[root@ tmp]# /usr/local/sbin/kamailio -V version: kamailio 1.5.5-notls (x86_64/linux) flags: STATISTICS, EXTRA_DEBUG, USE_IPV6, USE_TCP, DISABLE_NAGLE, USE_MCAST, SHM_MMAP, PKG_MALLOC, F_MALLOC, FAST_LOCK-ADAPTIVE_WAIT ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16, MAX_URI_SIZE 1024, BUF_SIZE 65535, PKG_SIZE 4194304 poll method support: poll, epoll_lt, epoll_et, sigio_rt, select. svnrevision: unknown @(#) $Id: main.c 5608 2009-02-13 16:48:17Z henningw $ main.c compiled on 12:38:36 Feb 2 2011 with gcc 4.1.2
----------------------------- Core was generated by `/usr/local/sbin/kamailio -P /var/run/openser/openser.pid -m 32 -u openser -g op'. Program terminated with signal 11, Segmentation fault. #0 0x000000000046b0e3 in fm_malloc (qm=0x72dc00, size=32) at mem/f_malloc.c:354 354 if ((*f)->size>=size) goto found; (gdb) backtrace #0 0x000000000046b0e3 in fm_malloc (qm=0x72dc00, size=32) at mem/f_malloc.c:354 #1 0x00002b30f2803087 in build_rr (_l=0x76f110, _l2=0x76fe80, user=0x7fffe9c5a500, tag=0x777a58, params=0x0, _inbound=0) at record.c:176 #2 0x00002b30f2802b7a in record_route (_m=0x76e0e0, params=0x0) at record.c:322 #3 0x00002b30f28047db in w_record_route (msg=0x76e0e0, key=0x0, bar=0x0) at rr_mod.c:212 #4 0x000000000040ed9b in do_action (a=0x73f5a0, msg=0x76e0e0) at action.c:874 #5 0x000000000040c03a in run_action_list (a=0x73f5a0, msg=0x76e0e0) at action.c:145 #6 0x000000000040e6a7 in do_action (a=0x73f810, msg=0x76e0e0) at action.c:746 #7 0x000000000040c03a in run_action_list (a=0x73e418, msg=0x76e0e0) at action.c:145 #8 0x000000000040c2a9 in run_actions (a=0x73e418, msg=0x76e0e0) at action.c:120 #9 0x000000000040c357 in run_top_route (a=0x73e418, msg=0x76e0e0) at action.c:195 #10 0x000000000043bda4 in receive_msg ( buf=0x70c980 "NOTIFY sip:XXXXXX.com SIP/2.0\r\nVia: SIP/2.0/UDP XX.XXX.101.68:5060;branch=z9hG4bK-6ee3865\r\nFrom: VTHome sip:101650@XXXXXX.com;tag=129d73a13db8ec7fo0\r\nTo: sip:XXXXX.com\r\nCall-ID: e3fd1da9-142a0a17"..., len=373, rcv_info=0x7fffe9c5ae90) at receive.c:175 #11 0x0000000000467eeb in udp_rcv_loop () at udp_server.c:449 #12 0x000000000042097b in main_loop () at main.c:774 #13 0x00000000004228b0 in main (argc=11, argv=0x7fffe9c5b118) at main.c:1321 (gdb) print size $1 = 32 (gdb) quit -------------------------------------------- Core was generated by `/usr/local/sbin/kamailio -P /var/run/openser/openser.pid -m 32 -u openser -g op'. Program terminated with signal 11, Segmentation fault. #0 0x000000000046bf7b in fm_status (qm=0x72dc00) at mem/f_malloc.c:609 609 size+=f->size,f=f->u.nxt_free,i++,j++){ (gdb) backtrace #0 0x000000000046bf7b in fm_status (qm=0x72dc00) at mem/f_malloc.c:609 #1 0x000000000041feb3 in sig_usr (signo=15) at main.c:563 #2 <signal handler called> #3 0x00000039d8cd4a51 in __recvfrom_nocancel () from /lib64/libc.so.6 #4 0x0000000000467bf4 in udp_rcv_loop () at udp_server.c:408 #5 0x000000000042097b in main_loop () at main.c:774 #6 0x00000000004228b0 in main (argc=11, argv=0x7fffe9c5b118) at main.c:1321 (gdb) print i $1 = 402 (gdb) print j $2 = 1 (gdb) print size $3 = 7234295468789601279 (gdb) print f $4 = (struct fm_frag *) 0x3738656435393838 (gdb) print f->size Cannot access memory at address 0x3738656435393838 -------------------------------------------------------------------
Andrew O. Zhukov
Hello,
from the subject I don't understand exactly: did you get this crash also with 1.3.4? Is it reproducible?
