Hello,

can you test with latest version branch 4.2? I backported several patches related to dialog module, among them some related to a race for deleted dialogs detected as spiral, which may be the reason for this crash.

Cheers,
Daniel

On 17/09/15 12:25, Igor Potjevlesch wrote:

Hello Daniel,

 

Here is the output:

 

(gdb) frame 0

#0  0x00007fb6a8964e55 in dlg_clean_run (ti=23317351) at dlg_hash.c:244

244                             dlg = dlg->next;

(gdb) list

239             {

240                     lock_set_get(d_table->locks, d_table->entries[i].lock_idx);

241                     dlg = d_table->entries[i].first;

242                     while (dlg) {

243                             tdlg = dlg;

244                             dlg = dlg->next;

245                             if(tdlg->state==DLG_STATE_UNCONFIRMED && tdlg->init_ts<tm-300) {

246                                     /* dialog in early state older than 5min */

247                                     LM_NOTICE("dialog in early state is too old (%p ref %d)\n",

248                                                     tdlg, tdlg->ref);

(gdb) info locals

i = 2087

tm = 1441978496

dlg = 0xb02030a01201001

tdlg = 0xb02030a01201001

__FUNCTION__ = "dlg_clean_run"

(gdb) p *dlg

Cannot access memory at address 0xb02030a01201001

(gdb)

 

I hope this will help.

 

Regards,

 

Igor.

 

 

De : Daniel-Constantin Mierla [mailto:miconda@gmail.com]
Envoyé : jeudi 17 septembre 2015 11:40
À : Igor Potjevlesch <igor.potjevlesch@gmail.com>; 'Kamailio (SER) - Users Mailing List' <sr-users@lists.sip-router.org>
Objet : Re: [SR-Users] Multiple crashes of Kamailio 4.2.1

 

Hello,

from the second trace, can you get output for:

frame 0
list
info locals
p *dlg

Cheers,
Daniel

On 11/09/15 18:23, Igor Potjevlesch wrote:

Hello Daniel,

 

From the two crashes occurred today, I got 2 coredump. So I copy/past the result from these 4 backtraces:

 

No privates modules or patches. It's a regular 4.2.3.

 

(gdb) bt full

#0  0x00007fb6a8984c0e in remove_dialog_timer_unsafe (tl=0x7fb6978e9060) at dlg_timer.c:156

No locals.

#1  0x00007fb6a8985001 in remove_dialog_timer (tl=0x7fb6978e9060) at dlg_timer.c:182

        __FUNCTION__ = "remove_dialog_timer"

#2  0x00007fb6a8966bb7 in destroy_dlg (dlg=0x7fb6978e9008) at dlg_hash.c:357

        ret = 0

        var = 0x7fb6976154b0

        __FUNCTION__ = "destroy_dlg"

#3  0x00007fb6a8967b35 in destroy_dlg_table () at dlg_hash.c:438

        dlg = 0xb02030a01201001

        l_dlg = 0x7fb6978e9008

        i = 2087

        __FUNCTION__ = "destroy_dlg_table"

#4  0x00007fb6a8933263 in mod_destroy () at dialog.c:783

No locals.

#5  0x0000000000590d79 in destroy_modules () at sr_module.c:811

        t = 0x7fb6af43d670

        foo = 0x7fb6af43d440

        __FUNCTION__ = "destroy_modules"

#6  0x000000000049bb43 in cleanup (show_status=1) at main.c:569

        memlog = 0

        __FUNCTION__ = "cleanup"

#7  0x000000000049d10b in shutdown_children (sig=15, show_status=1) at main.c:711

        __FUNCTION__ = "shutdown_children"

#8  0x000000000049f6e1 in handle_sigs () at main.c:802

        chld = 0

        chld_status = 139

        memlog = -1755228944

        __FUNCTION__ = "handle_sigs"

#9  0x00000000004a6fbf in main_loop () at main.c:1757

        i = 8

        pid = 4424

        si = 0x0

        si_desc = "udp receiver child=7 sock=A.B.C.D:5060\000\000\000\000\016\b\000\000\377\177\000\000\260Ta\227\266\177\000\000\000\000\000\020\004\000\000\000\260Ta\227\266\177\000\000\060SA\000\000\000\000\000\240\177\207\b\001\000\000\000\060}\207\b\377\177\000\000\032dN\000\000\000\000\000h\261@\257z\000\000\000\276}p\000\000\000\000"

        nrprocs = 8

        __FUNCTION__ = "main_loop"

#10 0x00000000004ab8bf in main (argc=7, argv=0x7fff08877fa8) at main.c:2578

        cfg_stream = 0x18b4010

        c = -1

        r = 0

        tmp = 0x7fff08879f70 ""

        tmp_len = 0

        port = 0

        proto = 32767

        options = 0x6fcc00 ":f:cm:M:dVIhEeb:l:L:n:vKrRDTN:W:w:t:u:g:P:G:SQ:O:a:A:"

        ret = -1

        seed = 2249241156

        rfd = 4

        debug_save = 0

        debug_flag = 0

        dont_fork_cnt = 0

        n_lst = 0xc2

        p = 0x7fff08877e7e ""

