From nobody Tue Oct 11 13:34:23 2022 X-Original-To: freebsd-ports@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Mmxb71xRRz4fkcD for ; Tue, 11 Oct 2022 13:34:27 +0000 (UTC) (envelope-from marquis@roble.com) Received: from mx5.roble.com (mx5.roble.com [209.237.23.5]) (using TLSv1.3 with cipher TLS_CHACHA20_POLY1305_SHA256 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA512 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "mx5.roble.com", Issuer "mx5.roble.com" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Mmxb61Skmz3jQg; Tue, 11 Oct 2022 13:34:26 +0000 (UTC) (envelope-from marquis@roble.com) Received: from roble.com (roble.com [209.237.23.50]) by mx5.roble.com (Postfix) with ESMTP id 9B9DCC0701; Tue, 11 Oct 2022 06:34:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=roble.com; s=rs060402; t=1665495263; bh=ogOc/sl2MbgiSzL9z0cx0bTGC1CGevELp1ZtjyyNMSQ=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=EiL89RryLdVe9lChfpVe+SGG/eqT0fRVAVDBPHueVIoX1/jgWXadJuMZrKygEzPTd p4vS99dIeOstpgUaotASSWK7J9bGTe08AegZsIcMQOsiNy4zZKII2K/XlKW0823Daz RdRTZigl0XHi+IQFV9lPRiFBe0kpTgiLEB7Bei6E= Date: Tue, 11 Oct 2022 06:34:23 -0700 (PDT) From: Roger Marquis To: freeBSD ports cc: Michael Grimm , "cy@freebsd.org" Subject: Re: security/py-fail2ban quits working after some hours In-Reply-To: <20221011042427.78E0BD1@slippy.cwsent.com> Message-ID: <9sso211q-1r13-5702-s8rp-4306qq9q1q39@mx.roble.com> References: <6EF1B25D-3121-4FA1-BF47-DCE1FFD64A5E@ellael.org> <20221010204219.4A3ED19F@slippy.cwsent.com> <20221011042427.78E0BD1@slippy.cwsent.com> List-Id: Porting software to FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-ports List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-ports@freebsd.org X-BeenThere: freebsd-ports@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed X-Rspamd-Queue-Id: 4Mmxb61Skmz3jQg X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=roble.com header.s=rs060402 header.b=EiL89Rry; dmarc=pass (policy=none) header.from=roble.com; spf=pass (mx1.freebsd.org: domain of marquis@roble.com designates 209.237.23.5 as permitted sender) smtp.mailfrom=marquis@roble.com X-Spamd-Result: default: False [-4.00 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-0.999]; DMARC_POLICY_ALLOW(-0.50)[roble.com,none]; R_SPF_ALLOW(-0.20)[+ip4:209.237.23.0/24]; R_DKIM_ALLOW(-0.20)[roble.com:s=rs060402]; MIME_GOOD(-0.10)[text/plain]; TO_DN_EQ_ADDR_SOME(0.00)[]; MLMMJ_DEST(0.00)[freebsd-ports@FreeBSD.org]; MIME_TRACE(0.00)[0:+]; FROM_EQ_ENVFROM(0.00)[]; RCVD_TLS_LAST(0.00)[]; DKIM_TRACE(0.00)[roble.com:+]; TO_MATCH_ENVRCPT_SOME(0.00)[]; ASN(0.00)[asn:17403, ipnet:209.237.0.0/18, country:US]; ARC_NA(0.00)[]; MID_RHS_MATCH_FROMTLD(0.00)[]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; RCVD_COUNT_TWO(0.00)[2] X-ThisMailContainsUnwantedMimeParts: N Patch is working as intended here Cy. Good catch and thanks! Roger Marquis > In message , Roger > Marquis w > rites: >> Cy Schubert wrote: >>> Michael Grimm writes: >>>> this is a recent stable/13-n252672-2bd3dbe3dd6 running = >>>> py39-fail2ban-1.0.1_2 and python39-3.9.14 >>>> I have been running fail2ban for years now, but immediately after = >>>> upgrading py39-fail2ban fron 0.11.2 to 1.0.1 the fail2ban-server will = >>>> end up as a runaway process consuming all CPU time. This happens between = >>>> 4 to 24 hours after initial fail2ban-server startup. >> >> Am running fail2ban-1.0.1_2 and python38-3.8.14 did have a similar >> startup issue. Could not use the 'service' command and had to restort >> to 'kill -9' to stop. Fix for that was to delete /var/{run,db}/fail2ban/* >> and restart. >> >> Still seeing relatively high CPU utilization compared to the previous >> version though it rotates cores quickly. >> >> PID USERNAME THR PRI NICE SIZE RES STATE C TIME WCPU COMMAND >> 67125 root 17 20 0 74M 12M uwait 8 23.7H 102.94% python3.8 >> >> Voluntary Context SWitches seem high compared to other processes though >> have no previous benchmark to compare. >> >> PID USERNAME VCSW IVCSW READ WRITE FAULT TOTAL PERCENT COMMAND >> 67125 root 5907 23 0 0 0 0 0.00% python3.8 >> >> Only reading from 5 logfiles; kernel is 12.3-RELEASE-p7; fail2ban built >> from ports; truss reporting mostly "ERR#60 'Operation timed out'"... >> >> Roger Marquis >> > > I've been able to reproduce the problem here. Please try the attached patch > obtained from our upstream. It fixes a dovecot regression that crept into > the latest release. > > > >