Bugs item #1908805, was opened at 2008-03-06 16:02
Message generated for change (Comment added) made by rvley
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=743020&aid=1908805&group_id=139143
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: None
Group: None
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Nobody/Anonymous (nobody)
Assigned to: Nobody/Anonymous (nobody)
Summary: OpenSER Randomly crashes with SIGBUS on Solaris 10 Sparc.
Initial Comment:
OpenSER is crashing at random times, with SIGBUS, running on Solaris 10, o
Sparc Hardware.
Backtrace of Core file:
#0 0x000bcfbc in fm_malloc (qm=0x185320, size=24, file=0xfedbac10 "res.c",
func=0xfedbac70 "db_mysql_get_columns", line=62) at mem/f_malloc.c:267
#1 0xfedb74b0 in db_mysql_get_columns (_h=0x1cbf68, _r=0x24dde8) at res.c:62
#2 0xfedb79f0 in db_mysql_convert_result (_h=0x1cbf68, _r=0x24dde8) at
res.c:167
#3 0xfedb28c4 in db_mysql_store_result (_h=0x1cbf68, _r=0xffbff830) at
dbase.c:209
#4 0xfedb40e8 in db_mysql_raw_query (_h=0x1cbf68,
_s=0xff07e668 "select received, contact, socket, cflags, path from location
where expires > '2008-03-04 13:37:51' and cflags & 64 = 64 and id % 1 = 0",
_r=0xffbff830) at dbase.c:447
#5 0xff053260 in get_all_db_ucontacts (buf=0x1ceec0, len=320054, flags=64,
part_idx=0, part_max=1)
at dlist.c:128
#6 0xff0528c8 in get_all_ucontacts (buf=0x1ceec0, len=320058, flags=64,
part_idx=0, part_max=
1) at dlist.c:356
#7 0xfee57c6c in pingClients (ticks=60, param=0x0) at functions.h:60
#8 0x000aa430 in timer_ticker (timer_list=0x163c00) at timer.c:275
#9 0x000aa180 in run_timer_process (tpl=0x1c5808, do_jiffies=1) at timer.c:357
#10 0x000aa6fc in start_timer_processes () at timer.c:386
#11 0x00036788 in main_loop () at main.c:873
#12 0x0003a0c4 in main (argc=1137536, argv=0x155f1c) at main.c:1372
Detailed inpsection of frame 0:
(gdb) print qm
$1 = (struct fm_block *) 0x185320
(gdb) frame 0
#0 0x000bcfbc in fm_malloc (qm=0x185320, size=24, file=0xfedbac10 "res.c",
func=0xfedbac70 "db_mysql_get_columns", line=62) at mem/f_malloc.c:267
267 if ((*f)->size>=size) goto found;
(gdb) list
262 /*search for a suitable free frag*/
263
264 for(hash=GET_HASH(size);hash<F_HASH_SIZE;hash++){
265 f=&(qm->free_hash[hash].first);
266 for(;(*f); f=&((*f)->u.nxt_free))
267 if ((*f)->size>=size) goto found;
268 /* try in a bigger bucket */
269 }
270 /* not found, bad! */
271 return 0;
(gdb) print qm->free_hash[hash]
$1 = {first = 0x69703a31, no = 1}
(gdb) print qm->free_hash
$2 = {{first = 0x0, no = 0}, {first = 0x0, no = 0}, {first = 0x0, no = 0},
{first = 0x69703a31, no = 1}, {
first = 0x0, no = 0}, {first = 0x0, no = 0}, {first = 0x0, no = 0}, {first
= 0x0, no = 0}, {first = 0x0,
no = 0}, {first = 0x0, no = 0}, {first = 0x24dd68, no = 4641}, {first =
0x0, no = 0} <repeats 21 times>, {
first = 0x1ced90, no = 1}, {first = 0x0, no = 0} <repeats 679 times>,
{first = 0x1cef40, no = 1}, {
first = 0x0, no = 0} <repeats 1337 times>, {first = 0x1cef40, no = 1},
{first = 0x0, no = 0}, {
first = 0x24de38, no = 1}, {first = 0x0, no = 0} <repeats 11 times>, {first
= 0x21d100, no = 1}, {
first = 0x0, no = 0}, {first = 0x0, no = 0}}
(gdb) print qm->free_hash.no
$3 = 0
(gdb) print qm->free_hash[hash].first
$4 = (struct fm_frag *) 0x69703a31
(gdb) x/s 0x69703a31
0x69703a31: <Address 0x69703a31 out of bounds>
----------------------------------------------------------------------
Comment By: Robin Vleij (rvley)
Date: 2008-05-05 14:06
Message:
Logged In: YES
user_id=2079583
Originator: NO
We have exactly the same under Debian.
Core was generated by `/usr/local/sbin/openser -P
/var/run/openser/openser.pid -m 64 -u root -g root'.
Program terminated with signal 11, Segmentation fault.
#0 fm_malloc (qm=0x636d20, size=<value optimized out>) at
mem/f_malloc.c:267
267 if ((*f)->size>=size) goto found;
(gdb) backtrace
#26 0x000000000040d780 in do_action (a=0x64bf68, msg=0x76ae48) at
action.c:695
#27 0x000000000040dfac in run_action_list (a=<value optimized out>,
msg=0x76ae48) at action.c:132
#28 0x000000000040e309 in run_top_route (a=0x643398, msg=0x76ae48) at
action.c:112
#29 0x000000000044b8bf in receive_msg (
buf=0x625ca0 "INVITE
sip:[EMAIL PROTECTED]:5060;user=phone SIP/2.0\r\nFrom:
<sip:[EMAIL
PROTECTED];user=phone>;tag=a4f9f153-13c4-481d07de-2c7577c4-6798f55c\r\nTo:
<sip:[EMAIL PROTECTED]"..., len=1340, rcv_info=0x7fff5a9ef490) at
receive.c:156
#30 0x0000000000488154 in udp_rcv_loop () at udp_server.c:438
#31 0x0000000000425081 in main (argc=9, argv=0x7fff5a9ef698) at
main.c:834
(gdb) print qm
$1 = (struct fm_block *) 0x636d20
(gdb) frame 0
#0 fm_malloc (qm=0x636d20, size=<value optimized out>) at
mem/f_malloc.c:267
267 if ((*f)->size>=size) goto found;
(gdb) print qm->free_hash[hash]
$2 = {first = 0x6334316437656235, no = 73}
(gdb) list
262 /*search for a suitable free frag*/
263
264 for(hash=GET_HASH(size);hash<F_HASH_SIZE;hash++){
265 f=&(qm->free_hash[hash].first);
266 for(;(*f); f=&((*f)->u.nxt_free))
267 if ((*f)->size>=size) goto found;
268 /* try in a bigger bucket */
269 }
270 /* not found, bad! */
271 return 0;
(gdb) print qm->free_hash[hash]
$4 = {first = 0x6334316437656235, no = 73}
(gdb) print qm->free_hash.no
$5 = 0
(gdb) print qm->free_hash[hash].first
$6 = (struct fm_frag *) 0x6334316437656235
(gdb) x/s 0x6334316437656235
0x6334316437656235: <Address 0x6334316437656235 out of bounds>
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=743020&aid=1908805&group_id=139143
_______________________________________________
Devel mailing list
Devel@lists.openser.org
http://lists.openser.org/cgi-bin/mailman/listinfo/devel
