Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Metricbeat-7.2.0-windows-x86_64 turn off with code exception in windows server 2016 #20393

Closed
peter-wang-wsl opened this issue Aug 2, 2020 · 7 comments
Closed

Metricbeat-7.2.0-windows-x86_64 turn off with code exception in windows server 2016 #20393

peter-wang-wsl opened this issue Aug 2, 2020 · 7 comments
Labels
Team:Platforms Label for the Integrations - Platforms team

Comments

@peter-wang-wsl
Copy link

I run metricbeat with admin privilage, after a few hours metric beat turn off with code exception.
Please help figrue out the problem, thanks a lot. For the limit I can not post all debug log

LOG:
2020-07-04T18:31:48.591+0800 DEBUG [processes] process/process.go:475 Skip process pid=720: error getting process state for pid=720: getProcCredName failed: OpenProcess failed for pid=720: Access is denied.
Exception 0xc0000005 0x0 0xc000c10000 0x7ffa05c8389a
PC=0x7ffa05c8389a
signal arrived during external code execution
syscall.Syscall(0x7ffa0638cd30, 0x2, 0xc000c0ff80, 0xc0007a8f74, 0x0, 0x0, 0x0, 0x0)
/usr/local/go/src/runtime/syscall_windows.go:184 +0xea
syscall.CommandLineToArgv(0xc000c0ff80, 0xc0007a8f74, 0x80, 0x0, 0x0)
/usr/local/go/src/syscall/zsyscall_windows.go:930 +0x80
github.com/elastic/beats/vendor/github.com/elastic/gosigar/sys/windows.ByteSliceToStringSlice(0xc000c0ff80, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0)
/go/src/github.com/elastic/beats/vendor/github.com/elastic/gosigar/sys/windows/syscall_windows.go:525 +0x75
github.com/elastic/beats/vendor/github.com/elastic/gosigar.(*ProcArgs).Get(0xc0007a9240, 0x1d4, 0x0, 0x0)
/go/src/github.com/elastic/beats/vendor/github.com/elastic/gosigar/sigar_windows.go:376 +0x1f1
github.com/elastic/beats/libbeat/metric/system/process.(*Process).getDetails(0xc00006ef00, 0xc0007a93b0, 0xb, 0xc00077ad01)
/go/src/github.com/elastic/beats/libbeat/metric/system/process/process.go:138 +0x63c
github.com/elastic/beats/libbeat/metric/system/process.(*Stats).getSingleProcess(0xc000a08120, 0x1d4, 0xc000bc4060, 0xc00006edc0)
/go/src/github.com/elastic/beats/libbeat/metric/system/process/process.go:484 +0x240
github.com/elastic/beats/libbeat/metric/system/process.(*Stats).Get(0xc000a08120, 0xc00078ede0, 0x0, 0xc00099bb60, 0x0, 0x0)
/go/src/github.com/elastic/beats/libbeat/metric/system/process/process.go:425 +0x113
github.com/elastic/beats/metricbeat/module/system/process.(*MetricSet).Fetch(0xc00099c0f0, 0xa695f80, 0xc000912f00)
/go/src/github.com/elastic/beats/metricbeat/module/system/process/process.go:102 +0x51
github.com/elastic/beats/metricbeat/mb/module.(*metricSetWrapper).fetch(0xc0001d06e0, 0x254d1a0, 0xc000912f00)
/go/src/github.com/elastic/beats/metricbeat/mb/module/wrapper.go:238 +0x2b7
github.com/elastic/beats/metricbeat/mb/module.(*metricSetWrapper).startPeriodicFetching(0xc0001d06e0, 0x254d1a0, 0xc000912f00)
/go/src/github.com/elastic/beats/metricbeat/mb/module/wrapper.go:219 +0x121
github.com/elastic/beats/metricbeat/mb/module.(*metricSetWrapper).run(0xc0001d06e0, 0xc0001760c0, 0xc000183c80)
/go/src/github.com/elastic/beats/metricbeat/mb/module/wrapper.go:196 +0x676
github.com/elastic/beats/metricbeat/mb/module.(*Wrapper).Start.func1(0xc0003fff20, 0xc0001760c0, 0xc000183c80, 0xc0001d06e0)
/go/src/github.com/elastic/beats/metricbeat/mb/module/wrapper.go:137 +0x27e
created by github.com/elastic/beats/metricbeat/mb/module.(*Wrapper).Start
/go/src/github.com/elastic/beats/metricbeat/mb/module/wrapper.go:125 +0x147
@jasontedor jasontedor transferred this issue from elastic/elasticsearch Aug 2, 2020
@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label Aug 2, 2020
@hendry-lim
Copy link
Contributor

hendry-lim commented Aug 3, 2020
edited
Loading

The getProcCredName error seems to be related to #121

Similar errors are observed in 7.8.1 and 7.9.0-SNAPSHOT (on Win 10, running as Local System).

