Re: [SR-Users] After upgrade from openser 1.3.4 to kamailio 1.5.5 the same crash set
Here is it with MEMDBG=1 -- Core was generated by `/usr/local/sbin/kamailio -P /var/run/openser/openser.pid -m 32 -u openser -g op'. Program terminated with signal 6, Aborted. #0 0x0039d8c30265 in raise () from /lib64/libc.so.6 (gdb) backtrace #0 0x0039d8c30265 in raise () from /lib64/libc.so.6 #1 0x0039d8c31d10 in abort () from /lib64/libc.so.6 #2 0x0046c397 in qm_debug_frag (qm=0x733c00, f=0x7ca950) at mem/q_malloc.c:137 #3 0x0046d99a in qm_free (qm=0x733c00, p=0x7ca980, file=0x4e4d30 parser/digest/digest.c, func=0x4e4da0 free_credentials, line=95) at mem/q_malloc.c:439 #4 0x00495fac in free_credentials (_b=0x2ba07046a7b8) at parser/digest/digest.c:95 #5 0x00471a36 in clean_hdr_field (hf=0x2ba07046a788) at parser/hf.c:116 #6 0x2ba06cec58de in clean_msg_clone (msg=0x2ba0704697b8, min=0x2ba0704697b8, max=0x2ba07046add0) at sip_msg.h:54 #7 0x2ba06cec57b7 in run_trans_callbacks (type=2, trans=0x2ba07045b3f0, req=0x2ba0704697b8, rpl=0x7c0eb8, code=200) at t_hooks.c:245 #8 0x2ba06cecc39d in t_reply_matching (p_msg=0x7c0eb8, p_branch=0x7fff8a7202c8) at t_lookup.c:888 #9 0x2ba06cecc997 in t_check (p_msg=0x7c0eb8, param_branch=0x7fff8a7202c8) at t_lookup.c:964 #10 0x2ba06cedb79b in reply_received (p_msg=0x7c0eb8) at t_reply.c:1395 #11 0x0041c6db in forward_reply (msg=0x7c0eb8) at forward.c:576 #12 0x0043ccf0 in receive_msg ( buf=0x712980 SIP/2.0 200 OK\r\nVia: SIP/2.0/UDP XXX.XX.XXX.13;branch=z9hG4bKb01c.8ffe0f62.0;received=XXX.XX.XXX.13\r\nVia: SIP/2.0/UDP XXX.XX.XXX.236:5060;received=XXX.XX.XXX.236;branch=z9hG4bK20b12a8d;rport=5060\r\nRec..., len=576, rcv_info=0x7fff8a720420) at receive.c:212 #13 0x004692e3 in udp_rcv_loop () at udp_server.c:449 #14 0x00420ecb in main_loop () at main.c:774 #15 0x00422e0f in main (argc=11, argv=0x7fff8a7206a8) at main.c:1321 -- Core was generated by `/usr/local/sbin/kamailio -P /var/run/openser/openser.pid -m 32 -u openser -g op'. Program terminated with signal 6, Aborted. #0 0x0039d8c30265 in raise () from /lib64/libc.so.6 (gdb) backtrace #0 0x0039d8c30265 in raise () from /lib64/libc.so.6 #1 0x0039d8c31d10 in abort () from /lib64/libc.so.6 #2 0x0046c397 in qm_debug_frag (qm=0x733c00, f=0x83a818) at mem/q_malloc.c:137 #3 0x0046d99a in qm_free (qm=0x733c00, p=0x83a848, file=0x4e4d30 parser/digest/digest.c, func=0x4e4da0 free_credentials, line=95) at mem/q_malloc.c:439 #4 0x00495fac in free_credentials (_b=0x2b95e9de8758) at parser/digest/digest.c:95 #5 0x00471a36 in clean_hdr_field (hf=0x2b95e9de8728) at parser/hf.c:116 #6 0x2b95e687e8de in clean_msg_clone (msg=0x2b95e9de7758, min=0x2b95e9de7758, max=0x2b95e9de8d70) at sip_msg.h:54 #7 0x2b95e687e7b7 in run_trans_callbacks (type=2, trans=0x2b95e9fe5150, req=0x2b95e9de7758, rpl=0x7c0eb8, code=200) at t_hooks.c:245 #8 0x2b95e688539d in t_reply_matching (p_msg=0x7c0eb8, p_branch=0x7fff77e144b8) at t_lookup.c:888 #9 0x2b95e6885997 in t_check (p_msg=0x7c0eb8, param_branch=0x7fff77e144b8) at t_lookup.c:964 #10 0x2b95e689479b in reply_received (p_msg=0x7c0eb8) at t_reply.c:1395 #11 0x0041c6db in forward_reply (msg=0x7c0eb8) at forward.c:576 #12 0x0043ccf0 in receive_msg ( buf=0x712980 SIP/2.0 200 