[sr-dev] [tracker] Task opened: segfault in tm/timers?

sip-router admin at sip-router.org
Mon Nov 21 04:15:20 CET 2011 

THIS IS AN AUTOMATED MESSAGE, DO NOT REPLY.

A new Flyspray task has been opened.  Details are below. 

User who did this - Bayan Towfiq (btowfiq) 

Attached to Project - sip-router
Summary - segfault in tm/timers?
Task Type - Bug Report
Category - tm
Status - Assigned
Assigned To - Andrei Pelinescu-Onciul
Operating System - All
Severity - High
Priority - Normal
Reported Version - 3.1
Due in Version - Undecided
Due Date - Undecided
Details - Running kamailio 3.1.4 (x86_64/linux)

Log messages and backtraces posted below


Nov 21 01:18:55 localhost /usr/local/sbin/kamailio[3389]: ERROR: tm [t_reply.c:1169]: ERROR: t_should_relay_response: status rewrite by UAS: stored: 408, received: 200
Nov 21 01:18:55 localhost /usr/local/sbin/kamailio[3393]: ERROR: tm [t_reply.c:1169]: ERROR: t_should_relay_response: status rewrite by UAS: stored: 408, received: 200
Nov 21 01:18:55 localhost /usr/local/sbin/kamailio[3398]: ERROR: tm [t_reply.c:1169]: ERROR: t_should_relay_response: status rewrite by UAS: stored: 408, received: 200
Nov 21 01:18:55 localhost /usr/local/sbin/kamailio[3388]: ERROR: tm [t_reply.c:1169]: ERROR: t_should_relay_response: status rewrite by UAS: stored: 408, received: 200
Nov 21 01:18:55 localhost /usr/local/sbin/kamailio[3399]: ERROR: tm [t_reply.c:1169]: ERROR: t_should_relay_response: status rewrite by UAS: stored: 408, received: 200
Nov 21 01:21:53 localhost /usr/local/sbin/kamailio[3402]: ERROR: <core> [timer.c:972]: ERROR: slow timer too slow: overflow (44155 - 43132 = 1023)
Nov 21 01:23:18 localhost /usr/local/sbin/kamailio[3402]: last message repeated 3 times
Nov 21 01:33:45 localhost /usr/local/sbin/kamailio[3401]: WARNING: db_flatstore [km_flatstore.c:240]: error number: 110
Nov 21 01:33:47 localhost /usr/local/sbin/kamailio[3402]: WARNING: db_flatstore [km_flatstore.c:240]: error number: 110
Nov 21 01:34:06 localhost /usr/local/sbin/kamailio[3401]: ERROR: db_flatstore [km_tcp_connection.c:105]: unable to connect to host: Connection timed out
Nov 21 01:34:06 localhost /usr/local/sbin/kamailio[3401]: WARNING: db_flatstore [km_flatstore.c:242]: unable to connect to send over tcp
Nov 21 01:34:06 localhost kernel: [14918465.360194] kamailio[3401] general protection ip:7fab7d6307bf sp:7fff8ae30f20 error:0 in tm.so[7fab7d601000+7a000]
Nov 21 01:34:07 localhost /usr/local/sbin/kamailio[3422]: : <core> [pass_fd.c:293]: ERROR: receive_fd: EOF on 41
Nov 21 01:34:07 localhost /usr/local/sbin/kamailio[3367]: ALERT: <core> [main.c:741]: child process 3401 exited by a signal 11
Nov 21 01:34:07 localhost /usr/local/sbin/kamailio[3367]: ALERT: <core> [main.c:744]: core was generated
Nov 21 01:34:13 localhost /usr/local/sbin/kamailio[3367]: ERROR: ctl [ctl.c:379]: ERROR: ctl: could not delete unix socket /tmp/ser_ctl: Operation not permitted (1)
Nov 21 01:34:13 localhost init: kamailio main process ended, respawning





Core was generated by `/usr/local/sbin/kamailio -P /var/run/kamailio/kamailio.pid -m 256 -u kamailio -'.
Program terminated with signal 11, Segmentation fault.
#0  run_trans_callbacks_internal (cb_lst=<value optimized out>, type=128, trans=0x7fab66fceae0, params=0x7fff8ae30fc0) at t_hooks.c:286
286			if ( (cbp->types)&type ) {
(gdb) bt
#0  run_trans_callbacks_internal (cb_lst=<value optimized out>, type=128, trans=0x7fab66fceae0, params=0x7fff8ae30fc0) at t_hooks.c:286
#1  0x00007fab7d630be3 in run_trans_callbacks (type=0, trans=<value optimized out>, req=<value optimized out>, rpl=0x4000, code=2016588416) at t_hooks.c:317
#2  0x00007fab7d65cee2 in relay_reply (t=0x7fab66fceae0, p_msg=<value optimized out>, branch=2106131784, msg_status=<value optimized out>, cancel_data=<value optimized out>, 
    do_put_on_wait=<value optimized out>) at t_reply.c:1808
#3  0x00007fab7d632172 in fake_reply (t=0x7fab66fceae0, branch=1, code=<value optimized out>) at timer.c:316
#4  0x00007fab7d6324fb in final_response_handler (ticks=360, tl=0x7fab66fcedd8, p=<value optimized out>) at timer.c:490
#5  retr_buf_handler (ticks=360, tl=0x7fab66fcedd8, p=<value optimized out>) at timer.c:547
#6  0x0000000000514d51 in slow_timer_main () at timer.c:1149
#7  0x0000000000463601 in main_loop () at main.c:1602
#8  0x00000000004649c3 in main (argc=11, argv=0x7fff8ae314c8) at main.c:2398






