[sr-dev] crash at f_malloc.c

Mon Sep 21 22:24:41 CEST 2015

This looks like a buffer overflow somewhere else.

Have you changed the value of MEMDBG in Makefile.defs? It should be 1
and that enables memory debugging, but I don't see the extra fields in
fm fragmed structure.

Can you try building with MEMDBG=1, then add '-x qm' to command line
starting kamailio? Let's see if q_malloc gets more hints.

Daniel

On 21/09/15 22:10, Juha Heinanen wrote:
> Daniel-Constantin Mierla writes:
>
>> >From second core, get:
>>
>> frame 0
>> p *qm
>> p *frag
>> p *f
>> info locals
>> p qm->free_hash[hash]
>> p *qm->free_hash[hash].first
> done, juha
>
> (gdb) where
> #0  0x0000000000639a74 in fm_insert_free (qm=0x7fe71ab64000, frag=0x7fe71b259928) at mem/f_malloc.c:242
> #1  0x000000000063afdc in fm_free (qmp=0x7fe71ab64000, p=0x7fe71b259940) at mem/f_malloc.c:626
> #2  0x00007fe720350983 in free_cell (dead_cell=0x7fe71b2652b8) at h_table.c:133
> #3  0x00007fe7203d2bfc in wait_handler (ti=1006656376, wait_tl=0x7fe71b265338, data=0x7fe71b2652b8) at timer.c:648
> #4  0x00000000004aa755 in timer_list_expire (t=1006656376, h=0x7fe71abb0ea0, slow_l=0x7fe71abb25b8, slow_mark=359)
>     at timer.c:873
> #5  0x00000000004aabb2 in timer_handler () at timer.c:938
> #6  0x00000000004ab020 in timer_main () at timer.c:977
> #7  0x000000000052ea59 in main_loop () at main.c:1650
> #8  0x00000000005348b1 in main (argc=17, argv=0x7ffdfd0f9c78) at main.c:2566
> (gdb) frame 0
> #0  0x0000000000639a74 in fm_insert_free (qm=0x7fe71ab64000, frag=0x7fe71b259928) at mem/f_malloc.c:242
> 242	in mem/f_malloc.c
> (gdb) p *qm
> $1 = {type = 0, size = 33554432, used = 6722696, real_used = 7586240, max_real_used = 8279488, ffrags = 49, 
>   first_frag = 0x7fe71ab6c478, last_frag = 0x7fe71cb63fe8, free_bitmap = {730742, 0, 8192, 128, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
>     268435456, 0, 0, 0, 2097152, 2097152, 0 <repeats 13 times>, 2054}, free_hash = {{first = 0x0, no = 0}, {
>       first = 0x7fe71b1a0918, no = 1}, {first = 0x7fe71b19dd40, no = 2}, {first = 0x0, no = 0}, {first = 0x7fe71b1a0dd0, 
>       no = 4}, {first = 0x7fe71b19a340, no = 3}, {first = 0x7fe71b1c31e8, no = 1}, {first = 0x0, no = 0}, {first = 0x0, 
>       no = 0}, {first = 0x7fe71b1c0448, no = 2}, {first = 0x7fe71b1e1728, no = 1}, {first = 0x0, no = 0}, {first = 0x0, 
>       no = 0}, {first = 0x7fe71b1e1920, no = 1}, {first = 0x0, no = 0}, {first = 0x0, no = 0}, {first = 0x7fe71b1dd988, 
>       no = 1}, {first = 0x7fe71b1e1688, no = 1}, {first = 0x0, no = 0}, {first = 0x7fe71b323940, no = 1}, {first = 0x0, 
>       no = 0} <repeats 121 times>, {first = 0x7fe71b1e8468, no = 1}, {first = 0x0, no = 0} <repeats 57 times>, {
>       first = 0x7fe71b303d10, no = 1}, {first = 0x0, no = 0} <repeats 660 times>, {first = 0x7fe71b2bcee8, no = 1}, {
>       first = 0x0, no = 0} <repeats 248 times>, {first = 0x7fe71b1fe5c0, no = 1}, {first = 0x0, 
>       no = 0} <repeats 63 times>, {first = 0x7fe71b250638, no = 1}, {first = 0x0, no = 0} <repeats 875 times>, {
>       first = 0x7fe71b298548, no = 22}, {first = 0x0, no = 3}, {first = 0x0, no = 0}, {first = 0x0, no = 0}, {first = 0x0, 
>       no = 0}, {first = 0x0, no = 0}, {first = 0x0, no = 0}, {first = 0x0, no = 0}, {first = 0x0, no = 0}, {first = 0x0, 
>       no = 0}, {first = 0x7fe71b349e28, no = 1}, {first = 0x0, no = 0} <repeats 39 times>}}
> (gdb) p *frag
> $2 = {size = 28888, u = {nxt_free = 0x7fe71b298981, reserved = 140630569879937}, prv_free = 0x392e3239313a7069}
> (gdb) p *f
> $3 = {size = 8245933083814097524, u = {nxt_free = 0x7300007063743d74, reserved = 8286623797066612084}, 
>   prv_free = 0x392e3239313a7069}
> (gdb) info locals
> f = 0x7fe71b298981
> hash = 2049
> after = 0
> (gdb) p qm->free_hash[hash]
> $4 = {first = 0x7fe71b298548, no = 22}
> (gdb) p *qm->free_hash[hash].first
> $5 = {size = 5, u = {nxt_free = 0x7fe71b298981, reserved = 140630569879937}, prv_free = 0x0}

-- 
Daniel-Constantin Mierla
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Book: SIP Routing With Kamailio - http://www.asipto.com
Kamailio Advanced Training, Sep 28-30, 2015, in Berlin - http://asipto.com/u/kat