[SR-Users] FW: (Devel) Segmentation fault using pua_dialoginfo
Charles Chance
charles.chance at sipcentric.com
Thu May 17 14:13:29 CEST 2012
Hi,
Requested output as follows:
(gdb) frame 1
#1 publ_cback_func (t=0xb3dc8e38, type=1024, ps=0xbfcdd5d8)
at send_publish.c:246
246 hash_code= core_hash(hentity->pres_uri, NULL, HASH_SIZE);
(gdb) p *ps
$2 = {req = 0x0, rpl = 0xb7c30340, param = 0xb3dc3ff4, code = 412, flags =
0,
branch = 0, t_rbuf = 0x0, dst = 0x0, send_buf = {s = 0x0, len = 0}}
(gdb) p *(ua_pres_t*)(*ps->param)
$3 = {id = {s = 0x20455942 <Address 0x20455942 out of bounds>,
len = 980445555}, pres_uri = 0x40323531, event = 875444279,
expires = 875703856, desired_expires = 858861105, flag = 808794676,
db_flag = 1394618421, cb_param = 0x322f5049, next = 0xa0d302e,
ua_flag = 979462486, etag = {
s = 0x50495320 <Address 0x50495320 out of bounds>, len = 808333871},
tuple_id = {s = 0x5044552f <Address 0x5044552f out of bounds>,
len = 775436064}, body = 0x322e3034, content_type = {
s = 0x312e3134 <Address 0x312e3134 out of bounds>, len = 1648047155},
watcher_uri = 0x636e6172, call_id = {
s = 0x397a3d68 <Address 0x397a3d68 out of bounds>, len = 1647593320},
to_tag = {s = 0x3435634b <Address 0x3435634b out of bounds>,
len = 842149473}, from_tag = {
s = 0x63306461 <Address 0x63306461 out of bounds>, len = 808334648},
cseq = 1767246349, version = 1394621025, outbound_proxy = 0x322f5049,
extra_headers = 0x552f302e, record_route = {
s = 0x31205044 <Address 0x31205044 out of bounds>, len = 825111097},
remote_contact = {s = 0x312e3836 <Address 0x312e3836 out of bounds>,
len = 976498224}, contact = {
s = 0x36373135 <Address 0x36373135 out of bounds>, len = 1701985073}}
Yes, it is a test server so very happy to arrange for remote access if
required. In the meantime, I will do a little more digging to try to find
out why entity is null.
Cheers,
Charles
_____
From: Daniel-Constantin Mierla [mailto:miconda at gmail.com]
Sent: 17 May 2012 12:51
To: Charles Chance
Cc: 'SIP Router - Kamailio (OpenSER) and SIP Express Router (SER) -Users
Mailing List'
Subject: Re: FW: (Devel) Segmentation fault using pua_dialoginfo
Hello,
can you print in frame one:
p *ps
p *(ua_pres_t*)(*ps->param)
I wonder why entity is null
Is this a test system where eventually one can get remote access for live
troubleshooting while you are testing?
Cheers,
Daniel
On 5/16/12 2:02 PM, Charles Chance wrote:
Hi Daniel,
It happens every time but I just can't seem to pinpoint the cause. Those
parameters were initially unset and it still happened - I added them later
in an attempt to diagnose.
I removed them and re-ran, which produces a slightly different backtrace.
Program terminated with signal 11, Segmentation fault.
#0 core_hash (t=0xb3dc8e38, type=1024, ps=0xbfcdd5d8) at ../../hashes.h:277
277 end=s1->s+s1->len;
(gdb) bt
#0 core_hash (t=0xb3dc8e38, type=1024, ps=0xbfcdd5d8) at ../../hashes.h:277
#1 publ_cback_func (t=0xb3dc8e38, type=1024, ps=0xbfcdd5d8) at
send_publish.c:246
#2 0x005041d6 in run_trans_callbacks_internal (cb_lst=0xb3dc8e78,
type=1024, trans=0xb3dc8e38, params=0xbfcdd5d8) at t_hooks.c:290
#3 0x005044d6 in run_trans_callbacks (type=1024, trans=0x200, req=0x0,
rpl=0xb7c30340, code=412) at t_hooks.c:317
#4 0x0052db28 in local_reply (t=0xb3dc8e38, p_msg=0xb7c30340, branch=0,
msg_status=412, cancel_data=0xbfcdd86c) at t_reply.c:2001
#5 0x00530b45 in reply_received (p_msg=0xb7c30340) at t_reply.c:2350
#6 0x0809d5f4 in forward_reply (msg=0xb7c30340) at forward.c:790
#7 0x080e11a9 in receive_msg (
buf=0x82c4fa0 "SIP/2.0 412 Conditional request failed\r\nVia:
SIP/2.0/UDP xx.xx.xx.xxx;branch=z9hG4bK7058.f06a8876.0\r\nTo:
sip:152 at xx.xx.xx.xxx:5060;tag=03373b1b433b65504ea28bd3d9e6db76.331b\r\nFrom:
sip:152 at xx.xx.xx."..., len=374, rcv_info=0xbfcdda58) at receive.c:270
#8 0x0817801b in udp_rcv_loop () at udp_server.c:544
#9 0x080b0426 in main_loop () at main.c:1633
#10 0x080b3d02 in main (argc=11, argv=0xbfcddd34) at main.c:2546
.although the root cause appears to be the same:
(gdb) frame 0
#0 core_hash (t=0xb3dc8e38, type=1024, ps=0xbfcdd5d8) at ../../hashes.h:277
277 end=s1->s+s1->len;
(gdb) p *s1
Cannot access memory at address 0x40323531
(gdb) frame 1
#1 publ_cback_func (t=0xb3dc8e38, type=1024, ps=0xbfcdd5d8) at
send_publish.c:246
246 hash_code= core_hash(hentity->pres_uri, NULL, HASH_SIZE);
(gdb) p *hentity
Cannot access memory at address 0x0
The PUBLISH seems to be sent ok for both caller/callee for states
trying/confirmed. On tear-down however, it appears to crash somewhere after
sending state terminated for the callee as demonstrated by the log.
May 16 11:48:57 ws1 /usr/local/kamailio-devel/sbin/kamailio[31954]: INFO:
pua_dialoginfo [dialog_publish.c:386]: CALLING dialog_publish for URI
sip:000091 at xx.xx.xx.xxx:5060
May 16 11:48:57 ws1 /usr/local/kamailio-devel/sbin/kamailio[31953]: INFO:
pua_dialoginfo [dialog_publish.c:386]: CALLING dialog_publish for URI
sip:000091@ xx.xx.xx.xxx:5060
May 16 11:48:57 ws1 /usr/local/kamailio-devel/sbin/kamailio[31953]: INFO:
pua_dialoginfo [dialog_publish.c:386]: CALLING dialog_publish for URI
sip:152@ xx.xx.xx.xxx:5060
May 16 11:48:57 ws1 /usr/local/kamailio-devel/sbin/kamailio[31953]: INFO:
<core> [mem/f_malloc.c:529]: freeing a free fragment (0xb3dc7c18/0xb3dc7c20)
- ignore
May 16 11:49:08 ws1 /usr/local/kamailio-devel/sbin/kamailio[31958]: INFO:
pua_dialoginfo [dialog_publish.c:386]: CALLING dialog_publish for URI
sip:000091@ xx.xx.xx.xxx:5060
May 16 11:49:08 ws1 /usr/local/kamailio-devel/sbin/kamailio[31958]: INFO:
pua_dialoginfo [dialog_publish.c:386]: CALLING dialog_publish for URI
sip:152@ xx.xx.xx.xxx:5060
May 16 11:49:08 ws1 /usr/local/kamailio-devel/sbin/kamailio[31953]: ERROR:
presence [presentity.c:784]: No E_Tag match a.1337165329.31958.1.0
May 16 11:49:09 ws1 /usr/local/kamailio-devel/sbin/kamailio[31941]: ALERT:
<core> [main.c:785]: child process 31958 exited by a signal 11
I've attached the records from the presentity table also, as the presence
module doesn't appear to be matching the PUBLISHes with existing records.
