[OpenSIPS-Devel] [ opensips-Bugs-2430807 ] Opensips crashes when publish received for RLS list

SourceForge.net noreply at sourceforge.net
Mon Feb 2 10:04:36 CET 2009


Bugs item #2430807, was opened at 2008-12-15 16:34
Message generated for change (Comment added) made by rmnathan
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=1086410&aid=2430807&group_id=232389

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: modules
Group: trunk
Status: Open
Resolution: None
Priority: 8
Private: No
Submitted By: Nathan (rmnathan)
Assigned to: Anca Vamanu (anca_vamanu)
Summary: Opensips crashes when publish received for RLS list

Initial Comment:
Version - trunk(5049)
I have tried all sort of following thing to generate core . But it failed to generate core dump.
1.  disable_core_dump is set to no
2. set fork=no and child=no
3. tried to find core dump  at /
4. compiled opensips with the following command
    make mode=debug modules
    echo $?
    make mode=debug prefix=/usr/local/ install
5. OS stinbng46:/# uname -a
Linux stinbng46 2.6.18-staros-v2-20294-deb #1 SMP Mon Jul 14 05:18:18 EDT 2008 i686 GNU/Linux ( With same OS openser created core dump)

Is there any anything I might be missing? please help me to generate core dump , it will be very helpful for debugging.

Crash:
=====
Crash observed when notify sent out for RLS list in case of PUBLISH received. for more information please find the attached logs.

Dec 15 05:12:44 [15278] DBG:core:parse_uri:  uri params:
   transport=<>, val=<>, proto=0
Dec 15 05:12:44 [15278] DBG:core:parse_uri:    user-param=<>, val=<>
Dec 15 05:12:44 [15278] DBG:core:parse_uri:    method=<>, val=<>
Dec 15 05:12:44 [15278] DBG:core:parse_uri:    ttl=<>, val=<>
Dec 15 05:12:44 [15278] DBG:core:parse_uri:    maddr=<>, val=<>
Dec 15 05:12:44 [15278] DBG:core:parse_uri:    lr=<lr>
Dec 15 05:12:44 [15278] DBG:core:mk_proxy: doing DNS lookup...
Dec 15 05:12:44 [15278] DBG:tm:dlg2hash: 21643
Dec 15 05:12:44 [15278] DBG:tm:print_request_uri: sip:c3-1 at 192.168.126.151:40000
Dec 15 05:12:44 [15278] DBG:tm:set_timer: relative timeout is 500000
Dec 15 05:12:44 [15278] DBG:tm:insert_timer_unsafe: [4]: 0xb5be4a64 (20500000)
Dec 15 05:12:44 [15278] DBG:tm:set_timer: relative timeout is 30
Dec 15 05:12:44 [15278] DBG:tm:insert_timer_unsafe: [0]: 0xb5be4a84 (50)
Dec 15 05:12:44 [15278] DBG:rls:timer_send_notify: Found rl-subs record in hash table
Dec 15 05:12:44 [15277] INFO:core:handle_sigs: child process 15278 exited by a signal 11
Dec 15 05:12:44 [15277] INFO:core:handle_sigs: core was not generated
Dec 15 05:12:44 [15277] INFO:core:handle_sigs: terminating due to SIGCHLD
Dec 15 05:12:44 [15279] INFO:core:sig_usr: signal 15 received

Dec 15 05:12:44 [15277] DBG:core:shm_mem_destroy:
Dec 15 05:12:44 [15277] DBG:core:shm_mem_destroy: destroying the shared memory lock
Dec 15 05:12:44 [15277] DBG:core:handle_sigs: terminating due to SIGCHLD

----------------------------------------------------------------------

Comment By: Nathan (rmnathan)
Date: 2009-02-02 14:34

Message:
Hi Anca,
I have tested with new clone . The crash is not observed. but i have seen
lot of error message like beow. I will update log and call flow for this
error message in the respective bug item.

Feb  2 14:26:28 [26461] ERROR:rls:parse_subs_state: terminated state and
no reason foundFeb  2 14:26:28 [26461] ERROR:rls:rls_handle_notify: while
parsing 'Subscription-State' header
Feb  2 14:26:28 [26461] ERROR:rls:parse_subs_state: terminated state and
no reason foundFeb  2 14:26:28 [26461] ERROR:rls:rls_handle_notify: while
parsing 'Subscription-State' header
Feb  2 14:26:29 [26461] ERROR:rls:rls_notify_callback: record not found in
hash table
Feb  2 14:26:34 [26461] ERROR:rls:parse_subs_state: terminated state and
no reason foundFeb  2 14:26:34 [26461] ERROR:rls:rls_handle_notify: while
parsing 'Subscription-State' header
Feb  2 14:26:34 [26461] ERROR:rls:parse_subs_state: terminated state and
no reason foundFeb  2 14:26:34 [26461] ERROR:rls:rls_handle_notify: while
parsing 'Subscription-State' header

Thanks lot

Regards,
rmnathan

----------------------------------------------------------------------

Comment By: Anca Vamanu (anca_vamanu)
Date: 2009-01-23 18:46

Message:
Hi Rmnathan,

Yesterday I have found a double free bug in rls module. Can you please
update your version and test again?

