[sr-dev] Crash in free_sip_msg -> reset_ruid
Daniel-Constantin Mierla
miconda at gmail.com
Wed Oct 2 21:41:56 CEST 2013
One more question, what is the value of db_mode for usrloc module?
Cheers,
Daniel
On 10/2/13 9:28 PM, Hugh Waite wrote:
> On 02/10/2013 19:18, Daniel-Constantin Mierla wrote:
>> Hello,
>>
>> can you give bt full as well as kamailio -v output? Any log error
>> messages?
>>
>> Also, it would be good to recompile with MEMDBG=1 and watch for
>> errors in the logs to see if there is a buffer overflow.
>>
>> Cheers,
>> Daniel
>>
>> On 10/2/13 7:19 PM, Hugh Waite wrote:
>>> Hi,
>>> We've had some more crashes on the current master build.
>>> (gdb) bt
>>> #0 qm_insert_free (qm=0x7fc1e1b9e010, p=<value optimized out>) at
>>> mem/q_malloc.c:181
>>> #1 qm_free (qm=0x7fc1e1b9e010, p=<value optimized out>) at
>>> mem/q_malloc.c:527
>>> #2 0x000000000055027f in reset_ruid (msg=0x7fc1e1c35360) at
>>> parser/msg_parser.c:911
>>> #3 free_sip_msg (msg=0x7fc1e1c35360) at parser/msg_parser.c:730
>>> #4 0x00000000004a4012 in receive_msg (buf=<value optimized out>,
>>> len=<value optimized out>, rcv_info=<value optimized out>) at
>>> receive.c:297
>>> #5 0x000000000052a251 in tcp_read_req (con=0x7fc1ca4c6e00,
>>> bytes_read=0x7fff041b327c, read_flags=0x7fff041b3274) at
>>> tcp_read.c:1387
>>> #6 0x000000000052c53b in handle_io (fm=<value optimized out>,
>>> events=1, idx=-1) at tcp_read.c:1617
>>> #7 0x000000000052eb69 in io_wait_loop_epoll (unix_sock=<value
>>> optimized out>) at io_wait.h:1092
>>> #8 tcp_receive_loop (unix_sock=<value optimized out>) at
>>> tcp_read.c:1728
>>> #9 0x00000000004fc0eb in tcp_init_children () at tcp_main.c:4959
>>> #10 0x000000000046c3d5 in main_loop () at main.c:1702
>>> #11 0x000000000046dec9 in main (argc=<value optimized out>,
>>> argv=<value optimized out>) at main.c:2533
>>>
>>> (gdb) frame 2
>>> #2 0x000000000055027f in reset_ruid (msg=0x7fc1e1c35360) at
>>> parser/msg_parser.c:911
>>> 911 pkg_free(msg->ruid.s);
>>> (gdb) p msg->ruid
>>> $7 = {s = 0x845d20 "", len = 20}
>>>
>>> Might this be related to the changes made on Sept 19th to the
>>> free_sip_msg functions?
>>>
>>> Regards,
>>> Hugh
>>>
>>
> Extra output below.
> Nothing was printed in the logs (WARNING or ERROR level) before the
> crash. It seemed to be quite reproduceable when there was traffic
> being sent to registered websocket clients, but there is no-one online
> now. We'll have multiple people logged on tomorrow morning.
>
> Regards,
> Hugh
>
> kamailio -v
> version: kamailio 4.1.0-dev9 (x86_64/linux)
> flags: STATS: Off, USE_TCP, USE_TLS, TLS_HOOKS, USE_RAW_SOCKS,
> DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MEM, SHM_MMAP, PKG_MALLOC,
> USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER,
> USE_NAPTR, USE_DST_BLACKLIST, HAVE_RESOLV_RES
> ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16,
> MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT PKG_SIZE 4MB
> poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
> id: unknown
> compiled on 13:35:36 Oct 2 2013 with gcc 4.4.7
>
> (gdb) bt full
> #0 qm_insert_free (qm=0x7fc1e1b9e010, p=<value optimized out>) at
> mem/q_malloc.c:181
> f = 0x845d10
> prev = 0x65332d3231653163
> hash = 0
> #1 qm_free (qm=0x7fc1e1b9e010, p=<value optimized out>) at
> mem/q_malloc.c:527
> f = 0x845d10
> size = <value optimized out>
> next = <value optimized out>
> prev = <value optimized out>
> __FUNCTION__ = "qm_free"
> #2 0x000000000055027f in reset_ruid (msg=0x7fc1e1c35360) at
> parser/msg_parser.c:911
> No locals.
