#409 sigfault in presence module due mix_dialog_presence flag

1.7.x
closed-fixed
modules (454)
5
2011-10-13
2011-08-31
No

Enabling "mix_dialog_presence=1" in presence module causes random crash. Core dump of each crash shows sigfault that happens only when using a specific version of Eyebeam. So, it may be a bug in Eyebeam instead of opensips. Anyhow, here is the BT.

Core was generated by `/usr/local/sbin/opensips -P /var/run/opensips.pid -m 512 -u root -g root'.
Program terminated with signal 11, Segmentation fault.
#0 0xb6fdc1ad in get_presence_from_dialog (pres_uri=0xbff1af50, uri=0xbff1ad9c, hash_code=2590) at notify.c:861
/usr/src/svn-src/opensips-1.7.0-tls/modules/presence/notify.c:861:20235:beg:0xb6fdc1ad
(gdb) bt
#0 0xb6fdc1ad in get_presence_from_dialog (pres_uri=0xbff1af50, uri=0xbff1ad9c, hash_code=2590) at notify.c:861
#1 0xb6fdf9e9 in get_p_notify_body (pres_uri=..., event=0x9719d8c4, etag=0x0, publ_body=0x0, contact=0xbff1b230, dbody=0x0, extra_hdrs=0xbff1b058,
free_fct=0xbff1b074) at notify.c:985
#2 0xb6fe22f9 in send_notify_request (subs=0xbff1b1d8, watcher_subs=0x0, n_body=0x0, force_null_body=0, extra_hdrs=0x0) at notify.c:1916
#3 0xb6fe37ab in notify (subs=0xbff1b1d8, watcher_subs=0x0, n_body=0x0, force_null_body=0, extra_hdrs=0x0) at notify.c:2094
#4 0xb700149d in update_subscription (msg=0x826e79c, subs=0xbff1b1d8, init_req=1) at subscribe.c:451
#5 0xb7001e9a in handle_subscribe (msg=0x826e79c, force_active_param=0x0, str2=0x0) at subscribe.c:659
#6 0x080599b2 in do_action (a=0x820569c, msg=0x970ee8e0) at action.c:1280
#7 0x08058139 in run_action_list (a=0x820569c, msg=0x826e79c) at action.c:141
#8 0x0805c02b in do_action (a=0x8205708, msg=0x826e79c) at action.c:847
#9 0x08058139 in run_action_list (a=0x8205708, msg=0x826e79c) at action.c:141
#10 0x0805ca5b in do_action (a=0x8205774, msg=0x826e79c) at action.c:853
#11 0x08058139 in run_action_list (a=0x82050f4, msg=0x826e79c) at action.c:141
#12 0x0805c02b in do_action (a=0x820584c, msg=0x826e79c) at action.c:847
#13 0x08058139 in run_action_list (a=0x81fdbac, msg=0x826e79c) at action.c:141
#14 0x0805dc40 in run_actions (a=0x81fdbac, msg=0x826e79c) at action.c:121
#15 run_top_route (a=0x81fdbac, msg=0x826e79c) at action.c:182
#16 0x080a38ce in receive_msg (
buf=0x81cf480 "SUBSCRIBE sip:13107350014@rtsip.vopium.com SIP/2.0\r\nVia: SIP/2.0/UDP 203.215.176.22:41166;branch=z9hG4bK-d8754z-ff02150196589f0a-1---d8754z-;rport\r\nMax-Forwards: 69\r\nContact: <sip:923214032232@203.215"..., len=678, rcv_info=0xbff1c118) at receive.c:165
#17 0x080f91b6 in udp_rcv_loop () at udp_server.c:419
#18 0x08074662 in main_loop (argc=9, argv=0xbff1c2c4) at main.c:885
#19 main (argc=9, argv=0xbff1c2c4) at main.c:1503

The user-agent string of Eyebeam i have that causes these crashes (so far 4), is "eyeBeam release 1101l stamp 49847",

I also have memdump available if you need it.

