[SR-Users] Kamailio 4.2.6 crash

Igor Potjevlesch igor.potjevlesch at gmail.com
Fri Dec 11 16:19:01 CET 2015 

Hello,

 

I have seen couple of crashes since yesterday.

 

I copy/paste the last "bt full":

 

 

Program terminated with signal 11, Segmentation fault.

#0  0x0000000000619694 in fm_extract_free (qm=0x7fcdf8780000,
frag=0x7fcdf8a62c78) at mem/f_malloc.c:206

206             *pf=

 

 

(gdb) bt full

#0  0x0000000000619694 in fm_extract_free (qm=0x7fcdf8780000,
frag=0x7fcdf8a62c78) at mem/f_malloc.c:206

        pf = 0x6576203b50555349

        hash = 2097

#1  0x000000000061ad68 in fm_malloc (qm=0x7fcdf8780000, size=1104,
file=0x7fce0f081a7b "tm: t_msgbuilder.c", func=0x7fce0f0860a0
"build_local_reparse", line=369)

    at mem/f_malloc.c:490

        f = 0x7fcdf8780b08

        frag = 0x7fcdf8a62c78

        hash = 156

        __FUNCTION__ = "fm_malloc"

#2  0x00007fce0f011fa9 in _shm_malloc (size=1099, file=0x7fce0f081a7b "tm:
t_msgbuilder.c", function=0x7fce0f0860a0 "build_local_reparse", line=369) at
../../mem/shm_mem.h:208

        p = 0x6

#3  0x00007fce0f01920e in build_local_reparse (Trans=0x7fcdf8a5e2f0,
branch=0, len=0x7fff00c32fbc, method=0x7fce0f087a25 "ACK", method_len=3,
to=0x7fff00c32d90, reason=0x0)

    at t_msgbuilder.c:369

        invite_buf = 0x7fcdf8a62868 "INVITE sip:<CALLED>@goren
SIP/2.0\r\nRecord-Route: <sip:A.B.C5.60;lr;did=5b1.3112>\r\nCSeq: 1
INVITE\r\nCall-ID: 3da8-469-1111201513435-JANGO-1-A.B.C_leg2\r\nFrom:
<sip:<CALLING>@<HOST_FROM>>;"...

        invite_buf_end = 0x7fcdf8a62c70 ""

        cancel_buf = 0x415440
"1\355I\211\321^H\211\342H\203\344\360PTI\307\300\300\363m"

        s = 0x7fcdf8a62868 "INVITE sip:<CALLED>@goren
SIP/2.0\r\nRecord-Route: <sip:A.B.C5.60;lr;did=5b1.3112>\r\nCSeq: 1
INVITE\r\nCall-ID: 3da8-469-1111201513435-JANGO-1-A.B.C_leg2\r\nFrom:
<sip:<CALLING>@<HOST_FROM>>;"...

        s1 = 0x0

        d = 0x10703ab0 <Address 0x10703ab0 out of bounds>

        invite_len = 1032

        hf_type = 2540

        first_via = 0

        to_len = 67

        cancel_buf_len = 1099

        reason_len = 0

        code_len = 0

        reas1 = 0x0

        reas_last = 0x0

        hdr = 0xa7294e

        __FUNCTION__ = "build_local_reparse"

#4  0x00007fce0f02e58b in build_ack (rpl=0x7fce107038b8,
trans=0x7fcdf8a5e2f0, branch=0, ret_len=0x7fff00c32fbc) at t_reply.c:439

        to = {s = 0xa728f6 "To:
<sip:+<CALLED>@A.B.C5.60:5060>;tag=3658827875-928685\r\nContent-Length:
0\r\n\r\n", len = 67}

        __FUNCTION__ = "build_ack"

#5  0x00007fce0f03b3ca in reply_received (p_msg=0x7fce107038b8) at
t_reply.c:2253

        msg_status = 488

        last_uac_status = 100

        ack = 0x7fce10588010 "\001"

        ack_len = 0

        branch = 0

        reply_status = 274235864

        onreply_route = 1

        cancel_data = {cancel_bitmap = 0, reason = {cause = 0, u = {text =
{s = 0x0, len = 10955086}, e2e_cancel = 0x0, packed_hdrs = {s = 0x0, len =
10955086}}}}

        uac = 0x7fcdf8a5e458

        t = 0x7fcdf8a5e2f0

        lack_dst = {send_sock = 0x13a948, to = {s = {sa_family = 10306,
sa_data = "\247\000\000\000\000\000(\r\030\000\000\000\000"}, sin =
{sin_family = 10306, 

              sin_port = 167, sin_addr = {s_addr = 0}, sin_zero =
"(\r\030\000\000\000\000"}, sin6 = {sin6_family = 10306, sin6_port = 167,
sin6_flowinfo = 0, sin6_addr = {

                __in6_u = {__u6_addr8 =
"(\r\030\000\000\000\000\000\270|^\020\316\177\000", __u6_addr16 = {3368,
24, 0, 0, 31928, 4190, 32718, 0}, __u6_addr32 = {1576232, 0, 

                    274627768, 32718}}}, sin6_scope_id = 93}}, id = 0, proto
= -72 '\270', send_flags = {f = 106 'j', blst_imask = 94 '^'}}

        backup_user_from = 0x758a50

        backup_user_to = 0x415440

        backup_domain_from = 0x300c337e0

        backup_domain_to = 0x0

        backup_uri_from = 0x7fce10703ab0

        backup_uri_to = 0x7fff00c330d0

        backup_xavps = 0x628478

        replies_locked = 0

        branch_ret = 0

        prev_branch = 275790040

        blst_503_timeout = 32718

        hf = 0x18e00c33060

        onsend_params = {req = 0x7fff00c32f50, rpl = 0x47deb8, param = 0x0,
code = 274623280, flags = 32718, branch = 0, t_rbuf = 0xa7294e, dst =
0xa727e1, send_buf = {

            s = 0x7fff00c33010 "\320\060", <incomplete sequence \303>, len =
6402299}}

        ctx = {rec_lev = 7715456, run_flags = 0, last_retcode = 7704068,
jmp_env = {{__jmpbuf = {232, 140523014225936, 140523014226728,
140523014618240, 29, 0, 

                140523015781040, 4281408}, __mask_was_saved = 12793824,
__saved_mask = {__val = {0, 140733206179856, 6439748, 140733206179616,
140523001001690, 

                  140733206179584, 0, 67108864, 65537912, 1288288, 1570952,
1576232, 8, 94, 0, 1473240891392}}}}}

        __FUNCTION__ = "reply_received"

#6  0x000000000048cc3a in do_forward_reply (msg=0x7fce107038b8, mode=0) at
forward.c:783

        new_buf = 0x0

        dst = {send_sock = 0x0, to = {s = {sa_family = 0, sa_data = '\000'
<repeats 13 times>}, sin = {sin_family = 0, sin_port = 0, sin_addr = {s_addr
= 0}, 

              sin_zero = "\000\000\000\000\000\000\000"}, sin6 =
{sin6_family = 0, sin6_port = 0, sin6_flowinfo = 0, sin6_addr = {__in6_u = {

                  __u6_addr8 = '\000' <repeats 15 times>, __u6_addr16 = {0,
0, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}, id
= 0, proto = 0 '\000', 

          send_flags = {f = 0 '\000', blst_imask = 0 '\000'}}

        new_len = 1

        r = 0

        ip = {af = 12792240, len = 32767, u = {addrl = {6466393, 280},
addr32 = {6466393, 0, 280, 0}, addr16 = {43865, 98, 0, 0, 280, 0, 0, 0}, 

            addr =
"Y\253b\000\000\000\000\000\030\001\000\000\000\000\000"}}

        s = 0x410004 ""

        len = 0

        __FUNCTION__ = "do_forward_reply"

#7  0x000000000048e27d in forward_reply (msg=0x7fce107038b8) at
forward.c:885

---Type <return> to continue, or q <return> to quit--- 

No locals.

#8  0x0000000000509c9c in receive_msg (

    buf=0xa727c0 "SIP/2.0 488 Not Acceptable Here\r\nVia: SIP/2.0/UDP
A.B.C5.60;rport=5060;branch=z9hG4bKce12.98a05ce27e0243c4d775920d81e7ce82.0\r
\nVia: SIP/2.0/UDP <HOST_FROM>;branch=z9hG4bK.5667f6e0\r\nFrom:
<sip:332"..., len=398, rcv_info=0x7fff00c333b0) at receive.c:275

        msg = 0x7fce107038b8

        ctx = {rec_lev = 10237056, run_flags = 0, last_retcode = 0, jmp_env
= {{__jmpbuf = {0, 0, 0, 272136986608, 1812476198913, 0, 272145363728,
272145384176}, 

