This seems to be related to some sort of CANCEL message, possibly from Freeswitch, but I don't have the message buffer handy and the issue is not easily reproducible.
Any ideas?
(gdb) where #0 0x00002b1a751554c8 in build_local_reparse (Trans=<value optimized out>, branch=<value optimized out>, len=0x7fff2944e4dc, method=0x2b1a75173bc8 "CANCEL", method_len=6, to=0x2b1a790a0f48, reason=0x7fff2944e568) at t_msgbuilder.c:476 #1 0x00002b1a7512411e in cancel_branch (t=0x2b1a78f2aecb, branch=0, reason=0x7fff2944e568, flags=0) at t_cancel.c:285 #2 0x00002b1a7513c361 in fake_reply (ticks=<value optimized out>, tl=<value optimized out>, p=<value optimized out>) at timer.c:320 #3 final_response_handler (ticks=<value optimized out>, tl=<value optimized out>, p=<value optimized out>) at timer.c:489 #4 retr_buf_handler (ticks=<value optimized out>, tl=<value optimized out>, p=<value optimized out>) at timer.c:546 #5 0x000000000051b55a in timer_list_expire () at timer.c:894 #6 timer_handler () at timer.c:957 #7 timer_main () at timer.c:996 #8 0x0000000000469fb4 in main_loop () at main.c:1618 #9 0x000000000046be9f in main (argc=<value optimized out>, argv=0x7fff2944e898) at main.c:2398
When first loading core dump in GDB, it does give me a line number:
Program terminated with signal 11, Segmentation fault. #0 0x00002b1a751554c8 in build_local_reparse (Trans=<value optimized out>, branch=<value optimized out>, len=0x7fff2944e4dc, method=0x2b1a75173bc8 "CANCEL", method_len=6, to=0x2b1a790a0f48, reason=0x7fff2944e568) at t_msgbuilder.c:476 476 append_str(d, reason->u.text.s,
On 10/19/2010 11:29 AM, Alex Balashov wrote:
This seems to be related to some sort of CANCEL message, possibly from Freeswitch, but I don't have the message buffer handy and the issue is not easily reproducible.
Any ideas?
(gdb) where #0 0x00002b1a751554c8 in build_local_reparse (Trans=<value optimized out>, branch=<value optimized out>, len=0x7fff2944e4dc, method=0x2b1a75173bc8 "CANCEL", method_len=6, to=0x2b1a790a0f48, reason=0x7fff2944e568) at t_msgbuilder.c:476 #1 0x00002b1a7512411e in cancel_branch (t=0x2b1a78f2aecb, branch=0, reason=0x7fff2944e568, flags=0) at t_cancel.c:285 #2 0x00002b1a7513c361 in fake_reply (ticks=<value optimized out>, tl=<value optimized out>, p=<value optimized out>) at timer.c:320 #3 final_response_handler (ticks=<value optimized out>, tl=<value optimized out>, p=<value optimized out>) at timer.c:489 #4 retr_buf_handler (ticks=<value optimized out>, tl=<value optimized out>, p=<value optimized out>) at timer.c:546 #5 0x000000000051b55a in timer_list_expire () at timer.c:894 #6 timer_handler () at timer.c:957 #7 timer_main () at timer.c:996 #8 0x0000000000469fb4 in main_loop () at main.c:1618 #9 0x000000000046be9f in main (argc=<value optimized out>, argv=0x7fff2944e898) at main.c:2398
Looking at it some more, this may not be related to a received CANCEL, but rather a locally generated CANCEL with the new reason header functionality. I am pleased that t_reply.h provides a #define to disable it.
On 10/19/2010 11:33 AM, Alex Balashov wrote:
When first loading core dump in GDB, it does give me a line number:
Program terminated with signal 11, Segmentation fault. #0 0x00002b1a751554c8 in build_local_reparse (Trans=<value optimized out>, branch=<value optimized out>, len=0x7fff2944e4dc, method=0x2b1a75173bc8 "CANCEL", method_len=6, to=0x2b1a790a0f48, reason=0x7fff2944e568) at t_msgbuilder.c:476 476 append_str(d, reason->u.text.s,
On 10/19/2010 11:29 AM, Alex Balashov wrote:
This seems to be related to some sort of CANCEL message, possibly from Freeswitch, but I don't have the message buffer handy and the issue is not easily reproducible.
Any ideas?
