[ZBX-8590] Windows agent crash caused by eventlog key Created: 2014 Aug 07 Updated: 2017 May 30 Resolved: 2015 Jan 05 |
|
| Status: | Closed |
| Project: | ZABBIX BUGS AND ISSUES |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Incident report | Priority: | Critical |
| Reporter: | Kodai Terashima | Assignee: | Unassigned |
| Resolution: | Duplicate | Votes: | 1 |
| Labels: | Windows, crash, eventlog | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Environment: |
Zabbix 2.2.4, Windows 2008R2 |
||
| Issue Links: |
|
||||||||
| Description |
|
Windows 2.2.4 agent crashed on Windows 2008R2. It seems that the cause of the crash is reading eventlog. |
| Comments |
| Comment by Kodai Terashima [ 2014 Aug 07 ] |
|
Windows agent stopped with logs below: 1708:20140801:154205.908 End of process_eventlog6():SUCCEED 1708:20140801:154205.908 In process_eventlog6() source: 'System' previous lastlogsize: 15929, FirstID: 1, LastID: 17277 1708:20140801:154205.908 In zbx_get_eventlog_message6() lastlogsize:15930 1708:20140801:154205.908 In expand_message6() 1708:20140801:154205.908 End of expand_message6(): XXXXXX |
| Comment by Ryan Armstrong [ 2014 Sep 10 ] |
|
We are experiencing the same issue on a number of Windows 2008R2 servers with v2.2.5.
Here's the stack trace from a crash dump: zabbix_agentd!regcomp(void)+0xf3 [c:\...\src\libs\zbxregexp\gnuregex.c @ 4858] zabbix_agentd!zbx_regexp(char * string = 0x00000005`00000000 "--- memory read error at address 0x00000005`00000000 ---", char * pattern = 0x00000000`00000000 "", int * len = 0x00000000`003c1050, int flags = 0n0)+0x8e [c:\...\src\libs\zbxregexp\zbxregexp.c @ 51] zabbix_agentd!regexp_match_ex_regsub(char * string = 0x00000000`049cc610 "1054", char * pattern = 0x00000001`400520d9 "H???", int case_sensitive = 0n8, char * output_template = 0x00000000`003c1050 "10.0.0.1", char ** output = 0x00000000`00000000)+0x2e [c:\...\src\libs\zbxregexp\zbxregexp.c @ 357] zabbix_agentd!regexp_sub_ex(struct zbx_vector_ptr_t * regexps = 0x00000000`00000400, char * string = 0x00000000`003c1050 "10.0.0.1", char * pattern = 0x00000000`00000400 "--- memory read error at address 0x00000000`00000400 ---", int case_sensitive = 0n0, char * output_template = 0x00000000`00000000 "", char ** output = 0x00000000`00000000)+0x69 [c:\...\src\libs\zbxregexp\zbxregexp.c @ 487] zabbix_agentd!regexp_match_ex(struct zbx_vector_ptr_t * regexps = 0x00000000`003c1050, char * string = 0x00000000`003c1050 "10.0.0.1", char * pattern = 0x00000001`400750a0 "%lu", int case_sensitive = 0n1054)+0x15 [c:\...\src\libs\zbxregexp\zbxregexp.c @ 548] zabbix_agentd!process_active_checks(char * server = 0x01cfccae`033b38e0 "--- memory read error at address 0x01cfccae`033b38e0 ---", unsigned short port = 1)+0xaf6 [c:\...\src\zabbix_agent\active.c @ 1134] zabbix_agentd!active_checks_thread(void * args = 0x00000000`00000000)+0x151 [c:\...\src\zabbix_agent\active.c @ 1351] zabbix_agentd!_callthreadstartex(void)+0x17 [f:\dd\vctools\crt\crtw32\startup\threadex.c @ 376] zabbix_agentd!_threadstartex(void * ptd = 0x00000000`003794d0)+0x102 [f:\dd\vctools\crt\crtw32\startup\threadex.c @ 354] kernel32!BaseThreadInitThunk+0xd ntdll!RtlUserThreadStart+0x1d |
| Comment by Ryan Armstrong [ 2014 Sep 10 ] |
|
This issues is resolved for me in v2.2.6. I imagine this is fixed by |
| Comment by Kazuo Ito [ 2014 Dec 16 ] |
|
Hi Ryan, Thank you for the information! Best Regards, |
| Comment by Ryan Armstrong [ 2014 Dec 17 ] |
|
Hi Kaz, I compiled the agent binary with debug symbols, loaded the symbols into WinDbg and ran the agent in WinDbg. Regards |
| Comment by Kazuo Ito [ 2014 Dec 18 ] |
|
Hi Ryan, I'll try the WinDbg. |
| Comment by Kazuo Ito [ 2015 Jan 05 ] |
|
Confirmed this problem was fixed with |