Hello,
from the subject I don't understand exactly: did you get this crash also
with 1.3.4? Is it reproducible?
Looks like there is a buffer overflow. Can you recompile/reinstall with
memory debug on (in 1.5.x, see Makefile.vars)? The watch the logs and
see if you get any error related to buffer overwritten ops.
Cheers,
Daniel
On 2/10/11 7:37 AM, Andrew O. Zhukov wrote:
[root@ tmp]# /usr/local/sbin/kamailio -V
version: kamailio 1.5.5-notls (x86_64/linux)
flags: STATISTICS, EXTRA_DEBUG, USE_IPV6, USE_TCP, DISABLE_NAGLE,
USE_MCAST, SHM_MMAP,
PKG_MALLOC, F_MALLOC, FAST_LOCK-ADAPTIVE_WAIT
ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16,
MAX_URI_SIZE 1024,
BUF_SIZE 65535, PKG_SIZE 4194304
poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
svnrevision: unknown
@(#) $Id: main.c 5608 2009-02-13 16:48:17Z henningw $
main.c compiled on 12:38:36 Feb 2 2011 with gcc 4.1.2
-----------------------------
Core was generated by `/usr/local/sbin/kamailio -P
/var/run/openser/openser.pid -m 32 -u
openser -g op'.
Program terminated with signal 11, Segmentation fault.
#0 0x000000000046b0e3 in fm_malloc (qm=0x72dc00, size=32) at
mem/f_malloc.c:354
354 if ((*f)->size>=size) goto found;
(gdb) backtrace
#0 0x000000000046b0e3 in fm_malloc (qm=0x72dc00, size=32) at
mem/f_malloc.c:354
#1 0x00002b30f2803087 in build_rr (_l=0x76f110, _l2=0x76fe80,
user=0x7fffe9c5a500,
tag=0x777a58, params=0x0, _inbound=0)
at record.c:176
#2 0x00002b30f2802b7a in record_route (_m=0x76e0e0, params=0x0) at
record.c:322
#3 0x00002b30f28047db in w_record_route (msg=0x76e0e0, key=0x0,
bar=0x0) at rr_mod.c:212
#4 0x000000000040ed9b in do_action (a=0x73f5a0, msg=0x76e0e0) at
action.c:874
#5 0x000000000040c03a in run_action_list (a=0x73f5a0, msg=0x76e0e0)
at action.c:145
#6 0x000000000040e6a7 in do_action (a=0x73f810, msg=0x76e0e0) at
action.c:746
#7 0x000000000040c03a in run_action_list (a=0x73e418, msg=0x76e0e0)
at action.c:145
#8 0x000000000040c2a9 in run_actions (a=0x73e418, msg=0x76e0e0) at
action.c:120
#9 0x000000000040c357 in run_top_route (a=0x73e418, msg=0x76e0e0) at
action.c:195
#10 0x000000000043bda4 in receive_msg (
buf=0x70c980 "NOTIFY
sip:XXXXXX.com SIP/2.0\r\nVia: SIP/2.0/UDP
XX.XXX.101.68:5060;branch=z9hG4bK-6ee3865\r\nFrom: VTHome
<sip:101650@XXXXXX.com>;tag=129d73a13db8ec7fo0\r\nTo:
<sip:XXXXX.com>\r\nCall-ID:
e3fd1da9-142a0a17"..., len=373,
rcv_info=0x7fffe9c5ae90) at receive.c:175
#11 0x0000000000467eeb in udp_rcv_loop () at udp_server.c:449
#12 0x000000000042097b in main_loop () at main.c:774
#13 0x00000000004228b0 in main (argc=11, argv=0x7fffe9c5b118) at
main.c:1321
(gdb) print size
$1 = 32
(gdb) quit
--------------------------------------------
Core was generated by `/usr/local/sbin/kamailio -P
/var/run/openser/openser.pid -m 32 -u
openser -g op'.
Program terminated with signal 11, Segmentation fault.
#0 0x000000000046bf7b in fm_status (qm=0x72dc00) at mem/f_malloc.c:609
609 size+=f->size,f=f->u.nxt_free,i++,j++){
(gdb) backtrace
#0 0x000000000046bf7b in fm_status (qm=0x72dc00) at mem/f_malloc.c:609
#1 0x000000000041feb3 in sig_usr (signo=15) at main.c:563
#2 <signal handler called>
#3 0x00000039d8cd4a51 in __recvfrom_nocancel () from /lib64/libc.so.6
#4 0x0000000000467bf4 in udp_rcv_loop () at udp_server.c:408
#5 0x000000000042097b in main_loop () at main.c:774
#6 0x00000000004228b0 in main (argc=11, argv=0x7fffe9c5b118) at
main.c:1321
(gdb) print i
$1 = 402
(gdb) print j
$2 = 1
(gdb) print size
$3 = 7234295468789601279
(gdb) print f
$4 = (struct fm_frag *) 0x3738656435393838
(gdb) print f->size
Cannot access memory at address 0x3738656435393838
-------------------------------------------------------------------
Andrew O. Zhukov
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users