Looks like there is a buffer overflow. Can you recompile/reinstall with memory debug on (in 1.5.x, see Makefile.vars)? The watch the logs and see if you get any error related to buffer overwritten ops.
Cheers, Daniel
On 2/10/11 7:37 AM, Andrew O. Zhukov wrote:
[root@ tmp]# /usr/local/sbin/kamailio -V version: kamailio 1.5.5-notls (x86_64/linux) flags: STATISTICS, EXTRA_DEBUG, USE_IPV6, USE_TCP, DISABLE_NAGLE, USE_MCAST, SHM_MMAP, PKG_MALLOC, F_MALLOC, FAST_LOCK-ADAPTIVE_WAIT ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16, MAX_URI_SIZE 1024, BUF_SIZE 65535, PKG_SIZE 4194304 poll method support: poll, epoll_lt, epoll_et, sigio_rt, select. svnrevision: unknown @(#) $Id: main.c 5608 2009-02-13 16:48:17Z henningw $ main.c compiled on 12:38:36 Feb 2 2011 with gcc 4.1.2
Core was generated by `/usr/local/sbin/kamailio -P /var/run/openser/openser.pid -m 32 -u openser -g op'. Program terminated with signal 11, Segmentation fault. #0 0x000000000046b0e3 in fm_malloc (qm=0x72dc00, size=32) at mem/f_malloc.c:354 354 if ((*f)->size>=size) goto found; (gdb) backtrace #0 0x000000000046b0e3 in fm_malloc (qm=0x72dc00, size=32) at mem/f_malloc.c:354 #1 0x00002b30f2803087 in build_rr (_l=0x76f110, _l2=0x76fe80, user=0x7fffe9c5a500, tag=0x777a58, params=0x0, _inbound=0) at record.c:176 #2 0x00002b30f2802b7a in record_route (_m=0x76e0e0, params=0x0) at record.c:322 #3 0x00002b30f28047db in w_record_route (msg=0x76e0e0, key=0x0, bar=0x0) at rr_mod.c:212 #4 0x000000000040ed9b in do_action (a=0x73f5a0, msg=0x76e0e0) at action.c:874 #5 0x000000000040c03a in run_action_list (a=0x73f5a0, msg=0x76e0e0) at action.c:145 #6 0x000000000040e6a7 in do_action (a=0x73f810, msg=0x76e0e0) at action.c:746 #7 0x000000000040c03a in run_action_list (a=0x73e418, msg=0x76e0e0) at action.c:145 #8 0x000000000040c2a9 in run_actions (a=0x73e418, msg=0x76e0e0) at action.c:120 #9 0x000000000040c357 in run_top_route (a=0x73e418, msg=0x76e0e0) at action.c:195 #10 0x000000000043bda4 in receive_msg ( buf=0x70c980 "NOTIFY sip:XXXXXX.com SIP/2.0\r\nVia: SIP/2.0/UDP XX.XXX.101.68:5060;branch=z9hG4bK-6ee3865\r\nFrom: VTHome sip:101650@XXXXXX.com;tag=129d73a13db8ec7fo0\r\nTo: sip:XXXXX.com\r\nCall-ID: e3fd1da9-142a0a17"..., len=373, rcv_info=0x7fffe9c5ae90) at receive.c:175 #11 0x0000000000467eeb in udp_rcv_loop () at udp_server.c:449 #12 0x000000000042097b in main_loop () at main.c:774 #13 0x00000000004228b0 in main (argc=11, argv=0x7fffe9c5b118) at main.c:1321 (gdb) print size $1 = 32 (gdb) quit
Core was generated by `/usr/local/sbin/kamailio -P /var/run/openser/openser.pid -m 32 -u openser -g op'. Program terminated with signal 11, Segmentation fault. #0 0x000000000046bf7b in fm_status (qm=0x72dc00) at mem/f_malloc.c:609 609 size+=f->size,f=f->u.nxt_free,i++,j++){ (gdb) backtrace #0 0x000000000046bf7b in fm_status (qm=0x72dc00) at mem/f_malloc.c:609 #1 0x000000000041feb3 in sig_usr (signo=15) at main.c:563 #2 <signal handler called> #3 0x00000039d8cd4a51 in __recvfrom_nocancel () from /lib64/libc.so.6 #4 0x0000000000467bf4 in udp_rcv_loop () at udp_server.c:408 #5 0x000000000042097b in main_loop () at main.c:774 #6 0x00000000004228b0 in main (argc=11, argv=0x7fffe9c5b118) at main.c:1321 (gdb) print i $1 = 402 (gdb) print j $2 = 1 (gdb) print size $3 = 7234295468789601279 (gdb) print f $4 = (struct fm_frag *) 0x3738656435393838 (gdb) print f->size Cannot access memory at address 0x3738656435393838
Andrew O. Zhukov
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
Couple month ago I sent whole set of crash-es from 1.3.4 to this maillist. Nobody respond me.
On 02/10/2011 08:53 AM, Daniel-Constantin Mierla wrote:
Hello,
from the subject I don't understand exactly: did you get this crash also with 1.3.4? Is it reproducible?
This crash-es from 1.5.5. I rise it up on this weekend. I do not shutdown server with 1.3.4 yet. I still keep all crashes there.
Looks like there is a buffer overflow. Can you recompile/reinstall with memory debug on (in 1.5.x, see Makefile.vars)? The watch the logs and see if you get any error related to buffer overwritten ops.
Ok. I'll do it.
Cheers, Daniel
On 2/10/11 7:37 AM, Andrew O. Zhukov wrote:
[root@ tmp]# /usr/local/sbin/kamailio -V version: kamailio 1.5.5-notls (x86_64/linux) flags: STATISTICS, EXTRA_DEBUG, USE_IPV6, USE_TCP, DISABLE_NAGLE, USE_MCAST, SHM_MMAP, PKG_MALLOC, F_MALLOC, FAST_LOCK-ADAPTIVE_WAIT ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16, MAX_URI_SIZE 1024, BUF_SIZE 65535, PKG_SIZE 4194304 poll method support: poll, epoll_lt, epoll_et, sigio_rt, select. svnrevision: unknown @(#) $Id: main.c 5608 2009-02-13 16:48:17Z henningw $ main.c compiled on 12:38:36 Feb 2 2011 with gcc 4.1.2
Core was generated by `/usr/local/sbin/kamailio -P /var/run/openser/openser.pid -m 32 -u openser -g op'. Program terminated with signal 11, Segmentation fault. #0 0x000000000046b0e3 in fm_malloc (qm=0x72dc00, size=32) at mem/f_malloc.c:354 354 if ((*f)->size>=size) goto found; (gdb) backtrace #0 0x000000000046b0e3 in fm_malloc (qm=0x72dc00, size=32) at mem/f_malloc.c:354 #1 0x00002b30f2803087 in build_rr (_l=0x76f110, _l2=0x76fe80, user=0x7fffe9c5a500, tag=0x777a58, params=0x0, _inbound=0) at record.c:176 #2 0x00002b30f2802b7a in record_route (_m=0x76e0e0, params=0x0) at record.c:322 #3 0x00002b30f28047db in w_record_route (msg=0x76e0e0, key=0x0, bar=0x0) at rr_mod.c:212 #4 0x000000000040ed9b in do_action (a=0x73f5a0, msg=0x76e0e0) at action.c:874 #5 0x000000000040c03a in run_action_list (a=0x73f5a0, msg=0x76e0e0) at action.c:145 #6 0x000000000040e6a7 in do_action (a=0x73f810, msg=0x76e0e0) at action.c:746 #7 0x000000000040c03a in run_action_list (a=0x73e418, msg=0x76e0e0) at action.c:145 #8 0x000000000040c2a9 in run_actions (a=0x73e418, msg=0x76e0e0) at action.c:120 #9 0x000000000040c357 in run_top_route (a=0x73e418, msg=0x76e0e0) at action.c:195 #10 0x000000000043bda4 in receive_msg ( buf=0x70c980 "NOTIFY sip:XXXXXX.com SIP/2.0\r\nVia: SIP/2.0/UDP XX.XXX.101.68:5060;branch=z9hG4bK-6ee3865\r\nFrom: VTHome sip:101650@XXXXXX.com;tag=129d73a13db8ec7fo0\r\nTo: sip:XXXXX.com\r\nCall-ID: e3fd1da9-142a0a17"..., len=373, rcv_info=0x7fffe9c5ae90) at receive.c:175 #11 0x0000000000467eeb in udp_rcv_loop () at udp_server.c:449 #12 0x000000000042097b in main_loop () at main.c:774 #13 0x00000000004228b0 in main (argc=11, argv=0x7fffe9c5b118) at main.c:1321 (gdb) print size $1 = 32 (gdb) quit