Thanks and regards,
Anca

----------------------------------------------------------------------

Comment By: Nathan (rmnathan)
Date: 2009-01-22 12:23

Message:
Hi Anca,
Any update on this issue?

Regards,
rmnathan

----------------------------------------------------------------------

Comment By: Nobody/Anonymous (nobody)
Date: 2009-01-12 19:25

Message:
Hi Anca,
The details of error message and call scenario as follows

1.Error Message
=================
 Only following error message is getting at the time of crashing
Jan 12 08:20:10 [27860] WARNING:core:main: no fork mode
Jan 12 08:21:10 [27860] ERROR:core:db_do_insert: invalid parameter value
Jan 12 08:21:10 [27860] ERROR:pua:db_update: while inserting in db table
pua

2. Setup details
=================
UE 1 
	-------	   PROXY  --------- Opensips
UE 2 

Note : All users are in same domain

UE 2 will have following list in openxcap table
----------------------------------------------------
It has 100 list  for each user

 uE2_1, UE2_2, UE2_3 ..
UE2_1 list will have 5 entry uri like UE1_1,UE1_2,UE1_3,UE1_4,UE1_5
UE2_2 list will have 5 entry uri like UE1_2,UE1_3,UE1_4,UE1_5,UE1_6
simillary it will go for 100 user
.
.
UE2_100 list will have 5 entry uri like UE1_100,UE1_1,UE1_2,UE1_3,UE1_4

UE 1 will have following list in openxcap table
----------------------------------------------------
It has 100 list  for each user

 uE2_1, UE2_2, UE2_3 ..
UE1_1 list will have 5 entry uri like UE2_1,UE2_2,UE2_3,UE2_4,UE2_5
UE1_2 list will have 5 entry uri like UE2_2,UE2_3,UE2_4,UE2_5,UE2_6
simillary it will go for 100 user
.
.

UE1_100 list will have 5 entry uri like UE2_100,UE2_1,UE2_2,UE2_3,UE2_4


Sample Message flow for UE1 for one user 
========================================

1. UE 1(UE1_1) will send subscribe message to rls list UE1_1 
2. UE 1 will send publish 

simillary UE2_1 .. will send subscribe and publish.


Regards,
rmnathan

----------------------------------------------------------------------

Comment By: Anca Vamanu (anca_vamanu)
Date: 2009-01-08 21:36

Message:
Hi,

I did not succeeded to get segmentation fault on my machine or to detect
the problem in the code and from your trace. Can you please tell me if see
any errors in you log file? And what scenario are you using when testing?

regards,
Anca



----------------------------------------------------------------------

Comment By: Nathan (rmnathan)
Date: 2009-01-07 18:22

Message:
crash 2 with full bt trace
===================
error message before crashing:
Jan  7 07:21:05 [10134] ERROR:core:db_do_insert: invalid parameter value
Jan  7 07:21:05 [10134] ERROR:pua:db_update: while inserting in db table
pua

