Hello,
I have seen couple of crashes since yesterday.
I copy/paste the last "bt full":
Program terminated with signal 11, Segmentation fault.
#0 0x0000000000619694 in fm_extract_free (qm=0x7fcdf8780000, frag=0x7fcdf8a62c78) at mem/f_malloc.c:206
206 *pf=
(gdb) bt full
#0 0x0000000000619694 in fm_extract_free (qm=0x7fcdf8780000, frag=0x7fcdf8a62c78) at mem/f_malloc.c:206
pf = 0x6576203b50555349
hash = 2097
#1 0x000000000061ad68 in fm_malloc (qm=0x7fcdf8780000, size=1104, file=0x7fce0f081a7b "tm: t_msgbuilder.c", func=0x7fce0f0860a0 "build_local_reparse", line=369)
at mem/f_malloc.c:490
f = 0x7fcdf8780b08
frag = 0x7fcdf8a62c78
hash = 156
__FUNCTION__ = "fm_malloc"
#2 0x00007fce0f011fa9 in _shm_malloc (size=1099, file=0x7fce0f081a7b "tm: t_msgbuilder.c", function=0x7fce0f0860a0 "build_local_reparse", line=369) at ../../mem/shm_mem.h:208
p = 0x6
#3 0x00007fce0f01920e in build_local_reparse (Trans=0x7fcdf8a5e2f0, branch=0, len=0x7fff00c32fbc, method=0x7fce0f087a25 "ACK", method_len=3, to=0x7fff00c32d90, reason=0x0)
at t_msgbuilder.c:369
invite_buf = 0x7fcdf8a62868 "INVITE sip:<CALLED>@goren SIP/2.0\r\nRecord-Route: sip:A.B.C5.60;lr;did=5b1.3112\r\nCSeq: 1 INVITE\r\nCall-ID: 3da8-469-1111201513435-JANGO-1-A.B.C_leg2\r\nFrom: <sip:<CALLING>@<HOST_FROM>>;"...
invite_buf_end = 0x7fcdf8a62c70 ""
cancel_buf = 0x415440 "1\355I\211\321^H\211\342H\203\344\360PTI\307\300\300\363m"
s = 0x7fcdf8a62868 "INVITE sip:<CALLED>@goren SIP/2.0\r\nRecord-Route: sip:A.B.C5.60;lr;did=5b1.3112\r\nCSeq: 1 INVITE\r\nCall-ID: 3da8-469-1111201513435-JANGO-1-A.B.C_leg2\r\nFrom: <sip:<CALLING>@<HOST_FROM>>;"...
s1 = 0x0
d = 0x10703ab0 <Address 0x10703ab0 out of bounds>
invite_len = 1032
hf_type = 2540
first_via = 0
to_len = 67
cancel_buf_len = 1099
reason_len = 0
code_len = 0
reas1 = 0x0
reas_last = 0x0
hdr = 0xa7294e
__FUNCTION__ = "build_local_reparse"
#4 0x00007fce0f02e58b in build_ack (rpl=0x7fce107038b8, trans=0x7fcdf8a5e2f0, branch=0, ret_len=0x7fff00c32fbc) at t_reply.c:439
to = {s = 0xa728f6 "To: <sip:+<CALLED>@A.B.C5.60:5060>;tag=3658827875-928685\r\nContent-Length: 0\r\n\r\n", len = 67}
__FUNCTION__ = "build_ack"
#5 0x00007fce0f03b3ca in reply_received (p_msg=0x7fce107038b8) at t_reply.c:2253
msg_status = 488
last_uac_status = 100
ack = 0x7fce10588010 "\001"
ack_len = 0
branch = 0
reply_status = 274235864
onreply_route = 1
cancel_data = {cancel_bitmap = 0, reason = {cause = 0, u = {text = {s = 0x0, len = 10955086}, e2e_cancel = 0x0, packed_hdrs = {s = 0x0, len = 10955086}}}}
uac = 0x7fcdf8a5e458
t = 0x7fcdf8a5e2f0
lack_dst = {send_sock = 0x13a948, to = {s = {sa_family = 10306, sa_data = "\247\000\000\000\000\000(\r\030\000\000\000\000"}, sin = {sin_family = 10306,
sin_port = 167, sin_addr = {s_addr = 0}, sin_zero = "(\r\030\000\000\000\000"}, sin6 = {sin6_family = 10306, sin6_port = 167, sin6_flowinfo = 0, sin6_addr = {
__in6_u = {__u6_addr8 = "(\r\030\000\000\000\000\000\270|^\020\316\177\000", __u6_addr16 = {3368, 24, 0, 0, 31928, 4190, 32718, 0}, __u6_addr32 = {1576232, 0,
274627768, 32718}}}, sin6_scope_id = 93}}, id = 0, proto = -72 '\270', send_flags = {f = 106 'j', blst_imask = 94 '^'}}
backup_user_from = 0x758a50
backup_user_to = 0x415440
backup_domain_from = 0x300c337e0
backup_domain_to = 0x0
backup_uri_from = 0x7fce10703ab0
backup_uri_to = 0x7fff00c330d0
backup_xavps = 0x628478
replies_locked = 0
branch_ret = 0
prev_branch = 275790040
blst_503_timeout = 32718
hf = 0x18e00c33060
onsend_params = {req = 0x7fff00c32f50, rpl = 0x47deb8, param = 0x0, code = 274623280, flags = 32718, branch = 0, t_rbuf = 0xa7294e, dst = 0xa727e1, send_buf = {
s = 0x7fff00c33010 "\320\060", <incomplete sequence \303>, len = 6402299}}
ctx = {rec_lev = 7715456, run_flags = 0, last_retcode = 7704068, jmp_env = {{__jmpbuf = {232, 140523014225936, 140523014226728, 140523014618240, 29, 0,
140523015781040, 4281408}, __mask_was_saved = 12793824, __saved_mask = {__val = {0, 140733206179856, 6439748, 140733206179616, 140523001001690,
140733206179584, 0, 67108864, 65537912, 1288288, 1570952, 1576232, 8, 94, 0, 1473240891392}}}}}
__FUNCTION__ = "reply_received"
#6 0x000000000048cc3a in do_forward_reply (msg=0x7fce107038b8, mode=0) at forward.c:783
new_buf = 0x0
dst = {send_sock = 0x0, to = {s = {sa_family = 0, sa_data = '\000' <repeats 13 times>}, sin = {sin_family = 0, sin_port = 0, sin_addr = {s_addr = 0},
sin_zero = "\000\000\000\000\000\000\000"}, sin6 = {sin6_family = 0, sin6_port = 0, sin6_flowinfo = 0, sin6_addr = {__in6_u = {
__u6_addr8 = '\000' <repeats 15 times>, __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}, id = 0, proto = 0 '\000',
send_flags = {f = 0 '\000', blst_imask = 0 '\000'}}
new_len = 1
r = 0
ip = {af = 12792240, len = 32767, u = {addrl = {6466393, 280}, addr32 = {6466393, 0, 280, 0}, addr16 = {43865, 98, 0, 0, 280, 0, 0, 0},
addr = "Y\253b\000\000\000\000\000\030\001\000\000\000\000\000"}}
s = 0x410004 ""
len = 0
__FUNCTION__ = "do_forward_reply"
#7 0x000000000048e27d in forward_reply (msg=0x7fce107038b8) at forward.c:885
---Type <return> to continue, or q <return> to quit---
No locals.
#8 0x0000000000509c9c in receive_msg (
buf=0xa727c0 "SIP/2.0 488 Not Acceptable Here\r\nVia: SIP/2.0/UDP A.B.C5.60;rport=5060;branch=z9hG4bKce12.98a05ce27e0243c4d775920d81e7ce82.0\r \nVia: SIP/2.0/UDP <HOST_FROM>;branch=z9hG4bK.5667f6e0\r\nFrom: <sip:332"..., len=398, rcv_info=0x7fff00c333b0) at receive.c:275
msg = 0x7fce107038b8
ctx = {rec_lev = 10237056, run_flags = 0, last_retcode = 0, jmp_env = {{__jmpbuf = {0, 0, 0, 272136986608, 1812476198913, 0, 272145363728, 272145384176},
__mask_was_saved = 0, __saved_mask = {__val = {140523014366192, 140733206180688, 1, 140522613671152, 272137013029, 50195, 1024, 4307759872, 140522613671152,
140733206180608, 6299381, 140733206180896, 140522613671152, 81, 6299509, 140733206180976}}}}}
ret = 12792656
inb = {
s = 0xa727c0 "SIP/2.0 488 Not Acceptable Here\r\nVia: SIP/2.0/UDP A.B.C5.60;rport=5060;branch=z9hG4bKce12.98a05ce27e0243c4d775920d81e7ce82.0\r \nVia: SIP/2.0/UDP <HOST_FROM>;branch=z9hG4bK.5667f6e0\r\nFrom: <sip:332"..., len = 398}
__FUNCTION__ = "receive_msg"
#9 0x0000000000608f02 in udp_rcv_loop () at udp_server.c:521
len = 398
buf = "SIP/2.0 488 Not Acceptable Here\r\nVia: SIP/2.0/UDP A.B.C5.60;rport=5060;branch=z9hG4bKce12.98a05ce27e0243c4d775920d81e7ce82.0\r \nVia: SIP/2.0/UDP <HOST_FROM>;branch=z9hG4bK.5667f6e0\r\nFrom: <sip:332"...
tmp = 0x3f60c4067a <Address 0x3f60c4067a out of bounds>
from = 0x7fce105e7920
fromlen = 16
ri = {src_ip = {af = 2, len = 4, u = {addrl = {151524537, 0}, addr32 = {151524537, 0, 0, 0}, addr16 = {5305, 2312, 0, 0, 0, 0, 0, 0},
addr = "\271\024\b\t", '\000' <repeats 11 times>}}, dst_ip = {af = 2, len = 4, u = {addrl = {1016190299, 0}, addr32 = {1016190299, 0, 0, 0}, addr16 = {54619,
15505, 0, 0, 0, 0, 0, 0}, addr = "[Õ<", '\000' <repeats 11 times>}}, src_port = 5060, dst_port = 5060, proto_reserved1 = 0, proto_reserved2 = 0, src_su = {
s = {sa_family = 2, sa_data = "\023Ĺ\024\b\t\000\000\000\000\000\000\000"}, sin = {sin_family = 2, sin_port = 50195, sin_addr = {s_addr = 151524537},
sin_zero = "\000\000\000\000\000\000\000"}, sin6 = {sin6_family = 2, sin6_port = 50195, sin6_flowinfo = 151524537, sin6_addr = {__in6_u = {
__u6_addr8 = '\000' <repeats 15 times>, __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}},
bind_address = 0x7fce105aa2b0, proto = 1 '\001'}
__FUNCTION__ = "udp_rcv_loop"
#10 0x00000000004a6d9b in main_loop () at main.c:1629
i = 0
pid = 0
si = 0x7fce105aa2b0
si_desc = "udp receiver child=0 sock=A.B.C5.60:5060\000\177\000\000 5\303\000\377\177\000\000\003zN\000\000\000\000\000\016\b\000\000\377\177\00 0\000\260\204x\370\315\177\000\000\000\000\000\020\004\000\000\000\260\204x\ 370\315\177\000\000@TA\000\000\000\000\000\340\067\303\000\001\000\000\000p5 \303\000\377\177\000\000\246zN\000\000\000\000"
nrprocs = 8
__FUNCTION__ = "main_loop"
#11 0x00000000004acedf in main (argc=7, argv=0x7fff00c337e8) at main.c:2581
cfg_stream = 0xac7010
c = -1
r = 0
tmp = 0x7fff00c34f70 ""
tmp_len = 32767
port = 12793534
proto = 0
options = 0x6ff8f8 ":f:cm:M:dVIhEeb:l:L:n:vKrRDTN:W:w:t:u:g:P:G:SQ:O:a:A:"
ret = -1
seed = 3913881212
rfd = 4
debug_save = 0
debug_flag = 0
dont_fork_cnt = 0
n_lst = 0x40d11c
p = 0xc2 <Address 0xc2 out of bounds>
__FUNCTION__ = "main"
Regards,
Igor.
Hello,
can you provide the list output in gdb for frame 0:
frame 0 list
Cheers, Daniel
On 11/12/15 16:19, Igor Potjevlesch wrote:
Hello,
I have seen couple of crashes since yesterday.
I copy/paste the last "bt full":
Program terminated with signal 11, Segmentation fault.
#0 0x0000000000619694 in fm_extract_free (qm=0x7fcdf8780000, frag=0x7fcdf8a62c78) at mem/f_malloc.c:206
206 *pf=
(gdb) bt full
#0 0x0000000000619694 in fm_extract_free (qm=0x7fcdf8780000, frag=0x7fcdf8a62c78) at mem/f_malloc.c:206
pf = 0x6576203b50555349 hash = 2097#1 0x000000000061ad68 in fm_malloc (qm=0x7fcdf8780000, size=1104, file=0x7fce0f081a7b "tm: t_msgbuilder.c", func=0x7fce0f0860a0 "build_local_reparse", line=369)
at mem/f_malloc.c:490 f = 0x7fcdf8780b08 frag = 0x7fcdf8a62c78 hash = 156 __FUNCTION__ = "fm_malloc"#2 0x00007fce0f011fa9 in _shm_malloc (size=1099, file=0x7fce0f081a7b "tm: t_msgbuilder.c", function=0x7fce0f0860a0 "build_local_reparse", line=369) at ../../mem/shm_mem.h:208
p = 0x6#3 0x00007fce0f01920e in build_local_reparse (Trans=0x7fcdf8a5e2f0, branch=0, len=0x7fff00c32fbc, method=0x7fce0f087a25 "ACK", method_len=3, to=0x7fff00c32d90, reason=0x0)
at t_msgbuilder.c:369 invite_buf = 0x7fcdf8a62868 "INVITE sip:<CALLED>@gorenSIP/2.0\r\nRecord-Route: sip:A.B.C5.60;lr;did=5b1.3112\r\nCSeq: 1 INVITE\r\nCall-ID: 3da8-469-1111201513435-JANGO-1-A.B.C_leg2\r\nFrom: <sip:<CALLING>@<HOST_FROM>>;"...
invite_buf_end = 0x7fcdf8a62c70 "" cancel_buf = 0x415440"1\355I\211\321^H\211\342H\203\344\360PTI\307\300\300\363m"
s = 0x7fcdf8a62868 "INVITE sip:<CALLED>@gorenSIP/2.0\r\nRecord-Route: sip:A.B.C5.60;lr;did=5b1.3112\r\nCSeq: 1 INVITE\r\nCall-ID: 3da8-469-1111201513435-JANGO-1-A.B.C_leg2\r\nFrom: <sip:<CALLING>@<HOST_FROM>>;"...
