[syslog-ng] v3.9: Core dump on python module
Mitzki, András
andras.mitzki at balabit.com
Wed Jan 4 09:57:07 UTC 2017
@Clayton: Thanks, I will check it, and still investigating the issue.
On Wed, Jan 4, 2017 at 8:23 AM, Scheidler, Balázs <
balazs.scheidler at balabit.com> wrote:
> It seems that creating the _syslogng module fails for some reason. But
> theres no error handling there.
>
> Adding null handling and printing the error should help finding the
> culprit.
>
> On Jan 4, 2017 1:02 AM, "Clayton Dukes" <cdukes at logzilla.net> wrote:
>
>> Andreas, we found an error in our pattern file, check to see if this
>> fixes it (I don't have a u16 box to test on at the moment):
>>
>>
>>
>> s/logzilla.program/PROGRAM/
>>
>>
>>
>>
>>
>>
>>
>> *From: *syslog-ng <syslog-ng-bounces at lists.balabit.hu> on behalf of
>> "Mitzki, András" <andras.mitzki at balabit.com>
>> *Reply-To: *Syslog-ng users' and developers' mailing list <
>> syslog-ng at lists.balabit.hu>
>> *Date: *Tuesday, January 3, 2017 at 8:04 AM
>> *To: *Syslog-ng users' and developers' mailing list <
>> syslog-ng at lists.balabit.hu>
>> *Cc: *"Czanik, Péter" <peter.czanik at balabit.com>
>> *Subject: *Re: [syslog-ng] v3.9: Core dump on python module
>>
>>
>>
>> With your configuration syslog-ng crashes for me also.
>>
>> We will check where is the main problem.
>>
>>
>>
>> Thanks,
>>
>>
>>
>> On Tue, Jan 3, 2017 at 1:56 PM, Clayton Dukes <cdukes at logzilla.net>
>> wrote:
>>
>> I'll send it to you directly. I need some time to get it from one of the
>> devs
>>
>>
>>
>>
>>
>> *From: *syslog-ng <syslog-ng-bounces at lists.balabit.hu> on behalf of
>> "Mitzki, András" <andras.mitzki at balabit.com>
>> *Reply-To: *Syslog-ng users' and developers' mailing list <
>> syslog-ng at lists.balabit.hu>
>> *Date: *Tuesday, January 3, 2017 at 7:55 AM
>>
>>
>> *To: *Syslog-ng users' and developers' mailing list <
>> syslog-ng at lists.balabit.hu>
>> *Cc: *"Czanik, Péter" <peter.czanik at balabit.com>
>> *Subject: *Re: [syslog-ng] v3.9: Core dump on python module
>>
>>
>>
>> If possible could you send it also?
>>
>>
>>
>> Thanks.
>>
>>
>>
>> On Tue, Jan 3, 2017 at 1:51 PM, Clayton Dukes <cdukes at logzilla.net>
>> wrote:
>>
>> Here you go (I modified the python portion so you don't have to use our
>> libs).
>>
>> Do you need the patterndb file?
>>
>>
>>
>>
>>
>> python {
>>
>>
>>
>> def is_well_known_port(p):
>>
>> return p in (22, 53, 80, 443)
>>
>>
>>
>> def parse_port(msg, port):
>>
>> try:
>>
>> if is_well_known_port(int(port)):
>>
>> return port
>>
>> else:
>>
>> return 'unknown'
>>
>> except ValueError:
>>
>> return 'unknown'
>>
>> };
>>
>>
>>
>>
>>
>> parser patterndb_logzilla_sample {
>>
>> db-parser(file('/etc/syslog-ng/patterndb.d/logzilla-sample.xml'));
>>
>> };
>>
>>
>>
>> log {
>>
>> source(s_logzilla);
>>
>> # disable s_src if you don't want local server events
>>
>> source(s_src);
>>
>> rewrite(rw_program);
>>
>> rewrite(rw_basename);
>>
>> parser(patterndb_logzilla_sample);
>>
>> rewrite {
>>
>> set("$(python parse_port ${logzilla.ut.src_port})"
>>
>> value("logzilla.ut.src_port")
>>
>> condition("${logzilla.ut.src_port}" ne "")
>>
>> ); };
>>
>> rewrite {
>>
>> set("$(python parse_port ${logzilla.ut.dst_port})"
>>
>> value("logzilla.ut.dst_port")
>>
>> condition("${logzilla.ut.dst_port}" ne "")
>>
>> ); };
>>
>> destination(d_logzilla);
>>
>> # Enable below for debug/testing of incoming events
>>
>> # destination(df_debug);
>>
>> flags(flow-control);
>>
>> };
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> *From: *syslog-ng <syslog-ng-bounces at lists.balabit.hu> on behalf of
>> "Mitzki, András" <andras.mitzki at balabit.com>
>> *Reply-To: *Syslog-ng users' and developers' mailing list <
>> syslog-ng at lists.balabit.hu>
>> *Date: *Tuesday, January 3, 2017 at 7:43 AM
>> *To: *Syslog-ng users' and developers' mailing list <
>> syslog-ng at lists.balabit.hu>
>> *Cc: *"Czanik, Péter" <peter.czanik at balabit.com>
>>
>>
>> *Subject: *Re: [syslog-ng] v3.9: Core dump on python module
>>
>>
>>
>> Hi Clayton,
>>
>>
>>
>> I have tried to reproduce the issue, but for me syslog-ng can load the
>> python module.
