[Serusers] PA module segfault

Vaclav Kubart vaclav.kubart at iptel.org
Fri Jan 5 08:47:35 CET 2007 

Hi,
thanks for detailed report. This error has already shown, but I was not
able to find it.

Does this error occur if the subscription is destroyed by client
(SUBSCRIBE with zero timeout) or only when expires from timer? BTW, what
expiration time (Expires header field value) had the last processed
SUBSCRIBE request?

Please, could you try it with current CVS version? It needs a bit
modified config file, but it would be very interesting for me to know if it
is already corrected there or not.

	thanks,

		Vaclav

On Thu, Jan 04, 2007 at 10:45:46AM -0800, TERRY ROBERT wrote:
> Hi,
> I'm getting a segfault error while running the latest presence server snapshot (ser-0.10.99-dev35-pa-4.2). The scenario is:
> 	UA		SER
>    SUBSCRIBE ---------->
>          200 <----------
>       NOTIFY <----------
> 
>          200 ---------->
> 
> Everything is fine until the subscription expires, at which point the PA module segfaults and generates a core file. Any suggestions on this? (logfile and backtrace from gdb are attached).
> 

> Script started on Thu 04 Jan 2007 09:43:08 AM PST
> bash-3.00$ gdb ~/bin/ser
> GNU gdb Red Hat Linux (6.3.0.0-1.96rh)
> Copyright 2004 Free Software Foundation, Inc.
> GDB is free software, covered by the GNU General Public License, and you are
> welcome to change it and/or distribute copies of it under certain conditions.
> Type "show copying" to see the conditions.
> There is absolutely no warranty for GDB.  Type "show warranty" for details.
> This GDB was configured as "i386-redhat-linux-gnu"...Using host libthread_db library "/lib/tls/libthread_db.so.1".
> 
> (gdb) core core.14342 
> Core was generated by `ser -D -E -f pa.cfg'.
> Program terminated with signal 11, Segmentation fault.
> Reading symbols from /lib/libdl.so.2...done.
> Loaded symbols for /lib/libdl.so.2
> Reading symbols from /lib/libresolv.so.2...done.
> Loaded symbols for /lib/libresolv.so.2
> Reading symbols from /lib/tls/libc.so.6...done.
> Loaded symbols for /lib/tls/libc.so.6
> Reading symbols from /lib/ld-linux.so.2...done.
> Loaded symbols for /lib/ld-linux.so.2
> Reading symbols from /home/trobert/iptelser/install/lib/ser/modules/sl.so...done.
> Loaded symbols for /home/trobert/iptelser/install/lib/ser/modules/sl.so
> Reading symbols from /home/trobert/iptelser/install/lib/ser/modules/tm.so...done.
> Loaded symbols for /home/trobert/iptelser/install/lib/ser/modules/tm.so
> Reading symbols from /home/trobert/iptelser/install/lib/ser/modules/dialog.so...done.
> Loaded symbols for /home/trobert/iptelser/install/lib/ser/modules/dialog.so
> Reading symbols from /home/trobert/iptelser/install/lib/ser/lib_ser_cds.so...done.
> Loaded symbols for /home/trobert/iptelser/install/lib/ser/lib_ser_cds.so
> Reading symbols from /home/trobert/iptelser/install/lib/ser/modules/usrloc.so...done.