s1 = 0x0 d = 0x10703ab0 <Address 0x10703ab0 out of bounds> invite_len = 1032 hf_type = 2540 first_via = 0 to_len = 67 cancel_buf_len = 1099 reason_len = 0 code_len = 0 reas1 = 0x0 reas_last = 0x0 hdr = 0xa7294e __FUNCTION__ = "build_local_reparse"#4 0x00007fce0f02e58b in build_ack (rpl=0x7fce107038b8, trans=0x7fcdf8a5e2f0, branch=0, ret_len=0x7fff00c32fbc) at t_reply.c:439
to = {s = 0xa728f6 "To:<sip:+<CALLED>@A.B.C5.60:5060>;tag=3658827875-928685\r\nContent-Length: 0\r\n\r\n", len = 67}
__FUNCTION__ = "build_ack"#5 0x00007fce0f03b3ca in reply_received (p_msg=0x7fce107038b8) at t_reply.c:2253
msg_status = 488 last_uac_status = 100 ack = 0x7fce10588010 "\001" ack_len = 0 branch = 0 reply_status = 274235864 onreply_route = 1 cancel_data = {cancel_bitmap = 0, reason = {cause = 0, u ={text = {s = 0x0, len = 10955086}, e2e_cancel = 0x0, packed_hdrs = {s = 0x0, len = 10955086}}}}
uac = 0x7fcdf8a5e458 t = 0x7fcdf8a5e2f0 lack_dst = {send_sock = 0x13a948, to = {s = {sa_family =10306, sa_data = "\247\000\000\000\000\000(\r\030\000\000\000\000"}, sin = {sin_family = 10306,
sin_port = 167, sin_addr = {s_addr = 0}, sin_zero ="(\r\030\000\000\000\000"}, sin6 = {sin6_family = 10306, sin6_port = 167, sin6_flowinfo = 0, sin6_addr = {
__in6_u = {__u6_addr8 ="(\r\030\000\000\000\000\000\270|^\020\316\177\000", __u6_addr16 = {3368, 24, 0, 0, 31928, 4190, 32718, 0}, __u6_addr32 = {1576232, 0,
274627768, 32718}}}, sin6_scope_id = 93}}, id = 0,proto = -72 '\270', send_flags = {f = 106 'j', blst_imask = 94 '^'}}
backup_user_from = 0x758a50 backup_user_to = 0x415440 backup_domain_from = 0x300c337e0 backup_domain_to = 0x0 backup_uri_from = 0x7fce10703ab0 backup_uri_to = 0x7fff00c330d0 backup_xavps = 0x628478 replies_locked = 0 branch_ret = 0 prev_branch = 275790040 blst_503_timeout = 32718 hf = 0x18e00c33060 onsend_params = {req = 0x7fff00c32f50, rpl = 0x47deb8, param =0x0, code = 274623280, flags = 32718, branch = 0, t_rbuf = 0xa7294e, dst = 0xa727e1, send_buf = {
s = 0x7fff00c33010 "\320\060", <incomplete sequence \303>,len = 6402299}}
ctx = {rec_lev = 7715456, run_flags = 0, last_retcode =7704068, jmp_env = {{__jmpbuf = {232, 140523014225936, 140523014226728, 140523014618240, 29, 0,
140523015781040, 4281408}, __mask_was_saved =12793824, __saved_mask = {__val = {0, 140733206179856, 6439748, 140733206179616, 140523001001690,
140733206179584, 0, 67108864, 65537912, 1288288,1570952, 1576232, 8, 94, 0, 1473240891392}}}}}
__FUNCTION__ = "reply_received"#6 0x000000000048cc3a in do_forward_reply (msg=0x7fce107038b8, mode=0) at forward.c:783
new_buf = 0x0 dst = {send_sock = 0x0, to = {s = {sa_family = 0, sa_data ='\000' <repeats 13 times>}, sin = {sin_family = 0, sin_port = 0, sin_addr = {s_addr = 0},
sin_zero = "\000\000\000\000\000\000\000"}, sin6 ={sin6_family = 0, sin6_port = 0, sin6_flowinfo = 0, sin6_addr = {__in6_u = {
__u6_addr8 = '\000' <repeats 15 times>, __u6_addr16= {0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}, id = 0, proto = 0 '\000',
send_flags = {f = 0 '\000', blst_imask = 0 '\000'}} new_len = 1 r = 0 ip = {af = 12792240, len = 32767, u = {addrl = {6466393, 280},addr32 = {6466393, 0, 280, 0}, addr16 = {43865, 98, 0, 0, 280, 0, 0, 0},
addr ="Y\253b\000\000\000\000\000\030\001\000\000\000\000\000"}}
s = 0x410004 "" len = 0 __FUNCTION__ = "do_forward_reply"#7 0x000000000048e27d in forward_reply (msg=0x7fce107038b8) at forward.c:885
---Type <return> to continue, or q <return> to quit---
No locals.
#8 0x0000000000509c9c in receive_msg (
buf=0xa727c0 "SIP/2.0 488 Not Acceptable Here\r\nVia: SIP/2.0/UDPA.B.C5.60;rport=5060;branch=z9hG4bKce12.98a05ce27e0243c4d775920d81e7ce82.0\r\nVia: SIP/2.0/UDP <HOST_FROM>;branch=z9hG4bK.5667f6e0\r\nFrom: <sip:332"..., len=398, rcv_info=0x7fff00c333b0) at receive.c:275
msg = 0x7fce107038b8 ctx = {rec_lev = 10237056, run_flags = 0, last_retcode = 0,jmp_env = {{__jmpbuf = {0, 0, 0, 272136986608, 1812476198913, 0, 272145363728, 272145384176},
__mask_was_saved = 0, __saved_mask = {__val ={140523014366192, 140733206180688, 1, 140522613671152, 272137013029, 50195, 1024, 4307759872, 140522613671152,
140733206180608, 6299381, 140733206180896,140522613671152, 81, 6299509, 140733206180976}}}}}
ret = 12792656 inb = { s = 0xa727c0 "SIP/2.0 488 Not Acceptable Here\r\nVia:SIP/2.0/UDP A.B.C5.60;rport=5060;branch=z9hG4bKce12.98a05ce27e0243c4d775920d81e7ce82.0\r\nVia: SIP/2.0/UDP <HOST_FROM>;branch=z9hG4bK.5667f6e0\r\nFrom: <sip:332"..., len = 398}
__FUNCTION__ = "receive_msg"#9 0x0000000000608f02 in udp_rcv_loop () at udp_server.c:521
len = 398 buf = "SIP/2.0 488 Not Acceptable Here\r\nVia: SIP/2.0/UDPA.B.C5.60;rport=5060;branch=z9hG4bKce12.98a05ce27e0243c4d775920d81e7ce82.0\r\nVia: SIP/2.0/UDP <HOST_FROM>;branch=z9hG4bK.5667f6e0\r\nFrom: <sip:332"...
tmp = 0x3f60c4067a <Address 0x3f60c4067a out of bounds> from = 0x7fce105e7920 fromlen = 16 ri = {src_ip = {af = 2, len = 4, u = {addrl = {151524537, 0},addr32 = {151524537, 0, 0, 0}, addr16 = {5305, 2312, 0, 0, 0, 0, 0, 0},
addr = "\271\024\b\t", '\000' <repeats 11 times>}},dst_ip = {af = 2, len = 4, u = {addrl = {1016190299, 0}, addr32 = {1016190299, 0, 0, 0}, addr16 = {54619,
15505, 0, 0, 0, 0, 0, 0}, addr = "[Õ<", '\000'<repeats 11 times>}}, src_port = 5060, dst_port = 5060, proto_reserved1 = 0, proto_reserved2 = 0, src_su = {
s = {sa_family = 2, sa_data ="\023Ĺ\024\b\t\000\000\000\000\000\000\000"}, sin = {sin_family = 2, sin_port = 50195, sin_addr = {s_addr = 151524537},
sin_zero = "\000\000\000\000\000\000\000"}, sin6 ={sin6_family = 2, sin6_port = 50195, sin6_flowinfo = 151524537, sin6_addr = {__in6_u = {
__u6_addr8 = '\000' <repeats 15 times>, __u6_addr16= {0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}},
bind_address = 0x7fce105aa2b0, proto = 1 '\001'} __FUNCTION__ = "udp_rcv_loop"#10 0x00000000004a6d9b in main_loop () at main.c:1629
i = 0 pid = 0 si = 0x7fce105aa2b0 si_desc = "udp receiver child=0sock=A.B.C5.60:5060\000\177\000\000 5\303\000\377\177\000\000\003zN\000\000\000\000\000\016\b\000\000\377\177\000\000\260\204x\370\315\177\000\000\000\000\000\020\004\000\000\000\260\204x\370\315\177\000\000@TA\000\000\000\000\000\340\067\303\000\001\000\000\000p5\303\000\377\177\000\000\246zN\000\000\000\000"
nrprocs = 8 __FUNCTION__ = "main_loop"#11 0x00000000004acedf in main (argc=7, argv=0x7fff00c337e8) at main.c:2581
cfg_stream = 0xac7010 c = -1 r = 0 tmp = 0x7fff00c34f70 "" tmp_len = 32767 port = 12793534 proto = 0 options = 0x6ff8f8":f:cm:M:dVIhEeb:l:L:n:vKrRDTN:W:w:t:u:g:P:G:SQ:O:a:A:"
ret = -1 seed = 3913881212 rfd = 4 debug_save = 0 debug_flag = 0 dont_fork_cnt = 0 n_lst = 0x40d11c p = 0xc2 <Address 0xc2 out of bounds> __FUNCTION__ = "main"Regards,
Igor.
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
Hello Daniel,
Is this the expected output?:
(gdb) frame 0
#0 0x0000000000619694 in fm_extract_free (qm=0x7f0114c07000, frag=0x7f0114f0e4b0) at mem/f_malloc.c:206
206 *pf=frag->u.nxt_free;
(gdb) list
201 int hash;
202
203 pf = frag->prv_free;
204 hash = GET_HASH(frag->size);
205
206 *pf=frag->u.nxt_free;
207
208 if(frag->u.nxt_free) frag->u.nxt_free->prv_free = pf;
209
210 qm->ffrags--;
(gdb)
Regards,
Igor.
De : sr-users [mailto:sr-users-bounces@lists.sip-router.org] De la part de Daniel-Constantin Mierla Envoyé : lundi 14 décembre 2015 13:15 À : Kamailio (SER) - Users Mailing List sr-users@lists.sip-router.org Objet : Re: [SR-Users] Kamailio 4.2.6 crash
Hello,
can you provide the list output in gdb for frame 0:
frame 0 list
Cheers, Daniel
On 11/12/15 16:19, Igor Potjevlesch wrote:
Hello,
I have seen couple of crashes since yesterday.
I copy/paste the last "bt full":
Program terminated with signal 11, Segmentation fault.
#0 0x0000000000619694 in fm_extract_free (qm=0x7fcdf8780000, frag=0x7fcdf8a62c78) at mem/f_malloc.c:206
206 *pf=
(gdb) bt full
#0 0x0000000000619694 in fm_extract_free (qm=0x7fcdf8780000, frag=0x7fcdf8a62c78) at mem/f_malloc.c:206
pf = 0x6576203b50555349
hash = 2097
#1 0x000000000061ad68 in fm_malloc (qm=0x7fcdf8780000, size=1104, file=0x7fce0f081a7b "tm: t_msgbuilder.c", func=0x7fce0f0860a0 "build_local_reparse", line=369)
at mem/f_malloc.c:490
f = 0x7fcdf8780b08
frag = 0x7fcdf8a62c78
hash = 156
__FUNCTION__ = "fm_malloc"
#2 0x00007fce0f011fa9 in _shm_malloc (size=1099, file=0x7fce0f081a7b "tm: t_msgbuilder.c", function=0x7fce0f0860a0 "build_local_reparse", line=369) at ../../mem/shm_mem.h:208
p = 0x6
#3 0x00007fce0f01920e in build_local_reparse (Trans=0x7fcdf8a5e2f0, branch=0, len=0x7fff00c32fbc, method=0x7fce0f087a25 "ACK", method_len=3, to=0x7fff00c32d90, reason=0x0)
at t_msgbuilder.c:369
invite_buf = 0x7fcdf8a62868 "INVITE sip: sip:%3cCALLED%3e@goren <CALLED>@goren SIP/2.0\r\nRecord-Route: sip:A.B.C5.60;lr;did=5b1.3112 sip:A.B.C5.60;lr;did=5b1.3112\r\nCSeq: 1 INVITE\r\nCall-ID: 3da8-469-1111201513435-JANGO-1-A.B.C_leg2\r\nFrom: <sip: sip:%3cCALLING <CALLING>@<HOST_FROM>>;"...
invite_buf_end = 0x7fcdf8a62c70 ""
cancel_buf = 0x415440 "1\355I\211\321^H\211\342H\203\344\360PTI\307\300\300\363m"
s = 0x7fcdf8a62868 "INVITE sip: sip:%3cCALLED%3e@goren <CALLED>@goren SIP/2.0\r\nRecord-Route: sip:A.B.C5.60;lr;did=5b1.3112 sip:A.B.C5.60;lr;did=5b1.3112\r\nCSeq: 1 INVITE\r\nCall-ID: 3da8-469-1111201513435-JANGO-1-A.B.C_leg2\r\nFrom: <sip: sip:%3cCALLING <CALLING>@<HOST_FROM>>;"...
s1 = 0x0
d = 0x10703ab0 <Address 0x10703ab0 out of bounds>
invite_len = 1032
hf_type = 2540
first_via = 0
to_len = 67
cancel_buf_len = 1099
reason_len = 0
code_len = 0
reas1 = 0x0
reas_last = 0x0
hdr = 0xa7294e
__FUNCTION__ = "build_local_reparse"
#4 0x00007fce0f02e58b in build_ack (rpl=0x7fce107038b8, trans=0x7fcdf8a5e2f0, branch=0, ret_len=0x7fff00c32fbc) at t_reply.c:439
to = {s = 0xa728f6 "To: <sip:+<CALLED>@A.B.C5.60:5060>;tag=3658827875-928685\r\nContent-Length: 0\r\n\r\n", len = 67}
__FUNCTION__ = "build_ack"
#5 0x00007fce0f03b3ca in reply_received (p_msg=0x7fce107038b8) at t_reply.c:2253
msg_status = 488
last_uac_status = 100
ack = 0x7fce10588010 "\001"
ack_len = 0
branch = 0
reply_status = 274235864
onreply_route = 1
cancel_data = {cancel_bitmap = 0, reason = {cause = 0, u = {text = {s = 0x0, len = 10955086}, e2e_cancel = 0x0, packed_hdrs = {s = 0x0, len = 10955086}}}}
uac = 0x7fcdf8a5e458
t = 0x7fcdf8a5e2f0
lack_dst = {send_sock = 0x13a948, to = {s = {sa_family = 10306, sa_data = "\247\000\000\000\000\000(\r\030\000\000\000\000"}, sin = {sin_family = 10306,
sin_port = 167, sin_addr = {s_addr = 0}, sin_zero = "(\r\030\000\000\000\000"}, sin6 = {sin6_family = 10306, sin6_port = 167, sin6_flowinfo = 0, sin6_addr = {
__in6_u = {__u6_addr8 = "(\r\030\000\000\000\000\000\270|^\020\316\177\000", __u6_addr16 = {3368, 24, 0, 0, 31928, 4190, 32718, 0}, __u6_addr32 = {1576232, 0,
274627768, 32718}}}, sin6_scope_id = 93}}, id = 0, proto = -72 '\270', send_flags = {f = 106 'j', blst_imask = 94 '^'}}
backup_user_from = 0x758a50
backup_user_to = 0x415440
backup_domain_from = 0x300c337e0
backup_domain_to = 0x0
backup_uri_from = 0x7fce10703ab0
backup_uri_to = 0x7fff00c330d0
backup_xavps = 0x628478
replies_locked = 0
branch_ret = 0
prev_branch = 275790040
blst_503_timeout = 32718
hf = 0x18e00c33060
onsend_params = {req = 0x7fff00c32f50, rpl = 0x47deb8, param = 0x0, code = 274623280, flags = 32718, branch = 0, t_rbuf = 0xa7294e, dst = 0xa727e1, send_buf = {
s = 0x7fff00c33010 "\320\060", <incomplete sequence \303>, len = 6402299}}
ctx = {rec_lev = 7715456, run_flags = 0, last_retcode = 7704068, jmp_env = {{__jmpbuf = {232, 140523014225936, 140523014226728, 140523014618240, 29, 0,
140523015781040, 4281408}, __mask_was_saved = 12793824, __saved_mask = {__val = {0, 140733206179856, 6439748, 140733206179616, 140523001001690,
140733206179584, 0, 67108864, 65537912, 1288288, 1570952, 1576232, 8, 94, 0, 1473240891392}}}}}
__FUNCTION__ = "reply_received"
#6 0x000000000048cc3a in do_forward_reply (msg=0x7fce107038b8, mode=0) at forward.c:783
new_buf = 0x0
dst = {send_sock = 0x0, to = {s = {sa_family = 0, sa_data = '\000' <repeats 13 times>}, sin = {sin_family = 0, sin_port = 0, sin_addr = {s_addr = 0},
sin_zero = "\000\000\000\000\000\000\000"}, sin6 = {sin6_family = 0, sin6_port = 0, sin6_flowinfo = 0, sin6_addr = {__in6_u = {
__u6_addr8 = '\000' <repeats 15 times>, __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}, id = 0, proto = 0 '\000',
send_flags = {f = 0 '\000', blst_imask = 0 '\000'}}
new_len = 1
r = 0
ip = {af = 12792240, len = 32767, u = {addrl = {6466393, 280}, addr32 = {6466393, 0, 280, 0}, addr16 = {43865, 98, 0, 0, 280, 0, 0, 0},
addr = "Y\253b\000\000\000\000\000\030\001\000\000\000\000\000"}}
s = 0x410004 ""
len = 0
__FUNCTION__ = "do_forward_reply"
#7 0x000000000048e27d in forward_reply (msg=0x7fce107038b8) at forward.c:885
---Type <return> to continue, or q <return> to quit---
No locals.