>>
>> I have tried with the actual Ubuntu 16.04 host machine and also with
>> ubuntu:16.04 docker image.
>>
>> syslog-ng version was 3.9.1 from Laci's repository.
>>
>>
>>
>> Could you send a minimalized syslog-ng configuration (which is still
>> failing)?
>>
>>
>>
>> Thanks
>>
>> Micek
>>
>>
>>
>>
>>
>> On Mon, Jan 2, 2017 at 4:01 PM, Clayton Dukes <cdukes at logzilla.net>
>> wrote:
>>
>> My last email bounced, making sure you got this:
>>
>>
>>
>> I tested with both. Neither work on U16.
>>
>> The server was originally on 3.9 when it happened, so I tried downgrading
>> to 3.8. Still didn't work.
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> *From: *syslog-ng <syslog-ng-bounces at lists.balabit.hu> on behalf of
>> "Czanik, Péter" <peter.czanik at balabit.com>
>> *Reply-To: *Syslog-ng users' and developers' mailing list <
>> syslog-ng at lists.balabit.hu>
>> *Date: *Monday, January 2, 2017 at 6:48 AM
>> *To: *Syslog-ng users' and developers' mailing list <
>> syslog-ng at lists.balabit.hu>
>> *Subject: *Re: [syslog-ng] v3.9: Core dump on python module
>>
>>
>>
>> Hi,
>>
>>
>> Is it 3.8 or 3.9? Your title says 3.9 but your gdb trace shows 3.8. As
>> 3.9 has tons of bugfixes over 3.8, I'd recommend trying 3.9.
>>
>> Bye,
>>
>>
>> Peter Czanik (CzP) <peter.czanik at balabit.com>
>> Balabit / syslog-ng upstream
>> https://www.balabit.com/blog/author/peterczanik/
>> https://twitter.com/PCzanik
>>
>>
>>
>> On Sun, Jan 1, 2017 at 11:34 PM, Clayton Dukes <cdukes at logzilla.net>
>> wrote:
>>
>> Confirmed: I installed Ubuntu 14 on that server and it works as expected,
>> so it's got something to do with U16.
>>
>>
>>
>>
>>
>> *From: *Clayton Dukes <cdukes at logzilla.net>
>> *Date: *Sunday, January 1, 2017 at 4:04 PM
>>
>>
>> *To: *Syslog-ng users' and developers' mailing list <
>> syslog-ng at lists.balabit.hu>
>> *Subject: *Re: v3.9: Core dump on python module
>>
>>
>>
>> No idea if this helps - I'm not a programmer ;) - but here's a gdb
>> output. Happy to provide the core file also if you want (it's only 5MB)
>>
>>
>>
>>
>>
>> Reading symbols from /usr/sbin/syslog-ng...(no debugging symbols
>> found)...done.
>>
>> [New LWP 13186]
>>
>> [Thread debugging using libthread_db enabled]
>>
>> Using host libthread_db library "/lib/x86_64-linux-gnu/libthre
>> ad_db.so.1".
>>
>> Core was generated by `syslog-ng -Fdve'.
>>
>> Program terminated with signal SIGSEGV, Segmentation fault.
