Hello,
I think I spotted the reason (checking also the logs from the issue reported by Charles Chance on sr-users some weeks ago, it is the same case) -- cc-ed Peter and Hugh because it is from a commit coming from them, respectively:
commit ea2fab792425bf30197d47ae08f806a908fc3681 Author: Peter Dunkley peter.dunkley@crocodile-rcs.com Date: Wed May 9 13:55:01 2012 +0100
There were few issues IMO added by this commit (in function int send_publish( publ_info_t* publ ) from modules_k/pua/send_publish.c), caused by letting the execution going through error: label even when all is ok. Before this commit, when all was ok the function returned before error: label.
First is the shm_free() of cb_param -- this variable is given to TM for returning it in callback function, where is accessed but with invalid content at that time -- the reason for the crash reported here.
The second is related to DB transaction operations, that's why I wanted to discuss it here: - if all is ok, pua_dbf.end_transaction(pua_db) is executed - but then goes through error: label and does pua_dbf.abort_transaction(pua_db)
It might be harmless, but does not look 'ok' IMO.
I pushed a commit to fix it, Hugh and Peter should check it not to break something that they had in mind with the commit:
http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=1d89d7be...
If feedback and testing is ok, then it will be backported.
Cheers, Daniel
On 6/14/12 8:46 AM, Juha Heinanen wrote:
Daniel-Constantin Mierla writes:
can you print hentity and *hentity in frame 1?
here you go:
(gdb) frame 1 #1 0x00007ff73926b33f in publ_cback_func (t=0x7ff735d4f8f0, type=1024, ps=0x7fffcaef1e10) at send_publish.c:246 246 hash_code= core_hash(hentity->pres_uri, NULL, HASH_SIZE); (gdb) print hentity $1 = (ua_pres_t *) 0x7ff735d1eed8 (gdb) print *hentity $2 = {id = {s = 0x20302e322f504953 <Address 0x20302e322f504953 out of bounds>, len = 540028978}, pres_uri = 0x504953203a616956, event = 808333871, expires = 1346589743, desired_expires = 842608928, flag = 775436590, db_flag = 775106609, cb_param = 0x6e6172623b303830, next = 0x344768397a3d6863, ua_flag = 895568738, etag = { s = 0x3034363235353564 <Address 0x3034363235353564 out of bounds>, len = 808464432}, tuple_id = { s = 0x3030303030303030 <Address 0x3030303030303030 out of bounds>, len = 808464432}, body = 0x7669656365723b30, content_type = { s = 0x302e3732313d6465 <Address 0x302e3732313d6465 out of bounds>, len = 825110574}, watcher_uri = 0x686a3a706973203a, call_id = { s = 0x747365742e6d7640 <Address 0x747365742e6d7640 out of bounds>, len = 996763182}, to_tag = { s = 0x3863653436366134 <Address 0x3863653436366134 out of bounds>, len = 875914036}, from_tag = { s = 0x3938656630636230 <Address 0x3938656630636230 out of bounds>, len = 946222390}, cseq = 1697787949, version = 1175063864, outbound_proxy = 0x706973203a6d6f72, extra_headers = 0x742e6d7640686a3a, record_route = { s = 0x743b69662e747365 <Address 0x743b69662e747365 out of bounds>, len = 926771041}, remote_contact = { s = 0x3564303638333834 <Address 0x3564303638333834 out of bounds>, len = 962815330}, contact = { s = 0x6266393266373734 <Address 0x6266393266373734 out of bounds>, len = 758265909}}
-- juha