OK\r\nVia: SIP/2.0/UDP XXX.XX.XXX.13;branch=z9hG4bK2cb3.224aa3e4.0;received=XXX.XX.XXX.13\r\nVia: SIP/2.0/UDP XXX.XX.XXX.236:5060;received=XXX.XX.XXX.236;branch=z9hG4bK3ca41325;rport=5060\r\nRec..., len=576, rcv_info=0x7fff77e14610) at receive.c:212 #13 0x004692e3 in udp_rcv_loop () at udp_server.c:449 #14 0x00420ecb in main_loop () at main.c:774 #15 0x00422e0f in main (argc=11, argv=0x7fff77e14898) at main.c:1321 Loaded symbols for /lib64/ld-linux-x86-64.so.2 Core was generated by `/usr/local/sbin/kamailio -P /var/run/openser/openser.pid -m 32 -u openser -g op'. Program terminated with signal 11, Segmentation fault. #0 0x0046bf7b in add_avp_galias_str (alias_definition=0x46de56 ) at usr_avp.c:680 680 LM_ERR(parse error in %s around pos %ld\n, (gdb) backtrace #0 0x0046bf7b in add_avp_galias_str (alias_definition=0x46de56 ) at usr_avp.c:680 #1 0x in ?? () On 02/10/2011 09:14 AM, Daniel-Constantin Mierla wrote: On 2/10/11 8:12 AM, Andrew O. Zhukov wrote: Couple month ago I sent whole set of crash-es from 1.3.4 to this maillist. Nobody respond me. Probably they were forgotten in the history, if most of devs were offline at the moment you sent. Do you have a link to the thread, it may help reading what you sent at that time, as well.
Re: [SR-Users] After upgrade from openser 1.3.4 to kamailio 1.5.5 the same crash set
On 2/11/11 6:23 PM, Andrew O. Zhukov wrote: Here is it with MEMDBG=1 Did you get in syslog any error (bug) message mentioning overwriting tail/head for memory operations? If yes, send the syslog messages here. I will try to look over it soon, being offline for some traveling... Cheers, Daniel -- Core was generated by `/usr/local/sbin/kamailio -P /var/run/openser/openser.pid -m 32 -u openser -g op'. Program terminated with signal 6, Aborted. #0 0x0039d8c30265 in raise () from /lib64/libc.so.6 (gdb) backtrace #0 0x0039d8c30265 in raise () from /lib64/libc.so.6 #1 0x0039d8c31d10 in abort () from /lib64/libc.so.6 #2 0x0046c397 in qm_debug_frag (qm=0x733c00, f=0x7ca950) at mem/q_malloc.c:137 #3 0x0046d99a in qm_free (qm=0x733c00, p=0x7ca980, file=0x4e4d30 parser/digest/digest.c, func=0x4e4da0 free_credentials, line=95) at mem/q_malloc.c:439 #4 0x00495fac in free_credentials (_b=0x2ba07046a7b8) at parser/digest/digest.c:95 #5 0x00471a36 in clean_hdr_field (hf=0x2ba07046a788) at parser/hf.c:116 #6 0x2ba06cec58de in clean_msg_clone (msg=0x2ba0704697b8, min=0x2ba0704697b8, max=0x2ba07046add0) at sip_msg.h:54 #7 0x2ba06cec57b7 in run_trans_callbacks (type=2, trans=0x2ba07045b3f0, req=0x2ba0704697b8, rpl=0x7c0eb8, code=200) at t_hooks.c:245 #8 0x2ba06cecc39d in t_reply_matching (p_msg=0x7c0eb8, p_branch=0x7fff8a7202c8) at t_lookup.c:888 #9 0x2ba06cecc997 in t_check (p_msg=0x7c0eb8, param_branch=0x7fff8a7202c8) at t_lookup.c:964 #10 0x2ba06cedb79b in reply_received (p_msg=0x7c0eb8) at t_reply.c:1395 #11 0x0041c6db in forward_reply (msg=0x7c0eb8) at forward.c:576 #12 0x0043ccf0 in receive_msg ( buf=0x712980 SIP/2.0 200 OK\r\nVia: SIP/2.0/UDP XXX.XX.XXX.13;branch=z9hG4bKb01c.8ffe0f62.0;received=XXX.XX.XXX.13\r\nVia: SIP/2.0/UDP XXX.XX.XXX.236:5060;received=XXX.XX.XXX.236;branch=z9hG4bK20b12a8d;rport=5060\r\nRec..., len=576, rcv_info=0x7fff8a720420) at receive.c:212 #13 0x004692e3 in udp_rcv_loop () at udp_server.c:449 #14 0x00420ecb in main_loop () at main.c:774 #15 0x00422e0f in main (argc=11, argv=0x7fff8a7206a8) at main.c:1321 -- Core was generated by `/usr/local/sbin/kamailio -P /var/run/openser/openser.pid -m 32 -u openser -g op'. Program terminated with signal 6, Aborted. #0 0x0039d8c30265 in raise () from /lib64/libc.so.6 (gdb) backtrace #0 0x0039d8c30265 in raise () from /lib64/libc.so.6 #1 0x0039d8c31d10 in abort () from /lib64/libc.so.6 #2 0x0046c397 in qm_debug_frag (qm=0x733c00, f=0x83a818) at mem/q_malloc.c:137 #3 0x0046d99a in qm_free (qm=0x733c00, p=0x83a848, file=0x4e4d30 parser/digest/digest.c, func=0x4e4da0 free_credentials, line=95) at mem/q_malloc.c:439 #4 0x00495fac in free_credentials (_b=0x2b95e9de8758) at parser/digest/digest.c:95 #5 0x00471a36 in clean_hdr_field (hf=0x2b95e9de8728) at parser/hf.c:116 #6 0x2b95e687e8de in clean_msg_clone (msg=0x2b95e9de7758, min=0x2b95e9de7758, max=0x2b95e9de8d70) at sip_msg.h:54 #7 0x2b95e687e7b7 in run_trans_callbacks (type=2, trans=0x2b95e9fe5150, req=0x2b95e9de7758, rpl=0x7c0eb8, code=200) at t_hooks.c:245 #8 0x2b95e688539d in t_reply_matching (p_msg=0x7c0eb8, p_branch=0x7fff77e144b8) at t_lookup.c:888 #9 0x2b95e6885997 in t_check (p_msg=0x7c0eb8, param_branch=0x7fff77e144b8) at t_lookup.c:964 #10 0x2b95e689479b in reply_received (p_msg=0x7c0eb8) at t_reply.c:1395 #11 0x0041c6db in forward_reply (msg=0x7c0eb8) at forward.c:576 #12 0x0043ccf0 in receive_msg ( buf=0x712980 SIP/2.0 200 OK\r\nVia: SIP/2.0/UDP XXX.XX.XXX.13;branch=z9hG4bK2cb3.224aa3e4.0;received=XXX.XX.XXX.13\r\nVia: SIP/2.0/UDP XXX.XX.XXX.236:5060;received=XXX.XX.XXX.236;branch=z9hG4bK3ca41325;rport=5060\r\nRec..., len=576, rcv_info=0x7fff77e14610) at receive.c:212 #13 0x004692e3 in udp_rcv_loop () at udp_server.c:449 #14 0x00420ecb in main_loop () at main.c:774 #15 0x00422e0f in main (argc=11, argv=0x7fff77e14898) at main.c:1321 Loaded symbols for /lib64/ld-linux-x86-64.so.2 Core was generated by `/usr/local/sbin/kamailio -P /var/run/openser/openser.pid -m 32 -u openser -g op'. Program terminated with signal 11, Segmentation fault. #0 0x0046bf7b in add_avp_galias_str (alias_definition=0x46de56 ) at usr_avp.c:680 680LM_ERR(parse error in %s around pos %ld\n, (gdb) backtrace #0 0x0046bf7b in add_avp_galias_str (alias_definition=0x46de56 ) at usr_avp.c:680 #1 0x in ?? () On 02/10/2011 09:14 AM, Daniel-Constantin Mierla wrote: On 2/10/11 8:12 AM, Andrew O. Zhukov wrote: Couple month ago I sent whole set of
[SR-Users] After upgrade from openser 1.3.4 to kamailio 1.5.5 the same crash set
[root@ tmp]# /usr/local/sbin/kamailio -V
version: kamailio 1.5.5-notls (x86_64/linux)
flags: STATISTICS, EXTRA_DEBUG, USE_IPV6, USE_TCP, DISABLE_NAGLE,
USE_MCAST, SHM_MMAP,
PKG_MALLOC, F_MALLOC, FAST_LOCK-ADAPTIVE_WAIT
ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16,
MAX_URI_SIZE 1024,
BUF_SIZE 65535, PKG_SIZE 4194304
poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
svnrevision: unknown
@(#) $Id: main.c 5608 2009-02-13 16:48:17Z henningw $
main.c compiled on 12:38:36 Feb 2 2011 with gcc 4.1.2
-
Core was generated by `/usr/local/sbin/kamailio -P
/var/run/openser/openser.pid -m 32 -u
openser -g op'.
