11 Jul
2021
11 Jul
'21
9:14 p.m.
### Description
I still have core generation with not alleged memory access (Related #2788 and #2736).
### Troubleshooting
I have prepared minimal kamailio config that allow reproduce issue on master branch
(tested 8762c56a1c78e4ba151ef9fb4290b3938c0c984f).
#### Reproduction
Required start Kamailio with config below:
```
################
pv_buffer_slots = 30
loadmodule "ipops.so"
loadmodule "pv.so"
loadmodule "textops.so"
loadmodule "outbound.so"
loadmodule "corex.so"
loadmodule "kex.so"
loadmodule "tm.so"
loadmodule "tmx.so"
loadmodule "sl.so"
loadmodule "rr.so"
loadmodule "uac.so"
loadmodule "usrloc.so"
loadmodule "registrar.so"
#!substdef "!DEF01!$(version(num))!g"
#!substdef "!DEF02!$HN(f)!g"
#!substdef "!DEF03!$HN(d)!g"
#!substdef "!DEF04!$HN(i)!g"
# access to not existen default value
#!substdef "!DEF05!$def(NULL)!g"
#!substdef "!DEF06!$def(NULL)!g"
### SQL substdef
#!substdef "!DEF07!insert into dispatcher (setid, destination) select \$var(SetId),
\"\$var(MediaUrl)\" from DUAL where not exists(select * from dispatcher where
destination = \"\$var(MediaUrl)\")!g"
#!substdef "!DEF08!select a.event, count(distinct watcher_username || \"@\"
|| watcher_domain) count_unique, count(*) count from event_list a, active_watchers b where
b.event = a.event group by a.event!g"
#!substdef "!DEF09!select event, (select count(*) from presentity b where username =
\"\$var(SetId)\" and domain = \"\$var(SetId)\" and b.event = a.event)
count from event_list a!g"
#!substdef "!DEF10!select event, (select count(*) from active_watchers b where
presentity_uri = \"\$var(presentity)\" and b.event = a.event) count from
event_list a!g"
#!substdef "!DEF11!delete from presentity where domain=\"\$var(SetId)\" and
username = \"\$var(SetId)\"!g"
#!substdef "!DEF12!delete from active_watchers where callid =
\"\$ci\"!g"
#!substdef "!DEF13!delete from active_watchers where
watcher_username=\"\$fU\" and presentity_uri=\"\$var(presentity_uri)\"
and to_user=\"\$tU\" and watcher_domain=\"\$fd\" and
event=\"\$hdr(Event)\"!g"
#!substdef "!DEF14!delete from presentity where
domain=\"\$var(SetId)\"!g"
#!substdef "!DEF15!update active_watchers set expires = \$TS where
watcher_domain=\"\$var(SetId)\"!g"
#!substdef "!DEF16!update active_watchers set expires = \$TS where id in (select *
from (select b.id from presentity a inner join active_watchers b on a.username = b.to_user
and a.domain = b.to_domain and a.event = b.event where a.sender =
\"\$var(MediaUrl)\") AS presentity_temp)!g"
#!substdef "!DEF17!select * from active_watchers_log where presentity_uri =
\"\$var(presentity_uri)\"!g"
#!substdef "!DEF18!select * from active_watchers where watcher_domain =
\"\$var(Domain)\"!g"
#!substdef "!DEF19!select count(*) as count from presentity where username =
\"\$var(SetId)\" and domain = \"\$var(SetId)\" and event =
\"\$var(SetId)\"!g"
#!substdef "!DEF20!delete from presentity where sender =
\"\$var(MediaUrl)\"!g"
####### Routing Logic ########
route
{
$var(tmp) = $hdr(X-hdr1);
$var(tmp) = $hdr(X-hdr2);
