My Oracle Support Banner

diameterBeClient Crashing with Memory Corruption because of Event Size (Doc ID 2403399.1)

Last updated on MARCH 18, 2019

Applies to:

Oracle Communications Convergent Charging Controller - Version 6.0.1 and later
Information in this document applies to any platform.

Symptoms

On Oracle Communication Convergent Charging Controller (OC3C or 3C) version 6.0.1, diameterBeClient is crashing with memory corruption because of event size.

Customer is experiencing diameterBeClient coredumping for some cases of Balance Query to Elastic Charging Engine (ECE).

(gdb) bt full
#0  0xf776bce0 in __kernel_vsyscall ()
No symbol table info available.
#1  0xf73f21f7 in raise () from /usr/lib/libc.so.6
No symbol table info available.
#2  0xf73f3a33 in abort () from /usr/lib/libc.so.6
No symbol table info available.
#3  0xf77161c4 in SleeUtils::forkAndAbort () at sleeUtils.cc:40
       pstackBuf = "/bin/pstack 62807 > /tmp/pre_abort_stack_62807\000\000\260u\232\204\360\036x\367е\310\377\000a", <incomplete sequence \367>
       childPID = 0
       __PRETTY_FUNCTION__ = "void SleeUtils::forkAndAbort()"
#4  0xf771648c in SleeUtils::coredump () at sleeUtils.cc:68
       watchdogPID = 62810
#5  0xf772b41e in SleeEvent::validateEvent (this=this@entry=0x849a75b0) at sleeEvent.cc:284
       offset = <optimized out>
       size = 1080
       count = 161
       info = 0x849a79e0
       i = 1
       __PRETTY_FUNCTION__ = "void SleeEvent::validateEvent()"
#6  0xf771b544 in SleeDialog::sendEvent (this=0x8002f058, event=0x849a75b0, lastMsg=false,
   flush=true, first=false) at sleeDialog.cc:677
No locals.
#7  0x081265c1 in dcd::DiameterTxn::answer(unsigned char const*, unsigned char const*) ()
No symbol table info available.
#8  0x0819d3d3 in diameter::DiameterProcessor::parse_and_dispatch(diameter::DiameterConnection*, unsigned char const*, unsigned char const*) ()
No symbol table info available.
#9  0x081a3063 in diameter::DiameterConnection::receive(unsigned char*, int) ()
No symbol table info available.
#10 0x081adf51 in evnet::FD::poll_in_ready(bool) ()
No symbol table info available.
#11 0x081ac4a9 in evnet::EventLoop::poll(int) ()
No symbol table info available.
#12 0x08116a30 in main ()
No symbol table info available.

Critical errors like this are generated for each case:

Mar 5 09:41:27.703846 diameterBeClient(62807) CRITICAL: SLEE memory corruption: void SleeEvent::validateEvent(): [this=0x0x849a75b0 myCurrentList=0x(nil) owningProcess=62807]: Canary has been overwritten in event of size 1024
Mar 5 09:41:29.199358 diameterBeClient(62807) CRITICAL: SleeEvent::validateEvent() [this=0x0x849a75b0 myCurrentList=0x(nil) owningProcess=62807]: Memory corruption because event size 1036 is too big for list event size 1024

It looks like event does not fit the basic 1024 event, but customer has bigger events defined and available at the same time..

Current settings are:

MAXEVENTS=100000
MAXEVENTS=10000 2048
MAXEVENTS=1000 4096
MAXEVENTS=100 20480 # xmsScp

Due to Diameter Charging Driver crash, all communication with ECE are impacted.

Changes

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.