[Devel] Segmentation fault in Openser 1.1.0

Titus Sanchez titusjo at gmail.com
Fri Aug 4 03:44:20 CEST 2006 

Hi All,
We're running Openser with flatstore and acc with extra accounting and we've
experienced several segmentation faults . I've attached the backtrace of the
3 core files that we have. If anyone can take a look at the actual cores,
let me know and I'll find a way of getting it to you.

Thanks,
Titus


=====Core dump 1=====
#0  0xb7ea0e59 in free () from /lib/tls/libc.so.6
#1  0xb7e9dcb9 in _IO_free_backup_area () from /lib/tls/libc.so.6
#2  0xb7e9c8b1 in _IO_file_overflow () from /lib/tls/libc.so.6
#3  0xb7e9d3bd in _IO_file_xsputn () from /lib/tls/libc.so.6
#4  0xb7e7d360 in vfprintf () from /lib/tls/libc.so.6
#5  0xb7e823eb in fprintf () from /lib/tls/libc.so.6
#6  0xb7a5b377 in flat_db_insert (h=0xb7a50ff8, k=0xb7a75ec0, v=0xb7a76020,
n=20) at flatstore.c:179
#7  0xb7a60c1e in acc_db_request (rq=0xb5bc6f78, to=0xb7a50ff8,
phrase=0xb7a50ff8, table=0xb7a50ff8 <Address 0xb7a50ff8 out of bounds>,
    fmt=0xb7a631b9 "FTmiofcts0drX") at acc.c:665
#8  0xb7a611e8 in acc_db_reply (t=0xb7a50ff8, req=0xb7a50ff8,
reply=0x813b1e8, code=200) at acc.c:103
#9  0xb7a62e48 in tmcb_func (t=0xb5bd3cc0, type=-1213919240, ps=0x0) at
acc_mod.c:736
#10 0xb7b0a220 in run_trans_callbacks (type=128, trans=0xb5bd3cc0,
req=0xb7a50ff8, rpl=0xb7a50ff8, code=-1213919240) at t_hooks.c:209
#11 0xb7b148c5 in relay_reply (t=0xb5bd3cc0, p_msg=0xb5bd3cc0, branch=0,
msg_status=200, cancel_bitmap=0xbfd87600) at t_reply.c:1075
#12 0xb7b1536e in reply_received (p_msg=0x813b1e8) at t_reply.c:1294
#13 0x0805b476 in forward_reply (msg=0x813b1e8) at forward.c:449
#14 0x0807731a in receive_msg (
    buf=0x80f44a0 "SIP/2.0 200 OK\r\nVia: SIP/2.0/UDP 70.167.153.140;branch=
z9hG4bK058e.7228123fb06ad84b6f88a5373c394549.0,SIP/2.0/UDP 70.167.153.139
;branch=z9hG4bK058e.0febfd6ad52382e34c40dccbdb6014ae.0,SIP/2.0/UDP 192.1"...,
len=1154, rcv_info=0xbfd87720) at receive.c:194
#15 0x0809687c in udp_rcv_loop () at udp_server.c:465
#16 0x08066476 in main_loop () at main.c:925
#17 0x08066c65 in main (argc=3, argv=0xbfd87904) at main.c:1477

=====Core dump 2=====
#0  0xffffe410 in __kernel_vsyscall ()
#1  0xb7e48d1d in raise () from /lib/tls/libc.so.6
#2  0xb7e4a333 in abort () from /lib/tls/libc.so.6
#3  0xb7e7bb52 in __fsetlocking () from /lib/tls/libc.so.6
#4  0xb7e81497 in malloc_usable_size () from /lib/tls/libc.so.6
#5  0xb7e823ce in free () from /lib/tls/libc.so.6
#6  0xb7e83938 in malloc () from /lib/tls/libc.so.6
#7  0xb7cb6c4b in my_malloc () from /usr/lib/libmysqlclient.so.15
#8  0xb7cd909c in cli_read_rows () from /usr/lib/libmysqlclient.so.15
#9  0xb7cd9bc8 in mysql_close () from /usr/lib/libmysqlclient.so.15
#10 0xb7cd9d95 in mysql_real_query () from /usr/lib/libmysqlclient.so.15
#11 0xb7cb057a in mysql_query () from /usr/lib/libmysqlclient.so.15
#12 0xb7e0f3c0 in completed.1 () from
/usr/local/lib/openser/modules/mysql.so
#13 0x00000048 in ?? ()
#14 0xbff6a058 in ?? ()
#15 0xb7e0f110 in ?? () from /usr/local/lib/openser/modules/mysql.so
#16 0x0812fc00 in mem_pool ()
#17 0xbff6a058 in ?? ()
#18 0xb7e097fe in submit_query (_h=0xb7e0f409, _s=0x0) at dbase.c:85
Previous frame inner to this frame (corrupt stack?)


