On Wed, 26 Aug 2009, Rainer Gerhards wrote: >> -----Original Message----- >> From: [email protected] [mailto:rsyslog- >> [email protected]] On Behalf Of [email protected] >> Sent: Wednesday, August 26, 2009 3:42 PM >> To: rsyslog-users >> Subject: Re: [rsyslog] abort in 4.2.1 >> >> (gdb) thread 1 >> [Switching to thread 1 (process 11534)]#0 sanitizeMessage >> (pMsg=0x7f312c001530) at parser.c:222 >> 222 if(pszMsg[iSrc] == '\0') { /* guard against \0 >> characters... */ >> >> (gdb) print sanitizeMessage::pszMsg >> $10 = (uchar *) 0x7f312c001658 "" >> (gdb) print sanitizeMessage::szSanBuf >> $11 = >> "?Z\224J\\002\\010\\031\\025*8\\006+?\\007?\204\\011\\002\\010\\031\\02 > > On quick look, this looks seriously malformed, so I think either the message > object or the pointer to it (more likely) was corrupted some time before it > was passed to the function that than malfunctioned. Will look now more > in-depth, but it looks like we need to have one of these situations where the > bug bites at a totally unrelated section of the code but causes a crash > somewhere else. > > Would it be possible to run the instance under valgrind control? It will run > 5 to 10 times slower, but if that would be fast enough, it could (could!) > help to pinpoint the root cause. I can talk you through using the tool if you > do not have used it before (its quite trivial).
that would be hard to so for a couple reasons at 5-10 times slower the system may not be able to keep up (even with the 'slower' afternoon traffic) this is running on a very hardened production server, getting valgrind installed there would require permission from the SVP level. David Lang _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
