[OpenSIPS-Users] segfault during msg_callback_process in opensip trunk r7406

Bobby Smith bobby.smith at gmail.com
Fri Dec 3 08:23:04 CET 2010 

Excellent, thanks for the info and the fix!

I've applied this patch to a development machine and tested with the
signaling capture that got us into this scenario, and it seems to be fixed.
 To the rest of the community, is there any way we can get this verified and
applied to trunk before the 1.6.4 release that's coming up soon?  It's one
of those situations where we're hesitant to ride on a non GA'd release, and
there are some feature enhancements around acc and dialog tracking for cdr's
that I'd really like to pull off of trunk for the next official release.

Regards,
Bobby Smith

On Thu, Dec 2, 2010 at 9:58 PM, Kennard White <kennard_white at logitech.com>wrote:

> Hi Bobby,
>
> Your backtrace was very helpful: it looked exactly like one I got several
> months ago! It is caused by an un-initialized field when tm clones into
> shared memory. I uploaded patch under ID *3047314 *back in Sep. See the
> 1st comment and the 1st patch file. The patch hasn't been accepted, probably
> because it is lumped together with a feature enhancement.
>
> Kennard
> *
> *
> On Thu, Dec 2, 2010 at 2:45 PM, Bobby Smith <bobby.smith at gmail.com> wrote:
>
>> While running a load test over the weekend, we ran into a segfault several
>> times that looks like it was happening around the same area.  This is in
>> revision 7406.
>>
>> It doesn't really feel there's anything meaningful or useful in the core
>> dump, but perhaps looking at the code path could help.  We reverted back to
>> branch 1.6 from svn and avoided the crash for 72 hours straight, while
>> before it was crashing about every few hours.
>>
>> See below, and thanks.
>>
>> Bobby Smith
>>
>> Program terminated with signal 11, Segmentation fault.
>> #0  0x0000000000000000 in ?? ()
>> (gdb) bt full
>>  #0  0x0000000000000000 in ?? ()
>> No symbol table info available.
>> #1  0x00000000004333b1 in msg_callback_process (msg=0x2ab1cd770d80,
>> cb_type=REQ_PRE_FORWARD, core_arg=0x7a86b0) at msg_callbacks.c:79
>>         msg_cb = 0x7ab690
>>         msg_cb_pre = <value optimized out>
>> #2  0x00002ab1cd54181b in dp_time (t=0x2ab1d0f07038, p_msg=0x2ab1cd770d80,
>> proxy=<value optimized out>) at ../../dprint.h:125
>>         ltime = 8042040
>> #3  t_forward_nonack (t=0x2ab1d0f07038, p_msg=0x2ab1cd770d80, proxy=<value
>> optimized out>) at t_fwd.c:712
>>         backup_dst = {s = 0x7ad848 "\001", len = 8042360}
>>         branch_ret = <value optimized out>
>>         lowest_ret = -789549208
>>         current_uri = {s = 0x0, len = -816645016}
>>         added_branches = 10929
>>         i = 2
>>         q = 0
>>         t_invite = <value optimized out>
>>         success_branch = 0
>>         dst_uri = {s = 0x7fff808c5910 "\240. \026", len = 1}
>>         bk_sock = 0x42d144
>>         br_flags = 0
>>         bk_br_flags = 10929
>>         path = {s = 0x0, len = -2138286848}
>>         __FUNCTION__ = "t_forward_nonack"
>> #4  0x00002ab1cd54f0f9 in dp_time (param=<value optimized out>,
>> param_no=2) at ../../parser/../dprint.h:127
>>         ltime = 8018616
>> #5  fixup_t_send_reply (param=<value optimized out>, param_no=2) at
>> tm.c:467
>>         model = 0x7a24a8
>>         s = {s = 0x0, len = 8018832}
>>         __FUNCTION__ = "fixup_t_send_reply"
>> #6  0x0000000000000000 in ?? ()
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20101203/80af903c/attachment.htm>

More information about the Users mailing list