Core was generated by `/usr/local/sbin/kamailio -P /var/run/openser/openser.pid -m 32 -u openser -g op'. Program terminated with signal 11, Segmentation fault. #0 0x000000000046bf7b in fm_status (qm=0x72dc00) at mem/f_malloc.c:609 609 size+=f->size,f=f->u.nxt_free,i++,j++){ (gdb) backtrace #0 0x000000000046bf7b in fm_status (qm=0x72dc00) at mem/f_malloc.c:609 #1 0x000000000041feb3 in sig_usr (signo=15) at main.c:563 #2 <signal handler called> #3 0x00000039d8cd4a51 in __recvfrom_nocancel () from /lib64/libc.so.6 #4 0x0000000000467bf4 in udp_rcv_loop () at udp_server.c:408 #5 0x000000000042097b in main_loop () at main.c:774 #6 0x00000000004228b0 in main (argc=11, argv=0x7fffe9c5b118) at main.c:1321 (gdb) print i $1 = 402 (gdb) print j $2 = 1 (gdb) print size $3 = 7234295468789601279 (gdb) print f $4 = (struct fm_frag *) 0x3738656435393838 (gdb) print f->size Cannot access memory at address 0x3738656435393838
Andrew O. Zhukov
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
On 2/10/11 8:12 AM, Andrew O. Zhukov wrote:
Couple month ago I sent whole set of crash-es from 1.3.4 to this maillist. Nobody respond me.
Probably they were forgotten in the history, if most of devs were offline at the moment you sent. Do you have a link to the thread, it may help reading what you sent at that time, as well.
Cheers, Daniel
On 02/10/2011 08:53 AM, Daniel-Constantin Mierla wrote:
Hello,
from the subject I don't understand exactly: did you get this crash also with 1.3.4? Is it reproducible?
This crash-es from 1.5.5. I rise it up on this weekend. I do not shutdown server with 1.3.4 yet. I still keep all crashes there.
Looks like there is a buffer overflow. Can you recompile/reinstall with memory debug on (in 1.5.x, see Makefile.vars)? The watch the logs and see if you get any error related to buffer overwritten ops.
Ok. I'll do it.
Cheers, Daniel
On 2/10/11 7:37 AM, Andrew O. Zhukov wrote:
[root@ tmp]# /usr/local/sbin/kamailio -V version: kamailio 1.5.5-notls (x86_64/linux) flags: STATISTICS, EXTRA_DEBUG, USE_IPV6, USE_TCP, DISABLE_NAGLE, USE_MCAST, SHM_MMAP, PKG_MALLOC, F_MALLOC, FAST_LOCK-ADAPTIVE_WAIT ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16, MAX_URI_SIZE 1024, BUF_SIZE 65535, PKG_SIZE 4194304 poll method support: poll, epoll_lt, epoll_et, sigio_rt, select. svnrevision: unknown @(#) $Id: main.c 5608 2009-02-13 16:48:17Z henningw $ main.c compiled on 12:38:36 Feb 2 2011 with gcc 4.1.2
Core was generated by `/usr/local/sbin/kamailio -P /var/run/openser/openser.pid -m 32 -u openser -g op'. Program terminated with signal 11, Segmentation fault. #0 0x000000000046b0e3 in fm_malloc (qm=0x72dc00, size=32) at mem/f_malloc.c:354 354 if ((*f)->size>=size) goto found; (gdb) backtrace #0 0x000000000046b0e3 in fm_malloc (qm=0x72dc00, size=32) at mem/f_malloc.c:354 #1 0x00002b30f2803087 in build_rr (_l=0x76f110, _l2=0x76fe80, user=0x7fffe9c5a500, tag=0x777a58, params=0x0, _inbound=0) at record.c:176 #2 0x00002b30f2802b7a in record_route (_m=0x76e0e0, params=0x0) at record.c:322 #3 0x00002b30f28047db in w_record_route (msg=0x76e0e0, key=0x0, bar=0x0) at rr_mod.c:212 #4 0x000000000040ed9b in do_action (a=0x73f5a0, msg=0x76e0e0) at action.c:874 #5 0x000000000040c03a in run_action_list (a=0x73f5a0, msg=0x76e0e0) at action.c:145 #6 0x000000000040e6a7 in do_action (a=0x73f810, msg=0x76e0e0) at