> Loaded symbols for /home/trobert/iptelser/install/lib/ser/modules/usrloc.so
> Reading symbols from /home/trobert/iptelser/install/lib/ser/modules/registrar.so...done.
> Loaded symbols for /home/trobert/iptelser/install/lib/ser/modules/registrar.so
> Reading symbols from /home/trobert/iptelser/install/lib/ser/modules/pa.so...done.
> Loaded symbols for /home/trobert/iptelser/install/lib/ser/modules/pa.so
> Reading symbols from /home/trobert/iptelser/install/lib/ser/lib_ser_xcap.so...done.
> Loaded symbols for /home/trobert/iptelser/install/lib/ser/lib_ser_xcap.so
> Reading symbols from /home/trobert/iptelser/install/lib/ser/lib_ser_presence.so...done.
> Loaded symbols for /home/trobert/iptelser/install/lib/ser/lib_ser_presence.so
> Reading symbols from /usr/lib/libxml2.so.2...done.
> Loaded symbols for /usr/lib/libxml2.so.2
> Reading symbols from /usr/lib/libcurl.so.3...done.
> Loaded symbols for /usr/lib/libcurl.so.3
> Reading symbols from /lib/tls/libpthread.so.0...done.
> Loaded symbols for /lib/tls/libpthread.so.0
> Reading symbols from /usr/lib/libz.so.1...done.
> Loaded symbols for /usr/lib/libz.so.1
> Reading symbols from /lib/tls/libm.so.6...done.
> Loaded symbols for /lib/tls/libm.so.6
> Reading symbols from /usr/lib/libidn.so.11...done.
> Loaded symbols for /usr/lib/libidn.so.11
> Reading symbols from /lib/libssl.so.4...done.
> Loaded symbols for /lib/libssl.so.4
> Reading symbols from /lib/libcrypto.so.4...done.
> Loaded symbols for /lib/libcrypto.so.4
> Reading symbols from /usr/lib/libgssapi_krb5.so.2...done.
> Loaded symbols for /usr/lib/libgssapi_krb5.so.2
> Reading symbols from /usr/lib/libkrb5.so.3...done.
> Loaded symbols for /usr/lib/libkrb5.so.3
> Reading symbols from /lib/libcom_err.so.2...done.
> Loaded symbols for /lib/libcom_err.so.2
> Reading symbols from /usr/lib/libk5crypto.so.3...done.
> Loaded symbols for /usr/lib/libk5crypto.so.3
> Reading symbols from /lib/libnss_files.so.2...done.
> Loaded symbols for /lib/libnss_files.so.2
> #0  0x00cf47f2 in msg_queue_destroy (q=0xb61e2bc0)
>     at /home/trobert/iptelser/ser-0.10.99-dev35-pa-4.2/lib/../fastlock.h:147
> 147		asm volatile(
> (gdb) bt
> #0  0x00cf47f2 in msg_queue_destroy (q=0xb61e2bc0)
>     at /home/trobert/iptelser/ser-0.10.99-dev35-pa-4.2/lib/../fastlock.h:147
> #1  0x006f3a52 in free_presentity (_p=0xb61e2b80) at presentity.c:409
> #2  0x006f3b0e in release_presentity (_p=0xb61e2b80) at presentity.c:354
> #3  0x006f1196 in timer_pdomain (_d=0xb61ddbe8) at pdomain.c:156
> #4  0x006eaeb0 in timer_all_pdomains () at dlist.c:234
> #5  0x006f04e7 in timer (ticks=76251705, param=0x0) at pa_mod.c:449
> #6  0x080928f1 in compat_old_handler (ti=1220027283, tl=0xb61dd560, data=0x1)
>     at timer.c:916
> #7  0x08092b6e in slow_timer_main () at timer.c:1026
> #8  0x0805e98b in main_loop () at main.c:831
> #9  0x0805fda2 in main (argc=5, argv=0xbff26fa4) at main.c:1627
> (gdb) quit
> bash-3.00$ 
> Script done on Thu 04 Jan 2007 09:43:38 AM PST

>  1(14342) unlock_pdomain
>  1(14342) lock_pdomain
>  1(14342) unlock_pdomain
>  1(14342) lock_pdomain
>  1(14342) unlock_pdomain
>  1(14342) lock_pdomain
>  1(14342) unlock_pdomain
>  0(14341) SIP Request:
>  0(14341)  method:  <SUBSCRIBE>
>  0(14341)  uri:     <sip:10.10.90.51>
>  0(14341)  version: <SIP/2.0>
>  0(14341) parse_headers: flags=2
>  0(14341) Found param type 232, <branch> = <z9hG4bK-1-0>; state=16
>  0(14341) end of header reached, state=5
>  0(14341) parse_headers: Via found, flags=2
>  0(14341) parse_headers: this is the first via
>  0(14341) After parse_msg...
>  0(14341) preparing to run routing scripts...
>  0(14341) grep_sock_info - checking if host==us: 11==11 &&  [10.10.90.51] == [10.10.90.51]
>  0(14341) grep_sock_info - checking if port 5060 matches port 5060
>  0(14341) DEBUG: t_newtran: msg id=1 , global msg id=0 , T on entrance=0xffffffff
>  0(14341) parse_headers: flags=ffffffffffffffff
>  0(14341) end of header reached, state=9
>  0(14341) DEBUG: get_hdr_field: <To> [35]; uri=[sip:jane at 10.10.90.51:10002] 
>  0(14341) DEBUG: to body [jane <sip:jane at 10.10.90.51:10002>
> ]
>  0(14341) get_hdr_field: cseq <CSeq>: <1> <SUBSCRIBE>
>  0(14341) DEBUG: get_hdr_body : content_length=0
>  0(14341) found end of header
>  0(14341) parse_headers: flags=78
>  0(14341) t_lookup_request: start searching: hash=11599, isACK=0
>  0(14341) DEBUG: RFC3261 transaction matching failed
>  0(14341) DEBUG: t_lookup_request: no transaction found
>  0(14341) parse_headers: flags=ffffffffffffffff
>  0(14341) DEBUG: add_param: tag=1
>  0(14341) end of header reached, state=29
>  0(14341) parsing accept header: application/pidf+xml
>  0(14341) handling new subscription
>  0(14341) get_pres_uri: _puri=sip:10.10.90.51
>  0(14341) get_pres_uri(2): _puri=sip:jane at 10.10.90.51:10002
>  0(14341) parse_headers: flags=8
>  0(14341) lock_pdomain
>  1(14342) lock_pdomain
>  0(14341) new_presentity_no_wb=0xb61e2b80 for uri=sip:jane at 10.10.90.51 uuid=jane
>  0(14341) add_presentity _p=0xb61e2b80 p_uri=sip:jane at 10.10.90.51
>  0(14341) ! registering callback to jane, 0xb61e2b80
>  0(14341) parse_headers: flags=ffffffffffffffff
>  0(14341) DEBUG subscribe.c:508: setting PFLAG_WATCHERINFO_CHANGED
>  0(14341) generating response
>  0(14341) DEBUG: t_check: msg id=1 global id=1 T start=0xb61e190c
>  0(14341) DEBUG: t_check: T already found!
>  0(14341) parse_headers: flags=ffffffffffffffff
>  0(14341) check_via_address(10.10.90.210, 10.10.90.210, 0)
>  0(14341) WARNING:vqm_resize: resize(0) called
>  0(14341) DEBUG: cleanup_uac_timers: RETR/FR timers reset
>  0(14341) DEBUG: reply sent out. buf=0x8137b84: SIP/2.0 2..., shmem=0xb61e30fc: SIP/2.0 2
>  0(14341) DEBUG: _reply_light: finished
>  0(14341) handle_subscription about to return 1: w->event_package=1 w->accept=196613 p->flags=4 w->flags=1 w=0xb61e2fa4
>  0(14341) notifying sip:1234 at 10.10.90.210 _p->flags=4 _w->event_package=1 _w->preferred_mimetype=196613 _w->status=1
>  0(14341) doc_add_presentity()
>  0(14341) adding tuples
>  0(14341) doc_add_empty_tuple()
>  0(14341) adding notes
>  0(14341) adding persons
>  0(14341) DEBUG:tm:t_uac: next_hop=<sip:1234 at 10.10.90.210:10002>