Core was generated by `/usr/local/sbin/opensips -m 1024'.
Program terminated with signal 11, Segmentation fault.
#0  fm_malloc (qm=0x81a3ba0, size=1528) at mem/f_malloc.c:267
267                             if ((*f)->size>=size) goto found;
(gdb) bt full
#0  fm_malloc (qm=0x81a3ba0, size=1528) at mem/f_malloc.c:267
        f = (struct fm_frag **) 0x81a4330
        hash = 239
#1  0xb78f1b51 in agg_body_sendn_update (rl_uri=0x81b31b0,
boundary_string={s = 0x81b1970 "gQIIPDYu2UDVZoZv5NTp3DgT", len = 24},
rlmi_body=0xbf9ad484,
    multipart_body=0xbf9ad47c, subs=0x81b31b0, hash_code=1381) at
notify.c:238
        cid = {s = 0x81b1c50 "1231330858.sip:c5-1 at 10.6.2.246.1189641421",
len = 41}
        len = 1526
        body = {s = 0x0, len = 0}
        __FUNCTION__ = "agg_body_sendn_update"
#2  0xb78f4efe in timer_send_notify (ticks=180, param=0x0) at
resource_notify.c:544
        query_cols = {0xb7906844, 0xb7ab9510}
        update_cols = {0xb7906844}
        result_cols = {0xb7906834, 0xb790683c, 0xb790684c, 0xb790685c,
0xb7906854, 0xb7906864, 0x0}
        query_vals = {{type = DB_INT, nul = 0, free = 2007220120, val =
{int_val = 1, double_val = 1.6975966328216244e-313, time_val = 1,
      string_val = 0x1 <Address 0x1 out of bounds>, str_val = {s = 0x1
<Address 0x1 out of bounds>, len = 8}, blob_val = {
        s = 0x1 <Address 0x1 out of bounds>, len = 8}, bitmap_val = 1}},
{type = 135996560, nul = 0, free = -1080372044, val = {int_val = 135974160,
      double_val = 6.7180161178120992e-316, time_val = 135974160,
string_val = 0x81acd10 "¨\225«·", str_val = {s = 0x81acd10 "¨\225«·",
len = 0},
      blob_val = {s = 0x81acd10 "¨\225«·", len = 0}, bitmap_val =
135974160}}}
        update_vals = {{type = DB_DATETIME, nul = 2007220120, free =
-1213492080, val = {int_val = -1, double_val = -1.5830897899132156e-40,
time_val = -1,
      string_val = 0xffffffff <Address 0xffffffff out of bounds>, str_val
= {s = 0xffffffff <Address 0xffffffff out of bounds>, len = -1213492016},
      blob_val = {s = 0xffffffff <Address 0xffffffff out of bounds>, len =
-1213492016}, bitmap_val = 4294967295}}}
        i = 5
        result = (db_res_t *) 0x81b1768
        prev_did = 0x481c5c3c
"c5-1-80;227413568;97b57f2144c425bc44f2e7a21eb22549-57d9"
        curr_did = 0x481c601c
"c6-1-80;227413312;97b57f2144c425bc44f2e7a21eb22549-4c39"
        row_vals = (db_val_t *) 0x81b2d78
        resource_uri = 0x481c6054 "sip:s6-1 at 10.6.2.246"
        pres_state = 0x481c6080 "<?xml version=\"1.0\"
encoding=\"UTF-8\"?>\n<presence xmlns=\"urn:ietf:params:xml:ns:pidf\"
xmlns:rpid=\"urn:ietf:params:xml:ns:pidf:rpid\"
xmlns:dm=\"urn:ietf:params:xml:ns:pidf:data-model\"
xmlns:pcp=\"urn:ietf"...
        callid = {s = 0x481c5c3c
"c5-1-80;227413568;97b57f2144c425bc44f2e7a21eb22549-57d9", len = 7}
        to_tag = {s = 0x481c5c4e "97b57f2144c425bc44f2e7a21eb22549-57d9",
len = 37}
        from_tag = {s = 0x481c5c44
"227413568;97b57f2144c425bc44f2e7a21eb22549-57d9", len = 9}
        rlmi_doc = (xmlDocPtr) 0x481af758
        list_node = (xmlNodePtr) 0x481accb8
        instance_node = (xmlNodePtr) 0x481af9a0
        resource_node = (xmlNodePtr) 0x481af8b0
        hash_code = 1381
        size = 2048
        buf_len = 1004
        buf = 0x81b3380
"--gQIIPDYu2UDVZoZv5NTp3DgT\r\n\r\nContent-Transfer-Encoding:
binary\r\nContent-ID:
<1231330858.sip:s5-1 at 10.6.2.246.596516649>\r\nContent-Type:
application/pidf+xml\r\n\r\n<?xml version=\"1.0\"
encoding=\"UTF-8\"?>\n<p"...
        auth_state = <value optimized out>
        contor = 1
        auth_state_flag = 2
        bstr = {s = 0x81b1970 "gQIIPDYu2UDVZoZv5NTp3DgT", len = 24}
        rlmi_cont = {
  s = 0x481aed98 "<?xml version=\"1.0\"?>\n<list
uri=\"sip:c5-1 at 10.6.2.246\" xmlns=\"urn:ietf:params:xml:ns:rlmi\"
version=\"5\" fullState=\"false\">\n  <resource
uri=\"sip:s5-1 at 10.6.2.246\">\n    <instance id=\"icDW4oK5\"
state=\"activ"..., len = 274}
        multi_cont = {
  s = 0x81b3380
"--gQIIPDYu2UDVZoZv5NTp3DgT\r\n\r\nContent-Transfer-Encoding:
binary\r\nContent-ID:
<1231330858.sip:s5-1 at 10.6.2.246.596516649>\r\nContent-Type:
application/pidf+xml\r\n\r\n<?xml version=\"1.0\"
encoding=\"UTF-8\"?>\n<p"..., len = 1004}
        s = (subs_t *) 0x77af7598
        dialog = (subs_t *) 0x81b31b0
        rl_uri = 0x81b2a80 "sip:c5-1 at 10.6.2.246"
        str_aux = <value optimized out>
        __FUNCTION__ = "timer_send_notify"
#3  0x080ccfb5 in start_timer_processes () at timer.c:280
---Type <return> to continue, or q <return> to quit---
        tpl = (struct sr_timer_process *) 0x81acad8
        pid = <value optimized out>
        first = <value optimized out>
        __FUNCTION__ = "start_timer_processes"
#4  0x0806f189 in main (argc=3, argv=0xbf9ad664) at main.c:666
        cfg_log_stderr = 0
        cfg_stream = (FILE *) 0x481a4008
        c = <value optimized out>
        r = <value optimized out>
        tmp = 0xbf9aedec ""
        tmp_len = <value optimized out>
        port = <value optimized out>
        proto = <value optimized out>
        ret = <value optimized out>
        seed = 4221279407
        rfd = 4
        __FUNCTION__ = "main"
(gdb)

crash 3 with full bt trace
===================
error message before crashing:
Jan  7 07:29:00 [10190] ERROR:db_mysql:db_mysql_str2val: invalid parameter
value
Jan  7 07:29:00 [10190] ERROR:db_mysql:db_mysql_convert_row: failed to
convert value
Jan  7 07:29:09 [10189] ERROR:core:db_do_insert: invalid parameter value
Jan  7 07:29:09 [10189] ERROR:pua:db_update: while inserting in db table
pua

Core was generated by `/usr/local/sbin/opensips -m 1024'.
Program terminated with signal 11, Segmentation fault.
#0  db_free_row (_r=0x81b79e8) at db/db_row.c:62
62                      switch (VAL_TYPE(_val)) {
(gdb) bt full
#0  db_free_row (_r=0x81b79e8) at db/db_row.c:62
        col = 0
        _val = (db_val_t *) 0x0
        __FUNCTION__ = "db_free_row"
#1  0xb7d9b580 in db_mysql_convert_row (_h=0x81b3820, _res=0x81ad938,
_r=0x81b79e8) at row.c:69
        lengths = (long unsigned int *) 0x481aebcc
        i = 135935876
        __FUNCTION__ = "db_mysql_convert_row"
#2  0xb7d9aeca in db_mysql_convert_result (_h=0x81b3820, _r=0x81ad938) at
res.c:171
        __FUNCTION__ = "db_mysql_convert_result"
#3  0xb7d98a2f in db_mysql_store_result (_h=0x81b3820, _r=0xbf9f4500) at
dbase.c:177
        __FUNCTION__ = "db_mysql_store_result"
#4  0x0811b94f in db_do_query (_h=0x81b3820, _k=0xbf9f44f4, _op=0x0,
_v=0xbf9f4474, _c=0xbf9f449c, _n=1, _nc=6, _o=0xb78e6834, _r=0xbf9f4500,
    val2str=0xb7d9b780 <db_mysql_val2str>, submit_query=0xb7d98de9
<db_mysql_submit_query>, store_result=0xb7d989c7 <db_mysql_store_result>)
    at db/db_query.c:105
        tmp = <value optimized out>
        off = 132
        ret = <value optimized out>
        __FUNCTION__ = "db_do_query"
#5  0xb7d97d05 in db_mysql_query (_h=0x81b3820, _k=0xbf9f44f4, _op=0x0,
_v=0xbf9f4474, _c=0xbf9f449c, _n=1, _nc=6, _o=0xb78e6834, _r=0xbf9f4500)
    at dbase.c:247
No locals.
#6  0xb78d4c75 in timer_send_notify (ticks=80, param=0x0) at
resource_notify.c:493
        query_cols = {0xb78e6844, 0x0}
        update_cols = {0xb78e6844}
        result_cols = {0xb78e6834, 0xb78e683c, 0xb78e684c, 0xb78e685c,
0xb78e6854, 0xb78e6864, 0x0}
        query_vals = {{type = DB_INT, nul = 0, free = 2007089048, val =
{int_val = 1, double_val = -2.766852607421637e-39, time_val = 1,
      string_val = 0x1 <Address 0x1 out of bounds>, str_val = {s = 0x1
<Address 0x1 out of bounds>, len = -1209130788}, blob_val = {
        s = 0x1 <Address 0x1 out of bounds>, len = -1209130788},
bitmap_val = 1}}, {type = 3085836512, nul = -1209131020, free = 310, val =
{int_val = 310,
      double_val = -0.03053575754165757, time_val = 310, string_val =
0x136 <Address 0x136 out of bounds>, str_val = {
        s = 0x136 <Address 0x136 out of bounds>, len = -1080081212},
blob_val = {s = 0x136 <Address 0x136 out of bounds>, len = -1080081212},
      bitmap_val = 310}}}
        update_vals = {{type = DB_DATETIME, nul = 2007089048, free =
-1080081152, val = {int_val = -1, double_val = -3.3348689399357007e-39,
time_val = -1,
      string_val = 0xffffffff <Address 0xffffffff out of bounds>, str_val
= {s = 0xffffffff <Address 0xffffffff out of bounds>, len = -1208866784},
      blob_val = {s = 0xffffffff <Address 0xffffffff out of bounds>, len =
-1208866784}, bitmap_val = 4294967295}}}
        i = <value optimized out>
        result = (db_res_t *) 0x81ad938
        prev_did = <value optimized out>
        curr_did = <value optimized out>
        row_vals = <value optimized out>
        resource_uri = <value optimized out>
        pres_state = <value optimized out>
        callid = {s = 0x0, len = 0}
        to_tag = {s = 0x481c67ed
"h\034H_h\034H`h\034H±k\034Hc3-2-80;210632768;97b57f2144c425bc44f2e7a21eb22549-f3e9",
len = 79}
        from_tag = {s = 0x481c67e4
"4h\034HHh\034HJh\034H_h\034H`h\034H±k\034Hc3-2-80;210632768;97b57f2144c425bc44f2e7a21eb22549-f3e9",
len = 8}
        rlmi_doc = <value optimized out>
        list_node = <value optimized out>
        instance_node = <value optimized out>
        resource_node = <value optimized out>
        hash_code = <value optimized out>
        size = <value optimized out>
        buf_len = <value optimized out>
        buf = <value optimized out>
        auth_state = <value optimized out>
        contor = <value optimized out>
        auth_state_flag = <value optimized out>
        bstr = {s = 0x0, len = 0}
---Type <return> to continue, or q <return> to quit---
        rlmi_cont = {s = 0x0, len = 0}
        multi_cont = {s = 0x0, len = 8}
        s = <value optimized out>
        dialog = <value optimized out>
        rl_uri = <value optimized out>
        str_aux = <value optimized out>
        __FUNCTION__ = "timer_send_notify"
#7  0x080ccfb5 in start_timer_processes () at timer.c:280
        tpl = (struct sr_timer_process *) 0x81acad8
        pid = <value optimized out>
        first = <value optimized out>
        __FUNCTION__ = "start_timer_processes"
#8  0x0806f189 in main (argc=3, argv=0xbf9f46b4) at main.c:666
        cfg_log_stderr = 0
        cfg_stream = (FILE *) 0x481a4008
        c = <value optimized out>
        r = <value optimized out>
        tmp = 0xbf9f5dec ""
        tmp_len = <value optimized out>
        port = <value optimized out>
        proto = <value optimized out>
        ret = <value optimized out>
        seed = 3089561270
        rfd = 4
        __FUNCTION__ = "main"
(gdb)



----------------------------------------------------------------------

Comment By: Nathan (rmnathan)
Date: 2009-01-07 17:45

Message:
Hi
the full trace as follows 
 
Core was generated by `/usr/local/sbin/opensips'.
Program terminated with signal 11, Segmentation fault.
#0  0xb78e7eca in timer_send_notify (ticks=120, param=0x0) at
resource_notify.c:721
721                            
if(strncmp(row_vals[resource_uri_col].val.string_val,
(gdb) bt full
#0  0xb78e7eca in timer_send_notify (ticks=120, param=0x0) at
resource_notify.c:721
        query_cols = {0xb78f8844, 0xb7aab510}
        update_cols = {0x0}
        result_cols = {0xb78f8834, 0xb78f883c, 0xb78f884c, 0xb78f885c,
0xb78f8854, 0xb78f8864, 0x0}
        query_vals = {{type = DB_INT, nul = 0, free = -1247617128, val =
{int_val = 1, double_val = 4.2439915824246103e-314, time_val = 1,
      string_val = 0x1 <Address 0x1 out of bounds>, str_val = {s = 0x1
<Address 0x1 out of bounds>, len = 2}, blob_val = {
        s = 0x1 <Address 0x1 out of bounds>, len = 2}, bitmap_val = 1}},
{type = DB_DOUBLE, nul = 0, free = -1081894044, val = {int_val = 135974160,
      double_val = 6.7180161178120992e-316, time_val = 135974160,
string_val = 0x81acd10 "°µª·øÎ\032\b", str_val = {s = 0x81acd10
"°µª·øÎ\032\b", len = 0},
      blob_val = {s = 0x81acd10 "°µª·øÎ\032\b", len = 0}, bitmap_val
= 135974160}}}
        update_vals = {{type = DB_DATETIME, nul = -1247617128, free =
-1243838944, val = {int_val = -1213549416, double_val =
-1.5328670054899573e-40,
      time_val = -1213549416, string_val = 0xb7aab498 "ÍSª·\006",
str_val = {s = 0xb7aab498 "ÍSª·\006", len = -1213549360}, blob_val = {
        s = 0xb7aab498 "ÍSª·\006", len = -1213549360}, bitmap_val =
3081417880}}}
        i = 298
        result = (db_res_t *) 0x828f678
        prev_did = 0x4821159c
"s6-13-80;100595200;97b57f2144c425bc44f2e7a21eb22549-1265"
        curr_did = 0x48211d5c
"s6-14-80;218035712;97b57f2144c425bc44f2e7a21eb22549-365a"
        row_vals = (db_val_t *) 0x64697072
        resource_uri = <value optimized out>
        pres_state = 0x48211dc2 "<?xml version=\"1.0\"
encoding=\"UTF-8\"?>\n<presence xmlns=\"urn:ietf:params:xml:ns:pidf\"
xmlns:rpid=\"urn:ietf:params:xml:ns:pidf:rpid\"
xmlns:dm=\"urn:ietf:params:xml:ns:pidf:data-model\"
xmlns:pcp=\"urn:ietf"...
        callid = {s = 0x48211d5c
"s6-14-80;218035712;97b57f2144c425bc44f2e7a21eb22549-365a", len = 8}
        to_tag = {s = 0x48211d6f "97b57f2144c425bc44f2e7a21eb22549-365a",
len = 37}
        from_tag = {s = 0x48211d65
"218035712;97b57f2144c425bc44f2e7a21eb22549-365a", len = 9}
        rlmi_doc = (xmlDocPtr) 0x481aec20
        list_node = (xmlNodePtr) 0x481accb8
        instance_node = (xmlNodePtr) 0x481f0da0
        resource_node = (xmlNodePtr) 0x481af8c0
        hash_code = 349
        size = 6144
        buf_len = 1007
        buf = 0x8298040
"--uiJUnfDUyfcSFWRINqnYyVEx\r\n\r\nContent-Transfer-Encoding:
binary\r\nContent-ID:
<1231322726.sip:c6-18 at 10.6.2.246.596516649>\r\nContent-Type:
application/pidf+xml\r\n\r\n<?xml version=\"1.0\"
encoding=\"UTF-8\"?>\n<"...
        auth_state = <value optimized out>
        contor = 1
        auth_state_flag = <value optimized out>
        bstr = {s = 0x8292c30 "uiJUnfDUyfcSFWRINqnYyVEx", len = 24}
        rlmi_cont = {
  s = 0x481f0fd8 "pTï·pTï·Ð\017\037HÐ\017\037H.0\"?>\n<list
uri=\"sip:s6-13 at 10.6.2.246\" xmlns=\"urn:ietf:params:xml:ns:rlmi\"
version=\"2\" fullState=\"false\">\n  <resource
uri=\"sip:c6-17 at 10.6.2.246\">\n    <instance id=\"icDW4oK5\"
state=\"act"..., len = 959}
        multi_cont = {
  s = 0x8298040
"--uiJUnfDUyfcSFWRINqnYyVEx\r\n\r\nContent-Transfer-Encoding:
binary\r\nContent-ID:
<1231322726.sip:c6-18 at 10.6.2.246.596516649>\r\nContent-Type:
application/pidf+xml\r\n\r\n<?xml version=\"1.0\"
encoding=\"UTF-8\"?>\n<"..., len = 6053}
        s = (subs_t *) 0xb602c300
        dialog = (subs_t *) 0x81a7ef0
        rl_uri = 0x8291670 "sip:s6-14 at 10.6.2.246"
        str_aux = <value optimized out>
        __FUNCTION__ = "timer_send_notify"
#1  0x080ccfb5 in start_timer_processes () at timer.c:280
        tpl = (struct sr_timer_process *) 0x81acad8
        pid = <value optimized out>
        first = <value optimized out>
        __FUNCTION__ = "start_timer_processes"
#2  0x0806f189 in main (argc=1, argv=0xbf839d14) at main.c:666
        cfg_log_stderr = 0
        cfg_stream = (FILE *) 0x481a4008
        c = <value optimized out>
        r = <value optimized out>
---Type <return> to continue, or q <return> to quit---
        tmp = 0x8166200 "\034a\026\bhFó·@¼ò·"
        tmp_len = <value optimized out>
        port = <value optimized out>
        proto = <value optimized out>
        ret = <value optimized out>
        seed = 82752229
        rfd = 4
        __FUNCTION__ = "main"
(gdb)

Regards,
rmnathan

----------------------------------------------------------------------

Comment By: Nobody/Anonymous (nobody)
Date: 2009-01-07 16:34

Message:
It would help to provide the backtrace with the full context and the value
of the local variables. To do that use "bt full" instead of just "bt".

Dan


----------------------------------------------------------------------

Comment By: Nathan (rmnathan)
Date: 2009-01-07 16:10

Message:
Hi Anca,
I observed few crashes as follows while testing with new trunck build.

Crash 1:
======
Core was generated by `/usr/local/sbin/opensips -m 1024'.
Program terminated with signal 11, Segmentation fault.
#0  0xb7e18d00 in strncmp () from /lib/libc.so.6
(gdb) bt
#0  0xb7e18d00 in strncmp () from /lib/libc.so.6
#1  0xb78cfee3 in timer_send_notify (ticks=40, param=0x0) at
resource_notify.c:721
#2  0x080ccfb5 in start_timer_processes () at timer.c:280
#3  0x0806f189 in main (argc=3, argv=0xbfb57014) at main.c:666

Crash 2:
======
Program terminated with signal 11, Segmentation fault.
#0  fm_malloc (qm=0x81a3ba0, size=2640) at mem/f_malloc.c:267
267                             if ((*f)->size>=size) goto found;
(gdb) bt
#0  fm_malloc (qm=0x81a3ba0, size=2640) at mem/f_malloc.c:267
#1  0xb78dcb51 in agg_body_sendn_update (rl_uri=0x81a7ef0,
boundary_string={s = 0x81dadc0 "j5dDEBAL5H1LAtor2qUGI2ac", len = 24},
rlmi_body=0xbfef61d4,
    multipart_body=0xbfef61cc, subs=0x81a7ef0, hash_code=1978) at
notify.c:238
#2  0xb78dfefe in timer_send_notify (ticks=60, param=0x0) at
resource_notify.c:544
#3  0x080ccfb5 in start_timer_processes () at timer.c:280
#4  0x0806f189 in main (argc=3, argv=0xbfef63b4) at main.c:666

crash 3:
======
#0  0xb78e7eca in timer_send_notify (ticks=120, param=0x0) at
resource_notify.c:721
721                            
if(strncmp(row_vals[resource_uri_col].val.string_val,
(gdb) bt
#0  0xb78e7eca in timer_send_notify (ticks=120, param=0x0) at
resource_notify.c:721
#1  0x080ccfb5 in start_timer_processes () at timer.c:280
#2  0x0806f189 in main (argc=1, argv=0xbf839d14) at main.c:666

crash 4:
======
Core was generated by `/usr/local/sbin/opensips -m 1024'.
Program terminated with signal 11, Segmentation fault.
#0  db_free_row (_r=0x81c25d0) at db/db_row.c:62
62                      switch (VAL_TYPE(_val)) {

crash 5:
======
Core was generated by `/usr/local/sbin/opensips'.
Program terminated with signal 11, Segmentation fault.
#0  0x080f9282 in parse_uri (buf=0x8 <Address 0x8 out of bounds>,
len=135995841, uri=0xbf9fbfe0) at parser/parse_uri.c:329
329             scheme=buf[0]+(buf[1]<<8)+(buf[2]<<16)+(buf[3]<<24);


----------------------------------------------------------------------

Comment By: Anca Vamanu (anca_vamanu)
Date: 2009-01-06 20:11

Message:
Hi Meganathan,

I think that I have finally found the bug this time. Can you please
update, test again and confirm?

Thanks and regards,
Anca

----------------------------------------------------------------------

Comment By: Nathan (rmnathan)
Date: 2008-12-31 15:07

Message:
Hi Anca,
 Any update on this issue?

Regards,
Meganathan.

----------------------------------------------------------------------

Comment By: Nathan (rmnathan)
Date: 2008-12-18 20:15

Message:
Hi Anca 
 I have retested with latest build (rev 5071). Again I got the crash  

(gdb) bt
#0  0xb7e1861d in _IO_str_overflow () from /lib/libc.so.6
#1  0xb7e17747 in _IO_default_xsputn () from /lib/libc.so.6
#2  0xb7deea94 in vfprintf () from /lib/libc.so.6
#3  0xb7e0c92c in vsprintf () from /lib/libc.so.6
#4  0xb7df775e in sprintf () from /lib/libc.so.6
#5  0xb78d810b in timer_send_notify (ticks=40, param=0x0) at
resource_notify.c:700
#6  0x080ccb55 in start_timer_processes () at timer.c:280
#7  0x0806ef69 in main (argc=1, argv=0xbfa78f44) at main.c:666

Regards,
rmnathan


----------------------------------------------------------------------

Comment By: Anca Vamanu (anca_vamanu)
Date: 2008-12-18 17:58

Message:
Hi rmnathan,

I have made some changes in the rls module. 
Can you please update and test again?

regards,
Anca

----------------------------------------------------------------------

Comment By: Nathan (rmnathan)
Date: 2008-12-16 15:42

Message:
Hi Anca,
After i compiled with following commands i got core dump with line
numbers.

make
echo $?
make prefix=/usr/local/ install

Program terminated with signal 11, Segmentation fault.
#0  0xb7e5161d in _IO_str_overflow () from /lib/libc.so.6
(gdb) bt
#0  0xb7e5161d in _IO_str_overflow () from /lib/libc.so.6
#1  0xb7e50747 in _IO_default_xsputn () from /lib/libc.so.6
#2  0xb7e27a94 in vfprintf () from /lib/libc.so.6
#3  0xb7e4592c in vsprintf () from /lib/libc.so.6
#4  0xb7e3075e in sprintf () from /lib/libc.so.6
#5  0xb7911d53 in timer_send_notify (ticks=40, param=0x0) at
resource_notify.c:687
#6  0x080ccb55 in start_timer_processes () at timer.c:280
#7  0x0806ef69 in main (argc=1, argv=0xbf805cf4) at main.c:666

regards,
rmnathan


----------------------------------------------------------------------

Comment By: Nathan (rmnathan)
Date: 2008-12-16 15:15

Message:
Hi Anca,
I have tried with latest trunk build (rev 5060), am getting the same
crash.
I have set 'ulimit -c unlimited' also but the line numbers not getting
printed.

Core was generated by `opensips'.
Program terminated with signal 11, Segmentation fault.
#0  0xb7ec161d in _IO_str_overflow () from /lib/libc.so.6
(gdb) bt
#0  0xb7ec161d in _IO_str_overflow () from /lib/libc.so.6
#1  0xb7ec0747 in _IO_default_xsputn () from /lib/libc.so.6
#2  0xb7e97a94 in vfprintf () from /lib/libc.so.6
#3  0xb7eb592c in vsprintf () from /lib/libc.so.6
#4  0xb7ea075e in sprintf () from /lib/libc.so.6
#5  0xb799a25d in timer_send_notify () from
/usr/local//lib/opensips/modules/rls.so
#6  0x080b1194 in timer_ticker ()
#7  0x080b0fc5 in run_timer_process ()
#8  0x080b12ff in start_timer_processes ()
#9  0x08065cdd in main_loop ()
#10 0x08067f53 in main ()

Regards
rmnathan

----------------------------------------------------------------------

Comment By: Anca Vamanu (anca_vamanu)
Date: 2008-12-15 19:49

Message:
Hi rmnathan,

I have tested myself and got a crash after some time - it was due to a
recent change that I made. I have commited the fix in trunk.
However I am not really sure it is the same as you have seen, as in your
trace there isn't enough information -like line numbers. Can you please
update and test again and report if you see the crash again. 
Btw, have you run: 'ulimit -c unlimited'?

regards,
Anca 


----------------------------------------------------------------------

Comment By: Nathan (rmnathan)
Date: 2008-12-15 16:47

Message:
Finally core has created. Please see below

stinbng46:/# gdb /usr/local/sbin/opensips core
GNU gdb 6.4.90-debian
Copyright (C) 2006 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you
are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for
details.
This GDB was configured as "i486-linux-gnu"...Using host libthread_db
library "/lib/libthread_db.so.1".


warning: Can't read pathname for load map: Input/output error.
Reading symbols from /lib/libdl.so.2...done.
Loaded symbols for /lib/libdl.so.2
Reading symbols from /lib/libresolv.so.2...done.
Loaded symbols for /lib/libresolv.so.2
Reading symbols from /lib/libc.so.6...done.
Loaded symbols for /lib/libc.so.6
Reading symbols from /lib/ld-linux.so.2...done.
Loaded symbols for /lib/ld-linux.so.2
Reading symbols from /usr/local/lib/opensips/modules/db_mysql.so...done.
Loaded symbols for /usr/local//lib/opensips/modules/db_mysql.so
Reading symbols from /usr/lib/libmysqlclient.so.15...done.
Loaded symbols for /usr/lib/libmysqlclient.so.15
Reading symbols from /lib/libpthread.so.0...done.
Loaded symbols for /lib/libpthread.so.0
Reading symbols from /lib/libcrypt.so.1...done.
Loaded symbols for /lib/libcrypt.so.1
Reading symbols from /lib/libnsl.so.1...done.
Loaded symbols for /lib/libnsl.so.1
Reading symbols from /lib/libm.so.6...done.
Loaded symbols for /lib/libm.so.6
Reading symbols from /usr/lib/libz.so.1...done.
Loaded symbols for /usr/lib/libz.so.1
Reading symbols from /usr/local/lib/opensips/modules/sl.so...done.
Loaded symbols for /usr/local//lib/opensips/modules/sl.so
Reading symbols from /usr/local/lib/opensips/modules/maxfwd.so...done.
Loaded symbols for /usr/local//lib/opensips/modules/maxfwd.so
Reading symbols from /usr/local/lib/opensips/modules/textops.so...done.
Loaded symbols for /usr/local//lib/opensips/modules/textops.so
Reading symbols from /usr/local/lib/opensips/modules/tm.so...done.
Loaded symbols for /usr/local//lib/opensips/modules/tm.so
Reading symbols from /usr/local/lib/opensips/modules/rr.so...done.
Loaded symbols for /usr/local//lib/opensips/modules/rr.so
Reading symbols from /usr/local/lib/opensips/modules/presence.so...done.
Loaded symbols for /usr/local//lib/opensips/modules/presence.so
Reading symbols from /usr/lib/libxml2.so.2...done.
Loaded symbols for /usr/lib/libxml2.so.2
Reading symbols from /usr/local/lib/opensips/modules/avpops.so...done.
Loaded symbols for /usr/local//lib/opensips/modules/avpops.so
Reading symbols from /usr/local/lib/opensips/modules/pua.so...done.
Loaded symbols for /usr/local//lib/opensips/modules/pua.so
Reading symbols from /usr/local/lib/opensips/modules/mi_fifo.so...done.
Loaded symbols for /usr/local//lib/opensips/modules/mi_fifo.so
Reading symbols from
/usr/local/lib/opensips/modules/presence_xml.so...done.
Loaded symbols for /usr/local//lib/opensips/modules/presence_xml.so
Reading symbols from /usr/local/lib/opensips/modules/rls.so...done.
Loaded symbols for /usr/local//lib/opensips/modules/rls.so
Reading symbols from /usr/local/lib/opensips/modules/xlog.so...done.
Loaded symbols for /usr/local//lib/opensips/modules/xlog.so
Reading symbols from /usr/local/lib/opensips/modules/signaling.so...done.
Loaded symbols for /usr/local//lib/opensips/modules/signaling.so
Reading symbols from /lib/libnss_db.so.2...done.
Loaded symbols for /lib/libnss_db.so.2
Reading symbols from /lib/libnss_files.so.2...done.
Loaded symbols for /lib/libnss_files.so.2
Reading symbols from /usr/lib/libdb3.so.3...done.
Loaded symbols for /usr/lib/libdb3.so.3
Core was generated by `/usr/local/sbin/opensips -D'.
Program terminated with signal 11, Segmentation fault.
#0  0xb7e9f61d in _IO_str_overflow () from /lib/libc.so.6
(gdb) bt
#0  0xb7e9f61d in _IO_str_overflow () from /lib/libc.so.6
#1  0xb7e9e747 in _IO_default_xsputn () from /lib/libc.so.6
#2  0xb7e75a94 in vfprintf () from /lib/libc.so.6
#3  0xb7e9392c in vsprintf () from /lib/libc.so.6
#4  0xb7e7e75e in sprintf () from /lib/libc.so.6
#5  0xb7978256 in timer_send_notify () from
/usr/local//lib/opensips/modules/rls.so
#6  0x080b11a0 in timer_ticker ()
#7  0x080b0fd1 in run_timer_process ()
#8  0x080b130b in start_timer_processes ()
#9  0x08065cdd in main_loop ()
#10 0x08067f5f in main ()

Regards
rmnathan


----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=1086410&aid=2430807&group_id=232389



More information about the Devel mailing list