Guest

Preview Tool

Cisco Bug: CSCuq52682 - CCM processs core dump due to random memory corruption

Last Modified

Nov 01, 2018

Products (1)

  • Cisco Unified Communications Manager (CallManager)

Known Affected Releases

10.0(1.10000.24) 10.5(1.10000.7) 10.5(2.10000.5) 11.0(1.10000.10) 8.5(1.10000.26) 8.6(2.10000.30) 9.1(2.10000.28)

Description (partial)

CUCM Version : 10.5(1.98000.194)

Subscriber node exhibited CCM process core in LBM interface under traffic.
Type of traffic:      3-way ad-hoc audio conference scenarios over ICT (SME).
Type of Trunks:    SIP (EO, DO, BEEO)
Topology: 
Ph_A---------- CM---------SIPTrunk---------SME-------SIPTrunk------CM-------Ph_B
Conference Ph_C (Invoked by either  Ph_A or Ph_B) either over ICT or Local.


backtrace #1 - CUCM
===================================
#0 0xf6a05dc5 in _int_malloc () from /lib/libc.so.6
#1 0xf6a0700e in malloc () from /lib/libc.so.6
#2 0xf6bdc63a in operator new(unsigned int) () from /usr/local/cm/lib/libstlport.so.5.2
#3 0x089674d8 in LBMRegisterRes::createCopy (this=0xeb3954e4) at ../Include/TDCLcacsigs.hpp:405
#4 0x09df0313 in SdlProcessBase::prepareSignal (this=0x4f457e68, _sdlSignal=..., _signalPriority=@0xeb39538c, _destPID=...) at SdlProcessBase.cpp:161
#5 0x09def5c5 in SdlProcessBase::output (this=0x4f457e68, rSignal=..., rProcessId=..., _signalPriority=kNormalPriority) at SdlProcessBase.cpp:236
#6 0x0895f455 in LBMInterface::processReservationRsp (this=0x4f457e68, _resRsp=..., _allowRetry=<value optimized out>, _faked=false) at ProcessLBMInterface.cpp:2538
#7 0x089648f3 in LBMInterface::active_SdlDataInd (this=0x4f457e68, _s=...) at ProcessLBMInterface.cpp:653
#8 0x09df138f in SdlProcessBase::inputSignal (this=0x4f457e68, rSignal=0x6f84b8b8, traceType=SdlSystemLog::SignalThreadedNoPriorities, highPriority=0, normalPriority=0, lowPriority=0, veryLowPriority=0, lazyPriority=0, dbUpdatePriority=0) at SdlProcessBase.cpp:406
#9 0x09e1bca4 in SdlThreadedProcess::threadQueueReader (this=0x4f457e68) at SdlThreadedProcess.cpp:110
#10 0x09e1becf in SdlThreadedProcess::threadQueueReaderInit (sdlThreadedProcess=0x4f457e68) at SdlThreadedProcess.cpp:75
#11 0xf6973b39 in start_thread () from /lib/libpthread.so.0
#12 0xf6a74d6e in clone () from /lib/libc.so.6
====================================



CCM cores when a CcSetupReq is received by node 6, from node 4 HuntListCdrc. from the backtrace & the core analysis appears CCM is unable to extract the stream.

eax            0x50     80

backtrace #2 - CUCM
===================================
#0 erase (this=0xd148b41c, __f=0xa880224 "", __l=0xa880224 "") at 
/view/BLD-cm_10_5_1-raw-d/vob/ccm_tpl/release/include/stlport/stl/char_traits.h:168 
#1 stlp_std::basic_string,stlp_std::allocator >::_M_assign (this=0xd148b41c, __f=0xa880224 "",__l=0xa880224 "") at /view/BLD-cm_10_5_1-raw-d/vob/ccm_tpl/release/include/stlport/stl/_string.c:246 
#2 0x080a6710 in operator= (this=0xd148b3b0, istrm=..., str=...) at /view/BLD-cm_10_5_1-raw-d/vob/ccm_tpl/release/include/stlport/stl/_string.h:355 
#3 CcmSipUrl::extract (this=0xd148b3b0, istrm=..., str=...) at /view/BLD-cm_10_5_1-cct-ccm-d/vob/ccm/Common/Include/Url/CcmSipUrl.hpp:299 
#4 0x080b4238 in extract (this=0xcf2e91dc, istrm=...) at /view/BLD-cm_10_5_1-cct-ccm-d/vob/ccm/Common/Include/Url/CcmSipUrl.hpp:175 
#5 extract (this=0xcf2e91dc, istrm=...) at /view/BLD-cm_10_5_1-cct-ccm-d/vob/ccm/Common/Include/Url/CcmUrl.hpp:279 
#6 extract (this=0xcf2e91dc, istrm=...) at /view/BLD-cm_10_5_1-cct-ccm-d/vob/ccm/Common/Include/CallManager/TDCLCpShares.hpp:5282 
#7 extract (this=0xcf2e91dc, istrm=...) at /view/BLD-cm_10_5_1-cct-ccm-d/vob/ccm/Common/Include/CallManager/TDCLCpShares.hpp:5200 
#8 CcPtyNum::extract (this=0xcf2e91dc, istrm=...) at /view/BLD-cm_10_5_1-cct-ccm-d/vob/ccm/Common/Include/CallManager/TDCLCpShares.hpp:5466 
#9 0x0840d01e in CcSetupReqMsg::extract (this=0xcf2e8a6c, istrm=...) at /view/BLD-cm_10_5_1-cct-ccm-d/vob/ccm/Common/Include/CallManager/TDCLcc.hpp:8717 
#10 0x09dfadcc in SdlLinkHandler::fromByteStream (this=0xe5240570, _buffer=0xed2ba3b8 "\n", _bufferLen=3509) at SdlLinkHandler.cpp:317 
#11 0x09dfb0cb in SdlLinkHandler::handleSdlSignal (this=0xe5240570, _sdlDataBuffer=0xed2ba3b8 "\n", _sdlDataSize=3509) at SdlLinkHandler.cpp:757 
#12 0x09dfc200 in SdlLinkHandler::process (this=0xe5240570, s=...) at SdlLinkHandler.cpp:508 
#13 0x09da49d1 in SdlLinkControl::wait_SdlDataInd (this=0xdc38e58, _s=...) at SdlLinkControl.cpp:477 
#14 0x09dba5ff in SdlProcessBase::inputSignal (this=0xdc38e58, rSignal=0xdfec0c78, traceType=SdlSystemLog::SignalThreadedWithPriorities, highPriority=0, normalPriority=0, lowPriority=0, veryLowPriority=0, lazyPriority=0, dbUpdatePriority=0) at 
SdlProcessBase.cpp:406 
#15 0x09de4f34 in SdlThreadedProcess::threadQueueReader (this=0xdc38e58) at SdlThreadedProcess.cpp:110 
#16 0x09de515f in SdlThreadedProcess::threadQueueReaderInit (sdlThreadedProcess=0xdc38e58) at SdlThreadedProcess.cpp:75 
#17 0xf695db39 in start_thread () from /lib/libpthread.so.0 
#18 0xf6a5ed6e in clone () from /lib/libc.so.6
====================================

Symptom:
CCM processs core dump in LBMinterface due to memory corruption.

Conditions:
CUCM Version : 10.5(1.98000.194)

Subscriber node exhibited CCM process core in LBM interface under traffic.
Type of traffic:      3-way ad-hoc audio conference scenarios over ICT (SME).
Type of Trunks:    SIP (EO, DO, BEEO)
Topology: 
Ph_A---------- CM---------SIPTrunk---------SME-------SIPTrunk------CM-------Ph_B
Conference Ph_C (Invoked by either  Ph_A or Ph_B) either over ICT or Local.


backtrace #1 - CUCM
===================================
#0 0xf6a05dc5 in _int_malloc () from /lib/libc.so.6
#1 0xf6a0700e in malloc () from /lib/libc.so.6
#2 0xf6bdc63a in operator new(unsigned int) () from /usr/local/cm/lib/libstlport.so.5.2
#3 0x089674d8 in LBMRegisterRes::createCopy (this=0xeb3954e4) at ../Include/TDCLcacsigs.hpp:405
#4 0x09df0313 in SdlProcessBase::prepareSignal (this=0x4f457e68, _sdlSignal=..., _signalPriority=@0xeb39538c, _destPID=...) at SdlProcessBase.cpp:161
#5 0x09def5c5 in SdlProcessBase::output (this=0x4f457e68, rSignal=..., rProcessId=..., _signalPriority=kNormalPriority) at SdlProcessBase.cpp:236
#6 0x0895f455 in LBMInterface::processReservationRsp (this=0x4f457e68, _resRsp=..., _allowRetry=<value optimized out>, _faked=false) at ProcessLBMInterface.cpp:2538
#7 0x089648f3 in LBMInterface::active_SdlDataInd (this=0x4f457e68, _s=...) at ProcessLBMInterface.cpp:653
#8 0x09df138f in SdlProcessBase::inputSignal (this=0x4f457e68, rSignal=0x6f84b8b8, traceType=SdlSystemLog::SignalThreadedNoPriorities, highPriority=0, normalPriority=0, lowPriority=0, veryLowPriority=0, lazyPriority=0, dbUpdatePriority=0) at SdlProcessBase.cpp:406
#9 0x09e1bca4 in SdlThreadedProcess::threadQueueReader (this=0x4f457e68) at SdlThreadedProcess.cpp:110
#10 0x09e1becf in SdlThreadedProcess::threadQueueReaderInit (sdlThreadedProcess=0x4f457e68) at SdlThreadedProcess.cpp:75
#11 0xf6973b39 in start_thread () from /lib/libpthread.so.0
#12 0xf6a74d6e in clone () from /lib/libc.so.6
====================================


