[OpenSIPS-Devel] [ opensips-Bugs-3516738 ] Upgrade from SVN 8787 to 8926 = core dumps
SourceForge.net
noreply at sourceforge.net
Wed Apr 11 11:33:11 CEST 2012
Bugs item #3516738, was opened at 2012-04-10 21:48
Message generated for change (Comment added) made by vladut-paiu
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=1086410&aid=3516738&group_id=232389
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: core
Group: 1.7.x
Status: Open
Resolution: Accepted
Priority: 7
Private: No
Submitted By: Nick Altmann (nikbyte)
Assigned to: Vladut-Stefan Paiu (vladut-paiu)
Summary: Upgrade from SVN 8787 to 8926 = core dumps
Initial Comment:
After upgrade opensips 1.7.2 from 8787 to 8926 it falls down periodically:
(gdb) info stack
#0 0x00007ff60eada885 in raise () from /lib64/libc.so.6
#1 0x00007ff60eadc065 in abort () from /lib64/libc.so.6
#2 0x000000000041ca0f in free_lump (lmp=0x7ff5e6f1ba30) at data_lump.c:438
#3 0x000000000041cb4f in free_lump_list (l=<value optimized out>) at data_lump.c:461
#4 0x000000000041ccd0 in del_notflaged_lumps (lump_list=<value optimized out>, not_flags=3) at data_lump.c:674
#5 0x00007ff60949ace8 in relay_reply (t=0x7ff5e6d58668, p_msg=<value optimized out>, branch=1, msg_status=487,
cancel_bitmap=0x7fff6e083668) at t_reply.c:1216
#6 0x00007ff60949bb36 in reply_received (p_msg=0x860c28) at t_reply.c:1527
#7 0x0000000000421bf0 in forward_reply (msg=0x860c28) at forward.c:568
#8 0x000000000044c7b8 in receive_msg (buf=<value optimized out>, len=<value optimized out>, rcv_info=0x7fff6e0837e0) at receive.c:203
#9 0x0000000000486cf5 in udp_rcv_loop () at udp_server.c:418
#10 0x00000000004288e6 in main_loop (argc=<value optimized out>, argv=<value optimized out>) at main.c:872
#11 main (argc=<value optimized out>, argv=<value optimized out>) at main.c:1490
(gdb)
#0 0x00007ff60eada885 in raise () from /lib64/libc.so.6
#1 0x00007ff60eadc065 in abort () from /lib64/libc.so.6
#2 0x000000000041ca0f in free_lump (lmp=0x7ff5e6f1ba30) at data_lump.c:438
#3 0x000000000041cb4f in free_lump_list (l=<value optimized out>) at data_lump.c:461
#4 0x000000000041ccd0 in del_notflaged_lumps (lump_list=<value optimized out>, not_flags=3) at data_lump.c:674
#5 0x00007ff60949ace8 in relay_reply (t=0x7ff5e6d58668, p_msg=<value optimized out>, branch=1, msg_status=487,
cancel_bitmap=0x7fff6e083668) at t_reply.c:1216
#6 0x00007ff60949bb36 in reply_received (p_msg=0x860c28) at t_reply.c:1527
#7 0x0000000000421bf0 in forward_reply (msg=0x860c28) at forward.c:568
#8 0x000000000044c7b8 in receive_msg (buf=<value optimized out>, len=<value optimized out>, rcv_info=0x7fff6e0837e0) at receive.c:203
#9 0x0000000000486cf5 in udp_rcv_loop () at udp_server.c:418
#10 0x00000000004288e6 in main_loop (argc=<value optimized out>, argv=<value optimized out>) at main.c:872
#11 main (argc=<value optimized out>, argv=<value optimized out>) at main.c:1490
(gdb)
#0 0x00007ff60eada885 in raise () from /lib64/libc.so.6
#1 0x00007ff60eadc065 in abort () from /lib64/libc.so.6
#2 0x000000000041ca0f in free_lump (lmp=0x7ff5e6f1ba30) at data_lump.c:438
#3 0x000000000041cb4f in free_lump_list (l=<value optimized out>) at data_lump.c:461
#4 0x000000000041ccd0 in del_notflaged_lumps (lump_list=<value optimized out>, not_flags=3) at data_lump.c:674
#5 0x00007ff60949ace8 in relay_reply (t=0x7ff5e6d58668, p_msg=<value optimized out>, branch=1, msg_status=487,
cancel_bitmap=0x7fff6e083668) at t_reply.c:1216
#6 0x00007ff60949bb36 in reply_received (p_msg=0x860c28) at t_reply.c:1527
#7 0x0000000000421bf0 in forward_reply (msg=0x860c28) at forward.c:568
#8 0x000000000044c7b8 in receive_msg (buf=<value optimized out>, len=<value optimized out>, rcv_info=0x7fff6e0837e0) at receive.c:203
#9 0x0000000000486cf5 in udp_rcv_loop () at udp_server.c:418
#10 0x00000000004288e6 in main_loop (argc=<value optimized out>, argv=<value optimized out>) at main.c:872
#11 main (argc=<value optimized out>, argv=<value optimized out>) at main.c:1490
(gdb) bt full output
No symbol "output" in current context.
