[sr-dev] [kamailio/kamailio] kamcmd ws.dump generates coredump (#1022)
Sebastian Denz
notifications at github.com
Thu Mar 9 10:39:25 CET 2017
I tried the nightly build packge from today:
```
[0][root at webrtc:tmp]# dpkg -l|grep kamailio
ii kamailio 5.1.0~dev1+0~20170309005428.743+jessie amd64 very fast, dynamic and configurable SIP server
ii kamailio-dbg:amd64 5.1.0~dev1+0~20170309005428.743+jessie amd64 very fast and configurable SIP server [debug symbols]
ii kamailio-extra-modules:amd64 5.1.0~dev1+0~20170309005428.743+jessie amd64 Extra modules for the Kamailio SIP Server
ii kamailio-outbound-modules:amd64 5.1.0~dev1+0~20170309005428.743+jessie amd64 SIP Outbound module for the Kamailio SIP server
ii kamailio-utils-modules:amd64 5.1.0~dev1+0~20170309005428.743+jessie amd64 Utility functions for the Kamailio SIP server
ii kamailio-websocket-modules:amd64 5.1.0~dev1+0~20170309005428.743+jessie amd64 WebSocket module for the Kamailio SIP server
[0][root at webrtc:tmp]#
```
Problem still exists:
```
[0][root at webrtc:tmp]# gdb /usr/sbin/kamailio /tmp/core
GNU gdb (Debian 7.7.1+dfsg-5) 7.7.1
Copyright (C) 2014 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /usr/sbin/kamailio...Reading symbols from /usr/lib/debug/.build-id/04/31c944a74cec7ff01cf53f459240bf40c2ec81.debug...done.
done.
[New LWP 23061]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `/usr/sbin/kamailio -P /var/run/kamailio/kamailio.pid -f /etc/kamailio/kamailio.'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x00007f31c9623dc0 in binrpc_addavp (pkt=0x3a8723010, avp=0x7ffea8722e00) at binrpc.h:443
443 binrpc.h: Datei oder Verzeichnis nicht gefunden.
(gdb) bt full
#0 0x00007f31c9623dc0 in binrpc_addavp (pkt=0x3a8723010, avp=0x7ffea8722e00) at binrpc.h:443
ret = 3
bak = 0xbcb990 "\300\271\274"
#1 0x00007f31c962ceb0 in rpc_struct_add (s=0x3a8723000, fmt=0x7f31c87074e8 "ds") at binrpc_run.c:1114
ap = {{gp_offset = 32, fp_offset = 48, overflow_arg_area = 0x7ffea8722f20, reg_save_area = 0x7ffea8722e30}}
err = 0
avp = {name = {s = 0x7f31c87074de "wscounter", len = 9}, type = 0, u = {strval = {s = 0x2 <error: Cannot access memory at address 0x2>,
len = 0}, fval = 9.8813129168249309e-324, intval = 2, end = 2}}
rs = 0xbcd9d0
__FUNCTION__ = "rpc_struct_add"
#2 0x00007f31c86f22b0 in ws_rpc_dump (rpc=0x7f31c985a740 <binrpc_callbacks>, ctx=0x7ffea8723050) at ws_conn.c:705
h = 6587876
connections = 2
truncated = 0
order = 2
found = 1
wsc = 0x0
sorder = {s = 0xbb38f7 "used_asc", len = 8}
th = 0xbcb980
ih = 0xbcd9d0
dh = 0x3a8723000
__FUNCTION__ = "ws_rpc_dump"
#3 0x00007f31c962979d in process_rpc_req (buf=0xbb38e4 "\241\003\025.\017\362\002\221\bws.dump", size=28, bytes_needed=0x7ffea8723158,
sh=0x7ffea8723180, saved_state=0xbc38e8) at binrpc_run.c:678
err = 0
val = {name = {s = 0x7ffea8723130 "@2r\250\376\177", len = -916375243}, type = 1, u = {strval = {s = 0xbb38ed "ws.dump", len = 7},
fval = 6.0620891316711561e-317, intval = 12269805, end = 12269805}}
rpc_e = 0x7f31cba1cb90
f_ctx = {in = {ctx = {tlen = 21, cookie = 772796930, type = 0, flags = 1, offset = 21, in_struct = 0, in_array = 0}, s = 0xbb3900 "",
end = 0xbb3900 "", record_no = 1, in_struct = 0}, out = {pkt = {body = 0xbc3970 "\003\203", end = 0xbcb970 "", crt = 0xbc3972 ""},
structs = {next = 0xbcb980, prev = 0xbcb980}}, send_h = 0x7ffea8723180, method = 0xbb38ed "ws.dump", gc = 0x0, replied = 0,
err_code = 0, err_phrase = {s = 0x0, len = 0}}
ctx = 0x7ffea8723050
__FUNCTION__ = "process_rpc_req"
#4 0x00007f31c961f82d in handle_stream_read (s_c=0xbb38b0, idx=-1) at io_listener.c:511
bytes_free = 65535
bytes_read = 28
bytes_needed = 12246848
bytes_processed = 0
---Type <return> to continue, or q <return> to quit---
r = 0xbb38d0
sh = {fd = 8, type = 0, from = {sa_in = {s = {sa_family = 14512, sa_data = "\273\000\000\000\000\000\001\000\225\313\061\177\000"}, sin = {
sin_family = 14512, sin_port = 187, sin_addr = {s_addr = 0}, sin_zero = "\001\000\225\313\061\177\000"}, sin6 = {
sin6_family = 14512, sin6_port = 187, sin6_flowinfo = 0, sin6_addr = {__in6_u = {
__u6_addr8 = "\001\000\225\313\061\177\000\000\370\224\242\000\000\000\000", __u6_addr16 = {1, 52117, 32561, 0, 38136, 162, 0,
0}, __u6_addr32 = {3415539713, 32561, 10654968, 0}}}, sin6_scope_id = 1}}, sa_un = {sun_family = 14512,
sun_path = "\273\000\000\000\000\000\001\000\225\313\061\177\000\000\370\224\242\000\000\000\000\000\001\000\000\000\000\000\000\000\330\350\305\302\061\177", '\000' <repeats 19 times>, "\062r\250\001\000\000\000\330\350\305\302\061\177\000\000\000\062r\250\376\177\000\000\035\354`\311\061\177\000\000\020\062r\250\376\177\000\000\330\350\305\302\061\177\000\000\024E's\000"}}, from_len = 0}
__FUNCTION__ = "handle_stream_read"
#5 0x00007f31c9621282 in handle_io (fm=0x7f31cba24a50, events=1, idx=-1) at io_listener.c:706
ret = 1
__FUNCTION__ = "handle_io"
#6 0x00007f31c9618b2f in io_wait_loop_epoll (h=0x7f31c984a400 <io_h>, t=10, repeat=0) at ../../core/io_wait.h:1065
n = 1
r = 0
fm = 0x7f31cba24a50
revents = 1
__FUNCTION__ = "io_wait_loop_epoll"
#7 0x00007f31c961c9cc in io_listen_loop (fd_no=1, cs_lst=0xbadf40) at io_listener.c:281
max_fd_no = 203
poll_err = 0x0
poll_method = 2
cs = 0x0
type = 2
__FUNCTION__ = "io_listen_loop"
#8 0x00007f31c963856b in mod_child (rank=0) at ctl.c:335
pid = 0
cs = 0x4178f0 <_start>
rpc_handler = 1
__FUNCTION__ = "mod_child"
#9 0x000000000053d8c2 in init_mod_child (m=0x7f31cb97ba38, rank=0) at core/sr_module.c:921
__FUNCTION__ = "init_mod_child"
#10 0x000000000053d5e0 in init_mod_child (m=0x7f31cb97c0a0, rank=0) at core/sr_module.c:918
__FUNCTION__ = "init_mod_child"
#11 0x000000000053d5e0 in init_mod_child (m=0x7f31cb97c710, rank=0) at core/sr_module.c:918
__FUNCTION__ = "init_mod_child"
#12 0x000000000053d5e0 in init_mod_child (m=0x7f31cb97cf18, rank=0) at core/sr_module.c:918
__FUNCTION__ = "init_mod_child"
---Type <return> to continue, or q <return> to quit---
#13 0x000000000053d5e0 in init_mod_child (m=0x7f31cb97d680, rank=0) at core/sr_module.c:918
__FUNCTION__ = "init_mod_child"
#14 0x000000000053d5e0 in init_mod_child (m=0x7f31cb97e308, rank=0) at core/sr_module.c:918
__FUNCTION__ = "init_mod_child"
#15 0x000000000053d5e0 in init_mod_child (m=0x7f31cb97eda0, rank=0) at core/sr_module.c:918
__FUNCTION__ = "init_mod_child"
#16 0x000000000053d5e0 in init_mod_child (m=0x7f31cb97f268, rank=0) at core/sr_module.c:918
__FUNCTION__ = "init_mod_child"
#17 0x000000000053d5e0 in init_mod_child (m=0x7f31cb97f7a0, rank=0) at core/sr_module.c:918
__FUNCTION__ = "init_mod_child"
#18 0x000000000053d5e0 in init_mod_child (m=0x7f31cb97ff58, rank=0) at core/sr_module.c:918
__FUNCTION__ = "init_mod_child"
#19 0x000000000053d5e0 in init_mod_child (m=0x7f31cb980408, rank=0) at core/sr_module.c:918
__FUNCTION__ = "init_mod_child"
#20 0x000000000053d5e0 in init_mod_child (m=0x7f31cb9808d0, rank=0) at core/sr_module.c:918
__FUNCTION__ = "init_mod_child"
#21 0x000000000053dbf0 in init_child (rank=0) at core/sr_module.c:947
No locals.
#22 0x000000000042357c in main_loop () at main.c:1700
i = 4
pid = 23059
si = 0x0
si_desc = "udp receiver child=3 sock=10.3.66.231:5060\000\033o\000\000\000A\241u\000\000\000\000\000\000Z\363\033\066\063\034\071\004\000\000\000\000\000\000\000\024E's\000\000\000\000\360xA\000\000\000\000\000\300=r\250\376\177", '\000' <repeats 18 times>, "\360:r\250\376\177\000\000\035\322^\000\000\000\000"
nrprocs = 4
woneinit = 1
__FUNCTION__ = "main_loop"
#23 0x0000000000429f71 in main (argc=15, argv=0x7ffea8723dc8) at main.c:2639
cfg_stream = 0xb19010
c = -1
r = 0
tmp = 0x7ffea8725ef2 ""
tmp_len = -871198296
port = 32561
proto = -1468908416
options = 0x7374e0 ":f:cm:M:dVIhEeb:l:L:n:vKrRDTN:W:w:t:u:g:P:G:SQ:O:a:A:x:X:Y:"
ret = -1
seed = 3991056910
---Type <return> to continue, or q <return> to quit---
rfd = 4
debug_save = 0
debug_flag = 0
dont_fork_cnt = 0
n_lst = 0x0
p = 0x1 <error: Cannot access memory at address 0x1>
st = {st_dev = 15, st_ino = 14760, st_nlink = 2, st_mode = 16832, st_uid = 109, st_gid = 114, __pad0 = 0, st_rdev = 0, st_size = 40,
st_blksize = 4096, st_blocks = 0, st_atim = {tv_sec = 1488887721, tv_nsec = 984216540}, st_mtim = {tv_sec = 1489050213,
tv_nsec = 315492701}, st_ctim = {tv_sec = 1489050213, tv_nsec = 315492701}, __glibc_reserved = {0, 0, 0}}
__FUNCTION__ = "main"
(gdb) info locals
ret = 3
bak = 0xbcb990 "\300\271\274"
(gdb) list
438 in binrpc.h
(gdb)
```
If the commit is not included in the nighlty build, just let me know, then i'll build it manually and check again...
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/1022#issuecomment-285302602
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-dev/attachments/20170309/87e2aea5/attachment-0001.html>
More information about the sr-dev
mailing list