$var(tmp) = $hdr(X-hdr3);
$var(tmp) = $hdr(X-hdr4);
$var(tmp) = $hdr(X-hdr5);
$var(tmp) = $hdr(X-hdr6);
$var(tmp) = $hdr(X-hdr7);
$var(tmp) = $hdr(X-hdr8);
$var(tmp) = $hdr(X-hdr9);
$var(tmp) = $hdr(X-hdr10);
$var(tmp) = $hdr(X-hdr11);
$var(tmp) = $hdr(X-hdr12);
$var(tmp) = $hdr(X-hdr13);
$var(tmp) = $hdr(X-hdr14);
$var(tmp) = $hdr(X-hdr15);
if (reg_fetch_contacts("location", "$hdr(X-hdr16)",
"callee")) {
return;
}
}
```
#### Debugging Data
```
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff7dd56b1 in __memmove_avx_unaligned_erms () from /lib64/libc.so.6
Missing separate debuginfos, use: dnf debuginfo-install libgcc-10.2.1-9.fc33.x86_64
openssl-libs-1.1.1k-1.fc33.x86_64 systemd-libs-246.13-1.fc33.x86_64
zlib-1.2.11-23.fc33.x86_64
(gdb) bt
#0 0x00007ffff7dd56b1 in __memmove_avx_unaligned_erms () from /lib64/libc.so.6
#1 0x00007ffff6391fd4 in pv_parse_hdr_name (sp=0x7ffff652c0d8, in=0x7fffffffd560) at
pv_core.c:3617
#2 0x0000000000568916 in pv_parse_spec2 (in=0x7ffff652c0c0, e=0x7ffff652c0d8, silent=0)
at core/pvapi.c:969
#3 0x0000000000563ffd in pv_cache_add (name=0x7fffffffd750) at core/pvapi.c:359
#4 0x00000000005658c8 in pv_spec_lookup (name=0x7fffffffd810, len=0x7fffffffd80c) at
core/pvapi.c:498
#5 0x000000000056c06c in pv_parse_format (in=0x7fffffffd910, el=0x7ffff652bfa8) at
core/pvapi.c:1194
#6 0x0000000000631b16 in fix_param (type=256, param=0x7ffff65224f0) at
core/sr_module.c:1223
#7 0x000000000063218e in fix_param_types (types=256, param=0x7ffff65224f0) at
core/sr_module.c:1345
#8 0x000000000050f721 in fixup_spve_null (param=0x7ffff65224f0, param_no=1) at
core/mod_fix.c:564
#9 0x00007ffff5b97cbb in fetchc_fixup (param=0x7ffff65224f0, param_no=2) at
registrar.c:808
#10 0x00000000005a6aed in fix_actions (a=0x7ffff6522478) at core/route.c:932
#11 0x00000000005def48 in fix_rval (rv=0x7ffff65237d8, rve=0x7ffff65237d0) at
core/rvalue.c:2992
#12 0x00000000005f0a90 in fix_rval_expr (p=0x7ffff65237d0) at core/rvalue.c:3919
#13 0x00000000005a210b in fix_actions (a=0x7ffff6517ce0) at core/route.c:719
#14 0x00000000005b3e03 in fix_rl (rt=0x91f140 <main_rt>) at core/route.c:2102
#15 0x00000000005b3e3a in fix_rls () at core/route.c:2118
#16 0x00000000004381c0 in main (argc=12, argv=0x7fffffffe5f8) at main.c:3066
(gdb) bt full
#0 0x00007ffff7dd56b1 in __memmove_avx_unaligned_erms () from /lib64/libc.so.6
No symbol table info available.
#1 0x00007ffff6391fd4 in pv_parse_hdr_name (sp=0x7ffff652c0d8, in=0x7fffffffd560) at
pv_core.c:3617
s = {s = 0x7ffff1d72f60 "`.\327\361\377\177", len = 4312016}
p = 0x0
nsp = 0x0
hdr = {type = HDR_PAI_T, name = {s = 0x41cbd0 <_start>
"\363\017\036\372\061\355I\211\321^H\211\342H\203\344\360PTI\307\300@\330\177",
len = -11088}, body = {s = 0x566521 <pv_lookup_spec_name+910>
"\205\300u<H\213EȋP\020H\213\205p\377\377\377\211\020H\213E\310H\213P\030H\213\205p\377\377\377H\211P\bH\213E\310H\213P
H\213\205p\377\377\377H\211P\020H\213E\310\353\037H\213E\310H\213@PH\211E\310H\203",
<incomplete sequence \310>, len = -162348840}, len = -10928, parsed = 0x80d116, next
= 0x7ffff652bf07}
__func__ = "pv_parse_hdr_name"
#2 0x0000000000568916 in pv_parse_spec2 (in=0x7ffff652c0c0, e=0x7ffff652c0d8, silent=0)
at core/pvapi.c:969
p = 0x7ffff652c144 ")"
s = {s = 0x7ffff652c13d "X-hdr16)", len = 7}
pvname = {s = 0x7ffff652c139 "hdr(X-hdr16)", len = 3}
pvstate = 5
tr = 0x0
pte = 0x7ffff64fef70
n = 0
__func__ = "pv_parse_spec2"
#3 0x0000000000563ffd in pv_cache_add (name=0x7fffffffd750) at core/pvapi.c:359
pvn = 0x7ffff652c0c0
pvid = 3075582644
p = 0x0
__func__ = "pv_cache_add"
#4 0x00000000005658c8 in pv_spec_lookup (name=0x7fffffffd810, len=0x7fffffffd80c) at
core/pvapi.c:498
pvs = 0x0
tname = {s = 0x7ffff65226b0 "$hdr(X-hdr16)", len = 13}
__func__ = "pv_spec_lookup"
#5 0x000000000056c06c in pv_parse_format (in=0x7fffffffd910, el=0x7ffff652bfa8) at
core/pvapi.c:1194
p = 0x7ffff65226b0 "$hdr(X-hdr16)"
p0 = 0x80b00000001 <error: Cannot access memory at address 0x80b00000001>
n = 1
e = 0x7ffff652c038
e0 = 0x0
s = {s = 0x7ffff65226b0 "$hdr(X-hdr16)", len = 13}
len = 13
__func__ = "pv_parse_format"
#6 0x0000000000631b16 in fix_param (type=256, param=0x7ffff65224f0) at
core/sr_module.c:1223
p = 0x7ffff652bf98
name = {s = 0x7ffff65226b0 "$hdr(X-hdr16)", len = 13}
s = {s = 0x80d116 "core: core/counters.c", len = -163113056}
num = 32767
err = 0
__func__ = "fix_param"
#7 0x000000000063218e in fix_param_types (types=256, param=0x7ffff65224f0) at
core/sr_module.c:1345
ret = 0
t = 256
#8 0x000000000050f721 in fixup_spve_null (param=0x7ffff65224f0, param_no=1) at
core/mod_fix.c:564
ret = 32767
fp = 0x7ffff1d72f60
__func__ = "fixup_spve_null"
#9 0x00007ffff5b97cbb in fetchc_fixup (param=0x7ffff65224f0, param_no=2) at
registrar.c:808
No locals.
#10 0x00000000005a6aed in fix_actions (a=0x7ffff6522478) at core/route.c:932
t = 0x7ffff6522478
p = 0x4f0086e1b9
tmp = 0x89a29f "core: core/cfg/cfg_struct.c"
tmp_p = 0x7ffff65226b0
ret = 0
i = 1
cmd = 0x7ffff650dde0
s = {s = 0x7fffffffdc30 "", len = 7295555}
he = 0x41cbd0 <_start>
ip = {af = 0, len = 0, u = {addrl = {21483676084, 140737488346160}, addr32 =
{8839604, 5, 4294958128, 32767}, addr16 = {57780, 134, 5, 0, 56368, 65535, 32767, 0}, addr
= "\264\341\206\000\005\000\000\000\060\334\377\377\377\177\000"}}
si = 0x33
lval = 0x0
rve = 0x90000000c
err_rve = 0x4bc015 <sr_event_exec+415>
rve_type = 32767
err_type = 4294957888
expected_type = 32767
rv = 0x7ffff5bc5360 <default_registrar_cfg>
rve_param_no = 0
__func__ = "fix_actions"
#11 0x00000000005def48 in fix_rval (rv=0x7ffff65237d8, rve=0x7ffff65237d0) at
core/rvalue.c:2992
__func__ = "fix_rval"
#12 0x00000000005f0a90 in fix_rval_expr (p=0x7ffff65237d0) at core/rvalue.c:3919
rve = 0x7ffff65237d0
ret = 0
__func__ = "fix_rval_expr"
#13 0x00000000005a210b in fix_actions (a=0x7ffff6517ce0) at core/route.c:719
t = 0x7ffff65228e8
p = 0x7ffff1adb000
tmp = 0xffffffff006f4dd9 <error: Cannot access memory at address
0xffffffff006f4dd9>
tmp_p = 0x4
ret = 0
i = 8566243
cmd = 0x41cbd0 <_start>
s = {s = 0x82b4d8 "core", len = -163131376}
he = 0x7fffffffe010
ip = {af = 4294959040, len = 32767, u = {addrl = {7294619, 8694965}, addr32 =
{7294619, 0, 8694965, 0}, addr16 = {20123, 111, 0, 0, 44213, 132, 0, 0}, addr =
"\233No\000\000\000\000\000\265\254\204\000\000\000\000"}}
si = 0x100000000
lval = 0x7ffff65218a8
rve = 0x7ffff65237d0
err_rve = 0x0
rve_type = RV_INT
err_type = 4294959040
expected_type = RV_NONE
rv = 0x41cbd0 <_start>
rve_param_no = -8016
__func__ = "fix_actions"
#14 0x00000000005b3e03 in fix_rl (rt=0x91f140 <main_rt>) at core/route.c:2102
i = 0
ret = 51
#15 0x00000000005b3e3a in fix_rls () at core/route.c:2118
ret = 0
#16 0x00000000004381c0 in main (argc=12, argv=0x7fffffffe5f8) at main.c:3066
cfg_stream = 0x9c32d0
c = -1
r = 0
tmp = 0x7fffffffe8b6 ""
tmp_len = 896
port = 896
proto = 896
ahost = 0x0
aport = 0
options = 0x801218
":f:cm:M:dVIhEeb:l:L:n:vKrRDTN:W:w:t:u:g:P:G:SQ:O:a:A:x:X:Y:"
ret = -1
seed = 2632239041
rfd = 4
debug_save = 0
debug_flag = 0
dont_fork_cnt = 2
n_lst = 0x0
p = 0xc2 <error: Cannot access memory at address 0xc2>
st = {st_dev = 47, st_ino = 279340502, st_nlink = 2, st_mode = 16832, st_uid = 0,
st_gid = 0, __pad0 = 0, st_rdev = 0, st_size = 120, st_blksize = 4096, st_blocks = 0,
st_atim = {tv_sec = 1622741422, tv_nsec = 474562221}, st_mtim = {tv_sec = 1625629861,
tv_nsec = 261687069}, st_ctim = {tv_sec = 1625629861, tv_nsec = 261687069},
__glibc_reserved = {0, 0, 0}}
tbuf =
"\360\341\377\377\377\177\000\000\000\000\000\000\000\000\000\000\360\341\377\377\377\177",
'\000' <repeats 18 times>,
"\260\027\375\367\377\177\000\000\350\317\377\367\377\177\000\000\b\345\377\367\377\177\000\000\340\031\375\367\377\177\000\000\025\217\376\367\377\177\000\000$f\307\367\377\177\000\000\354K\377\367\377\177\000\000\336K\377\367\377\177\000\000\205\317c\t\000\000\000\000\300S\374\367\377\177\000\000ߏ\376\367\377\177\000\000\000\000\000\000\254\202\226\006\334P\307\367\377\177\000\000\000\000\000\000\000\000\000\000\300S\374\367\377\177\000\000\001\000\000\000\000\000\000\000\"\247\177\336s\027\000\000\240\341\377\367\377\177\000\000\370\377\377\377\377\377\377\377\240\341\377\367\377\177\000\000R"...
option_index = 12
long_options = {{name = 0x8038f6 "help", has_arg = 0, flag = 0x0, val =
104}, {name = 0x7fe521 "version", has_arg = 0, flag = 0x0, val = 118}, {name =
0x8038fb "alias", has_arg = 1, flag = 0x0, val = 1024}, {name = 0x803901
"subst", has_arg = 1, flag = 0x0, val = 1025}, {name = 0x803907
"substdef", has_arg = 1, flag = 0x0, val = 1026}, {name = 0x803910
"substdefs", has_arg = 1, flag = 0x0, val = 1027}, {name = 0x80391a
"server-id", has_arg = 1, flag = 0x0, val = 1028}, {name = 0x803924
"loadmodule", has_arg = 1, flag = 0x0, val = 1029}, {name = 0x80392f
"modparam", has_arg = 1, flag = 0x0, val = 1030}, {name = 0x803938
"log-engine", has_arg = 1, flag = 0x0, val = 1031}, {name = 0x803943
"debug", has_arg = 1, flag = 0x0, val = 1032}, {name = 0x803949
"cfg-print", has_arg = 0, flag = 0x0, val = 1033}, {name = 0x803953
"atexit", has_arg = 1, flag = 0x0, val = 1034}, {name = 0x0, has_arg = 0, flag =
0x0, val = 0}}
__func__ = "main"
(gdb) info locals
No symbol table info available.
(gdb) list
1976 +((!sctp_disable)?sctp_listeners:0)
1977 #endif
1978 ;
1979 }
1980
1981 int main(int argc, char** argv)
1982 {
1983
1984 FILE* cfg_stream;
1985 int c,r;
(gdb) f 1
#1 0x00007ffff6391fd4 in pv_parse_hdr_name (sp=0x7ffff652c0d8, in=0x7fffffffd560) at
pv_core.c:3617
3617 memcpy(p, in->s, in->len);
(gdb) info locals
s = {s = 0x7ffff1d72f60 "`.\327\361\377\177", len = 4312016}
p = 0x0
nsp = 0x0
hdr = {type = HDR_PAI_T, name = {s = 0x41cbd0 <_start>
"\363\017\036\372\061\355I\211\321^H\211\342H\203\344\360PTI\307\300@\330\177",
len = -11088}, body = {s = 0x566521 <pv_lookup_spec_name+910>
"\205\300u<H\213EȋP\020H\213\205p\377\377\377\211\020H\213E\310H\213P\030H\213\205p\377\377\377H\211P\bH\213E\310H\213P
H\213\205p\377\377\377H\211P\020H\213E\310\353\037H\213E\310H\213@PH\211E\310H\203",
<incomplete sequence \310>, len = -162348840}, len = -10928, parsed = 0x80d116, next
= 0x7ffff652bf07}
__func__ = "pv_parse_hdr_name"
(gdb) list
3612 {
3613 LM_ERR("name too long\n");
3614 return -1;
3615 }
3616 p = pv_get_buffer();
3617 memcpy(p, in->s, in->len);
3618 p[in->len] = ':';
3619 s.s = p;
3620 s.len = in->len+1;
3621
(gdb) f 2
#2 0x0000000000568916 in pv_parse_spec2 (in=0x7ffff652c0c0, e=0x7ffff652c0d8, silent=0)
at core/pvapi.c:969
969 if(pte->parse_name(e, &s)!=0)
(gdb) info locals
p = 0x7ffff652c144 ")"
s = {s = 0x7ffff652c13d "X-hdr16)", len = 7}
pvname = {s = 0x7ffff652c139 "hdr(X-hdr16)", len = 3}
pvstate = 5
tr = 0x0
pte = 0x7ffff64fef70
n = 0
__func__ = "pv_parse_spec2"
(gdb) list
964 LM_ERR("pvar \"%.*s\" does not get empty name param\n",
965 pvname.len, pvname.s);
966 goto error;
967 }
968 s.len = p - s.s;
969 if(pte->parse_name(e, &s)!=0)
970 {
971 if (!silent)
972 LM_ERR("pvar \"%.*s\" has an invalid name param [%.*s]\n",
973 pvname.len, pvname.s, s.len, s.s);
(gdb) f 3
#3 0x0000000000563ffd in pv_cache_add (name=0x7fffffffd750) at core/pvapi.c:359
359 p = pv_parse_spec(&pvn->pvname, &pvn->spec);
(gdb) info locals
pvn = 0x7ffff652c0c0
pvid = 3075582644
p = 0x0
__func__ = "pv_cache_add"
(gdb) list
354 }
355 memset(pvn, 0, sizeof(pv_cache_t) + name->len + 1);
356 pvn->pvname.len = name->len;
357 pvn->pvname.s = (char*)pvn + sizeof(pv_cache_t);
358 memcpy(pvn->pvname.s, name->s, name->len);
359 p = pv_parse_spec(&pvn->pvname, &pvn->spec);
360
361 if(p==NULL)
362 {
363 pkg_free(pvn);
```
#### Log Messages
```
[root@safarov-dell kamailio]# gdb --args kamailio --atexit=no -DD -P
/run/kamailio/kamailio.pid -f /etc/kamailio/kamailio.cfg -m 64 -M 24 -E
GNU gdb (GDB) Fedora 10.1-2.fc33
Copyright (C) 2020 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from kamailio...
(gdb) set pagination off
(gdb) r
Starting program: /usr/local/sbin/kamailio --atexit=no -DD -P /run/kamailio/kamailio.pid
-f /etc/kamailio/kamailio.cfg -m 64 -M 24 -E
```
### Additional Information
* **Kamailio Version** - output of `kamailio -v`
```
[root@safarov-dell kamailio]# kamailio -v
version: kamailio 5.6.0-dev0 (x86_64/linux) 8762c5
flags: USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS, DISABLE_NAGLE, USE_MCAST,
DNS_IP_HACK, SHM_MMAP, PKG_MALLOC, Q_MALLOC, F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY,
USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR,
USE_DST_BLOCKLIST, HAVE_RESOLV_RES, TLS_PTHREAD_MUTEX_SHARED
ADAPTIVE_WAIT_LOOPS 1024, MAX_RECV_BUFFER_SIZE 262144, MAX_URI_SIZE 1024, BUF_SIZE 65535,
DEFAULT PKG_SIZE 8MB
poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
id: 8762c5
compiled on 17:11:19 Jul 6 2021 with gcc 10.2.1
```
* **Operating System**:
```
[root@safarov-dell kamailio]# cat /etc/os-release
NAME=Fedora
VERSION="33 (Container Image)"
ID=fedora
VERSION_ID=33
VERSION_CODENAME=""
PLATFORM_ID="platform:f33"
PRETTY_NAME="Fedora 33 (Container Image)"
ANSI_COLOR="0;38;2;60;110;180"
LOGO=fedora-logo-icon
CPE_NAME="cpe:/o:fedoraproject:fedora:33"
HOME_URL="https://fedoraproject.org/"
DOCUMENTATION_URL="https://docs.fedoraproject.org/en-US/fedora/f33/sys…
SUPPORT_URL="https://fedoraproject.org/wiki/Communicating_and_getting_…
BUG_REPORT_URL="https://bugzilla.redhat.com/"
REDHAT_BUGZILLA_PRODUCT="Fedora"
REDHAT_BUGZILLA_PRODUCT_VERSION=33
REDHAT_SUPPORT_PRODUCT="Fedora"
REDHAT_SUPPORT_PRODUCT_VERSION=33
PRIVACY_POLICY_URL="https://fedoraproject.org/wiki/Legal:PrivacyPolicy…
VARIANT="Container Image"
VARIANT_ID=container
```
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/2798
12 Jul
12 Jul
9:20 a.m.
New subject: [kamailio/kamailio] crash: not aligned memory access related to pv parsing (#2798)
If you set `pv_buffer_slots = 300`, is still the same?
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/2798#issuecomment-878036050
10:22 a.m.
New subject: [kamailio/kamailio] crash: not aligned memory access related to pv parsing (#2798)
Tested values
1. 31 - crash;
2. 32 - crash;
3. 33 - crash;
4. 34 - crash;
5. 35 - crash;
6. 36 - no crash;
7. 37 - no crash;
8. 38 - no crash;
9. 39 - no crash;
10. 40 - no crash;
11. 300 - no crash.
Then I add at end of the config file
```
$var(tmp) = $hdr(X-hdr17);
```
and make test again
1. 36 - crash;
2. 37 - no crash.
Then I add at end of the config file
```
$var(tmp) = $hdr(X-hdr18);
```
and make test again
1. 37 - crash;
2. 38 - no crash.
Then I add at end of the config file
```
$var(tmp) = $hdr(X-hdr19);
```
and make test again
1. 38 - crash;
2. 39 - no crash.
Then I add at end of the config file
```
$var(tmp) = $hdr(X-hdr20);
```
and make test again
1. 39 - crash;
2. 40 - no crash.
Probable if I add 300 strings like `$var(tmp) = $hdr(X-hdr20);` then issue will be
reproduced with `pv_buffer_slots = 300`,
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/2798#issuecomment-878076418
10:31 a.m.
New subject: [kamailio/kamailio] crash: not aligned memory access related to pv parsing (#2798)
After reading
[this](https://stackoverflow.com/questions/32526042/memcpy-sse2-unaligned-wh…
description, looks as memory manager allocates memory for PV not in alleged fishing.
May try to compile/start Kamailio with a disabled internal memory manager and start o use
glib calls?
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/2798#issuecomment-878082698
10:42 a.m.
New subject: [kamailio/kamailio] crash: not aligned memory access related to pv parsing (#2798)
Interest stack when Kamailio started with `-x tlsf -X tlsf` options.
```
[root@safarov-dell ~]# gdb --args kamailio --atexit=no -DD -P /run/kamailio/kamailio.pid
-f /etc/kamailio/kamailio.cfg -m 64 -M 24 -E -x tlsf -X tlsf
GNU gdb (GDB) Fedora 10.1-2.fc33
Copyright (C) 2020 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from kamailio...
(gdb) set pagination off
(gdb) r
Starting program: /usr/local/sbin/kamailio --atexit=no -DD -P /run/kamailio/kamailio.pid
-f /etc/kamailio/kamailio.cfg -m 64 -M 24 -E -x tlsf -X tlsf
Missing separate debuginfos, use: dnf debuginfo-install glibc-2.32-4.fc33.x86_64
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Program received signal SIGSEGV, Segmentation fault.
0x000000000059a6f4 in str_hash_add (ht=0x91f150 <main_rt+16>, e=0x7ffff646fa38) at
core/str_hash.h:85
85 clist_insert(&ht->table[h], e, next, prev);
(gdb) bt
#0 0x000000000059a6f4 in str_hash_add (ht=0x91f150 <main_rt+16>, e=0x7ffff646fa38)
at core/str_hash.h:85
#1 0x000000000059af9f in route_add (rt=0x91f140 <main_rt>, name=0x834f4e
"0", i=0) at core/route.c:134
#2 0x000000000059b661 in init_rlist (r_name=0x834f50 "main", rt=0x91f140
<main_rt>, n_entries=2, hash_size=8) at core/route.c:160
#3 0x000000000059b69d in init_routes () at core/route.c:172
#4 0x0000000000431bf8 in main (argc=16, argv=0x7fffffffe5d8) at main.c:2415
(gdb) bt full
#0 0x000000000059a6f4 in str_hash_add (ht=0x91f150 <main_rt+16>, e=0x7ffff646fa38)
at core/str_hash.h:85
h = 6
#1 0x000000000059af9f in route_add (rt=0x91f140 <main_rt>, name=0x834f4e
"0", i=0) at core/route.c:134
e = 0x7ffff646fa38
__func__ = "route_add"
#2 0x000000000059b661 in init_rlist (r_name=0x834f50 "main", rt=0x91f140
<main_rt>, n_entries=2, hash_size=8) at core/route.c:160
__func__ = "init_rlist"
#3 0x000000000059b69d in init_routes () at core/route.c:172
No locals.
#4 0x0000000000431bf8 in main (argc=16, argv=0x7fffffffe5d8) at main.c:2415
cfg_stream = 0x7fd81d <__libc_csu_init+77>
c = -1
r = -1
tmp = 0x7fffffffe8ae ""
tmp_len = 896
port = 896
proto = 896
ahost = 0x0
aport = 0
options = 0x801218
":f:cm:M:dVIhEeb:l:L:n:vKrRDTN:W:w:t:u:g:P:G:SQ:O:a:A:x:X:Y:"
ret = -1
seed = 896
rfd = 0
debug_save = 0
debug_flag = 0
dont_fork_cnt = 0
n_lst = 0x0
p = 0xc2 <error: Cannot access memory at address 0xc2>
st = {st_dev = 0, st_ino = 0, st_nlink = 0, st_mode = 0, st_uid = 0, st_gid = 0,
__pad0 = 0, st_rdev = 0, st_size = 0, st_blksize = 0, st_blocks = 0, st_atim = {tv_sec =
0, tv_nsec = 0}, st_mtim = {tv_sec = 0, tv_nsec = 0}, st_ctim = {tv_sec = 0, tv_nsec = 0},
__glibc_reserved = {0, 0, 0}}
tbuf =
"\320\341\377\377\377\177\000\000\000\000\000\000\000\000\000\000\320\341\377\377\377\177",
'\000' <repeats 18 times>,
"\260\027\375\367\377\177\000\000\350\317\377\367\377\177\000\000\b\345\377\367\377\177\000\000\340\031\375\367\377\177\000\000\025\217\376\367\377\177\000\000$f\307\367\377\177\000\000\354K\377\367\377\177\000\000\336K\377\367\377\177\000\000\205\317c\t\000\000\000\000\300S\374\367\377\177\000\000ߏ\376\367\377\177\000\000\000\000\000\000\254\202\226\006\334P\307\367\377\177\000\000\000\000\000\000\000\000\000\000\300S\374\367\377\177\000\000\001\000\000\000\000\000\000\000\271[\244'Z\a\000\000\240\341\377\367\377\177\000\000\370\377\377\377\377\377\377\377\240\341\377\367\377\177\000\000R"...
option_index = 12
long_options = {{name = 0x8038f6 "help", has_arg = 0, flag = 0x0, val =
104}, {name = 0x7fe521 "version", has_arg = 0, flag = 0x0, val = 118}, {name =
0x8038fb "alias", has_arg = 1, flag = 0x0, val = 1024}, {name = 0x803901
"subst", has_arg = 1, flag = 0x0, val = 1025}, {name = 0x803907
"substdef", has_arg = 1, flag = 0x0, val = 1026}, {name = 0x803910
"substdefs", has_arg = 1, flag = 0x0, val = 1027}, {name = 0x80391a
"server-id", has_arg = 1, flag = 0x0, val = 1028}, {name = 0x803924
"loadmodule", has_arg = 1, flag = 0x0, val = 1029}, {name = 0x80392f
"modparam", has_arg = 1, flag = 0x0, val = 1030}, {name = 0x803938
"log-engine", has_arg = 1, flag = 0x0, val = 1031}, {name = 0x803943
"debug", has_arg = 1, flag = 0x0, val = 1032}, {name = 0x803949
"cfg-print", has_arg = 0, flag = 0x0, val = 1033}, {name = 0x803953
"atexit", has_arg = 1, flag = 0x0, val = 1034}, {name = 0x0, has_arg = 0, flag =
0x0, val = 0}}
__func__ = "main"
(gdb) info locals
h = 6
(gdb) list
80 struct str_hash_entry* e)
81 {
82 int h;
83
84 h=get_hash1_raw(e->key.s, e->key.len) % ht->size;
85 clist_insert(&ht->table[h], e, next, prev);
86 }
87
88
89
(gdb) p e
$1 = (struct str_hash_entry *) 0x7ffff646fa38
(gdb) p *e
$2 = {next = 0x834d5f, prev = 0x7ffff646fa10, key = {s = 0x834f4e "0", len = 1},
flags = 0, u = {p = 0x0, s = 0x0, n = 0, data =
"\000\000\000\000\000\000\000"}}
(gdb) p *e.next
$3 = {next = 0x6f63203a65726f63, prev = 0x6574756f722f6572, key = {s = 0x632e <error:
Cannot access memory at address 0x632e>, len = 1970237952}, flags = 1660970084, u = {p
= 0x632e6574756f72, s = 0x632e6574756f72 <error: Cannot access memory at address
0x632e6574756f72>, n = 1953853298, data = "route.c"}}
(gdb) p *e.prev
$4 = {next = 0x834d5f, prev = 0x834d78 <__func__.17>, key = {s = 0x834b3b
"core", len = 124}, flags = 56, u = {p = 0x834d5f, s = 0x834d5f "core:
core/route.c", n = 8605023, data = "_M\203\000\000\000\000"}}
(gdb) p next
No symbol "next" in current context.
(gdb) p prev
No symbol "prev" in current context.
```
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/2798#issuecomment-878089657
26 Jul
26 Jul
6:06 p.m.
New subject: [kamailio/kamailio] crash: not aligned memory access related to pv parsing (#2798)
I can reproduce with your minimal config, I will try to figure out what happens when I get
a bit of spare time.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/2798#issuecomment-886832654
27 Jul
27 Jul
4:59 p.m.
New subject: [kamailio/kamailio] crash: not aligned memory access related to pv parsing (#2798)
Can you try with latest master branch? If still an issue, then reopen?
The problem I found was related to re-initialization of pv buffer slots, when config value
for `pv_buffer_slots` is lower than the default one (40).
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/2798#issuecomment-887585606
4:59 p.m.
New subject: [kamailio/kamailio] crash: not aligned memory access related to pv parsing (#2798)
Closed #2798.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/2798#event-5074898306
28 Jul
28 Jul
9:42 p.m.
New subject: [kamailio/kamailio] crash: not aligned memory access related to pv parsing (#2798)
I have tested 61cbb5e861aeb9b7f69ebb8d284e3ded0ede9cd8.
For me issue is resolved too.
Should we revert changes made for #2788 and #2736?
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/2798#issuecomment-888571856
29 Jul
29 Jul
10:59 a.m.
New subject: [kamailio/kamailio] crash: not aligned memory access related to pv parsing (#2798)
This was a different issue than the ones in the other reports, nothing needs to be
reverted.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/2798#issuecomment-888938030
1219
days inactive
1237
days old
9 comments
2 participants
participants (2)
-
Daniel-Constantin Mierla -
sergey-safarov