(gdb) bt full
#0 0x00007ff60eada885 in raise () from /lib64/libc.so.6
No symbol table info available.
#1 0x00007ff60eadc065 in abort () from /lib64/libc.so.6
No symbol table info available.
#2 0x000000000041ca0f in free_lump (lmp=0x7ff5e6f1ba30) at data_lump.c:438
__FUNCTION__ = "free_lump"
#3 0x000000000041cb4f in free_lump_list (l=<value optimized out>) at data_lump.c:461
t = 0x0
r = 0x0
foo = 0x7ff5e6f1ba30
crt = 0x7ff5e6f1b9f8
#4 0x000000000041ccd0 in del_notflaged_lumps (lump_list=<value optimized out>, not_flags=3) at data_lump.c:674
r = <value optimized out>
foo = 0x7ff5e6f1b9f8
crt = 0x7ff5e6f1baa8
prev = 0x7ff5e6f1abf0
prev_r = <value optimized out>
#5 0x00007ff60949ace8 in relay_reply (t=0x7ff5e6d58668, p_msg=<value optimized out>, branch=1, msg_status=487,
cancel_bitmap=0x7fff6e083668) at t_reply.c:1216
relay = 0
save_clone = 0
buf = 0x863740 "SIP/2.0 487 Request Cancelled\r\nVia: SIP/2.0/UDP 192.168.10.11:5066;received=192.168.10.11;branch=z9hG4bK-d8754z-e3f45c5b75b0135b-1---d8754z-;rport=5066\r\nRecord-Route: <sip:office at 88.88.88.222;r2=on;lr"...
res_len = 602
relayed_code = 487
relayed_msg = 0x7ff5e6f1a598
bm = {to_tag_val = {s = 0x7b5408 "I", len = 8784936}}
totag_retr = 0
reply_status = RPS_COMPLETED
uas_rb = 0x7ff5e6d58768
---Type <return> to continue, or q <return> to quit---
cb_s = {s = 0x0, len = 0}
text = {s = 0x165 <Address 0x165 out of bounds>, len = 357}
__FUNCTION__ = "relay_reply"
#6 0x00007ff60949bb36 in reply_received (p_msg=0x860c28) at t_reply.c:1527
msg_status = 487
last_uac_status = 180
branch = 1
reply_status = <value optimized out>
timer = <value optimized out>
cancel_bitmap = 0
uac = 0x7ff5e6d58a40
t = 0x7ff5e6d58668
backup_list = <value optimized out>
has_reply_route = <value optimized out>
__FUNCTION__ = "reply_received"
#7 0x0000000000421bf0 in forward_reply (msg=0x860c28) at forward.c:568
new_buf = 0x0
to = 0x0
new_len = <value optimized out>
mod = 0x77fb70
proto = <value optimized out>
id = 0
send_sock = <value optimized out>
s = <value optimized out>
len = <value optimized out>
__FUNCTION__ = "forward_reply"
#8 0x000000000044c7b8 in receive_msg (buf=<value optimized out>, len=<value optimized out>, rcv_info=0x7fff6e0837e0) at receive.c:203
msg = 0x860c28
start = {tv_sec = 16, tv_usec = -8761930421901689339}
__FUNCTION__ = "receive_msg"
---Type <return> to continue, or q <return> to quit---
#9 0x0000000000486cf5 in udp_rcv_loop () at udp_server.c:418
len = 647
buf = "SIP/2.0 487 Request Cancelled\r\nVia: SIP/2.0/UDP 88.88.88.222;branch=z9hG4bK4866.f68f2fd1.1\r\nVia: SIP/2.0/UDP 192.168.10.11:5066;received=192.168.10.11;branch=z9hG4bK-d8754z-e3f45c5b75b0135b-1---d8754z"...
