14 Jan
2015
14 Jan
'15
11:50 a.m.
Hi Daniel,
(gdb) p *row
$1 = {values = 0x9bd2b8, n = 13}
Regards,
Kristian.
On Wednesday 14 January 2015 10:01:41 Daniel-Constantin Mierla wrote:
Hello,
the operation done by that code is practically a sql query, fetching the
result and packing it for nathelper usage. It is no race between it and
handling any sip packet, no shared memory accessed.
Do you get only one corefile?
From the backtrace it looks like row pointer is not ok, can you get the
output for:
p *row
Cheers,
Daniel
On 13/01/15 15:08, Kristian F. Høgh wrote:
Hi,
On an ancient kamailio 3.1, we occasionally experience crash in the function
get_all_db_ucontacts in usrloc.
A backtrace reveals the following:
#0 0x00002b505f2fb4ff in get_all_db_ucontacts (buf=0xadd270, len=<value optimized
out>, flags=64, part_idx=1, part_max=30) at dlist.c:176
176 if (VAL_NULL(ROW_VALUES(row)+4) || p1==0 || p1[0]==0){
The lines around line 176 (which look similar to trunk, except p and p1 are str today)
159 for(i = 0; i < RES_ROW_N(res); i++) {
160 row = RES_ROWS(res) + i;
161
162 /* received */
163 p = (char*)VAL_STRING(ROW_VALUES(row));
164 if ( VAL_NULL(ROW_VALUES(row)) || p==0 || p[0]==0 ) {
165 /* contact */
166 p = (char*)VAL_STRING(ROW_VALUES(row)+1);
167 if (VAL_NULL(ROW_VALUES(row)+1) || p==0 ||
p[0]==0) {
168 LM_ERR("empty contact ->
skipping\n");
169 continue;
170 }
171 }
172 p_len = strlen(p);
173
174 /* path */
175 p1 = (char*)VAL_STRING(ROW_VALUES(row)+4);
176 if (VAL_NULL(ROW_VALUES(row)+4) || p1==0 || p1[0]==0){
177 p1 = NULL;
178 p1_len = 0;
179 } else {
180 p1_len = strlen(p1);
181 }
The client from frame #2 (bt full below), send a REGISTER, which was replied "200
OK" at the same second as the crash.
Is it a timing issue between REGISTER and nathelper ping?
I have a trace and the core.
Regards,
Kristian Høgh
Uni-tel
bt full
#0 0x00002b505f2fb4ff in get_all_db_ucontacts (buf=0xadd270, len=<value optimized
out>, flags=64, part_idx=1, part_max=30) at dlist.c:176
sock = 0x0
dbflags = 11088
host = {s = 0x375ef8e "PROXY_IP:5060", len = 13}
i = <value optimized out>
row = 0xa13488
dom = 0x2b5062723278
p1 = 0x2 <Address 0x2 out of bounds>
now_s = "'2015-01-13 12:58:51'\177\000\000)"
port = 11088
p_len = 73
cp = <value optimized out>
needed = 16
res = 0xa2ed38
p = 0xcfcdffaf <Address 0xcfcdffaf out of bounds>
now_len = 21
proto = 1642847400
p1_len = 0
shortage = 0
query_buf = "select received, contact, socket, cflags, path from location
where expires > '2015-01-13 12:58:51' and cflags & 64 = 64 and id % 30 =
1", '\000' <repeats 376 times>
query_str = {s = 0x2b505f515520 "select received, contact, socket, cflags,
path from location where expires > '2015-01-13 12:58:51' and cflags & 64 =
64 and id % 30 = 1", len = 135}
#1 get_all_ucontacts (buf=0xadd270, len=<value optimized out>, flags=64,
part_idx=1, part_max=30) at dlist.c:398
No locals.
#2 0x00002b5061eb6b1a in nh_timer (ticks=<value optimized out>,
timer_idx=<value optimized out>) at nathelper.c:1623
rval = <value optimized out>
buf = 0xadd270
cp = <value optimized out>
c = {s = 0x0, len = 0}
opt = {s = 0x0, len = 0}
path = {s = 0x0, len = 0}
curi = {user = {s = 0x0, len = 0}, passwd = {s = 0x0, len = 0}, host = {s =
0xadd836 "CLIENT_IP:62252\250u\220", len = 14}, port = {s = 0xadd845
"62252\250u\220", len = 5}, params = {s = 0x0, len = 0}, sip_params = {s = 0x0,
len = 0}, headers = {
s = 0x7fff110134b0 "", len = 566862356}, port_no = 50336, proto =
70, type = ERROR_URI_T, flags = 65536, transport = {s = 0x8cbfa0 "", len =
5441948}, ttl = {s = 0x7fff1101352f "", len = 4448297}, user_param = {s =
0x375ef8e "PROXY_IP:5060", len = 13},
maddr = {s = 0x9204b0 "sip3", len = 10677560}, method = {s = 0x0, len
= 0}, lr = {s = 0xadd84a "\250u\220", len = 0}, r2 = {s = 0xa2ebc0
"\250\272\252", len = 285291296}, transport_val = {s = 0x40 <Address 0x40 out
of bounds>, len = 335544320}, ttl_val = {
s = 0x3221c302d0 "H\307\300\017", len = 0}, user_param_val = {s =
0x0, len = 0}, maddr_val = {s = 0x0, len = 0}, method_val = {s = 0x0, len = 0}, lr_val =
{s = 0x0, len = 0}, r2_val = {s = 0x0, len = 0}}
he = <value optimized out>
send_sock = <value optimized out>
flags = <value optimized out>
proto = <value optimized out>
dst = {send_sock = 0x0, to = {s = {sa_family = 0, sa_data = '\000'
<repeats 13 times>}, sin = {sin_family = 0, sin_port = 0, sin_addr = {s_addr = 0},
sin_zero = "\000\000\000\000\000\000\000"}, sin6 = {sin6_family = 0, sin6_port =
0, sin6_flowinfo = 0,
sin6_addr = {in6_u = {u6_addr8 = '\000' <repeats 15 times>,
u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}, id
= 0, proto = 0 '\000', send_flags = {f = 0 '\000', blst_imask = 0
'\000'}}
iteration = 1
__FUNCTION__ = "nh_timer"
#3 0x0000000000521c54 in fork_dummy_timer (child_id=<value optimized out>,
desc=<value optimized out>, make_sock=<value optimized out>, f=0x2b5061eb6a70
<nh_timer>, param=0x0, interval=1) at timer_proc.c:71
pid = <value optimized out>
#4 0x00002b5061eb42ee in child_init (rank=<value optimized out>) at
nathelper.c:673
i = 58055190
#5 0x00000000004db1d0 in init_mod_child (m=0x917dc0, rank=0) at sr_module.c:829
No locals.
#6 0x00000000004db1a9 in init_mod_child (m=0x918420, rank=0) at sr_module.c:826
No locals.
#7 0x00000000004db1a9 in init_mod_child (m=0x918aa0, rank=0) at sr_module.c:826
No locals.
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users