[sr-dev] Crash bug

Daniel-Constantin Mierla miconda at gmail.com
Thu Mar 19 21:38:58 CET 2015 

Hello,

why do you think it is a problem in frame 5?

Send the bt full for at least the first 3 frames.

Cheers,
Daniel

On 19/03/15 19:49, Alex Balashov wrote:
> Hello,
>
> I'm running kamailio:4.2:df86f2a9a09339687af5914b85fe8bd8f8f1f575 and
> am getting a periodic crash, once every few days, in response to a
> CANCEL message.
>
> The basic back trace is like this:
>
> (gdb) where
> #0  0x000000000044fed2 in del_nonshm_lump (lump_list=0x7f48f5681440)
>     at data_lump.c:677
> #1  0x00007f48f5404a15 in free_faked_req (faked_req=0x7f48f5680ea0,
>     t=0x7f46ee6faeb0) at t_reply.c:975
> #2  0x00007f48f5405bdf in run_failure_handlers (t=0x7f46ee6faeb0,
>     rpl=0xffffffffffffffff, code=487, extra_flags=0) at t_reply.c:1061
> #3  0x00007f48f54084e4 in t_should_relay_response (Trans=0x7f46ee6faeb0,
>     new_code=487, branch=0, should_store=0x7fffce5605e0,
>     should_relay=0x7fffce5605e4, cancel_data=0x7fffce5606b0,
>     reply=0xffffffffffffffff) at t_reply.c:1406
> #4  0x00007f48f540b045 in relay_reply (t=0x7f46ee6faeb0,
>     p_msg=0xffffffffffffffff, branch=0, msg_status=487,
>     cancel_data=0x7fffce5606b0, do_put_on_wait=1) at t_reply.c:1809
> #5  0x00007f48f5386832 in cancel_branch (t=0x7f46ee6faeb0, branch=0,
>     reason=0x0, flags=10) at t_cancel.c:276
> #6  0x00007f48f53aff4a in e2e_cancel (cancel_msg=0x7f48f68d69d8,
>     t_cancel=0x7f46ee8d9c30, t_invite=0x7f46ee6faeb0) at t_fwd.c:1373
> #7  0x00007f48f53b4bd0 in t_relay_cancel (p_msg=0x7f48f68d69d8) at
> t_fwd.c:1967
> #8  0x00007f48f53deaa7 in w_t_relay_cancel (p_msg=0x7f48f68d69d8,
> _foo=0x0,
>     _bar=0x0) at tm.c:1743
> #9  0x000000000041d364 in do_action (h=0x7fffce560fc0, a=0x7f48f6689f70,
>     msg=0x7f48f68d69d8) at action.c:1088
> #10 0x0000000000429a7a in run_actions (h=0x7fffce560fc0,
> a=0x7f48f6689f70,
>     msg=0x7f48f68d69d8) at action.c:1583
> #11 0x000000000042a0df in run_actions_safe (h=0x7fffce5622b0,
>     a=0x7f48f6689f70, msg=0x7f48f68d69d8) at action.c:1648
> #12 0x0000000000541158 in rval_get_int (h=0x7fffce5622b0,
> msg=0x7f48f68d69d8,
>     i=0x7fffce561498, rv=0x7f48f668a1e0, cache=0x0) at rvalue.c:924
> #13 0x0000000000545390 in rval_expr_eval_int (h=0x7fffce5622b0,
>     msg=0x7f48f68d69d8, res=0x7fffce561498, rve=0x7f48f668a1d8)
>     at rvalue.c:1918
> #14 0x0000000000545786 in rval_expr_eval_int (h=0x7fffce5622b0,
>     msg=0x7f48f68d69d8, res=0x7fffce561920, rve=0x7f48f668a948)
>     at rvalue.c:1926
> #15 0x000000000041ce4e in do_action (h=0x7fffce5622b0, a=0x7f48f668c260,
>     msg=0x7f48f68d69d8) at action.c:1064
> #16 0x0000000000429a7a in run_actions (h=0x7fffce5622b0,
> a=0x7f48f6689808,
>     msg=0x7f48f68d69d8) at action.c:1583
