[SR-Users] Multiple crashes of Kamailio 4.2.1

Daniel-Constantin Mierla miconda at gmail.com
Thu Sep 17 17:42:51 CEST 2015


Hello,

can you test with latest version branch 4.2? I backported several
patches related to dialog module, among them some related to a race for
deleted dialogs detected as spiral, which may be the reason for this crash.

Cheers,
Daniel

On 17/09/15 12:25, Igor Potjevlesch wrote:
>
> Hello Daniel,
>
>  
>
> Here is the output:
>
>  
>
> *(gdb) frame 0*
>
> #0  0x00007fb6a8964e55 in dlg_clean_run (ti=23317351) at dlg_hash.c:244
>
> 244                             dlg = dlg->next;
>
> *(gdb) list*
>
> 239             {
>
> 240                     lock_set_get(d_table->locks,
> d_table->entries[i].lock_idx);
>
> 241                     dlg = d_table->entries[i].first;
>
> 242                     while (dlg) {
>
> 243                             tdlg = dlg;
>
> 244                             dlg = dlg->next;
>
> 245                             if(tdlg->state==DLG_STATE_UNCONFIRMED
> && tdlg->init_ts<tm-300) {
>
> 246                                     /* dialog in early state older
> than 5min */
>
> 247                                     LM_NOTICE("dialog in early
> state is too old (%p ref %d)\n",
>
> 248                                                     tdlg, tdlg->ref);
>
> *(gdb) info locals*
>
> i = 2087
>
> tm = 1441978496
>
> dlg = 0xb02030a01201001
>
> tdlg = 0xb02030a01201001
>
> __FUNCTION__ = "dlg_clean_run"
>
> *(gdb) p *dlg*
>
> Cannot access memory at address 0xb02030a01201001
>
> (gdb)
>
>  
>
> I hope this will help.
>
>  
>
> Regards,
>
>  
>
> Igor.
>
>  
>
>  
>
> *De :*Daniel-Constantin Mierla [mailto:miconda at gmail.com]
> *Envoyé :* jeudi 17 septembre 2015 11:40
> *À :* Igor Potjevlesch <igor.potjevlesch at gmail.com>; 'Kamailio (SER) -
> Users Mailing List' <sr-users at lists.sip-router.org>
> *Objet :* Re: [SR-Users] Multiple crashes of Kamailio 4.2.1
>
>  
>
> Hello,
>
> from the second trace, can you get output for:
>
> frame 0
> list
> info locals
> p *dlg
>
> Cheers,
> Daniel
>
> On 11/09/15 18:23, Igor Potjevlesch wrote:
>
>     Hello Daniel,
>
>      
>
>     From the two crashes occurred today, I got 2 coredump. So I
>     copy/past the result from these 4 backtraces:
>
>      
>
>     No privates modules or patches. It's a regular 4.2.3.
>
>      
>
>     (gdb) bt full
>
>     #0  0x00007fb6a8984c0e in remove_dialog_timer_unsafe
>     (tl=0x7fb6978e9060) at dlg_timer.c:156
>
>     No locals.
>
>     #1  0x00007fb6a8985001 in remove_dialog_timer (tl=0x7fb6978e9060)
>     at dlg_timer.c:182
>
>             __FUNCTION__ = "remove_dialog_timer"
>
>     #2  0x00007fb6a8966bb7 in destroy_dlg (dlg=0x7fb6978e9008) at
>     dlg_hash.c:357
>
>             ret = 0
>
>             var = 0x7fb6976154b0
>
>             __FUNCTION__ = "destroy_dlg"
>
>     #3  0x00007fb6a8967b35 in destroy_dlg_table () at dlg_hash.c:438
>
>             dlg = 0xb02030a01201001
>
>             l_dlg = 0x7fb6978e9008
>
>             i = 2087
>
>             __FUNCTION__ = "destroy_dlg_table"
>
>     #4  0x00007fb6a8933263 in mod_destroy () at dialog.c:783
>
>     No locals.
>
>     #5  0x0000000000590d79 in destroy_modules () at sr_module.c:811
>
>             t = 0x7fb6af43d670
>
>             foo = 0x7fb6af43d440
>
>             __FUNCTION__ = "destroy_modules"
>
>     #6  0x000000000049bb43 in cleanup (show_status=1) at main.c:569
>
>             memlog = 0
>
>             __FUNCTION__ = "cleanup"
>
>     #7  0x000000000049d10b in shutdown_children (sig=15,
>     show_status=1) at main.c:711
>
>             __FUNCTION__ = "shutdown_children"
>
>     #8  0x000000000049f6e1 in handle_sigs () at main.c:802
>
>             chld = 0
>
>             chld_status = 139
>
>             memlog = -1755228944
>
>             __FUNCTION__ = "handle_sigs"
>
>     #9  0x00000000004a6fbf in main_loop () at main.c:1757
>
>             i = 8
>
>             pid = 4424
>
>             si = 0x0
>
>             si_desc = "udp receiver child=7
>     sock=A.B.C.D:5060\000\000\000\000\016\b\000\000\377\177\000\000\260Ta\227\266\177\000\000\000\000\000\020\004\000\000\000\260Ta\227\266\177\000\000\060SA\000\000\000\000\000\240\177\207\b\001\000\000\000\060}\207\b\377\177\000\000\032dN\000\000\000\000\000h\261@\257z\000\000\000\276}p\000\000\000\000"
>
>             nrprocs = 8
>
>             __FUNCTION__ = "main_loop"
>
>     #10 0x00000000004ab8bf in main (argc=7, argv=0x7fff08877fa8) at
>     main.c:2578
>
>             cfg_stream = 0x18b4010
>
>             c = -1
>
>             r = 0
>
>             tmp = 0x7fff08879f70 ""
>
>             tmp_len = 0
>
>             port = 0
>
>             proto = 32767
>
>             options = 0x6fcc00
>     ":f:cm:M:dVIhEeb:l:L:n:vKrRDTN:W:w:t:u:g:P:G:SQ:O:a:A:"
>
>             ret = -1
>
>             seed = 2249241156
>
>             rfd = 4
>
>             debug_save = 0
>
>             debug_flag = 0
>
>             dont_fork_cnt = 0
>
>             n_lst = 0xc2
>
>             p = 0x7fff08877e7e ""
>
>             __FUNCTION__ = "main"
>
>      
>
>     (gdb) bt full
>
>     #0  0x00007fb6a8964e55 in dlg_clean_run (ti=23317351) at
>     dlg_hash.c:244
>
>             i = 2087
>
>             tm = 1441978496
>
>             dlg = 0xb02030a01201001
>
>             tdlg = 0xb02030a01201001
>
>             __FUNCTION__ = "dlg_clean_run"
>
>     #1  0x00007fb6a8938dd6 in dlg_clean_timer_exec (ticks=23317351,
>     param=0x0) at dialog.c:1260
>
>     No locals.
>
>     #2  0x00000000005fd540 in fork_sync_timer (child_id=-1,
>     desc=0x7fb6a89970f1 "Dialog Clean Timer", make_sock=1,
>     f=0x7fb6a8938dbd <dlg_clean_timer_exec>, param=0x0,
>
>         interval=90000) at timer_proc.c:235
>
>             pid = 0
>
>             ts1 = 373077626
>
>             ts2 = 90000
>
>     #3  0x00007fb6a8932b50 in child_init (rank=0) at dialog.c:740
>
>             __FUNCTION__ = "child_init"
>
>     #4  0x0000000000591129 in init_mod_child (m=0x7fb6af43d670,
>     rank=0) at sr_module.c:921
>
>             __FUNCTION__ = "init_mod_child"
>
>     #5  0x0000000000590e64 in init_mod_child (m=0x7fb6af43e1b0,
>     rank=0) at sr_module.c:918
>
>             __FUNCTION__ = "init_mod_child"
>
>     #6  0x0000000000590e64 in init_mod_child (m=0x7fb6af43e728,
>     rank=0) at sr_module.c:918
>
>             __FUNCTION__ = "init_mod_child"
>
>     #7  0x0000000000590e64 in init_mod_child (m=0x7fb6af43eb90,
>     rank=0) at sr_module.c:918
>
>             __FUNCTION__ = "init_mod_child"
>
>     #8  0x0000000000590e64 in init_mod_child (m=0x7fb6af43f108,
>     rank=0) at sr_module.c:918
>
>             __FUNCTION__ = "init_mod_child"
>
>     #9  0x0000000000590e64 in init_mod_child (m=0x7fb6af43f418,
>     rank=0) at sr_module.c:918
>
>             __FUNCTION__ = "init_mod_child"
>
>     #10 0x0000000000590e64 in init_mod_child (m=0x7fb6af43f808,
>     rank=0) at sr_module.c:918
>
>             __FUNCTION__ = "init_mod_child"
>
>     #11 0x0000000000590e64 in init_mod_child (m=0x7fb6af43fb18,
>     rank=0) at sr_module.c:918
>
>             __FUNCTION__ = "init_mod_child"
>
>     #12 0x0000000000590e64 in init_mod_child (m=0x7fb6af440090,
>     rank=0) at sr_module.c:918
>
>             __FUNCTION__ = "init_mod_child"
>
>     #13 0x0000000000590e64 in init_mod_child (m=0x7fb6af4403d8,
>     rank=0) at sr_module.c:918
>
>             __FUNCTION__ = "init_mod_child"
>
>     #14 0x0000000000591433 in init_child (rank=0) at sr_module.c:947
>
>     No locals.
>
>     #15 0x00000000004a64c4 in main_loop () at main.c:1706
>
>             i = 8
>
>             pid = 4424
>
>             si = 0x0
>
>             si_desc = "udp receiver child=7
>     sock=A.B.C.D:5060\000\000\000\000\016\b\000\000\377\177\000\000\260Ta\227\266\177\000\000\000\000\000\020\004\000\000\000\260Ta\227\266\177\000\000\060SA\000\000\000\000\000\240\177\207\b\001\000\000\000\060}\207\b\377\177\000\000\032dN\000\000\000\000\000h\261@\257z\000\000\000\276}p\000\000\000\000"
>
>             nrprocs = 8
>
>             __FUNCTION__ = "main_loop"
>
>     #16 0x00000000004ab8bf in main (argc=7, argv=0x7fff08877fa8) at
>     main.c:2578
>
>             cfg_stream = 0x18b4010
>
>             c = -1
>
>             r = 0
>
>             tmp = 0x7fff08879f70 ""
>
>             tmp_len = 0
>
>             port = 0
>
>             proto = 32767
>
>             options = 0x6fcc00
>     ":f:cm:M:dVIhEeb:l:L:n:vKrRDTN:W:w:t:u:g:P:G:SQ:O:a:A:"
>
>             ret = -1
>
>             seed = 2249241156
>
>             rfd = 4
>
>             debug_save = 0
>
>             debug_flag = 0
>
>             dont_fork_cnt = 0
>
>             n_lst = 0xc2
>
>             p = 0x7fff08877e7e ""
>
>             __FUNCTION__ = "main"
>
>      
>
>
>
> -- 
> Daniel-Constantin Mierla
> http://twitter.com/#!/miconda <http://twitter.com/#%21/miconda> - http://www.linkedin.com/in/miconda
> Book: SIP Routing With Kamailio - http://www.asipto.com
> Kamailio Advanced Training, Sep 28-30, 2015, in Berlin - http://asipto.com/u/kat

-- 
Daniel-Constantin Mierla
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Book: SIP Routing With Kamailio - http://www.asipto.com
Kamailio Advanced Training, Sep 28-30, 2015, in Berlin - http://asipto.com/u/kat

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20150917/34a031c9/attachment.html>


More information about the sr-users mailing list