[syslog-ng] v3.9: Core dump on python module
Mitzki, András
andras.mitzki at balabit.com
Wed Jan 4 13:44:16 UTC 2017
Hi,
I have created an GitHub issue for this bug:
https://github.com/balabit/syslog-ng/issues/1300
Best Regards,
Andras
On Wed, Jan 4, 2017 at 10:57 AM, Mitzki, András <andras.mitzki at balabit.com>
wrote:
> @Clayton: Thanks, I will check it, and still investigating the issue.
>
> On Wed, Jan 4, 2017 at 8:23 AM, Scheidler, Balázs <
> balazs.scheidler at balabit.com> wrote:
>
>> It seems that creating the _syslogng module fails for some reason. But
>> theres no error handling there.
>>
>> Adding null handling and printing the error should help finding the
>> culprit.
>>
>> On Jan 4, 2017 1:02 AM, "Clayton Dukes" <cdukes at logzilla.net> wrote:
>>
>>> Andreas, we found an error in our pattern file, check to see if this
>>> fixes it (I don't have a u16 box to test on at the moment):
>>>
>>>
>>>
>>> s/logzilla.program/PROGRAM/
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> *From: *syslog-ng <syslog-ng-bounces at lists.balabit.hu> on behalf of
>>> "Mitzki, András" <andras.mitzki at balabit.com>
>>> *Reply-To: *Syslog-ng users' and developers' mailing list <
>>> syslog-ng at lists.balabit.hu>
>>> *Date: *Tuesday, January 3, 2017 at 8:04 AM
>>> *To: *Syslog-ng users' and developers' mailing list <
>>> syslog-ng at lists.balabit.hu>
>>> *Cc: *"Czanik, Péter" <peter.czanik at balabit.com>
>>> *Subject: *Re: [syslog-ng] v3.9: Core dump on python module
>>>
>>>
>>>
>>> With your configuration syslog-ng crashes for me also.
>>>
>>> We will check where is the main problem.
>>>
>>>
>>>
>>> Thanks,
>>>
>>>
>>>
>>> On Tue, Jan 3, 2017 at 1:56 PM, Clayton Dukes <cdukes at logzilla.net>
>>> wrote:
>>>
>>> I'll send it to you directly. I need some time to get it from one of the
>>> devs
>>>
>>>
>>>
>>>
>>>
>>> *From: *syslog-ng <syslog-ng-bounces at lists.balabit.hu> on behalf of
>>> "Mitzki, András" <andras.mitzki at balabit.com>
>>> *Reply-To: *Syslog-ng users' and developers' mailing list <
>>> syslog-ng at lists.balabit.hu>
>>> *Date: *Tuesday, January 3, 2017 at 7:55 AM
>>>
>>>
>>> *To: *Syslog-ng users' and developers' mailing list <
>>> syslog-ng at lists.balabit.hu>
>>> *Cc: *"Czanik, Péter" <peter.czanik at balabit.com>
>>> *Subject: *Re: [syslog-ng] v3.9: Core dump on python module
>>>
>>>
>>>
>>> If possible could you send it also?
>>>
>>>
>>>
>>> Thanks.
>>>
>>>
>>>
>>> On Tue, Jan 3, 2017 at 1:51 PM, Clayton Dukes <cdukes at logzilla.net>
>>> wrote:
>>>
>>> Here you go (I modified the python portion so you don't have to use our
>>> libs).
>>>
>>> Do you need the patterndb file?
>>>
>>>
>>>
>>>
>>>
>>> python {
>>>
>>>
>>>
>>> def is_well_known_port(p):
>>>
>>> return p in (22, 53, 80, 443)
>>>
>>>
>>>
>>> def parse_port(msg, port):
>>>
>>> try:
>>>
>>> if is_well_known_port(int(port)):
>>>
>>> return port
>>>
>>> else:
>>>
>>> return 'unknown'
>>>
>>> except ValueError:
>>>
>>> return 'unknown'
>>>
>>> };
>>>
>>>
>>>
>>>
>>>
>>> parser patterndb_logzilla_sample {
>>>
>>> db-parser(file('/etc/syslog-ng/patterndb.d/logzilla-sample.xml'));
>>>
>>> };
>>>
>>>
>>>
>>> log {
>>>
>>> source(s_logzilla);
>>>
>>> # disable s_src if you don't want local server events
>>>
>>> source(s_src);
>>>
>>> rewrite(rw_program);
>>>
>>> rewrite(rw_basename);
>>>
>>> parser(patterndb_logzilla_sample);
>>>
>>> rewrite {
>>>
>>> set("$(python parse_port ${logzilla.ut.src_port})"
>>>
>>> value("logzilla.ut.src_port")
>>>
>>> condition("${logzilla.ut.src_port}" ne "")
>>>
>>> ); };
>>>
>>> rewrite {
>>>
>>> set("$(python parse_port ${logzilla.ut.dst_port})"
>>>
>>> value("logzilla.ut.dst_port")
>>>
>>> condition("${logzilla.ut.dst_port}" ne "")
>>>
>>> ); };
>>>
>>> destination(d_logzilla);
>>>
>>> # Enable below for debug/testing of incoming events
>>>
>>> # destination(df_debug);
>>>
>>> flags(flow-control);
>>>
>>> };
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> *From: *syslog-ng <syslog-ng-bounces at lists.balabit.hu> on behalf of
>>> "Mitzki, András" <andras.mitzki at balabit.com>
>>> *Reply-To: *Syslog-ng users' and developers' mailing list <
>>> syslog-ng at lists.balabit.hu>
>>> *Date: *Tuesday, January 3, 2017 at 7:43 AM
>>> *To: *Syslog-ng users' and developers' mailing list <
>>> syslog-ng at lists.balabit.hu>
>>> *Cc: *"Czanik, Péter" <peter.czanik at balabit.com>
>>>
>>>
>>> *Subject: *Re: [syslog-ng] v3.9: Core dump on python module
>>>
>>>
>>>
>>> Hi Clayton,
>>>
>>>
>>>
>>> I have tried to reproduce the issue, but for me syslog-ng can load the
>>> python module.