(gdb) where #0 0x00002b1a751554c8 in build_local_reparse (Trans=<value optimized out>, branch=<value optimized out>, len=0x7fff2944e4dc, method=0x2b1a75173bc8 "CANCEL", method_len=6, to=0x2b1a790a0f48, reason=0x7fff2944e568) at t_msgbuilder.c:476 #1 0x00002b1a7512411e in cancel_branch (t=0x2b1a78f2aecb, branch=0, reason=0x7fff2944e568, flags=0) at t_cancel.c:285 #2 0x00002b1a7513c361 in fake_reply (ticks=<value optimized out>, tl=<value optimized out>, p=<value optimized out>) at timer.c:320 #3 final_response_handler (ticks=<value optimized out>, tl=<value optimized out>, p=<value optimized out>) at timer.c:489 #4 retr_buf_handler (ticks=<value optimized out>, tl=<value optimized out>, p=<value optimized out>) at timer.c:546 #5 0x000000000051b55a in timer_list_expire () at timer.c:894 #6 timer_handler () at timer.c:957 #7 timer_main () at timer.c:996 #8 0x0000000000469fb4 in main_loop () at main.c:1618 #9 0x000000000046be9f in main (argc=<value optimized out>, argv=0x7fff2944e898) at main.c:2398
Just got another crash, different line:
Program terminated with signal 11, Segmentation fault. #0 0x00002b7bbda9d4e0 in build_uac_cancel (headers=0x0, body=0xa100000274, cancelledT=0x0, branch=<value optimized out>, len=<value optimized out>, dst=0x3609690000) at t_msgbuilder.c:1661 1661 memapp( p, cancelledT->to.s, cancelledT->to.len );
On 10/19/2010 11:47 AM, Alex Balashov wrote:
Looking at it some more, this may not be related to a received CANCEL, but rather a locally generated CANCEL with the new reason header functionality. I am pleased that t_reply.h provides a #define to disable it.
On 10/19/2010 11:33 AM, Alex Balashov wrote:
When first loading core dump in GDB, it does give me a line number:
Program terminated with signal 11, Segmentation fault. #0 0x00002b1a751554c8 in build_local_reparse (Trans=<value optimized out>, branch=<value optimized out>, len=0x7fff2944e4dc, method=0x2b1a75173bc8 "CANCEL", method_len=6, to=0x2b1a790a0f48, reason=0x7fff2944e568) at t_msgbuilder.c:476 476 append_str(d, reason->u.text.s,
On 10/19/2010 11:29 AM, Alex Balashov wrote:
This seems to be related to some sort of CANCEL message, possibly from Freeswitch, but I don't have the message buffer handy and the issue is not easily reproducible.
Any ideas?
(gdb) where #0 0x00002b1a751554c8 in build_local_reparse (Trans=<value optimized out>, branch=<value optimized out>, len=0x7fff2944e4dc, method=0x2b1a75173bc8 "CANCEL", method_len=6, to=0x2b1a790a0f48, reason=0x7fff2944e568) at t_msgbuilder.c:476 #1 0x00002b1a7512411e in cancel_branch (t=0x2b1a78f2aecb, branch=0, reason=0x7fff2944e568, flags=0) at t_cancel.c:285 #2 0x00002b1a7513c361 in fake_reply (ticks=<value optimized out>, tl=<value optimized out>, p=<value optimized out>) at timer.c:320 #3 final_response_handler (ticks=<value optimized out>, tl=<value optimized out>, p=<value optimized out>) at timer.c:489 #4 retr_buf_handler (ticks=<value optimized out>, tl=<value optimized out>, p=<value optimized out>) at timer.c:546 #5 0x000000000051b55a in timer_list_expire () at timer.c:894 #6 timer_handler () at timer.c:957 #7 timer_main () at timer.c:996 #8 0x0000000000469fb4 in main_loop () at main.c:1618 #9 0x000000000046be9f in main (argc=<value optimized out>, argv=0x7fff2944e898) at main.c:2398
On Oct 19, 2010 at 12:02, Alex Balashov abalashov@evaristesys.com wrote:
Just got another crash, different line:
Program terminated with signal 11, Segmentation fault. #0 0x00002b7bbda9d4e0 in build_uac_cancel (headers=0x0, body=0xa100000274, cancelledT=0x0, branch=<value optimized out>, len=<value optimized out>, dst=0x3609690000) at t_msgbuilder.c:1661 1661 memapp( p, cancelledT->to.s, cancelledT->to.len );
This looks different. Could you send me the whole backtrace? Also if it's easily reproductible, could you recompile with make cfg mode=debug; make all ? (better core dumps)
Thanks, Andrei
It's not easily reproducible. :( But I will compile in debug mode and wait.
On 10/20/2010 12:47 PM, Andrei Pelinescu-Onciul wrote:
On Oct 19, 2010 at 12:02, Alex Balashovabalashov@evaristesys.com wrote:
Just got another crash, different line:
Program terminated with signal 11, Segmentation fault. #0 0x00002b7bbda9d4e0 in build_uac_cancel (headers=0x0, body=0xa100000274, cancelledT=0x0, branch=<value optimized out>, len=<value optimized out>, dst=0x3609690000) at t_msgbuilder.c:1661 1661 memapp( p, cancelledT->to.s, cancelledT->to.len );
This looks different. Could you send me the whole backtrace? Also if it's easily reproductible, could you recompile with make cfg mode=debug; make all ? (better core dumps)
Thanks, Andrei
On Oct 19, 2010 at 11:29, Alex Balashov abalashov@evaristesys.com wrote:
This seems to be related to some sort of CANCEL message, possibly from Freeswitch, but I don't have the message buffer handy and the issue is not easily reproducible.
Any ideas?
In some cases (when relay_reply() or local_reply() failed) an uninitialized variable was used. It should be fixed now on master. Could you try master, or apply the attached patch to 3.1 and see if you still get this crash?
Thanks, Andrei
-
Alex Balashov -
Andrei Pelinescu-Onciul