Here is also a full backtrace with the phone number modified to zeros and the IP in the from field changed to xx.xx.xxx.xxx

(gdb) bt full
#0  run_trans_callbacks_internal (cb_lst=<value optimized out>, type=128, trans=0x7fab66fceae0, params=0x7fff8ae30fc0) at t_hooks.c:286
        cbp = 0x732d336c6576656c
        backup_from = 0x8ae150
        backup_to = 0x8ae158
        backup_dom_from = 0x8ae160
        backup_dom_to = 0x8ae168
        backup_uri_from = 0x8ae140
        backup_uri_to = 0x8ae148
#1  0x00007fab7d630be3 in run_trans_callbacks (type=0, trans=<value optimized out>, req=<value optimized out>, rpl=0x4000, code=2016588416) at t_hooks.c:317
        params = {req = 0x7fab672dca88, rpl = 0xffffffffffffffff, param = 0x7fab67049e40, code = 408, flags = 0, branch = 0, t_rbuf = 0x0, dst = 0x0, send_buf = {s = 0x0, len = 0}}
#2  0x00007fab7d65cee2 in relay_reply (t=0x7fab66fceae0, p_msg=<value optimized out>, branch=2106131784, msg_status=<value optimized out>, cancel_data=<value optimized out>, 
    do_put_on_wait=<value optimized out>) at t_reply.c:1808
        relay = 1
        save_clone = 0
        buf = <value optimized out>
        res_len = 371
        relayed_code = 408
        relayed_msg = 0xffffffffffffffff
        reply_bak = 0x0
        bm = {to_tag_val = {
            s = 0xa4d254 "b834aad01f286c898b2a5685a5823214-9083\r\nFrom: <sip:+18150000000 at xx.xx.xxx.xxx>;tag=3530827147-842404\r\nCall-ID: 2710327-3530827147-842398 at gsbc05-lsan.mdsg-pacwest.com\r\nCSeq: 1 INVITE\r\nVia: SIP/2.0/UDP 6"..., len = 37}}
        totag_retr = 0
        reply_status = RPS_COMPLETED
        uas_rb = 0x7fab66fceba0
        to_tag = <value optimized out>
        reason = {s = 0x5903db "Request Timeout", len = 15}
        onsend_params = {req = 0x7fab7fd24480, rpl = 0x7fff8ae31110, param = 0x7fff8ae31128, code = -1964830432, flags = 1, branch = 0, t_rbuf = 0x7fff8ae31138, dst = 0x40d959, send_buf = {
            s = 0x7fab7cfc9240 "AWAVAUATUSH\211\373H\203\354HL\213-H\275!", len = 1727496864}}
        __FUNCTION__ = "relay_reply"
#3  0x00007fab7d632172 in fake_reply (t=0x7fab66fceae0, branch=1, code=<value optimized out>) at timer.c:316
        cancel_data = {cancel_bitmap = 0, reason = {cause = 0, u = {text = {s = 0x0, len = 362111}, e2e_cancel = 0x0, packed_hdrs = {s = 0x0, len = 362111}}}}
        reply_status = <value optimized out>
#4  0x00007fab7d6324fb in final_response_handler (ticks=360, tl=0x7fab66fcedd8, p=<value optimized out>) at timer.c:490
        prev_branch = 8333648
        now = 0
#5  retr_buf_handler (ticks=360, tl=0x7fab66fcedd8, p=<value optimized out>) at timer.c:547
        rbuf = 0x7fab66fcedb8
        retr_remainder = <value optimized out>
        retr_interval = <value optimized out>
        new_retr_interval = <value optimized out>
#6  0x0000000000514d51 in slow_timer_main () at timer.c:1149
        n = 0
        ret = <value optimized out>
        tl = 0x7fab66fcedd8
#7  0x0000000000463601 in main_loop () at main.c:1602
        i = 16
        pid = <value optimized out>
        si = 0x0
        si_desc = "udp receiver child=15 sock=70.167.153.134:5060\000\000Pޏ", '\000' <repeats 13 times>, "P\215Y\000\000\000\000\000\016\b\000\000\001\000\000\000&\000\000\000\000\000\000\000\030\325\307f\253\177\000\000\030\325\307f\253\177\000\000\000\234\037\n\372\220X\363\000\000\000\000\000\000\000\000\001\000\000\000\000\000\000"
#8  0x00000000004649c3 in main (argc=11, argv=0x7fff8ae314c8) at main.c:2398
---Type <return> to continue, or q <return> to quit---
        cfg_stream = 0x22
        c = <value optimized out>
        r = <value optimized out>
        tmp = 0x7fff8ae32e76 ""
        tmp_len = 0
        port = <value optimized out>
        proto = <value optimized out>
        ret = <value optimized out>
        seed = 3237932148
        rfd = <value optimized out>
        debug_save = 0
        debug_flag = <value optimized out>
        dont_fork_cnt = 0
        n_lst = 0x22
        p = <value optimized out>
(gdb) 



More information can be found at the following URL:
http://sip-router.org/tracker/index.php?do=details&task_id=179

You are receiving this message because you have requested it from the Flyspray bugtracking system.  If you did not expect this message or don't want to receive mails in future, you can change your notification settings at the URL shown above.

More information about the sr-dev mailing list