Discussion

  • Bogdan-Andrei Iancu

    Hi,

    In frame 0, please print the following values:
    dialog_event_p
    *dialog_event_p
    (*dialog_event_p)->evp
    (*dialog_event_p)->evp->parsed

    Thanks and regards,
    Bogdan

     
  • Bogdan-Andrei Iancu

    • assigned_to: nobody --> bogdan_iancu
     
  • Muhammad Shahzad

    humm, not sure how to do that? I am attaching BT FULL in file here for further reference. I do see "Address 0xXXXX out of bounds" at a number of places in it.

     
  • Muhammad Shahzad

    BT FULL from crash dump

     
  • Bogdan-Andrei Iancu

    in gdb command line, just do:
    frame 0
    print dialog_event_p
    print *dialog_event_p
    print (*dialog_event_p)->evp
    print (*dialog_event_p)->evp->parsed

    Thanks,
    Bogdan

     
  • Muhammad Shahzad

    Thanks for explaining. I checked all 4 core dumps and they all give exact same error for last two commands. Here it is,

    Core was generated by `/usr/local/sbin/opensips -P /var/run/opensips.pid -m 512 -u root -g root'.
    Program terminated with signal 11, Segmentation fault.
    #0 0xb701c1ad in get_presence_from_dialog (pres_uri=0xbf8bb4b0, uri=0xbf8bb2fc, hash_code=2590) at notify.c:861
    /usr/src/svn-src/opensips-1.7.0-tls/modules/presence/notify.c:861:20235:beg:0xb701c1ad
    (gdb) frame 0
    #0 0xb701c1ad in get_presence_from_dialog (pres_uri=0xbf8bb4b0, uri=0xbf8bb2fc, hash_code=2590) at notify.c:861
    /usr/src/svn-src/opensips-1.7.0-tls/modules/presence/notify.c:861:20235:beg:0xb701c1ad
    (gdb) print dialog_event_p
    $1 = (pres_ev_t **) 0x97094844
    (gdb) print *dialog_event_p
    $2 = (pres_ev_t *) 0x6
    (gdb) print (*dialog_event_p)->evp
    Cannot access memory at address 0xe
    (gdb) print (*dialog_event_p)->evp->parsed
    Cannot access memory at address 0xe

    Thank you.

     
  • Bogdan-Andrei Iancu

    Just to know in what direction to go with the troubleshooting - can you reproduce this crash?

    Regards,
    Bogdan

     
  • Muhammad Shahzad

    Actually, i am not sure if its the eyebeam version causing the crash or something is wrong with opensips. If its eyebeam version then i can simply block its user-agent in opensips dial plan to avoid crash.

    Let me try to contact the end-user who has this eyebeam version and see s/he is willing to help us out in reproducing this crash.

    Thank you.

     
  • Bogdan-Andrei Iancu

    any update on this ?

    Best regards,
    Bogdan

     
  • Muhammad Shahzad

    Nothing so far. Still chasing the customer. I couldn't reproduce it by other means either.

     
  • Anca Vamanu

    Anca Vamanu - 2011-10-02

    Hi Muhammad,

    Have you loaded presence_dialoginfo module in your config? I believe that you haven't and this is the reason why it is not working for you. However, even in this case opensips should not crash, but give a warning. I have fixed it with this commit - http://opensips.svn.sourceforge.net/viewvc/opensips?view=revision&revision=8431.

    Regards,
    Anca

     
  • Anca Vamanu

    Anca Vamanu - 2011-10-02
    • status: open --> closed-fixed
     
  • Muhammad Shahzad

    Ahan, you are right i think, since i enabled that module initially but later commented out.

    Ok, i will check the fix and will let you know if it crashes again.

     
  • Muhammad Shahzad

    • status: closed-fixed --> open-fixed
     
  • Muhammad Shahzad

    I think issue is resolved, since its working fine for over 1 week.

    Thank you.

     
  • Anca Vamanu

    Anca Vamanu - 2011-10-13

    Thank you for the update.

     
  • Anca Vamanu

    Anca Vamanu - 2011-10-13
    • status: open-fixed --> closed-fixed
     

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks