Red Hat Bugzilla – Bug 1224538
[abrt] rsyslog: SanitizeMsg(): rsyslogd killed by SIGSEGV
Last modified: 2015-07-20 05:09:55 EDT
Description of problem: No specific unusual actions. I was browsing in Firefox at the time. Version-Release number of selected component: rsyslog-8.8.0-2.fc22 Additional info: reporter: libreport-2.5.1 backtrace_rating: 4 cmdline: /usr/sbin/rsyslogd -n crash_function: SanitizeMsg executable: /usr/sbin/rsyslogd global_pid: 804 kernel: 4.0.4-300.fc22.x86_64 runlevel: unknown type: CCpp uid: 0 var_log_messages: [System Logs]:\n-- Logs begin at Thu 2014-03-06 21:34:57 GMT, end at Sun 2015-05-24 10:46:53 BST. -- Truncated backtrace: Thread no. 1 (5 frames) #0 SanitizeMsg at parser.c:483 #1 enqMsg at imjournal.c:193 #2 readjournal at imjournal.c:415 #3 runInput at imjournal.c:634 #4 thrdStarter at ../threads.c:212
Created attachment 1029171 [details] File: backtrace
Created attachment 1029172 [details] File: cgroup
Created attachment 1029173 [details] File: core_backtrace
Created attachment 1029174 [details] File: dso_list
Created attachment 1029175 [details] File: environ
Created attachment 1029176 [details] File: limits
Created attachment 1029177 [details] File: maps
Created attachment 1029178 [details] File: mountinfo
Created attachment 1029179 [details] File: namespaces
Created attachment 1029180 [details] File: open_fds
Created attachment 1029181 [details] File: proc_pid_status
I haven't seen a crash, but I can observe the issue under valgrind. Can be reproduced with something like: python -c "from systemd import journal; journal.send('', SYSLOG_FACILITY='10', PRIORITY='4')" Will be fixed with the next update.
I get what seems to be the same crash. Under gdb (running with 'run -n -d') I see: Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7fffd0055700 (LWP 15787)] SanitizeMsg (pMsg=0x7fffc829b760) at parser.c:483 483 if((pszMsg[iSrc] < 32) && (pszMsg[iSrc] != '\t' || glbl.GetParserEscapeControlCharacterTab())) { (gdb) where #0 SanitizeMsg (pMsg=0x7fffc829b760) at parser.c:483 #1 0x00007ffff63a5030 in enqMsg (json=0x7fffc829a770, tp=0x7fffd0054ca0, iSeverity=6, iFacility=3, pszTag=0x7fffc8293a80 "vmnet-dhcpd:", msg=0x7fffc82908c0 "") at imjournal.c:193 #2 readjournal () at imjournal.c:415 #3 runInput (pThrd=<optimized out>) at imjournal.c:634 #4 0x0000555555598280 in thrdStarter (arg=0x55555581e6a0) at ../threads.c:212 #5 0x00007ffff79b1555 in start_thread (arg=0x7fffd0055700) at pthread_create.c:333 #6 0x00007ffff68aff3d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109 My personal view is that this is a high-priority issue as it can completely cripple syslog logging on Fedora 22 machines (and since it involves a SEGV based on user-generated input, is it possible that this is a security issue?).
rsyslog-8.8.0-3.fc22 has been submitted as an update for Fedora 22. https://admin.fedoraproject.org/updates/rsyslog-8.8.0-3.fc22
Package rsyslog-8.8.0-3.fc22: * should fix your issue, * was pushed to the Fedora 22 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing rsyslog-8.8.0-3.fc22' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2015-11039/rsyslog-8.8.0-3.fc22 then log in and leave karma (feedback).
rsyslog-8.8.0-3.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.