>>
>> #0 0x00007fd99f82a54b in PyModule_GetDict () from
>> /usr/lib/x86_64-linux-gnu/libpython2.7.so.1.0
>>
>> (gdb) bt full
>>
>> #0 0x00007fd99f82a54b in PyModule_GetDict () from
>> /usr/lib/x86_64-linux-gnu/libpython2.7.so.1.0
>>
>> No symbol table info available.
>>
>> #1 0x00007fd99fc223b8 in _py_get_main_module () from
>> /usr/lib/syslog-ng/3.8/libmod-python.so
>>
>> No symbol table info available.
>>
>> #2 0x00007fd99fc22473 in _py_evaluate_global_code () from
>> /usr/lib/syslog-ng/3.8/libmod-python.so
>>
>> No symbol table info available.
>>
>> #3 0x00007fd99fc22551 in python_evaluate_global_code () from
>> /usr/lib/syslog-ng/3.8/libmod-python.so
>>
>> No symbol table info available.
>>
>> #4 0x00007fd99fc2342f in python_parse () from
>> /usr/lib/syslog-ng/3.8/libmod-python.so
>>
>> No symbol table info available.
>>
>> #5 0x00007fd9a44b068f in plugin_parse_config () from
>> /usr/lib/syslog-ng/libsyslog-ng-3.8.so.0
>>
>> No symbol table info available.
>>
>> #6 0x00007fd9a44bd869 in main_parse () from
>> /usr/lib/syslog-ng/libsyslog-ng-3.8.so.0
>>
>> No symbol table info available.
>>
>> #7 0x00007fd9a4497690 in cfg_run_parser () from
>> /usr/lib/syslog-ng/libsyslog-ng-3.8.so.0
>>
>> No symbol table info available.
>>
>> #8 0x00007fd9a4497887 in cfg_read_config () from
>> /usr/lib/syslog-ng/libsyslog-ng-3.8.so.0
>>
>> No symbol table info available.
>>
>> #9 0x00007fd9a44acae7 in main_loop_read_and_init_config () from
>> /usr/lib/syslog-ng/libsyslog-ng-3.8.so.0
>>
>> No symbol table info available.
>>
>> #10 0x00000000004016f5 in main ()
>>
>> No symbol table info available.
>>
>>
>>
>>
>>
>>
>>
>> *From: *Clayton Dukes <cdukes at logzilla.net>
>> *Date: *Sunday, January 1, 2017 at 3:18 PM
>> *To: *Syslog-ng users' and developers' mailing list <
>> syslog-ng at lists.balabit.hu>
>> *Subject: *Re: v3.9: Core dump on python module
>>
>>
>>
>> Looks like this is happening with 3.8.1-3 as well :(
>>
>> Only difference I can see if Ubuntu 14 vs 16?
>>
>> Any ideas of what I can try?
>>
>>
>>
>>
>>
>> *From: *Clayton Dukes <cdukes at logzilla.net>
>> *Date: *Sunday, January 1, 2017 at 2:56 PM
>> *To: *Syslog-ng users' and developers' mailing list <
>> syslog-ng at lists.balabit.hu>
>> *Subject: *v3.9: Core dump on python module
>>
>>
>>
>> Hey guys, just want you to know Ubuntu16 is dumping core on loading the
>> python module.
>>
>> Ubuntu14 does not do this.
>>
>>
>>
>>
>>
>> [2017-01-01T19:54:52.576749 <(52)%20576%20749>] Module loaded and
>> initialized successfully; module='mod-python'
>>
>> Segmentation fault (core dumped)
>>
>>
>>
>> -Clayton Dukes
>>
>>
>>
>>
>> ____________________________________________________________
>> __________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation: http://www.balabit.com/support/documentation/?product=
>> syslog-ng
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>
>>
>>
>>
>> ____________________________________________________________
>> __________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation: http://www.balabit.com/support/documentation/?product=
>> syslog-ng
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>
>>
>>
>>
>> ____________________________________________________________
>> __________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation: http://www.balabit.com/support/documentation/?product=
>> syslog-ng
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>
>>
>>
>>
>> ____________________________________________________________
>> __________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation: http://www.balabit.com/support/documentation/?product=
>> syslog-ng
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>
>>
>>
>> ____________________________________________________________
>> __________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation: http://www.balabit.com/support/documentation/?product=
>> syslog-ng
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>
>>
>>
> ____________________________________________________________
> __________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?
> product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20170104/e39aea37/attachment-0001.html>
More information about the syslog-ng
mailing list