[SR-Users] SEG FAULT dialog

Daniel-Constantin Mierla miconda at gmail.com
Sun Nov 24 15:00:20 CET 2013


On 11/23/13 1:00 AM, Kelvin Chua wrote:
>
> the patch worked
>
> is it safe to commit to 4.0?
>
Yes, I backported in the git branch 4.0.

Cheers,
Daniel

> On Nov 21, 2013 4:34 PM, "Daniel-Constantin Mierla" <miconda at gmail.com 
> <mailto:miconda at gmail.com>> wrote:
> >
> > If you still have the old core, can you get the content of f in 
> frame 1 from gdb?
> >
> > frame 1
> > p *f
> >
> > If you are going to test with the patch I suggested in previous 
> email, can you set MEMDBG=1 in Makefile.defs, then compile and 
> install? It will be easy to detect if there is a buffer overflow 
> somewhere.
> >
> > Cheers,
> > Daniel
> >
> >
> > On 11/20/13 11:30 AM, Daniel-Constantin Mierla wrote:
> >>
> >> Hello,
> >>
> >> can you try with next patch?
> >>
> >> - 
> http://git.sip-router.org/cgi-bin/gitweb.cgi?p=sip-router;a=blobdiff;f=modules/dialog/dlg_hash.c;h=d346800a848b6ae0477530d0b875c8d2c528d7dc;hp=6f944e1fcc00b892a838fd19b4891c92c7637290;hb=082a6c43938cf8e3839d46fd070e391bd522d4ed;hpb=8d6a981543a044fddc3448c93dba9ed35afac0c0
> >>
> >> It is on master, but there was no much testing to port it to branch 
> 4.0 so far.
> >>
> >> Cheers,
> >> Daniel
> >>
> >> On 11/20/13 5:36 AM, Kelvin Chua wrote:
> >>>
> >>> I can reproduce it consistently.
> >>> I am doing serial forking into a non-existent host, when the 
> caller gets impatient, it cancels the call and send another invite.
> >>> this happens after that.
> >>>
> >>> full backtrace:
> >>>
> >>> #0  qm_detach_free (frag=0x7fb2b552e2b0, qm=<optimized out>) at 
> mem/q_malloc.c:269
> >>>         prev = 0x7fb2b5192058
> >>>         next = 0x0
> >>> #1  qm_malloc (qm=0x7fb2b5192000, size=16) at mem/q_malloc.c:386
> >>>         f = 0x7fb2b552e2b0
> >>>         hash = -1256644520
> >>> #2  0x00007fb2b44f7e93 in set_dlg_variable_unsafe () from 
> /usr/local/lib64/kamailio/modules/dialog.so
> >>> No symbol table info available.
> >>> #3  0x00007fb2b44fa3aa in pv_set_dlg_variable () from 
> /usr/local/lib64/kamailio/modules/dialog.so
> >>> No symbol table info available.
> >>> #4  0x000000000047be59 in lval_pvar_assign (rv=0x7fb2bf8348f8, 
> lv=0x7fb2bf834750, msg=0x7fb2bf8c7a00,
> >>>     h=<optimized out>) at lvalue.c:353
> >>>         r_avp = <optimized out>
> >>>         ret = 1
> >>>         destroy_pval = 1
> >>>         pvar = 0x7fb2bf834758
> >>>         pval = {rs = {
> >>>             s = 0x92750b "+1xx882xx111 at 2xx.xx1.3x.2x 
> SIP/2.0\r\nRecord-Route: 
> <sip:6x.x1.4.195;lr=on;ftag=gK085a1dec>\r\nRecord-Route: 
> <sip:6X.2X1.8.8X;lr=on;ftag=gK085a1dec>\r\nAccept: 
> application/sdp\r\nAllow: INVITE,ACK,CANCEL,BYE"..., len = 12}, ri = 
> 0, flags = 4}
> >>>         avp_val = {n = 0, s = {s = 0x0, len = 0}, re = 0x0}
> >>>         v = <optimized out>
> >>> #5  lval_assign (h=<optimized out>, msg=0x7fb2bf8c7a00, 
> lv=0x7fb2bf834750, rve=0x7fb2bf8348f0) at lvalue.c:401
> >>>         rv = 0x7fb2bf8348f8
> >>>         ret = 0
> >>>         __FUNCTION__ = "lval_assign"
> >>> #6  0x000000000041cf14 in do_action (h=0x7fffe1b8f710, 
> a=0x7fb2bf8332b0, msg=0x7fb2bf8c7a00) at action.c:1453
> >>>         ret = -5
> >>>         v = <optimized out>
> >>>         dst = {send_sock = 0x7fb2bdb0f080, to = {s = {sa_family = 0,
> >>>               sa_data = 
> "\000\000\000\000\000\000\200-\210\000\000\000\000"}, sin = 
> {sin_family = 0, sin_port = 0,
> >>>               sin_addr = {s_addr = 0}, sin_zero = 
> "\200-\210\000\000\000\000"}, sin6 = {sin6_family = 0,
> >>>               sin6_port = 0, sin6_flowinfo = 0, sin6_addr = 
> {__in6_u = {
> >>>                   __u6_addr8 = 
> "\200-\210\000\000\000\000\000\016\000\000\000\000\000\000", 
> __u6_addr16 = {11648,
> >>>                     136, 0, 0, 14, 0, 0, 0}, __u6_addr32 = 
> {8924544, 0, 14, 0}}}, sin6_scope_id = 13}}, id = 0,
> >>>           proto = 58 ':', send_flags = {f = 180 '\264', blst_imask 
> = 138 '\212'}}
> >>>         tmp = <optimized out>
> >>>         new_uri = <optimized out>
> >>>         end = <optimized out>
> >>>         crt = <optimized out>
> >>>         cmd = <optimized out>
> >>>         len = <optimized out>
> >>>         user = <optimized out>
> >>>         uri = {user = {s = 0x7fffe1b8eef0 "/", len = 0}, passwd = {
> >>>             s = 0x3000000010 <Address 0x3000000010 out of bounds>, 
> len = -507973920}, host = {
> >>>             s = 0x7fffe1b8ee20 "", len = 17022112}, port = {s = 
> 0x7fb2bffbd720 "", len = 8208}, params = {
> >>>             s = 0x2010 <Address 0x2010 out of bounds>, len = 
> 17030320}, sip_params = {
> >>>             s = 0x2010 <Address 0x2010 out of bounds>, len = 
> -1077387804}, headers = {
> >>>             s = 0x7fb2bffbdfb0 "0z\001\001", len = -507974144}, 
> port_no = 55072, proto = 49147, type = 32690,
> >>>           flags = 17022128, transport = {s = 0x95 <Address 0x95 
> out of bounds>, len = -1241200896}, ttl = {
> >>>             s = 0x3734000000a0 <Address 0x3734000000a0 out of 
> bounds>, len = -1081931184}, user_param = {s = 0x0,
> >>>             len = 0}, maddr = {s = 0x63371f "", len = -1}, method 
> = {s = 0x7fb2b519cb30 "\220\240H\265\262\177",
> >>>             len = 4310469}, lr = {s = 0x3000000018 <Address 
> 0x3000000018 out of bounds>, len = -507973440}, r2 = {
> >>>             s = 0x7fffe1b8f000 "\210u\223", len = 8187}, gr = {s = 
> 0x2 <Address 0x2 out of bounds>, len = 1},
> >>>           transport_val = {s = 0x1 <Address 0x1 out of bounds>, 
> len = 0}, ttl_val = {
