach out to me for the creds to access. |
sharon-fdm
added
:release
|
Reproduced by @dherder removing the |
|
@sharon-fdm this is a high priority issue for prospect-redwine. Should we add the "P2" label? |
|
Seems related to kolide/launcher#1773 And see public discussion here. |
|
@dherder, makes sense to me to add P2. |
|
@dherder @sharon-fdm Agreed, upgrading to P2. |
|
Thanks @lukeheath |
|
UPDATE: How to reproduceWe've reproduced the issue in Fedora 38 and 40 (most likely it's on Fedora 39 too). You can reproduce this by running the following query: What's happeningI've opened an osquery issue that describes the findings so far: osquery/osquery#8384. Next stepsStefano from the osquery team will try to upgrade librpm in osquery from 4.18.0 to 4.18.2. 4.18.2 has the following fix related to the segfault: https://patchwork.yoctoproject.org/project/oe-core/patch/[email protected]. We believe that upgrading may fix the crash. |
lucasmrod
changed the title
|
Removing Fleet's milestone as this is an osquery core bug (being fixed in 5.13.1 or 5.14.0, TBD) |
|
I can confirm that the update of librpm from 4.18.0 to 4.18.2 fixed the issue (no more crashes when querying |
lucasmrod
changed the title
|
Confirmed no crashes on Fedora 38. |
|
Fedora host finds calm, |
Fleet version: 4.53.1
π₯ Β Actual behavior
When running fleetd on a Fedora 40 host, continued osqueryd crashing is observed.
π§βπ» Β Steps to reproduce
Crash logs:
https://drive.google.com/file/d/1oazsLdWMmoMLRMYPbINV409n199Fj_sj/view?usp=drive_link
The text was updated successfully, but these errors were encountered: