THIS IS AN AUTOMATED MESSAGE, DO NOT REPLY. A new Flyspray task has been opened. Details are below. User who did this - Bruno Bresciani de Sousa (bruno.bresciani) Attached to Project - sip-router Summary - Kamailio version 3.1.2 crash when memory realloc Task Type - Bug Report Category - Core Status - Unconfirmed Assigned To - Operating System - Linux Severity - Critical Priority - Normal Reported Version - 3.1 Due in Version - Undecided Due Date - Undecided Details - Kamailio version 3.1.2 crash when memory realloc... I observed two crashes at 0x08173bf0 in fm_realloc (qm=0xb5f7d000, p=0xb61f0bc0, size=0) at mem/f_malloc.c:536. I don't know exactly what may be caused this core because the debug of kamailio is disabled, but looking at backtrace (gdb) and source code I could notice a relationship with TLS connection establishment (handshake). Other important fact is that core was generated by the kamalio itself with signal 6 (abort) because it can't find the pointer to memory realloc. Bellow is backtrace full with gdb: Core was generated by `/home2/local/kamailio/sbin/kamailio -P /var/run/kamailio.pid'. Program terminated with signal 6, Aborted. #0 0x00f30402 in __kernel_vsyscall () (gdb) (gdb) (gdb) (gdb) (gdb) bt full #0 0x00f30402 in __kernel_vsyscall () No symbol table info available. #1 0x009fec10 in raise () from /lib/libc.so.6 No symbol table info available. #2 0x00a00521 in abort () from /lib/libc.so.6 No symbol table info available. #3 0x08173bf0 in fm_realloc (qm=0xb5f7d000, p=0xb61f0bc0, size=0) at mem/f_malloc.c:536 f = (struct fm_frag *) 0xb61f0bb8 pf = <value optimized out> orig_size = 18 L=Ãb¬Ã2n = (struct fm_frag *) 0xb61f0bd2 ptr = <value optimized out> hash = 23548 #4 0x0051a87f in ser_realloc (ptr=0xb61f0bc0, size=32) at ../../mem/shm_mem.h:266 No locals. #5 0x00460295 in OPENSSL_cleanse () from /lib/libcrypto.so.6 No symbol table info available. #6 0x004609f7 in CRYPTO_realloc () from /lib/libcrypto.so.6 No symbol table info available. #7 0x003efb22 in sk_insert () from /lib/libcrypto.so.6 No symbol table info available. #8 0x003efbaa in sk_push () from /lib/libcrypto.so.6 No symbol table info available. #9 0x007c2ac3 in ssl_bytes_to_cipher_list () from /lib/libssl.so.6 No symbol table info available. #10 0x007aa9f3 in ssl3_get_client_hello () from /lib/libssl.so.6 No symbol table info available. #11 0x007ab815 in ssl3_accept () from /lib/libssl.so.6 No symbol table info available. #12 0x007c1c3a in SSL_accept () from /lib/libssl.so.6 No symbol table info available. #13 0x005278e3 in tls_accept (c=0xb621af88, error=0xbf91dfc8) at tls_server.c:346 ret = <value optimized out> ssl = (SSL *) 0xb61c1878 cert = <value optimized out> tls_c = (struct tls_extra_data *) 0xb6208e58 tls_log = <value optimized out> #14 0x0052da8e in tls_read_f (c=0xb621af88, flags=0xbf91e200) at tls_server.c:1028 r = (struct tcp_req *) 0xb621affc bytes_free = 4095 bytes_read = 70 read_size = 4095 ssl_error = 0 ssl_read = 0 ssl = (SSL *) 0xb61c1878 rd_buf = "\026\003\001\000A\001\000\000=\003\001Oÿ\v¡ywP\fkÃDà 0/\000\a\000\005\001\000ÃÃÃï000\000\026\0009\0008\0005\000\026\000\023\000\n\0003\0002\00 202i<ä<åþ\031ì234 \237ê030Y){lѶ"...06Ã'Ãr9ìë¸{[©\t\205\037\036ÿHPH5µ\t(é32Ã027æò036¾\"\rÔ¤YÃ215uº\027)ö000ñ215\vÃà éEa\023xéJ\206T\204Cà wr_buf = "\027\003\001\003 w²'\016ѼÃ033ÃLÃ021Ã)Ã\220hnL¦\020Xê\236\200\tIhøSf\234Ã\rà ?¯¼\024FÃ\200ª/\2264RÃaäIpXȬÃ035äQh\211Ã026ý4ÃU+\asr£/`¤Oû1AʹqUܿ·v±ü\205"... rd = {buf = 0xbf90dfa4 "\026\003\001", pos = 70, used = 70, size = 65536} wr = { buf = 0xbf8fdfa4 "\027\003\001\003 w²'\016ѼÃ033ÃLÃ021Ã)Ã\220hnL¦\020Xê\236\200\tIhøSf\234Ã\rà ?¯¼\024FÃ\200ª/\2264RÃaäIpXȬÃ035äQh\211Ã026ý4ÃU+\asr£/`¤Oû1AʹqUܿ·v±ü\205"..., pos = 0, used = 0, size = 65536} tls_c = (struct tls_extra_data *) 0xb6208e58 enc_rd_buf = (struct tls_rd_buf *) 0x0 n = 0 flush_flags = <value optimized out> err_src = 0x541a83 "TLS read:" x = <value optimized out> #15 0x08158ade in tcp_read_headers (c=0xb621af88, read_flags=0xbf91e200) at tcp_read.c:406 bytes = -1 remaining = <value optimized out> p = <value optimized out> r = (struct tcp_req *) 0xb621affc #16 0x08158fd4 in tcp_read_req (con=0xb621af88, bytes_read=0xbf91e204, read_flags=0xbf91e200) at tcp_read.c:871 bytes = <value optimized out> total_bytes = 0 resp = <value optimized out> size = <value optimized out> req = (struct tcp_req *) 0xb621affc dst = {send_sock = 0x1, to = {s = {sa_family = 57540, sa_data = "\221¿\020\000\000\000\000\000\000\000\020\000\000"}, sin = {sin_family = 57540, sin_port = 49041, sin_addr = {s_addr = 16}, sin_zero = "\000\000\000\000\020\000\000"}, sin6 = {sin6_family = 57540, sin6_port = 49041, sin6_flowinfo = 16, sin6_addr = {in6_u = {u6_addr8 = "\000\000\000\000\020\000\000\000\001\000\000\000\001\000\000", u6_addr16 = {0, 0, 16, 0, 1, 0, 1, 0}, u6_addr32 = {0, 16, 1, 1}}}, sin6_scope_id = 12}}, id = -1080958468, proto = 4 '\004', send_flags = {f = 0 '\0', blst_imask = 0 '\0'}} c = 10 '\n' #17 0x08159a0f in handle_io (fm=0x83296b0, events=1, idx=-1) at tcp_read.c:1150 ret = 4 n = 4 read_flags = 1 con = (struct tcp_connection *) 0xb621af88 s = 12 resp = <value optimized out> t = <value optimized out> #18 0x0815d653 in tcp_receive_loop (unix_sock=35) at io_wait.h:1091 No locals. ---Type <return> to continue, or q <return> to quit--- #19 0x0812885b in tcp_init_children () at tcp_main.c:4819 r = 3 reader_fd_1 = 35 pid = <value optimized out> si = <value optimized out> #20 0x080ad412 in main_loop () at main.c:1632 i = 4 pid = <value optimized out> si = (struct socket_info *) 0x0 si_desc = "udp receiver child=3 sock=192.168.166.31:5060\000\221¿\002\000\000\000/\200\220\000\001\000\000\000\000\000H\000¨ä21¿\001\000\000\000°¶è026¶\000\000\000\000\000õ\030s2\b\002\000\000\000âf\b\000õ\001\000\000\000\000\000\000\000\001\000\000\000\000\000\000\000ÿÿÿÿ¸ä21¿" #21 0x080afbe7 in main (argc=3, argv=dwarf2_read_address: Corrupted DWARF expression. ) at main.c:2398 cfg_stream = (FILE *) 0x8a2d008 c = <value optimized out> r = 0 tmp = 0xbf91e674 "\212þ\221¿\233þ\221¿°þ\221¿»þ\221¿Ã\221¿ù1¿\020ÿ\221¿Dÿ\221¿Lÿ\221¿Wÿ\221¿]ÿ\221¿oÿ\221¿{ÿ\221¿\202ÿ\221 tmp_len = 10492229 port = 136192361 proto = -1080957480 ret = <value optimized out> seed = 21782655 rfd = 4 debug_save = <value optimized out> debug_flag = 0 dont_fork_cnt = 0 n_lst = <value optimized out> p = <value optimized out> More information can be found at the following URL: http://sip-router.org/tracker/index.php?do=details&task_id=247 You are receiving this message because you have requested it from the Flyspray bugtracking system. If you did not expect this message or don't want to receive mails in future, you can change your notification settings at the URL shown above.