[sr-dev] [kamailio/kamailio] crash: not aligned memory access related to pv parsing (#2798)
sergey-safarov
notifications at github.com
Mon Jul 12 10:42:36 CEST 2021
Interest stack when Kamailio started with `-x tlsf -X tlsf` options.
```
[root at safarov-dell ~]# gdb --args kamailio --atexit=no -DD -P /run/kamailio/kamailio.pid -f /etc/kamailio/kamailio.cfg -m 64 -M 24 -E -x tlsf -X tlsf
GNU gdb (GDB) Fedora 10.1-2.fc33
Copyright (C) 2020 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from kamailio...
(gdb) set pagination off
(gdb) r
Starting program: /usr/local/sbin/kamailio --atexit=no -DD -P /run/kamailio/kamailio.pid -f /etc/kamailio/kamailio.cfg -m 64 -M 24 -E -x tlsf -X tlsf
Missing separate debuginfos, use: dnf debuginfo-install glibc-2.32-4.fc33.x86_64
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Program received signal SIGSEGV, Segmentation fault.
0x000000000059a6f4 in str_hash_add (ht=0x91f150 <main_rt+16>, e=0x7ffff646fa38) at core/str_hash.h:85
85 clist_insert(&ht->table[h], e, next, prev);
(gdb) bt
#0 0x000000000059a6f4 in str_hash_add (ht=0x91f150 <main_rt+16>, e=0x7ffff646fa38) at core/str_hash.h:85
#1 0x000000000059af9f in route_add (rt=0x91f140 <main_rt>, name=0x834f4e "0", i=0) at core/route.c:134
#2 0x000000000059b661 in init_rlist (r_name=0x834f50 "main", rt=0x91f140 <main_rt>, n_entries=2, hash_size=8) at core/route.c:160
#3 0x000000000059b69d in init_routes () at core/route.c:172
#4 0x0000000000431bf8 in main (argc=16, argv=0x7fffffffe5d8) at main.c:2415
(gdb) bt full
#0 0x000000000059a6f4 in str_hash_add (ht=0x91f150 <main_rt+16>, e=0x7ffff646fa38) at core/str_hash.h:85
h = 6
#1 0x000000000059af9f in route_add (rt=0x91f140 <main_rt>, name=0x834f4e "0", i=0) at core/route.c:134
e = 0x7ffff646fa38
__func__ = "route_add"
#2 0x000000000059b661 in init_rlist (r_name=0x834f50 "main", rt=0x91f140 <main_rt>, n_entries=2, hash_size=8) at core/route.c:160
__func__ = "init_rlist"
#3 0x000000000059b69d in init_routes () at core/route.c:172
No locals.
#4 0x0000000000431bf8 in main (argc=16, argv=0x7fffffffe5d8) at main.c:2415
cfg_stream = 0x7fd81d <__libc_csu_init+77>
c = -1
r = -1
tmp = 0x7fffffffe8ae ""
tmp_len = 896
port = 896
proto = 896
ahost = 0x0
aport = 0
options = 0x801218 ":f:cm:M:dVIhEeb:l:L:n:vKrRDTN:W:w:t:u:g:P:G:SQ:O:a:A:x:X:Y:"
ret = -1
seed = 896
rfd = 0
debug_save = 0
debug_flag = 0
dont_fork_cnt = 0
n_lst = 0x0
p = 0xc2 <error: Cannot access memory at address 0xc2>
st = {st_dev = 0, st_ino = 0, st_nlink = 0, st_mode = 0, st_uid = 0, st_gid = 0, __pad0 = 0, st_rdev = 0, st_size = 0, st_blksize = 0, st_blocks = 0, st_atim = {tv_sec = 0, tv_nsec = 0}, st_mtim = {tv_sec = 0, tv_nsec = 0}, st_ctim = {tv_sec = 0, tv_nsec = 0}, __glibc_reserved = {0, 0, 0}}
tbuf = "\320\341\377\377\377\177\000\000\000\000\000\000\000\000\000\000\320\341\377\377\377\177", '\000' <repeats 18 times>, "\260\027\375\367\377\177\000\000\350\317\377\367\377\177\000\000\b\345\377\367\377\177\000\000\340\031\375\367\377\177\000\000\025\217\376\367\377\177\000\000$f\307\367\377\177\000\000\354K\377\367\377\177\000\000\336K\377\367\377\177\000\000\205\317c\t\000\000\000\000\300S\374\367\377\177\000\000ߏ\376\367\377\177\000\000\000\000\000\000\254\202\226\006\334P\307\367\377\177\000\000\000\000\000\000\000\000\000\000\300S\374\367\377\177\000\000\001\000\000\000\000\000\000\000\271[\244'Z\a\000\000\240\341\377\367\377\177\000\000\370\377\377\377\377\377\377\377\240\341\377\367\377\177\000\000R"...
option_index = 12
long_options = {{name = 0x8038f6 "help", has_arg = 0, flag = 0x0, val = 104}, {name = 0x7fe521 "version", has_arg = 0, flag = 0x0, val = 118}, {name = 0x8038fb "alias", has_arg = 1, flag = 0x0, val = 1024}, {name = 0x803901 "subst", has_arg = 1, flag = 0x0, val = 1025}, {name = 0x803907 "substdef", has_arg = 1, flag = 0x0, val = 1026}, {name = 0x803910 "substdefs", has_arg = 1, flag = 0x0, val = 1027}, {name = 0x80391a "server-id", has_arg = 1, flag = 0x0, val = 1028}, {name = 0x803924 "loadmodule", has_arg = 1, flag = 0x0, val = 1029}, {name = 0x80392f "modparam", has_arg = 1, flag = 0x0, val = 1030}, {name = 0x803938 "log-engine", has_arg = 1, flag = 0x0, val = 1031}, {name = 0x803943 "debug", has_arg = 1, flag = 0x0, val = 1032}, {name = 0x803949 "cfg-print", has_arg = 0, flag = 0x0, val = 1033}, {name = 0x803953 "atexit", has_arg = 1, flag = 0x0, val = 1034}, {name = 0x0, has_arg = 0, flag = 0x0, val = 0}}
__func__ = "main"
(gdb) info locals
h = 6
(gdb) list
80 struct str_hash_entry* e)
81 {
82 int h;
83
84 h=get_hash1_raw(e->key.s, e->key.len) % ht->size;
85 clist_insert(&ht->table[h], e, next, prev);
86 }
87
88
89
(gdb) p e
$1 = (struct str_hash_entry *) 0x7ffff646fa38
(gdb) p *e
$2 = {next = 0x834d5f, prev = 0x7ffff646fa10, key = {s = 0x834f4e "0", len = 1}, flags = 0, u = {p = 0x0, s = 0x0, n = 0, data = "\000\000\000\000\000\000\000"}}
(gdb) p *e.next
$3 = {next = 0x6f63203a65726f63, prev = 0x6574756f722f6572, key = {s = 0x632e <error: Cannot access memory at address 0x632e>, len = 1970237952}, flags = 1660970084, u = {p = 0x632e6574756f72, s = 0x632e6574756f72 <error: Cannot access memory at address 0x632e6574756f72>, n = 1953853298, data = "route.c"}}
(gdb) p *e.prev
$4 = {next = 0x834d5f, prev = 0x834d78 <__func__.17>, key = {s = 0x834b3b "core", len = 124}, flags = 56, u = {p = 0x834d5f, s = 0x834d5f "core: core/route.c", n = 8605023, data = "_M\203\000\000\000\000"}}
(gdb) p next
No symbol "next" in current context.
(gdb) p prev
No symbol "prev" in current context.
```
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/2798#issuecomment-878089657
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-dev/attachments/20210712/fd2c6811/attachment-0001.htm>
More information about the sr-dev
mailing list