Re: [SR-Users] Multiple crashes of Kamailio 4.2.1

Hello,

can you test with latest version branch 4.2? I backported several patches related to dialog module, among them some related to a race for deleted dialogs detected as spiral, which may be the reason for this crash.

Cheers, Daniel

On 17/09/15 12:25, Igor Potjevlesch wrote:

Hello Daniel,

Here is the output:

*(gdb) frame 0*

#0 0x00007fb6a8964e55 in dlg_clean_run (ti=23317351) at dlg_hash.c:244

244 dlg = dlg->next;

*(gdb) list*

239 {

240 lock_set_get(d_table->locks, d_table->entries[i].lock_idx);

241 dlg = d_table->entries[i].first;

242 while (dlg) {

243 tdlg = dlg;

244 dlg = dlg->next;

245 if(tdlg->state==DLG_STATE_UNCONFIRMED && tdlg->init_ts<tm-300) {

246 /* dialog in early state older than 5min */

247 LM_NOTICE("dialog in early state is too old (%p ref %d)\n",

248 tdlg, tdlg->ref);

*(gdb) info locals*

i = 2087

tm = 1441978496

dlg = 0xb02030a01201001

tdlg = 0xb02030a01201001

__FUNCTION__ = "dlg_clean_run"

*(gdb) p *dlg*

Cannot access memory at address 0xb02030a01201001

(gdb)

I hope this will help.

Regards,

Igor.

*De :*Daniel-Constantin Mierla [mailto:miconda@gmail.com] *Envoyé :* jeudi 17 septembre 2015 11:40 *À :* Igor Potjevlesch igor.potjevlesch@gmail.com; 'Kamailio (SER) - Users Mailing List' sr-users@lists.sip-router.org *Objet :* Re: [SR-Users] Multiple crashes of Kamailio 4.2.1

Hello,

from the second trace, can you get output for:

frame 0 list info locals p *dlg

Cheers, Daniel

On 11/09/15 18:23, Igor Potjevlesch wrote:

Hello Daniel,



From the two crashes occurred today, I got 2 coredump. So I
copy/past the result from these 4 backtraces:



No privates modules or patches. It's a regular 4.2.3.



(gdb) bt full

#0  0x00007fb6a8984c0e in remove_dialog_timer_unsafe
(tl=0x7fb6978e9060) at dlg_timer.c:156

No locals.

#1  0x00007fb6a8985001 in remove_dialog_timer (tl=0x7fb6978e9060)
at dlg_timer.c:182

        __FUNCTION__ = "remove_dialog_timer"

#2  0x00007fb6a8966bb7 in destroy_dlg (dlg=0x7fb6978e9008) at
dlg_hash.c:357

        ret = 0

        var = 0x7fb6976154b0

        __FUNCTION__ = "destroy_dlg"

#3  0x00007fb6a8967b35 in destroy_dlg_table () at dlg_hash.c:438

        dlg = 0xb02030a01201001

        l_dlg = 0x7fb6978e9008

        i = 2087

        __FUNCTION__ = "destroy_dlg_table"

#4  0x00007fb6a8933263 in mod_destroy () at dialog.c:783

No locals.

#5  0x0000000000590d79 in destroy_modules () at sr_module.c:811

        t = 0x7fb6af43d670

        foo = 0x7fb6af43d440

        __FUNCTION__ = "destroy_modules"

#6  0x000000000049bb43 in cleanup (show_status=1) at main.c:569

        memlog = 0

        __FUNCTION__ = "cleanup"

#7  0x000000000049d10b in shutdown_children (sig=15,
show_status=1) at main.c:711

        __FUNCTION__ = "shutdown_children"

#8  0x000000000049f6e1 in handle_sigs () at main.c:802

        chld = 0

        chld_status = 139

        memlog = -1755228944

        __FUNCTION__ = "handle_sigs"

#9  0x00000000004a6fbf in main_loop () at main.c:1757

        i = 8

        pid = 4424

        si = 0x0

        si_desc = "udp receiver child=7
sock=A.B.C.D:5060\000\000\000\000\016\b\000\000\377\177\000\000\260Ta\227\266\177\000\000\000\000\000\020\004\000\000\000\260Ta\227\266\177\000\000\060SA\000\000\000\000\000\240\177\207\b\001\000\000\000\060}\207\b\377\177\000\000\032dN\000\000\000\000\000h\261@\257z\000\000\000\276}p\000\000\000\000"

        nrprocs = 8

        __FUNCTION__ = "main_loop"

#10 0x00000000004ab8bf in main (argc=7, argv=0x7fff08877fa8) at
main.c:2578

        cfg_stream = 0x18b4010

        c = -1

        r = 0

        tmp = 0x7fff08879f70 ""

        tmp_len = 0

        port = 0

        proto = 32767

        options = 0x6fcc00
":f:cm:M:dVIhEeb:l:L:n:vKrRDTN:W:w:t:u:g:P:G:SQ:O:a:A:"

        ret = -1

        seed = 2249241156

        rfd = 4

        debug_save = 0

        debug_flag = 0

        dont_fork_cnt = 0

        n_lst = 0xc2

        p = 0x7fff08877e7e ""