#8 0x0000000000509c9c in receive_msg (
buf=0xa727c0 "SIP/2.0 488 Not Acceptable Here\r\nVia: SIP/2.0/UDP A.B.C5.60;rport=5060;branch=z9hG4bKce12.98a05ce27e0243c4d775920d81e7ce82.0\r \nVia: SIP/2.0/UDP <HOST_FROM>;branch=z9hG4bK.5667f6e0\r\nFrom: <sip:332"..., len=398, rcv_info=0x7fff00c333b0) at receive.c:275
msg = 0x7fce107038b8
ctx = {rec_lev = 10237056, run_flags = 0, last_retcode = 0, jmp_env = {{__jmpbuf = {0, 0, 0, 272136986608, 1812476198913, 0, 272145363728, 272145384176},
__mask_was_saved = 0, __saved_mask = {__val = {140523014366192, 140733206180688, 1, 140522613671152, 272137013029, 50195, 1024, 4307759872, 140522613671152,
140733206180608, 6299381, 140733206180896, 140522613671152, 81, 6299509, 140733206180976}}}}}
ret = 12792656
inb = {
s = 0xa727c0 "SIP/2.0 488 Not Acceptable Here\r\nVia: SIP/2.0/UDP A.B.C5.60;rport=5060;branch=z9hG4bKce12.98a05ce27e0243c4d775920d81e7ce82.0\r \nVia: SIP/2.0/UDP <HOST_FROM>;branch=z9hG4bK.5667f6e0\r\nFrom: <sip:332"..., len = 398}
__FUNCTION__ = "receive_msg"
#9 0x0000000000608f02 in udp_rcv_loop () at udp_server.c:521
len = 398
buf = "SIP/2.0 488 Not Acceptable Here\r\nVia: SIP/2.0/UDP A.B.C5.60;rport=5060;branch=z9hG4bKce12.98a05ce27e0243c4d775920d81e7ce82.0\r \nVia: SIP/2.0/UDP <HOST_FROM>;branch=z9hG4bK.5667f6e0\r\nFrom: <sip:332"...
tmp = 0x3f60c4067a <Address 0x3f60c4067a out of bounds>
from = 0x7fce105e7920
fromlen = 16
ri = {src_ip = {af = 2, len = 4, u = {addrl = {151524537, 0}, addr32 = {151524537, 0, 0, 0}, addr16 = {5305, 2312, 0, 0, 0, 0, 0, 0},
addr = "\271\024\b\t", '\000' <repeats 11 times>}}, dst_ip = {af = 2, len = 4, u = {addrl = {1016190299, 0}, addr32 = {1016190299, 0, 0, 0}, addr16 = {54619,
15505, 0, 0, 0, 0, 0, 0}, addr = "[Õ<", '\000' <repeats 11 times>}}, src_port = 5060, dst_port = 5060, proto_reserved1 = 0, proto_reserved2 = 0, src_su = {
s = {sa_family = 2, sa_data = "\023Ĺ\024\b\t\000\000\000\000\000\000\000"}, sin = {sin_family = 2, sin_port = 50195, sin_addr = {s_addr = 151524537},
sin_zero = "\000\000\000\000\000\000\000"}, sin6 = {sin6_family = 2, sin6_port = 50195, sin6_flowinfo = 151524537, sin6_addr = {__in6_u = {
__u6_addr8 = '\000' <repeats 15 times>, __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}},
bind_address = 0x7fce105aa2b0, proto = 1 '\001'}
__FUNCTION__ = "udp_rcv_loop"
#10 0x00000000004a6d9b in main_loop () at main.c:1629
i = 0
pid = 0
si = 0x7fce105aa2b0
si_desc = "udp receiver child=0 sock=A.B.C5.60:5060\000\177\000\000 5\303\000\377\177\000\000\003zN\000\000\000\000\000\016\b\000\000\377\177\00 0\000\260\204x\370\315\177\000\000\000\000\000\020\004\000\000\000\260\204x\ 370\315\177\000\000@TA\000\000\000\000\000\340\067\303\000\001\000\000\000p5 \303\000\377\177\000\000\246zN\000\000\000\000"
nrprocs = 8
__FUNCTION__ = "main_loop"
#11 0x00000000004acedf in main (argc=7, argv=0x7fff00c337e8) at main.c:2581
cfg_stream = 0xac7010
c = -1
r = 0
tmp = 0x7fff00c34f70 ""
tmp_len = 32767
port = 12793534
proto = 0
options = 0x6ff8f8 ":f:cm:M:dVIhEeb:l:L:n:vKrRDTN:W:w:t:u:g:P:G:SQ:O:a:A:"
ret = -1
seed = 3913881212
rfd = 4
debug_save = 0
debug_flag = 0
dont_fork_cnt = 0
n_lst = 0x40d11c
p = 0xc2 <Address 0xc2 out of bounds>
__FUNCTION__ = "main"
Regards,
Igor.
_______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org mailto:sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
Hello,
yes, it is the output I wanted.
What is the exact version are you running? It is the output of 'kamailio -v'.
Cheers, Daniel
On 14/12/15 15:53, Igor Potjevlesch wrote:
Hello Daniel,
Is this the expected output?:
(gdb) frame 0
#0 0x0000000000619694 in fm_extract_free (qm=0x7f0114c07000, frag=0x7f0114f0e4b0) at mem/f_malloc.c:206
206 *pf=frag->u.nxt_free;
(gdb) list
201 int hash;
202
203 pf = frag->prv_free;
204 hash = GET_HASH(frag->size);
205
206 *pf=frag->u.nxt_free;
207
208 if(frag->u.nxt_free) frag->u.nxt_free->prv_free = pf;
209
210 qm->ffrags--;
(gdb)
Regards,
Igor.
*De :*sr-users [mailto:sr-users-bounces@lists.sip-router.org] *De la part de* Daniel-Constantin Mierla *Envoyé :* lundi 14 décembre 2015 13:15 *À :* Kamailio (SER) - Users Mailing List sr-users@lists.sip-router.org *Objet :* Re: [SR-Users] Kamailio 4.2.6 crash
Hello,
can you provide the list output in gdb for frame 0:
frame 0 list
Cheers, Daniel
Hello,
Here is the output:
kamailio -v
version: kamailio 4.2.6 (x86_64/linux) db77ac
flags: STATS: Off, USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS, DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MEM, SHM_MMAP, PKG_MALLOC, F_MALLOC, DBG_F_MALLOC, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLACKLIST, HAVE_RESOLV_RES
ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16, MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT PKG_SIZE 64MB
poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
id: db77ac
compiled on 12:19:48 Oct 2 2015 with gcc 4.4.7
Regards,
Igor.
De : Daniel-Constantin Mierla [mailto:miconda@gmail.com] Envoyé : lundi 14 décembre 2015 16:16 À : Igor Potjevlesch igor.potjevlesch@gmail.com; 'Kamailio (SER) - Users Mailing List' sr-users@lists.sip-router.org Objet : Re: [SR-Users] Kamailio 4.2.6 crash
Hello,
yes, it is the output I wanted.
What is the exact version are you running? It is the output of 'kamailio -v'.
Cheers, Daniel
On 14/12/15 15:53, Igor Potjevlesch wrote:
Hello Daniel,
Is this the expected output?:
(gdb) frame 0
#0 0x0000000000619694 in fm_extract_free (qm=0x7f0114c07000, frag=0x7f0114f0e4b0) at mem/f_malloc.c:206
206 *pf=frag->u.nxt_free;
(gdb) list
201 int hash;
202
203 pf = frag->prv_free;
204 hash = GET_HASH(frag->size);
205
206 *pf=frag->u.nxt_free;
207
208 if(frag->u.nxt_free) frag->u.nxt_free->prv_free = pf;
209
210 qm->ffrags--;
(gdb)
Regards,
Igor.
De : sr-users [mailto:sr-users-bounces@lists.sip-router.org] De la part de Daniel-Constantin Mierla Envoyé : lundi 14 décembre 2015 13:15 À : Kamailio (SER) - Users Mailing List mailto:sr-users@lists.sip-router.org sr-users@lists.sip-router.org Objet : Re: [SR-Users] Kamailio 4.2.6 crash
Hello,
can you provide the list output in gdb for frame 0:
frame 0 list
Cheers, Daniel
Hello,
can you upgrade to 4.2.7, it has some fixes that may be related to this issue -- there are no changes to config/database that need to be done.
Cheers, Daniel
On 16/12/15 15:06, Igor Potjevlesch wrote:
Hello,
Here is the output:
kamailio -v
version: kamailio 4.2.6 (x86_64/linux) db77ac
flags: STATS: Off, USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS, DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MEM, SHM_MMAP, PKG_MALLOC, F_MALLOC, DBG_F_MALLOC, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLACKLIST, HAVE_RESOLV_RES
ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16, MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT PKG_SIZE 64MB
poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
id: db77ac
compiled on 12:19:48 Oct 2 2015 with gcc 4.4.7
Regards,
Igor.
*De :*Daniel-Constantin Mierla [mailto:miconda@gmail.com] *Envoyé :* lundi 14 décembre 2015 16:16 *À :* Igor Potjevlesch igor.potjevlesch@gmail.com; 'Kamailio (SER) - Users Mailing List' sr-users@lists.sip-router.org *Objet :* Re: [SR-Users] Kamailio 4.2.6 crash
Hello,
yes, it is the output I wanted.
What is the exact version are you running? It is the output of 'kamailio -v'.
Cheers, Daniel
On 14/12/15 15:53, Igor Potjevlesch wrote:
Hello Daniel, Is this the expected output?: (gdb) frame 0 #0 0x0000000000619694 in fm_extract_free (qm=0x7f0114c07000, frag=0x7f0114f0e4b0) at mem/f_malloc.c:206 206 *pf=frag->u.nxt_free; (gdb) list 201 int hash; 202 203 pf = frag->prv_free; 204 hash = GET_HASH(frag->size); 205 206 *pf=frag->u.nxt_free; 207 208 if(frag->u.nxt_free) frag->u.nxt_free->prv_free = pf; 209 210 qm->ffrags--; (gdb) Regards, Igor. *De :*sr-users [mailto:sr-users-bounces@lists.sip-router.org] *De la part de* Daniel-Constantin Mierla *Envoyé :* lundi 14 décembre 2015 13:15 *À :* Kamailio (SER) - Users Mailing List <sr-users@lists.sip-router.org> <mailto:sr-users@lists.sip-router.org> *Objet :* Re: [SR-Users] Kamailio 4.2.6 crash Hello, can you provide the list output in gdb for frame 0: frame 0 list Cheers, Daniel-- Daniel-Constantin Mierla http://twitter.com/#!/miconda http://twitter.com/#%21/miconda - http://www.linkedin.com/in/miconda Book: SIP Routing With Kamailio - http://www.asipto.com http://miconda.eu
Hi Daniel,
I wish you an happy new year! I will schedule this update in the next few days.
Thank you for your support.
Regards,
Igor.
De : Daniel-Constantin Mierla [mailto:miconda@gmail.com] Envoyé : vendredi 18 décembre 2015 11:28 À : Igor Potjevlesch igor.potjevlesch@gmail.com; 'Kamailio (SER) - Users Mailing List' sr-users@lists.sip-router.org Objet : Re: [SR-Users] Kamailio 4.2.6 crash
Hello,
can you upgrade to 4.2.7, it has some fixes that may be related to this issue -- there are no changes to config/database that need to be done.
Cheers, Daniel
On 16/12/15 15:06, Igor Potjevlesch wrote:
Hello,
Here is the output:
kamailio -v
version: kamailio 4.2.6 (x86_64/linux) db77ac
flags: STATS: Off, USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS, DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MEM, SHM_MMAP, PKG_MALLOC, F_MALLOC, DBG_F_MALLOC, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLACKLIST, HAVE_RESOLV_RES
ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16, MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT PKG_SIZE 64MB
poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
id: db77ac
compiled on 12:19:48 Oct 2 2015 with gcc 4.4.7
Regards,
Igor.
De : Daniel-Constantin Mierla [mailto:miconda@gmail.com] Envoyé : lundi 14 décembre 2015 16:16 À : Igor Potjevlesch mailto:igor.potjevlesch@gmail.com igor.potjevlesch@gmail.com; 'Kamailio (SER) - Users Mailing List' mailto:sr-users@lists.sip-router.org sr-users@lists.sip-router.org Objet : Re: [SR-Users] Kamailio 4.2.6 crash
Hello,
yes, it is the output I wanted.
What is the exact version are you running? It is the output of 'kamailio -v'.
Cheers, Daniel
On 14/12/15 15:53, Igor Potjevlesch wrote:
Hello Daniel,
Is this the expected output?:
(gdb) frame 0
#0 0x0000000000619694 in fm_extract_free (qm=0x7f0114c07000, frag=0x7f0114f0e4b0) at mem/f_malloc.c:206
206 *pf=frag->u.nxt_free;
(gdb) list
201 int hash;
202
203 pf = frag->prv_free;
204 hash = GET_HASH(frag->size);
205
206 *pf=frag->u.nxt_free;
207
208 if(frag->u.nxt_free) frag->u.nxt_free->prv_free = pf;
209
210 qm->ffrags--;
(gdb)
Regards,
Igor.
De : sr-users [mailto:sr-users-bounces@lists.sip-router.org] De la part de Daniel-Constantin Mierla Envoyé : lundi 14 décembre 2015 13:15 À : Kamailio (SER) - Users Mailing List mailto:sr-users@lists.sip-router.org sr-users@lists.sip-router.org Objet : Re: [SR-Users] Kamailio 4.2.6 crash
Hello,
can you provide the list output in gdb for frame 0:
frame 0 list
Cheers, Daniel
Hello Daniel,
I move to 4.2.7. This morning a new crash occurred. I got two coredump:
Core was generated by `/usr/local/sbin/kamailio -P /var/run/kamailio.pid -m 256 -M 64'.
Program terminated with signal 11, Segmentation fault.