backtrace #2 - CUCM
===================================
#0 erase (this=0xd148b41c, __f=0xa880224 "", __l=0xa880224 "") at 
/view/BLD-cm_10_5_1-raw-d/vob/ccm_tpl/release/include/stlport/stl/char_traits.h:168 
#1 stlp_std::basic_string,stlp_std::allocator >::_M_assign (this=0xd148b41c, __f=0xa880224 "",__l=0xa880224 "") at /view/BLD-cm_10_5_1-raw-d/vob/ccm_tpl/release/include/stlport/stl/_string.c:246 
#2 0x080a6710 in operator= (this=0xd148b3b0, istrm=..., str=...) at /view/BLD-cm_10_5_1-raw-d/vob/ccm_tpl/release/include/stlport/stl/_string.h:355 
#3 CcmSipUrl::extract (this=0xd148b3b0, istrm=..., str=...) at /view/BLD-cm_10_5_1-cct-ccm-d/vob/ccm/Common/Include/Url/CcmSipUrl.hpp:299 
#4 0x080b4238 in extract (this=0xcf2e91dc, istrm=...) at /view/BLD-cm_10_5_1-cct-ccm-d/vob/ccm/Common/Include/Url/CcmSipUrl.hpp:175 
#5 extract (this=0xcf2e91dc, istrm=...) at /view/BLD-cm_10_5_1-cct-ccm-d/vob/ccm/Common/Include/Url/CcmUrl.hpp:279 
#6 extract (this=0xcf2e91dc, istrm=...) at /view/BLD-cm_10_5_1-cct-ccm-d/vob/ccm/Common/Include/CallManager/TDCLCpShares.hpp:5282 
#7 extract (this=0xcf2e91dc, istrm=...) at /view/BLD-cm_10_5_1-cct-ccm-d/vob/ccm/Common/Include/CallManager/TDCLCpShares.hpp:5200 
#8 CcPtyNum::extract (this=0xcf2e91dc, istrm=...) at /view/BLD-cm_10_5_1-cct-ccm-d/vob/ccm/Common/Include/CallManager/TDCLCpShares.hpp:5466 
#9 0x0840d01e in CcSetupReqMsg::extract (this=0xcf2e8a6c, istrm=...) at /view/BLD-cm_10_5_1-cct-ccm-d/vob/ccm/Common/Include/CallManager/TDCLcc.hpp:8717 
#10 0x09dfadcc in SdlLinkHandler::fromByteStream (this=0xe5240570, _buffer=0xed2ba3b8 "\n", _bufferLen=3509) at SdlLinkHandler.cpp:317 
#11 0x09dfb0cb in SdlLinkHandler::handleSdlSignal (this=0xe5240570, _sdlDataBuffer=0xed2ba3b8 "\n", _sdlDataSize=3509) at SdlLinkHandler.cpp:757 
#12 0x09dfc200 in SdlLinkHandler::process (this=0xe5240570, s=...) at SdlLinkHandler.cpp:508 
#13 0x09da49d1 in SdlLinkControl::wait_SdlDataInd (this=0xdc38e58, _s=...) at SdlLinkControl.cpp:477 
#14 0x09dba5ff in SdlProcessBase::inputSignal (this=0xdc38e58, rSignal=0xdfec0c78, traceType=SdlSystemLog::SignalThreadedWithPriorities, highPriority=0, normalPriority=0, lowPriority=0, veryLowPriority=0, lazyPriority=0, dbUpdatePriority=0) at 
SdlProcessBase.cpp:406 
#15 0x09de4f34 in SdlThreadedProcess::threadQueueReader (this=0xdc38e58) at SdlThreadedProcess.cpp:110 
#16 0x09de515f in SdlThreadedProcess::threadQueueReaderInit (sdlThreadedProcess=0xdc38e58) at SdlThreadedProcess.cpp:75 
#17 0xf695db39 in start_thread () from /lib/libpthread.so.0 
#18 0xf6a5ed6e in clone () from /lib/libc.so.6
====================================
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.