21 Sep
2015
21 Sep
'15
4:24 p.m.
This looks like a buffer overflow somewhere else.
Have you changed the value of MEMDBG in Makefile.defs? It should be 1
and that enables memory debugging, but I don't see the extra fields in
fm fragmed structure.
Can you try building with MEMDBG=1, then add '-x qm' to command line
starting kamailio? Let's see if q_malloc gets more hints.
Daniel
On 21/09/15 22:10, Juha Heinanen wrote:
Daniel-Constantin Mierla writes:
done, juha
(gdb) where
#0 0x0000000000639a74 in fm_insert_free (qm=0x7fe71ab64000, frag=0x7fe71b259928) at
mem/f_malloc.c:242
#1 0x000000000063afdc in fm_free (qmp=0x7fe71ab64000, p=0x7fe71b259940) at
mem/f_malloc.c:626
#2 0x00007fe720350983 in free_cell (dead_cell=0x7fe71b2652b8) at h_table.c:133
#3 0x00007fe7203d2bfc in wait_handler (ti=1006656376, wait_tl=0x7fe71b265338,
data=0x7fe71b2652b8) at timer.c:648
#4 0x00000000004aa755 in timer_list_expire (t=1006656376, h=0x7fe71abb0ea0,
slow_l=0x7fe71abb25b8, slow_mark=359)
at timer.c:873
#5 0x00000000004aabb2 in timer_handler () at timer.c:938
#6 0x00000000004ab020 in timer_main () at timer.c:977
#7 0x000000000052ea59 in main_loop () at main.c:1650
#8 0x00000000005348b1 in main (argc=17, argv=0x7ffdfd0f9c78) at main.c:2566
(gdb) frame 0
#0 0x0000000000639a74 in fm_insert_free (qm=0x7fe71ab64000, frag=0x7fe71b259928) at
mem/f_malloc.c:242
242 in mem/f_malloc.c
(gdb) p *qm
$1 = {type = 0, size = 33554432, used = 6722696, real_used = 7586240, max_real_used =
8279488, ffrags = 49,
first_frag = 0x7fe71ab6c478, last_frag = 0x7fe71cb63fe8, free_bitmap = {730742, 0,
8192, 128, 0, 0, 0, 0, 0, 0, 0, 0, 0,
268435456, 0, 0, 0, 2097152, 2097152, 0 <repeats 13 times>, 2054}, free_hash =
{{first = 0x0, no = 0}, {
first = 0x7fe71b1a0918, no = 1}, {first = 0x7fe71b19dd40, no = 2}, {first = 0x0, no
= 0}, {first = 0x7fe71b1a0dd0,
no = 4}, {first = 0x7fe71b19a340, no = 3}, {first = 0x7fe71b1c31e8, no = 1}, {first
= 0x0, no = 0}, {first = 0x0,
no = 0}, {first = 0x7fe71b1c0448, no = 2}, {first = 0x7fe71b1e1728, no = 1}, {first
= 0x0, no = 0}, {first = 0x0,
no = 0}, {first = 0x7fe71b1e1920, no = 1}, {first = 0x0, no = 0}, {first = 0x0, no
= 0}, {first = 0x7fe71b1dd988,
no = 1}, {first = 0x7fe71b1e1688, no = 1}, {first = 0x0, no = 0}, {first =
0x7fe71b323940, no = 1}, {first = 0x0,
no = 0} <repeats 121 times>, {first = 0x7fe71b1e8468, no = 1}, {first = 0x0,
no = 0} <repeats 57 times>, {
first = 0x7fe71b303d10, no = 1}, {first = 0x0, no = 0} <repeats 660 times>,
{first = 0x7fe71b2bcee8, no = 1}, {
first = 0x0, no = 0} <repeats 248 times>, {first = 0x7fe71b1fe5c0, no = 1},
{first = 0x0,
no = 0} <repeats 63 times>, {first = 0x7fe71b250638, no = 1}, {first = 0x0,
no = 0} <repeats 875 times>, {
first = 0x7fe71b298548, no = 22}, {first = 0x0, no = 3}, {first = 0x0, no = 0},
{first = 0x0, no = 0}, {first = 0x0,
no = 0}, {first = 0x0, no = 0}, {first = 0x0, no = 0}, {first = 0x0, no = 0},
{first = 0x0, no = 0}, {first = 0x0,
no = 0}, {first = 0x7fe71b349e28, no = 1}, {first = 0x0, no = 0} <repeats 39
times>}}
(gdb) p *frag
$2 = {size = 28888, u = {nxt_free = 0x7fe71b298981, reserved = 140630569879937}, prv_free
= 0x392e3239313a7069}
(gdb) p *f
$3 = {size = 8245933083814097524, u = {nxt_free = 0x7300007063743d74, reserved =
8286623797066612084},
prv_free = 0x392e3239313a7069}
(gdb) info locals
f = 0x7fe71b298981
hash = 2049
after = 0
(gdb) p qm->free_hash[hash]
$4 = {first = 0x7fe71b298548, no = 22}
(gdb) p *qm->free_hash[hash].first
$5 = {size = 5, u = {nxt_free = 0x7fe71b298981, reserved = 140630569879937}, prv_free =
0x0}
--
Daniel-Constantin Mierla
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Book: SIP Routing With Kamailio - http://www.asipto.com
Kamailio Advanced Training, Sep 28-30, 2015, in Berlin - http://asipto.com/u/kat
From
second core, get:
frame 0
p *qm
p *frag
p *f
info locals
p qm->free_hash[hash]
p *qm->free_hash[hash].first