#0 0x000000000062245e in qm_status (qm=0x7f9abd447000) at mem/q_malloc.c:788
788 f!=&(qm->free_hash[h].head); f=f->u.nxt_free, i++, j++){
(gdb) bt full
#0 0x000000000062245e in qm_status (qm=0x7f9abd447000) at mem/q_malloc.c:788
f = 0x30a012010010a0d
i = 57
j = 4
h = 4
unused = 0
memlog = 5
mem_summary = 3
__FUNCTION__ = "qm_status"
#1 0x000000000061a795 in qm_debug_frag (qm=0x7f9abd447000, f=0x7f9abd767970) at mem/q_malloc.c:160
__FUNCTION__ = "qm_debug_frag"
#2 0x000000000061ca58 in qm_free (qm=0x7f9abd447000, p=0x7f9abd7679a0, file=0x7f9ace7e2662 "dialog: dlg_hash.c", func=0x7f9ace7e50e2 "destroy_dlg", line=380) at mem/q_malloc.c:468
f = 0x7f9abd767970
size = 176
next = 0x400
prev = 0x7fff39bc7910
__FUNCTION__ = "qm_free"
#3 0x00007f9ace7a64ef in destroy_dlg (dlg=0x7f9abd7660b8) at dlg_hash.c:380
ret = 0
var = 0x7f9ad54374e8
__FUNCTION__ = "destroy_dlg"
#4 0x00007f9ace7a67df in destroy_dlg_table () at dlg_hash.c:419
dlg = 0x0
l_dlg = 0x7f9abd7660b8
i = 665
__FUNCTION__ = "destroy_dlg_table"
#5 0x00007f9ace771263 in mod_destroy () at dialog.c:783
No locals.
#6 0x00000000005929ee in destroy_modules () at sr_module.c:811
t = 0x7f9ad52b8d00
foo = 0x7f9ad52b8a30
__FUNCTION__ = "destroy_modules"
#7 0x000000000049c917 in cleanup (show_status=1) at main.c:569
memlog = 0
__FUNCTION__ = "cleanup"
#8 0x000000000049dee4 in shutdown_children (sig=15, show_status=1) at main.c:711
__FUNCTION__ = "shutdown_children"
#9 0x00000000004a04ba in handle_sigs () at main.c:802
chld = 0
chld_status = 139
memlog = -1119369840
__FUNCTION__ = "handle_sigs"
#10 0x00000000004a82eb in main_loop () at main.c:1757
i = 8
pid = 24021
si = 0x0
si_desc = "udp receiver child=7 sock=91.213.145.60:5060\000\177\000\000`~\274\071\377\177\000\000\033{N\000\ 000\000\000\000\260~\274\071\377\177\000\000\004\000\000\000\000\000\000\000 `TA\000\000\000\000\000(\305G\275\232\177", '\000' <repeats 14 times>, "\001\000\000\000\260~\274\071\377\177\000\000\276{N\000\000\000\000"
nrprocs = 8
__FUNCTION__ = "main_loop"
#11 0x00000000004acfab in main (argc=7, argv=0x7fff39bc8128) at main.c:2581
cfg_stream = 0x2392010
c = -1
r = 0
tmp = 0x7fff39bc8f70 ""
tmp_len = 32767
port = 968654846
proto = 0
options = 0x7033b8 ":f:cm:M:dVIhEeb:l:L:n:vKrRDTN:W:w:t:u:g:P:G:SQ:O:a:A:"
ret = -1
seed = 1451157380
rfd = 4
debug_save = 0
debug_flag = 0
dont_fork_cnt = 0
n_lst = 0x40d134
p = 0xc2 <Address 0xc2 out of bounds>
__FUNCTION__ = "main"
Second one:
Core was generated by `/usr/local/sbin/kamailio -P /var/run/kamailio.pid -m 256 -M 64'.
Program terminated with signal 11, Segmentation fault.
#0 0x000000000062245e in qm_status (qm=0x7f9abd447000) at mem/q_malloc.c:788
788 f!=&(qm->free_hash[h].head); f=f->u.nxt_free, i++, j++){
(gdb) bt full
#0 0x000000000062245e in qm_status (qm=0x7f9abd447000) at mem/q_malloc.c:788
f = 0x30a012010010a0d
i = 16
j = 4
h = 4
unused = 0
memlog = 5
mem_summary = 3
__FUNCTION__ = "qm_status"
#1 0x000000000061a420 in qm_debug_frag (qm=0x7f9abd447000, f=0x7f9abd767300) at mem/q_malloc.c:150
__FUNCTION__ = "qm_debug_frag"
#2 0x000000000061ca58 in qm_free (qm=0x7f9abd447000, p=0x7f9abd767330, file=0x7f9ad3d2f34d "tm: h_table.c", func=0x7f9ad3d2f628 "free_cell", line=186) at mem/q_malloc.c:468
f = 0x7f9abd767300
size = 40
next = 0x400
prev = 0x7fff39bc7b80
__FUNCTION__ = "qm_free"
#3 0x00007f9ad3c70c9d in free_cell (dead_cell=0x7f9abd79b5c0) at h_table.c:186
b = 0x7f9abd767330 "INVITE sip:00447798156873@goren SIP/2.0\r\nRecord-Route: sip:A.B.C.D;lr;did=4b7.60a\r\nCSeq: 1 INVITE\r\nCall-ID: 729d-7e9-015201693735-DSQ-1-A.B.C_leg2\r\nFrom: sip:0123456789@D.C.B.A;"...
i = 0
rpl = 0x0
tt = 0x7f9abd5d8bf8
foo = 0x7fff39bc7c50
cbs = 0x0
cbs_tmp = 0x7f9abd7600a0
__FUNCTION__ = "free_cell"
#4 0x00007f9ad3cb5a1c in wait_handler (ti=1300688687, wait_tl=0x7f9abd79b640, data=0x7f9abd79b5c0) at timer.c:675
p_cell = 0x7f9abd79b5c0
ret = 1
#5 0x00000000005fd30f in timer_list_expire (t=1300688687, h=0x7f9abd4c0908, slow_l=0x7f9abd4c36d8, slow_mark=17084) at timer.c:888
tl = 0x7f9abd79b640
ret = 1300688687
#6 0x00000000005fd757 in timer_handler () at timer.c:953
saved_ticks = 1300688687
run_slow_timer = 0
i = 700
__FUNCTION__ = "timer_handler"
#7 0x00000000005fdbc5 in timer_main () at timer.c:992
No locals.
#8 0x00000000004a77e6 in main_loop () at main.c:1700
i = 8
pid = 0
si = 0x0
si_desc = "udp receiver child=7 sock=91.213.145.60:5060\000\177\000\000`~\274\071\377\177\000\000\033{N\000\ 000\000\000\000\260~\274\071\377\177\000\000\004\000\000\000\000\000\000\000 `TA\000\000\000\000\000(\305G\275\232\177", '\000' <repeats 14 times>, "\001\000\000\000\260~\274\071\377\177\000\000\276{N\000\000\000\000"
nrprocs = 8
__FUNCTION__ = "main_loop"
#9 0x00000000004acfab in main (argc=7, argv=0x7fff39bc8128) at main.c:2581
cfg_stream = 0x2392010
c = -1
r = 0
tmp = 0x7fff39bc8f70 ""
tmp_len = 32767
port = 968654846
proto = 0
options = 0x7033b8 ":f:cm:M:dVIhEeb:l:L:n:vKrRDTN:W:w:t:u:g:P:G:SQ:O:a:A:"
ret = -1
seed = 1451157380
rfd = 4
debug_save = 0
debug_flag = 0
dont_fork_cnt = 0
n_lst = 0x40d134
p = 0xc2 <Address 0xc2 out of bounds>
__FUNCTION__ = "main"
Regards,
Igor.
De : Igor Potjevlesch [mailto:igor.potjevlesch@gmail.com] Envoyé : lundi 4 janvier 2016 10:55 À : miconda@gmail.com; 'Kamailio (SER) - Users Mailing List' sr-users@lists.sip-router.org Objet : RE: [SR-Users] Kamailio 4.2.6 crash
Hi Daniel,
I wish you an happy new year! I will schedule this update in the next few days.
Thank you for your support.
Regards,
Igor.
De : Daniel-Constantin Mierla [mailto:miconda@gmail.com] Envoyé : vendredi 18 décembre 2015 11:28 À : Igor Potjevlesch <igor.potjevlesch@gmail.com mailto:igor.potjevlesch@gmail.com >; 'Kamailio (SER) - Users Mailing List' <sr-users@lists.sip-router.org mailto:sr-users@lists.sip-router.org > Objet : Re: [SR-Users] Kamailio 4.2.6 crash
Hello,
can you upgrade to 4.2.7, it has some fixes that may be related to this issue -- there are no changes to config/database that need to be done.
Cheers, Daniel
On 16/12/15 15:06, Igor Potjevlesch wrote:
Hello,
Here is the output:
kamailio -v
version: kamailio 4.2.6 (x86_64/linux) db77ac
flags: STATS: Off, USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS, DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MEM, SHM_MMAP, PKG_MALLOC, F_MALLOC, DBG_F_MALLOC, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLACKLIST, HAVE_RESOLV_RES
ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16, MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT PKG_SIZE 64MB
poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
id: db77ac
compiled on 12:19:48 Oct 2 2015 with gcc 4.4.7
Regards,
Igor.
De : Daniel-Constantin Mierla [mailto:miconda@gmail.com] Envoyé : lundi 14 décembre 2015 16:16 À : Igor Potjevlesch mailto:igor.potjevlesch@gmail.com igor.potjevlesch@gmail.com; 'Kamailio (SER) - Users Mailing List' mailto:sr-users@lists.sip-router.org sr-users@lists.sip-router.org Objet : Re: [SR-Users] Kamailio 4.2.6 crash
Hello,
yes, it is the output I wanted.
What is the exact version are you running? It is the output of 'kamailio -v'.
Cheers, Daniel
On 14/12/15 15:53, Igor Potjevlesch wrote:
Hello Daniel,
Is this the expected output?:
(gdb) frame 0
#0 0x0000000000619694 in fm_extract_free (qm=0x7f0114c07000, frag=0x7f0114f0e4b0) at mem/f_malloc.c:206
206 *pf=frag->u.nxt_free;
(gdb) list
201 int hash;
202
203 pf = frag->prv_free;
204 hash = GET_HASH(frag->size);
205
206 *pf=frag->u.nxt_free;
207
208 if(frag->u.nxt_free) frag->u.nxt_free->prv_free = pf;
209
210 qm->ffrags--;
(gdb)
Regards,
Igor.
De : sr-users [mailto:sr-users-bounces@lists.sip-router.org] De la part de Daniel-Constantin Mierla Envoyé : lundi 14 décembre 2015 13:15 À : Kamailio (SER) - Users Mailing List mailto:sr-users@lists.sip-router.org sr-users@lists.sip-router.org Objet : Re: [SR-Users] Kamailio 4.2.6 crash
Hello,
can you provide the list output in gdb for frame 0:
frame 0 list
Cheers, Daniel
I also seen this in /var/log/messages during the crash:
Jan 15 10:37:41 tanus /usr/local/sbin/kamailio[24021]: : <core> [mem/q_malloc.c:149]: qm_debug_frag(): BUG: qm_*: fragm. 0x7f9abd767300 (address 0x7f9abd767330) end overwritten(d33762d69737465, 746e65746e6f430a)!
Jan 15 10:37:41 tanus kernel: kamailio[24021] general protection ip:62245e sp:7fff39bc7900 error:0 in kamailio[400000+3c8000]
Jan 15 10:37:42 tanus abrtd: Directory 'ccpp-2016-01-15-10:37:41-24021' creation detected
Jan 15 10:37:42 tanus abrt[23992]: Saved core dump of pid 24021 (/usr/local/sbin/kamailio) to /var/spool/abrt/ccpp-2016-01-15-10:37:41-24021 (339316736 bytes)
Jan 15 10:37:42 tanus /usr/local/sbin/kamailio[23990]: ALERT: <core> [main.c:784]: handle_sigs(): child process 24021 exited by a signal 11
Jan 15 10:37:42 tanus /usr/local/sbin/kamailio[23990]: ALERT: <core> [main.c:787]: handle_sigs(): core was generated
Jan 15 10:37:42 tanus /usr/local/sbin/kamailio[23990]: INFO: <core> [main.c:799]: handle_sigs(): terminating due to SIGCHLD
Jan 15 10:37:42 tanus /usr/local/sbin/kamailio[24019]: INFO: <core> [main.c:850]: sig_usr(): signal 15 received
Jan 15 10:37:42 tanus /usr/local/sbin/kamailio[24013]: INFO: <core> [main.c:850]: sig_usr(): signal 15 received
Jan 15 10:37:42 tanus /usr/local/sbin/kamailio[24017]: INFO: <core> [main.c:850]: sig_usr(): signal 15 received
Jan 15 10:37:42 tanus /usr/local/sbin/kamailio[24026]: INFO: <core> [main.c:850]: sig_usr(): signal 15 received
Jan 15 10:37:42 tanus /usr/local/sbin/kamailio[24023]: INFO: <core> [main.c:850]: sig_usr(): signal 15 received
Jan 15 10:37:42 tanus /usr/local/sbin/kamailio[24030]: INFO: <core> [main.c:850]: sig_usr(): signal 15 received
Jan 15 10:37:42 tanus /usr/local/sbin/kamailio[24005]: INFO: <core> [main.c:850]: sig_usr(): signal 15 received
Jan 15 10:37:42 tanus /usr/local/sbin/kamailio[24009]: INFO: <core> [main.c:850]: sig_usr(): signal 15 received
Jan 15 10:37:42 tanus /usr/local/sbin/kamailio[24011]: INFO: <core> [main.c:850]: sig_usr(): signal 15 received
Jan 15 10:37:42 tanus /usr/local/sbin/kamailio[24007]: INFO: <core> [main.c:850]: sig_usr(): signal 15 received
Jan 15 10:37:42 tanus /usr/local/sbin/kamailio[24015]: INFO: <core> [main.c:850]: sig_usr(): signal 15 received
Jan 15 10:37:42 tanus /usr/local/sbin/kamailio[24003]: INFO: <core> [main.c:850]: sig_usr(): signal 15 received
Jan 15 10:37:42 tanus /usr/local/sbin/kamailio[23990]: : <core> [mem/q_malloc.c:159]: qm_debug_frag(): BUG: qm_*: prev. fragm. tail overwritten(732d6369676f6c61, a0d2d2d312d77)[0x7f9abd767970:0x7f9abd7679a0]!
Jan 15 10:37:42 tanus kernel: kamailio[23990] general protection ip:62245e sp:7fff39bc7690 error:0 in kamailio[400000+3c8000]
Jan 15 10:37:42 tanus abrt[23994]: Not saving repeating crash in '/usr/local/sbin/kamailio'
Jan 15 10:37:42 tanus abrtd: Executable '/usr/local/sbin/kamailio' doesn't belong to any package and ProcessUnpackaged is set to 'no'
Jan 15 10:37:42 tanus abrtd: 'post-create' on '/var/spool/abrt/ccpp-2016-01-15-10:37:41-24021' exited with 1
Jan 15 10:37:42 tanus abrtd: Deleting problem directory '/var/spool/abrt/ccpp-2016-01-15-10:37:41-24021'
Jan 15 10:37:43 tanus abrt[23994]: Saved core dump of pid 23990 to core.23990 (339316736 bytes)
Jan 15 10:37:47 tanus kamailio: INFO: <core> [sctp_core.c:70]: sctp_core_check_support(): SCTP API not enabled - if you want to use it, load sctp module
Jan 15 10:37:47 tanus kamailio: WARNING: <core> [daemonize.c:360]: daemonize(): pid file contains old pid, replacing pid
Jan 15 10:37:47 tanus /usr/local/sbin/kamailio[24042]: INFO: rr [../outbound/api.h:54]: ob_load_api(): unable to import bind_ob - maybe module is not loaded
Jan 15 10:37:47 tanus /usr/local/sbin/kamailio[24042]: INFO: rr [rr_mod.c:160]: mod_init(): outbound module not available
Jan 15 10:37:47 tanus /usr/local/sbin/kamailio[24042]: INFO: usrloc [hslot.c:53]: ul_init_locks(): locks array size 1024
Regards,
Igor.