>>>
>>> I have tried with the actual Ubuntu 16.04 host machine and also with
>>> ubuntu:16.04 docker image.
>>>
>>> syslog-ng version was 3.9.1 from Laci's repository.
>>>
>>>
>>>
>>> Could you send a minimalized syslog-ng configuration (which is still
>>> failing)?
>>>
>>>
>>>
>>> Thanks
>>>
>>> Micek
>>>
>>>
>>>
>>>
>>>
>>> On Mon, Jan 2, 2017 at 4:01 PM, Clayton Dukes <cdukes at logzilla.net>
>>> wrote:
>>>
>>> My last email bounced, making sure you got this:
>>>
>>>
>>>
>>> I tested with both. Neither work on U16.
>>>
>>> The server was originally on 3.9 when it happened, so I tried
>>> downgrading to 3.8. Still didn't work.
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> *From: *syslog-ng <syslog-ng-bounces at lists.balabit.hu> on behalf of
>>> "Czanik, Péter" <peter.czanik at balabit.com>
>>> *Reply-To: *Syslog-ng users' and developers' mailing list <
>>> syslog-ng at lists.balabit.hu>
>>> *Date: *Monday, January 2, 2017 at 6:48 AM
>>> *To: *Syslog-ng users' and developers' mailing list <
>>> syslog-ng at lists.balabit.hu>
>>> *Subject: *Re: [syslog-ng] v3.9: Core dump on python module
>>>
>>>
>>>
>>> Hi,
>>>
>>>
>>> Is it 3.8 or 3.9? Your title says 3.9 but your gdb trace shows 3.8. As
>>> 3.9 has tons of bugfixes over 3.8, I'd recommend trying 3.9.
>>>
>>> Bye,
>>>
>>>
>>> Peter Czanik (CzP) <peter.czanik at balabit.com>
>>> Balabit / syslog-ng upstream
>>> https://www.balabit.com/blog/author/peterczanik/
>>> https://twitter.com/PCzanik
>>>
>>>
>>>
>>> On Sun, Jan 1, 2017 at 11:34 PM, Clayton Dukes <cdukes at logzilla.net>
>>> wrote:
>>>
>>> Confirmed: I installed Ubuntu 14 on that server and it works as
>>> expected, so it's got something to do with U16.
>>>
>>>
>>>
>>>
>>>
>>> *From: *Clayton Dukes <cdukes at logzilla.net>
>>> *Date: *Sunday, January 1, 2017 at 4:04 PM
>>>
>>>
>>> *To: *Syslog-ng users' and developers' mailing list <
>>> syslog-ng at lists.balabit.hu>
>>> *Subject: *Re: v3.9: Core dump on python module
>>>
>>>
>>>
>>> No idea if this helps - I'm not a programmer ;) - but here's a gdb
>>> output. Happy to provide the core file also if you want (it's only 5MB)
>>>
>>>
>>>
>>>
>>>
>>> Reading symbols from /usr/sbin/syslog-ng...(no debugging symbols
>>> found)...done.
>>>
>>> [New LWP 13186]
>>>
>>> [Thread debugging using libthread_db enabled]
>>>
>>> Using host libthread_db library "/lib/x86_64-linux-gnu/libthre
>>> ad_db.so.1".
>>>
>>> Core was generated by `syslog-ng -Fdve'.
>>>
>>> Program terminated with signal SIGSEGV, Segmentation fault.
>>>
>>> #0 0x00007fd99f82a54b in PyModule_GetDict () from
>>> /usr/lib/x86_64-linux-gnu/libpython2.7.so.1.0
>>>
>>> (gdb) bt full
>>>
>>> #0 0x00007fd99f82a54b in PyModule_GetDict () from
>>> /usr/lib/x86_64-linux-gnu/libpython2.7.so.1.0
>>>
>>> No symbol table info available.
>>>
>>> #1 0x00007fd99fc223b8 in _py_get_main_module () from
>>> /usr/lib/syslog-ng/3.8/libmod-python.so
>>>
>>> No symbol table info available.
>>>
>>> #2 0x00007fd99fc22473 in _py_evaluate_global_code () from
>>> /usr/lib/syslog-ng/3.8/libmod-python.so
>>>
>>> No symbol table info available.
>>>
>>> #3 0x00007fd99fc22551 in python_evaluate_global_code () from
>>> /usr/lib/syslog-ng/3.8/libmod-python.so
>>>
>>> No symbol table info available.
>>>
>>> #4 0x00007fd99fc2342f in python_parse () from
>>> /usr/lib/syslog-ng/3.8/libmod-python.so
>>>
>>> No symbol table info available.
>>>
>>> #5 0x00007fd9a44b068f in plugin_parse_config () from
>>> /usr/lib/syslog-ng/libsyslog-ng-3.8.so.0
>>>
>>> No symbol table info available.
>>>
>>> #6 0x00007fd9a44bd869 in main_parse () from
>>> /usr/lib/syslog-ng/libsyslog-ng-3.8.so.0
>>>
>>> No symbol table info available.
>>>
>>> #7 0x00007fd9a4497690 in cfg_run_parser () from
>>> /usr/lib/syslog-ng/libsyslog-ng-3.8.so.0
>>>
>>> No symbol table info available.
>>>
>>> #8 0x00007fd9a4497887 in cfg_read_config () from
>>> /usr/lib/syslog-ng/libsyslog-ng-3.8.so.0
>>>
>>> No symbol table info available.
>>>
>>> #9 0x00007fd9a44acae7 in main_loop_read_and_init_config () from
>>> /usr/lib/syslog-ng/libsyslog-ng-3.8.so.0
>>>
>>> No symbol table info available.
>>>
>>> #10 0x00000000004016f5 in main ()
>>>
>>> No symbol table info available.
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> *From: *Clayton Dukes <cdukes at logzilla.net>
>>> *Date: *Sunday, January 1, 2017 at 3:18 PM
>>> *To: *Syslog-ng users' and developers' mailing list <
>>> syslog-ng at lists.balabit.hu>
>>> *Subject: *Re: v3.9: Core dump on python module
>>>
>>>
>>>
>>> Looks like this is happening with 3.8.1-3 as well :(
>>>
>>> Only difference I can see if Ubuntu 14 vs 16?
>>>
>>> Any ideas of what I can try?
>>>
>>>
>>>
>>>
>>>
>>> *From: *Clayton Dukes <cdukes at logzilla.net>
>>> *Date: *Sunday, January 1, 2017 at 2:56 PM
>>> *To: *Syslog-ng users' and developers' mailing list <
>>> syslog-ng at lists.balabit.hu>
>>> *Subject: *v3.9: Core dump on python module
>>>
>>>
>>>
>>> Hey guys, just want you to know Ubuntu16 is dumping core on loading the
>>> python module.
>>>
>>> Ubuntu14 does not do this.
>>>
>>>
>>>
>>>
>>>
>>> [2017-01-01T19:54:52.576749 <(52)%20576%20749>] Module loaded and
>>> initialized successfully; module='mod-python'
>>>
>>> Segmentation fault (core dumped)
>>>
>>>
>>>
>>> -Clayton Dukes
>>>
>>>
>>>
>>>
>>> ____________________________________________________________
>>> __________________
>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>> Documentation: http://www.balabit.com/support
>>> /documentation/?product=syslog-ng
>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>
>>>
>>>
>>>
>>> ____________________________________________________________
>>> __________________
>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>> Documentation: http://www.balabit.com/support
>>> /documentation/?product=syslog-ng
>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>
>>>
>>>
>>>
>>> ____________________________________________________________
>>> __________________
>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>> Documentation: http://www.balabit.com/support
>>> /documentation/?product=syslog-ng
>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>
>>>
>>>
>>>
>>> ____________________________________________________________
>>> __________________
>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>> Documentation: http://www.balabit.com/support
>>> /documentation/?product=syslog-ng
>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>
>>>
>>>
>>> ____________________________________________________________
>>> __________________
>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>> Documentation: http://www.balabit.com/support
>>> /documentation/?product=syslog-ng
>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>
>>>
>>>
>> ____________________________________________________________
>> __________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation: http://www.balabit.com/support/documentation/?product=
>> syslog-ng
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20170104/39b0471d/attachment-0001.html>
More information about the syslog-ng
mailing list