              __mask_was_saved = 0, __saved_mask = {__val =
{140523014366192, 140733206180688, 1, 140522613671152, 272137013029, 50195,
1024, 4307759872, 140522613671152, 

                  140733206180608, 6299381, 140733206180896,
140522613671152, 81, 6299509, 140733206180976}}}}}

        ret = 12792656

        inb = {

          s = 0xa727c0 "SIP/2.0 488 Not Acceptable Here\r\nVia: SIP/2.0/UDP
A.B.C5.60;rport=5060;branch=z9hG4bKce12.98a05ce27e0243c4d775920d81e7ce82.0\r
\nVia: SIP/2.0/UDP <HOST_FROM>;branch=z9hG4bK.5667f6e0\r\nFrom:
<sip:332"..., len = 398}

        __FUNCTION__ = "receive_msg"

#9  0x0000000000608f02 in udp_rcv_loop () at udp_server.c:521

        len = 398

        buf = "SIP/2.0 488 Not Acceptable Here\r\nVia: SIP/2.0/UDP
A.B.C5.60;rport=5060;branch=z9hG4bKce12.98a05ce27e0243c4d775920d81e7ce82.0\r
\nVia: SIP/2.0/UDP <HOST_FROM>;branch=z9hG4bK.5667f6e0\r\nFrom: <sip:332"...

        tmp = 0x3f60c4067a <Address 0x3f60c4067a out of bounds>

        from = 0x7fce105e7920

        fromlen = 16

        ri = {src_ip = {af = 2, len = 4, u = {addrl = {151524537, 0}, addr32
= {151524537, 0, 0, 0}, addr16 = {5305, 2312, 0, 0, 0, 0, 0, 0}, 

              addr = "\271\024\b\t", '\000' <repeats 11 times>}}, dst_ip =
{af = 2, len = 4, u = {addrl = {1016190299, 0}, addr32 = {1016190299, 0, 0,
0}, addr16 = {54619, 

                15505, 0, 0, 0, 0, 0, 0}, addr = "[Õ<", '\000' <repeats 11
times>}}, src_port = 5060, dst_port = 5060, proto_reserved1 = 0,
proto_reserved2 = 0, src_su = {

            s = {sa_family = 2, sa_data =
"\023Ĺ\024\b\t\000\000\000\000\000\000\000"}, sin = {sin_family = 2,
sin_port = 50195, sin_addr = {s_addr = 151524537}, 

              sin_zero = "\000\000\000\000\000\000\000"}, sin6 =
{sin6_family = 2, sin6_port = 50195, sin6_flowinfo = 151524537, sin6_addr =
{__in6_u = {

                  __u6_addr8 = '\000' <repeats 15 times>, __u6_addr16 = {0,
0, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}, 

          bind_address = 0x7fce105aa2b0, proto = 1 '\001'}

        __FUNCTION__ = "udp_rcv_loop"

#10 0x00000000004a6d9b in main_loop () at main.c:1629

        i = 0

        pid = 0

        si = 0x7fce105aa2b0

        si_desc = "udp receiver child=0 sock=A.B.C5.60:5060\000\177\000\000
5\303\000\377\177\000\000\003zN\000\000\000\000\000\016\b\000\000\377\177\00
0\000\260\204x\370\315\177\000\000\000\000\000\020\004\000\000\000\260\204x\
370\315\177\000\000 at TA\000\000\000\000\000\340\067\303\000\001\000\000\000p5
\303\000\377\177\000\000\246zN\000\000\000\000"

        nrprocs = 8

        __FUNCTION__ = "main_loop"

#11 0x00000000004acedf in main (argc=7, argv=0x7fff00c337e8) at main.c:2581

        cfg_stream = 0xac7010

        c = -1

        r = 0

        tmp = 0x7fff00c34f70 ""

        tmp_len = 32767

        port = 12793534

        proto = 0

        options = 0x6ff8f8
":f:cm:M:dVIhEeb:l:L:n:vKrRDTN:W:w:t:u:g:P:G:SQ:O:a:A:"

        ret = -1

        seed = 3913881212

        rfd = 4

        debug_save = 0

        debug_flag = 0

        dont_fork_cnt = 0

        n_lst = 0x40d11c

        p = 0xc2 <Address 0xc2 out of bounds>

        __FUNCTION__ = "main"

 

Regards,

 

Igor.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20151211/7473a940/attachment.html>

More information about the sr-users mailing list