[sr-dev] [kamailio/kamailio] app_lua // crash // realloc(): invalid next size: (#1433)

amoizard notifications at github.com
Thu Feb 8 14:11:01 CET 2018 

### Description

When starting my kamailio with my complete kamailio.cfg, I have crash reporting
*** Error in `/usr/sbin/kamailio': realloc(): invalid next size: 0x0000000001060980 ***

The issue looks to be related to using "app_lua" module. However, the issue don't
always show up. If I remove ONE modules, it won't crash. I've been trying to get a
simple config to crash, but I have to keep many modules to reproduce the crash.

The crash is happening line 228 of app_lua_api.c: 

    if(luaL_dostring(L, "sr.probe()")!=0)

### Troubleshooting

Can't start kamailio.

#### Reproduction

I have attached my minimal kamailio4.cfg file to reproduce the crash. I have removed
my DBURL credentials.
[kamailio4.cfg.txt](https://github.com/kamailio/kamailio/files/1707085/kamailio4.cfg.txt)

I'm starting kamailio with:
/usr/sbin/kamailio -D -f kamailio4.cfg -e -E -ddd

#### Debugging Data

Core was generated by `/usr/sbin/kamailio -D -f kamailio4.cfg -e -E -ddd'.
Program terminated with signal SIGABRT, Aborted.
#0  0x00007f8ecfb62067 in __GI_raise (sig=sig at entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
56      ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) bt
#0  0x00007f8ecfb62067 in __GI_raise (sig=sig at entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#1  0x00007f8ecfb63448 in __GI_abort () at abort.c:89
#2  0x00007f8ecfba01b4 in __libc_message (do_abort=do_abort at entry=1, fmt=fmt at entry=0x7f8ecfc95210 "*** Error in `%s': %s: 0x%s ***\n") at ../sysdeps/posix/libc_fatal.c:175
#3  0x00007f8ecfba598e in malloc_printerr (action=1, str=0x7f8ecfc9142a "realloc(): invalid next size", ptr=<optimized out>) at malloc.c:4996
#4  0x00007f8ecfba876b in _int_realloc (av=av at entry=0x7f8ecfed2620 <main_arena>, oldp=oldp at entry=0x1060970, oldsize=oldsize at entry=736, nb=nb at entry=1552) at malloc.c:4234
#5  0x00007f8ecfba9769 in __GI___libc_realloc (oldmem=0x1060980, bytes=1536) at malloc.c:3029
#6  0x00007f8ec324acae in luaM_realloc_ (L=L at entry=0x10605c0, block=block at entry=0x1060980, osize=720, nsize=nsize at entry=1536) at lmem.c:79
#7  0x00007f8ec32469aa in luaD_reallocstack (L=0x10605c0, newsize=90) at ldo.c:145
#8  0x00007f8ec324b66d in open_func (ls=ls at entry=0x7ffe459b9720, fs=fs at entry=0x7ffe459b9780) at lparser.c:350
#9  0x00007f8ec324e0b3 in luaY_parser (L=0x10605c0, z=0x7ffe459b9bf0, buff=<optimized out>, name=<optimized out>) at lparser.c:388
#10 0x00007f8ec3246cd1 in f_parser (L=L at entry=0x10605c0, ud=ud at entry=0x7ffe459b9ba0) at ldo.c:498
#11 0x00007f8ec324692e in luaD_rawrunprotected (L=L at entry=0x10605c0, f=f at entry=0x7f8ec3246c80 <f_parser>, ud=ud at entry=0x7ffe459b9ba0) at ldo.c:116
#12 0x00007f8ec32477bb in luaD_pcall (L=L at entry=0x10605c0, func=func at entry=0x7f8ec3246c80 <f_parser>, u=u at entry=0x7ffe459b9ba0, old_top=672, ef=<optimized out>) at ldo.c:464
#13 0x00007f8ec32478c2 in luaD_protectedparser (L=L at entry=0x10605c0, z=z at entry=0x7ffe459b9bf0, name=name at entry=0x7f8ec350547e "sr.probe()") at ldo.c:514
#14 0x00007f8ec3243528 in lua_load (L=0x10605c0, reader=reader at entry=0x7f8ec3252940 <getS>, data=data at entry=0x7ffe459b9c40, chunkname=0x7f8ec350547e "sr.probe()") at lapi.c:869
#15 0x00007f8ec3253d8c in luaL_loadbuffer (L=<optimized out>, buff=<optimized out>, size=<optimized out>, name=<optimized out>) at lauxlib.c:614
#16 0x00007f8ec34e87d7 in lua_sr_init_probe () from /usr/lib/x86_64-linux-gnu/kamailio/modules/app_lua.so
#17 0x00007f8ec347497d in ?? () from /usr/lib/x86_64-linux-gnu/kamailio/modules/app_lua.so
#18 0x0000000000549a00 in ?? ()
#19 0x0000000000549d92 in init_child ()
#20 0x00000000004214c8 in main_loop ()
#21 0x000000000042aae9 in main ()
(gdb) 
(gdb) info locals 
resultvar = 0
pid = 23353
selftid = 23353



#### Log Messages

I'm copy/pasting a few logs from the app_lua module. If you wish more, let me know.

0(23353) DEBUG: app_lua [app_lua_sr.c:1975]: lua_sr_kemi_register_libs(): initializing kemi sub-module: KSR.hdr (hdr)
 0(23353) DEBUG: app_lua [app_lua_sr.c:1975]: lua_sr_kemi_register_libs(): initializing kemi sub-module: KSR.jsonrpcs (jsonrpcs)
 0(23353) DEBUG: app_lua [app_lua_sr.c:1975]: lua_sr_kemi_register_libs(): initializing kemi sub-module: KSR.kex (kex)
 0(23353) DEBUG: app_lua [app_lua_sr.c:1975]: lua_sr_kemi_register_libs(): initializing kemi sub-module: KSR.tm (tm)
 0(23353) DEBUG: app_lua [app_lua_sr.c:1975]: lua_sr_kemi_register_libs(): initializing kemi sub-module: KSR.tmx (tmx)
 0(23353) DEBUG: app_lua [app_lua_sr.c:1975]: lua_sr_kemi_register_libs(): initializing kemi sub-module: KSR.sl (sl)
 0(23353) DEBUG: app_lua [app_lua_sr.c:1975]: lua_sr_kemi_register_libs(): initializing kemi sub-module: KSR.tsilo (tsilo)
 0(23353) DEBUG: app_lua [app_lua_sr.c:1975]: lua_sr_kemi_register_libs(): initializing kemi sub-module: KSR.rr (rr)
 0(23353) DEBUG: app_lua [app_lua_sr.c:1975]: lua_sr_kemi_register_libs(): initializing kemi sub-module: KSR.pvx (pvx)
 0(23353) DEBUG: app_lua [app_lua_sr.c:1975]: lua_sr_kemi_register_libs(): initializing kemi sub-module: KSR.maxfwd (maxfwd)
 0(23353) DEBUG: app_lua [app_lua_sr.c:1975]: lua_sr_kemi_register_libs(): initializing kemi sub-module: KSR.registrar (registrar)
 0(23353) DEBUG: app_lua [app_lua_sr.c:1975]: lua_sr_kemi_register_libs(): initializing kemi sub-module: KSR.textops (textops)
 0(23353) DEBUG: app_lua [app_lua_sr.c:1975]: lua_sr_kemi_register_libs(): initializing kemi sub-module: KSR.siputils (siputils)
 0(23353) DEBUG: app_lua [app_lua_sr.c:1975]: lua_sr_kemi_register_libs(): initializing kemi sub-module: KSR.sanity (sanity)
 0(23353) DEBUG: app_lua [app_lua_sr.c:1975]: lua_sr_kemi_register_libs(): initializing kemi sub-module: KSR.acc (acc)
 0(23353) DEBUG: app_lua [app_lua_sr.c:1975]: lua_sr_kemi_register_libs(): initializing kemi sub-module: KSR.uri_db (uri_db)
 0(23353) DEBUG: app_lua [app_lua_sr.c:1975]: lua_sr_kemi_register_libs(): initializing kemi sub-module: KSR.auth (auth)
 0(23353) DEBUG: app_lua [app_lua_sr.c:1975]: lua_sr_kemi_register_libs(): initializing kemi sub-module: KSR.auth_db (auth_db)
 0(23353) DEBUG: app_lua [app_lua_sr.c:1975]: lua_sr_kemi_register_libs(): initializing kemi sub-module: KSR.permissions (permissions)
 0(23353) DEBUG: app_lua [app_lua_sr.c:1975]: lua_sr_kemi_register_libs(): initializing kemi sub-module: KSR.alias_db (alias_db)
 0(23353) DEBUG: app_lua [app_lua_sr.c:1975]: lua_sr_kemi_register_libs(): initializing kemi sub-module: KSR.domain (domain)
