syyhao1994
commented
3 years ago Does anyone has any idea about this problem? cc @poettering @georgmu @keszybz @yuwata
Open syyhao1994 opened 3 years ago
syyhao1994
commented
3 years ago Does anyone has any idea about this problem? cc @poettering @georgmu @keszybz @yuwata
syyhao1994
commented
3 years ago cc @mrc0mmand @poettering @georgmu @keszybz @yuwata
vcaputo
commented
3 years ago I'd love to take a look at this but I'm short on more time to volunteer towards systemd stuff, hopefully one of the RH folks can. It does appear to be a potentially important issue at a glance.
syyhao1994
commented
3 years ago I'd love to take a look at this but I'm short on more time to volunteer towards systemd stuff, hopefully one of the RH folks can. It does appear to be a potentially important issue at a glance.
I appreciate your work for it very much. I have studied for a long time, but i can't figure out how to resolve this util now. I think this problem is quite important and serious because it may cause missing log of journald. cc @vcaputo
poettering
commented
3 years ago You set extremely low limits on the overall directory size, which suggests vacuuming ran, i.e. old files got deleted to make space for new ones. This takes a couple of params into account, and most importantly age: oldest files are removed first.
I see that you are on an arm machine. Is the system clock correct during early boot? embedded devices aren't good at that. If the system clock is off, we might just vaccuuming a file that appears oldest because the timestamps are all off and start at the same time on each boot.
syyhao1994
commented
3 years ago You set extremely low limits on the overall directory size, which suggests vacuuming ran, i.e. old files got deleted to make space for new ones. This takes a couple of params into account, and most importantly age: oldest files are removed first.
I see that you are on an arm machine. Is the system clock correct during early boot? embedded devices aren't good at that. If the system clock is off, we might just vaccuuming a file that appears oldest because the timestamps are all off and start at the same time on each boot.
Thanks for your attention a lot.
The reason that i set low limits is just for reproduce the problem easily, i have tried that the problem is still exist even if i keep the default configuration of journald.conf.
The system clock is correct(maybe a little inaccurate). And i also tested this on X86_64 virtual machine, the problem is still exist.
And i don't actually cares about the oldest files very much. Because i store the journal under the directory of /run/log/journal, and i definitely will lose the old files when i reboot the vritual machine. The problem is that the log in the system@suffix.journal files are continuously but when i use journalctl the log between the system@suffix.journal files missing some log(Because we write the log continuesly, so the timestamps may be the same at the tail of system@suffix1.journal and the beginning of system@suffix2.journal).
The problem is not in writing, but in reading the journal, i think the problem maybe cause by the missing searching entry between system@suffix.journal that may have the same timestamps? I have tried to make some revise in next_beyond_location like the code listed below, hard-coding found to true:
/* OK, we found the spot, now let's advance until an entry
* that is actually different from what we were previously
* looking at. This is necessary to handle entries which exist
* in two (or more) journal files, and which shall all be
* suppressed but one. */
for (;;) {
bool found;
// I commented the if condition here
/*if (j->current_location.type == LOCATION_DISCRETE) {
int k;
k = compare_with_location(f, &j->current_location, j->current_file);
found = direction == DIRECTION_DOWN ? k > 0 : k < 0;
} else
found = true;*/
//hard-coding found to true
found = true;
if (found)
return 1;
r = next_with_matches(j, f, direction, &c, &cp);
if (r <= 0)
return r;
journal_file_save_location(f, c, cp);
}And i used journalctl then, the log would not missing, but there is another problem is that some log at the beginning of system@suffix2.journal may go up to the end of system@suffix1.journal. Just like the two logs listed below. You can use the compare tool to see the difference between these two files and you will get it:
https://github.com/syyhao1994/files/blob/master/system%40xxx_sd24.log https://github.com/syyhao1994/files/blob/master/journalctl_sd24_all.log
This problem is similiar to the issue listed below, but they are different.#14898
syyhao1994
commented
3 years ago Do i need to feed back more details to make this problem more clearly? cc @poettering @yuwata @keszybz
syyhao1994
commented
3 years ago /* If contents and timestamps match, these entries are
* identical, even if the seqnum does not match */
if (sd_id128_equal(af->current_boot_id, bf->current_boot_id) &&
af->current_monotonic == bf->current_monotonic &&
af->current_realtime == bf->current_realtime &&
af->current_xor_hash == bf->current_xor_hash)
return 0;I figure out that this code could skip the logs in the tail of the system@suffix.log, the log shouldn't skip even the content and the timestamp are the same. And the reason why the logs of the head of the system@suffix.log are missing is under studing. Hope someone could get involve together to figure this problem out totally. cc @poettering @yuwata @keszybz @vcaputo @georgmu
syyhao1994
commented
3 years ago /* If contents and timestamps match, these entries are * identical, even if the seqnum does not match */ if (sd_id128_equal(af->current_boot_id, bf->current_boot_id) && af->current_monotonic == bf->current_monotonic && af->current_realtime == bf->current_realtime && af->current_xor_hash == bf->current_xor_hash) return 0;I figure out that this code could skip the logs in the tail of the system@suffix.log, the log shouldn't skip even the content and the timestamp are the same. And the reason why the logs of the head of the system@suffix.log are missing is under studing. Hope someone could get involve together to figure this problem out totally. cc @poettering @yuwata @keszybz @vcaputo @georgmu
if (l->monotonic_set &&
sd_id128_equal(f->current_boot_id, l->boot_id) &&
l->realtime_set &&
f->current_realtime == l->realtime &&
l->xor_hash_set &&
f->current_xor_hash == l->xor_hash &&
f != current_file)
return 0;The skipping of the logs in the head of the system@suffix.log maybe caused by the code listed above. So i don't think it is full enough to make the judgement to just skip the log that have the same realtime, monotonic and the xor_hash. If there are two same entries in the different .journal files. The log betweent these two entries are missing directly regardless the log between them.
https://github.com/systemd/systemd/issues/14898 The issue mentioned above just avoid the problem by showing duplicate entries if they are from the same file, but the code listed above could skip many logs that between two same entries that in different .journal files. So i think we shouldn't skip these logs as we want to showing duplicate entries if they are from the same file.
Maybe we shouldn't drop the log before figure out the how to reduce the repeating logs exactly. I think repeating logs is better than missing logs.
@vcaputo @poettering @yuwata @mrc0mmand @keszybz
syyhao1994
commented
3 years ago if (l->monotonic_set &&
sd_id128_equal(f->current_boot_id, l->boot_id) &&
l->realtime_set &&
f->current_realtime == l->realtime &&
l->xor_hash_set &&
f->current_xor_hash == l->xor_hash &&
f != current_file)
return 0;And the reason of missing logs at the begining of the system@suffix.log is caused by the code listed above. If there are two same entries in different .journal files, we just skip the one in the later .journal files. I think we should not skipping the logs even they have the same contests and timestamps. In this issue this mechanism caused the missing log by executing journalctl. I think showing repeating logs is better than missing logs that really matters. I made a PR as listed, please review. https://github.com/systemd/systemd/pull/17926 @vcaputo @poettering @yuwata @mrc0mmand @keszybz
systemd version the issue has been seen with
CPU architecture issue was seen on
Expected behaviour you didn't see
Unexpected behaviour you saw
Steps to reproduce the problem
1.the test.sh is used as below
3 systemctl restart rc-local.service or reboot
4.
Killing the test.sh.
Then i got the systemxxx_all.log by executing the command list below. And i compared these two log, i found that the missing log was exactly between the two system@suffix.journal files. This log could be seen as the link: https://github.com/syyhao1994/files/blob/master/systemxxx_all.log
The details could be seen at https://github.com/systemd/systemd/issues/17452.
Does anyone could give any suggestions about this problem? I am tring to figure out the solution to this problem but have't success util now. I am very curious about the solution of this problem. Thanks a lot. @poettering @georgmu @keszybz @yuwata