Thanks again for your time,
Charles
_____
From: Daniel-Constantin Mierla [mailto:miconda at gmail.com]
Sent: 16 May 2012 08:15
To: Charles Chance
Cc: 'SIP Router - Kamailio (OpenSER) and SIP Express Router (SER) -Users
Mailing List'
Subject: Re: FW: (Devel) Segmentation fault using pua_dialoginfo
Hello,
hmm, hentity is null even a check for its value is done above ...
Is this reproducible or happens from time to time? What are the values you
set for $avp(s:puburis_caller) and $avp(s:puburis_callee)?
Can you try without parameters:
modparam("pua_dialoginfo", "use_pubruri_avps", 1)
modparam("pua_dialoginfo", "pubruri_caller_avp", "$avp(s:puburis_caller)")
modparam("pua_dialoginfo", "pubruri_callee_avp", "$avp(s:puburis_callee)")
These were added by a recent contribution, I want to see if they are the
reason.
Cheers,
Daniel
On 5/16/12 12:00 AM, Charles Chance wrote:
Hi Daniel,
I tried to check that already, but it's not there:
(gdb) frame 1
#1 publ_cback_func (t=0xb3d7e330, type=1024, ps=0xbfcc31c8)
at send_publish.c:246
246 hash_code= core_hash(hentity->pres_uri, NULL, HASH_SIZE);
(gdb) p *hentity
Cannot access memory at address 0x0
Config parameters are:
modparam("pua", "db_url", <mailto:mysql://user:pass@xx.xx.xx.xxx/dbname>
"mysql://user:pass@xx.xx.xx.xxx/dbname")
modparam("pua", "db_table", "kam_pua")
modparam("pua_dialoginfo", "caller_confirmed", 1)
modparam("pua_dialoginfo", "include_localremote", 0)
modparam("pua_dialoginfo", "override_lifetime", 300)
modparam("pua_dialoginfo", "use_pubruri_avps", 1)
modparam("pua_dialoginfo", "pubruri_caller_avp", "$avp(s:puburis_caller)")
modparam("pua_dialoginfo", "pubruri_callee_avp", "$avp(s:puburis_callee)")
Cheers,
Charles
_____
From: Daniel-Constantin Mierla [mailto:miconda at gmail.com]
Sent: 15 May 2012 21:58
To: Charles Chance
Cc: 'SIP Router - Kamailio (OpenSER) and SIP Express Router (SER) -Users
Mailing List'
Subject: Re: FW: (Devel) Segmentation fault using pua_dialoginfo
Hello,
interesting that the output of bt shows inline core_hash function prototype
with same parameters as publ_cback_func, not being able to spot eventual
wrong parameter values.
Anyhow, in the gdb, can you do the commands:
frame 1
p *hentity
and send the output? Let's see the value of the pub uri for which hashing
function crashes.
What are the parameters for pua and pua_dialog info you set in the config
file?
Cheers,
Daniel
On 5/15/12 11:53 AM, Charles Chance wrote:
Hi Daniel,
As per your previous reply (sorry, I deleted it accidentally), please find
attached output of 'bt full' as requested.
Best regards and thanks again,
Charles
_____
From: Charles Chance [mailto:charles.chance at sipcentric.com]
Sent: 13 May 2012 11:21
To: 'SIP Router - Kamailio (OpenSER) and SIP Express Router (SER) -Users
Mailing List'
Subject: (Devel) Segmentation fault using pua_dialoginfo
Hi,
Currently testing devel version and experiencing the following when using
pua_dialoginfo:
-------------------------------------
Program terminated with signal 11, Segmentation fault.