 0(23353) DEBUG: app_lua [app_lua_sr.c:1975]: lua_sr_kemi_register_libs(): initializing kemi sub-module: KSR.presence (presence)
 0(23353) DEBUG: app_lua [app_lua_sr.c:1975]: lua_sr_kemi_register_libs(): initializing kemi sub-module: KSR.presence_xml (presence_xml)
 0(23353) DEBUG: app_lua [app_lua_sr.c:1975]: lua_sr_kemi_register_libs(): initializing kemi sub-module: KSR.nathelper (nathelper)
 0(23353) DEBUG: app_lua [app_lua_sr.c:1975]: lua_sr_kemi_register_libs(): initializing kemi sub-module: KSR.rtpproxy (rtpproxy)
 0(23353) DEBUG: app_lua [app_lua_sr.c:1975]: lua_sr_kemi_register_libs(): initializing kemi sub-module: KSR.tls (tls)
 0(23353) DEBUG: app_lua [app_lua_sr.c:1975]: lua_sr_kemi_register_libs(): initializing kemi sub-module: KSR.pike (pike)
 0(23353) DEBUG: app_lua [app_lua_sr.c:1975]: lua_sr_kemi_register_libs(): initializing kemi sub-module: KSR.htable (htable)
 0(23353) DEBUG: app_lua [app_lua_sr.c:1975]: lua_sr_kemi_register_libs(): initializing kemi sub-module: KSR.xhttp (xhttp)
 0(23353) DEBUG: app_lua [app_lua_sr.c:1975]: lua_sr_kemi_register_libs(): initializing kemi sub-module: KSR.websocket (websocket)
 0(23353) DEBUG: app_lua [app_lua_sr.c:1975]: lua_sr_kemi_register_libs(): initializing kemi sub-module: KSR.sqlops (sqlops)
 0(23353) DEBUG: app_lua [app_lua_sr.c:1975]: lua_sr_kemi_register_libs(): initializing kemi sub-module: KSR.cfgutils (cfgutils)
 0(23353) DEBUG: app_lua [app_lua_sr.c:1975]: lua_sr_kemi_register_libs(): initializing kemi sub-module: KSR.app_lua (app_lua)
 0(23353) DEBUG: app_lua [app_lua_sr.c:1978]: lua_sr_kemi_register_libs(): module 'KSR' has been initialized


#### SIP Traffic

Not applicable. The proxy crash before starting.

### Possible Solutions

I haven't been able to find any clue.

### Additional Information

I'm using a debian running jessie with debian package from http://deb.kamailio.org/kamailio51
I have installed liblua5.1-0-dbg to have more backtrace from the core dump.

$ /usr/sbin/kamailio -v
version: kamailio 5.1.1 (x86_64/linux) 
flags: STATS: Off, USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MEM, SHM_MMAP, PKG_MALLOC, Q_MALLOC, F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLACKLIST, HAVE_RESOLV_RES
ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16, MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT PKG_SIZE 8MB
poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
id: unknown 
compiled with gcc 4.9.2

* **Operating System**:

$ uname -a
Linux sip.antisip.com 3.16.0-5-amd64 #1 SMP Debian 3.16.51-3+deb8u1 (2018-01-08) x86_64 GNU/Linux

Tks for looking at this!
Ay

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/1433
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-dev/attachments/20180208/4fc91914/attachment-0001.html>

More information about the sr-dev mailing list