[SR-Users] After upgrade from openser 1.3.4 to kamailio 1.5.5 the same crash set

Andrew O. Zhukov gnugk at telegroup.com.ua
Thu Feb 10 08:12:32 CET 2011 

Couple month ago I sent whole set of crash-es from 1.3.4 to this 
maillist. Nobody respond me.

On 02/10/2011 08:53 AM, Daniel-Constantin Mierla wrote:
> Hello,
>
> from the subject I don't understand exactly: did you get this crash also
> with 1.3.4? Is it reproducible?
This crash-es from 1.5.5. I rise it up on this weekend.
I do not shutdown server with 1.3.4 yet. I still keep all crashes there.
>
> Looks like there is a buffer overflow. Can you recompile/reinstall with
> memory debug on (in 1.5.x, see Makefile.vars)? The watch the logs and
> see if you get any error related to buffer overwritten ops.
Ok. I'll do it.
>
> Cheers,
> Daniel
>
> On 2/10/11 7:37 AM, Andrew O. Zhukov wrote:
>> [root@ tmp]# /usr/local/sbin/kamailio -V
>> version: kamailio 1.5.5-notls (x86_64/linux)
>> flags: STATISTICS, EXTRA_DEBUG, USE_IPV6, USE_TCP, DISABLE_NAGLE,
>> USE_MCAST, SHM_MMAP,
>> PKG_MALLOC, F_MALLOC, FAST_LOCK-ADAPTIVE_WAIT
>> ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16,
>> MAX_URI_SIZE 1024,
>> BUF_SIZE 65535, PKG_SIZE 4194304
>> poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
>> svnrevision: unknown
>> @(#) $Id: main.c 5608 2009-02-13 16:48:17Z henningw $
>> main.c compiled on 12:38:36 Feb 2 2011 with gcc 4.1.2
>>
>>
>> -----------------------------
>> Core was generated by `/usr/local/sbin/kamailio -P
>> /var/run/openser/openser.pid -m 32 -u
>> openser -g op'.
>> Program terminated with signal 11, Segmentation fault.
>> #0 0x000000000046b0e3 in fm_malloc (qm=0x72dc00, size=32) at
>> mem/f_malloc.c:354
>> 354 if ((*f)->size>=size) goto found;
>> (gdb) backtrace
>> #0 0x000000000046b0e3 in fm_malloc (qm=0x72dc00, size=32) at
>> mem/f_malloc.c:354
>> #1 0x00002b30f2803087 in build_rr (_l=0x76f110, _l2=0x76fe80,
>> user=0x7fffe9c5a500,
>> tag=0x777a58, params=0x0, _inbound=0)
>> at record.c:176
>> #2 0x00002b30f2802b7a in record_route (_m=0x76e0e0, params=0x0) at
>> record.c:322
>> #3 0x00002b30f28047db in w_record_route (msg=0x76e0e0, key=0x0,
>> bar=0x0) at rr_mod.c:212
>> #4 0x000000000040ed9b in do_action (a=0x73f5a0, msg=0x76e0e0) at
>> action.c:874
>> #5 0x000000000040c03a in run_action_list (a=0x73f5a0, msg=0x76e0e0) at
>> action.c:145
>> #6 0x000000000040e6a7 in do_action (a=0x73f810, msg=0x76e0e0) at
>> action.c:746
>> #7 0x000000000040c03a in run_action_list (a=0x73e418, msg=0x76e0e0) at
>> action.c:145
>> #8 0x000000000040c2a9 in run_actions (a=0x73e418, msg=0x76e0e0) at
>> action.c:120
>> #9 0x000000000040c357 in run_top_route (a=0x73e418, msg=0x76e0e0) at
>> action.c:195
>> #10 0x000000000043bda4 in receive_msg (
>> buf=0x70c980 "NOTIFY sip:XXXXXX.com SIP/2.0\r\nVia: SIP/2.0/UDP
>> XX.XXX.101.68:5060;branch=z9hG4bK-6ee3865\r\nFrom: VTHome
>> <sip:101650 at XXXXXX.com>;tag=129d73a13db8ec7fo0\r\nTo:
>> <sip:XXXXX.com>\r\nCall-ID:
>> e3fd1da9-142a0a17"..., len=373,
>> rcv_info=0x7fffe9c5ae90) at receive.c:175
>> #11 0x0000000000467eeb in udp_rcv_loop () at udp_server.c:449
>> #12 0x000000000042097b in main_loop () at main.c:774
>> #13 0x00000000004228b0 in main (argc=11, argv=0x7fffe9c5b118) at
>> main.c:1321
>> (gdb) print size
>> $1 = 32
>> (gdb) quit
>> --------------------------------------------
>> Core was generated by `/usr/local/sbin/kamailio -P
>> /var/run/openser/openser.pid -m 32 -u
>> openser -g op'.
>> Program terminated with signal 11, Segmentation fault.
>> #0 0x000000000046bf7b in fm_status (qm=0x72dc00) at mem/f_malloc.c:609
>> 609 size+=f->size,f=f->u.nxt_free,i++,j++){
>> (gdb) backtrace
>> #0 0x000000000046bf7b in fm_status (qm=0x72dc00) at mem/f_malloc.c:609
>> #1 0x000000000041feb3 in sig_usr (signo=15) at main.c:563
>> #2 <signal handler called>
>> #3 0x00000039d8cd4a51 in __recvfrom_nocancel () from /lib64/libc.so.6
>> #4 0x0000000000467bf4 in udp_rcv_loop () at udp_server.c:408
>> #5 0x000000000042097b in main_loop () at main.c:774
>> #6 0x00000000004228b0 in main (argc=11, argv=0x7fffe9c5b118) at
>> main.c:1321
>> (gdb) print i
>> $1 = 402
>> (gdb) print j
>> $2 = 1
>> (gdb) print size
>> $3 = 7234295468789601279
>> (gdb) print f
>> $4 = (struct fm_frag *) 0x3738656435393838
>> (gdb) print f->size
>> Cannot access memory at address 0x3738656435393838
>> -------------------------------------------------------------------
>>
>>
>>
>> Andrew O. Zhukov
>>
>> _______________________________________________
>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>> sr-users at lists.sip-router.org
>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>

More information about the sr-users mailing list