        __FUNCTION__ = "main"

 

(gdb) bt full

#0  0x00007fb6a8964e55 in dlg_clean_run (ti=23317351) at dlg_hash.c:244

        i = 2087

        tm = 1441978496

        dlg = 0xb02030a01201001

        tdlg = 0xb02030a01201001

        __FUNCTION__ = "dlg_clean_run"

#1  0x00007fb6a8938dd6 in dlg_clean_timer_exec (ticks=23317351, param=0x0) at dialog.c:1260

No locals.

#2  0x00000000005fd540 in fork_sync_timer (child_id=-1, desc=0x7fb6a89970f1 "Dialog Clean Timer", make_sock=1, f=0x7fb6a8938dbd <dlg_clean_timer_exec>, param=0x0,

    interval=90000) at timer_proc.c:235

        pid = 0

        ts1 = 373077626

        ts2 = 90000

#3  0x00007fb6a8932b50 in child_init (rank=0) at dialog.c:740

        __FUNCTION__ = "child_init"

#4  0x0000000000591129 in init_mod_child (m=0x7fb6af43d670, rank=0) at sr_module.c:921

        __FUNCTION__ = "init_mod_child"

#5  0x0000000000590e64 in init_mod_child (m=0x7fb6af43e1b0, rank=0) at sr_module.c:918

        __FUNCTION__ = "init_mod_child"

#6  0x0000000000590e64 in init_mod_child (m=0x7fb6af43e728, rank=0) at sr_module.c:918

        __FUNCTION__ = "init_mod_child"

#7  0x0000000000590e64 in init_mod_child (m=0x7fb6af43eb90, rank=0) at sr_module.c:918

        __FUNCTION__ = "init_mod_child"

#8  0x0000000000590e64 in init_mod_child (m=0x7fb6af43f108, rank=0) at sr_module.c:918

        __FUNCTION__ = "init_mod_child"

#9  0x0000000000590e64 in init_mod_child (m=0x7fb6af43f418, rank=0) at sr_module.c:918

        __FUNCTION__ = "init_mod_child"

#10 0x0000000000590e64 in init_mod_child (m=0x7fb6af43f808, rank=0) at sr_module.c:918

        __FUNCTION__ = "init_mod_child"

#11 0x0000000000590e64 in init_mod_child (m=0x7fb6af43fb18, rank=0) at sr_module.c:918

        __FUNCTION__ = "init_mod_child"

#12 0x0000000000590e64 in init_mod_child (m=0x7fb6af440090, rank=0) at sr_module.c:918

        __FUNCTION__ = "init_mod_child"

#13 0x0000000000590e64 in init_mod_child (m=0x7fb6af4403d8, rank=0) at sr_module.c:918

        __FUNCTION__ = "init_mod_child"

#14 0x0000000000591433 in init_child (rank=0) at sr_module.c:947

No locals.

#15 0x00000000004a64c4 in main_loop () at main.c:1706

        i = 8

        pid = 4424

        si = 0x0

        si_desc = "udp receiver child=7 sock=A.B.C.D:5060\000\000\000\000\016\b\000\000\377\177\000\000\260Ta\227\266\177\000\000\000\000\000\020\004\000\000\000\260Ta\227\266\177\000\000\060SA\000\000\000\000\000\240\177\207\b\001\000\000\000\060}\207\b\377\177\000\000\032dN\000\000\000\000\000h\261@\257z\000\000\000\276}p\000\000\000\000"

        nrprocs = 8

        __FUNCTION__ = "main_loop"

#16 0x00000000004ab8bf in main (argc=7, argv=0x7fff08877fa8) at main.c:2578

        cfg_stream = 0x18b4010

        c = -1

        r = 0

        tmp = 0x7fff08879f70 ""

        tmp_len = 0

        port = 0

        proto = 32767

        options = 0x6fcc00 ":f:cm:M:dVIhEeb:l:L:n:vKrRDTN:W:w:t:u:g:P:G:SQ:O:a:A:"

        ret = -1

        seed = 2249241156

        rfd = 4

        debug_save = 0

        debug_flag = 0

        dont_fork_cnt = 0

        n_lst = 0xc2

        p = 0x7fff08877e7e ""

        __FUNCTION__ = "main"

 



-- 
Daniel-Constantin Mierla
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Book: SIP Routing With Kamailio - http://www.asipto.com
Kamailio Advanced Training, Sep 28-30, 2015, in Berlin - http://asipto.com/u/kat

-- 
Daniel-Constantin Mierla
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Book: SIP Routing With Kamailio - http://www.asipto.com
Kamailio Advanced Training, Sep 28-30, 2015, in Berlin - http://asipto.com/u/kat