Centos 8.4 core dump

Hi all,

I tried installing Zeek 4.0.1 and 4.0.2

[root@marvin zeek-4.0.2]# zeekctl deploy
Segmentation fault (core dumped)
[root@marvin zeek-4.0.2]# cat /etc/centos-release
CentOS Linux release 8.4.2105

Doesn’t give me any other info. I was running 4.0.1 before I updated to 4.0.2, now both version I get a Seg fault.

Thanks
Monah

Hello,

Can you explain how you tried to install Zeek? Sometimes a segmentation fault is the result of trying to run a binary compiled for another system.

Sincerely,

Richard

Hi Richard,

I downloaded from https://download.zeek.org/zeek-4.0.2.tar.gz

and ran ./configure && make && make install

Just found out in /var/log/messages the following:

Jun 26 13:00:05 marvin systemd-coredump[17450]: Process 17423 (zeekctl) of user 0 dumped core.#012#012Stack trace of thread 17423:#012#0 0x0000000000000000 n/a (n/a)#012#1 0x00007f379f46fdf7 __new_exitfn (libc.so.6)#012#2 0x00007f379f46fe9c __internal_atexit (libc.so.6)#012#3 0x00007f37a0bdd8ba call_init.part.0 (ld-linux-x86-64.so.2)#012#4 0x00007f37a0bdd9ba _dl_init (ld-linux-x86-64.so.2)#012#5 0x00007f379f56e27c _dl_catch_exception (libc.so.6)#012#6 0x00007f37a0be1e8e dl_open_worker (ld-linux-x86-64.so.2)#012#7 0x00007f379f56e224 _dl_catch_exception (libc.so.6)#012#8 0x00007f37a0be16b1 _dl_open (ld-linux-x86-64.so.2)#012#9 0x00007f379fd821ea dlopen_doit (libdl.so.2)#012#10 0x00007f379f56e224 _dl_catch_exception (libc.so.6)#012#11 0x00007f379f56e2e3 _dl_catch_error (libc.so.6)#012#12 0x00007f379fd82969 _dlerror_run (libdl.so.2)#012#13 0x00007f379fd8228a dlopen@@GLIBC_2.2.5 (libdl.so.2)#012#14 0x00007f37a0394aca _PyImport_FindSharedFuncptr (libpython3.6m.so.1.0)#012#15 0x00007f37a03a49ca _PyImport_LoadDynamicModuleWithSpec (libpython3.6m.so.1.0)#012#16 0x00007f37a03a4c11 _imp_create_dynamic (libpython3.6m.so.1.0)#012#17 0x00007f37a033b202 PyCFunction_Call (libpython3.6m.so.1.0)#012#18 0x00007f37a0348e2d _PyEval_EvalFrameDefault (libpython3.6m.so.1.0)#012#19 0x00007f37a029eb54 _PyEval_EvalCodeWithName (libpython3.6m.so.1.0)#012#20 0x00007f37a031f540 fast_function (libpython3.6m.so.1.0)#012#21 0x00007f37a0342527 call_function (libpython3.6m.so.1.0)#012#22 0x00007f37a0343168 _PyEval_EvalFrameDefault (libpython3.6m.so.1.0)#012#23 0x00007f37a031f358 fast_function (libpython3.6m.so.1.0)#012#24 0x00007f37a0342527 call_function (libpython3.6m.so.1.0)#012#25 0x00007f37a0343168 _PyEval_EvalFrameDefault (libpython3.6m.so.1.0)#012#26 0x00007f37a031f358 fast_function (libpython3.6m.so.1.0)#012#27 0x00007f37a0342527 call_function (libpython3.6m.so.1.0)#012#28 0x00007f37a0343168 _PyEval_EvalFrameDefault (libpython3.6m.so.1.0)#012#29 0x00007f37a031f358 fast_function (libpython3.6m.so.1.0)#012#30 0x00007f37a0342527 call_function (libpython3.6m.so.1.0)#012#31 0x00007f37a0343168 _PyEval_EvalFrameDefault (libpython3.6m.so.1.0)#012#32 0x00007f37a031f358 fast_function (libpython3.6m.so.1.0)#012#33 0x00007f37a0342527 call_function (libpython3.6m.so.1.0)#012#34 0x00007f37a0343168 _PyEval_EvalFrameDefault (libpython3.6m.so.1.0)#012#35 0x00007f37a02a0062 _PyFunction_FastCallDict (libpython3.6m.so.1.0)#012#36 0x00007f37a02a0e3e _PyObject_FastCallDict (libpython3.6m.so.1.0)#012#37 0x00007f37a038580e _PyObject_CallMethodIdObjArgs (libpython3.6m.so.1.0)#012#38 0x00007f37a02a14e4 PyImport_ImportModuleLevelObject (libpython3.6m.so.1.0)#012#39 0x00007f37a033b336 PyCFunction_Call (libpython3.6m.so.1.0)#012#40 0x00007f37a0348e2d _PyEval_EvalFrameDefault (libpython3.6m.so.1.0)#012#41 0x00007f37a029eb54 _PyEval_EvalCodeWithName (libpython3.6m.so.1.0)#012#42 0x00007f37a031f540 fast_function (libpython3.6m.so.1.0)#012#43 0x00007f37a0342527 call_function (libpython3.6m.so.1.0)#012#44 0x00007f37a0343168 _PyEval_EvalFrameDefault (libpython3.6m.so.1.0)#012#45 0x00007f37a029f4c6 _PyEval_EvalCodeWithName (libpython3.6m.so.1.0)#012#46 0x00007f37a02a025a _PyFunction_FastCallDict (libpython3.6m.so.1.0)#012#47 0x00007f37a02a0e3e _PyObject_FastCallDict (libpython3.6m.so.1.0)#012#48 0x00007f37a038580e _PyObject_CallMethodIdObjArgs (libpython3.6m.so.1.0)#012#49 0x00007f37a02a1443 PyImport_ImportModuleLevelObject (libpython3.6m.so.1.0)#012#50 0x00007f37a03463d9 _PyEval_EvalFrameDefault (libpython3.6m.so.1.0)#012#51 0x00007f37a029eb54 _PyEval_EvalCodeWithName (libpython3.6m.so.1.0)#012#52 0x00007f37a029fef3 PyEval_EvalCode (libpython3.6m.so.1.0)#012#53 0x00007f37a03b0cb0 builtin_exec (libpython3.6m.so.1.0)#012#54 0x00007f37a033b202 PyCFunction_Call (libpython3.6m.so.1.0)#012#55 0x00007f37a0348e2d _PyEval_EvalFrameDefault (libpython3.6m.so.1.0)#012#56 0x00007f37a029eb54 _PyEval_EvalCodeWithName (libpython3.6m.so.1.0)#012#57 0x00007f37a031f540 fast_function (libpython3.6m.so.1.0)#012#58 0x00007f37a0342527 call_function (libpython3.6m.so.1.0)#012#59 0x00007f37a0343168 _PyEval_EvalFrameDefault (libpython3.6m.so.1.0)#012#60 0x00007f37a031f358 fast_function (libpython3.6m.so.1.0)#012#61 0x00007f37a0342527 call_function (libpython3.6m.so.1.0)#012#62 0x00007f37a0343168 _PyEval_EvalFrameDefault (libpython3.6m.so.1.0)#012#63 0x00007f37a031f358 fast_function (libpython3.6m.so.1.0)
Jun 26 13:00:05 marvin systemd[1]: systemd-coredump@2-17449-0.service: Succeeded.
Jun 26 13:22:15 marvin su[18896]: (to root) mbaki on pts/0
Jun 26 13:23:38 marvin kernel: zeekctl[21476]: segfault at 0 ip 0000000000000000 sp 00007ffe533aa588 error 14 in platform-python3.6[55659bf11000+2000]
Jun 26 13:23:38 marvin kernel: Code: Unable to access opcode bytes at RIP 0xffffffffffffffd6.
Jun 26 13:23:38 marvin systemd[1]: Started Process Core Dump (PID 21485/UID 0).
Jun 26 13:23:39 marvin systemd-coredump[21486]: Process 21476 (zeekctl) of user 0 dumped core.#012#012Stack trace of thread 21476:#012#0 0x0000000000000000 n/a (n/a)#012#1 0x00007f7560b27df7 __new_exitfn (libc.so.6)#012#2 0x00007f7560b27e9c __internal_atexit (libc.so.6)#012#3 0x00007f75622958ba call_init.part.0 (ld-linux-x86-64.so.2)#012#4 0x00007f75622959ba _dl_init (ld-linux-x86-64.so.2)#012#5 0x00007f7560c2627c _dl_catch_exception (libc.so.6)#012#6 0x00007f7562299e8e dl_open_worker (ld-linux-x86-64.so.2)#012#7 0x00007f7560c26224 _dl_catch_exception (libc.so.6)#012#8 0x00007f75622996b1 _dl_open (ld-linux-x86-64.so.2)#012#9 0x00007f756143a1ea dlopen_doit (libdl.so.2)#012#10 0x00007f7560c26224 _dl_catch_exception (libc.so.6)#012#11 0x00007f7560c262e3 _dl_catch_error (libc.so.6)#012#12 0x00007f756143a969 _dlerror_run (libdl.so.2)#012#13 0x00007f756143a28a dlopen@@GLIBC_2.2.5 (libdl.so.2)#012#14 0x00007f7561a4caca _PyImport_FindSharedFuncptr (libpython3.6m.so.1.0)#012#15 0x00007f7561a5c9ca _PyImport_LoadDynamicModuleWithSpec (libpython3.6m.so.1.0)#012#16 0x00007f7561a5cc11 _imp_create_dynamic (libpython3.6m.so.1.0)#012#17 0x00007f75619f3202 PyCFunction_Call (libpython3.6m.so.1.0)#012#18 0x00007f7561a00e2d _PyEval_EvalFrameDefault (libpython3.6m.so.1.0)#012#19 0x00007f7561956b54 _PyEval_EvalCodeWithName (libpython3.6m.so.1.0)#012#20 0x00007f75619d7540 fast_function (libpython3.6m.so.1.0)#012#21 0x00007f75619fa527 call_function (libpython3.6m.so.1.0)#012#22 0x00007f75619fb168 _PyEval_EvalFrameDefault (libpython3.6m.so.1.0)#012#23 0x00007f75619d7358 fast_function (libpython3.6m.so.1.0)#012#24 0x00007f75619fa527 call_function (libpython3.6m.so.1.0)#012#25 0x00007f75619fb168 _PyEval_EvalFrameDefault (libpython3.6m.so.1.0)#012#26 0x00007f75619d7358 fast_function (libpython3.6m.so.1.0)#012#27 0x00007f75619fa527 call_function (libpython3.6m.so.1.0)#012#28 0x00007f75619fb168 _PyEval_EvalFrameDefault (libpython3.6m.so.1.0)#012#29 0x00007f75619d7358 fast_function (libpython3.6m.so.1.0)#012#30 0x00007f75619fa527 call_function (libpython3.6m.so.1.0)#012#31 0x00007f75619fb168 _PyEval_EvalFrameDefault (libpython3.6m.so.1.0)#012#32 0x00007f75619d7358 fast_function (libpython3.6m.so.1.0)#012#33 0x00007f75619fa527 call_function (libpython3.6m.so.1.0)#012#34 0x00007f75619fb168 _PyEval_EvalFrameDefault (libpython3.6m.so.1.0)#012#35 0x00007f7561958062 _PyFunction_FastCallDict (libpython3.6m.so.1.0)#012#36 0x00007f7561958e3e _PyObject_FastCallDict (libpython3.6m.so.1.0)#012#37 0x00007f7561a3d80e _PyObject_CallMethodIdObjArgs (libpython3.6m.so.1.0)#012#38 0x00007f75619594e4 PyImport_ImportModuleLevelObject (libpython3.6m.so.1.0)#012#39 0x00007f75619f3336 PyCFunction_Call (libpython3.6m.so.1.0)#012#40 0x00007f7561a00e2d _PyEval_EvalFrameDefault (libpython3.6m.so.1.0)#012#41 0x00007f7561956b54 _PyEval_EvalCodeWithName (libpython3.6m.so.1.0)#012#42 0x00007f75619d7540 fast_function (libpython3.6m.so.1.0)#012#43 0x00007f75619fa527 call_function (libpython3.6m.so.1.0)#012#44 0x00007f75619fb168 _PyEval_EvalFrameDefault (libpython3.6m.so.1.0)#012#45 0x00007f75619574c6 _PyEval_EvalCodeWithName (libpython3.6m.so.1.0)#012#46 0x00007f756195825a _PyFunction_FastCallDict (libpython3.6m.so.1.0)#012#47 0x00007f7561958e3e _PyObject_FastCallDict (libpython3.6m.so.1.0)#012#48 0x00007f7561a3d80e _PyObject_CallMethodIdObjArgs (libpython3.6m.so.1.0)#012#49 0x00007f7561959443 PyImport_ImportModuleLevelObject (libpython3.6m.so.1.0)#012#50 0x00007f75619fe3d9 _PyEval_EvalFrameDefault (libpython3.6m.so.1.0)#012#51 0x00007f7561956b54 _PyEval_EvalCodeWithName (libpython3.6m.so.1.0)#012#52 0x00007f7561957ef3 PyEval_EvalCode (libpython3.6m.so.1.0)#012#53 0x00007f7561a68cb0 builtin_exec (libpython3.6m.so.1.0)#012#54 0x00007f75619f3202 PyCFunction_Call (libpython3.6m.so.1.0)#012#55 0x00007f7561a00e2d _PyEval_EvalFrameDefault (libpython3.6m.so.1.0)#012#56 0x00007f7561956b54 _PyEval_EvalCodeWithName (libpython3.6m.so.1.0)#012#57 0x00007f75619d7540 fast_function (libpython3.6m.so.1.0)#012#58 0x00007f75619fa527 call_function (libpython3.6m.so.1.0)#012#59 0x00007f75619fb168 _PyEval_EvalFrameDefault (libpython3.6m.so.1.0)#012#60 0x00007f75619d7358 fast_function (libpython3.6m.so.1.0)#012#61 0x00007f75619fa527 call_function (libpython3.6m.so.1.0)#012#62 0x00007f75619fb168 _PyEval_EvalFrameDefault (libpython3.6m.so.1.0)#012#63 0x00007f75619d7358 fast_function (libpython3.6m.so.1.0)

Thanks
Monah

I went and removed and reinstalled python36,

Still getting a seg fault, but /var/log/messages just shows:

Jun 26 15:33:01 marvin kernel: zeekctl[27265]: segfault at 0 ip 0000000000000000 sp 00007fff102fc8e8 error 14 in platform-python3.6[559d9b3bd000+2000]
Jun 26 15:33:01 marvin kernel: Code: Unable to access opcode bytes at RIP 0xffffffffffffffd6.

I installed it as the following:

cd /etc/yum.repos.d/
wget https://download.opensuse.org/repositories/security:zeek/CentOS_8_Stream/security:zeek.repo
yum install zeek

It worked like a charm.

Monah

Just ran into this myself. Someone also messaged me on Twitter experiencing the same issue. For reference, I just upgraded to CentOS 8.4 as well on one of my sensors. Notably, I was able to update to 4.0.2 just fine on my CentOS 7 sensor and then realized I’ve been using gcc 9.x instead of the default one that it came with.

So I installed gcc 9.x on my CentOS 8.4 sensor, recompiled, and it worked.

https://stackoverflow.com/questions/61590926/how-to-install-gcc-g-9-on-centos-8-docker-centoslatest

Hope that helps,
Eric

This backtrace looks like the bug reported in https://github.com/zeek/broker/issues/187. Dominik has a fix ready for it but it’ll require a new version of CAF so we’re holding waiting for that to happen. In the meantime, can you see if passing —disable-python to your configure fixes it? It’s odd that no one has run into this before, and you’re at least the second and third people who have reported it recently. I don’t think there were significant changes to broker and the related code in 4.0.2 so I’m not entirely sure why it’s popping up now.

As for compiler versions, our CI builds use GCC 8.3.1 for our CentOS 8 builds.

Tim

Yeah i thought it was weird too. I had 4.0.1 running fine on CentOS 8.3. CentOS 8.4 was just released and perhaps something changed with that upgrade that caused this. Are you building on CentOS 8.4 with gcc 8.3.1?

It looks like Cirrus is using 8.3.2011, which is likely the version of the docker instance from centos:8 that they have cached. I’ll ask if they can upgrade it, and I’ll run a build locally to see if we can get this sorted out.

Tim

Actually I went to look at what DockerHub has for CentOS, and they’re still on 8.3.2011 as well for both centos:8 and centos:latest.

Tim

Ah, that makes sense.

I can confirm that this is happening on CentOS 8.4 using the built-in compiler. I need to recheck 8.3. I generally don’t use zeekctl since I’m not running a cluster for most of my work. I’ll see if I can get this bumped up in priority since it’s clearly happening on the release branch too.

Cool, thanks Tim.

Hi Tim,

I reinstalled it with the ./configure --disable-python && make && make install, and it worked.

Thanks
Monah

This should now be fixed in the v4.0.3 release that came out today.

Tim