#0 core_hash (t=0xb3d7e330, type=1024, ps=0xbfcc31c8) at ../../hashes.h:279
279 v=(*p<<24)+(p[1]<<16)+(p[2]<<8)+p[3];
(gdb) bt
#0 core_hash (t=0xb3d7e330, type=1024, ps=0xbfcc31c8) at ../../hashes.h:279
#1 publ_cback_func (t=0xb3d7e330, type=1024, ps=0xbfcc31c8) at
send_publish.c:246
#2 0x002861d6 in run_trans_callbacks_internal (cb_lst=0xb3d7e370,
type=1024, trans=0xb3d7e330, params=0xbfcc31c8) at t_hooks.c:290
#3 0x002864d6 in run_trans_callbacks (type=1024, trans=0x200, req=0x0,
rpl=0xb7bea008, code=200) at t_hooks.c:317
#4 0x002afb28 in local_reply (t=0xb3d7e330, p_msg=0xb7bea008, branch=0,
msg_status=200, cancel_data=0xbfcc345c) at t_reply.c:2001
#5 0x002b2b45 in reply_received (p_msg=0xb7bea008) at t_reply.c:2350
#6 0x0809d5f4 in forward_reply (msg=0xb7bea008) at forward.c:790
#7 0x080e11a9 in receive_msg (
buf=0x82c4fa0 "SIP/2.0 200 OK\r\nVia: SIP/2.0/UDP
xx.xx.xx.xxx;branch=z9hG4bKc13b.25313b6.0\r\nTo:
sip:000094 at xx.xx.xx.xxx;tag=03373b1b433b65504ea28bd3d9e6db76.d7f2\r\nFrom
<sip:000094 at xx.xx.xx.xxx;tag=03373b1b433b65504ea28bd3d9e6db76.d7f2%5Cr%5CnFr
om> : sip:000094 at xx.xx.xx.xxx;tag=4cc17c2c75cb82fa"..., len=393,
rcv_info=0xbfcc3648) at receive.c:270
#8 0x0817801b in udp_rcv_loop () at udp_server.c:544
#9 0x080b0426 in main_loop () at main.c:1633
#10 0x080b3d02 in main (argc=11, argv=0xbfcc3924) at main.c:2546
(gdb) up
#1 publ_cback_func (t=0xb3d7e330, type=1024, ps=0xbfcc31c8) at
send_publish.c:246
246 hash_code= core_hash(hentity->pres_uri, NULL, HASH_SIZE);
(gdb) p hentity->pres_uri
Cannot access memory at address 0x8
(gdb) p *hentity
Cannot access memory at address 0x0
-------------------------------------
Your time is greatly appreciated.
Charles
--
Daniel-Constantin Mierla - http://www.asipto.com
http://twitter.com/#!/miconda <http://twitter.com/#%21/miconda> -
http://www.linkedin.com/in/miconda
_____
No virus found in this message.
Checked by AVG - www.avg.com
Version: 2012.0.2171 / Virus Database: 2425/5000 - Release Date: 05/15/12
--
Daniel-Constantin Mierla - http://www.asipto.com
http://twitter.com/#!/miconda <http://twitter.com/#%21/miconda> -
http://www.linkedin.com/in/miconda
_____
No virus found in this message.
Checked by AVG - www.avg.com
Version: 2012.0.2176 / Virus Database: 2425/5001 - Release Date: 05/15/12
--
Daniel-Constantin Mierla - http://www.asipto.com
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
_____
No virus found in this message.
Checked by AVG - www.avg.com
Version: 2012.0.2176 / Virus Database: 2425/5004 - Release Date: 05/16/12
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20120517/92cdc5ec/attachment.htm>
More information about the sr-users
mailing list