tmp = <value optimized out>
from = 0x1bc6f80
fromlen = 16
ri = {src_ip = {af = 2, len = 4, u = {addrl = {140694184765011, 1}, addr32 = {3941049939, 32757, 1, 0}, addr16 = {42579,
60135, 32757, 0, 1, 0, 0, 0}, addr = "S\246\347\352\365\177\000\000\001\000\000\000\000\000\000"}}, dst_ip = {af = 2,
len = 4, u = {addrl = {3947911249, 0}, addr32 = {3947911249, 0, 0, 0}, addr16 = {22609, 60240, 0, 0, 0, 0, 0, 0},
addr = "QXP\353", '\000' <repeats 11 times>}}, src_port = 1046, dst_port = 5060, proto = 1, proto_reserved1 = 0,
proto_reserved2 = 0, src_su = {s = {sa_family = 2, sa_data = "\004\026S\246\347\352\000\000\000\000\000\000\000"}, sin = {
sin_family = 2, sin_port = 5636, sin_addr = {s_addr = 3941049939}, sin_zero = "\000\000\000\000\000\000\000"}, sin6 = {
sin6_family = 2, sin6_port = 5636, sin6_flowinfo = 3941049939, sin6_addr = {__in6_u = {
__u6_addr8 = '\000' <repeats 15 times>, __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {0, 0, 0, 0}}},
sin6_scope_id = 0}}, bind_address = 0x772d50}
p = <value optimized out>
__FUNCTION__ = "udp_rcv_loop"
#10 0x00000000004288e6 in main_loop (argc=<value optimized out>, argv=<value optimized out>) at main.c:872
i = 2
pid = <value optimized out>
si = <value optimized out>
startup_done = 0x0
chd_rank = 6
rc = <value optimized out>
load_p = 0x7ff5e6754600
#11 main (argc=<value optimized out>, argv=<value optimized out>) at main.c:1490
cfg_log_stderr = <value optimized out>
cfg_stream = <value optimized out>
c = <value optimized out>
---Type <return> to continue, or q <return> to quit---
r = <value optimized out>
tmp = 0x1 <Address 0x1 out of bounds>
tmp_len = <value optimized out>
port = <value optimized out>
proto = <value optimized out>
options = 0x4e2018 "f:cCm:b:l:n:N:rRvdDETSVhw:t:u:g:P:G:W:o:"
ret = -1
seed = 1310517337
rfd = <value optimized out>
__FUNCTION__ = "main"
----------------------------------------------------------------------
>Comment By: Vladut-Stefan Paiu (vladut-paiu)
Date: 2012-04-11 02:33
Message:
Hi Nick,
Thanks for the help.
Can you reproduce your bug ?
Please try the attached tm.patch here and see if it still crashes.
Regards,
Vlad
----------------------------------------------------------------------
Comment By: Nick Altmann (nikbyte)
Date: 2012-04-11 02:23
Message:
(gdb) f 2
#2 0x000000000041ca0f in free_lump (lmp=0x7ff5e6f1ba30) at
data_lump.c:438
438 abort();
(gdb) p lmp->flags
$1 = LUMPFLAG_SHMEM
(gdb) p lmp->type
$2 = HDR_OTHER_T
(gdb) p lmp->u.value
$3 = 0x7ff5e6f1ba68 "Contact:
<sip:office at 88.111.222.222:5060;transport=udp>\r\n"
(gdb) f 3
#3 0x000000000041cb4f in free_lump_list (l=<value optimized out>) at
data_lump.c:461
461 free_lump(foo);
(gdb) p crt->flags
$4 = LUMPFLAG_SHMEM
(gdb) p crt->type
$5 = HDR_OTHER_T
(gdb) p crt->u.value
$6 = 0x188 <Address 0x188 out of bounds>
(gdb) p crt->before->flags
$7 = LUMPFLAG_SHMEM
(gdb) p crt->before->type
$8 = HDR_OTHER_T
(gdb) p crt->before->u.value
$9 = 0x7ff5e6f1ba68 "Contact:
<sip:office at 88.111.222.222:5060;transport=udp>\r\n"
----------------------------------------------------------------------
Comment By: Vladut-Stefan Paiu (vladut-paiu)
Date: 2012-04-11 02:08
Message:
Hello Nick,
Can you please open the core dump in gdb and paste here the output of the
following
f 2
p lmp->flags
p lmp->type
p lmp->u.value
f 3
p crt->flags
p crt->type
p crt->u.value
p crt->before->flags
p crt->before->type
p crt->before->u.value
It would also help if you could privately send me access to the actual
OpenSIPS core dump on your server, so I can further look myself.
Regards,
Vlad
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=1086410&aid=3516738&group_id=232389
More information about the Devel
mailing list