> #3 free_sip_msg (msg=0x7fc1e1c35360) at parser/msg_parser.c:730
> No locals.
> #4 0x00000000004a4012 in receive_msg (buf=<value optimized out>,
> len=<value optimized out>, rcv_info=<value optimized out>) at
> receive.c:297
> msg = 0x7fc1e1c35360
> ctx = {rec_lev = 0, run_flags = 0, last_retcode = 1, jmp_env =
> {{__jmpbuf = {1048575, -3596212518023615478, 140470693039152,
> 140470299422208, 140470299422208, 140733262279292,
> 140733262279292, 140733262279284}, __mask_was_saved = -900960744,
> __saved_mask = {__val = {5406222, 532575944923,
> 541165879417, 4294967297, 1042, 140470299422952, 5409666, 65535,
> 140733262279284, 140470300510264, 140470697171281,
> 1042, 140470300510984, 18446744072809678880, 16, 17179869210}}}}}
> ret = <value optimized out>
> inb = {
> s = 0x23d7cc0 "OPTIONS sip:gavin.llewellyn at crocodiletalk.com
> SIP/2.0\r\nVia: SIP/2.0/TCP
> edge00-int.crocodilertc.net:5080;branch=z9hG4bKab92.bb8249afcf13f20080f25121e49865b8.0\r\nVia:
> SIP/2.0/WSS qvis2mie4gas.invalid;rp"..., len = 1028}
> __FUNCTION__ = "receive_msg"
> #5 0x000000000052a251 in tcp_read_req (con=0x7fc1ca4c6e00,
> bytes_read=0x7fff041b327c, read_flags=0x7fff041b3274) at tcp_read.c:1387
> bytes = <value optimized out>
> total_bytes = 1028
> resp = 1
> size = <value optimized out>
> req = 0x7fc1ca4c6e80
> dst = {send_sock = 0x14, to = {s = {sa_family = 1,
> sa_data = "\000\000\001\000\000\000\001
> \000\000x\313\306", <incomplete sequence \341>}, sin = {sin_family =
> 1, sin_port = 0,
> sin_addr = {s_addr = 1}, sin_zero = "\001
> \000\000x\313\306", <incomplete sequence \341>}, sin6 = {sin6_family = 1,
> sin6_port = 0, sin6_flowinfo = 1, sin6_addr = {__in6_u = {
> __u6_addr8 = "\001
> \000\000x\313\306\341\301\177\000\000\000\000\000", __u6_addr16 =
> {8193, 0, 52088, 57798, 32705, 0, 0,
> 0}, __u6_addr32 = {8193, 3787901816, 32705, 0}}},
> sin6_scope_id = 68891240}}, id = 32767, proto = 8 '\b', send_flags = {
> f = 0 '\000', blst_imask = 0 '\000'}}
> c = 13 '\r'
> ret = <value optimized out>
> __FUNCTION__ = "tcp_read_req"
> #6 0x000000000052c53b in handle_io (fm=<value optimized out>,
> events=1, idx=-1) at tcp_read.c:1617
> ret = <value optimized out>
> n = <value optimized out>
> read_flags = 1
> con = 0x7fc1ca4c6e00
> s = <value optimized out>
> resp = <value optimized out>
> t = <value optimized out>
> __FUNCTION__ = "handle_io"
> #7 0x000000000052eb69 in io_wait_loop_epoll (unix_sock=<value
> optimized out>) at io_wait.h:1092
>
>
--
Daniel-Constantin Mierla - http://www.asipto.com
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Kamailio Advanced Trainings - Berlin, Nov 25-28; Miami, Nov 18-20, 2013
- more details about Kamailio trainings at http://www.asipto.com -
More information about the sr-dev
mailing list