> >>>             s = 0xffffffffffffffa0 <Address 0xffffffffffffffa0 out 
> of bounds>, len = 17022112}, user_param_val = {
> >>>             s = 0x7fb2bffbd720 "", len = -507974064}, maddr_val = 
> {s = 0x7fb2bf8c7a00 "\016", len = -1081931184},
> >>>           method_val = {s = 0x2010 <Address 0x2010 out of bounds>, 
> len = -507971824}, lr_val = {s = 0x0,
> >>>             len = -507971824}, r2_val = {s = 0x7fffe1b8f580 
> "\001", len = -1}, gr_val = {
> >>>             s = 0x7fb2b519cb30 "\220\240H\265\262\177", len = 
> 4346308}}
> >>>         next_hop = {user = {s = 0x0, len = 1}, passwd = {s = 
> 0x7fffe1b8f710 "\002", len = 1237187532}, host = {
> >>>             s = 0x7fffe1b8f710 "\002", len = -507972224}, port = {
> >>>             s = 0xffffffff <Address 0xffffffff out of bounds>, len 
> = -1256600784}, params = {
> >>>             s = 0x3542f9ae92fdfbcc <Address 0x3542f9ae92fdfbcc out 
> of bounds>, len = -589431860}, sip_params = {
> >>>             s = 0x0, len = 17022128}, headers = {s = 0x15 <Address 
> 0x15 out of bounds>, len = 1}, port_no = 0,
> >>>           proto = 0, type = ERROR_URI_T, flags = 4294967200, 
> transport = {s = 0x7fffe1b8efe8 "l\345N",
> >>>             len = -1076936721}, ttl = {s = 0x1 <Address 0x1 out of 
> bounds>, len = -1114716768}, user_param = {
> >>>             s = 0x1c0000002f <Address 0x1c0000002f out of bounds>, 
> len = 7}, maddr = {
> >>>             s = 0x710000000a <Address 0x710000000a out of bounds>, 
> len = 2}, method = {s = 0x0, len = -18000},
> >>>           lr = {s = 0x1017a30 "EST", len = 6323844}, r2 = {s = 
> 0x7fb2bd8ed356 "tm [t_lookup.c:716]: ",
> >>>             len = -507972224}, gr = {s = 0x7fffe1b8f710 "\002", 
> len = 5148368}, transport_val = {s = 0x0,
> >>>             len = 0}, ttl_val = {s = 0x7fb2bf8c7a00 "\016", len = 
> -507973348}, user_param_val = {
> >>>             s = 0x103bcb0 "<135>Nov 19 07:28:47 
> /usr/local/sbin/kamailio[15556]: DEBUG: dialog [dlg_hash.c:602]: 
> dlg_lookup(): dialog id=7094 found on entry 2049\n", len = 0}, 
> maddr_val = {
> >>>             s = 0x103bcb0 "<135>Nov 19 07:28:47 
> /usr/local/sbin/kamailio[15556]: DEBUG: dialog [dlg_hash.c:602]: 
> dlg_lookup(): dialog id=7094 found on entry 2049\n", len = 
> -1115163744}, method_val = {
> >>>             s = 0x99 <Address 0x99 out of bounds>, len = 
> 1384864127}, lr_val = {s = 0x882d80 "",
> >>>             len = -1081312768}, r2_val = {s = 0x7fb2bdb0f080 
> "\016", len = 8924544}, gr_val = {
> >>>             s = 0xffffffff <Address 0xffffffff out of bounds>, len 
> = -1081930768}}
> >>>         u = <optimized out>
> >>>         port = <optimized out>
> >>>         dst_host = <optimized out>
> >>>         i = <optimized out>
> >>>         flags = <optimized out>
> >>>         avp = <optimized out>
> >>>         st = {flags = 3213654528, id = 32690, name = {n = 
> -507971824, s = {s = 0x7fffe1b8f710 "\002",
> >>>               len = -507972224}, re = 0x7fffe1b8f710}, avp = 0x4ee56c}
> >>>         sct = <optimized out>
> >>>         sjt = <optimized out>
> >>>         rve = <optimized out>
> >>>         mct = <optimized out>
> >>>         rv = <optimized out>
> >>>         rv1 = <optimized out>
> >>>         c1 = {cache_type = 3213020352, val_type = 32690, c = 
> {avp_val = {n = 0, s = {
> >>>                 s = 0x7fb200000000 <Address 0x7fb200000000 out of 
> bounds>, len = -1081312768},
> >>>               re = 0x7fb200000000}, pval = {rs = {s = 
> 0x7fb200000000 <Address 0x7fb200000000 out of bounds>,
> >>>                 len = -1081312768}, ri = -1124131338, flags = 
> 32690}},
> >>>           i2s = "\377\377\377\377\060", '\000' <repeats 16 times>}
> >>>         s = {s = 0x7fffe1b8f0d8 "\260\062\203\277\262\177", len = 
> -507973632}
> >>>         srevp = {0x937588, 0x7fb2bfc4f1fc}
> >>>         mod_f_params = {{type = NOSUBTYPE, u = {number = 0, string 
> = 0x0, str = {s = 0x0, len = 0}, data = 0x0,
> >>>               attr = 0x0, select = 0x0}}, {type = NOSUBTYPE, u = 
> {number = 0, string = 0x0, str = {s = 0x0,
> >>>                 len = 0}, data = 0x0, attr = 0x0, select = 0x0}}, 
> {type = NOSUBTYPE, u = {number = 0,
> >>>               string = 0x0, str = {s = 0x0, len = 0}, data = 0x0, 
> attr = 0x0, select = 0x0}}, {type = NOSUBTYPE,
> >>>             u = {number = 0, string = 0x0, str = {s = 0x0, len = 
> 0}, data = 0x0, attr = 0x0, select = 0x0}}, {
> >>>             type = NOSUBTYPE, u = {number = 0, string = 0x0, str = 
> {s = 0x0, len = 0}, data = 0x0, attr = 0x0,
>
> >>
> >>>
> >>> ... cut ....
> >>>
> >>> Kelvin Chua
> >>>
> >>>
> >>> On Tue, Nov 19, 2013 at 9:40 PM, Daniel-Constantin Mierla 
> <miconda at gmail.com <mailto:miconda at gmail.com>> wrote:
> >>>>
> >>>> Hello,
> >>>>
> >>>> can you get the output for 'bt full'? Probably you have to 
> install the debug symbols (kamailio-dbg package) for getting something 
> useful.
> >>>>
> >>>> Another question, can you reproduce it? Or it happens sporadically?
> >>>>
> >>>> Cheers,
> >>>> Daniel
> >>>>
> >>>>
> >>>>
> >>>>
> >>>> On 11/19/13 1:11 PM, Kelvin Chua wrote:
> >>>>>
> >>>>> kamailio 4.0.4
> >>>>> has anybody experience this using dialog module?
> >>>>>
> >>>>> backtrace:
> >>>>> #0  0x000000000057af45 in qm_malloc ()
> >>>>> #1  0x00007f268ac0fe93 in set_dlg_variable_unsafe () from 
> /usr/local/lib64/kamailio/modules/dialog.so
> >>>>> #2  0x00007f268ac123aa in pv_set_dlg_variable () from 
> /usr/local/lib64/kamailio/modules/dialog.so
> >>>>> #3  0x000000000047be59 in lval_assign ()
> >>>>> #4  0x000000000041cf14 in do_action ()
> >>>>> #5  0x000000000041c5c5 in run_actions ()
> >>>>> #6  0x000000000041d92e in do_action ()
> >>>>> #7  0x000000000041c5c5 in run_actions ()
> >>>>> #8  0x0000000000425250 in run_top_route ()
> >>>>> #9  0x00000000004bfcce in receive_msg ()
> >>>>> #10 0x000000000056a2df in udp_rcv_loop ()
> >>>>> #11 0x0000000000481b43 in main_loop ()
> >>>>> #12 0x000000000041c081 in main ()
> >>>>>
> >>>>> logfile:
> >>>>> DEBUG: <core> [parser/msg_parser.c:623]: parse_msg(): SIP Request:
> >>>>> DEBUG: <core> [parser/msg_parser.c:625]: parse_msg():  method: 
>  <ACK>
> >>>>> DEBUG: <core> [parser/msg_parser.c:627]: parse_msg():  uri: 
> <sip:+1XX882XX111 at 2XX.XX1.X9.2X>
> >>>>> DEBUG: <core> [parser/msg_parser.c:629]: parse_msg():  version: 
> <SIP/2.0>
> >>>>> DEBUG: <core> [parser/parse_via.c:1284]: parse_via_param(): 
> Found param type 232, <branch> = <z9hG4bKe97b.5a4397f3.0>; state=16
> >>>>> DEBUG: <core> [parser/parse_via.c:2672]: parse_via(): end of 
> header reached, state=5
> >>>>> DEBUG: <core> [parser/msg_parser.c:513]: parse_headers(): 
> parse_headers: Via found, flags=2
> >>>>> DEBUG: <core> [parser/msg_parser.c:515]: parse_headers(): 
> parse_headers: this is the first via
> >>>>> DEBUG: <core> [receive.c:151]: receive_msg(): After parse_msg...
