Re: [SR-Users] After upgrade from openser 1.3.4 to kamailio 1.5.5 the same crash set
On 2/11/11 6:23 PM, Andrew O. Zhukov wrote: Here is it with MEMDBG=1 Did you get in syslog any error (bug) message mentioning overwriting tail/head for memory operations? If yes, send the syslog messages here. I will try to look over it soon, being offline for some traveling... Cheers, Daniel -- Core was generated by `/usr/local/sbin/kamailio -P /var/run/openser/openser.pid -m 32 -u openser -g op'. Program terminated with signal 6, Aborted. #0 0x0039d8c30265 in raise () from /lib64/libc.so.6 (gdb) backtrace #0 0x0039d8c30265 in raise () from /lib64/libc.so.6 #1 0x0039d8c31d10 in abort () from /lib64/libc.so.6 #2 0x0046c397 in qm_debug_frag (qm=0x733c00, f=0x7ca950) at mem/q_malloc.c:137 #3 0x0046d99a in qm_free (qm=0x733c00, p=0x7ca980, file=0x4e4d30 "parser/digest/digest.c", func=0x4e4da0 "free_credentials", line=95) at mem/q_malloc.c:439 #4 0x00495fac in free_credentials (_b=0x2ba07046a7b8) at parser/digest/digest.c:95 #5 0x00471a36 in clean_hdr_field (hf=0x2ba07046a788) at parser/hf.c:116 #6 0x2ba06cec58de in clean_msg_clone (msg=0x2ba0704697b8, min=0x2ba0704697b8, max=0x2ba07046add0) at sip_msg.h:54 #7 0x2ba06cec57b7 in run_trans_callbacks (type=2, trans=0x2ba07045b3f0, req=0x2ba0704697b8, rpl=0x7c0eb8, code=200) at t_hooks.c:245 #8 0x2ba06cecc39d in t_reply_matching (p_msg=0x7c0eb8, p_branch=0x7fff8a7202c8) at t_lookup.c:888 #9 0x2ba06cecc997 in t_check (p_msg=0x7c0eb8, param_branch=0x7fff8a7202c8) at t_lookup.c:964 #10 0x2ba06cedb79b in reply_received (p_msg=0x7c0eb8) at t_reply.c:1395 #11 0x0041c6db in forward_reply (msg=0x7c0eb8) at forward.c:576 #12 0x0043ccf0 in receive_msg ( buf=0x712980 "SIP/2.0 200 OK\r\nVia: SIP/2.0/UDP XXX.XX.XXX.13;branch=z9hG4bKb01c.8ffe0f62.0;received=XXX.XX.XXX.13\r\nVia: SIP/2.0/UDP XXX.XX.XXX.236:5060;received=XXX.XX.XXX.236;branch=z9hG4bK20b12a8d;rport=5060\r\nRec"..., len=576, rcv_info=0x7fff8a720420) at receive.c:212 #13 0x004692e3 in udp_rcv_loop () at udp_server.c:449 #14 0x00420ecb in main_loop () at main.c:774 #15 0x00422e0f in main (argc=11, argv=0x7fff8a7206a8) at main.c:1321 -- Core was generated by `/usr/local/sbin/kamailio -P /var/run/openser/openser.pid -m 32 -u openser -g op'. Program terminated with signal 6, Aborted. #0 0x0039d8c30265 in raise () from /lib64/libc.so.6 (gdb) backtrace #0 0x0039d8c30265 in raise () from /lib64/libc.so.6 #1 0x0039d8c31d10 in abort () from /lib64/libc.so.6 #2 0x0046c397 in qm_debug_frag (qm=0x733c00, f=0x83a818) at mem/q_malloc.c:137 #3 0x0046d99a in qm_free (qm=0x733c00, p=0x83a848, file=0x4e4d30 "parser/digest/digest.c", func=0x4e4da0 "free_credentials", line=95) at mem/q_malloc.c:439 #4 0x00495fac in free_credentials (_b=0x2b95e9de8758) at parser/digest/digest.c:95 #5 0x00471a36 in clean_hdr_field (hf=0x2b95e9de8728) at parser/hf.c:116 #6 0x2b95e687e8de in clean_msg_clone (msg=0x2b95e9de7758, min=0x2b95e9de7758, max=0x2b95e9de8d70) at sip_msg.h:54 #7 0x2b95e687e7b7 in run_trans_callbacks (type=2, trans=0x2b95e9fe5150, req=0x2b95e9de7758, rpl=0x7c0eb8, code=200) at t_hooks.c:245 #8 0x2b95e688539d in t_reply_matching (p_msg=0x7c0eb8, p_branch=0x7fff77e144b8) at t_lookup.c:888 #9 0x2b95e6885997 in t_check (p_msg=0x7c0eb8, param_branch=0x7fff77e144b8) at t_lookup.c:964 #10 0x2b95e689479b in reply_received (p_msg=0x7c0eb8) at t_reply.c:1395 #11 0x0041c6db in forward_reply (msg=0x7c0eb8) at forward.c:576 #12 0x0043ccf0 in receive_msg ( buf=0x712980 "SIP/2.0 200 OK\r\nVia: SIP/2.0/UDP XXX.XX.XXX.13;branch=z9hG4bK2cb3.224aa3e4.0;received=XXX.XX.XXX.13\r\nVia: SIP/2.0/UDP XXX.XX.XXX.236:5060;received=XXX.XX.XXX.236;branch=z9hG4bK3ca41325;rport=5060\r\nRec"..., len=576, rcv_info=0x7fff77e14610) at receive.c:212 #13 0x004692e3 in udp_rcv_loop () at udp_server.c:449 #14 0x00420ecb in main_loop () at main.c:774 #15 0x00422e0f in main (argc=11, argv=0x7fff77e14898) at main.c:1321 Loaded symbols for /lib64/ld-linux-x86-64.so.2 Core was generated by `/usr/local/sbin/kamailio -P /var/run/openser/openser.pid -m 32 -u openser -g op'. Program terminated with signal 11, Segmentation fault. #0 0x0046bf7b in add_avp_galias_str (alias_definition=0x46de56 "") at usr_avp.c:680 680LM_ERR("parse error in <%s> around pos %ld\n", (gdb) backtrace #0 0x0046bf7b in add_avp_galias_str (alias_definition=0x46de56 "") at usr_avp.c:680 #1 0x in ?? () On 02/10/2011 09:14 AM, Daniel-Constantin Mierla wrote: On 2/10/11 8:12 AM, Andrew O. Zhukov wrote: Couple month ago I
Re: [SR-Users] After upgrade from openser 1.3.4 to kamailio 1.5.5 the same crash set
Here is it with MEMDBG=1 -- Core was generated by `/usr/local/sbin/kamailio -P /var/run/openser/openser.pid -m 32 -u openser -g op'. Program terminated with signal 6, Aborted. #0 0x0039d8c30265 in raise () from /lib64/libc.so.6 (gdb) backtrace #0 0x0039d8c30265 in raise () from /lib64/libc.so.6 #1 0x0039d8c31d10 in abort () from /lib64/libc.so.6 #2 0x0046c397 in qm_debug_frag (qm=0x733c00, f=0x7ca950) at mem/q_malloc.c:137 #3 0x0046d99a in qm_free (qm=0x733c00, p=0x7ca980, file=0x4e4d30 "parser/digest/digest.c", func=0x4e4da0 "free_credentials", line=95) at mem/q_malloc.c:439 #4 0x00495fac in free_credentials (_b=0x2ba07046a7b8) at parser/digest/digest.c:95 #5 0x00471a36 in clean_hdr_field (hf=0x2ba07046a788) at parser/hf.c:116 #6 0x2ba06cec58de in clean_msg_clone (msg=0x2ba0704697b8, min=0x2ba0704697b8, max=0x2ba07046add0) at sip_msg.h:54 #7 0x2ba06cec57b7 in run_trans_callbacks (type=2, trans=0x2ba07045b3f0, req=0x2ba0704697b8, rpl=0x7c0eb8, code=200) at t_hooks.c:245 #8 0x2ba06cecc39d in t_reply_matching (p_msg=0x7c0eb8, p_branch=0x7fff8a7202c8) at t_lookup.c:888 #9 0x2ba06cecc997 in t_check (p_msg=0x7c0eb8, param_branch=0x7fff8a7202c8) at t_lookup.c:964 #10 0x2ba06cedb79b in reply_received (p_msg=0x7c0eb8) at t_reply.c:1395 #11 0x0041c6db in forward_reply (msg=0x7c0eb8) at forward.c:576 #12 0x0043ccf0 in receive_msg ( buf=0x712980 "SIP/2.0 200 OK\r\nVia: SIP/2.0/UDP XXX.XX.XXX.13;branch=z9hG4bKb01c.8ffe0f62.0;received=XXX.XX.XXX.13\r\nVia: SIP/2.0/UDP