[OpenSER-Devel] [ openser-Bugs-1908805 ] OpenSER Randomly crashes with SIGBUS on Solaris 10 Sparc.

SourceForge.net noreply at sourceforge.net
Thu Jul 10 14:59:56 CEST 2008


Bugs item #1908805, was opened at 2008-03-06 15:02
Message generated for change (Comment added) made by henningw
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=743020&aid=1908805&group_id=139143

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
>Category: core
>Group: ver devel
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Nobody/Anonymous (nobody)
>Assigned to: Henning Westerholt (henningw)
Summary: OpenSER Randomly crashes with SIGBUS on Solaris 10 Sparc.

Initial Comment:
OpenSER is crashing at random times, with SIGBUS, running on Solaris 10, o Sparc Hardware.

Backtrace of Core file:

#0  0x000bcfbc in fm_malloc (qm=0x185320, size=24, file=0xfedbac10 "res.c",
    func=0xfedbac70 "db_mysql_get_columns", line=62) at mem/f_malloc.c:267
#1  0xfedb74b0 in db_mysql_get_columns (_h=0x1cbf68, _r=0x24dde8) at res.c:62
#2  0xfedb79f0 in db_mysql_convert_result (_h=0x1cbf68, _r=0x24dde8) at res.c:167
#3  0xfedb28c4 in db_mysql_store_result (_h=0x1cbf68, _r=0xffbff830) at dbase.c:209
#4  0xfedb40e8 in db_mysql_raw_query (_h=0x1cbf68,
    _s=0xff07e668 "select received, contact, socket, cflags, path from location where expires > '2008-03-04 13:37:51' and cflags & 64 = 64 and id % 1 = 0", _r=0xffbff830) at dbase.c:447
#5  0xff053260 in get_all_db_ucontacts (buf=0x1ceec0, len=320054, flags=64, part_idx=0, part_max=1)
    at dlist.c:128
#6  0xff0528c8 in get_all_ucontacts (buf=0x1ceec0, len=320058, flags=64, part_idx=0, part_max=
1) at dlist.c:356
#7  0xfee57c6c in pingClients (ticks=60, param=0x0) at functions.h:60
#8  0x000aa430 in timer_ticker (timer_list=0x163c00) at timer.c:275
#9  0x000aa180 in run_timer_process (tpl=0x1c5808, do_jiffies=1) at timer.c:357
#10 0x000aa6fc in start_timer_processes () at timer.c:386
#11 0x00036788 in main_loop () at main.c:873
#12 0x0003a0c4 in main (argc=1137536, argv=0x155f1c) at main.c:1372

Detailed inpsection of frame 0:

(gdb) print qm
$1 = (struct fm_block *) 0x185320

(gdb) frame 0
#0  0x000bcfbc in fm_malloc (qm=0x185320, size=24, file=0xfedbac10 "res.c",
    func=0xfedbac70 "db_mysql_get_columns", line=62) at mem/f_malloc.c:267
267                             if ((*f)->size>=size) goto found;
(gdb) list
262             /*search for a suitable free frag*/
263
264             for(hash=GET_HASH(size);hash<F_HASH_SIZE;hash++){
265                     f=&(qm->free_hash[hash].first);
266                     for(;(*f); f=&((*f)->u.nxt_free))
267                             if ((*f)->size>=size) goto found;
268                     /* try in a bigger bucket */
269             }
270             /* not found, bad! */
271             return 0;

(gdb) print qm->free_hash[hash]
$1 = {first = 0x69703a31, no = 1}
(gdb) print qm->free_hash
$2 = {{first = 0x0, no = 0}, {first = 0x0, no = 0}, {first = 0x0, no = 0}, {first = 0x69703a31, no = 1}, {
    first = 0x0, no = 0}, {first = 0x0, no = 0}, {first = 0x0, no = 0}, {first = 0x0, no = 0}, {first = 0x0,
    no = 0}, {first = 0x0, no = 0}, {first = 0x24dd68, no = 4641}, {first = 0x0, no = 0} <repeats 21 times>, {
    first = 0x1ced90, no = 1}, {first = 0x0, no = 0} <repeats 679 times>, {first = 0x1cef40, no = 1}, {
    first = 0x0, no = 0} <repeats 1337 times>, {first = 0x1cef40, no = 1}, {first = 0x0, no = 0}, {
    first = 0x24de38, no = 1}, {first = 0x0, no = 0} <repeats 11 times>, {first = 0x21d100, no = 1}, {
    first = 0x0, no = 0}, {first = 0x0, no = 0}}
(gdb) print qm->free_hash.no
$3 = 0
(gdb) print qm->free_hash[hash].first
$4 = (struct fm_frag *) 0x69703a31
(gdb) x/s 0x69703a31
0x69703a31:      <Address 0x69703a31 out of bounds>

----------------------------------------------------------------------

>Comment By: Henning Westerholt (henningw)
Date: 2008-07-10 12:59

Message:
Logged In: YES 
user_id=337916
Originator: NO

Robin,

thanks for the update. Good that it works for you now. Lets keep this open
for some time, perhaps you can observe this problem again.