Program terminated with signal 11, Segmentation fault.
#0 0x0046b0e3 in fm_malloc (qm=0x72dc00, size=32) at
mem/f_malloc.c:354
354 if ((*f)-size=size) goto found;
(gdb) backtrace
#0 0x0046b0e3 in fm_malloc (qm=0x72dc00, size=32) at
mem/f_malloc.c:354
#1 0x2b30f2803087 in build_rr (_l=0x76f110, _l2=0x76fe80,
user=0x7fffe9c5a500,
tag=0x777a58, params=0x0, _inbound=0)
at record.c:176
#2 0x2b30f2802b7a in record_route (_m=0x76e0e0, params=0x0) at
record.c:322
#3 0x2b30f28047db in w_record_route (msg=0x76e0e0, key=0x0,
bar=0x0) at rr_mod.c:212
#4 0x0040ed9b in do_action (a=0x73f5a0, msg=0x76e0e0) at
action.c:874
#5 0x0040c03a in run_action_list (a=0x73f5a0, msg=0x76e0e0) at
action.c:145
#6 0x0040e6a7 in do_action (a=0x73f810, msg=0x76e0e0) at
action.c:746
#7 0x0040c03a in run_action_list (a=0x73e418, msg=0x76e0e0) at
action.c:145
#8 0x0040c2a9 in run_actions (a=0x73e418, msg=0x76e0e0) at
action.c:120
#9 0x0040c357 in run_top_route (a=0x73e418, msg=0x76e0e0) at
action.c:195
#10 0x0043bda4 in receive_msg (
buf=0x70c980 NOTIFY sip:XX.com SIP/2.0\r\nVia: SIP/2.0/UDP
XX.XXX.101.68:5060;branch=z9hG4bK-6ee3865\r\nFrom: VTHome
sip:101...@xx.com;tag=129d73a13db8ec7fo0\r\nTo:
sip:X.com\r\nCall-ID:
e3fd1da9-142a0a17..., len=373,
rcv_info=0x7fffe9c5ae90) at receive.c:175
#11 0x00467eeb in udp_rcv_loop () at udp_server.c:449
#12 0x0042097b in main_loop () at main.c:774
#13 0x004228b0 in main (argc=11, argv=0x7fffe9c5b118) at main.c:1321
(gdb) print size
$1 = 32
(gdb) quit
Core was generated by `/usr/local/sbin/kamailio -P
/var/run/openser/openser.pid -m 32 -u
openser -g op'.
Program terminated with signal 11, Segmentation fault.
#0 0x0046bf7b in fm_status (qm=0x72dc00) at mem/f_malloc.c:609
609
size+=f-size,f=f-u.nxt_free,i++,j++){
(gdb) backtrace
#0 0x0046bf7b in fm_status (qm=0x72dc00) at mem/f_malloc.c:609
#1 0x0041feb3 in sig_usr (signo=15) at main.c:563
#2 signal handler called
#3 0x0039d8cd4a51 in __recvfrom_nocancel () from /lib64/libc.so.6
#4 0x00467bf4 in udp_rcv_loop () at udp_server.c:408
#5 0x0042097b in main_loop () at main.c:774
#6 0x004228b0 in main (argc=11, argv=0x7fffe9c5b118) at main.c:1321
(gdb) print i
$1 = 402
(gdb) print j
$2 = 1
(gdb) print size
$3 = 7234295468789601279
(gdb) print f
$4 = (struct fm_frag *) 0x3738656435393838
(gdb) print f-size
Cannot access memory at address 0x3738656435393838
---
Andrew O. Zhukov
___
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
Re: [SR-Users] After upgrade from openser 1.3.4 to kamailio 1.5.5 the same crash set
Hello,
from the subject I don't understand exactly: did you get this crash also
with 1.3.4? Is it reproducible?
Looks like there is a buffer overflow. Can you recompile/reinstall with
memory debug on (in 1.5.x, see Makefile.vars)? The watch the logs and
see if you get any error related to buffer overwritten ops.
Cheers,
Daniel
On 2/10/11 7:37 AM, Andrew O. Zhukov wrote:
[root@ tmp]# /usr/local/sbin/kamailio -V
version: kamailio 1.5.5-notls (x86_64/linux)
flags: STATISTICS, EXTRA_DEBUG, USE_IPV6, USE_TCP, DISABLE_NAGLE,
USE_MCAST, SHM_MMAP,
PKG_MALLOC, F_MALLOC, FAST_LOCK-ADAPTIVE_WAIT
ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16,
MAX_URI_SIZE 1024,
BUF_SIZE 65535, PKG_SIZE 4194304
poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
svnrevision: unknown
@(#) $Id: main.c 5608 2009-02-13 16:48:17Z henningw $
main.c compiled on 12:38:36 Feb 2 2011 with gcc 4.1.2
-
Core was generated by `/usr/local/sbin/kamailio -P
/var/run/openser/openser.pid -m 32 -u
openser -g op'.
Program terminated with signal 11, Segmentation fault.
#0 0x0046b0e3 in fm_malloc (qm=0x72dc00, size=32) at
mem/f_malloc.c:354
354 if ((*f)-size=size) goto found;
(gdb) backtrace
#0 0x0046b0e3 in fm_malloc (qm=0x72dc00, size=32) at
mem/f_malloc.c:354
#1 0x2b30f2803087 in build_rr (_l=0x76f110, _l2=0x76fe80,
user=0x7fffe9c5a500,
tag=0x777a58, params=0x0, _inbound=0)
at record.c:176
#2 0x2b30f2802b7a in record_route (_m=0x76e0e0, params=0x0) at
record.c:322
#3 0x2b30f28047db in w_record_route (msg=0x76e0e0, key=0x0,
bar=0x0) at rr_mod.c:212
#4 0x0040ed9b in do_action (a=0x73f5a0, msg=0x76e0e0) at
action.c:874
#5 0x0040c03a in run_action_list (a=0x73f5a0, msg=0x76e0e0)
at action.c:145
#6 0x0040e6a7 in do_action (a=0x73f810, msg=0x76e0e0) at
action.c:746
#7 0x0040c03a in run_action_list (a=0x73e418, msg=0x76e0e0)
at action.c:145
#8 0x0040c2a9 in run_actions (a=0x73e418, msg=0x76e0e0) at
action.c:120
#9 0x0040c357 in run_top_route (a=0x73e418, msg=0x76e0e0) at
action.c:195
#10 0x0043bda4 in receive_msg (
buf=0x70c980 NOTIFY sip:XX.com SIP/2.0\r\nVia: SIP/2.0/UDP
XX.XXX.101.68:5060;branch=z9hG4bK-6ee3865\r\nFrom: VTHome
sip:101...@xx.com;tag=129d73a13db8ec7fo0\r\nTo:
sip:X.com\r\nCall-ID:
e3fd1da9-142a0a17..., len=373,
rcv_info=0x7fffe9c5ae90) at receive.c:175
#11 0x00467eeb in udp_rcv_loop () at udp_server.c:449
#12 0x0042097b in main_loop () at main.c:774
#13 0x004228b0 in main (argc=11, argv=0x7fffe9c5b118) at
main.c:1321
(gdb) print size
$1 = 32
(gdb) quit
Core was generated by `/usr/local/sbin/kamailio -P
/var/run/openser/openser.pid -m 32 -u
openser -g op'.
Program terminated with signal 11, Segmentation fault.
#0 0x0046bf7b in fm_status (qm=0x72dc00) at mem/f_malloc.c:609
609 size+=f-size,f=f-u.nxt_free,i++,j++){
(gdb) backtrace
#0 0x0046bf7b in fm_status (qm=0x72dc00) at mem/f_malloc.c:609
#1 0x0041feb3 in sig_usr (signo=15) at main.c:563
#2 signal handler called
#3 0x0039d8cd4a51 in __recvfrom_nocancel () from /lib64/libc.so.6
#4 0x00467bf4 in udp_rcv_loop () at udp_server.c:408
#5 0x0042097b in main_loop () at main.c:774
#6 0x004228b0 in main (argc=11, argv=0x7fffe9c5b118) at
main.c:1321
(gdb) print i
$1 = 402
(gdb) print j
$2 = 1
(gdb) print size
$3 = 7234295468789601279
(gdb) print f
$4 = (struct fm_frag *) 0x3738656435393838
(gdb) print f-size
Cannot access memory at address 0x3738656435393838
---
Andrew O. Zhukov
___
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
--
Daniel-Constantin Mierla
http://www.asipto.com
___
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
Re: [SR-Users] After upgrade from openser 1.3.4 to kamailio 1.5.5 the same crash set
Couple month ago I sent whole set of crash-es from 1.3.4 to this
maillist. Nobody respond me.
On 02/10/2011 08:53 AM, Daniel-Constantin Mierla wrote:
Hello,
from the subject I don't understand exactly: did you get this crash also
with 1.3.4? Is it reproducible?
This crash-es from 1.5.5. I rise it up on this weekend.
I do not shutdown server with 1.3.4 yet. I still keep all crashes there.
Looks like there is a buffer overflow. Can you recompile/reinstall with
memory debug on (in 1.5.x, see Makefile.vars)? The watch the logs and
see if you get any error related to buffer overwritten ops.
Ok. I'll do it.
Cheers,
Daniel
On 2/10/11 7:37 AM, Andrew O. Zhukov wrote:
[root@ tmp]# /usr/local/sbin/kamailio -V
version: kamailio 1.5.5-notls (x86_64/linux)
flags: STATISTICS, EXTRA_DEBUG, USE_IPV6, USE_TCP, DISABLE_NAGLE,
USE_MCAST, SHM_MMAP,
PKG_MALLOC, F_MALLOC, FAST_LOCK-ADAPTIVE_WAIT
ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16,
MAX_URI_SIZE 1024,
BUF_SIZE 65535, PKG_SIZE 4194304
poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
svnrevision: unknown
@(#) $Id: main.c 5608 2009-02-13 16:48:17Z henningw $
main.c compiled on 12:38:36 Feb 2 2011 with gcc 4.1.2
-
Core was generated by `/usr/local/sbin/kamailio -P
/var/run/openser/openser.pid -m 32 -u
openser -g op'.
Program terminated with signal 11, Segmentation fault.
#0 0x0046b0e3 in fm_malloc (qm=0x72dc00, size=32) at
mem/f_malloc.c:354
354 if ((*f)-size=size) goto found;
(gdb) backtrace
#0 0x0046b0e3 in fm_malloc (qm=0x72dc00, size=32) at
mem/f_malloc.c:354
#1 0x2b30f2803087 in build_rr (_l=0x76f110, _l2=0x76fe80,
user=0x7fffe9c5a500,
tag=0x777a58, params=0x0, _inbound=0)
at record.c:176
#2 0x2b30f2802b7a in record_route (_m=0x76e0e0, params=0x0) at
record.c:322
#3 0x2b30f28047db in w_record_route (msg=0x76e0e0, key=0x0,
bar=0x0) at rr_mod.c:212
#4 0x0040ed9b in do_action (a=0x73f5a0, msg=0x76e0e0) at
action.c:874
#5 0x0040c03a in run_action_list (a=0x73f5a0, msg=0x76e0e0) at
action.c:145
#6 0x0040e6a7 in do_action (a=0x73f810, msg=0x76e0e0) at
action.c:746
#7 0x0040c03a in run_action_list (a=0x73e418, msg=0x76e0e0) at
action.c:145
#8 0x0040c2a9 in run_actions (a=0x73e418, msg=0x76e0e0) at
action.c:120
#9 0x0040c357 in run_top_route (a=0x73e418, msg=0x76e0e0) at
action.c:195
#10 0x0043bda4 in receive_msg (
buf=0x70c980 NOTIFY sip:XX.com SIP/2.0\r\nVia: SIP/2.0/UDP
XX.XXX.101.68:5060;branch=z9hG4bK-6ee3865\r\nFrom: VTHome
sip:101...@xx.com;tag=129d73a13db8ec7fo0\r\nTo:
sip:X.com\r\nCall-ID:
e3fd1da9-142a0a17..., len=373,
rcv_info=0x7fffe9c5ae90) at receive.c:175
#11 0x00467eeb in udp_rcv_loop () at udp_server.c:449
#12 0x0042097b in main_loop () at main.c:774
#13 0x004228b0 in main (argc=11, argv=0x7fffe9c5b118) at
main.c:1321
(gdb) print size
$1 = 32
(gdb) quit
Core was generated by `/usr/local/sbin/kamailio -P
/var/run/openser/openser.pid -m 32 -u
openser -g op'.
Program terminated with signal 11, Segmentation fault.
#0 0x0046bf7b in fm_status (qm=0x72dc00) at mem/f_malloc.c:609
609 size+=f-size,f=f-u.nxt_free,i++,j++){
(gdb) backtrace
#0 0x0046bf7b in fm_status (qm=0x72dc00) at mem/f_malloc.c:609
#1 0x0041feb3 in sig_usr (signo=15) at main.c:563
#2 signal handler called
#3 0x0039d8cd4a51 in __recvfrom_nocancel () from /lib64/libc.so.6
#4 0x00467bf4 in udp_rcv_loop () at udp_server.c:408
#5 0x0042097b in main_loop () at main.c:774
#6 0x004228b0 in main (argc=11, argv=0x7fffe9c5b118) at
main.c:1321
(gdb) print i
$1 = 402
(gdb) print j
$2 = 1
(gdb) print size
$3 = 7234295468789601279
(gdb) print f
$4 = (struct fm_frag *) 0x3738656435393838
(gdb) print f-size
Cannot access memory at address 0x3738656435393838
---
Andrew O. Zhukov
___
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
___
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
Re: [SR-Users] After upgrade from openser 1.3.4 to kamailio 1.5.5 the same crash set
On 2/10/11 8:12 AM, Andrew O. Zhukov wrote:
Couple month ago I sent whole set of crash-es from 1.3.4 to this
maillist. Nobody respond me.
Probably they were forgotten in the history, if most of devs were
offline at the moment you sent. Do you have a link to the thread, it may
help reading what you sent at that time, as well.
Cheers,
Daniel
On 02/10/2011 08:53 AM, Daniel-Constantin Mierla wrote:
Hello,
from the subject I don't understand exactly: did you get this crash also
with 1.3.4? Is it reproducible?
This crash-es from 1.5.5. I rise it up on this weekend.
I do not shutdown server with 1.3.4 yet. I still keep all crashes there.
Looks like there is a buffer overflow. Can you recompile/reinstall with
memory debug on (in 1.5.x, see Makefile.vars)? The watch the logs and
see if you get any error related to buffer overwritten ops.
Ok. I'll do it.
Cheers,
Daniel
On 2/10/11 7:37 AM, Andrew O. Zhukov wrote:
[root@ tmp]# /usr/local/sbin/kamailio -V
version: kamailio 1.5.5-notls (x86_64/linux)
flags: STATISTICS, EXTRA_DEBUG, USE_IPV6, USE_TCP, DISABLE_NAGLE,
USE_MCAST, SHM_MMAP,
PKG_MALLOC, F_MALLOC, FAST_LOCK-ADAPTIVE_WAIT
ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16,
MAX_URI_SIZE 1024,
BUF_SIZE 65535, PKG_SIZE 4194304
poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
svnrevision: unknown
@(#) $Id: main.c 5608 2009-02-13 16:48:17Z henningw $
main.c compiled on 12:38:36 Feb 2 2011 with gcc 4.1.2
-
Core was generated by `/usr/local/sbin/kamailio -P
/var/run/openser/openser.pid -m 32 -u
openser -g op'.
Program terminated with signal 11, Segmentation fault.
#0 0x0046b0e3 in fm_malloc (qm=0x72dc00, size=32) at
mem/f_malloc.c:354
354 if ((*f)-size=size) goto found;
(gdb) backtrace
#0 0x0046b0e3 in fm_malloc (qm=0x72dc00, size=32) at
mem/f_malloc.c:354
#1 0x2b30f2803087 in build_rr (_l=0x76f110, _l2=0x76fe80,
user=0x7fffe9c5a500,
tag=0x777a58, params=0x0, _inbound=0)
at record.c:176
#2 0x2b30f2802b7a in record_route (_m=0x76e0e0, params=0x0) at
record.c:322
#3 0x2b30f28047db in w_record_route (msg=0x76e0e0, key=0x0,
bar=0x0) at rr_mod.c:212
#4 0x0040ed9b in do_action (a=0x73f5a0, msg=0x76e0e0) at
action.c:874
#5 0x0040c03a in run_action_list (a=0x73f5a0, msg=0x76e0e0) at
action.c:145
#6 0x0040e6a7 in do_action (a=0x73f810, msg=0x76e0e0) at
action.c:746
#7 0x0040c03a in run_action_list (a=0x73e418, msg=0x76e0e0) at
action.c:145
#8 0x0040c2a9 in run_actions (a=0x73e418, msg=0x76e0e0) at
action.c:120
#9 0x0040c357 in run_top_route (a=0x73e418, msg=0x76e0e0) at
action.c:195
#10 0x0043bda4 in receive_msg (
buf=0x70c980 NOTIFY sip:XX.com SIP/2.0\r\nVia: SIP/2.0/UDP
XX.XXX.101.68:5060;branch=z9hG4bK-6ee3865\r\nFrom: VTHome
sip:101...@xx.com;tag=129d73a13db8ec7fo0\r\nTo:
sip:X.com\r\nCall-ID:
e3fd1da9-142a0a17..., len=373,
rcv_info=0x7fffe9c5ae90) at receive.c:175
#11 0x00467eeb in udp_rcv_loop () at udp_server.c:449
#12 0x0042097b in main_loop () at main.c:774
#13 0x004228b0 in main (argc=11, argv=0x7fffe9c5b118) at
main.c:1321
(gdb) print size
$1 = 32
(gdb) quit
Core was generated by `/usr/local/sbin/kamailio -P
/var/run/openser/openser.pid -m 32 -u
openser -g op'.
Program terminated with signal 11, Segmentation fault.
#0 0x0046bf7b in fm_status (qm=0x72dc00) at mem/f_malloc.c:609
609 size+=f-size,f=f-u.nxt_free,i++,j++){
(gdb) backtrace
#0 0x0046bf7b in fm_status (qm=0x72dc00) at mem/f_malloc.c:609
#1 0x0041feb3 in sig_usr (signo=15) at main.c:563
#2 signal handler called
#3 0x0039d8cd4a51 in __recvfrom_nocancel () from /lib64/libc.so.6
#4 0x00467bf4 in udp_rcv_loop () at udp_server.c:408
#5 0x0042097b in main_loop () at main.c:774
#6 0x004228b0 in main (argc=11, argv=0x7fffe9c5b118) at
main.c:1321
(gdb) print i
$1 = 402
(gdb) print j
$2 = 1
(gdb) print size
$3 = 7234295468789601279
(gdb) print f
$4 = (struct fm_frag *) 0x3738656435393838
(gdb) print f-size
Cannot access memory at address 0x3738656435393838
---
Andrew O. Zhukov
___
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
--
Daniel-Constantin Mierla
http://www.asipto.com
___
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
Re: [SR-Users] After upgrade from openser 1.3.4 to kamailio 1.5.5 the same crash set
Is DBG_QM_MALLOC exactly what you want? [root@ kamailio-1.5.5-notls]# /usr/local/sbin/kamailio -V version: kamailio 1.5.5-notls (x86_64/linux) flags: STATISTICS, EXTRA_DEBUG, USE_IPV6, USE_TCP, DISABLE_NAGLE, USE_MCAST, SHM_MMAP, PKG_MALLOC, DBG_QM_MALLOC, FAST_LOCK-ADAPTIVE_WAIT ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16, MAX_URI_SIZE 1024, BUF_SIZE 65535, PKG_SIZE 4194304 poll method support: poll, epoll_lt, epoll_et, sigio_rt, select. svnrevision: unknown @(#) $Id: main.c 5608 2009-02-13 16:48:17Z henningw $ main.c compiled on 09:42:37 Feb 10 2011 with gcc 4.1.2 ___ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
