[syslog-ng] v3.9: Core dump on python module
Clayton Dukes
cdukes at logzilla.net
Tue Jan 3 12:56:56 UTC 2017
I'll send it to you directly. I need some time to get it from one of the devs
From: syslog-ng <syslog-ng-bounces at lists.balabit.hu> on behalf of "Mitzki, András" <andras.mitzki at balabit.com>
Reply-To: Syslog-ng users' and developers' mailing list <syslog-ng at lists.balabit.hu>
Date: Tuesday, January 3, 2017 at 7:55 AM
To: Syslog-ng users' and developers' mailing list <syslog-ng at lists.balabit.hu>
Cc: "Czanik, Péter" <peter.czanik at balabit.com>
Subject: Re: [syslog-ng] v3.9: Core dump on python module
If possible could you send it also?
Thanks.
On Tue, Jan 3, 2017 at 1:51 PM, Clayton Dukes <cdukes at logzilla.net<mailto:cdukes at logzilla.net>> wrote:
Here you go (I modified the python portion so you don't have to use our libs).
Do you need the patterndb file?
python {
def is_well_known_port(p):
return p in (22, 53, 80, 443)
def parse_port(msg, port):
try:
if is_well_known_port(int(port)):
return port
else:
return 'unknown'
except ValueError:
return 'unknown'
};
parser patterndb_logzilla_sample {
db-parser(file('/etc/syslog-ng/patterndb.d/logzilla-sample.xml'));
};
log {
source(s_logzilla);
# disable s_src if you don't want local server events
source(s_src);
rewrite(rw_program);
rewrite(rw_basename);
parser(patterndb_logzilla_sample);
rewrite {
set("$(python parse_port ${logzilla.ut.src_port})"
value("logzilla.ut.src_port")
condition("${logzilla.ut.src_port}" ne "")
); };
rewrite {
set("$(python parse_port ${logzilla.ut.dst_port})"
value("logzilla.ut.dst_port")
condition("${logzilla.ut.dst_port}" ne "")
); };
destination(d_logzilla);
# Enable below for debug/testing of incoming events
# destination(df_debug);
flags(flow-control);
};
From: syslog-ng <syslog-ng-bounces at lists.balabit.hu<mailto:syslog-ng-bounces at lists.balabit.hu>> on behalf of "Mitzki, András" <andras.mitzki at balabit.com<mailto:andras.mitzki at balabit.com>>
Reply-To: Syslog-ng users' and developers' mailing list <syslog-ng at lists.balabit.hu<mailto:syslog-ng at lists.balabit.hu>>
Date: Tuesday, January 3, 2017 at 7:43 AM
To: Syslog-ng users' and developers' mailing list <syslog-ng at lists.balabit.hu<mailto:syslog-ng at lists.balabit.hu>>
Cc: "Czanik, Péter" <peter.czanik at balabit.com<mailto:peter.czanik at balabit.com>>
Subject: Re: [syslog-ng] v3.9: Core dump on python module
Hi Clayton,
I have tried to reproduce the issue, but for me syslog-ng can load the python module.
I have tried with the actual Ubuntu 16.04 host machine and also with ubuntu:16.04 docker image.
syslog-ng version was 3.9.1 from Laci's repository.
Could you send a minimalized syslog-ng configuration (which is still failing)?
Thanks
Micek
On Mon, Jan 2, 2017 at 4:01 PM, Clayton Dukes <cdukes at logzilla.net<mailto:cdukes at logzilla.net>> wrote:
My last email bounced, making sure you got this:
I tested with both. Neither work on U16.
The server was originally on 3.9 when it happened, so I tried downgrading to 3.8. Still didn't work.
From: syslog-ng <syslog-ng-bounces at lists.balabit.hu<mailto:syslog-ng-bounces at lists.balabit.hu>> on behalf of "Czanik, Péter" <peter.czanik at balabit.com<mailto:peter.czanik at balabit.com>>
Reply-To: Syslog-ng users' and developers' mailing list <syslog-ng at lists.balabit.hu<mailto:syslog-ng at lists.balabit.hu>>
Date: Monday, January 2, 2017 at 6:48 AM
To: Syslog-ng users' and developers' mailing list <syslog-ng at lists.balabit.hu<mailto:syslog-ng at lists.balabit.hu>>
Subject: Re: [syslog-ng] v3.9: Core dump on python module
Hi,
Is it 3.8 or 3.9? Your title says 3.9 but your gdb trace shows 3.8. As 3.9 has tons of bugfixes over 3.8, I'd recommend trying 3.9.
Bye,
Peter Czanik (CzP) <peter.czanik at balabit.com<mailto:peter.czanik at balabit.com>>
Balabit / syslog-ng upstream
https://www.balabit.com/blog/author/peterczanik/
https://twitter.com/PCzanik
On Sun, Jan 1, 2017 at 11:34 PM, Clayton Dukes <cdukes at logzilla.net<mailto:cdukes at logzilla.net>> wrote:
Confirmed: I installed Ubuntu 14 on that server and it works as expected, so it's got something to do with U16.
From: Clayton Dukes <cdukes at logzilla.net<mailto:cdukes at logzilla.net>>
Date: Sunday, January 1, 2017 at 4:04 PM
To: Syslog-ng users' and developers' mailing list <syslog-ng at lists.balabit.hu<mailto:syslog-ng at lists.balabit.hu>>
Subject: Re: v3.9: Core dump on python module
No idea if this helps - I'm not a programmer ;) - but here's a gdb output. Happy to provide the core file also if you want (it's only 5MB)
Reading symbols from /usr/sbin/syslog-ng...(no debugging symbols found)...done.
[New LWP 13186]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `syslog-ng -Fdve'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x00007fd99f82a54b in PyModule_GetDict () from /usr/lib/x86_64-linux-gnu/libpython2.7.so.1.0
(gdb) bt full
#0 0x00007fd99f82a54b in PyModule_GetDict () from /usr/lib/x86_64-linux-gnu/libpython2.7.so.1.0
No symbol table info available.
#1 0x00007fd99fc223b8 in _py_get_main_module () from /usr/lib/syslog-ng/3.8/libmod-python.so
No symbol table info available.
#2 0x00007fd99fc22473 in _py_evaluate_global_code () from /usr/lib/syslog-ng/3.8/libmod-python.so
No symbol table info available.
#3 0x00007fd99fc22551 in python_evaluate_global_code () from /usr/lib/syslog-ng/3.8/libmod-python.so
No symbol table info available.
#4 0x00007fd99fc2342f in python_parse () from /usr/lib/syslog-ng/3.8/libmod-python.so
No symbol table info available.
#5 0x00007fd9a44b068f in plugin_parse_config () from /usr/lib/syslog-ng/libsyslog-ng-3.8.so.0
No symbol table info available.
#6 0x00007fd9a44bd869 in main_parse () from /usr/lib/syslog-ng/libsyslog-ng-3.8.so.0
No symbol table info available.
#7 0x00007fd9a4497690 in cfg_run_parser () from /usr/lib/syslog-ng/libsyslog-ng-3.8.so.0
No symbol table info available.
#8 0x00007fd9a4497887 in cfg_read_config () from /usr/lib/syslog-ng/libsyslog-ng-3.8.so.0
No symbol table info available.
#9 0x00007fd9a44acae7 in main_loop_read_and_init_config () from /usr/lib/syslog-ng/libsyslog-ng-3.8.so.0
No symbol table info available.
#10 0x00000000004016f5 in main ()
No symbol table info available.
From: Clayton Dukes <cdukes at logzilla.net<mailto:cdukes at logzilla.net>>
Date: Sunday, January 1, 2017 at 3:18 PM
To: Syslog-ng users' and developers' mailing list <syslog-ng at lists.balabit.hu<mailto:syslog-ng at lists.balabit.hu>>
Subject: Re: v3.9: Core dump on python module
Looks like this is happening with 3.8.1-3 as well :(
Only difference I can see if Ubuntu 14 vs 16?
Any ideas of what I can try?
From: Clayton Dukes <cdukes at logzilla.net<mailto:cdukes at logzilla.net>>
Date: Sunday, January 1, 2017 at 2:56 PM
To: Syslog-ng users' and developers' mailing list <syslog-ng at lists.balabit.hu<mailto:syslog-ng at lists.balabit.hu>>
Subject: v3.9: Core dump on python module
Hey guys, just want you to know Ubuntu16 is dumping core on loading the python module.
Ubuntu14 does not do this.
[2017-01-01T19:54:52.576749] Module loaded and initialized successfully; module='mod-python'
Segmentation fault (core dumped)
-Clayton Dukes
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20170103/b2583176/attachment-0001.html>
More information about the syslog-ng
mailing list