----------------------------------------------------------------------

Comment By: Robin Vleij (rvley)
Date: 2008-07-09 08:54

Message:
Logged In: YES 
user_id=2079583
Originator: NO

Henning,

The problem has only occurred once. Since the bugreport nothing went
wrong. We're running on 64-bit Debian and compiled from sources from the
start. I'll keep an eye on this, right now I don't want to touch something.
:)
Also, when the crash happened, I was running into "max while loops" all
the time because of a database lookup. After the crash I upped the
max_while_loops value. It might have something to do with that as well
actually.

----------------------------------------------------------------------

Comment By: Henning Westerholt (henningw)
Date: 2008-07-08 13:08

Message:
Logged In: YES 
user_id=337916
Originator: NO

Hi Sergio,

thanks for the comment. Robin, does the problem still exists in your
installation, perhaps this can be also fixed with a recompilation?

Cheers,

Henning

----------------------------------------------------------------------

Comment By: Sergio Gutierrez (saguti)
Date: 2008-07-04 15:13

Message:
Logged In: YES 
user_id=1960760
Originator: NO

Hello Everybody.

For your information. I solved this issue by compiling OpenSER on 64 bit
mode on Solaris SPARC; The issue has not presented again.

Thanks for your attention. 

----------------------------------------------------------------------

Comment By: Robin Vleij (rvley)
Date: 2008-05-05 12:06

Message:
Logged In: YES 
user_id=2079583
Originator: NO

We have exactly the same under Debian.

Core was generated by `/usr/local/sbin/openser -P
/var/run/openser/openser.pid -m 64 -u root -g root'.
Program terminated with signal 11, Segmentation fault.
#0  fm_malloc (qm=0x636d20, size=<value optimized out>) at
mem/f_malloc.c:267
267                             if ((*f)->size>=size) goto found;

(gdb) backtrace
#26 0x000000000040d780 in do_action (a=0x64bf68, msg=0x76ae48) at
action.c:695
#27 0x000000000040dfac in run_action_list (a=<value optimized out>,
msg=0x76ae48) at action.c:132
#28 0x000000000040e309 in run_top_route (a=0x643398, msg=0x76ae48) at
action.c:112
#29 0x000000000044b8bf in receive_msg (
    buf=0x625ca0 "INVITE
sip:0701622252 at sip-corporate.tele2.se:5060;user=phone SIP/2.0\r\nFrom:
<sip:0701622770 at 83.241.249.164;user=phone>;tag=a4f9f153-13c4-481d07de-2c7577c4-6798f55c\r\nTo:
<sip:0701622252 at sip-corporate.t"..., len=1340, rcv_info=0x7fff5a9ef490) at
receive.c:156
#30 0x0000000000488154 in udp_rcv_loop () at udp_server.c:438
#31 0x0000000000425081 in main (argc=9, argv=0x7fff5a9ef698) at
main.c:834

(gdb) print qm
$1 = (struct fm_block *) 0x636d20
(gdb) frame 0
#0  fm_malloc (qm=0x636d20, size=<value optimized out>) at
mem/f_malloc.c:267
267                             if ((*f)->size>=size) goto found;
(gdb) print qm->free_hash[hash]
$2 = {first = 0x6334316437656235, no = 73}

(gdb) list
262             /*search for a suitable free frag*/
263
264             for(hash=GET_HASH(size);hash<F_HASH_SIZE;hash++){
265                     f=&(qm->free_hash[hash].first);
266                     for(;(*f); f=&((*f)->u.nxt_free))
267                             if ((*f)->size>=size) goto found;
268                     /* try in a bigger bucket */
269             }
270             /* not found, bad! */
271             return 0;
(gdb) print qm->free_hash[hash]
$4 = {first = 0x6334316437656235, no = 73}
(gdb) print qm->free_hash.no
$5 = 0
(gdb) print qm->free_hash[hash].first
$6 = (struct fm_frag *) 0x6334316437656235
(gdb) x/s 0x6334316437656235
0x6334316437656235:      <Address 0x6334316437656235 out of bounds>


----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=743020&aid=1908805&group_id=139143



More information about the Devel mailing list