        __FUNCTION__ = "main"



(gdb) bt full

#0  0x00007fb6a8964e55 in dlg_clean_run (ti=23317351) at
dlg_hash.c:244

        i = 2087

        tm = 1441978496

        dlg = 0xb02030a01201001

        tdlg = 0xb02030a01201001

        __FUNCTION__ = "dlg_clean_run"

#1  0x00007fb6a8938dd6 in dlg_clean_timer_exec (ticks=23317351,
param=0x0) at dialog.c:1260

No locals.

#2  0x00000000005fd540 in fork_sync_timer (child_id=-1,
desc=0x7fb6a89970f1 "Dialog Clean Timer", make_sock=1,
f=0x7fb6a8938dbd <dlg_clean_timer_exec>, param=0x0,

    interval=90000) at timer_proc.c:235

        pid = 0

        ts1 = 373077626

        ts2 = 90000

#3  0x00007fb6a8932b50 in child_init (rank=0) at dialog.c:740

        __FUNCTION__ = "child_init"

#4  0x0000000000591129 in init_mod_child (m=0x7fb6af43d670,
rank=0) at sr_module.c:921

        __FUNCTION__ = "init_mod_child"

#5  0x0000000000590e64 in init_mod_child (m=0x7fb6af43e1b0,
rank=0) at sr_module.c:918

        __FUNCTION__ = "init_mod_child"

#6  0x0000000000590e64 in init_mod_child (m=0x7fb6af43e728,
rank=0) at sr_module.c:918

        __FUNCTION__ = "init_mod_child"

#7  0x0000000000590e64 in init_mod_child (m=0x7fb6af43eb90,
rank=0) at sr_module.c:918

        __FUNCTION__ = "init_mod_child"

#8  0x0000000000590e64 in init_mod_child (m=0x7fb6af43f108,
rank=0) at sr_module.c:918

        __FUNCTION__ = "init_mod_child"

#9  0x0000000000590e64 in init_mod_child (m=0x7fb6af43f418,
rank=0) at sr_module.c:918

        __FUNCTION__ = "init_mod_child"

#10 0x0000000000590e64 in init_mod_child (m=0x7fb6af43f808,
rank=0) at sr_module.c:918

        __FUNCTION__ = "init_mod_child"

#11 0x0000000000590e64 in init_mod_child (m=0x7fb6af43fb18,
rank=0) at sr_module.c:918

        __FUNCTION__ = "init_mod_child"

#12 0x0000000000590e64 in init_mod_child (m=0x7fb6af440090,
rank=0) at sr_module.c:918

        __FUNCTION__ = "init_mod_child"

#13 0x0000000000590e64 in init_mod_child (m=0x7fb6af4403d8,
rank=0) at sr_module.c:918

        __FUNCTION__ = "init_mod_child"

#14 0x0000000000591433 in init_child (rank=0) at sr_module.c:947

No locals.

#15 0x00000000004a64c4 in main_loop () at main.c:1706

        i = 8

        pid = 4424

        si = 0x0

        si_desc = "udp receiver child=7
sock=A.B.C.D:5060\000\000\000\000\016\b\000\000\377\177\000\000\260Ta\227\266\177\000\000\000\000\000\020\004\000\000\000\260Ta\227\266\177\000\000\060SA\000\000\000\000\000\240\177\207\b\001\000\000\000\060}\207\b\377\177\000\000\032dN\000\000\000\000\000h\261@\257z\000\000\000\276}p\000\000\000\000"

        nrprocs = 8

        __FUNCTION__ = "main_loop"

#16 0x00000000004ab8bf in main (argc=7, argv=0x7fff08877fa8) at
main.c:2578

        cfg_stream = 0x18b4010

        c = -1

        r = 0

        tmp = 0x7fff08879f70 ""

        tmp_len = 0

        port = 0

        proto = 32767

        options = 0x6fcc00
":f:cm:M:dVIhEeb:l:L:n:vKrRDTN:W:w:t:u:g:P:G:SQ:O:a:A:"

        ret = -1

        seed = 2249241156

        rfd = 4

        debug_save = 0

        debug_flag = 0

        dont_fork_cnt = 0

        n_lst = 0xc2

        p = 0x7fff08877e7e ""

        __FUNCTION__ = "main"

-- Daniel-Constantin Mierla http://twitter.com/#!/miconda http://twitter.com/#%21/miconda - http://www.linkedin.com/in/miconda Book: SIP Routing With Kamailio - http://www.asipto.com Kamailio Advanced Training, Sep 28-30, 2015, in Berlin - http://asipto.com/u/kat