[SR-Users] After upgrade from openser 1.3.4 to kamailio 1.5.5 the same crash set

Daniel-Constantin Mierla miconda at gmail.com
Thu Feb 10 07:53:06 CET 2011 

Hello,

from the subject I don't understand exactly: did you get this crash also 
with 1.3.4? Is it reproducible?

Looks like there is a buffer overflow. Can you recompile/reinstall with 
memory debug on (in 1.5.x, see Makefile.vars)? The watch the logs and 
see if you get any error related to buffer overwritten ops.

Cheers,
Daniel

On 2/10/11 7:37 AM, Andrew O. Zhukov wrote:
> [root@ tmp]# /usr/local/sbin/kamailio -V
> version: kamailio 1.5.5-notls (x86_64/linux)
> flags: STATISTICS, EXTRA_DEBUG, USE_IPV6, USE_TCP, DISABLE_NAGLE, 
> USE_MCAST, SHM_MMAP,
> PKG_MALLOC, F_MALLOC, FAST_LOCK-ADAPTIVE_WAIT
> ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16, 
> MAX_URI_SIZE 1024,
> BUF_SIZE 65535, PKG_SIZE 4194304
> poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
> svnrevision: unknown
> @(#) $Id: main.c 5608 2009-02-13 16:48:17Z henningw $
> main.c compiled on 12:38:36 Feb  2 2011 with gcc 4.1.2
>
>
> -----------------------------
> Core was generated by `/usr/local/sbin/kamailio -P 
> /var/run/openser/openser.pid -m 32 -u
> openser -g op'.
> Program terminated with signal 11, Segmentation fault.
> #0  0x000000000046b0e3 in fm_malloc (qm=0x72dc00, size=32) at 
> mem/f_malloc.c:354
> 354                             if ((*f)->size>=size) goto found;
> (gdb) backtrace
> #0  0x000000000046b0e3 in fm_malloc (qm=0x72dc00, size=32) at 
> mem/f_malloc.c:354
> #1  0x00002b30f2803087 in build_rr (_l=0x76f110, _l2=0x76fe80, 
> user=0x7fffe9c5a500,
> tag=0x777a58, params=0x0, _inbound=0)
>     at record.c:176
> #2  0x00002b30f2802b7a in record_route (_m=0x76e0e0, params=0x0) at 
> record.c:322
> #3  0x00002b30f28047db in w_record_route (msg=0x76e0e0, key=0x0, 
> bar=0x0) at rr_mod.c:212
> #4  0x000000000040ed9b in do_action (a=0x73f5a0, msg=0x76e0e0) at 
> action.c:874
> #5  0x000000000040c03a in run_action_list (a=0x73f5a0, msg=0x76e0e0) 
> at action.c:145
> #6  0x000000000040e6a7 in do_action (a=0x73f810, msg=0x76e0e0) at 
> action.c:746
> #7  0x000000000040c03a in run_action_list (a=0x73e418, msg=0x76e0e0) 
> at action.c:145
> #8  0x000000000040c2a9 in run_actions (a=0x73e418, msg=0x76e0e0) at 
> action.c:120
> #9  0x000000000040c357 in run_top_route (a=0x73e418, msg=0x76e0e0) at 
> action.c:195
> #10 0x000000000043bda4 in receive_msg (
>     buf=0x70c980 "NOTIFY sip:XXXXXX.com SIP/2.0\r\nVia: SIP/2.0/UDP
> XX.XXX.101.68:5060;branch=z9hG4bK-6ee3865\r\nFrom: VTHome
> <sip:101650 at XXXXXX.com>;tag=129d73a13db8ec7fo0\r\nTo: 
> <sip:XXXXX.com>\r\nCall-ID:
> e3fd1da9-142a0a17"..., len=373,
>     rcv_info=0x7fffe9c5ae90) at receive.c:175
> #11 0x0000000000467eeb in udp_rcv_loop () at udp_server.c:449
> #12 0x000000000042097b in main_loop () at main.c:774
> #13 0x00000000004228b0 in main (argc=11, argv=0x7fffe9c5b118) at 
> main.c:1321
> (gdb) print size
> $1 = 32
> (gdb) quit
> --------------------------------------------
> Core was generated by `/usr/local/sbin/kamailio -P 
> /var/run/openser/openser.pid -m 32 -u
> openser -g op'.
> Program terminated with signal 11, Segmentation fault.
> #0  0x000000000046bf7b in fm_status (qm=0x72dc00) at mem/f_malloc.c:609
> 609 size+=f->size,f=f->u.nxt_free,i++,j++){
> (gdb) backtrace
> #0  0x000000000046bf7b in fm_status (qm=0x72dc00) at mem/f_malloc.c:609
> #1  0x000000000041feb3 in sig_usr (signo=15) at main.c:563
> #2 <signal handler called>
> #3  0x00000039d8cd4a51 in __recvfrom_nocancel () from /lib64/libc.so.6
> #4  0x0000000000467bf4 in udp_rcv_loop () at udp_server.c:408
> #5  0x000000000042097b in main_loop () at main.c:774
> #6  0x00000000004228b0 in main (argc=11, argv=0x7fffe9c5b118) at 
> main.c:1321
> (gdb) print i
> $1 = 402
> (gdb) print j
> $2 = 1
> (gdb) print size
> $3 = 7234295468789601279
> (gdb) print f
> $4 = (struct fm_frag *) 0x3738656435393838
> (gdb) print f->size
> Cannot access memory at address 0x3738656435393838
> -------------------------------------------------------------------
>
>
>
> Andrew O. Zhukov
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

-- 
Daniel-Constantin Mierla
http://www.asipto.com

More information about the sr-users mailing list