=====Core dump 3=====
#0  0xb7e491cd in vfprintf () from /lib/tls/libc.so.6
#1  0xb7e513eb in fprintf () from /lib/tls/libc.so.6
#2  0xb7a2a377 in flat_db_insert (h=0x0, k=0xb7a44ec0, v=0xb7a45020, n=20)
at flatstore.c:179
#3  0xb7a2fc1e in acc_db_request (rq=0xb5d5e750, to=0x0, phrase=0x0,
table=0x0, fmt=0xb7a321b9 "FTmiofcts0drX") at acc.c:665
#4  0xb7a301e8 in acc_db_reply (t=0x0, req=0x0, reply=0xffffffff, code=200)
at acc.c:103
#5  0xb7a31e48 in tmcb_func (t=0xb5c64e58, type=0, ps=0x8266388) at
acc_mod.c:736
#6  0xb7ad9220 in run_trans_callbacks (type=128, trans=0xb5c64e58, req=0x0,
rpl=0x0, code=0) at t_hooks.c:209
#7  0xb7ae2d4d in _reply_light (trans=0xb5c64e58,
    buf=0x813bb38 "SIP/2.0 200 canceling\r\nRecord-Route: <sip:
70.167.153.139;lr;ftag=faf7948e9c2cb58e>\r\nVia: SIP/2.0/UDP 70.167.153.139
;branch=z9hG4bK6426.c03891fe21c298b70c864a22b6aeeb3e.0\r\nVia: SIP/2.0/UDP
192.168.0.21"..., len=491, code=200, text=0xb7af4229 "canceling",
    to_tag=0xb7b0d7c0 "4f0cd560fe30be6bc8acf834ff324a17-c490",
to_tag_len=37, lock=1, bm=0xbf958d20) at t_reply.c:366
#8  0xb7ae2ff9 in _reply (trans=0xb5c64e58, p_msg=0x1eb, code=200,
text=0xb7af4229 "canceling", lock=1) at t_reply.c:439
#9  0xb7ad80e8 in e2e_cancel (cancel_msg=0x8139ce8, t_cancel=0xb5c64e58,
t_invite=0xb5d6bbb0) at t_fwd.c:538
#10 0xb7ad8804 in t_forward_nonack (t=0xb5c64e58, p_msg=0x8139ce8,
proxy=0x0) at t_fwd.c:599
#11 0xb7ad57d8 in t_relay_to (p_msg=0x8139ce8, proxy=0x0, replicate=0) at
t_funcs.c:255
#12 0xb7aeb234 in w_t_relay (p_msg=0x8139ce8, proxy=0x0, foo=0x0) at tm.c
:956
#13 0x08050d54 in do_action (a=0x812ff08, msg=0x8139ce8) at action.c:701
#14 0x080523c1 in run_action_list (a=0x812ff08, msg=0x8139ce8) at action.c
:89
#15 0x0807e35a in eval_expr (e=0x812ff38, msg=0x8139ce8) at route.c:624
#16 0x0807e2d9 in eval_expr (e=0x812ff58, msg=0x8139ce8) at route.c:692
#17 0x0804ff21 in do_action (a=0x8130030, msg=0x8139ce8) at action.c:617
#18 0x080513a0 in do_action (a=0x812e420, msg=0x8139ce8) at action.c:89
#19 0x080521a9 in do_action (a=0x812e480, msg=0x8139ce8) at action.c:89
#20 0x08052421 in run_top_route (a=0x812c720, msg=0x8139ce8) at action.c:89
#21 0x080772c8 in receive_msg (
    buf=0x80f44a0 "CANCEL sip:+553288239588 at 70.167.153.140:5060
SIP/2.0\r\nRecord-Route: <sip:70.167.153.139;lr;ftag=faf7948e9c2cb58e>\r\nVia:
SIP/2.0/UDP 70.167.153.139;branch=
z9hG4bK6426.c03891fe21c298b70c864a22b6aeeb3e.0"..., len=599,
rcv_info=0xbf959b30) at receive.c:155
#22 0x0809687c in udp_rcv_loop () at udp_server.c:465
#23 0x08066476 in main_loop () at main.c:925
#24 0x08066c65 in main (argc=3, argv=0xbf959d14) at main.c:1477
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://openser.org/pipermail/devel/attachments/20060803/e7b77331/attachment.htm

More information about the Devel mailing list