[sr-dev] Crash in 4.3.3:e275bc
Daniel-Constantin Mierla
miconda at gmail.com
Thu Apr 21 07:54:39 CEST 2016
Hello,
you have to upgrade to a more recent 4.3 version, this looks like an
issues that it was worked on. The old function free_cell() became a
macro executing a new variant with more safety checks and some other fixes:
void free_cell_helper(tm_cell_t* dead_cell, int silent, const char
*fname, unsigned int fline )
As usual, upgrades from an older to newer 4.3.x will just require
deploying the binaries and restart, no config/db changes.
Cheers,
Daniel
On 21/04/16 04:29, Alex Balashov wrote:
> Seem to get some variant of this a lot in one particular installation
> ... any insight would be appreciated:
>
> ---
>
> (gdb) thread apply all bt full
>
> Thread 1 (Thread 0x7f4ad466d700 (LWP 20657)):
> #0 0x00007f4ad3cdb625 in raise () from /lib64/libc.so.6
> No symbol table info available.
> #1 0x00007f4ad3cdce05 in abort () from /lib64/libc.so.6
> No symbol table info available.
> #2 0x000000000061e783 in qm_free (qm=0x7f48c9986000,
> p=0x7f48cdb99780, file=0x7f4ad22a5fbd "tm: h_table.c",
> func=0x7f4ad22a6298 "free_cell", line=133) at mem/q_malloc.c:455
> f = 0x7f48cdb99750
> size = 1919388400
> next = 0x400
> prev = 0x7fff72678a80
> __FUNCTION__ = "qm_free"
> #3 0x00007f4ad21e550d in free_cell (dead_cell=0x7f48cd88bf08) at
> h_table.c:133
> b = 0x7f4ad37d54f8 "\376\373", <incomplete sequence \354>
> i = 32586
> rpl = 0x7fff72678be0
> tt = 0x7f4ad223569c
> foo = 0x415e80
> cbs = 0x7f48cd88bf08
> cbs_tmp = 0x0
> __FUNCTION__ = "free_cell"
> #4 0x00007f4ad2239e75 in t_unref (p_msg=0x7f4ad37d54f8) at
> t_lookup.c:1486
> kr = 3448291528
> __FUNCTION__ = "t_unref"
> #5 0x00007f4ad228012d in reply_received (p_msg=0x7f4ad37d54f8) at
> t_reply.c:2507
> msg_status = 100
> last_uac_status = 0
> ack = 0x800000001 <Address 0x800000001 out of bounds>
> ack_len = 32586
> branch = 2
> reply_status = 5
> onreply_route = 2
> cancel_data = {cancel_bitmap = 0, reason = {cause = 0, u =
> {text = {s = 0x0, len = 7742524}, e2e_cancel = 0x0, packed_hdrs = {s =
> 0x0, len = 7742524}}}}
> uac = 0x7f48cd88c470
> t = 0x7f48cd88bf08
> lack_dst = {send_sock = 0x338168, to = {s = {sa_family =
> 21646, sa_data = "\247\000\000\000\000\000G\001\000\000\000\000\000"},
> sin = {sin_family = 21646, sin_port = 167, sin_addr = {s_addr = 0},
> sin_zero = "G\001\000\000\000\000\000"}, sin6 = {sin6_family = 21646,
> sin6_port = 167, sin6_flowinfo = 0, sin6_addr = {__in6_u = {__u6_addr8
> = "G\001\000\000\000\000\000\000\070\006z\323J\177\000", __u6_addr16 =
> {327, 0, 0, 0, 1592, 54138, 32586, 0}, __u6_addr32 = {327, 0,
> 3547989560, 32586}}}, sin6_scope_id = 1919389184}}, id = 32767, proto
> = -35 '\335', send_flags = {f = 72 'H', blst_imask = 98 'b'}}
> backup_user_from = 0xa85430
> backup_user_to = 0xa85438
> backup_domain_from = 0xa85440
> backup_domain_to = 0xa85448
> backup_uri_from = 0xa85420
> backup_uri_to = 0xa85428
> backup_xavps = 0xa85560
> replies_locked = 0
> branch_ret = 32767
> prev_branch = -746760936
> blst_503_timeout = 32586
> hf = 0x31a72678ef0
> onsend_params = {req = 0x7f4ad34a8390, rpl = 0x7f4a00000000,
> param = 0x7fff72678e60, code = -746756944, flags = 32586, branch = 0,
> t_rbuf = 0xa7571a, dst = 0xa75414, send_buf = {s = 0x23fbe0 <Address
> 0x23fbe0 out of bounds>, len = 3356600}}
> ctx = {rec_lev = 0, run_flags = 0, last_retcode = -1, jmp_env
> = {{__jmpbuf = {139959352514288, 3724642127021520483, 4284032,
> 140735112779456, 0, 0, 3724642127029909091, -3724914439480756637},
> __mask_was_saved = 0, __saved_mask = {__val = {0, 140735112777312,
> 6474523, 8388608, 5032056, 2358192, 3356552, 3375464, 8, 328, 7722415,
> 7742524, 139959352517760, 140735112777088, 4714492, 0}}}}}
> __FUNCTION__ = "reply_received"
> #6 0x000000000048dd80 in do_forward_reply (msg=0x7f4ad37d54f8,
> mode=0) at forward.c:747
> new_buf = 0x0
> dst = {send_sock = 0x0, to = {s = {sa_family = 0, sa_data =
> '\000' <repeats 13 times>}, sin = {sin_family = 0, sin_port = 0,
> sin_addr = {s_addr = 0}, sin_zero = "\000\000\000\000\000\000\000"},
> sin6 = {sin6_family = 0, sin6_port = 0, sin6_flowinfo = 0, sin6_addr =
> {__in6_u = {__u6_addr8 = '\000' <repeats 15 times>, __u6_addr16 = {0,
> 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id =
> 0}}, id = 0, proto = 0 '\000', send_flags = {f = 0 '\000', blst_imask
> = 0 '\000'}}
> new_len = 1
> r = 0
> ip = {af = 1919389696, len = 32767, u = {addrl = {6501186,
> 56}, addr32 = {6501186, 0, 56, 0}, addr16 = {13122, 99, 0, 0, 56, 0,
> 0, 0}, addr = "B3c\000\000\000\000\000\070\000\000\000\000\000\000"}}
> s = 0x7f4ad37d0032 "q"
> len = 0
> __FUNCTION__ = "do_forward_reply"
> #7 0x000000000048f3c3 in forward_reply (msg=0x7f4ad37d54f8) at
> forward.c:849
> No locals.
> #8 0x000000000050b394 in receive_msg (buf=0xa75400 "SIP/2.0 100
> Trying\r\nVia: SIP/2.0/UDP
> 56.7.1.169;branch=z9hG4bKb914.a5e1ddc17f374d96d421a56ef28f3057.2;received=56.7.1.169;rport=5060\r\nVia:
> SIP/2.0/UDP
> 110.9.13.10:5060;received=110.9.13.10;branch=z9hG4bK4daefb9d;rport=5060\r\nRecord-Route:
> <sip:56.7.1.169;lr;ftag=as4c723146;fromcor=ejFwbUZxUmpUUFNBejFwbUZxUmpUUFNBejFwbUZx;dlgcor=bc2.e7a3>\r\nFrom:
> \"13212476993\" <sip:13212476993 at 56.7.1.169>;tag=as4c723146\r\nTo:
> <sip:16108615000 at 56.7.1.169:5060>\r\nCall-ID:
> 4db5de4a3df03a347b521e25663d9976 at 56.7.1.169\r\nCSeq: 102
> INVITE\r\nServer: Cisco 3845\r\nAllow: INVITE, ACK, CANCEL, OPTIONS,
> BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE\r\nSupported:
> replaces, timer\r\nSession-Expires: 600;refresher=uas\r\nContact:
> <sip:16108615000 at 163.49.52.102:5060>\r\nContent-Length: 0\r\n\r\n",
> len=794, rcv_info=0x7fff72679200) at receive.c:255
> msg = 0x7f4ad37d54f8
> ctx = {rec_lev = 10280528, run_flags = 0, last_retcode = 0,
> jmp_env = {{__jmpbuf = {0, 0, 0, 139959365701792, 1, 0, 171057038096,
> 10965952}, __mask_was_saved = 1919390216, __saved_mask = {__val =
> {139959349515664, 12884901901, 139959349515664, 4284032,
> 140735112779456, 140735112778096, 6310822, 6214357328,
> 139950596799128, 140735112778064, 6306505, 140735112778352,
> 170886150808, 10965952, 6306633, 140735112778432}}}}}
> ret = 1919390112
> inb = {s = 0xa75400 "SIP/2.0 100 Trying\r\nVia: SIP/2.0/UDP
> 56.7.1.169;branch=z9hG4bKb914.a5e1ddc17f374d96d421a56ef28f3057.2;received=56.7.1.169;rport=5060\r\nVia:
> SIP/2.0/UDP
> 110.9.13.10:5060;received=110.9.13.10;branch=z9hG4bK4daefb9d;rport=5060\r\nRecord-Route:
> <sip:56.7.1.169;lr;ftag=as4c723146;fromcor=ejFwbUZxUmpUUFNBejFwbUZxUmpUUFNBejFwbUZx;dlgcor=bc2.e7a3>\r\nFrom:
> \"13212476993\" <sip:13212476993 at 56.7.1.169>;tag=as4c723146\r\nTo:
> <sip:16108615000 at 56.7.1.169:5060>\r\nCall-ID:
> 4db5de4a3df03a347b521e25663d9976 at 56.7.1.169\r\nCSeq: 102
> INVITE\r\nServer: Cisco 3845\r\nAllow: INVITE, ACK, CANCEL, OPTIONS,
> BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE\r\nSupported:
> replaces, timer\r\nSession-Expires: 600;refresher=uas\r\nContact:
> <sip:16108615000 at 163.49.52.102:5060>\r\nContent-Length: 0\r\n\r\n",
> len = 794}
> __FUNCTION__ = "receive_msg"
> #9 0x000000000060aad6 in udp_rcv_loop () at udp_server.c:495
> len = 794
> buf = "SIP/2.0 100 Trying\r\nVia: SIP/2.0/UDP
> 56.7.1.169;branch=z9hG4bKb914.a5e1ddc17f374d96d421a56ef28f3057.2;received=56.7.1.169;rport=5060\r\nVia:
> SIP/2.0/UDP
> 110.9.13.10:5060;received=110.9.13.10;branch=z9hG4bK4daefb9d;rport=5060\r\nRecord-Route:
> <sip:56.7.1.169;lr;ftag=as4c723146;fromcor=ejFwbUZxUmpUUFNBejFwbUZxUmpUUFNBejFwbUZx;dlgcor=bc2.e7a3>\r\nFrom:
> \"13212476993\" <sip:13212476993 at 56.7.1.169>;tag=as4c723146\r\nTo:
> <sip:16108615000 at 56.7.1.169:5060>\r\nCall-ID:
> 4db5de4a3df03a347b521e25663d9976 at 56.7.1.169\r\nCSeq: 102
> INVITE\r\nServer: Cisco 3845\r\nAllow: INVITE, ACK, CANCEL, OPTIONS,
> BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE\r\nSupported:
> replaces, timer\r\nSession-Expires: 600;refresher=uas\r\nContact:
> <sip:16108615000 at 163.49.52.102:5060>\r\nContent-Length:
> 0\r\n\r\n\000Content-Length: 175\r\nRemote-Party-ID: \"17185076432\"
> <sip:17185076432 at 56.7.1.169>;party=calling;privacy=off;screen=no\r\n\r\nv=0\r\no=-
> 302911045 302911045 IN IP4 208.67.1.4\r\ns=ENSResip\r\nc=IN IP4
> 47.91.59.64\r\nt=0 0\r\nm=audio 50906 RTP/AVP 18\r\na=rtpmap:18
> G729/8000\r\na=fmtp:18 annexb=no\r\na=ptime:20\r\n\000nceSupp:off - -
> - -\r\n\000=no\r\na=rtpmap:121 frf-dialed-digit/8000\r\na=fmtp:121
> 0-15\r\na=ptime:20\r\n\000\000\061
> 0-15\r\na=ptime:20\r\na=direction:both\r\n\000ion:both\r\n\000rection:both\r\n\000\n\000\060\060\060\r\na=rtpmap:101
> telephone-event/8000\r\na=fmtp:101
> 0-16\r\na=ptime:20\r\na=sendrecv\r\n\000\n\000
> telephone-event/8000\r\na=fmtp:101 0-16\r\na=silenceSupp:off - - -
> -\r\na=ptime:20\r\na=sendrecv\r\n\000\012.41.120.9\r\nt=0 0\r\nm=audio
> 35130 RTP/AVP 18 0 8 101\r\na=rtpmap:101
> telephone-event/8000\r\na=fmtp:101 0-15\r\na=ptime:20\r\na=fmtp:18
> annexb=no\r\n\000\061 0-15\r\na=ptime:20\r\na=fmtp:18
> annexb=no\r\n\000lities\r\nc=IN IP4 97.43.87.90\r\nt=0 0\r\nm=audio
> 30350 RTP/AVP 18 0 8 101\r\na=rtpmap:18 G729/8000\r\na=fmtp:18
> annexb=no\r\na=rtpmap:0 PCMU/8000\r\na=rtpmap:8
> PCMA/8000\r\na=rtpmap:101 telephone-event/8000\r\na=fmtp:101
> 0-15\r\na=sendrecv\r\na=maxptime:20\r\n\000\r\na=maxptime:20\r\n\000\061\060\061
> 0-15\r\na=sendrecv\r\na=maxptime:20\r\n\000v\r\na=maxptime:20\r\n",
> '\000' <repeats 63603 times>
> tmp = 0xa753c0 "208.82.213.10"
> from = 0x7f4ad377e318
> fromlen = 16
> ri = {src_ip = {af = 2, len = 4, u = {addrl = {1703608226, 0},
> addr32 = {1703608226, 0, 0, 0}, addr16 = {65442, 25994, 0, 0, 0, 0, 0,
> 0}, addr = "\242\377\212e", '\000' <repeats 11 times>}}, dst_ip = {af
> = 2, len = 4, u = {addrl = {2845613666, 0}, addr32 = {2845613666, 0,
> 0, 0}, addr16 = {40546, 43420, 0, 0, 0, 0, 0, 0}, addr =
> "b\236\234\251", '\000' <repeats 11 times>}}, src_port = 5060,
> dst_port = 5060, proto_reserved1 = 0, proto_reserved2 = 0, src_su = {s
> = {sa_family = 2, sa_data =
> "\023Ģ\377\212e\000\000\000\000\000\000\000"}, sin = {sin_family = 2,
> sin_port = 50195, sin_addr = {s_addr = 1703608226}, sin_zero =
> "\000\000\000\000\000\000\000"}, sin6 = {sin6_family = 2, sin6_port =
> 50195, sin6_flowinfo = 1703608226, sin6_addr = {__in6_u = {__u6_addr8
> = '\000' <repeats 15 times>, __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0},
> __u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}, bind_address =
> 0x7f4ad34f9428, proto = 1 '\001'}
> __FUNCTION__ = "udp_rcv_loop"
> #10 0x00000000004a8023 in main_loop () at main.c:1573
> i = 4
> pid = 0
> si = 0x7f4ad34f9428
> si_desc = "udp receiver child=4
> sock=56.7.1.169:5060\000\000\000p\223gr\377\177\000\000\v\220N\000\000\000\000\000\300\223gr\377\177\000\000\004\000\000\000\000\000\000\000\200^A\000\000\000\000\000(\265\233\311H\177",
> '\000' <repeats 14 times>,
> "\001\000\000\000\300\223gr\377\177\000\000\256\220N\000\000\000\000"
> nrprocs = 8
> __FUNCTION__ = "main_loop"
> #11 0x00000000004ae4e1 in main (argc=11, argv=0x7fff726796c8) at
> main.c:2547
> cfg_stream = 0x27dc010
> c = -1
> r = 0
> tmp = 0x7fff7267a46d ""
> tmp_len = 32767
> port = 1919391134
> proto = 0
> options = 0x708e58
> ":f:cm:M:dVIhEeb:l:L:n:vKrRDTN:W:w:t:u:g:P:G:SQ:O:a:A:"
> ret = -1
> seed = 3996106866
> rfd = 4
> debug_save = 0
> debug_flag = 0
> dont_fork_cnt = 0
> n_lst = 0x40d8f2
> p = 0xc2 <Address 0xc2 out of bounds>
> st = {st_dev = 2050, st_ino = 14811292, st_nlink = 2, st_mode
> = 16832, st_uid = 0, st_gid = 0, __pad0 = 0, st_rdev = 0, st_size =
> 4096, st_blksize = 4096, st_blocks = 8, st_atim = {tv_sec =
> 1444079676, tv_nsec = 340955661}, st_mtim = {tv_sec = 1444079676,
> tv_nsec = 340955661}, st_ctim = {tv_sec = 1444079676, tv_nsec =
> 346955760}, __unused = {0, 0, 0}}
> __FUNCTION__ = "main"
>
>
--
Daniel-Constantin Mierla
http://www.asipto.com
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Kamailio World Conference, Berlin, May 18-20, 2016 - http://www.kamailioworld.com
More information about the sr-dev
mailing list