[sr-dev] [kamailio/kamailio] tm core.when free ack cancel_buf. (#2321)

zhangyang notifications at github.com
Mon May 11 08:53:55 CEST 2020


### Description

wh have a too long 500msg,when the build ack,it abort


we use ka listen two port ,and use port 1 send port 2 after port2 send port1,it loop in kamailio.cfg.its my wrong,but kamailio core....

### Troubleshooting

#### Debugging Data  this is core bt
#0  0x00002ae1c343c5f7 in raise () from /lib64/libc.so.6
#1  0x00002ae1c343dce8 in abort () from /lib64/libc.so.6
#2  0x000000000068155a in qm_debug_check_frag (qm=0x2ae1c8fb4000, f=0x2ae1c93bf558, file=0x2ae1c4a1b9ff "tm: t_msgbuilder.c", line=518, efile=0x7f1ca7 "core/mem/q_malloc.c", 
    eline=504) at core/mem/q_malloc.c:139
#3  0x0000000000684bf5 in qm_free (qmp=0x2ae1c8fb4000, p=0x2ae1c93bf590, file=0x2ae1c4a1b9ff "tm: t_msgbuilder.c", 
    func=0x2ae1c4a1fb50 <__FUNCTION__.11261> "build_local_reparse", line=518, mname=0x2ae1c4a1aa30 "tm") at core/mem/q_malloc.c:504
#4  0x000000000068e83f in qm_shm_free (qmp=0x2ae1c8fb4000, p=0x2ae1c93bf590, file=0x2ae1c4a1b9ff "tm: t_msgbuilder.c", 
    func=0x2ae1c4a1fb50 <__FUNCTION__.11261> "build_local_reparse", line=518, mname=0x2ae1c4a1aa30 "tm") at core/mem/q_malloc.c:1268
#5  0x00002ae1c4951e76 in build_local_reparse (Trans=0x2ae1c94524d8, branch=0, len=0x7ffe977ff370, method=0x2ae1c4a2399b "ACK", method_len=3, to=0x7ffe977ff130, reason=0x0)
    at t_msgbuilder.c:518
#6  0x00002ae1c497336e in build_ack (rpl=0x2ae1c3d3bb08, trans=0x2ae1c94524d8, branch=0, ret_len=0x7ffe977ff370) at t_reply.c:354
#7  0x00002ae1c4986066 in reply_received (p_msg=0x2ae1c3d3bb08) at t_reply.c:2292
#8  0x000000000053da31 in do_forward_reply (msg=0x2ae1c3d3bb08, mode=0) at core/forward.c:748
#9  0x000000000053f5a9 in forward_reply (msg=0x2ae1c3d3bb08) at core/forward.c:853
#10 0x000000000059c633 in receive_msg (
    buf=0xa6ee20 <buf.6868> "SIP/2.0 500 Internal Server Error\r\nVia: SIP/2.0/UDP 172.18.67.32;branch=z9hG4bK4301.6c6183869659ad37775254042e1ec6f4.0\r\nVia: SIP/2.0/UDP 172.18.67.32;branch=z9hG4bK4301.a149a0620b507cd0ba760eeb1cd32b3"..., len=27098, rcv_info=0x7ffe977ffae0) at core/receive.c:434
#11 0x000000000048e42c in udp_rcv_loop () at core/udp_server.c:541
#12 0x000000000042509d in main_loop () at main.c:1669
#13 0x000000000042c788 in main (argc=9, argv=0x7ffe97800028) at main.c:2710



(gdb) up
#1  0x00002ae1c343dce8 in abort () from /lib64/libc.so.6
(gdb) up
#2  0x000000000068155a in qm_debug_check_frag (qm=0x2ae1c8fb4000, f=0x2ae1c93bf558, file=0x2ae1c4a1b9ff "tm: t_msgbuilder.c", line=518, efile=0x7f1ca7 "core/mem/q_malloc.c", 
    eline=504) at core/mem/q_malloc.c:139
139	core/mem/q_malloc.c: 没有那个文件或目录.
(gdb) up
#3  0x0000000000684bf5 in qm_free (qmp=0x2ae1c8fb4000, p=0x2ae1c93bf590, file=0x2ae1c4a1b9ff "tm: t_msgbuilder.c", 
    func=0x2ae1c4a1fb50 <__FUNCTION__.11261> "build_local_reparse", line=518, mname=0x2ae1c4a1aa30 "tm") at core/mem/q_malloc.c:504
504	in core/mem/q_malloc.c
(gdb) up
#4  0x000000000068e83f in qm_shm_free (qmp=0x2ae1c8fb4000, p=0x2ae1c93bf590, file=0x2ae1c4a1b9ff "tm: t_msgbuilder.c", 
    func=0x2ae1c4a1fb50 <__FUNCTION__.11261> "build_local_reparse", line=518, mname=0x2ae1c4a1aa30 "tm") at core/mem/q_malloc.c:1268
1268	in core/mem/q_malloc.c
(gdb) up
#5  0x00002ae1c4951e76 in build_local_reparse (Trans=0x2ae1c94524d8, branch=0, len=0x7ffe977ff370, method=0x2ae1c4a2399b "ACK", method_len=3, to=0x7ffe977ff130, reason=0x0)
    at t_msgbuilder.c:518
518	t_msgbuilder.c: 没有那个文件或目录.
(gdb) p cancel_buf
$1 = 0x2ae1c93bf590 "ACK sip:2002 at 172.18.67.42 SIP/2.0\r\n\253"
(gdb) p reason
$2 = (struct cancel_reason *) 0x0



#### Log Messages


[2020-05-11 11:10:27] (124796) INFO: <script>: IN_REPLY_PBX

[2020-05-11 11:10:27] (124796) INFO: <script>: IN_REPLY_PBX IN Call <null>: Status 100 3001 at 172.18.67.42:5060 -----> 2002 at 172.18.67.32:5060

[2020-05-11 11:10:27] (124796) ERROR: tm [t_msgbuilder.c:516]: build_local_reparse(): HDR_EOH_T was not found

[2020-05-11 11:10:27] (124796) CRITICAL: <core> [core/mem/q_malloc.c:137]: qm_debug_check_frag(): BUG: qm: fragm. 0x2ae1c93bf558 (address 0x2ae1c93bf590) end overwritten (2e322f5049532032, ab0a0d30)! Memory allocator was called from tm: t_msgbuilder.c:518. Fragment marked by tm: t_msgbuilder.c:345. Exec from core/mem/q_malloc.c:504.



#### SIP Traffic

we use ka listen two port ,and use port 1 send port 2 after port2 send port1,it loop in kamailio.cfg.its my wrong,but kamailio core....


### Possible Solutions
we see t_msgbuilder.c shm_free(cancel_buf); faild  ...


### Additional Information

version: kamailio 5.2.5 (x86_64/linux) 
flags: STATS: Off, USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS, DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MEM, SHM_MMAP, PKG_MALLOC, Q_MALLOC, F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLACKLIST, HAVE_RESOLV_RES
ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144 MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT PKG_SIZE 8MB
poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
id: unknown 
compiled on 15:28:15 Nov  4 2019 with gcc 4.8.5

* **Operating System**:
CentOS Linux release 7.2.1511 (Core)
Linux localhost.localdomain 3.10.0-327.el7.x86_64 #1 SMP Thu Nov 19 22:10:57 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux



-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/2321
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-dev/attachments/20200510/9cb9ba9c/attachment.html>


More information about the sr-dev mailing list