[prev in list] [next in list] [prev in thread] [next in thread]
List: openser-users
Subject: Re: [SR-Users] Segfault in qm_insert_free
From: Igor Potjevlesch <igor.potjevlesch () gmail ! com>
Date: 2016-08-31 9:54:24
Message-ID: CAJmJ=jE3Dy7EaKwk7W7drihXoecAES2t+f-CUzFAfusb7UsSKg () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Hello,
Can we have help on my problem?
Anyone have the same problem?
Igor
2016-08-12 11:53 GMT+02:00 Igor Potjevlesch <igor.potjevlesch@gmail.com>:
> Hello,
>
> We got a crash yesterday of a Kamailio instance (4.2.7).
> I can see a segfault:
>
> "Program terminated with signal 11, Segmentation fault.
> #0 0x000000000061a856 in qm_insert_free (qm=0x7fcbde513000,
> frag=0x7fcbded7dd08) at mem/q_malloc.c:180
> 180 prev=FRAG_END(f)->prev_free;"
>
> The output of "bt full":
>
> (gdb) bt full
> #0 0x000000000061a856 in qm_insert_free (qm=0x7fcbde513000,
> frag=0x7fcbded7dd08) at mem/q_malloc.c:180
> f = 0x7fcbdf2d1e18
> prev = 0x0
> hash = 78
> #1 0x000000000061d6dc in qm_free (qm=0x7fcbde513000, p=0x7fcbded7dd38,
> file=0x7fcbf4ffe34d "tm: h_table.c", func=0x7fcbf4ffe628 "free_cell",
> line=186) at mem/q_malloc.c:537
> f = 0x7fcbded7dd08
> size = 624
> next = 0x400
> prev = 0x7fffc283f720
> __FUNCTION__ = "qm_free"
> #2 0x00007fcbf4f3fc9d in free_cell (dead_cell=0x7fcbdf2fa360) at
> h_table.c:186
> b = 0x7fcbded7dd38 "PRACK sip:1.2.3.4:5060;transport=UDP SIP/2.0\r\nVia:
> SIP/2.0/UDP
> 4.5.6.7;branch=z9hG4bK7419.88222290c54ce503af46b89a1da0c125.0\r\nVia:
> SIP/2.0/UDP 9.8.7.6:5060;branch=z9hG4bK0cB6cd54b5"...
> i = 0
> rpl = 0x0
> tt = 0x7fcbde6b7778
> foo = 0x7fffc283f7f0
> cbs = 0x0
> cbs_tmp = 0x7fcbde79fca0
> __FUNCTION__ = "free_cell"
> #3 0x00007fcbf4f84a1c in wait_handler (ti=1160550038,
> wait_tl=0x7fcbdf2fa3e0, data=0x7fcbdf2fa360) at timer.c:675
> p_cell = 0x7fcbdf2fa360
> ret = 1
> #4 0x00000000005fd30f in timer_list_expire (t=1160550038,
> h=0x7fcbde58c908,
> slow_l=0x7fcbde58ea28, slow_mark=19953) at timer.c:888
> tl = 0x7fcbdf2fa3e0
> ret = 1160550038
> #5 0x00000000005fd757 in timer_handler () at timer.c:953
> saved_ticks = 1160550038
> run_slow_timer = 0
> i = 497
> __FUNCTION__ = "timer_handler"
> #6 0x00000000005fdbc5 in timer_main () at timer.c:992
> No locals.
> #7 0x00000000004a77e6 in main_loop () at main.c:1700
> i = 8
> pid = 0
> si = 0x0
> si_desc = "udp receiver child=7
> sock=91.213.145.60:5060\000\177\000\000\000\372\203\302\
> 377\177\000\000\033{
> N\000\000\000\000\000P\372\203\302\377\177\000\000\004\
> 000\000\000\000\000\0
> 00\000`TA\000\000\000\000\000(\205T\336\313\177", '\000' <repeats 14
> times>,
> "\001\000\000\000P\372\203\302\377\177\000\000\276{N\000\000\000\000"
> nrprocs = 8
> __FUNCTION__ = "main_loop"
> #8 0x00000000004acfab in main (argc=7, argv=0x7fffc283fcc8) at main.c:2581
> cfg_stream = 0xe5e010
> c = -1
> r = 0
> tmp = 0x7fffc283ff70 ""
> tmp_len = 32767
> port = -1031537762
> proto = 0
> options = 0x7033b8 ":f:cm:M:dVIhEeb:l:L:n:vKrRDTN:W:w:t:u:g:P:G:SQ:O:a:
> A:"
> ret = -1
> seed = 1876790668
> rfd = 4
> debug_save = 0
> debug_flag = 0
> dont_fork_cnt = 0
> n_lst = 0x40d134
> p = 0xc2 <Address 0xc2 out of bounds>
> __FUNCTION__ = "main"
>
> I don't figure out what is gone wrong. Thank you for your help.
>
> Regards,
>
> Igor.