>  0(14341) DEBUG: mk_proxy: doing DNS lookup...
>  0(14341) DEBUG:destroy_avp_list: destroying list (nil)
>  0(14341) DEBUG:destroy_avp_list: destroying list (nil)
>  0(14341) DEBUG:destroy_avp_list: destroying list (nil)
>  0(14341) DEBUG:destroy_avp_list: destroying list (nil)
>  0(14341) DEBUG: dlg2hash: 11599
>  0(14341) unlock_pdomain
>  0(14341) DEBUG:destroy_avp_list: destroying list (nil)
>  0(14341) DEBUG:destroy_avp_list: destroying list (nil)
>  0(14341) DEBUG:destroy_avp_list: destroying list (nil)
>  0(14341) DEBUG:destroy_avp_list: destroying list (nil)
>  0(14341) receive_msg: cleaning up
>  0(14341) SIP Reply  (status):
>  0(14341)  version: <SIP/2.0>
>  0(14341)  status:  <200>
>  0(14341)  reason:  <OK>
>  0(14341) parse_headers: flags=2
>  0(14341) Found param type 232, <branch> = <z9hG4bKf4d2.622cfc01.0>; state=16
>  0(14341) end of header reached, state=5
>  0(14341) parse_headers: Via found, flags=2
>  0(14341) parse_headers: this is the first via
>  0(14341) After parse_msg...
>  0(14341) forward_reply: found module tm, passing reply to it
>  0(14341) DEBUG: t_check: msg id=2 global id=1 T start=0xffffffff
>  0(14341) parse_headers: flags=22
>  0(14341) DEBUG: add_param: tag=1
>  0(14341) end of header reached, state=29
>  0(14341) DEBUG: get_hdr_field: <To> [42]; uri=[sip:1234 at 10.10.90.210:10002] 
>  0(14341) DEBUG: to body [1234 <sip:1234 at 10.10.90.210:10002>]
>  0(14341) get_hdr_field: cseq <CSeq>: <1> <NOTIFY>
>  0(14341) DEBUG: t_reply_matching: hash 11599 label 282051110 branch 0
>  0(14341) DEBUG: t_reply_matching: reply matched (T=0xb61e3e0c)!
>  0(14341) DEBUG: t_check: msg id=2 global id=2 T end=0xb61e3e0c
>  0(14341) DEBUG: reply_received: org. status uas=0, uac[0]=0 local=2 is_invite=0)
>  0(14341) ->>>>>>>>> T_code=0, new_code=200
>  0(14341) DEBUG: local_reply: branch=0, save=0, winner=0
>  0(14341) DEBUG: local transaction completed
>  0(14341) DEBUG: cleanup_uac_timers: RETR/FR timers reset
>  0(14341) DEBUG:destroy_avp_list: destroying list (nil)
>  0(14341) DEBUG:destroy_avp_list: destroying list (nil)
>  0(14341) DEBUG:destroy_avp_list: destroying list (nil)
>  0(14341) DEBUG:destroy_avp_list: destroying list (nil)
>  0(14341) receive_msg: cleaning up
>  1(14342) unlock_pdomain
>  1(14342) lock_pdomain
>  1(14342) unlock_pdomain
>  1(14342) lock_pdomain
>  1(14342) unlock_pdomain
>  1(14342) lock_pdomain
>  1(14342) unlock_pdomain
>  1(14342) lock_pdomain
>  1(14342) unlock_pdomain
>  1(14342) lock_pdomain
>  1(14342) unlock_pdomain
>  1(14342) lock_pdomain
>  1(14342) unlock_pdomain
>  1(14342) lock_pdomain
>  1(14342) unlock_pdomain
>  1(14342) lock_pdomain
>  1(14342) unlock_pdomain
>  1(14342) lock_pdomain
>  1(14342) unlock_pdomain
>  1(14342) lock_pdomain
>  1(14342) unlock_pdomain
>  1(14342) lock_pdomain
>  1(14342) unlock_pdomain
>  1(14342) lock_pdomain
>  1(14342) unlock_pdomain
>  1(14342) lock_pdomain
>  1(14342) unlock_pdomain
>  1(14342) lock_pdomain
>  1(14342) unlock_pdomain
>  1(14342) lock_pdomain
>  1(14342) unlock_pdomain
>  1(14342) lock_pdomain
>  1(14342) unlock_pdomain
>  1(14342) lock_pdomain
>  1(14342) unlock_pdomain
>  1(14342) lock_pdomain
>  1(14342) unlock_pdomain
>  1(14342) lock_pdomain
>  1(14342) unlock_pdomain
>  1(14342) lock_pdomain
>  1(14342) unlock_pdomain
>  1(14342) lock_pdomain
>  1(14342) unlock_pdomain
>  1(14342) lock_pdomain
>  1(14342) unlock_pdomain
>  1(14342) lock_pdomain
>  1(14342) unlock_pdomain
>  1(14342) lock_pdomain
>  1(14342) Expired watcher sip:1234 at 10.10.90.210
>  1(14342) notifying sip:1234 at 10.10.90.210 _p->flags=4 _w->event_package=1 _w->preferred_mimetype=196613 _w->status=3
>  1(14342) doc_add_presentity()
>  1(14342) adding tuples
>  1(14342) doc_add_empty_tuple()
>  1(14342) adding notes
>  1(14342) adding persons
>  1(14342) DEBUG:tm:t_uac: next_hop=<sip:1234 at 10.10.90.210:10002>
>  1(14342) DEBUG: mk_proxy: doing DNS lookup...
>  1(14342) DEBUG:destroy_avp_list: destroying list (nil)
>  1(14342) DEBUG:destroy_avp_list: destroying list (nil)
>  1(14342) DEBUG:destroy_avp_list: destroying list (nil)
>  1(14342) DEBUG:destroy_avp_list: destroying list (nil)
>  1(14342) DEBUG: dlg2hash: 11596
>  1(14342) timer_pdomain(): removing empty presentity
>  1(14342) ! unregistering callback to jane, 0xb61e2b80
>  1(14342) ! unregistered callback to jane, 0xb61e2b80
>  1(14342) remove_presentity _p=0xb61e2b80 p_uri=sip:jane at 10.10.90.51
>  0(14341) SIP Reply  (status):
>  0(14341)  version: <SIP/2.0>
>  0(14341)  status:  <200>
>  0(14341)  reason:  <OK>
>  0(14341) parse_headers: flags=2
>  0(14341) Found param type 232, <branch> = <z9hG4bKc4d2.0cb7f3f3.0>; state=16
>  0(14341) end of header reached, state=5
>  0(14341) parse_headers: Via found, flags=2
>  0(14341) parse_headers: this is the first via
>  0(14341) After parse_msg...
>  0(14341) forward_reply: found module tm, passing reply to it
>  0(14341) DEBUG: t_check: msg id=3 global id=2 T start=0xffffffff
>  0(14341) parse_headers: flags=22
>  0(14341) DEBUG: add_param: tag=1
>  0(14341) end of header reached, state=29
>  0(14341) DEBUG: get_hdr_field: <To> [42]; uri=[sip:1234 at 10.10.90.210:10002] 
>  0(14341) DEBUG: to body [1234 <sip:1234 at 10.10.90.210:10002>]
>  0(14341) get_hdr_field: cseq <CSeq>: <2> <NOTIFY>
>  0(14341) DEBUG: t_reply_matching: hash 11596 label 1061125056 branch 0
>  0(14341) DEBUG: t_reply_matching: reply matched (T=0xb61e3e0c)!
>  0(14341) DEBUG: t_check: msg id=3 global id=3 T end=0xb61e3e0c
>  0(14341) DEBUG: reply_received: org. status uas=0, uac[0]=0 local=2 is_invite=0)
>  0(14341) ->>>>>>>>> T_code=0, new_code=200
>  0(14341) DEBUG: local_reply: branch=0, save=0, winner=0
>  0(14341) DEBUG: local transaction completed
>  0(14341) DEBUG: cleanup_uac_timers: RETR/FR timers reset
>  0(14341) DEBUG:destroy_avp_list: destroying list (nil)
>  0(14341) DEBUG:destroy_avp_list: destroying list (nil)
>  0(14341) DEBUG:destroy_avp_list: destroying list (nil)
>  0(14341) DEBUG:destroy_avp_list: destroying list (nil)
>  0(14341) receive_msg: cleaning up
>  0(14341) child process 14342 exited by a signal 11
>  0(14341) core was generated
>  0(14341) INFO: dont_fork turned on, living on
>  2(14343) INFO: signal 2 received

> _______________________________________________
> Serusers mailing list
> Serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers

More information about the sr-users mailing list