action.c:746 #7 0x000000000040c03a in run_action_list (a=0x73e418, msg=0x76e0e0) at action.c:145 #8 0x000000000040c2a9 in run_actions (a=0x73e418, msg=0x76e0e0) at action.c:120 #9 0x000000000040c357 in run_top_route (a=0x73e418, msg=0x76e0e0) at action.c:195 #10 0x000000000043bda4 in receive_msg ( buf=0x70c980 "NOTIFY sip:XXXXXX.com SIP/2.0\r\nVia: SIP/2.0/UDP XX.XXX.101.68:5060;branch=z9hG4bK-6ee3865\r\nFrom: VTHome sip:101650@XXXXXX.com;tag=129d73a13db8ec7fo0\r\nTo: sip:XXXXX.com\r\nCall-ID: e3fd1da9-142a0a17"..., len=373, rcv_info=0x7fffe9c5ae90) at receive.c:175 #11 0x0000000000467eeb in udp_rcv_loop () at udp_server.c:449 #12 0x000000000042097b in main_loop () at main.c:774 #13 0x00000000004228b0 in main (argc=11, argv=0x7fffe9c5b118) at main.c:1321 (gdb) print size $1 = 32 (gdb) quit
Core was generated by `/usr/local/sbin/kamailio -P /var/run/openser/openser.pid -m 32 -u openser -g op'. Program terminated with signal 11, Segmentation fault. #0 0x000000000046bf7b in fm_status (qm=0x72dc00) at mem/f_malloc.c:609 609 size+=f->size,f=f->u.nxt_free,i++,j++){ (gdb) backtrace #0 0x000000000046bf7b in fm_status (qm=0x72dc00) at mem/f_malloc.c:609 #1 0x000000000041feb3 in sig_usr (signo=15) at main.c:563 #2 <signal handler called> #3 0x00000039d8cd4a51 in __recvfrom_nocancel () from /lib64/libc.so.6 #4 0x0000000000467bf4 in udp_rcv_loop () at udp_server.c:408 #5 0x000000000042097b in main_loop () at main.c:774 #6 0x00000000004228b0 in main (argc=11, argv=0x7fffe9c5b118) at main.c:1321 (gdb) print i $1 = 402 (gdb) print j $2 = 1 (gdb) print size $3 = 7234295468789601279 (gdb) print f $4 = (struct fm_frag *) 0x3738656435393838 (gdb) print f->size Cannot access memory at address 0x3738656435393838
Andrew O. Zhukov
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
Is DBG_QM_MALLOC exactly what you want?
[root@ kamailio-1.5.5-notls]# /usr/local/sbin/kamailio -V version: kamailio 1.5.5-notls (x86_64/linux) flags: STATISTICS, EXTRA_DEBUG, USE_IPV6, USE_TCP, DISABLE_NAGLE, USE_MCAST, SHM_MMAP, PKG_MALLOC, DBG_QM_MALLOC, FAST_LOCK-ADAPTIVE_WAIT ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16, MAX_URI_SIZE 1024, BUF_SIZE 65535, PKG_SIZE 4194304 poll method support: poll, epoll_lt, epoll_et, sigio_rt, select. svnrevision: unknown @(#) $Id: main.c 5608 2009-02-13 16:48:17Z henningw $ main.c compiled on 09:42:37 Feb 10 2011 with gcc 4.1.2
Here is it with MEMDBG=1
------------------------------------------------------------------------------------------------------ Core was generated by `/usr/local/sbin/kamailio -P /var/run/openser/openser.pid -m 32 -u openser -g op'. Program terminated with signal 6, Aborted. #0 0x00000039d8c30265 in raise () from /lib64/libc.so.6 (gdb) backtrace #0 0x00000039d8c30265 in raise () from /lib64/libc.so.6 #1 0x00000039d8c31d10 in abort () from /lib64/libc.so.6 #2 0x000000000046c397 in qm_debug_frag (qm=0x733c00, f=0x7ca950) at mem/q_malloc.c:137 #3 0x000000000046d99a in qm_free (qm=0x733c00, p=0x7ca980, file=0x4e4d30 "parser/digest/digest.c", func=0x4e4da0 "free_credentials", line=95) at mem/q_malloc.c:439 #4 0x0000000000495fac in free_credentials (_b=0x2ba07046a7b8) at parser/digest/digest.c:95 #5 0x0000000000471a36 in clean_hdr_field (hf=0x2ba07046a788) at parser/hf.c:116 #6 0x00002ba06cec58de in clean_msg_clone (msg=0x2ba0704697b8, min=0x2ba0704697b8, max=0x2ba07046add0) at sip_msg.h:54 #7 0x00002ba06cec57b7 in run_trans_callbacks (type=2, trans=0x2ba07045b3f0, req=0x2ba0704697b8, rpl=0x7c0eb8, code=200) at t_hooks.c:245 #8 0x00002ba06cecc39d in t_reply_matching (p_msg=0x7c0eb8, p_branch=0x7fff8a7202c8) at t_lookup.c:888 #9 0x00002ba06cecc997 in t_check (p_msg=0x7c0eb8, param_branch=0x7fff8a7202c8) at t_lookup.c:964 #10 0x00002ba06cedb79b in reply_received (p_msg=0x7c0eb8) at t_reply.c:1395 #11 0x000000000041c6db in forward_reply (msg=0x7c0eb8) at forward.c:576 #12 0x000000000043ccf0 in receive_msg ( buf=0x712980 "SIP/2.0 200 OK\r\nVia: SIP/2.0/UDP XXX.XX.XXX.13;branch=z9hG4bKb01c.8ffe0f62.0;received=XXX.XX.XXX.13\r\nVia: SIP/2.0/UDP XXX.XX.XXX.236:5060;received=XXX.XX.XXX.236;branch=z9hG4bK20b12a8d;rport=5060\r\nRec"..., len=576, rcv_info=0x7fff8a720420) at receive.c:212 #13 0x00000000004692e3 in udp_rcv_loop () at udp_server.c:449 #14 0x0000000000420ecb in main_loop () at main.c:774 #15 0x0000000000422e0f in main (argc=11, argv=0x7fff8a7206a8) at main.c:1321 -------------------------------------------------------------------------------------------------------------- Core was generated by `/usr/local/sbin/kamailio -P /var/run/openser/openser.pid -m 32 -u openser -g op'. Program terminated with signal 6, Aborted. #0 0x00000039d8c30265 in raise () from /lib64/libc.so.6 (gdb) backtrace #0 0x00000039d8c30265 in raise () from /lib64/libc.so.6 #1 0x00000039d8c31d10 in abort () from /lib64/libc.so.6 #2 0x000000000046c397 in qm_debug_frag (qm=0x733c00, f=0x83a818) at mem/q_malloc.c:137 #3 0x000000000046d99a in qm_free (qm=0x733c00, p=0x83a848, file=0x4e4d30 "parser/digest/digest.c", func=0x4e4da0 "free_credentials", line=95) at mem/q_malloc.c:439 #4 0x0000000000495fac in free_credentials (_b=0x2b95e9de8758) at parser/digest/digest.c:95 #5 0x0000000000471a36 in clean_hdr_field (hf=0x2b95e9de8728) at parser/hf.c:116 #6 0x00002b95e687e8de in clean_msg_clone (msg=0x2b95e9de7758, min=0x2b95e9de7758, max=0x2b95e9de8d70) at sip_msg.h:54 #7 0x00002b95e687e7b7 in run_trans_callbacks (type=2, trans=0x2b95e9fe5150, req=0x2b95e9de7758, rpl=0x7c0eb8, code=200) at t_hooks.c:245 #8 0x00002b95e688539d in t_reply_matching (p_msg=0x7c0eb8, p_branch=0x7fff77e144b8) at t_lookup.c:888 #9 0x00002b95e6885997 in t_check (p_msg=0x7c0eb8, param_branch=0x7fff77e144b8) at t_lookup.c:964 #10 0x00002b95e689479b in reply_received (p_msg=0x7c0eb8) at t_reply.c:1395 #11 0x000000000041c6db in forward_reply (msg=0x7c0eb8) at forward.c:576 #12 0x000000000043ccf0 in receive_msg ( buf=0x712980 "SIP/2.0 200 OK\r\nVia: SIP/2.0/UDP XXX.XX.XXX.13;branch=z9hG4bK2cb3.224aa3e4.0;received=XXX.XX.XXX.13\r\nVia: SIP/2.0/UDP XXX.XX.XXX.236:5060;received=XXX.XX.XXX.236;branch=z9hG4bK3ca41325;rport=5060\r\nRec"..., len=576, rcv_info=0x7fff77e14610) at