<div dir="ltr">Hi All,<div><br></div><div>I wonder if some one could help me to diagnose a recurring issue?</div><div><br></div><div>It happens at random times/intervals and under varying load. But always, just before the time of crash, I see the same critical error in log:</div>
<div><br></div><div><font face="courier new, monospace">CRITICAL: dialog [dlg_hash.c:841]: log_next_state_dlg(): bogus event 6 in state 1 for dlg 0xb0632134 [1367:5814] with clid '<a href="mailto:0695dd7a346188dd24e7520e6c01092c@sip.sipcentric.com">0695dd7a346188dd24e7520e6c01092c@sip.sipcentric.com</a>' and tags 'as77c89620' ''<br>
</font></div><div><br></div><div><br></div><div>Analysing the core dump reveals:</div><div><br></div><div><div><font face="courier new, monospace">Core was generated by `/usr/sbin/kamailio -P /var/run/kamailio.pid -m 128 -M 4 -u kamailio -g kamailio'.</font></div>
<div><font face="courier new, monospace">Program terminated with signal 11, Segmentation fault.</font></div><div><font face="courier new, monospace">#0 0x081a737c in parse_uri (buf=0x3a70006e <Address 0x3a70006e out of bounds>, len=275, uri=0xbfa2fd2c) at parser/parse_uri.c:389</font></div>
<div><font face="courier new, monospace">389<span class="" style="white-space:pre"> </span>scheme=buf[0]+(buf[1]<<8)+(buf[2]<<16)+(buf[3]<<24);</font></div></div><div><br></div><div><font face="courier new, monospace">(gdb) frame 1</font></div>
<div><div><font face="courier new, monospace"><br></font></div><div><font face="courier new, monospace">#1 0x008fe5dd in dialog_publish (state=0x903f37 "Trying", ruri=0xb0b5fd00, entity=0xb0632188, peer=0xb0632190, callid=0xb0632180, initiator=1, lifetime=7200, localtag=0x0, remotetag=0x0, localtarget=0x0, </font></div>
<div><font face="courier new, monospace"> remotetarget=0x0, do_pubruri_localcheck=1) at dialog_publish.c:275</font></div><div><font face="courier new, monospace">275<span class="" style="white-space:pre"> </span>if (parse_uri(ruri->s, ruri->len, &ruri_uri) < 0) {</font></div>
</div><div><font face="courier new, monospace"><br></font></div><div><font face="courier new, monospace">(gdb) p *ruri</font></div><div><font face="courier new, monospace"><br></font></div><div><div><div><font face="courier new, monospace">$1 = {s = 0x3a70006e <Address 0x3a70006e out of bounds>, len = 275}</font></div>
</div><div><font face="courier new, monospace"><br></font></div><div><font face="courier new, monospace">(gdb) up</font></div><div><font face="courier new, monospace"><br></font></div><div><div><font face="courier new, monospace">#2 0x008ff277 in dialog_publish_multi (state=0x903f37 "Trying", ruris=0xb0b5fd00, entity=0xb0632188, peer=0xb0632190, callid=0xb0632180, initiator=1, lifetime=7200, localtag=0x0, remotetag=0x0, </font></div>
<div><font face="courier new, monospace"> localtarget=0x0, remotetarget=0x0, do_pubruri_localcheck=1) at dialog_publish.c:387</font></div><div><font face="courier new, monospace">387<span class="" style="white-space:pre"> </span>dialog_publish(state,&(ruris->s),entity,peer,callid,initiator,lifetime,localtag,remotetag,localtarget,remotetarget,do_pubruri_localcheck);</font></div>
</div><div><font face="courier new, monospace"><br></font></div><div><font face="courier new, monospace">(gdb) p *ruris</font></div><div><font face="courier new, monospace"><br></font></div><div><div><font face="courier new, monospace">$2 = {s = {s = 0x3a70006e <Address 0x3a70006e out of bounds>, len = 275}, next = 0x0}</font></div>
</div><div><font face="courier new, monospace"><br></font></div><div><font face="courier new, monospace">(gdb) up</font></div><div><font face="courier new, monospace"><br></font></div><div><div><font face="courier new, monospace">#3 0x0090187a in __dialog_created (dlg=0xb0632134, type=2, _params=0x6db064) at pua_dialoginfo.c:470</font></div>
<div><font face="courier new, monospace">470<span class="" style="white-space:pre"> </span>dialog_publish_multi("Trying", dlginfo->pubruris_caller, &(dlg->from_uri), (include_req_uri)?&(dlg->req_uri):&(dlg->to_uri), &(dlg->callid), 1, dlginfo->lifetime, 0, 0, 0, 0, send_publish_flag==-1?1:0);</font></div>
</div><div><font face="courier new, monospace"><br></font></div><div><font face="courier new, monospace">(gdb) p *dlginfo->pubruris_caller<br></font></div><div><font face="courier new, monospace"><br></font></div><div>
<div><font face="courier new, monospace">$3 = {s = {s = 0x31590014 <Address 0x31590014 out of bounds>, len = 275}, next = 0xb0b5fd00}</font></div></div><div><font face="courier new, monospace"><br></font></div><div>
<div><font face="courier new, monospace">(gdb) p *dlginfo->pubruris_caller->next</font></div><div><font face="courier new, monospace"><br></font></div><div><font face="courier new, monospace">$4 = {s = {s = 0x3a70006e <Address 0x3a70006e out of bounds>, len = 275}, next = 0x0}</font></div>
</div><div><br></div><div><br></div><div>In config, for pua_dialoginfo we are enabling the option "use_pubruri_avps" and setting "pubruri_caller_avp" and "pubruri_callee_avp" accordingly.</div>
<div><br></div><div>Therefore, in pua_dialoginfo.c it is using get_str_list() function to set dlginfo->pubruris_caller from the avp.</div><div><br></div><div>Could this be some race condition or something completely different?</div>
<div><br></div><div>Thanks in advance,</div><div><br></div><div>Charles</div><div><br></div><div><br></div>
</div></div>
<br>
<font face="Helvetica, Arial, sans-serif"><font size="2"><span style="font-size:10pt"><a href="http://www.sipcentric.com/" title="blocked::http://www.sipcentric.com/" target="_blank">www.sipcentric.com</a><br>
<br>
Follow us on twitter <a href="http://twitter.com/sipcentric" title="blocked::http://twitter.com/sipcentric" target="_blank">@sipcentric</a><br>
<br>
<font color="gray">Sipcentric Ltd.
Company registered in England & Wales no. 7365592.</font> <font color="gray">Registered
office: Faraday Wharf, Innovation Birmingham Campus, Holt Street, Birmingham Science Park, Birmingham B7 4BB.</font></span></font></font>