> >>>>> DEBUG: <core> [receive.c:192]: receive_msg(): preparing to run 
> routing scripts...
> >>>>> DEBUG: <core> [parser/parse_to.c:176]: parse_to_param(): DEBUG: 
> add_param: tag=bbd932f8f9dbf9743f9b7cadcbf622ac.0dc7
> >>>>> DEBUG: <core> [parser/parse_to.c:799]: parse_to(): end of header 
> reached, state=29
> >>>>> DEBUG: <core> [parser/msg_parser.c:190]: get_hdr_field(): DEBUG: 
> get_hdr_field: <To> [74]; uri=[sip:+1XX882XX111 at 6X.X31.X.8X]
> >>>>> DEBUG: <core> [parser/msg_parser.c:192]: get_hdr_field(): DEBUG: 
> to body [<sip:+1XX882XX111 at 6X.X31.X.8X>]
> >>>>> DEBUG: sl [sl_funcs.c:415]: sl_filter_ACK(): SL local ACK found 
> -> dropping it!
> >>>>> DEBUG: <core> [usr_avp.c:644]: destroy_avp_list(): 
> DEBUG:destroy_avp_list: destroying list (nil)
> >>>>> last message repeated 5 times
> >>>>> DEBUG: <core> [xavp.c:447]: xavp_destroy_list(): destroying xavp 
> list (nil)
> >>>>> DEBUG: <core> [receive.c:295]: receive_msg(): receive_msg: 
> cleaning up
> >>>>> segfault at 0 ip 000000000057af45 sp 00007fff30e44ac0 error 4 in 
> kamailio[400000+27c000]
>
> >>>>>
> >>>>> Kelvin Chua
> >>>>>
> >>>>>
> >>>>> _______________________________________________
> >>>>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users 
> mailing list
> >>>>> sr-users at lists.sip-router.org <mailto:sr-users at lists.sip-router.org>
> >>>>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
> >>>>
> >>>>
> >>>> --
> >>>> Daniel-Constantin Mierla - http://www.asipto.com
> >>>> http://twitter.com/#!/miconda <http://twitter.com/#%21/miconda> - 
> http://www.linkedin.com/in/miconda
> >>>> Kamailio Advanced Trainings - Berlin, Nov 25-28
> >>>>   - more details about Kamailio trainings at http://www.asipto.com -
> >>>>
> >>>>
> >>>> _______________________________________________
> >>>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users 
> mailing list
> >>>> sr-users at lists.sip-router.org <mailto:sr-users at lists.sip-router.org>
> >>>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
> >>>>
> >>>
> >>>
> >>
> >> --
> >> Daniel-Constantin Mierla - http://www.asipto.com
> >> http://twitter.com/#!/miconda <http://twitter.com/#%21/miconda> - 
> http://www.linkedin.com/in/miconda
> >> Kamailio Advanced Trainings - Berlin, Nov 25-28
> >>   - more details about Kamailio trainings at http://www.asipto.com -
> >
> >
> > --
> > Daniel-Constantin Mierla - http://www.asipto.com
> > http://twitter.com/#!/miconda <http://twitter.com/#%21/miconda> - 
> http://www.linkedin.com/in/miconda
> > Kamailio Advanced Trainings - Berlin, Nov 25-28
> >   - more details about Kamailio trainings at http://www.asipto.com -
>

-- 
Daniel-Constantin Mierla - http://www.asipto.com
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20131124/80d81f2d/attachment-0001.html>


More information about the sr-users mailing list