Created attachment 476497 [details] rsyslogd crash Description of problem: RHEL 5 rsyslog includes a patch, rsyslog-3.22.1-unlimitedselect.patch, that has no effect on the final build due to the autoconf version in RHEL 5 (it's too old). As a result, rsyslog can crash with large numbers of clients. Version-Release number of selected component (if applicable): rsyslog-3.22.1-3.el5_5.1 How reproducible: every time Steps to Reproduce: 0. Set SELinux in Permissive mode or Disabled setenforce Permissive The policies prevent rsyslogd from increasing the limit on open files; this is a separate problem with the policies and I'll open another bz for it. 1. Update rsyslog configuration and start it vim /etc/sysconfig/rsyslog SYSLOGD_OPTIONS="-c3" vim /etc/rsyslog.conf # Add these lines after '$ModLoad imuxsock' line $ModLoad imtcp.so $MaxOpenFiles 2100 $InputTCPMaxSessions 1100 $InputTCPServerRun 514 service rsyslog start 2. Download rsyslog-4.6.5 to get the tcpflood test program cd /tmp wget http://www.rsyslog.com/files/download/rsyslog/rsyslog-4.6.5.tar.gz tar xzf rsyslog-4.6.5.tar.gz cd rsyslog-4.6.5 ./configure cd tests make tcpflood 3. Run tcpflood against the server cd /tmp/rsyslog-4.6.5/tests ./tcpflood -p514 -c1100 -m1000 Actual results: rsyslogd crashes Expected results: rsyslogd handles the load Additional info: Traceback from rsyslogd is attached You can see that the ulimited select patch is ineffective during the rpmbuild: [rpmbuild@localhost SPECS]$ rpmbuild -bc rsyslog.spec Executing(%prep): /bin/sh -e /home/rpmbuild/build/tmp/rpm-tmp.81244 ... + echo 'Patch #0 (rsyslog-3.22.1-unlimitedselect.patch):' Patch #0 (rsyslog-3.22.1-unlimitedselect.patch): ... + aclocal configure.ac:4: error: Autoconf version 2.61 or higher is required configure.ac:4: the top level autom4te: /usr/bin/m4 failed with exit status: 63 aclocal: autom4te failed with exit status: 63 + exit 0 ... + ./configure --build=x86_64-redhat-linux-gnu --host=x86_64-redhat-linux-gnu --target=x86_64-redhat-linux-gnu --program-prefix= --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc --datadir=/usr/share --includedir=/usr/include --libdir=/usr/lib64 --libexecdir=/usr/libexec --localstatedir=/var --sharedstatedir=/usr/com --mandir=/usr/share/man --infodir=/usr/share/info --sbindir=/sbin --disable-static --enable-mysql --enable-pgsql --enable-gssapi-krb5 --enable-imfile --enable-gnutls --enable-unlimited-select configure: WARNING: unrecognized options: --enable-unlimited-select ... [rpmbuild@localhost SPECS]$ cd ../BUILD/rsyslog-3.22.1/ [rpmbuild@localhost rsyslog-3.22.1]$ grep -i unlimited config.h [rpmbuild@localhost rsyslog-3.22.1]$
See bug 674452 for the SELinux bug blocking rsyslogd from calling setrlimit
Created attachment 476500 [details] patch to fix configure and config.h.in A patch from Scott Mayhew to fix the configure script and config.h.in file since RHEL-5's autoconf is slightly too old. Many thanks go to Scott for both finding the root cause of this problem and developing the patch!
Oops, in the reproducer steps, I forgot to increase the open file limit. Add a 'ulimit -n 1200' in there: 3. Run tcpflood against the server ulimit -n 1200 cd /tmp/rsyslog-4.6.5/tests ./tcpflood -p514 -c1100 -m1000
Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: The previous version of rsyslog contained a patch that was not applied due to a too old version of a component in the build environment. The patch has been altered so that the component is not needed during the build process and thus resolving the issue.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2012-0228.html
Technical note updated. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. Diffed Contents: @@ -1 +1,4 @@ -The previous version of rsyslog contained a patch that was not applied due to a too old version of a component in the build environment. The patch has been altered so that the component is not needed during the build process and thus resolving the issue.+The previous version of rsyslog contained a patch that was not +applied due to a too old version of a component in the build +environment. The patch has been altered so that the component is not +needed during the build process and thus resolving the issue.