[SR-Users] Help analysing segmentation fault

Daniel-Constantin Mierla miconda at gmail.com
Fri Aug 22 13:17:51 CEST 2014 

Hello,

can you try this small patch?

diff --git a/modules/pua_dialoginfo/pua_dialoginfo.c 
b/modules/pua_dialoginfo/pua_dialoginfo.c
index 1e88a04..0f02b2b 100644
--- a/modules/pua_dialoginfo/pua_dialoginfo.c
+++ b/modules/pua_dialoginfo/pua_dialoginfo.c
@@ -347,7 +347,7 @@ struct str_list* get_str_list(unsigned short 
avp_flags, int_str avp_name) {

                 memset( list_current, 0, len);

-               list_current->s.s = (char*)( (void*) list_current + 
sizeof(struct str_list));
+               list_current->s.s = (char*)list_current + sizeof(struct 
str_list);
                 list_current->s.len = avp_value.s.len;
memcpy(list_current->s.s,avp_value.s.s,avp_value.s.len);

It is for 4.1.

I have some ongoing work to commit soon on the master branch. if you 
confirm it is working fine, I will push this patch as well and backport 
to 4.1.

Cheers,
Daniel

On 22/08/14 13:03, Charles Chance wrote:
> Hi All,
>
> I wonder if some one could help me to diagnose a recurring issue?
>
> It happens at random times/intervals and under varying load. But 
> always, just before the time of crash, I see the same critical error 
> in log:
>
> CRITICAL: dialog [dlg_hash.c:841]: log_next_state_dlg(): bogus event 6 
> in state 1 for dlg 0xb0632134 [1367:5814] with clid 
> '0695dd7a346188dd24e7520e6c01092c at sip.sipcentric.com 
> <mailto:0695dd7a346188dd24e7520e6c01092c at sip.sipcentric.com>' and tags 
> 'as77c89620' ''
>
>
> Analysing the core dump reveals:
>
> Core was generated by `/usr/sbin/kamailio -P /var/run/kamailio.pid -m 
> 128 -M 4 -u kamailio -g kamailio'.
> Program terminated with signal 11, Segmentation fault.
> #0  0x081a737c in parse_uri (buf=0x3a70006e <Address 0x3a70006e out of 
> bounds>, len=275, uri=0xbfa2fd2c) at parser/parse_uri.c:389
> 389scheme=buf[0]+(buf[1]<<8)+(buf[2]<<16)+(buf[3]<<24);
>
> (gdb) frame 1
>
> #1  0x008fe5dd in dialog_publish (state=0x903f37 "Trying", 
> ruri=0xb0b5fd00, entity=0xb0632188, peer=0xb0632190, 
> callid=0xb0632180, initiator=1, lifetime=7200, localtag=0x0, 
> remotetag=0x0, localtarget=0x0,
>     remotetarget=0x0, do_pubruri_localcheck=1) at dialog_publish.c:275
> 275if (parse_uri(ruri->s, ruri->len, &ruri_uri) < 0) {
>
> (gdb) p *ruri
>
> $1 = {s = 0x3a70006e <Address 0x3a70006e out of bounds>, len = 275}
>
> (gdb) up
>
> #2  0x008ff277 in dialog_publish_multi (state=0x903f37 "Trying", 
> ruris=0xb0b5fd00, entity=0xb0632188, peer=0xb0632190, 
> callid=0xb0632180, initiator=1, lifetime=7200, localtag=0x0, 
> remotetag=0x0,
> localtarget=0x0, remotetarget=0x0, do_pubruri_localcheck=1) at 
> dialog_publish.c:387
> 387dialog_publish(state,&(ruris->s),entity,peer,callid,initiator,lifetime,localtag,remotetag,localtarget,remotetarget,do_pubruri_localcheck);
>
> (gdb) p *ruris
>
> $2 = {s = {s = 0x3a70006e <Address 0x3a70006e out of bounds>, len = 
> 275}, next = 0x0}
>
> (gdb) up
>
> #3  0x0090187a in __dialog_created (dlg=0xb0632134, type=2, 
> _params=0x6db064) at pua_dialoginfo.c:470
> 470dialog_publish_multi("Trying", dlginfo->pubruris_caller, 
> &(dlg->from_uri), (include_req_uri)?&(dlg->req_uri):&(dlg->to_uri), 
> &(dlg->callid), 1, dlginfo->lifetime, 0, 0, 0, 0, 
> send_publish_flag==-1?1:0);
>
> (gdb) p *dlginfo->pubruris_caller
>
> $3 = {s = {s = 0x31590014 <Address 0x31590014 out of bounds>, len = 
> 275}, next = 0xb0b5fd00}
>
> (gdb) p *dlginfo->pubruris_caller->next
>
> $4 = {s = {s = 0x3a70006e <Address 0x3a70006e out of bounds>, len = 
> 275}, next = 0x0}
>
>
> In config, for pua_dialoginfo we are enabling the option 
> "use_pubruri_avps" and setting "pubruri_caller_avp" and 
> "pubruri_callee_avp" accordingly.
>
> Therefore, in pua_dialoginfo.c it is using get_str_list() function to 
> set dlginfo->pubruris_caller from the avp.
>
> Could this be some race condition or something completely different?
>
> Thanks in advance,
>
> Charles
>
>
>
> www.sipcentric.com <http://www.sipcentric.com/>
>
> Follow us on twitter @sipcentric <http://twitter.com/sipcentric>
>
> Sipcentric Ltd. Company registered in England & Wales no. 7365592. 
> Registered office: Faraday Wharf, Innovation Birmingham Campus, Holt 
> Street, Birmingham Science Park, Birmingham B7 4BB.
>
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

-- 
Daniel-Constantin Mierla
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Next Kamailio Advanced Trainings 2014 - http://www.asipto.com
Sep 22-25, Berlin, Germany ::: Oct 15-17, San Francisco, USA

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20140822/736a60bc/attachment.html>

More information about the sr-users mailing list