XXX.XX.XXX.236:5060;received=XXX.XX.XXX.236;branch=z9hG4bK20b12a8d;rport=5060\r\nRec"..., len=576, rcv_info=0x7fff8a720420) at receive.c:212 #13 0x004692e3 in udp_rcv_loop () at udp_server.c:449 #14 0x00420ecb in main_loop () at main.c:774 #15 0x00422e0f in main (argc=11, argv=0x7fff8a7206a8) at main.c:1321 -- Core was generated by `/usr/local/sbin/kamailio -P /var/run/openser/openser.pid -m 32 -u openser -g op'. Program terminated with signal 6, Aborted. #0 0x0039d8c30265 in raise () from /lib64/libc.so.6 (gdb) backtrace #0 0x0039d8c30265 in raise () from /lib64/libc.so.6 #1 0x0039d8c31d10 in abort () from /lib64/libc.so.6 #2 0x0046c397 in qm_debug_frag (qm=0x733c00, f=0x83a818) at mem/q_malloc.c:137 #3 0x0046d99a in qm_free (qm=0x733c00, p=0x83a848, file=0x4e4d30 "parser/digest/digest.c", func=0x4e4da0 "free_credentials", line=95) at mem/q_malloc.c:439 #4 0x00495fac in free_credentials (_b=0x2b95e9de8758) at parser/digest/digest.c:95 #5 0x00471a36 in clean_hdr_field (hf=0x2b95e9de8728) at parser/hf.c:116 #6 0x2b95e687e8de in clean_msg_clone (msg=0x2b95e9de7758, min=0x2b95e9de7758, max=0x2b95e9de8d70) at sip_msg.h:54 #7 0x2b95e687e7b7 in run_trans_callbacks (type=2, trans=0x2b95e9fe5150, req=0x2b95e9de7758, rpl=0x7c0eb8, code=200) at t_hooks.c:245 #8 0x2b95e688539d in t_reply_matching (p_msg=0x7c0eb8, p_branch=0x7fff77e144b8) at t_lookup.c:888 #9 0x2b95e6885997 in t_check (p_msg=0x7c0eb8, param_branch=0x7fff77e144b8) at t_lookup.c:964 #10 0x2b95e689479b in reply_received (p_msg=0x7c0eb8) at t_reply.c:1395 #11 0x0041c6db in forward_reply (msg=0x7c0eb8) at forward.c:576 #12 0x0043ccf0 in receive_msg ( buf=0x712980 "SIP/2.0 200 OK\r\nVia: SIP/2.0/UDP XXX.XX.XXX.13;branch=z9hG4bK2cb3.224aa3e4.0;received=XXX.XX.XXX.13\r\nVia: SIP/2.0/UDP XXX.XX.XXX.236:5060;received=XXX.XX.XXX.236;branch=z9hG4bK3ca41325;rport=5060\r\nRec"..., len=576, rcv_info=0x7fff77e14610) at receive.c:212 #13 0x004692e3 in udp_rcv_loop () at udp_server.c:449 #14 0x00420ecb in main_loop () at main.c:774 #15 0x00422e0f in main (argc=11, argv=0x7fff77e14898) at main.c:1321 Loaded symbols for /lib64/ld-linux-x86-64.so.2 Core was generated by `/usr/local/sbin/kamailio -P /var/run/openser/openser.pid -m 32 -u openser -g op'. Program terminated with signal 11, Segmentation fault. #0 0x0046bf7b in add_avp_galias_str (alias_definition=0x46de56 "") at usr_avp.c:680 680 LM_ERR("parse error in <%s> around pos %ld\n", (gdb) backtrace #0 0x0046bf7b in add_avp_galias_str (alias_definition=0x46de56 "") at usr_avp.c:680 #1 0x in ?? () On 02/10/2011 09:14 AM, Daniel-Constantin Mierla wrote: On 2/10/11 8:12 AM, Andrew O. Zhukov wrote: Couple month ago I sent whole set of crash-es from 1.3.4 to this maillist. Nobody respond me. Probably they were forgotten in the history, if most of devs were offline at the moment you sent. Do you have a link to the thread, it may help reading what you sent at that time, as well. _
Re: [SR-Users] After upgrade from openser 1.3.4 to kamailio 1.5.5 the same crash set
Is DBG_QM_MALLOC exactly what you want? [root@ kamailio-1.5.5-notls]# /usr/local/sbin/kamailio -V version: kamailio 1.5.5-notls (x86_64/linux) flags: STATISTICS, EXTRA_DEBUG, USE_IPV6, USE_TCP, DISABLE_NAGLE, USE_MCAST, SHM_MMAP, PKG_MALLOC, DBG_QM_MALLOC, FAST_LOCK-ADAPTIVE_WAIT ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16, MAX_URI_SIZE 1024, BUF_SIZE 65535, PKG_SIZE 4194304 poll method support: poll, epoll_lt, epoll_et, sigio_rt, select. svnrevision: unknown @(#) $Id: main.c 5608 2009-02-13 16:48:17Z henningw $ main.c compiled on 09:42:37 Feb 10 2011 with gcc 4.1.2 ___ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
Re: [SR-Users] After upgrade from openser 1.3.4 to kamailio 1.5.5 the same crash set
On 2/10/11 8:12 AM, Andrew O. Zhukov wrote: Couple month ago I sent whole set of crash-es from 1.3.4 to this maillist. Nobody respond me. Probably they were forgotten in the history, if most of devs were offline at the moment you sent. Do you have a link to the thread, it may help reading what you sent at that time, as well. Cheers, Daniel On 02/10/2011 08:53 AM, Daniel-Constantin Mierla wrote: Hello, from the subject I don't understand exactly: did you get this crash also with 1.3.4? Is it reproducible? This crash-es from 1.5.5. I rise it up on this weekend. I do not shutdown server with 1.3.4 yet. I still keep all crashes there. Looks like there is a buffer overflow. Can you recompile/reinstall with memory debug on (in 1.5.x, see Makefile.vars)? The watch the logs and see if you get any error related to buffer overwritten ops. Ok. I'll do it. Cheers, Daniel On 2/10/11 7:37 AM, Andrew O. Zhukov wrote: [root@ tmp]# /usr/local/sbin/kamailio -V version: kamailio 1.5.5-notls (x86_64/linux) flags: STATISTICS, EXTRA_DEBUG, USE_IPV6, USE_TCP, DISABLE_NAGLE, USE_MCAST, SHM_MMAP, PKG_MALLOC, F_MALLOC, FAST_LOCK-ADAPTIVE_WAIT ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16, MAX_URI_SIZE 1024, BUF_SIZE 65535, PKG_SIZE 4194304 poll method support: poll, epoll_lt, epoll_et, sigio_rt, select. svnrevision: unknown @(#) $Id: main.c 5608 2009-02-13 16:48:17Z henningw $ main.c compiled on 12:38:36 Feb 2 2011 with gcc 4.1.2 - Core was generated by `/usr/local/sbin/kamailio -P /var/run/openser/openser.pid -m 32 -u openser -g op'. Program terminated with signal 11, Segmentation fault. #0 0x0046b0e3 in fm_malloc (qm=0x72dc00, size=32) at mem/f_malloc.c:354 354 if ((*f)->size>=size) goto found; (gdb) backtrace #0 0x0046b0e3 in fm_malloc (qm=0x72dc00, size=32) at mem/f_malloc.c:354 #1 0x2b30f2803087 in build_rr (_l=0x76f110, _l2=0x76fe80, user=0x7fffe9c5a500, tag=0x777a58, params=0x0, _inbound=0) at record.c:176 #2 0x2b30f2802b7a in record_route (_m=0x76e0e0, params=0x0) at record.c:322 #3 0x2b30f28047db in w_record_route (msg=0x76e0e0, key=0x0, bar=0x0) at rr_mod.c:212 #4 0x0040ed9b in do_action (a=0x73f5a0, msg=0x76e0e0) at action.c:874 #5 0x0040c03a in run_action_list (a=0x73f5a0, msg=0x76e0e0) at action.c:145 #6 0x0040e6a7 in do_action (a=0x73f810, msg=0x76e0e0) at action.c:746 #7 0x0040c03a in run_action_list (a=0x73e418, msg=0x76e0e0) at action.c:145 #8 0x0040c2a9 in run_actions (a=0x73e418, msg=0x76e0e0) at action.c:120 #9 0x0040c357 in run_top_route (a=0x73e418, msg=0x76e0e0) at action.c:195 #10 0x0043bda4 in receive_msg ( buf=0x70c980 "NOTIFY sip:XX.com SIP/2.0\r\nVia: SIP/2.0/UDP XX.XXX.101.68:5060;branch=z9hG4bK-6ee3865\r\nFrom: VTHome ;tag=129d73a13db8ec7fo0\r\nTo: \r\nCall-ID: e3fd1da9-142a0a17"..., len=373, rcv_info=0x7fffe9c5ae90) at receive.c:175 #11 0x00467eeb in udp_rcv_loop () at udp_server.c:449 #12 0x0042097b in main_loop () at main.c:774 #13 0x004228b0 in main (argc=11, argv=0x7fffe9c5b118) at main.c:1321 (gdb) print size $1 = 32 (gdb) quit Core was generated by `/usr/local/sbin/kamailio -P /var/run/openser/openser.pid -m 32 -u openser -g op'. Program terminated with signal 11, Segmentation fault. #0 0x0046bf7b in fm_status (qm=0x72dc00) at mem/f_malloc.c:609 609 size+=f->size,f=f->u.nxt_free,i++,j++){ (gdb) backtrace #0 0x0046bf7b in fm_status (qm=0x72dc00) at mem/f_malloc.c:609 #1 0x0041feb3 in sig_usr (signo=15) at main.c:563 #2 #3 0x0039d8cd4a51 in __recvfrom_nocancel () from /lib64/libc.so.6 #4 0x00467bf4 in udp_rcv_loop () at udp_server.c:408 #5 0x0042097b in main_loop () at main.c:774 #6 0x004228b0 in main (argc=11, argv=0x7fffe9c5b118) at main.c:1321 (gdb) print i $1 = 402 (gdb) print j $2 = 1 (gdb) print size $3 = 7234295468789601279 (gdb) print f $4 = (struct fm_frag *) 0x3738656435393838 (gdb) print f->size Cannot access memory at address 0x3738656435393838 --- Andrew O. Zhukov ___ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users -- Daniel-Constantin Mierla http://www.asipto.com ___ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
Re: [SR-Users] After upgrade from openser 1.3.4 to kamailio 1.5.5 the same crash set
Couple month ago I sent whole set of crash-es from 1.3.4 to this maillist. Nobody respond me. On 02/10/2011 08:53 AM, Daniel-Constantin Mierla wrote: Hello, from the subject I don't understand exactly: did you get this crash also with 1.3.4? Is it reproducible? This crash-es from 1.5.5. I rise it up on this weekend. I do not shutdown server with 1.3.4 yet. I still keep all crashes there. Looks like there is a buffer overflow. Can you recompile/reinstall with memory debug on (in 1.5.x, see Makefile.vars)? The watch the logs and see if you get any error related to buffer overwritten ops. Ok. I'll do it. Cheers, Daniel On 2/10/11 7:37 AM, Andrew O. Zhukov wrote: [root@ tmp]# /usr/local/sbin/kamailio -V version: kamailio 1.5.5-notls (x86_64/linux) flags: STATISTICS, EXTRA_DEBUG, USE_IPV6, USE_TCP, DISABLE_NAGLE, USE_MCAST, SHM_MMAP, PKG_MALLOC, F_MALLOC, FAST_LOCK-ADAPTIVE_WAIT ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16, MAX_URI_SIZE 1024, BUF_SIZE 65535, PKG_SIZE 4194304 poll method support: poll, epoll_lt, epoll_et, sigio_rt, select. svnrevision: unknown @(#) $Id: main.c 5608 2009-02-13 16:48:17Z henningw $ main.c compiled on 12:38:36 Feb 2 2011 with gcc 4.1.2 - Core was generated by `/usr/local/sbin/kamailio -P /var/run/openser/openser.pid -m 32 -u openser -g op'. Program terminated with signal 11, Segmentation fault. #0 0x0046b0e3 in fm_malloc (qm=0x72dc00, size=32) at mem/f_malloc.c:354 354 if ((*f)->size>=size) goto found; (gdb) backtrace #0 0x0046b0e3 in fm_malloc (qm=0x72dc00, size=32) at mem/f_malloc.c:354 #1 0x2b30f2803087 in build_rr (_l=0x76f110, _l2=0x76fe80, user=0x7fffe9c5a500, tag=0x777a58, params=0x0, _inbound=0) at record.c:176 #2 0x2b30f2802b7a in record_route (_m=0x76e0e0, params=0x0) at record.c:322 #3 0x2b30f28047db in w_record_route (msg=0x76e0e0, key=0x0, bar=0x0) at rr_mod.c:212 #4 0x0040ed9b in do_action (a=0x73f5a0, msg=0x76e0e0) at action.c:874 #5 0x0040c03a in run_action_list (a=0x73f5a0, msg=0x76e0e0) at action.c:145 #6 0x0040e6a7 in do_action (a=0x73f810, msg=0x76e0e0) at action.c:746 #7 0x0040c03a in run_action_list (a=0x73e418, msg=0x76e0e0) at action.c:145 #8 0x0040c2a9 in run_actions (a=0x73e418, msg=0x76e0e0) at action.c:120 #9 0x0040c357 in run_top_route (a=0x73e418, msg=0x76e0e0) at action.c:195 #10 0x0043bda4 in receive_msg ( buf=0x70c980 "NOTIFY sip:XX.com SIP/2.0\r\nVia: SIP/2.0/UDP XX.XXX.101.68:5060;branch=z9hG4bK-6ee3865\r\nFrom: VTHome ;tag=129d73a13db8ec7fo0\r\nTo: \r\nCall-ID: e3fd1da9-142a0a17"..., len=373, rcv_info=0x7fffe9c5ae90) at receive.c:175 #11 0x00467eeb in udp_rcv_loop () at udp_server.c:449 #12 0x0042097b in main_loop () at main.c:774 #13 0x004228b0 in main (argc=11, argv=0x7fffe9c5b118) at main.c:1321 (gdb) print size $1 = 32 (gdb) quit Core was generated by `/usr/local/sbin/kamailio -P /var/run/openser/openser.pid -m 32 -u openser -g op'. Program terminated with signal 11, Segmentation fault. #0 0x0046bf7b in fm_status (qm=0x72dc00) at mem/f_malloc.c:609 609 size+=f->size,f=f->u.nxt_free,i++,j++){ (gdb) backtrace #0 0x0046bf7b in fm_status (qm=0x72dc00) at mem/f_malloc.c:609 #1 0x0041feb3 in sig_usr (signo=15) at main.c:563 #2 #3 0x0039d8cd4a51 in __recvfrom_nocancel () from /lib64/libc.so.6 #4 0x00467bf4 in udp_rcv_loop () at udp_server.c:408 #5 0x0042097b in main_loop () at main.c:774 #6 0x004228b0 in main (argc=11, argv=0x7fffe9c5b118) at main.c:1321 (gdb) print i $1 = 402 (gdb) print j $2 = 1 (gdb) print size $3 = 7234295468789601279 (gdb) print f $4 = (struct fm_frag *) 0x3738656435393838 (gdb) print f->size Cannot access memory at address 0x3738656435393838 --- Andrew O. Zhukov ___ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users ___ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
Re: [SR-Users] After upgrade from openser 1.3.4 to kamailio 1.5.5 the same crash set
Hello, from the subject I don't understand exactly: did you get this crash also with 1.3.4? Is it reproducible? Looks like there is a buffer overflow. Can you recompile/reinstall with memory debug on (in 1.5.x, see Makefile.vars)? The watch the logs and see if you get any error related to buffer overwritten ops. Cheers, Daniel On 2/10/11 7:37 AM, Andrew O. Zhukov wrote: [root@ tmp]# /usr/local/sbin/kamailio -V version: kamailio 1.5.5-notls (x86_64/linux) flags: STATISTICS, EXTRA_DEBUG, USE_IPV6, USE_TCP, DISABLE_NAGLE, USE_MCAST, SHM_MMAP, PKG_MALLOC, F_MALLOC, FAST_LOCK-ADAPTIVE_WAIT ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16, MAX_URI_SIZE 1024, BUF_SIZE 65535, PKG_SIZE 4194304 poll method support: poll, epoll_lt, epoll_et, sigio_rt, select. svnrevision: unknown @(#) $Id: main.c 5608 2009-02-13 16:48:17Z henningw $ main.c compiled on 12:38:36 Feb 2 2011 with gcc 4.1.2 - Core was generated by `/usr/local/sbin/kamailio -P /var/run/openser/openser.pid -m 32 -u openser -g op'. Program terminated with signal 11, Segmentation fault. #0 0x0046b0e3 in fm_malloc (qm=0x72dc00, size=32) at mem/f_malloc.c:354 354 if ((*f)->size>=size) goto found; (gdb) backtrace #0 0x0046b0e3 in fm_malloc (qm=0x72dc00, size=32) at mem/f_malloc.c:354 #1 0x2b30f2803087 in build_rr (_l=0x76f110, _l2=0x76fe80, user=0x7fffe9c5a500, tag=0x777a58, params=0x0, _inbound=0) at record.c:176 #2 0x2b30f2802b7a in record_route (_m=0x76e0e0, params=0x0) at record.c:322 #3 0x2b30f28047db in w_record_route (msg=0x76e0e0, key=0x0, bar=0x0) at rr_mod.c:212 #4 0x0040ed9b in do_action (a=0x73f5a0, msg=0x76e0e0) at action.c:874 #5 0x0040c03a in run_action_list (a=0x73f5a0, msg=0x76e0e0) at action.c:145 #6 0x0040e6a7 in do_action (a=0x73f810, msg=0x76e0e0) at action.c:746 #7 0x0040c03a in run_action_list (a=0x73e418, msg=0x76e0e0) at action.c:145 #8 0x0040c2a9 in run_actions (a=0x73e418, msg=0x76e0e0) at action.c:120 #9 0x0040c357 in run_top_route (a=0x73e418, msg=0x76e0e0) at action.c:195 #10 0x0043bda4 in receive_msg ( buf=0x70c980 "NOTIFY sip:XX.com SIP/2.0\r\nVia: SIP/2.0/UDP XX.XXX.101.68:5060;branch=z9hG4bK-6ee3865\r\nFrom: VTHome ;tag=129d73a13db8ec7fo0\r\nTo: \r\nCall-ID: e3fd1da9-142a0a17"..., len=373, rcv_info=0x7fffe9c5ae90) at receive.c:175 #11 0x00467eeb in udp_rcv_loop () at udp_server.c:449 #12 0x0042097b in main_loop () at main.c:774 #13 0x004228b0 in main (argc=11, argv=0x7fffe9c5b118) at main.c:1321 (gdb) print size $1 = 32 (gdb) quit Core was generated by `/usr/local/sbin/kamailio -P /var/run/openser/openser.pid -m 32 -u openser -g op'. Program terminated with signal 11, Segmentation fault. #0 0x0046bf7b in fm_status (qm=0x72dc00) at mem/f_malloc.c:609 609 size+=f->size,f=f->u.nxt_free,i++,j++){ (gdb) backtrace #0 0x0046bf7b in fm_status (qm=0x72dc00) at mem/f_malloc.c:609 #1 0x0041feb3 in sig_usr (signo=15) at main.c:563 #2 #3 0x0039d8cd4a51 in __recvfrom_nocancel () from /lib64/libc.so.6 #4 0x00467bf4 in udp_rcv_loop () at udp_server.c:408 #5 0x0042097b in main_loop () at main.c:774 #6 0x004228b0 in main (argc=11, argv=0x7fffe9c5b118) at main.c:1321 (gdb) print i $1 = 402 (gdb) print j $2 = 1 (gdb) print size $3 = 7234295468789601279 (gdb) print f $4 = (struct fm_frag *) 0x3738656435393838 (gdb) print f->size Cannot access memory at address 0x3738656435393838 --- Andrew O. Zhukov ___ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users -- Daniel-Constantin Mierla http://www.asipto.com ___ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users