De : Igor Potjevlesch [mailto:igor.potjevlesch@gmail.com] Envoyé : vendredi 15 janvier 2016 10:47 À : miconda@gmail.com; 'Kamailio (SER) - Users Mailing List' sr-users@lists.sip-router.org Objet : RE: [SR-Users] Kamailio 4.2.6 crash
Hello Daniel,
I move to 4.2.7. This morning a new crash occurred. I got two coredump:
Core was generated by `/usr/local/sbin/kamailio -P /var/run/kamailio.pid -m 256 -M 64'.
Program terminated with signal 11, Segmentation fault.
#0 0x000000000062245e in qm_status (qm=0x7f9abd447000) at mem/q_malloc.c:788
788 f!=&(qm->free_hash[h].head); f=f->u.nxt_free, i++, j++){
(gdb) bt full
#0 0x000000000062245e in qm_status (qm=0x7f9abd447000) at mem/q_malloc.c:788
f = 0x30a012010010a0d
i = 57
j = 4
h = 4
unused = 0
memlog = 5
mem_summary = 3
__FUNCTION__ = "qm_status"
#1 0x000000000061a795 in qm_debug_frag (qm=0x7f9abd447000, f=0x7f9abd767970) at mem/q_malloc.c:160
__FUNCTION__ = "qm_debug_frag"
#2 0x000000000061ca58 in qm_free (qm=0x7f9abd447000, p=0x7f9abd7679a0, file=0x7f9ace7e2662 "dialog: dlg_hash.c", func=0x7f9ace7e50e2 "destroy_dlg", line=380) at mem/q_malloc.c:468
f = 0x7f9abd767970
size = 176
next = 0x400
prev = 0x7fff39bc7910
__FUNCTION__ = "qm_free"
#3 0x00007f9ace7a64ef in destroy_dlg (dlg=0x7f9abd7660b8) at dlg_hash.c:380
ret = 0
var = 0x7f9ad54374e8
__FUNCTION__ = "destroy_dlg"
#4 0x00007f9ace7a67df in destroy_dlg_table () at dlg_hash.c:419
dlg = 0x0
l_dlg = 0x7f9abd7660b8
i = 665
__FUNCTION__ = "destroy_dlg_table"
#5 0x00007f9ace771263 in mod_destroy () at dialog.c:783
No locals.
#6 0x00000000005929ee in destroy_modules () at sr_module.c:811
t = 0x7f9ad52b8d00
foo = 0x7f9ad52b8a30
__FUNCTION__ = "destroy_modules"
#7 0x000000000049c917 in cleanup (show_status=1) at main.c:569
memlog = 0
__FUNCTION__ = "cleanup"
#8 0x000000000049dee4 in shutdown_children (sig=15, show_status=1) at main.c:711
__FUNCTION__ = "shutdown_children"
#9 0x00000000004a04ba in handle_sigs () at main.c:802
chld = 0
chld_status = 139
memlog = -1119369840
__FUNCTION__ = "handle_sigs"
#10 0x00000000004a82eb in main_loop () at main.c:1757
i = 8
pid = 24021
si = 0x0
si_desc = "udp receiver child=7 sock=91.213.145.60:5060\000\177\000\000`~\274\071\377\177\000\000\033{N\000\ 000\000\000\000\260~\274\071\377\177\000\000\004\000\000\000\000\000\000\000 `TA\000\000\000\000\000(\305G\275\232\177", '\000' <repeats 14 times>, "\001\000\000\000\260~\274\071\377\177\000\000\276{N\000\000\000\000"
nrprocs = 8
__FUNCTION__ = "main_loop"
#11 0x00000000004acfab in main (argc=7, argv=0x7fff39bc8128) at main.c:2581
cfg_stream = 0x2392010
c = -1
r = 0
tmp = 0x7fff39bc8f70 ""
tmp_len = 32767
port = 968654846
proto = 0
options = 0x7033b8 ":f:cm:M:dVIhEeb:l:L:n:vKrRDTN:W:w:t:u:g:P:G:SQ:O:a:A:"
ret = -1
seed = 1451157380
rfd = 4
debug_save = 0
debug_flag = 0
dont_fork_cnt = 0
n_lst = 0x40d134
p = 0xc2 <Address 0xc2 out of bounds>
__FUNCTION__ = "main"
Second one:
Core was generated by `/usr/local/sbin/kamailio -P /var/run/kamailio.pid -m 256 -M 64'.
Program terminated with signal 11, Segmentation fault.
#0 0x000000000062245e in qm_status (qm=0x7f9abd447000) at mem/q_malloc.c:788
788 f!=&(qm->free_hash[h].head); f=f->u.nxt_free, i++, j++){
(gdb) bt full
#0 0x000000000062245e in qm_status (qm=0x7f9abd447000) at mem/q_malloc.c:788
f = 0x30a012010010a0d
i = 16
j = 4
h = 4
unused = 0
memlog = 5
mem_summary = 3
__FUNCTION__ = "qm_status"
#1 0x000000000061a420 in qm_debug_frag (qm=0x7f9abd447000, f=0x7f9abd767300) at mem/q_malloc.c:150
__FUNCTION__ = "qm_debug_frag"
#2 0x000000000061ca58 in qm_free (qm=0x7f9abd447000, p=0x7f9abd767330, file=0x7f9ad3d2f34d "tm: h_table.c", func=0x7f9ad3d2f628 "free_cell", line=186) at mem/q_malloc.c:468
f = 0x7f9abd767300
size = 40
next = 0x400
prev = 0x7fff39bc7b80
__FUNCTION__ = "qm_free"
#3 0x00007f9ad3c70c9d in free_cell (dead_cell=0x7f9abd79b5c0) at h_table.c:186
b = 0x7f9abd767330 "INVITE sip:00447798156873@goren SIP/2.0\r\nRecord-Route: sip:A.B.C.D;lr;did=4b7.60a\r\nCSeq: 1 INVITE\r\nCall-ID: 729d-7e9-015201693735-DSQ-1-A.B.C_leg2\r\nFrom: sip:0123456789@D.C.B.A;"...
i = 0
rpl = 0x0
tt = 0x7f9abd5d8bf8
foo = 0x7fff39bc7c50
cbs = 0x0
cbs_tmp = 0x7f9abd7600a0
__FUNCTION__ = "free_cell"
#4 0x00007f9ad3cb5a1c in wait_handler (ti=1300688687, wait_tl=0x7f9abd79b640, data=0x7f9abd79b5c0) at timer.c:675
p_cell = 0x7f9abd79b5c0
ret = 1
#5 0x00000000005fd30f in timer_list_expire (t=1300688687, h=0x7f9abd4c0908, slow_l=0x7f9abd4c36d8, slow_mark=17084) at timer.c:888
tl = 0x7f9abd79b640
ret = 1300688687
#6 0x00000000005fd757 in timer_handler () at timer.c:953
saved_ticks = 1300688687
run_slow_timer = 0
i = 700
__FUNCTION__ = "timer_handler"
#7 0x00000000005fdbc5 in timer_main () at timer.c:992
No locals.
#8 0x00000000004a77e6 in main_loop () at main.c:1700
i = 8
pid = 0
si = 0x0
si_desc = "udp receiver child=7 sock=91.213.145.60:5060\000\177\000\000`~\274\071\377\177\000\000\033{N\000\ 000\000\000\000\260~\274\071\377\177\000\000\004\000\000\000\000\000\000\000 `TA\000\000\000\000\000(\305G\275\232\177", '\000' <repeats 14 times>, "\001\000\000\000\260~\274\071\377\177\000\000\276{N\000\000\000\000"
nrprocs = 8
__FUNCTION__ = "main_loop"
#9 0x00000000004acfab in main (argc=7, argv=0x7fff39bc8128) at main.c:2581
cfg_stream = 0x2392010
c = -1
r = 0
tmp = 0x7fff39bc8f70 ""
tmp_len = 32767
port = 968654846
proto = 0
options = 0x7033b8 ":f:cm:M:dVIhEeb:l:L:n:vKrRDTN:W:w:t:u:g:P:G:SQ:O:a:A:"
ret = -1
seed = 1451157380
rfd = 4
debug_save = 0
debug_flag = 0
dont_fork_cnt = 0
n_lst = 0x40d134
p = 0xc2 <Address 0xc2 out of bounds>
__FUNCTION__ = "main"
Regards,
Igor.
De : Igor Potjevlesch [mailto:igor.potjevlesch@gmail.com] Envoyé : lundi 4 janvier 2016 10:55 À : miconda@gmail.com mailto:miconda@gmail.com ; 'Kamailio (SER) - Users Mailing List' <sr-users@lists.sip-router.org mailto:sr-users@lists.sip-router.org > Objet : RE: [SR-Users] Kamailio 4.2.6 crash
Hi Daniel,
I wish you an happy new year! I will schedule this update in the next few days.
Thank you for your support.
Regards,
Igor.
De : Daniel-Constantin Mierla [mailto:miconda@gmail.com] Envoyé : vendredi 18 décembre 2015 11:28 À : Igor Potjevlesch <igor.potjevlesch@gmail.com mailto:igor.potjevlesch@gmail.com >; 'Kamailio (SER) - Users Mailing List' <sr-users@lists.sip-router.org mailto:sr-users@lists.sip-router.org > Objet : Re: [SR-Users] Kamailio 4.2.6 crash
Hello,
can you upgrade to 4.2.7, it has some fixes that may be related to this issue -- there are no changes to config/database that need to be done.
Cheers, Daniel
On 16/12/15 15:06, Igor Potjevlesch wrote:
Hello,
Here is the output:
kamailio -v
version: kamailio 4.2.6 (x86_64/linux) db77ac
flags: STATS: Off, USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS, DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MEM, SHM_MMAP, PKG_MALLOC, F_MALLOC, DBG_F_MALLOC, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLACKLIST, HAVE_RESOLV_RES
ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16, MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT PKG_SIZE 64MB
poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
id: db77ac
compiled on 12:19:48 Oct 2 2015 with gcc 4.4.7
Regards,
Igor.
De : Daniel-Constantin Mierla [mailto:miconda@gmail.com] Envoyé : lundi 14 décembre 2015 16:16 À : Igor Potjevlesch mailto:igor.potjevlesch@gmail.com igor.potjevlesch@gmail.com; 'Kamailio (SER) - Users Mailing List' mailto:sr-users@lists.sip-router.org sr-users@lists.sip-router.org Objet : Re: [SR-Users] Kamailio 4.2.6 crash
Hello,
yes, it is the output I wanted.
What is the exact version are you running? It is the output of 'kamailio -v'.
Cheers, Daniel
On 14/12/15 15:53, Igor Potjevlesch wrote:
Hello Daniel,
Is this the expected output?:
(gdb) frame 0
#0 0x0000000000619694 in fm_extract_free (qm=0x7f0114c07000, frag=0x7f0114f0e4b0) at mem/f_malloc.c:206
206 *pf=frag->u.nxt_free;
(gdb) list
201 int hash;
202
203 pf = frag->prv_free;
204 hash = GET_HASH(frag->size);
205
206 *pf=frag->u.nxt_free;
207
208 if(frag->u.nxt_free) frag->u.nxt_free->prv_free = pf;
209
210 qm->ffrags--;
(gdb)
Regards,
Igor.
De : sr-users [mailto:sr-users-bounces@lists.sip-router.org] De la part de Daniel-Constantin Mierla Envoyé : lundi 14 décembre 2015 13:15 À : Kamailio (SER) - Users Mailing List mailto:sr-users@lists.sip-router.org sr-users@lists.sip-router.org Objet : Re: [SR-Users] Kamailio 4.2.6 crash
Hello,
can you provide the list output in gdb for frame 0:
frame 0 list
Cheers, Daniel
Hello,
are you using async transactions (e.g., t_suspend() or tsilo module)?
Cheers, Daniel
On 15/01/16 10:51, Igor Potjevlesch wrote:
I also seen this in /var/log/messages during the crash:
Jan 15 10:37:41 tanus /usr/local/sbin/kamailio[24021]: : <core> [mem/q_malloc.c:149]: qm_debug_frag(): BUG: qm_*: fragm. 0x7f9abd767300 (address 0x7f9abd767330) end overwritten(d33762d69737465, 746e65746e6f430a)!
Jan 15 10:37:41 tanus kernel: kamailio[24021] general protection ip:62245e sp:7fff39bc7900 error:0 in kamailio[400000+3c8000]
Jan 15 10:37:42 tanus abrtd: Directory 'ccpp-2016-01-15-10:37:41-24021' creation detected
Jan 15 10:37:42 tanus abrt[23992]: Saved core dump of pid 24021 (/usr/local/sbin/kamailio) to /var/spool/abrt/ccpp-2016-01-15-10:37:41-24021 (339316736 bytes)
Jan 15 10:37:42 tanus /usr/local/sbin/kamailio[23990]: ALERT: <core> [main.c:784]: handle_sigs(): child process 24021 exited by a signal 11
Jan 15 10:37:42 tanus /usr/local/sbin/kamailio[23990]: ALERT: <core> [main.c:787]: handle_sigs(): core was generated
Jan 15 10:37:42 tanus /usr/local/sbin/kamailio[23990]: INFO: <core> [main.c:799]: handle_sigs(): terminating due to SIGCHLD
Jan 15 10:37:42 tanus /usr/local/sbin/kamailio[24019]: INFO: <core> [main.c:850]: sig_usr(): signal 15 received
Jan 15 10:37:42 tanus /usr/local/sbin/kamailio[24013]: INFO: <core> [main.c:850]: sig_usr(): signal 15 received
Jan 15 10:37:42 tanus /usr/local/sbin/kamailio[24017]: INFO: <core> [main.c:850]: sig_usr(): signal 15 received
Jan 15 10:37:42 tanus /usr/local/sbin/kamailio[24026]: INFO: <core> [main.c:850]: sig_usr(): signal 15 received
Jan 15 10:37:42 tanus /usr/local/sbin/kamailio[24023]: INFO: <core> [main.c:850]: sig_usr(): signal 15 received
Jan 15 10:37:42 tanus /usr/local/sbin/kamailio[24030]: INFO: <core> [main.c:850]: sig_usr(): signal 15 received
Jan 15 10:37:42 tanus /usr/local/sbin/kamailio[24005]: INFO: <core> [main.c:850]: sig_usr(): signal 15 received
Jan 15 10:37:42 tanus /usr/local/sbin/kamailio[24009]: INFO: <core> [main.c:850]: sig_usr(): signal 15 received
Jan 15 10:37:42 tanus /usr/local/sbin/kamailio[24011]: INFO: <core> [main.c:850]: sig_usr(): signal 15 received
Jan 15 10:37:42 tanus /usr/local/sbin/kamailio[24007]: INFO: <core> [main.c:850]: sig_usr(): signal 15 received
Jan 15 10:37:42 tanus /usr/local/sbin/kamailio[24015]: INFO: <core> [main.c:850]: sig_usr(): signal 15 received
Jan 15 10:37:42 tanus /usr/local/sbin/kamailio[24003]: INFO: <core> [main.c:850]: sig_usr(): signal 15 received
Jan 15 10:37:42 tanus /usr/local/sbin/kamailio[23990]: : <core> [mem/q_malloc.c:159]: qm_debug_frag(): BUG: qm_*: prev. fragm. tail overwritten(732d6369676f6c61, a0d2d2d312d77)[0x7f9abd767970:0x7f9abd7679a0]!
Jan 15 10:37:42 tanus kernel: kamailio[23990] general protection ip:62245e sp:7fff39bc7690 error:0 in kamailio[400000+3c8000]
Jan 15 10:37:42 tanus abrt[23994]: Not saving repeating crash in '/usr/local/sbin/kamailio'
Jan 15 10:37:42 tanus abrtd: Executable '/usr/local/sbin/kamailio' doesn't belong to any package and ProcessUnpackaged is set to 'no'
Jan 15 10:37:42 tanus abrtd: 'post-create' on '/var/spool/abrt/ccpp-2016-01-15-10:37:41-24021' exited with 1
Jan 15 10:37:42 tanus abrtd: Deleting problem directory '/var/spool/abrt/ccpp-2016-01-15-10:37:41-24021'
Jan 15 10:37:43 tanus abrt[23994]: Saved core dump of pid 23990 to core.23990 (339316736 bytes)
Jan 15 10:37:47 tanus kamailio: INFO: <core> [sctp_core.c:70]: sctp_core_check_support(): SCTP API not enabled - if you want to use it, load sctp module
Jan 15 10:37:47 tanus kamailio: WARNING: <core> [daemonize.c:360]: daemonize(): pid file contains old pid, replacing pid
Jan 15 10:37:47 tanus /usr/local/sbin/kamailio[24042]: INFO: rr [../outbound/api.h:54]: ob_load_api(): unable to import bind_ob - maybe module is not loaded
Jan 15 10:37:47 tanus /usr/local/sbin/kamailio[24042]: INFO: rr [rr_mod.c:160]: mod_init(): outbound module not available
Jan 15 10:37:47 tanus /usr/local/sbin/kamailio[24042]: INFO: usrloc [hslot.c:53]: ul_init_locks(): locks array size 1024
Regards,
Igor.
*De :*Igor Potjevlesch [mailto:igor.potjevlesch@gmail.com] *Envoyé :* vendredi 15 janvier 2016 10:47 *À :* miconda@gmail.com; 'Kamailio (SER) - Users Mailing List' sr-users@lists.sip-router.org *Objet :* RE: [SR-Users] Kamailio 4.2.6 crash
Hello Daniel,
I move to 4.2.7. This morning a new crash occurred. I got two coredump:
Core was generated by `/usr/local/sbin/kamailio -P /var/run/kamailio.pid -m 256 -M 64'.
Program terminated with signal 11, Segmentation fault.
#0 0x000000000062245e in qm_status (qm=0x7f9abd447000) at mem/q_malloc.c:788
788 f!=&(qm->free_hash[h].head); f=f->u.nxt_free, i++, j++){
(gdb) bt full
#0 0x000000000062245e in qm_status (qm=0x7f9abd447000) at mem/q_malloc.c:788
f = 0x30a012010010a0d i = 57 j = 4 h = 4 unused = 0 memlog = 5 mem_summary = 3 __FUNCTION__ = "qm_status"#1 0x000000000061a795 in qm_debug_frag (qm=0x7f9abd447000, f=0x7f9abd767970) at mem/q_malloc.c:160
__FUNCTION__ = "qm_debug_frag"#2 0x000000000061ca58 in qm_free (qm=0x7f9abd447000, p=0x7f9abd7679a0, file=0x7f9ace7e2662 "dialog: dlg_hash.c", func=0x7f9ace7e50e2 "destroy_dlg", line=380) at mem/q_malloc.c:468
f = 0x7f9abd767970 size = 176 next = 0x400 prev = 0x7fff39bc7910 __FUNCTION__ = "qm_free"#3 0x00007f9ace7a64ef in destroy_dlg (dlg=0x7f9abd7660b8) at dlg_hash.c:380
ret = 0 var = 0x7f9ad54374e8 __FUNCTION__ = "destroy_dlg"#4 0x00007f9ace7a67df in destroy_dlg_table () at dlg_hash.c:419
dlg = 0x0 l_dlg = 0x7f9abd7660b8 i = 665 __FUNCTION__ = "destroy_dlg_table"#5 0x00007f9ace771263 in mod_destroy () at dialog.c:783
No locals.
#6 0x00000000005929ee in destroy_modules () at sr_module.c:811
t = 0x7f9ad52b8d00 foo = 0x7f9ad52b8a30 __FUNCTION__ = "destroy_modules"#7 0x000000000049c917 in cleanup (show_status=1) at main.c:569
memlog = 0 __FUNCTION__ = "cleanup"#8 0x000000000049dee4 in shutdown_children (sig=15, show_status=1) at main.c:711
__FUNCTION__ = "shutdown_children"#9 0x00000000004a04ba in handle_sigs () at main.c:802
chld = 0 chld_status = 139 memlog = -1119369840 __FUNCTION__ = "handle_sigs"#10 0x00000000004a82eb in main_loop () at main.c:1757
i = 8 pid = 24021 si = 0x0 si_desc = "udp receiver child=7sock=91.213.145.60:5060\000\177\000\000`~\274\071\377\177\000\000\033{N\000\000\000\000\000\260~\274\071\377\177\000\000\004\000\000\000\000\000\000\000`TA\000\000\000\000\000(\305G\275\232\177", '\000' <repeats 14 times>, "\001\000\000\000\260~\274\071\377\177\000\000\276{N\000\000\000\000"
nrprocs = 8 __FUNCTION__ = "main_loop"#11 0x00000000004acfab in main (argc=7, argv=0x7fff39bc8128) at main.c:2581
cfg_stream = 0x2392010 c = -1 r = 0 tmp = 0x7fff39bc8f70 "" tmp_len = 32767 port = 968654846 proto = 0 options = 0x7033b8":f:cm:M:dVIhEeb:l:L:n:vKrRDTN:W:w:t:u:g:P:G:SQ:O:a:A:"
ret = -1 seed = 1451157380 rfd = 4 debug_save = 0 debug_flag = 0 dont_fork_cnt = 0 n_lst = 0x40d134 p = 0xc2 <Address 0xc2 out of bounds> __FUNCTION__ = "main"Second one:
Core was generated by `/usr/local/sbin/kamailio -P /var/run/kamailio.pid -m 256 -M 64'.
Program terminated with signal 11, Segmentation fault.
#0 0x000000000062245e in qm_status (qm=0x7f9abd447000) at mem/q_malloc.c:788
788 f!=&(qm->free_hash[h].head); f=f->u.nxt_free, i++, j++){
(gdb) bt full
#0 0x000000000062245e in qm_status (qm=0x7f9abd447000) at mem/q_malloc.c:788
f = 0x30a012010010a0d i = 16 j = 4 h = 4 unused = 0 memlog = 5 mem_summary = 3 __FUNCTION__ = "qm_status"#1 0x000000000061a420 in qm_debug_frag (qm=0x7f9abd447000, f=0x7f9abd767300) at mem/q_malloc.c:150
__FUNCTION__ = "qm_debug_frag"#2 0x000000000061ca58 in qm_free (qm=0x7f9abd447000, p=0x7f9abd767330, file=0x7f9ad3d2f34d "tm: h_table.c", func=0x7f9ad3d2f628 "free_cell", line=186) at mem/q_malloc.c:468
f = 0x7f9abd767300 size = 40 next = 0x400 prev = 0x7fff39bc7b80 __FUNCTION__ = "qm_free"#3 0x00007f9ad3c70c9d in free_cell (dead_cell=0x7f9abd79b5c0) at h_table.c:186
b = 0x7f9abd767330 "INVITE sip:00447798156873@gorenSIP/2.0\r\nRecord-Route: sip:A.B.C.D;lr;did=4b7.60a\r\nCSeq: 1 INVITE\r\nCall-ID: 729d-7e9-015201693735-DSQ-1-A.B.C_leg2\r\nFrom: sip:0123456789@D.C.B.A;"...
i = 0 rpl = 0x0 tt = 0x7f9abd5d8bf8 foo = 0x7fff39bc7c50 cbs = 0x0 cbs_tmp = 0x7f9abd7600a0 __FUNCTION__ = "free_cell"#4 0x00007f9ad3cb5a1c in wait_handler (ti=1300688687, wait_tl=0x7f9abd79b640, data=0x7f9abd79b5c0) at timer.c:675
p_cell = 0x7f9abd79b5c0 ret = 1#5 0x00000000005fd30f in timer_list_expire (t=1300688687, h=0x7f9abd4c0908, slow_l=0x7f9abd4c36d8, slow_mark=17084) at timer.c:888
tl = 0x7f9abd79b640 ret = 1300688687#6 0x00000000005fd757 in timer_handler () at timer.c:953
saved_ticks = 1300688687 run_slow_timer = 0 i = 700 __FUNCTION__ = "timer_handler"#7 0x00000000005fdbc5 in timer_main () at timer.c:992
No locals.
#8 0x00000000004a77e6 in main_loop () at main.c:1700
i = 8 pid = 0 si = 0x0 si_desc = "udp receiver child=7sock=91.213.145.60:5060\000\177\000\000`~\274\071\377\177\000\000\033{N\000\000\000\000\000\260~\274\071\377\177\000\000\004\000\000\000\000\000\000\000`TA\000\000\000\000\000(\305G\275\232\177", '\000' <repeats 14 times>, "\001\000\000\000\260~\274\071\377\177\000\000\276{N\000\000\000\000"
nrprocs = 8 __FUNCTION__ = "main_loop"#9 0x00000000004acfab in main (argc=7, argv=0x7fff39bc8128) at main.c:2581
cfg_stream = 0x2392010 c = -1 r = 0 tmp = 0x7fff39bc8f70 "" tmp_len = 32767 port = 968654846 proto = 0 options = 0x7033b8":f:cm:M:dVIhEeb:l:L:n:vKrRDTN:W:w:t:u:g:P:G:SQ:O:a:A:"
ret = -1 seed = 1451157380 rfd = 4 debug_save = 0 debug_flag = 0 dont_fork_cnt = 0 n_lst = 0x40d134 p = 0xc2 <Address 0xc2 out of bounds> __FUNCTION__ = "main"Regards,
Igor.
*De :*Igor Potjevlesch [mailto:igor.potjevlesch@gmail.com] *Envoyé :* lundi 4 janvier 2016 10:55 *À :* miconda@gmail.com mailto:miconda@gmail.com; 'Kamailio (SER) - Users Mailing List' <sr-users@lists.sip-router.org mailto:sr-users@lists.sip-router.org> *Objet :* RE: [SR-Users] Kamailio 4.2.6 crash
Hi Daniel,
I wish you an happy new year! I will schedule this update in the next few days.
Thank you for your support.
Regards,
Igor.
*De :*Daniel-Constantin Mierla [mailto:miconda@gmail.com] *Envoyé :* vendredi 18 décembre 2015 11:28 *À :* Igor Potjevlesch <igor.potjevlesch@gmail.com mailto:igor.potjevlesch@gmail.com>; 'Kamailio (SER) - Users Mailing List' <sr-users@lists.sip-router.org mailto:sr-users@lists.sip-router.org> *Objet :* Re: [SR-Users] Kamailio 4.2.6 crash
Hello,
can you upgrade to 4.2.7, it has some fixes that may be related to this issue -- there are no changes to config/database that need to be done.
Cheers, Daniel
On 16/12/15 15:06, Igor Potjevlesch wrote:
Hello, Here is the output: kamailio -v version: kamailio 4.2.6 (x86_64/linux) db77ac flags: STATS: Off, USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS, DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MEM, SHM_MMAP, PKG_MALLOC, F_MALLOC, DBG_F_MALLOC, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLACKLIST, HAVE_RESOLV_RES ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16, MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT PKG_SIZE 64MB poll method support: poll, epoll_lt, epoll_et, sigio_rt, select. id: db77ac compiled on 12:19:48 Oct 2 2015 with gcc 4.4.7 Regards, Igor. *De :*Daniel-Constantin Mierla [mailto:miconda@gmail.com] *Envoyé :* lundi 14 décembre 2015 16:16 *À :* Igor Potjevlesch <igor.potjevlesch@gmail.com> <mailto:igor.potjevlesch@gmail.com>; 'Kamailio (SER) - Users Mailing List' <sr-users@lists.sip-router.org> <mailto:sr-users@lists.sip-router.org> *Objet :* Re: [SR-Users] Kamailio 4.2.6 crash Hello, yes, it is the output I wanted. What is the exact version are you running? It is the output of 'kamailio -v'. Cheers, Daniel On 14/12/15 15:53, Igor Potjevlesch wrote: Hello Daniel, Is this the expected output?: (gdb) frame 0 #0 0x0000000000619694 in fm_extract_free (qm=0x7f0114c07000, frag=0x7f0114f0e4b0) at mem/f_malloc.c:206 206 *pf=frag->u.nxt_free; (gdb) list 201 int hash; 202 203 pf = frag->prv_free; 204 hash = GET_HASH(frag->size); 205 206 *pf=frag->u.nxt_free; 207 208 if(frag->u.nxt_free) frag->u.nxt_free->prv_free = pf; 209 210 qm->ffrags--; (gdb) Regards, Igor. *De :*sr-users [mailto:sr-users-bounces@lists.sip-router.org] *De la part de* Daniel-Constantin Mierla *Envoyé :* lundi 14 décembre 2015 13:15 *À :* Kamailio (SER) - Users Mailing List <sr-users@lists.sip-router.org> <mailto:sr-users@lists.sip-router.org> *Objet :* Re: [SR-Users] Kamailio 4.2.6 crash Hello, can you provide the list output in gdb for frame 0: frame 0 list Cheers, Daniel -- Daniel-Constantin Mierla http://twitter.com/#!/miconda <http://twitter.com/#%21/miconda> - http://www.linkedin.com/in/miconda Book: SIP Routing With Kamailio - http://www.asipto.com http://miconda.eu-- Daniel-Constantin Mierla http://twitter.com/#!/miconda http://twitter.com/#%21/miconda - http://www.linkedin.com/in/miconda Book: SIP Routing With Kamailio - http://www.asipto.com http://miconda.eu
Hello Daniel,
I don't think so. Looking at my config, I don't see any t_suspend and tsilo module is not loaded.
I'm just using dialog module for snmpstats.
Regards,
Igor.
De : Daniel-Constantin Mierla [mailto:miconda@gmail.com] Envoyé : lundi 18 janvier 2016 08:56 À : Igor Potjevlesch igor.potjevlesch@gmail.com; 'Kamailio (SER) - Users Mailing List' sr-users@lists.sip-router.org Objet : Re: [SR-Users] Kamailio 4.2.6 crash
Hello,
are you using async transactions (e.g., t_suspend() or tsilo module)?
Cheers, Daniel
On 15/01/16 10:51, Igor Potjevlesch wrote:
I also seen this in /var/log/messages during the crash:
Jan 15 10:37:41 tanus /usr/local/sbin/kamailio[24021]: : <core> [mem/q_malloc.c:149]: qm_debug_frag(): BUG: qm_*: fragm. 0x7f9abd767300 (address 0x7f9abd767330) end overwritten(d33762d69737465, 746e65746e6f430a)!