> #17 0x000000000041d2cd in do_action (h=0x7fffce5622b0, a=0x7f48f668c960,
>     msg=0x7f48f68d69d8) at action.c:1079
> #18 0x0000000000429a7a in run_actions (h=0x7fffce5622b0,
> a=0x7f48f667c628,
>     msg=0x7f48f68d69d8) at action.c:1583
> #19 0x000000000042a1a7 in run_top_route (a=0x7f48f667c628,
> msg=0x7f48f68d69d8,
>     c=0x0) at action.c:1669
> #20 0x0000000000507e1a in receive_msg (
>     buf=0xa6f760 "CANCEL sip:yyy at xxx:5060 SIP/2.0\r\nVia: SIP
> /2.0/UDP xxx:5060;branch=z9hG4bK08f.3dc6f0e1.0\r\nFrom: \"yyy\"
> <sip:yyy at xxx>;tag=D78eD8FB3SDgc\r\nCall-ID:
> e5e48a99-48dd-1233-96b7-782bcb13da6a\r\nTo:
> <sip:xxx at xxx:5060>\r\nCSeq: 73049624 CANCEL\r\nMax-Forwards:
> 32\r\nUser-Agent: OpenSIPS (1.9.1-notls
> (x86_64/linux))\r\nContent-Length: 0\r\n\r\n", len=394,
> rcv_info=0x7fffce5625a0)
>     at receive.c:216
> #21 0x00000000006074ae in udp_rcv_loop () at udp_server.c:521
> #22 0x00000000004a5f0b in main_loop () at main.c:1629
> #23 0x00000000004ab8bf in main (argc=11, argv=0x7fffce5629c8) at
> main.c:2578
>
> I'll send a 'thread apply all bt full' privately due to the amount of
> private addresses in there, but a quick glance suggests a possible
> problem is here:
>
> #5  0x00007f48f5386832 in cancel_branch (t=0x7f46ee6faeb0, branch=0,
>     reason=0x0, flags=10) at t_cancel.c:276
>         cancel = 0x1 <Address 0x1 out of bounds>
>         len = 32584
>         crb = 0x7f46ee6fb0b0
>         irb = 0x7f46ee6fb028
>         ret = 1
>         tmp_cd = {cancel_bitmap = 0, reason = {cause = 0, u = {text = {
>                 s = 0x0, len = 0}, e2e_cancel = 0x0, packed_hdrs = {s
> = 0x0,
>                 len = 0}}}}
>         pcbuf = 0x7f46ee6fb0c0
>         __FUNCTION__ = "cancel_branch"
> #6  0x00007f48f53aff4a in e2e_cancel (cancel_msg=0x7f48f68d69d8,
>     t_cancel=0x7f46ee8d9c30, t_invite=0x7f46ee6faeb0) at t_fwd.c:1373
>         cancel_bm = 1
>         reason = 0x0
>         free_reason = 0
>         i = 0
>         lowest_error = 0
>         ret = 32584
>         tmcb = {req = 0x137f66ce710, rpl = 0x7f48f68d69d8, param =
> 0xf48ab828,
>           code = -158504488, flags = 32584, branch = 0,
>           t_rbuf = 0xf80f668f9a0, dst = 0xce5622b0, send_buf = {
>             s = 0x1ffffffff <Address 0x1ffffffff out of bounds>,
>             len = -304107664}}
>         __FUNCTION__ = "e2e_cancel"
> #7  0x00007f48f53b4bd0 in t_relay_cancel (p_msg=0x7f48f68d69d8) at
> t_fwd.c:1967
>         t_invite = 0x7f46ee6faeb0
>         t = 0x7f46ee8d9c30
>         ret = -323705680
>         new_tran = 1
>
> Thanks,
>
> -- Alex
>

-- 
Daniel-Constantin Mierla
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Kamailio World Conference, May 27-29, 2015
Berlin, Germany - http://www.kamailioworld.com

More information about the sr-dev mailing list