error 
2020-08-03T10:47:30.758+0800	DEBUG	[processes]	process/process.go:475	Skip process pid=0: error getting process state for pid=0: getProcName failed: OpenProcess failed for pid=0: The parameter is incorrect.; getProcStatus failed: OpenProcess failed for pid=0: The parameter is incorrect.; getParentPid failed: OpenProcess failed for pid=0: The parameter is incorrect.
2020-08-03T10:47:30.758+0800	DEBUG	[processes]	process/process.go:475	Skip process pid=4: error getting process state for pid=4: getProcName failed: GetProcessImageFileName failed for pid=4: GetProcessImageFileName failed: invalid argument
2020-08-03T10:47:30.758+0800	DEBUG	[processes]	process/process.go:486	Error getting details for process Registry with pid=124: error getting process mem for pid=124: OpenProcess failed for pid=124: Access is denied.
2020-08-03T10:47:30.758+0800	DEBUG	[processes]	process/process.go:486	Error getting details for process smss.exe with pid=480: error getting process mem for pid=480: OpenProcess failed for pid=480: Access is denied.

@andresrc andresrc added the Team:Services (Deprecated) Label for the former Integrations-Services team label Aug 3, 2020
@elasticmachine
Copy link
Collaborator

Pinging @elastic/integrations-services (Team:Services)

@botelastic botelastic bot removed the needs_team Indicates that the issue/PR needs a Team:* label label Aug 3, 2020
@andresrc andresrc added the Team:Platforms Label for the Integrations - Platforms team label Aug 3, 2020
@elasticmachine
Copy link
Collaborator

Pinging @elastic/integrations-platforms (Team:Platforms)

@andresrc andresrc removed the Team:Services (Deprecated) Label for the former Integrations-Services team label Aug 3, 2020
@narph
Copy link
Contributor

narph commented Aug 5, 2020
edited
Loading

@hendry-lim, few points on the error messages:

Skip process pid=0: error getting process state for pid=0: getProcName failed: OpenProcess failed for pid=0: The parameter is incorrect.; getProcStatus failed: OpenProcess failed for pid=0: The parameter is incorrect.; getParentPid failed: OpenProcess failed for pid=0: The parameter is incorrect.

If the specified process is the System Process (0x00000000), the OpenProcess function fails and the last error code is ERROR_INVALID_PARAMETER.

Error getting details for process smss.exe with pid=480: error getting process mem for pid=480: OpenProcess failed for pid=480: Access is denied.

If the specified process is the Idle process or one of the CSRSS processes, this function fails and the last error code is ERROR_ACCESS_DENIED because their access restrictions prevent user-level code from opening them.

We have an open issue #17314, looking into any options if this is avoidable.
This does not and should not stop Metricbeat from running.

@peter-wang-wsl , have you tried running a more recent version of Metricbeat? Are you encountering the same issue causing Metricbeat to stop?
Also, can you upload the full log message in a file here?

@hendry-lim
Copy link
Contributor

@narph thank you for the clarification, very much appreciated. Yes, you are right our Metricbeat instances do not stop because of these errors.

@peter-wang-wsl
Copy link
Author

@hendry-lim, few points on the error messages:

Skip process pid=0: error getting process state for pid=0: getProcName failed: OpenProcess failed for pid=0: The parameter is incorrect.; getProcStatus failed: OpenProcess failed for pid=0: The parameter is incorrect.; getParentPid failed: OpenProcess failed for pid=0: The parameter is incorrect.

If the specified process is the System Process (0x00000000), the OpenProcess function fails and the last error code is ERROR_INVALID_PARAMETER.

Error getting details for process smss.exe with pid=480: error getting process mem for pid=480: OpenProcess failed for pid=480: Access is denied.

If the specified process is the Idle process or one of the CSRSS processes, this function fails and the last error code is ERROR_ACCESS_DENIED because their access restrictions prevent user-level code from opening them.

We have an open issue #17314, looking into any options if this is avoidable.
This does not and should not stop Metricbeat from running.

@peter-wang-wsl , have you tried running a more recent version of Metricbeat? Are you encountering the same issue causing Metricbeat to stop?
Also, can you upload the full log message in a file here?

@narph I did not try other version Metricbeat as seems that it related to version ElasticSearch. And with the log my Metricbeat stoped.Sorry I can not upload the full log as I did not save it.

@narph narph removed their assignment Oct 25, 2021
@jlind23
Copy link
Collaborator

jlind23 commented Apr 1, 2022

Backlog grooming: Closing for now until further activity.

@jlind23 jlind23 closed this as completed Apr 1, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Team:Platforms Label for the Integrations - Platforms team
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@andresrc @narph @elasticmachine @peter-wang-wsl @jlind23 @hendry-lim