Jan 15 10:37:41 tanus kernel: kamailio[24021] general protection ip:62245e sp:7fff39bc7900 error:0 in kamailio[400000+3c8000]
Jan 15 10:37:42 tanus abrtd: Directory 'ccpp-2016-01-15-10:37:41-24021' creation detected
Jan 15 10:37:42 tanus abrt[23992]: Saved core dump of pid 24021 (/usr/local/sbin/kamailio) to /var/spool/abrt/ccpp-2016-01-15-10:37:41-24021 (339316736 bytes)
Jan 15 10:37:42 tanus /usr/local/sbin/kamailio[23990]: ALERT: <core> [main.c:784]: handle_sigs(): child process 24021 exited by a signal 11
Jan 15 10:37:42 tanus /usr/local/sbin/kamailio[23990]: ALERT: <core> [main.c:787]: handle_sigs(): core was generated
Jan 15 10:37:42 tanus /usr/local/sbin/kamailio[23990]: INFO: <core> [main.c:799]: handle_sigs(): terminating due to SIGCHLD
Jan 15 10:37:42 tanus /usr/local/sbin/kamailio[24019]: INFO: <core> [main.c:850]: sig_usr(): signal 15 received
Jan 15 10:37:42 tanus /usr/local/sbin/kamailio[24013]: INFO: <core> [main.c:850]: sig_usr(): signal 15 received
Jan 15 10:37:42 tanus /usr/local/sbin/kamailio[24017]: INFO: <core> [main.c:850]: sig_usr(): signal 15 received
Jan 15 10:37:42 tanus /usr/local/sbin/kamailio[24026]: INFO: <core> [main.c:850]: sig_usr(): signal 15 received
Jan 15 10:37:42 tanus /usr/local/sbin/kamailio[24023]: INFO: <core> [main.c:850]: sig_usr(): signal 15 received
Jan 15 10:37:42 tanus /usr/local/sbin/kamailio[24030]: INFO: <core> [main.c:850]: sig_usr(): signal 15 received
Jan 15 10:37:42 tanus /usr/local/sbin/kamailio[24005]: INFO: <core> [main.c:850]: sig_usr(): signal 15 received
Jan 15 10:37:42 tanus /usr/local/sbin/kamailio[24009]: INFO: <core> [main.c:850]: sig_usr(): signal 15 received
Jan 15 10:37:42 tanus /usr/local/sbin/kamailio[24011]: INFO: <core> [main.c:850]: sig_usr(): signal 15 received
Jan 15 10:37:42 tanus /usr/local/sbin/kamailio[24007]: INFO: <core> [main.c:850]: sig_usr(): signal 15 received
Jan 15 10:37:42 tanus /usr/local/sbin/kamailio[24015]: INFO: <core> [main.c:850]: sig_usr(): signal 15 received
Jan 15 10:37:42 tanus /usr/local/sbin/kamailio[24003]: INFO: <core> [main.c:850]: sig_usr(): signal 15 received
Jan 15 10:37:42 tanus /usr/local/sbin/kamailio[23990]: : <core> [mem/q_malloc.c:159]: qm_debug_frag(): BUG: qm_*: prev. fragm. tail overwritten(732d6369676f6c61, a0d2d2d312d77)[0x7f9abd767970:0x7f9abd7679a0]!
Jan 15 10:37:42 tanus kernel: kamailio[23990] general protection ip:62245e sp:7fff39bc7690 error:0 in kamailio[400000+3c8000]
Jan 15 10:37:42 tanus abrt[23994]: Not saving repeating crash in '/usr/local/sbin/kamailio'
Jan 15 10:37:42 tanus abrtd: Executable '/usr/local/sbin/kamailio' doesn't belong to any package and ProcessUnpackaged is set to 'no'
Jan 15 10:37:42 tanus abrtd: 'post-create' on '/var/spool/abrt/ccpp-2016-01-15-10:37:41-24021' exited with 1
Jan 15 10:37:42 tanus abrtd: Deleting problem directory '/var/spool/abrt/ccpp-2016-01-15-10:37:41-24021'
Jan 15 10:37:43 tanus abrt[23994]: Saved core dump of pid 23990 to core.23990 (339316736 bytes)
Jan 15 10:37:47 tanus kamailio: INFO: <core> [sctp_core.c:70]: sctp_core_check_support(): SCTP API not enabled - if you want to use it, load sctp module
Jan 15 10:37:47 tanus kamailio: WARNING: <core> [daemonize.c:360]: daemonize(): pid file contains old pid, replacing pid
Jan 15 10:37:47 tanus /usr/local/sbin/kamailio[24042]: INFO: rr [../outbound/api.h:54]: ob_load_api(): unable to import bind_ob - maybe module is not loaded
Jan 15 10:37:47 tanus /usr/local/sbin/kamailio[24042]: INFO: rr [rr_mod.c:160]: mod_init(): outbound module not available
Jan 15 10:37:47 tanus /usr/local/sbin/kamailio[24042]: INFO: usrloc [hslot.c:53]: ul_init_locks(): locks array size 1024
Regards,
Igor.
De : Igor Potjevlesch [mailto:igor.potjevlesch@gmail.com] Envoyé : vendredi 15 janvier 2016 10:47 À : miconda@gmail.com mailto:miconda@gmail.com ; 'Kamailio (SER) - Users Mailing List' mailto:sr-users@lists.sip-router.org sr-users@lists.sip-router.org Objet : RE: [SR-Users] Kamailio 4.2.6 crash
Hello Daniel,
I move to 4.2.7. This morning a new crash occurred. I got two coredump:
Core was generated by `/usr/local/sbin/kamailio -P /var/run/kamailio.pid -m 256 -M 64'.
Program terminated with signal 11, Segmentation fault.
#0 0x000000000062245e in qm_status (qm=0x7f9abd447000) at mem/q_malloc.c:788
788 f!=&(qm->free_hash[h].head); f=f->u.nxt_free, i++, j++){
(gdb) bt full
#0 0x000000000062245e in qm_status (qm=0x7f9abd447000) at mem/q_malloc.c:788
f = 0x30a012010010a0d
i = 57
j = 4
h = 4
unused = 0
memlog = 5
mem_summary = 3
__FUNCTION__ = "qm_status"
#1 0x000000000061a795 in qm_debug_frag (qm=0x7f9abd447000, f=0x7f9abd767970) at mem/q_malloc.c:160
__FUNCTION__ = "qm_debug_frag"
#2 0x000000000061ca58 in qm_free (qm=0x7f9abd447000, p=0x7f9abd7679a0, file=0x7f9ace7e2662 "dialog: dlg_hash.c", func=0x7f9ace7e50e2 "destroy_dlg", line=380) at mem/q_malloc.c:468
f = 0x7f9abd767970
size = 176
next = 0x400
prev = 0x7fff39bc7910
__FUNCTION__ = "qm_free"
#3 0x00007f9ace7a64ef in destroy_dlg (dlg=0x7f9abd7660b8) at dlg_hash.c:380
ret = 0
var = 0x7f9ad54374e8
__FUNCTION__ = "destroy_dlg"
#4 0x00007f9ace7a67df in destroy_dlg_table () at dlg_hash.c:419
dlg = 0x0
l_dlg = 0x7f9abd7660b8
i = 665
__FUNCTION__ = "destroy_dlg_table"
#5 0x00007f9ace771263 in mod_destroy () at dialog.c:783
No locals.
#6 0x00000000005929ee in destroy_modules () at sr_module.c:811
t = 0x7f9ad52b8d00
foo = 0x7f9ad52b8a30
__FUNCTION__ = "destroy_modules"
#7 0x000000000049c917 in cleanup (show_status=1) at main.c:569
memlog = 0
__FUNCTION__ = "cleanup"
#8 0x000000000049dee4 in shutdown_children (sig=15, show_status=1) at main.c:711
__FUNCTION__ = "shutdown_children"
#9 0x00000000004a04ba in handle_sigs () at main.c:802
chld = 0
chld_status = 139
memlog = -1119369840
__FUNCTION__ = "handle_sigs"
#10 0x00000000004a82eb in main_loop () at main.c:1757
i = 8
pid = 24021
si = 0x0
si_desc = "udp receiver child=7 sock=91.213.145.60:5060\000\177\000\000`~\274\071\377\177\000\000\033{N\000\ 000\000\000\000\260~\274\071\377\177\000\000\004\000\000\000\000\000\000\000 `TA\000\000\000\000\000(\305G\275\232\177", '\000' <repeats 14 times>, "\001\000\000\000\260~\274\071\377\177\000\000\276{N\000\000\000\000"
nrprocs = 8
__FUNCTION__ = "main_loop"
#11 0x00000000004acfab in main (argc=7, argv=0x7fff39bc8128) at main.c:2581
cfg_stream = 0x2392010
c = -1
r = 0
tmp = 0x7fff39bc8f70 ""
tmp_len = 32767
port = 968654846
proto = 0
options = 0x7033b8 ":f:cm:M:dVIhEeb:l:L:n:vKrRDTN:W:w:t:u:g:P:G:SQ:O:a:A:"
ret = -1
seed = 1451157380
rfd = 4
debug_save = 0
debug_flag = 0
dont_fork_cnt = 0
n_lst = 0x40d134
p = 0xc2 <Address 0xc2 out of bounds>
__FUNCTION__ = "main"
Second one:
Core was generated by `/usr/local/sbin/kamailio -P /var/run/kamailio.pid -m 256 -M 64'.
Program terminated with signal 11, Segmentation fault.
#0 0x000000000062245e in qm_status (qm=0x7f9abd447000) at mem/q_malloc.c:788
788 f!=&(qm->free_hash[h].head); f=f->u.nxt_free, i++, j++){
(gdb) bt full
#0 0x000000000062245e in qm_status (qm=0x7f9abd447000) at mem/q_malloc.c:788
f = 0x30a012010010a0d
i = 16
j = 4
h = 4
unused = 0
memlog = 5
mem_summary = 3
__FUNCTION__ = "qm_status"
#1 0x000000000061a420 in qm_debug_frag (qm=0x7f9abd447000, f=0x7f9abd767300) at mem/q_malloc.c:150
__FUNCTION__ = "qm_debug_frag"
#2 0x000000000061ca58 in qm_free (qm=0x7f9abd447000, p=0x7f9abd767330, file=0x7f9ad3d2f34d "tm: h_table.c", func=0x7f9ad3d2f628 "free_cell", line=186) at mem/q_malloc.c:468
f = 0x7f9abd767300
size = 40
next = 0x400
prev = 0x7fff39bc7b80
__FUNCTION__ = "qm_free"
#3 0x00007f9ad3c70c9d in free_cell (dead_cell=0x7f9abd79b5c0) at h_table.c:186
b = 0x7f9abd767330 "INVITE sip:00447798156873@goren SIP/2.0\r\nRecord-Route: sip:A.B.C.D;lr;did=4b7.60a\r\nCSeq: 1 INVITE\r\nCall-ID: 729d-7e9-015201693735-DSQ-1-A.B.C_leg2\r\nFrom: sip:0123456789@D.C.B.A;"...
i = 0
rpl = 0x0
tt = 0x7f9abd5d8bf8
foo = 0x7fff39bc7c50
cbs = 0x0
cbs_tmp = 0x7f9abd7600a0
__FUNCTION__ = "free_cell"
#4 0x00007f9ad3cb5a1c in wait_handler (ti=1300688687, wait_tl=0x7f9abd79b640, data=0x7f9abd79b5c0) at timer.c:675
p_cell = 0x7f9abd79b5c0
ret = 1
#5 0x00000000005fd30f in timer_list_expire (t=1300688687, h=0x7f9abd4c0908, slow_l=0x7f9abd4c36d8, slow_mark=17084) at timer.c:888
tl = 0x7f9abd79b640
ret = 1300688687
#6 0x00000000005fd757 in timer_handler () at timer.c:953
saved_ticks = 1300688687
run_slow_timer = 0
i = 700
__FUNCTION__ = "timer_handler"
#7 0x00000000005fdbc5 in timer_main () at timer.c:992
No locals.
#8 0x00000000004a77e6 in main_loop () at main.c:1700
i = 8
pid = 0
si = 0x0
si_desc = "udp receiver child=7 sock=91.213.145.60:5060\000\177\000\000`~\274\071\377\177\000\000\033{N\000\ 000\000\000\000\260~\274\071\377\177\000\000\004\000\000\000\000\000\000\000 `TA\000\000\000\000\000(\305G\275\232\177", '\000' <repeats 14 times>, "\001\000\000\000\260~\274\071\377\177\000\000\276{N\000\000\000\000"
nrprocs = 8
__FUNCTION__ = "main_loop"
#9 0x00000000004acfab in main (argc=7, argv=0x7fff39bc8128) at main.c:2581
cfg_stream = 0x2392010
c = -1
r = 0
tmp = 0x7fff39bc8f70 ""
tmp_len = 32767
port = 968654846
proto = 0
options = 0x7033b8 ":f:cm:M:dVIhEeb:l:L:n:vKrRDTN:W:w:t:u:g:P:G:SQ:O:a:A:"
ret = -1
seed = 1451157380
rfd = 4
debug_save = 0
debug_flag = 0
dont_fork_cnt = 0
n_lst = 0x40d134
p = 0xc2 <Address 0xc2 out of bounds>
__FUNCTION__ = "main"
Regards,
Igor.
De : Igor Potjevlesch [mailto:igor.potjevlesch@gmail.com] Envoyé : lundi 4 janvier 2016 10:55 À : miconda@gmail.com mailto:miconda@gmail.com ; 'Kamailio (SER) - Users Mailing List' <sr-users@lists.sip-router.org mailto:sr-users@lists.sip-router.org > Objet : RE: [SR-Users] Kamailio 4.2.6 crash
Hi Daniel,
I wish you an happy new year! I will schedule this update in the next few days.
Thank you for your support.
Regards,
Igor.
De : Daniel-Constantin Mierla [mailto:miconda@gmail.com] Envoyé : vendredi 18 décembre 2015 11:28 À : Igor Potjevlesch <igor.potjevlesch@gmail.com mailto:igor.potjevlesch@gmail.com >; 'Kamailio (SER) - Users Mailing List' <sr-users@lists.sip-router.org mailto:sr-users@lists.sip-router.org > Objet : Re: [SR-Users] Kamailio 4.2.6 crash
Hello,
can you upgrade to 4.2.7, it has some fixes that may be related to this issue -- there are no changes to config/database that need to be done.
Cheers, Daniel
On 16/12/15 15:06, Igor Potjevlesch wrote:
Hello,
Here is the output:
kamailio -v
version: kamailio 4.2.6 (x86_64/linux) db77ac
flags: STATS: Off, USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS, DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MEM, SHM_MMAP, PKG_MALLOC, F_MALLOC, DBG_F_MALLOC, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLACKLIST, HAVE_RESOLV_RES
ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16, MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT PKG_SIZE 64MB
poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
id: db77ac
compiled on 12:19:48 Oct 2 2015 with gcc 4.4.7
Regards,
Igor.
De : Daniel-Constantin Mierla [mailto:miconda@gmail.com] Envoyé : lundi 14 décembre 2015 16:16 À : Igor Potjevlesch mailto:igor.potjevlesch@gmail.com igor.potjevlesch@gmail.com; 'Kamailio (SER) - Users Mailing List' mailto:sr-users@lists.sip-router.org sr-users@lists.sip-router.org Objet : Re: [SR-Users] Kamailio 4.2.6 crash
Hello,
yes, it is the output I wanted.
What is the exact version are you running? It is the output of 'kamailio -v'.
Cheers, Daniel
On 14/12/15 15:53, Igor Potjevlesch wrote:
Hello Daniel,
Is this the expected output?:
(gdb) frame 0
#0 0x0000000000619694 in fm_extract_free (qm=0x7f0114c07000, frag=0x7f0114f0e4b0) at mem/f_malloc.c:206
206 *pf=frag->u.nxt_free;
(gdb) list
201 int hash;
202
203 pf = frag->prv_free;
204 hash = GET_HASH(frag->size);
205
206 *pf=frag->u.nxt_free;
207
208 if(frag->u.nxt_free) frag->u.nxt_free->prv_free = pf;
209
210 qm->ffrags--;
(gdb)
Regards,
Igor.
De : sr-users [mailto:sr-users-bounces@lists.sip-router.org] De la part de Daniel-Constantin Mierla Envoyé : lundi 14 décembre 2015 13:15 À : Kamailio (SER) - Users Mailing List mailto:sr-users@lists.sip-router.org sr-users@lists.sip-router.org Objet : Re: [SR-Users] Kamailio 4.2.6 crash
Hello,
can you provide the list output in gdb for frame 0:
frame 0 list
Cheers, Daniel
Hello,
the runtime issue is happening inside the free cell of tm, which I refactored for catching unnecessary refs, as I got leads could happen on some async handling. But that code is only in master and branch 4.3. Would you be able to test with those branches? If not, I can try to see if the code can be backported without big impact.
Cheers, Daniel
On 19/01/16 10:07, Igor Potjevlesch wrote:
Hello Daniel,
I don't think so. Looking at my config, I don't see any t_suspend and tsilo module is not loaded.
I'm just using dialog module for snmpstats.