>
>
[Attachment #5 (text/html)]
<div dir="ltr">Hello,<div><br></div><div>Can we have help on my \
problem?</div><div>Anyone have the same \
problem?</div><div><br></div><div>Igor</div></div><div class="gmail_extra"><br><div \
class="gmail_quote">2016-08-12 11:53 GMT+02:00 Igor Potjevlesch <span \
dir="ltr"><<a href="mailto:igor.potjevlesch@gmail.com" \
target="_blank">igor.potjevlesch@gmail.com</a>></span>:<br><blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex">Hello,<br> <br>
We got a crash yesterday of a Kamailio instance (4.2.7).<br>
I can see a segfault:<br>
<br>
"Program terminated with signal 11, Segmentation fault.<br>
#0 0x000000000061a856 in qm_insert_free (qm=0x7fcbde513000,<br>
frag=0x7fcbded7dd08) at mem/q_malloc.c:180<br>
180 prev=FRAG_END(f)->prev_free;"<br>
<br>
The output of "bt full":<br>
<br>
(gdb) bt full<br>
#0 0x000000000061a856 in qm_insert_free (qm=0x7fcbde513000,<br>
frag=0x7fcbded7dd08) at mem/q_malloc.c:180<br>
f = 0x7fcbdf2d1e18<br>
prev = 0x0<br>
hash = 78<br>
#1 0x000000000061d6dc in qm_free (qm=0x7fcbde513000, p=0x7fcbded7dd38,<br>
file=0x7fcbf4ffe34d "tm: h_table.c", func=0x7fcbf4ffe628 \
"free_cell",<br> line=186) at mem/q_malloc.c:537<br>
f = 0x7fcbded7dd08<br>
size = 624<br>
next = 0x400<br>
prev = 0x7fffc283f720<br>
__FUNCTION__ = "qm_free"<br>
#2 0x00007fcbf4f3fc9d in free_cell (dead_cell=0x7fcbdf2fa360) at<br>
h_table.c:186<br>
b = 0x7fcbded7dd38 "PRACK sip:1.2.3.4:5060;transport=UDP SIP/2.0\r\nVia:<br>
SIP/2.0/UDP<br>
4.5.6.7;branch=z9hG4bK7419.<wbr>88222290c54ce503af46b89a1da0c1<wbr>25.0\r\nVia:<br>
SIP/2.0/UDP 9.8.7.6:5060;branch=<wbr>z9hG4bK0cB6cd54b5"...<br>
i = 0<br>
rpl = 0x0<br>
tt = 0x7fcbde6b7778<br>
foo = 0x7fffc283f7f0<br>
cbs = 0x0<br>
cbs_tmp = 0x7fcbde79fca0<br>
__FUNCTION__ = "free_cell"<br>
#3 0x00007fcbf4f84a1c in wait_handler (ti=1160550038,<br>
wait_tl=0x7fcbdf2fa3e0, data=0x7fcbdf2fa360) at timer.c:675<br>
p_cell = 0x7fcbdf2fa360<br>
ret = 1<br>
#4 0x00000000005fd30f in timer_list_expire (t=1160550038, h=0x7fcbde58c908,<br>
slow_l=0x7fcbde58ea28, slow_mark=19953) at timer.c:888<br>
tl = 0x7fcbdf2fa3e0<br>
ret = 1160550038<br>
#5 0x00000000005fd757 in timer_handler () at timer.c:953<br>
saved_ticks = 1160550038<br>
run_slow_timer = 0<br>
i = 497<br>
__FUNCTION__ = "timer_handler"<br>
#6 0x00000000005fdbc5 in timer_main () at timer.c:992<br>
No locals.<br>
#7 0x00000000004a77e6 in main_loop () at main.c:1700<br>
i = 8<br>
pid = 0<br>
si = 0x0<br>
si_desc = "udp receiver child=7<br>
sock=<a href="http://91.213.145.60:5060" rel="noreferrer" \
target="_blank">91.213.145.60:5060</a>\000\<wbr>177\000\000\000\372\203\302\<wbr>377\177\000\000\033{<br>
N\000\000\000\000\000P\372\<wbr>203\302\377\177\000\000\004\<wbr>000\000\000\000\000\0<br>
00\000`TA\000\000\000\000\000(<wbr>\205T\336\313\177", '\000' \
<repeats 14 times>,<br> \
"\001\000\000\000P\372\203\<wbr>302\377\177\000\000\276{N\000\<wbr>000\000\000"<br>
nrprocs = 8<br>
__FUNCTION__ = "main_loop"<br>
#8 0x00000000004acfab in main (argc=7, argv=0x7fffc283fcc8) at main.c:2581<br>
cfg_stream = 0xe5e010<br>
c = -1<br>
r = 0<br>
tmp = 0x7fffc283ff70 ""<br>
tmp_len = 32767<br>
port = -1031537762<br>
proto = 0<br>
options = 0x7033b8 \
":f:cm:M:dVIhEeb:l:L:n:<wbr>vKrRDTN:W:w:t:u:g:P:G:SQ:O:a:<wbr>A:"<br> ret \
= -1<br> seed = 1876790668<br>
rfd = 4<br>
debug_save = 0<br>
debug_flag = 0<br>
dont_fork_cnt = 0<br>
n_lst = 0x40d134<br>
p = 0xc2 <Address 0xc2 out of bounds><br>
__FUNCTION__ = "main"<br>
<br>
I don't figure out what is gone wrong. Thank you for your help.<br>
<br>
Regards,<br>
<br>
Igor.<br>
<br>
</blockquote></div><br></div>
[Attachment #6 (text/plain)]
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic