[ opensips-Bugs-2430807 ] Opensips crashes when publish received for RLS list

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[ opensips-Bugs-2430807 ] Opensips crashes when publish received for RLS list

SourceForge.net
Bugs item #2430807, was opened at 2008-12-15 16:34
Message generated for change (Comment added) made by rmnathan
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=1086410&aid=2430807&group_id=232389

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: modules
Group: trunk
Status: Open
Resolution: None
Priority: 8
Private: No
Submitted By: Nathan (rmnathan)
Assigned to: Anca Vamanu (anca_vamanu)
Summary: Opensips crashes when publish received for RLS list

Initial Comment:
Version - trunk(5049)
I have tried all sort of following thing to generate core . But it failed to generate core dump.
1.  disable_core_dump is set to no
2. set fork=no and child=no
3. tried to find core dump  at /
4. compiled opensips with the following command
    make mode=debug modules
    echo $?
    make mode=debug prefix=/usr/local/ install
5. OS stinbng46:/# uname -a
Linux stinbng46 2.6.18-staros-v2-20294-deb #1 SMP Mon Jul 14 05:18:18 EDT 2008 i686 GNU/Linux ( With same OS openser created core dump)

Is there any anything I might be missing? please help me to generate core dump , it will be very helpful for debugging.

Crash:
=====
Crash observed when notify sent out for RLS list in case of PUBLISH received. for more information please find the attached logs.

Dec 15 05:12:44 [15278] DBG:core:parse_uri:  uri params:
   transport=<>, val=<>, proto=0
Dec 15 05:12:44 [15278] DBG:core:parse_uri:    user-param=<>, val=<>
Dec 15 05:12:44 [15278] DBG:core:parse_uri:    method=<>, val=<>
Dec 15 05:12:44 [15278] DBG:core:parse_uri:    ttl=<>, val=<>
Dec 15 05:12:44 [15278] DBG:core:parse_uri:    maddr=<>, val=<>
Dec 15 05:12:44 [15278] DBG:core:parse_uri:    lr=<lr>
Dec 15 05:12:44 [15278] DBG:core:mk_proxy: doing DNS lookup...
Dec 15 05:12:44 [15278] DBG:tm:dlg2hash: 21643
Dec 15 05:12:44 [15278] DBG:tm:print_request_uri: sip:c3-1@192.168.126.151:40000
Dec 15 05:12:44 [15278] DBG:tm:set_timer: relative timeout is 500000
Dec 15 05:12:44 [15278] DBG:tm:insert_timer_unsafe: [4]: 0xb5be4a64 (20500000)
Dec 15 05:12:44 [15278] DBG:tm:set_timer: relative timeout is 30
Dec 15 05:12:44 [15278] DBG:tm:insert_timer_unsafe: [0]: 0xb5be4a84 (50)
Dec 15 05:12:44 [15278] DBG:rls:timer_send_notify: Found rl-subs record in hash table
Dec 15 05:12:44 [15277] INFO:core:handle_sigs: child process 15278 exited by a signal 11
Dec 15 05:12:44 [15277] INFO:core:handle_sigs: core was not generated
Dec 15 05:12:44 [15277] INFO:core:handle_sigs: terminating due to SIGCHLD
Dec 15 05:12:44 [15279] INFO:core:sig_usr: signal 15 received

Dec 15 05:12:44 [15277] DBG:core:shm_mem_destroy:
Dec 15 05:12:44 [15277] DBG:core:shm_mem_destroy: destroying the shared memory lock
Dec 15 05:12:44 [15277] DBG:core:handle_sigs: terminating due to SIGCHLD

----------------------------------------------------------------------

Comment By: Nathan (rmnathan)
Date: 2009-01-07 17:45

Message:
Hi
the full trace as follows
 
Core was generated by `/usr/local/sbin/opensips'.
Program terminated with signal 11, Segmentation fault.
#0  0xb78e7eca in timer_send_notify (ticks=120, param=0x0) at
resource_notify.c:721
721                            
if(strncmp(row_vals[resource_uri_col].val.string_val,
(gdb) bt full
#0  0xb78e7eca in timer_send_notify (ticks=120, param=0x0) at
resource_notify.c:721
        query_cols = {0xb78f8844, 0xb7aab510}
        update_cols = {0x0}
        result_cols = {0xb78f8834, 0xb78f883c, 0xb78f884c, 0xb78f885c,
0xb78f8854, 0xb78f8864, 0x0}
        query_vals = {{type = DB_INT, nul = 0, free = -1247617128, val =
{int_val = 1, double_val = 4.2439915824246103e-314, time_val = 1,
      string_val = 0x1 <Address 0x1 out of bounds>, str_val = {s = 0x1
<Address 0x1 out of bounds>, len = 2}, blob_val = {
        s = 0x1 <Address 0x1 out of bounds>, len = 2}, bitmap_val = 1}},
{type = DB_DOUBLE, nul = 0, free = -1081894044, val = {int_val = 135974160,
      double_val = 6.7180161178120992e-316, time_val = 135974160,
string_val = 0x81acd10 "°µª·øÎ\032\b", str_val = {s = 0x81acd10
"°µª·øÎ\032\b", len = 0},
      blob_val = {s = 0x81acd10 "°µª·øÎ\032\b", len = 0}, bitmap_val
= 135974160}}}
        update_vals = {{type = DB_DATETIME, nul = -1247617128, free =
-1243838944, val = {int_val = -1213549416, double_val =
-1.5328670054899573e-40,
      time_val = -1213549416, string_val = 0xb7aab498 "ÍSª·\006",
str_val = {s = 0xb7aab498 "ÍSª·\006", len = -1213549360}, blob_val = {
        s = 0xb7aab498 "ÍSª·\006", len = -1213549360}, bitmap_val =
3081417880}}}
        i = 298
        result = (db_res_t *) 0x828f678
        prev_did = 0x4821159c
"s6-13-80;100595200;97b57f2144c425bc44f2e7a21eb22549-1265"
        curr_did = 0x48211d5c
"s6-14-80;218035712;97b57f2144c425bc44f2e7a21eb22549-365a"
        row_vals = (db_val_t *) 0x64697072
        resource_uri = <value optimized out>
        pres_state = 0x48211dc2 "<?xml version=\"1.0\"
encoding=\"UTF-8\"?>\n<presence xmlns=\"urn:ietf:params:xml:ns:pidf\"
xmlns:rpid=\"urn:ietf:params:xml:ns:pidf:rpid\"
xmlns:dm=\"urn:ietf:params:xml:ns:pidf:data-model\"
xmlns:pcp=\"urn:ietf"...
        callid = {s = 0x48211d5c
"s6-14-80;218035712;97b57f2144c425bc44f2e7a21eb22549-365a", len = 8}
        to_tag = {s = 0x48211d6f "97b57f2144c425bc44f2e7a21eb22549-365a",
len = 37}
        from_tag = {s = 0x48211d65
"218035712;97b57f2144c425bc44f2e7a21eb22549-365a", len = 9}
        rlmi_doc = (xmlDocPtr) 0x481aec20
        list_node = (xmlNodePtr) 0x481accb8
        instance_node = (xmlNodePtr) 0x481f0da0
        resource_node = (xmlNodePtr) 0x481af8c0
        hash_code = 349
        size = 6144
        buf_len = 1007
        buf = 0x8298040
"--uiJUnfDUyfcSFWRINqnYyVEx\r\n\r\nContent-Transfer-Encoding:
binary\r\nContent-ID:
<1231322726.sip:c6-18@10.6.2.246.596516649>\r\nContent-Type:
application/pidf+xml\r\n\r\n<?xml version=\"1.0\"
encoding=\"UTF-8\"?>\n<"...
        auth_state = <value optimized out>
        contor = 1
        auth_state_flag = <value optimized out>
        bstr = {s = 0x8292c30 "uiJUnfDUyfcSFWRINqnYyVEx", len = 24}
        rlmi_cont = {
  s = 0x481f0fd8 "pTï·pTï·Ð\017\037HÐ\017\037H.0\"?>\n<list
uri=\"sip:s6-13@10.6.2.246\" xmlns=\"urn:ietf:params:xml:ns:rlmi\"
version=\"2\" fullState=\"false\">\n  <resource
uri=\"sip:c6-17@10.6.2.246\">\n    <instance id=\"icDW4oK5\"
state=\"act"..., len = 959}
        multi_cont = {
  s = 0x8298040
"--uiJUnfDUyfcSFWRINqnYyVEx\r\n\r\nContent-Transfer-Encoding:
binary\r\nContent-ID:
<1231322726.sip:c6-18@10.6.2.246.596516649>\r\nContent-Type:
application/pidf+xml\r\n\r\n<?xml version=\"1.0\"
encoding=\"UTF-8\"?>\n<"..., len = 6053}
        s = (subs_t *) 0xb602c300
        dialog = (subs_t *) 0x81a7ef0
        rl_uri = 0x8291670 "sip:s6-14@10.6.2.246"
        str_aux = <value optimized out>
        __FUNCTION__ = "timer_send_notify"
#1  0x080ccfb5 in start_timer_processes () at timer.c:280
        tpl = (struct sr_timer_process *) 0x81acad8
        pid = <value optimized out>
        first = <value optimized out>
        __FUNCTION__ = "start_timer_processes"
#2  0x0806f189 in main (argc=1, argv=0xbf839d14) at main.c:666
        cfg_log_stderr = 0
        cfg_stream = (FILE *) 0x481a4008
        c = <value optimized out>
        r = <value optimized out>
---Type <return> to continue, or q <return> to quit---
        tmp = 0x8166200 "\034a\026\bhFó·@¼ò·"
        tmp_len = <value optimized out>
        port = <value optimized out>
        proto = <value optimized out>
        ret = <value optimized out>
        seed = 82752229
        rfd = 4
        __FUNCTION__ = "main"
(gdb)

Regards,
rmnathan

----------------------------------------------------------------------

Comment By: Nobody/Anonymous (nobody)
Date: 2009-01-07 16:34

Message:
It would help to provide the backtrace with the full context and the value
of the local variables. To do that use "bt full" instead of just "bt".

Dan


----------------------------------------------------------------------

Comment By: Nathan (rmnathan)
Date: 2009-01-07 16:10

Message:
Hi Anca,
I observed few crashes as follows while testing with new trunck build.

Crash 1:
======
Core was generated by `/usr/local/sbin/opensips -m 1024'.
Program terminated with signal 11, Segmentation fault.
#0  0xb7e18d00 in strncmp () from /lib/libc.so.6
(gdb) bt
#0  0xb7e18d00 in strncmp () from /lib/libc.so.6
#1  0xb78cfee3 in timer_send_notify (ticks=40, param=0x0) at
resource_notify.c:721
#2  0x080ccfb5 in start_timer_processes () at timer.c:280
#3  0x0806f189 in main (argc=3, argv=0xbfb57014) at main.c:666

Crash 2:
======
Program terminated with signal 11, Segmentation fault.
#0  fm_malloc (qm=0x81a3ba0, size=2640) at mem/f_malloc.c:267
267                             if ((*f)->size>=size) goto found;
(gdb) bt
#0  fm_malloc (qm=0x81a3ba0, size=2640) at mem/f_malloc.c:267
#1  0xb78dcb51 in agg_body_sendn_update (rl_uri=0x81a7ef0,
boundary_string={s = 0x81dadc0 "j5dDEBAL5H1LAtor2qUGI2ac", len = 24},
rlmi_body=0xbfef61d4,
    multipart_body=0xbfef61cc, subs=0x81a7ef0, hash_code=1978) at
notify.c:238
#2  0xb78dfefe in timer_send_notify (ticks=60, param=0x0) at
resource_notify.c:544
#3  0x080ccfb5 in start_timer_processes () at timer.c:280
#4  0x0806f189 in main (argc=3, argv=0xbfef63b4) at main.c:666

crash 3:
======
#0  0xb78e7eca in timer_send_notify (ticks=120, param=0x0) at
resource_notify.c:721
721                            
if(strncmp(row_vals[resource_uri_col].val.string_val,
(gdb) bt
#0  0xb78e7eca in timer_send_notify (ticks=120, param=0x0) at
resource_notify.c:721
#1  0x080ccfb5 in start_timer_processes () at timer.c:280
#2  0x0806f189 in main (argc=1, argv=0xbf839d14) at main.c:666

crash 4:
======
Core was generated by `/usr/local/sbin/opensips -m 1024'.
Program terminated with signal 11, Segmentation fault.
#0  db_free_row (_r=0x81c25d0) at db/db_row.c:62
62                      switch (VAL_TYPE(_val)) {

crash 5:
======
Core was generated by `/usr/local/sbin/opensips'.
Program terminated with signal 11, Segmentation fault.
#0  0x080f9282 in parse_uri (buf=0x8 <Address 0x8 out of bounds>,
len=135995841, uri=0xbf9fbfe0) at parser/parse_uri.c:329
329             scheme=buf[0]+(buf[1]<<8)+(buf[2]<<16)+(buf[3]<<24);


----------------------------------------------------------------------

Comment By: Anca Vamanu (anca_vamanu)
Date: 2009-01-06 20:11

Message:
Hi Meganathan,

I think that I have finally found the bug this time. Can you please
update, test again and confirm?

Thanks and regards,
Anca

----------------------------------------------------------------------

Comment By: Nathan (rmnathan)
Date: 2008-12-31 15:07

Message:
Hi Anca,
 Any update on this issue?

Regards,
Meganathan.

----------------------------------------------------------------------

Comment By: Nathan (rmnathan)
Date: 2008-12-18 20:15

Message:
Hi Anca
 I have retested with latest build (rev 5071). Again I got the crash  

(gdb) bt
#0  0xb7e1861d in _IO_str_overflow () from /lib/libc.so.6
#1  0xb7e17747 in _IO_default_xsputn () from /lib/libc.so.6
#2  0xb7deea94 in vfprintf () from /lib/libc.so.6
#3  0xb7e0c92c in vsprintf () from /lib/libc.so.6
#4  0xb7df775e in sprintf () from /lib/libc.so.6
#5  0xb78d810b in timer_send_notify (ticks=40, param=0x0) at
resource_notify.c:700
#6  0x080ccb55 in start_timer_processes () at timer.c:280
#7  0x0806ef69 in main (argc=1, argv=0xbfa78f44) at main.c:666

Regards,
rmnathan


----------------------------------------------------------------------

Comment By: Anca Vamanu (anca_vamanu)
Date: 2008-12-18 17:58

Message:
Hi rmnathan,

I have made some changes in the rls module.
Can you please update and test again?

regards,
Anca

----------------------------------------------------------------------

Comment By: Nathan (rmnathan)
Date: 2008-12-16 15:42

Message:
Hi Anca,
After i compiled with following commands i got core dump with line
numbers.

make
echo $?
make prefix=/usr/local/ install

Program terminated with signal 11, Segmentation fault.
#0  0xb7e5161d in _IO_str_overflow () from /lib/libc.so.6
(gdb) bt
#0  0xb7e5161d in _IO_str_overflow () from /lib/libc.so.6
#1  0xb7e50747 in _IO_default_xsputn () from /lib/libc.so.6
#2  0xb7e27a94 in vfprintf () from /lib/libc.so.6
#3  0xb7e4592c in vsprintf () from /lib/libc.so.6
#4  0xb7e3075e in sprintf () from /lib/libc.so.6
#5  0xb7911d53 in timer_send_notify (ticks=40, param=0x0) at
resource_notify.c:687
#6  0x080ccb55 in start_timer_processes () at timer.c:280
#7  0x0806ef69 in main (argc=1, argv=0xbf805cf4) at main.c:666

regards,
rmnathan


----------------------------------------------------------------------

Comment By: Nathan (rmnathan)
Date: 2008-12-16 15:15

Message:
Hi Anca,
I have tried with latest trunk build (rev 5060), am getting the same
crash.
I have set 'ulimit -c unlimited' also but the line numbers not getting
printed.

Core was generated by `opensips'.
Program terminated with signal 11, Segmentation fault.
#0  0xb7ec161d in _IO_str_overflow () from /lib/libc.so.6
(gdb) bt
#0  0xb7ec161d in _IO_str_overflow () from /lib/libc.so.6
#1  0xb7ec0747 in _IO_default_xsputn () from /lib/libc.so.6
#2  0xb7e97a94 in vfprintf () from /lib/libc.so.6
#3  0xb7eb592c in vsprintf () from /lib/libc.so.6
#4  0xb7ea075e in sprintf () from /lib/libc.so.6
#5  0xb799a25d in timer_send_notify () from
/usr/local//lib/opensips/modules/rls.so
#6  0x080b1194 in timer_ticker ()
#7  0x080b0fc5 in run_timer_process ()
#8  0x080b12ff in start_timer_processes ()
#9  0x08065cdd in main_loop ()
#10 0x08067f53 in main ()

Regards
rmnathan

----------------------------------------------------------------------

Comment By: Anca Vamanu (anca_vamanu)
Date: 2008-12-15 19:49

Message:
Hi rmnathan,

I have tested myself and got a crash after some time - it was due to a
recent change that I made. I have commited the fix in trunk.
However I am not really sure it is the same as you have seen, as in your
trace there isn't enough information -like line numbers. Can you please
update and test again and report if you see the crash again.
Btw, have you run: 'ulimit -c unlimited'?

regards,
Anca


----------------------------------------------------------------------

Comment By: Nathan (rmnathan)
Date: 2008-12-15 16:47

Message:
Finally core has created. Please see below

stinbng46:/# gdb /usr/local/sbin/opensips core
GNU gdb 6.4.90-debian
Copyright (C) 2006 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you
are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for
details.
This GDB was configured as "i486-linux-gnu"...Using host libthread_db
library "/lib/libthread_db.so.1".


