Core Dumps

Ah, so this is a pfsense machine!.. who knows how they've set it up. Sorry, pfsense is not something I know about. Covacat sounds like he knows what he's talking about :)
 
blackbird9 said:
OK, let's have a little sanity check.

Write this script.

$ cat try.sh
#!/bin/sh
echo "PID $$ sleeping..."
sleep 1000

Make it executable then run it.

Then "kill -11 <pid>" where <pid> is the number the script printed.

Example

$ ./try.sh
PID 148152 sleeping...

$ kill -11 148152
Segmentation fault (core dumped)

$ ls -l core*
-rw------- 1 me me 450560 Jun 12 21:50 core

Hence, check if you can get any user process to dump a core file.

If it doesn't dump core, check your ulimit -c again.
Let's prove that your system can actually write a corefile for a process that segfaults.
It should of course write the core file to the current directory.
Click to expand...
0 18984 424 0 34 0 13444 2792 wait I - 0:00.01 /bin/sh /root/sanity

Jun 12 14:02:20kernelpid 18984 (sh), jid 0, uid 0: exited on signal 11 (core dumped)

Code: 
Shell Output - ls -l /root/sh.core
-rw-------  1 root  wheel  11280384 Jun 12 14:02 /root/sh.core

So it works ... :)
 
Yet.. you said ulimit -a showed 'unlimited' for -c. It must be writing the core somewhere else, it's printed the message 'core dumped' so it has written it somewhere.
You can do a brute-force search to find where it wrote the corefile like this (as root)

$ find / -name core
 
blackbird9 said:
Yet.. you said ulimit -a showed 'unlimited' for -c. It must be writing the core somewhere else, it's printed the message 'core dumped' so it's written it somewhere.
Click to expand...
I found it its where the script is located in root so sh.core reflects the sanity file

Shell Output - ls -l /root/sh.core
-rw------- 1 root wheel 11280384 Jun 12 14:02 /root/sh.core
 
SoBe said:
I found it its where the script is located in root so sh.core reflects the sanity file

Shell Output - ls -l /root/sh.core
-rw------- 1 root wheel 11280384 Jun 12 14:02 /root/sh.core
Click to expand...
Ah fine, so it's just called it sh.core.
OK, that all seems to be working fine then. Coredumps are working as expected.

Can I suggest you now try covacat's suggestion for how to configure the squid coredump_dir setting? Set it to '/var/log/squid'.
 
blackbird9 said:
Ah fine, so it's just called it sh.core.
OK, that all seems to be working fine then. Coredumps are working as expected.

Can I suggest you now try covacat's suggestion for how to configure the squid coredump_dir setting? Set it to '/var/log/squid'.
Click to expand...
That is done It never says (core dump) it skips that part for some weird reason
 
Probably because the squid process's output file descriptors are redirected.
But do you get a core file written to /var/log/squid when you kill -11 the squid process?
 
This is the only output I see

killall -11 squid

Code: 
Jun 12 14:29:41    kernel        pid 33305 (squid), jid 0, uid 100: exited on signal 6
Jun 12 14:29:41    kernel        pid 32626 (squid), jid 0, uid 0: exited on signal 11
Jun 12 14:29:41    (squid-1)    33305    FATAL: Received Segment Violation...dying.
 
Well, then assuming you've set "coredump_dir" to "/var/log/squid" in the squid config file, and restarted squid, I don't know what's wrong.

We have proved that the core dump mechanism for user processes is working for your user id with the sanity check.

Is squid being run by a different userid? You could check the ulimit -c setting for that userid if so.

But overall we can say the operating system coredump system is working, therefore there must be something wrong with the squid configuration.
 
Oh... what does 'df /var/log/squid' say? Is there enough space to write a core file? Is /var/log/squid mounted on a tiny partition or something? Just guessing now.
 
blackbird9 said:
Oh... what does 'df /var/log/squid' say? Is there enough space to write a core file? Is /var/log/squid mounted on a tiny partition or something? Just guessing now.
Click to expand...
Code: 
Shell Output - df /var/log/squid
Filesystem      512-blocks  Used     Avail Capacity  Mounted on
pfSense/var/log  172252720 30632 172222088     0%    /var/log

Shell Output - ls -ld /var/log/squid
drwxr-x---  2 squid  squid  2 Jul  5  2023 /var/log/squid

I also emailed Squid Users email system again to see I have tested every route to try to get a good core file for the bug
 
Code: 
Shell Output - ls -l /var/log/squid/try.sh
-rwxrwxrwx  1 root  squid  46 Jun 12 17:55 /var/log/squid/try.sh

Shell Output - /var/log/squid/try.sh
sh: /var/log/squid/try.sh: Permission denied
 
If I create a userid 'squid' on my system and the /var/log/squid directory, chown'd to squid:squid and chmod 750, such that my /var/log/squid dir has the same owners and perms as yours. Then login as 'squid' (or 'su - squid' from root) I can write files in /var/log/squid and run scripts within it, as follows.

squid@blah:~$ ls -ld /var
drwxr-xr-x 11 root root 4096 Jun 1 11:09 /var
squid@blah:~$ ls -ld /var/log
drwxr-xr-x 13 root root 4096 Jun 13 11:04 /var/log
squid@blah:~$ ls -ld /var/log/squid
drwxr-x--- 2 squid squid 4096 Jun 13 11:17 /var/log/squid
squid@blah:~$ cd /var/log/squid/
squid@blah:/var/log/squid$ touch t
squid@blah:/var/log/squid$ ls -l t
-rw-r--r-- 1 squid squid 0 Jun 13 11:18 t
squid@blah:/var/log/squid$ ls -l try.sh
-rwxr--r-- 1 squid squid 18 Jun 13 10:50 try.sh
squid@blah:/var/log/squid$ cat try.sh
#!/bin/sh
echo hi
squid@blah:/var/log/squid$ ./try.sh
hi

If you log in as 'squid' on the pfsense box can you write to /var/log/squid?
You could ask on the pfsense forum if they use ACL's, and whether they have set up any ACL's for /var/log/squid.

And the other thing to check is to login as 'squid' and check that squid's ulimit is set to enable cores; perhaps you already did that.
 
SoBe said:
Code: 
Shell Output - ls -l /var/log/squid/try.sh
-rwxrwxrwx  1 root  squid  46 Jun 12 17:55 /var/log/squid/try.sh

Shell Output - /var/log/squid/try.sh
sh: /var/log/squid/try.sh: Permission denied
Click to expand...
What userid did you try to run the script as, and why is it's owner root?
 
You must log in or register to reply here.
Back
Top