Regards,
Igor.
*De :*Daniel-Constantin Mierla [mailto:miconda@gmail.com] *Envoyé :* lundi 18 janvier 2016 08:56 *À :* Igor Potjevlesch igor.potjevlesch@gmail.com; 'Kamailio (SER) - Users Mailing List' sr-users@lists.sip-router.org *Objet :* Re: [SR-Users] Kamailio 4.2.6 crash
Hello,
are you using async transactions (e.g., t_suspend() or tsilo module)?
Cheers, Daniel
On 15/01/16 10:51, Igor Potjevlesch wrote:
I also seen this in /var/log/messages during the crash: Jan 15 10:37:41 tanus /usr/local/sbin/kamailio[24021]: : <core> [mem/q_malloc.c:149]: qm_debug_frag(): BUG: qm_*: fragm. 0x7f9abd767300 (address 0x7f9abd767330) end overwritten(d33762d69737465, 746e65746e6f430a)! Jan 15 10:37:41 tanus kernel: kamailio[24021] general protection ip:62245e sp:7fff39bc7900 error:0 in kamailio[400000+3c8000] Jan 15 10:37:42 tanus abrtd: Directory 'ccpp-2016-01-15-10:37:41-24021' creation detected
Hello Daniel,
Unfortunately not. Especially because I don't know how to reproduce the issue.
Regards,
Igor.
De : Daniel-Constantin Mierla [mailto:miconda@gmail.com] Envoyé : mardi 19 janvier 2016 19:03 À : Igor Potjevlesch igor.potjevlesch@gmail.com; 'Kamailio (SER) - Users Mailing List' sr-users@lists.sip-router.org Objet : Re: [SR-Users] Kamailio 4.2.6 crash
Hello,
the runtime issue is happening inside the free cell of tm, which I refactored for catching unnecessary refs, as I got leads could happen on some async handling. But that code is only in master and branch 4.3. Would you be able to test with those branches? If not, I can try to see if the code can be backported without big impact.
Cheers, Daniel
On 19/01/16 10:07, Igor Potjevlesch wrote:
Hello Daniel,
I don't think so. Looking at my config, I don't see any t_suspend and tsilo module is not loaded.
I'm just using dialog module for snmpstats.
Regards,
Igor.
De : Daniel-Constantin Mierla [mailto:miconda@gmail.com] Envoyé : lundi 18 janvier 2016 08:56 À : Igor Potjevlesch mailto:igor.potjevlesch@gmail.com igor.potjevlesch@gmail.com; 'Kamailio (SER) - Users Mailing List' mailto:sr-users@lists.sip-router.org sr-users@lists.sip-router.org Objet : Re: [SR-Users] Kamailio 4.2.6 crash
Hello,
are you using async transactions (e.g., t_suspend() or tsilo module)?
Cheers, Daniel
On 15/01/16 10:51, Igor Potjevlesch wrote:
I also seen this in /var/log/messages during the crash:
Jan 15 10:37:41 tanus /usr/local/sbin/kamailio[24021]: : <core> [mem/q_malloc.c:149]: qm_debug_frag(): BUG: qm_*: fragm. 0x7f9abd767300 (address 0x7f9abd767330) end overwritten(d33762d69737465, 746e65746e6f430a)!
Jan 15 10:37:41 tanus kernel: kamailio[24021] general protection ip:62245e sp:7fff39bc7900 error:0 in kamailio[400000+3c8000]
Jan 15 10:37:42 tanus abrtd: Directory 'ccpp-2016-01-15-10:37:41-24021' creation detected
Hello Daniel,
Just to let you know that I got three successive crashs and they look similar to the previous.
Program terminated with signal 11, Segmentation fault.
#0 0x000000000062245e in qm_status (qm=0x7fad9daef000) at mem/q_malloc.c:788
788 f!=&(qm->free_hash[h].head); f=f->u.nxt_free, i++, j++){
Please let me know if you need additional information from the different coredumps.
Regards,
Igor.
De : Igor Potjevlesch [mailto:igor.potjevlesch@gmail.com] Envoyé : mercredi 20 janvier 2016 13:10 À : miconda@gmail.com; 'Kamailio (SER) - Users Mailing List' sr-users@lists.sip-router.org Objet : RE: [SR-Users] Kamailio 4.2.6 crash
Hello Daniel,
Unfortunately not. Especially because I don't know how to reproduce the issue.
Regards,
Igor.
De : Daniel-Constantin Mierla [mailto:miconda@gmail.com] Envoyé : mardi 19 janvier 2016 19:03 À : Igor Potjevlesch <igor.potjevlesch@gmail.com mailto:igor.potjevlesch@gmail.com >; 'Kamailio (SER) - Users Mailing List' <sr-users@lists.sip-router.org mailto:sr-users@lists.sip-router.org > Objet : Re: [SR-Users] Kamailio 4.2.6 crash
Hello,
the runtime issue is happening inside the free cell of tm, which I refactored for catching unnecessary refs, as I got leads could happen on some async handling. But that code is only in master and branch 4.3. Would you be able to test with those branches? If not, I can try to see if the code can be backported without big impact.
Cheers, Daniel
On 19/01/16 10:07, Igor Potjevlesch wrote:
Hello Daniel,
I don't think so. Looking at my config, I don't see any t_suspend and tsilo module is not loaded.
I'm just using dialog module for snmpstats.
Regards,
Igor.
De : Daniel-Constantin Mierla [mailto:miconda@gmail.com] Envoyé : lundi 18 janvier 2016 08:56 À : Igor Potjevlesch mailto:igor.potjevlesch@gmail.com igor.potjevlesch@gmail.com; 'Kamailio (SER) - Users Mailing List' mailto:sr-users@lists.sip-router.org sr-users@lists.sip-router.org Objet : Re: [SR-Users] Kamailio 4.2.6 crash
Hello,
are you using async transactions (e.g., t_suspend() or tsilo module)?
Cheers, Daniel
On 15/01/16 10:51, Igor Potjevlesch wrote:
I also seen this in /var/log/messages during the crash:
Jan 15 10:37:41 tanus /usr/local/sbin/kamailio[24021]: : <core> [mem/q_malloc.c:149]: qm_debug_frag(): BUG: qm_*: fragm. 0x7f9abd767300 (address 0x7f9abd767330) end overwritten(d33762d69737465, 746e65746e6f430a)!
Jan 15 10:37:41 tanus kernel: kamailio[24021] general protection ip:62245e sp:7fff39bc7900 error:0 in kamailio[400000+3c8000]
Jan 15 10:37:42 tanus abrtd: Directory 'ccpp-2016-01-15-10:37:41-24021' creation detected
Hello,
did you get the same error message with 'fragment end overwritten'?
How many core files did you get?
Cheers, Daniel
On 03/02/16 18:06, Igor Potjevlesch wrote:
Hello Daniel,
Just to let you know that I got three successive crashs and they look similar to the previous.
Program terminated with signal 11, Segmentation fault.
#0 0x000000000062245e in qm_status (qm=0x7fad9daef000) at mem/q_malloc.c:788
788 f!=&(qm->free_hash[h].head); f=f->u.nxt_free, i++, j++){
Please let me know if you need additional information from the different coredumps.
Regards,
Igor.
*De :*Igor Potjevlesch [mailto:igor.potjevlesch@gmail.com] *Envoyé :* mercredi 20 janvier 2016 13:10 *À :* miconda@gmail.com; 'Kamailio (SER) - Users Mailing List' sr-users@lists.sip-router.org *Objet :* RE: [SR-Users] Kamailio 4.2.6 crash
Hello Daniel,
Unfortunately not. Especially because I don't know how to reproduce the issue.
Regards,
Igor.
*De :*Daniel-Constantin Mierla [mailto:miconda@gmail.com] *Envoyé :* mardi 19 janvier 2016 19:03 *À :* Igor Potjevlesch <igor.potjevlesch@gmail.com mailto:igor.potjevlesch@gmail.com>; 'Kamailio (SER) - Users Mailing List' <sr-users@lists.sip-router.org mailto:sr-users@lists.sip-router.org> *Objet :* Re: [SR-Users] Kamailio 4.2.6 crash
Hello,
the runtime issue is happening inside the free cell of tm, which I refactored for catching unnecessary refs, as I got leads could happen on some async handling. But that code is only in master and branch 4.3. Would you be able to test with those branches? If not, I can try to see if the code can be backported without big impact.
Cheers, Daniel
On 19/01/16 10:07, Igor Potjevlesch wrote:
Hello Daniel, I don't think so. Looking at my config, I don't see any t_suspend and tsilo module is not loaded. I'm just using dialog module for snmpstats. Regards, Igor. *De :*Daniel-Constantin Mierla [mailto:miconda@gmail.com] *Envoyé :* lundi 18 janvier 2016 08:56 *À :* Igor Potjevlesch <igor.potjevlesch@gmail.com> <mailto:igor.potjevlesch@gmail.com>; 'Kamailio (SER) - Users Mailing List' <sr-users@lists.sip-router.org> <mailto:sr-users@lists.sip-router.org> *Objet :* Re: [SR-Users] Kamailio 4.2.6 crash Hello, are you using async transactions (e.g., t_suspend() or tsilo module)? Cheers, Daniel On 15/01/16 10:51, Igor Potjevlesch wrote: I also seen this in /var/log/messages during the crash: Jan 15 10:37:41 tanus /usr/local/sbin/kamailio[24021]: : <core> [mem/q_malloc.c:149]: qm_debug_frag(): BUG: qm_*: fragm. 0x7f9abd767300 (address 0x7f9abd767330) end overwritten(d33762d69737465, 746e65746e6f430a)! Jan 15 10:37:41 tanus kernel: kamailio[24021] general protection ip:62245e sp:7fff39bc7900 error:0 in kamailio[400000+3c8000] Jan 15 10:37:42 tanus abrtd: Directory 'ccpp-2016-01-15-10:37:41-24021' creation detected-- Daniel-Constantin Mierla http://twitter.com/#!/miconda http://twitter.com/#%21/miconda - http://www.linkedin.com/in/miconda Book: SIP Routing With Kamailio - http://www.asipto.com http://miconda.eu
Hello Daniel,
There were 6 coredumps with the 6 errors messages:
Feb 3 17:58:30 /usr/local/sbin/kamailio[18360]: : <core> [mem/q_malloc.c:149]: qm_debug_frag(): BUG: qm_*: fragm. 0x7fad9de32df0 (address 0x7fad9de32e20) end overwritten(676f6c6169443d6f, 32205044535f6369)!
Feb 3 17:58:31 /usr/local/sbin/kamailio[18329]: : <core> [mem/q_malloc.c:140]: qm_debug_frag(): BUG: qm_*: fragm. 0x7fad9de19b90 (address 0x7fad9de19bc0) beginning overwritten(a0d3020303d740a)!
Feb 3 17:58:50 /usr/local/sbin/kamailio[29527]: : <core> [mem/q_malloc.c:140]: qm_debug_frag(): BUG: qm_*: fragm. 0x7ffcfd5cf3d8 (address 0x7ffcfd5cf408) beginning overwritten(b02030a01201001)!
Feb 3 17:58:51 /usr/local/sbin/kamailio[29514]: : <core> [mem/q_malloc.c:149]: qm_debug_frag(): BUG: qm_*: fragm. 0x7ffcfd5cee30 (address 0x7ffcfd5cee60) end overwritten(6c707061203a6570, 2f6e6f6974616369)!
Feb 3 17:59:18 /usr/local/sbin/kamailio[29689]: : <core> [mem/q_malloc.c:140]: qm_debug_frag(): BUG: qm_*: fragm. 0x7f51b7689920 (address 0x7f51b7689950) beginning overwritten(b02030a01201001)!
Feb 3 17:59:20 /usr/local/sbin/kamailio[29666]: : <core> [mem/q_malloc.c:149]: qm_debug_frag(): BUG: qm_*: fragm. 0x7f51b7689378 (address 0x7f51b76893a8) end overwritten(6c707061203a6570, 2f6e6f6974616369)!
Regards,
Igor.
De : Daniel-Constantin Mierla [mailto:miconda@gmail.com] Envoyé : jeudi 4 février 2016 12:10 À : Igor Potjevlesch igor.potjevlesch@gmail.com; 'Kamailio (SER) - Users Mailing List' sr-users@lists.sip-router.org Objet : Re: [SR-Users] Kamailio 4.2.6 crash
Hello,
did you get the same error message with 'fragment end overwritten'?
How many core files did you get?
Cheers, Daniel
On 03/02/16 18:06, Igor Potjevlesch wrote:
Hello Daniel,
Just to let you know that I got three successive crashs and they look similar to the previous.
Program terminated with signal 11, Segmentation fault.
#0 0x000000000062245e in qm_status (qm=0x7fad9daef000) at mem/q_malloc.c:788
788 f!=&(qm->free_hash[h].head); f=f->u.nxt_free, i++, j++){
Please let me know if you need additional information from the different coredumps.
Regards,
Igor.
De : Igor Potjevlesch [ mailto:igor.potjevlesch@gmail.com mailto:igor.potjevlesch@gmail.com] Envoyé : mercredi 20 janvier 2016 13:10 À : mailto:miconda@gmail.com miconda@gmail.com; 'Kamailio (SER) - Users Mailing List' mailto:sr-users@lists.sip-router.org sr-users@lists.sip-router.org Objet : RE: [SR-Users] Kamailio 4.2.6 crash
Hello Daniel,
Unfortunately not. Especially because I don't know how to reproduce the issue.
Regards,
Igor.
De : Daniel-Constantin Mierla [ mailto:miconda@gmail.com mailto:miconda@gmail.com] Envoyé : mardi 19 janvier 2016 19:03 À : Igor Potjevlesch < mailto:igor.potjevlesch@gmail.com igor.potjevlesch@gmail.com>; 'Kamailio (SER) - Users Mailing List' < mailto:sr-users@lists.sip-router.org sr-users@lists.sip-router.org> Objet : Re: [SR-Users] Kamailio 4.2.6 crash
Hello,
the runtime issue is happening inside the free cell of tm, which I refactored for catching unnecessary refs, as I got leads could happen on some async handling. But that code is only in master and branch 4.3. Would you be able to test with those branches? If not, I can try to see if the code can be backported without big impact.
Cheers, Daniel
On 19/01/16 10:07, Igor Potjevlesch wrote:
Hello Daniel,
I don't think so. Looking at my config, I don't see any t_suspend and tsilo module is not loaded.
I'm just using dialog module for snmpstats.
Regards,
Igor.
De : Daniel-Constantin Mierla [ mailto:miconda@gmail.com mailto:miconda@gmail.com] Envoyé : lundi 18 janvier 2016 08:56 À : Igor Potjevlesch mailto:igor.potjevlesch@gmail.com igor.potjevlesch@gmail.com; 'Kamailio (SER) - Users Mailing List' mailto:sr-users@lists.sip-router.org sr-users@lists.sip-router.org Objet : Re: [SR-Users] Kamailio 4.2.6 crash
Hello,
are you using async transactions (e.g., t_suspend() or tsilo module)?
Cheers, Daniel
On 15/01/16 10:51, Igor Potjevlesch wrote:
I also seen this in /var/log/messages during the crash:
Jan 15 10:37:41 tanus /usr/local/sbin/kamailio[24021]: : <core> [mem/q_malloc.c:149]: qm_debug_frag(): BUG: qm_*: fragm. 0x7f9abd767300 (address 0x7f9abd767330) end overwritten(d33762d69737465, 746e65746e6f430a)!
Jan 15 10:37:41 tanus kernel: kamailio[24021] general protection ip:62245e sp:7fff39bc7900 error:0 in kamailio[400000+3c8000]
Jan 15 10:37:42 tanus abrtd: Directory 'ccpp-2016-01-15-10:37:41-24021' creation detected
-
Daniel-Constantin Mierla -
Igor Potjevlesch