warning: Can't read pathname for load map: Input/output error.
Reading symbols from /lib/libdl.so.2...done.
Loaded symbols for /lib/libdl.so.2
Reading symbols from /lib/libresolv.so.2...done.
Loaded symbols for /lib/libresolv.so.2
Reading symbols from /lib/libc.so.6...done.
Loaded symbols for /lib/libc.so.6
Reading symbols from /lib/ld-linux.so.2...done.
Loaded symbols for /lib/ld-linux.so.2
Reading symbols from /usr/local/lib/opensips/modules/db_mysql.so...done.
Loaded symbols for /usr/local//lib/opensips/modules/db_mysql.so
Reading symbols from /usr/lib/libmysqlclient.so.15...done.
Loaded symbols for /usr/lib/libmysqlclient.so.15
Reading symbols from /lib/libpthread.so.0...done.
Loaded symbols for /lib/libpthread.so.0
Reading symbols from /lib/libcrypt.so.1...done.
Loaded symbols for /lib/libcrypt.so.1
Reading symbols from /lib/libnsl.so.1...done.
Loaded symbols for /lib/libnsl.so.1
Reading symbols from /lib/libm.so.6...done.
Loaded symbols for /lib/libm.so.6
Reading symbols from /usr/lib/libz.so.1...done.
Loaded symbols for /usr/lib/libz.so.1
Reading symbols from /usr/local/lib/opensips/modules/sl.so...done.
Loaded symbols for /usr/local//lib/opensips/modules/sl.so
Reading symbols from /usr/local/lib/opensips/modules/maxfwd.so...done.
Loaded symbols for /usr/local//lib/opensips/modules/maxfwd.so
Reading symbols from /usr/local/lib/opensips/modules/textops.so...done.
Loaded symbols for /usr/local//lib/opensips/modules/textops.so
Reading symbols from /usr/local/lib/opensips/modules/tm.so...done.
Loaded symbols for /usr/local//lib/opensips/modules/tm.so
Reading symbols from /usr/local/lib/opensips/modules/rr.so...done.
Loaded symbols for /usr/local//lib/opensips/modules/rr.so
Reading symbols from /usr/local/lib/opensips/modules/presence.so...done.
Loaded symbols for /usr/local//lib/opensips/modules/presence.so
Reading symbols from /usr/lib/libxml2.so.2...done.
Loaded symbols for /usr/lib/libxml2.so.2
Reading symbols from /usr/local/lib/opensips/modules/avpops.so...done.
Loaded symbols for /usr/local//lib/opensips/modules/avpops.so
Reading symbols from /usr/local/lib/opensips/modules/pua.so...done.
Loaded symbols for /usr/local//lib/opensips/modules/pua.so
Reading symbols from /usr/local/lib/opensips/modules/mi_fifo.so...done.
Loaded symbols for /usr/local//lib/opensips/modules/mi_fifo.so
Reading symbols from
/usr/local/lib/opensips/modules/presence_xml.so...done.
Loaded symbols for /usr/local//lib/opensips/modules/presence_xml.so
Reading symbols from /usr/local/lib/opensips/modules/rls.so...done.
Loaded symbols for /usr/local//lib/opensips/modules/rls.so
Reading symbols from /usr/local/lib/opensips/modules/xlog.so...done.
Loaded symbols for /usr/local//lib/opensips/modules/xlog.so
Reading symbols from /usr/local/lib/opensips/modules/signaling.so...done.
Loaded symbols for /usr/local//lib/opensips/modules/signaling.so
Reading symbols from /lib/libnss_db.so.2...done.
Loaded symbols for /lib/libnss_db.so.2
Reading symbols from /lib/libnss_files.so.2...done.
Loaded symbols for /lib/libnss_files.so.2
Reading symbols from /usr/lib/libdb3.so.3...done.
Loaded symbols for /usr/lib/libdb3.so.3
Core was generated by `/usr/local/sbin/opensips -D'.
Program terminated with signal 11, Segmentation fault.
#0  0xb7e9f61d in _IO_str_overflow () from /lib/libc.so.6
(gdb) bt
#0  0xb7e9f61d in _IO_str_overflow () from /lib/libc.so.6
#1  0xb7e9e747 in _IO_default_xsputn () from /lib/libc.so.6
#2  0xb7e75a94 in vfprintf () from /lib/libc.so.6
#3  0xb7e9392c in vsprintf () from /lib/libc.so.6
#4  0xb7e7e75e in sprintf () from /lib/libc.so.6
#5  0xb7978256 in timer_send_notify () from
/usr/local//lib/opensips/modules/rls.so
#6  0x080b11a0 in timer_ticker ()
#7  0x080b0fd1 in run_timer_process ()
#8  0x080b130b in start_timer_processes ()
#9  0x08065cdd in main_loop ()
#10 0x08067f5f in main ()

Regards
rmnathan


----------------------------------------------------------------------

You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=1086410&aid=2430807&group_id=232389

_______________________________________________
Devel mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/devel