receive.c:212 #13 0x00000000004692e3 in udp_rcv_loop () at udp_server.c:449 #14 0x0000000000420ecb in main_loop () at main.c:774 #15 0x0000000000422e0f in main (argc=11, argv=0x7fff77e14898) at main.c:1321 -------------------------------- Loaded symbols for /lib64/ld-linux-x86-64.so.2 Core was generated by `/usr/local/sbin/kamailio -P /var/run/openser/openser.pid -m 32 -u openser -g op'. Program terminated with signal 11, Segmentation fault. #0 0x000000000046bf7b in add_avp_galias_str (alias_definition=0x46de56 "") at usr_avp.c:680 680 LM_ERR("parse error in <%s> around pos %ld\n", (gdb) backtrace #0 0x000000000046bf7b in add_avp_galias_str (alias_definition=0x46de56 "") at usr_avp.c:680 #1 0x0000000000000000 in ?? ()
On 02/10/2011 09:14 AM, Daniel-Constantin Mierla wrote:
On 2/10/11 8:12 AM, Andrew O. Zhukov wrote:
Couple month ago I sent whole set of crash-es from 1.3.4 to this maillist. Nobody respond me.
Probably they were forgotten in the history, if most of devs were offline at the moment you sent. Do you have a link to the thread, it may help reading what you sent at that time, as well.
On 2/11/11 6:23 PM, Andrew O. Zhukov wrote:
Here is it with MEMDBG=1
Did you get in syslog any error (bug) message mentioning overwriting tail/head for memory operations? If yes, send the syslog messages here.
I will try to look over it soon, being offline for some traveling...
Cheers, Daniel
Core was generated by `/usr/local/sbin/kamailio -P /var/run/openser/openser.pid -m 32 -u openser -g op'. Program terminated with signal 6, Aborted. #0 0x00000039d8c30265 in raise () from /lib64/libc.so.6 (gdb) backtrace #0 0x00000039d8c30265 in raise () from /lib64/libc.so.6 #1 0x00000039d8c31d10 in abort () from /lib64/libc.so.6 #2 0x000000000046c397 in qm_debug_frag (qm=0x733c00, f=0x7ca950) at mem/q_malloc.c:137 #3 0x000000000046d99a in qm_free (qm=0x733c00, p=0x7ca980, file=0x4e4d30 "parser/digest/digest.c", func=0x4e4da0 "free_credentials", line=95) at mem/q_malloc.c:439 #4 0x0000000000495fac in free_credentials (_b=0x2ba07046a7b8) at parser/digest/digest.c:95 #5 0x0000000000471a36 in clean_hdr_field (hf=0x2ba07046a788) at parser/hf.c:116 #6 0x00002ba06cec58de in clean_msg_clone (msg=0x2ba0704697b8, min=0x2ba0704697b8, max=0x2ba07046add0) at sip_msg.h:54 #7 0x00002ba06cec57b7 in run_trans_callbacks (type=2, trans=0x2ba07045b3f0, req=0x2ba0704697b8, rpl=0x7c0eb8, code=200) at t_hooks.c:245 #8 0x00002ba06cecc39d in t_reply_matching (p_msg=0x7c0eb8, p_branch=0x7fff8a7202c8) at t_lookup.c:888 #9 0x00002ba06cecc997 in t_check (p_msg=0x7c0eb8, param_branch=0x7fff8a7202c8) at t_lookup.c:964 #10 0x00002ba06cedb79b in reply_received (p_msg=0x7c0eb8) at t_reply.c:1395 #11 0x000000000041c6db in forward_reply (msg=0x7c0eb8) at forward.c:576 #12 0x000000000043ccf0 in receive_msg ( buf=0x712980 "SIP/2.0 200 OK\r\nVia: SIP/2.0/UDP XXX.XX.XXX.13;branch=z9hG4bKb01c.8ffe0f62.0;received=XXX.XX.XXX.13\r\nVia: SIP/2.0/UDP XXX.XX.XXX.236:5060;received=XXX.XX.XXX.236;branch=z9hG4bK20b12a8d;rport=5060\r\nRec"..., len=576, rcv_info=0x7fff8a720420) at receive.c:212 #13 0x00000000004692e3 in udp_rcv_loop () at udp_server.c:449 #14 0x0000000000420ecb in main_loop () at main.c:774 #15 0x0000000000422e0f in main (argc=11, argv=0x7fff8a7206a8) at main.c:1321
Core was generated by `/usr/local/sbin/kamailio -P /var/run/openser/openser.pid -m 32 -u openser -g op'. Program terminated with signal 6, Aborted. #0 0x00000039d8c30265 in raise () from /lib64/libc.so.6 (gdb) backtrace #0 0x00000039d8c30265 in raise () from /lib64/libc.so.6 #1 0x00000039d8c31d10 in abort () from /lib64/libc.so.6 #2 0x000000000046c397 in qm_debug_frag (qm=0x733c00, f=0x83a818) at mem/q_malloc.c:137 #3 0x000000000046d99a in qm_free (qm=0x733c00, p=0x83a848, file=0x4e4d30 "parser/digest/digest.c", func=0x4e4da0 "free_credentials", line=95) at mem/q_malloc.c:439 #4 0x0000000000495fac in free_credentials (_b=0x2b95e9de8758) at parser/digest/digest.c:95 #5 0x0000000000471a36 in clean_hdr_field (hf=0x2b95e9de8728) at parser/hf.c:116 #6 0x00002b95e687e8de in clean_msg_clone (msg=0x2b95e9de7758, min=0x2b95e9de7758, max=0x2b95e9de8d70) at sip_msg.h:54 #7 0x00002b95e687e7b7 in run_trans_callbacks (type=2, trans=0x2b95e9fe5150, req=0x2b95e9de7758, rpl=0x7c0eb8, code=200) at t_hooks.c:245 #8 0x00002b95e688539d in t_reply_matching (p_msg=0x7c0eb8, p_branch=0x7fff77e144b8) at t_lookup.c:888 #9 0x00002b95e6885997 in t_check (p_msg=0x7c0eb8, param_branch=0x7fff77e144b8) at t_lookup.c:964 #10 0x00002b95e689479b in reply_received (p_msg=0x7c0eb8) at t_reply.c:1395 #11 0x000000000041c6db in forward_reply (msg=0x7c0eb8) at forward.c:576 #12 0x000000000043ccf0 in receive_msg ( buf=0x712980 "SIP/2.0 200 OK\r\nVia: SIP/2.0/UDP XXX.XX.XXX.13;branch=z9hG4bK2cb3.224aa3e4.0;received=XXX.XX.XXX.13\r\nVia: SIP/2.0/UDP XXX.XX.XXX.236:5060;received=XXX.XX.XXX.236;branch=z9hG4bK3ca41325;rport=5060\r\nRec"..., len=576, rcv_info=0x7fff77e14610) at receive.c:212 #13 0x00000000004692e3 in udp_rcv_loop () at udp_server.c:449 #14 0x0000000000420ecb in main_loop () at main.c:774 #15 0x0000000000422e0f in main (argc=11, argv=0x7fff77e14898) at main.c:1321
Loaded symbols for /lib64/ld-linux-x86-64.so.2 Core was generated by `/usr/local/sbin/kamailio -P /var/run/openser/openser.pid -m 32 -u openser -g op'. Program terminated with signal 11, Segmentation fault. #0 0x000000000046bf7b in add_avp_galias_str (alias_definition=0x46de56 "") at usr_avp.c:680 680 LM_ERR("parse error in <%s> around pos %ld\n", (gdb) backtrace #0 0x000000000046bf7b in add_avp_galias_str (alias_definition=0x46de56 "") at usr_avp.c:680 #1 0x0000000000000000 in ?? ()
On 02/10/2011 09:14 AM, Daniel-Constantin Mierla wrote:
On 2/10/11 8:12 AM, Andrew O. Zhukov wrote:
Couple month ago I sent whole set of crash-es from 1.3.4 to this maillist. Nobody respond me.
Probably they were forgotten in the history, if most of devs were offline at the moment you sent. Do you have a link to the thread, it may help reading what you sent at that time, as well.
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
-
Andrew O. Zhukov -
Daniel-Constantin Mierla