Segmentation fault in master while sending reply

[danpascu]

Happened multiple times, but it's random (don't know what triggers it):

Core was generated by `/usr/sbin/opensips -w /run/opensips -P opensips.pid -m 512'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  __memcpy_sse2_unaligned () at ../sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S:667
667	../sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S: No such file or directory.
(gdb) bt
#0  __memcpy_sse2_unaligned () at ../sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S:667
#1  0x004faf84 in memcpy (__len=<optimized out>, __src=<optimized out>, __dest=0x97e04ad4) at /usr/include/i386-linux-gnu/bits/string3.h:53
#2  hostent_shm_cpy (dst=0x97e11bcc, src=0x97df1d8c) at proxy.c:75
#3  0x96bd108e in shm_clone_proxy (move_dn=<optimized out>, sp=<optimized out>) at ../../resolve.h:391
#4  add_uac (t=t@entry=0x97dfc584, request=request@entry=0x96c07240 <faked_req>, uri=uri@entry=0xbfae0790, next_hop=<optimized out>, bflags=<optimized out>, path=<optimized out>, proxy=<optimized out>) at t_fwd.c:437
#5  0x96bd442a in t_forward_nonack (t=<optimized out>, p_msg=<optimized out>, proxy=<optimized out>, reset_bcounter=<optimized out>, locked=<optimized out>) at t_fwd.c:757
#6  0x96b7d5d4 in do_dns_failover (t=t@entry=0x97dfc584) at t_reply.c:702
#7  0x96b7fa44 in t_should_relay_response (Trans=Trans@entry=0x97dfc584, new_code=new_code@entry=408, branch=branch@entry=0, should_store=0xbfae0a00, should_relay=0xbfae09fc, cancel_bitmap=0xbfae0ad8, reply=0xffffffff) at t_reply.c:962
#8  0x96b81b84 in relay_reply (t=0x97dfc584, p_msg=0xffffffff, branch=0, msg_status=408, cancel_bitmap=0xbfae0ad8) at t_reply.c:1206
#9  0x96bcdc0c in fake_reply (code=408, branch=<optimized out>, t=0x97dfc584) at timer.c:260
#10 final_response_handler (fr_tl=<optimized out>) at timer.c:399
#11 timer_routine (ticks=1350, set=0x0) at timer.c:1074
#12 0x005422e4 in handle_timer_job () at timer.c:738
#13 0x0061e835 in handle_io (idx=<optimized out>, event_type=<optimized out>, fm=<optimized out>) at net/net_udp.c:265
#14 io_wait_loop_epoll (h=<optimized out>, t=<optimized out>, repeat=<optimized out>) at net/../io_wait_loop.h:284
#15 udp_start_processes (chd_rank=0x759980 <chd_rank>, startup_done=0x0) at net/net_udp.c:389
#16 0x004d7418 in main_loop () at main.c:755
#17 main (argc=<optimized out>, argv=<optimized out>) at main.c:1407
(gdb) frame 2
#2  hostent_shm_cpy (dst=0x97e11bcc, src=0x97df1d8c) at proxy.c:75
75	proxy.c: No such file or directory.
(gdb) print src
$1 = (struct hostent *) 0x97df1d8c
(gdb) print *src
$2 = {h_name = 0x0, h_aliases = 0x0, h_addrtype = 2, h_length = 4, h_addr_list = 0x97df1dd8}
(gdb) print *dst
$3 = {h_name = 0x0, h_aliases = 0x0, h_addrtype = 0, h_length = 0, h_addr_list = 0x97e04abc}
(gdb) print src->h_addr_list[0]
$4 = 0x22e1f08 <error: Cannot access memory at address 0x22e1f08>
(gdb) print src->h_addr_list[1]
$5 = 0x97df1dec "Q\027\344\201U\021\272\a\300\300\300\300\355\357ͫ\227\225"
(gdb) print src->h_addr_list[2]
$6 = 0x97df1de8 "Q\027\344\226Q\027\344\201U\021\272\a\300\300\300\300\355\357ͫ\227\225"
(gdb) print src->h_addr_list[3]
$7 = 0x0
(gdb) 

[bogdan-iancu]

Similar to #1472

[danpascu]

How is this similar to #1472 ? They do not even crash for the same reason or in the same place (#1472 is about pkg memory while this one happens in shm memory).

[danpascu]

Just had this happen to me again. It is very random (happens rarely). DBG_MALLOC doesn't show anything useful. The bug is still present in HEAD.

[danpascu]

Fixed by 588bb64