Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Segfault due wrong dialog ref counting #855

Closed
46labs opened this issue Apr 12, 2016 · 2 comments
Closed

Segfault due wrong dialog ref counting #855

46labs opened this issue Apr 12, 2016 · 2 comments
Assignees
@liviuchircu
Labels
bug
Milestone
2.3.6

Comments

@46labs
Copy link

46labs commented Apr 12, 2016

version: opensips 2.3.0-dev (x86_64/linux)
flags: STATS: On, DISABLE_NAGLE, USE_MCAST, SHM_MMAP, PKG_MALLOC, HP_MALLOC, FAST_LOCK-ADAPTIVE_WAIT
ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16, MAX_URI_SIZE 1024, BUF_SIZE 65535
poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
git revision: 0546c94
main.c compiled on 11:22:17 Apr 12 2016 with gcc 4.8

Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x000000000050656b in hp_frag_detach (hpb=0x7f257e4c5000, frag=0x7f25805bdbe8, frag=0x7f25805bdbe8) at mem/hp_malloc.c:220

220 *pf = frag->u.nxt_free;
(gdb) bt full
#0 0x000000000050656b in hp_frag_detach (hpb=0x7f257e4c5000, frag=0x7f25805bdbe8, frag=0x7f25805bdbe8) at mem/hp_malloc.c:220

    pf = 0x0

#1 hp_shm_malloc (hpb=0x7f257e4c5000, size=size@entry=8) at mem/hp_malloc.c:1017

    frag = 0x7f25805bdbe8
    init_hash = 1
    hash = 1
    sec_hash = <optimized out>
    i = <optimized out>
    __FUNCTION__ = "hp_shm_malloc"
    real_used = <optimized out>

#2 0x00007f2578f00bc8 in shm_malloc (size=8) at ../tm/../../mem/shm_mem.h:390

    p = <optimized out>

#3 w_do_acc_3 (msg=0x7f257d862e60 <faked_req>, type_p=, flags_p=, table_p=0x0) at acc_logic.c:988

    type = <optimized out>
    flags = <optimized out>
    flag_mask_p = <optimized out>
    flag_mask = 21474836480
    acc_param = <optimized out>
    in = {s = 0x0, len = 4860143}
    table_name = {s = 0x7ffddf2ff890 "\017", len = 3}
    tmcb_types = <optimized out>
    is_invite = 1
    __FUNCTION__ = "w_do_acc_3"

#4 0x000000000041cc59 in do_action (a=a@entry=0x7f263ef8a0b0, msg=msg@entry=0x7f257d862e60 <faked_req>) at action.c:1845

    increment = <optimized out>
    decrement = <optimized out>
    val_number = <optimized out>
    j = <optimized out>
    val_s = {s = 0x0, len = 2058457440}
    cdb_reply = 0x0
    aux = {s = 0x0, len = 2058457440}
    i = <optimized out>
    key_number = 1093761448
    it = <optimized out>
    avp_val = <optimized out>
    avp_name = {n = 0, s = {s = 0x0, len = 2058457440}}
    avp_type = 39320
    ret = -5
    v = <optimized out>
    sec = <optimized out>
    usec = <optimized out>
    to = <optimized out>
    p = <optimized out>
    tmp = <optimized out>
    new_uri = <optimized out>
    end = <optimized out>
    crt = <optimized out>
    len = <optimized out>
    i = <optimized out>
    user = 0
    expires = 0
    vals = {{s = 0x7f26413179a8 "\373;\005", len = 0}, {s = 0xf <error: Cannot access memory at address 0xf>, len = 4313420}, {s = 0x0, len = -550503984}, {s = 0x7f263ef242d0 "\340D\362>&\177", len = 3}, {s = 0x7f263ef19120 "\002", len = 1093761448}}
    result = {s = 0x7f257862fe40 <cmds+288> "\340\250Bx%\177", len = 1}
    uri = {user = {s = 0x0, len = 0}, passwd = {s = 0x7f263ef19598 "\017", len = 4860159}, host = {s = 0x8 <error: Cannot access memory at address 0x8>, len = 2028984713}, port = {
        s = 0x3efdfad800000001 <error: Cannot access memory at address 0x3efdfad800000001>, len = 2}, params = {s = 0x7f263ef197f0 "\002", len = 1093761448}, headers = {s = 0x0, len = 0}, port_no = 45936, proto = 16113, type = 32550, transport = {
        s = 0x4a28ff <eval_expr+446> "\213\035\373\037\070", len = -2099818552}, ttl = {s = 0x7f257d5f90d7 <t_handle_async+714> "\205\300H\213|$ \017\211\n\376\377\377H\213\005\005M&", len = 0}, user_param = {s = 0x0, len = 0}, maddr = {
        s = 0x1 <error: Cannot access memory at address 0x1>, len = 1056020544}, method = {s = 0x7f263ef1b1b0 "\017", len = 1093761448}, lr = {s = 0x0, len = 15}, r2 = {s = 0x0, len = 1056027504}, gr = {
        s = 0x422e64 <run_action_list+51> "\205\300u\a\203\r!\\?", len = 1056065040}, transport_val = {s = 0x7f26413179a8 "\373;\005", len = 1093761448}, ttl_val = {s = 0x7f26413179a8 "\373;\005", len = 1}, user_param_val = {
        s = 0x420404 <do_action+24707> "A\211Ɖ\005s\206?", len = 0}, maddr_val = {s = 0x2 <error: Cannot access memory at address 0x2>, len = 1056090880}, method_val = {s = 0x7f257d85f560 <faked_req> "\350;\005", len = 0}, lr_val = {
        s = 0x1 <error: Cannot access memory at address 0x1>, len = 1056091568}, r2_val = {s = 0x4a28ff <eval_expr+446> "\213\035\373\037\070", len = 0}, gr_val = {s = 0x7f263ef26938 "5", len = 1056073752}, u_name = {{
          s = 0x7f257d85f560 <faked_req> "\350;\005", len = 1056074040}, {s = 0x7f263ef317c8 "\017", len = 2105931104}, {s = 0x0, len = 7}, {s = 0x1 <error: Cannot access memory at address 0x1>, len = 1056091944}, {
          s = 0x4231f8 <run_actions+313> "\205\300u\a\203\r\215X?", len = 1056077960}, {s = 0x422e64 <run_action_list+51> "\205\300u\a\203\r!\\?", len = 2105931104}, {s = 0x7f257d85f560 <faked_req> "\350;\005", len = 2105931104}, {
          s = 0x7f257d85f560 <faked_req> "\350;\005", len = 2105931104}, {s = 0x41f79c <do_action+21531> "\211\005ޒ?", len = 0}, {s = 0x7f2582712758 "\002", len = 14}}, u_val = {{s = 0x7f2582712758 "\002", len = 14}, {s = 0x7ffddf2ffd90 "\210[1A&\177",
          len = -550503072}, {s = 0x7f2578cad199 <next_state_dlg+3044> "\205\300L\213T$H\017\211\240\374\377\377M\213\062A\203>\377\017\214\223\374\377\377L\213=fJ#", len = 8608720}, {s = 0x7ffddf2ffca0 "\240|\022y%\177", len = -550502928}, {
          s = 0x7f263efd4a78 "", len = -550503232}, {s = 0x47 <error: Cannot access memory at address 0x47>, len = 0}, {s = 0x47b673 <pv_get_avp+583> "I\211\305H\205\300\017\204>\002", len = 0}, {s = 0x7f263efd4968 "", len = 1056786792}, {
          s = 0x7ffd00000001 <error: Cannot access memory at address 0x7ffd00000001>, len = 0}, {s = 0x7f263efb3628 "M", len = 1093763664}}, u_params_no = 0}
    next_hop = {user = {s = 0x0, len = 2058457440}, passwd = {s = 0x7f257eb57c18 "`\221\261z%\177", len = 4337717}, host = {s = 0xc <error: Cannot access memory at address 0xc>, len = 2105945696}, port = {
        s = 0x38 <error: Cannot access memory at address 0x38>, len = 1056787040}, params = {s = 0x7f257d862e60 <faked_req> "\374;\005", len = 2058457872}, headers = {s = 0x7f257ab19320 <parameters> "", len = 0}, port_no = 0, proto = 0, type = ERROR_URI_T,
      transport = {s = 0x7f257a912aba <scriptroute_raise+474> "L\211m", len = 0}, ttl = {s = 0x0, len = 825569536}, user_param = {s = 0x118 <error: Cannot access memory at address 0x118>, len = 1056787504}, maddr = {
        s = 0x4000212 <error: Cannot access memory at address 0x4000212>, len = 1}, method = {s = 0x5792f2 <evi_raise_event_msg+712> "\001D$\030H\213=\263\320,", len = 13}, lr = {s = 0x7f2641318250 "", len = -550503200}, r2 = {s = 0x0, len = -2106635904},
      gr = {s = 0x0, len = 2031254688}, transport_val = {s = 0x4ff813 <destroy_avp_list+132> "M\205\344u\350H\307E", len = 7}, ttl_val = {s = 0x7f263efd4c30 "", len = 1093763664}, user_param_val = {s = 0x0, len = 1056787504}, maddr_val = {
        s = 0x579768 <evi_raise_event+259> "\211\350H\203\304\030[]A\\A]\303L\211ת\351p\377\377\377L\211\327f\253I\211\372A\200\341\001\017\204^\377\377\377\353\343\253I\211\372A\366\301\002\017\204D\377\377\377\353\334H\213\025\267\273)", len = 0},
      method_val = {s = 0x7f2579130200 <acc_env> "\223\001", len = 2105945696}, lr_val = {s = 0x7f2579130200 <acc_env> "\223\001", len = 2105945696}, r2_val = {s = 0x43 <error: Cannot access memory at address 0x43>, len = 2031266720}, gr_val = {

---Type to continue, or q to quit---
s = 0x7f2578ef8b84 <acc_evi_request+3565> "\205\300\017\211e\370\377\377H\213\r-\343 ", len = 2031255216}, u_name = {{s = 0x7f250000003b <error: Cannot access memory at address 0x7f250000003b>, len = 2}, {
s = 0x420000001d <error: Cannot access memory at address 0x420000001d>, len = 0}, {s = 0x7f257dea835d <move_bavp_dlg+41> "I\211\307H\205\300\017\204\274", len = 0}, {
s = 0x505bfc <hp_pkg_malloc+201> "I\215D$\030H\203\304\030[]A\A]Ã\301\001\201\371\063\b", len = 2}, {s = 0x505bfc <hp_pkg_malloc+201> "I\215D$\030H\203\304\030[]A\A]Ã\301\001\201\371\063\b", len = 0}, {
s = 0x7f257d862e60 <faked_req> "\374;\005", len = 2031288832}, {s = 0x7f26413179a8 "\373;\005", len = 1093753736}, {s = 0x0, len = -2123403088}, {s = 0x7f2578efe43a <tmcb_func+2737> "I\213\027H\276\004", len = -550502776}, {
s = 0x27 <error: Cannot access memory at address 0x27>, len = 0}}, u_val = {{s = 0x400000000 <error: Cannot access memory at address 0x400000000>, len = 38}, {s = 0x815360 <log_level> "\020r\265~%\177", len = 2125820432}, {
s = 0x505bfc <hp_pkg_malloc+201> "I\215D$\030H\203\304\030[]A\A]Ã\301\001\201\371\063\b", len = 38}, {s = 0x7f26413157d8 "\004", len = 8743179}, {s = 0x0, len = -550502656}, {s = 0x7f260000002f "", len = -550502672}, {
s = 0x20 <error: Cannot access memory at address 0x20>, len = -2106642200}, {s = 0x7ffddf2ffe90 "", len = -2106642200}, {s = 0x7f257fadb4c0 "\001", len = -550502776}, {
s = 0x7f257d6233bb <run_trans_callbacks+403> "H\203\304h[]A\A]A^A_\303AWAVAUATUSH\203\354xH\211\375H\211\363A\211\324\061\300\350X\026\375\377H\211D$ H\211$@h\307D$H", len = 0}}, u_params_no = 57984}
u =
port =
cmatch =
aitem =
adefault =
spec =
model =
val = {rs = {s = 0x7f263ef99998 "\017", len = 4337252}, ri = 2028984713, flags = 32549}
pve =
name_s = {s = 0x7f263ef99cd8 "\001", len = 1093761448}
start = {tv_sec = 0, tv_usec = 4860143}
aux_counter = 1093761448
FUNCTION = "do_action"
#5 0x0000000000423035 in run_action_list (msg=, a=) at action.c:172

    ret = -1
    t = 0x7f263ef8a0b0

#6 run_actions (msg=0x7f257d862e60 <faked_req>, a=) at action.c:137

    ret = -2141463576

#7 run_top_route (a=, msg=msg@entry=0x7f257d862e60 <faked_req>) at action.c:204

    bk_action_flags = 0
    bk_rec_lev = 0
    ret = <optimized out>

#8 0x00007f257d648931 in run_failure_handlers (t=0x7f25826f30e8) at t_reply.c:581

    uac = <optimized out>
    on_failure = <optimized out>
    shmem_msg = 0x7f258364e648
    faked_req = {id = 343036, first_line = {type = 1, len = 59, u = {request = {method = {
              s = 0x7f258364eed8 "INVITE sip:17188780812@209.105.251.133;user=phone SIP/2.0\r\nVia: SIP/2.0/UDP 10.0.3.62:5060;branch=z9hG4bKa622.1baebbf4.0\r\nMax-Forwards: 63\r\nFrom: <sip:Anonymous@74.117.36.133:5060>;tag=N426cU4Br59FB\r\n"..., len = 6},
            uri = {s = 0x7f258364eedf "sip:17188780812@209.105.251.133;user=phone SIP/2.0\r\nVia: SIP/2.0/UDP 10.0.3.62:5060;branch=z9hG4bKa622.1baebbf4.0\r\nMax-Forwards: 63\r\nFrom: <sip:Anonymous@74.117.36.133:5060>;tag=N426cU4Br59FB\r\nTo: <si"...,
              len = 42}, version = {
              s = 0x7f258364ef0a "SIP/2.0\r\nVia: SIP/2.0/UDP 10.0.3.62:5060;branch=z9hG4bKa622.1baebbf4.0\r\nMax-Forwards: 63\r\nFrom: <sip:Anonymous@74.117.36.133:5060>;tag=N426cU4Br59FB\r\nTo: <sip:17188780812@209.105.251.133:5060>\r\nCall-I"...,
              len = 7}, method_value = 1}, reply = {version = {
              s = 0x7f258364eed8 "INVITE sip:17188780812@209.105.251.133;user=phone SIP/2.0\r\nVia: SIP/2.0/UDP 10.0.3.62:5060;branch=z9hG4bKa622.1baebbf4.0\r\nMax-Forwards: 63\r\nFrom: <sip:Anonymous@74.117.36.133:5060>;tag=N426cU4Br59FB\r\n"..., len = 6},
            status = {s = 0x7f258364eedf "sip:17188780812@209.105.251.133;user=phone SIP/2.0\r\nVia: SIP/2.0/UDP 10.0.3.62:5060;branch=z9hG4bKa622.1baebbf4.0\r\nMax-Forwards: 63\r\nFrom: <sip:Anonymous@74.117.36.133:5060>;tag=N426cU4Br59FB\r\nTo: <si"...,
              len = 42}, reason = {
              s = 0x7f258364ef0a "SIP/2.0\r\nVia: SIP/2.0/UDP 10.0.3.62:5060;branch=z9hG4bKa622.1baebbf4.0\r\nMax-Forwards: 63\r\nFrom: <sip:Anonymous@74.117.36.133:5060>;tag=N426cU4Br59FB\r\nTo: <sip:17188780812@209.105.251.133:5060>\r\nCall-I"...,
              len = 7}, statuscode = 1}}}, via1 = 0x7f258364f338, via2 = 0x0, headers = 0x7f258364f2f0, last_header = 0x7f2583650030, parsed_flag = 18446744073709551615, h_via1 = 0x7f258364f2f0, h_via2 = 0x0, callid = 0x7f258364fb80, to = 0x7f258364f830,
      cseq = 0x7f258364fbc8, from = 0x7f258364f4b0, contact = 0x7f258364fc40, maxforwards = 0x7f258364f468, route = 0x0, record_route = 0x0, path = 0x0, content_type = 0x7f258364fda8, content_length = 0x7f258364fdf0, authorization = 0x0, expires = 0x0,
      proxy_auth = 0x0, supported = 0x7f258364fd18, proxy_require = 0x0, unsupported = 0x0, allow = 0x7f258364fcd0, event = 0x0, accept = 0x0, accept_language = 0x0, organization = 0x0, priority = 0x0, subject = 0x0, user_agent = 0x7f258364fc88,
      content_disposition = 0x0, accept_disposition = 0x0, diversion = 0x0, rpid = 0x7f258364fe38, refer_to = 0x0, session_expires = 0x0, min_se = 0x0, ppi = 0x0, pai = 0x7f258364fe80, privacy = 0x7f258364fd60, call_info = 0x0, www_authenticate = 0x0,
      proxy_authenticate = 0x0, min_expires = 0x0, sdp = 0x0, multi = 0x0,
      eoh = 0x7f258364f20f "\r\nv=0\r\no=Sansay-VSXi 188 1 IN IP4 192.40.216.100\r\ns=Session Controller\r\nc=IN IP4 192.40.216.124\r\nt=0 0\r\nm=audio 38270 RTP/AVP 0 101\r\na=rtpmap:0 PCMU/8000\r\na=rtpmap:101 telephone-event/8000\r\na=fmtp:101"...,
      unparsed = 0x7f258364f20f "\r\nv=0\r\no=Sansay-VSXi 188 1 IN IP4 192.40.216.100\r\ns=Session Controller\r\nc=IN IP4 192.40.216.124\r\nt=0 0\r\nm=audio 38270 RTP/AVP 0 101\r\na=rtpmap:0 PCMU/8000\r\na=rtpmap:101 telephone-event/8000\r\na=fmtp:101"...,
      rcv = {src_ip = {af = 2, len = 4, u = {addrl = {140725643837450, 18446744073709551615}, addr32 = {1040384010, 32765, 4294967295, 4294967295}, addr16 = {10, 15875, 32765, 0, 65535, 65535, 65535, 65535},
            addr = "\n\000\003>\375\177\000\000\377\377\377\377\377\377\377\377"}}, dst_ip = {af = 2, len = 4, u = {addrl = {1208090634, 0}, addr32 = {1208090634, 0, 0, 0}, addr16 = {10, 18434, 0, 0, 0, 0, 0, 0},
            addr = "\n\000\002H", '\000' <repeats 11 times>}}, src_port = 5060, dst_port = 5060, proto = 1, proto_reserved1 = 0, proto_reserved2 = 0, src_su = {s = {sa_family = 2, sa_data = "\023\304\n\000\003>\000\000\000\000\000\000\000"}, sin = {
            sin_family = 2, sin_port = 50195, sin_addr = {s_addr = 1040384010}, sin_zero = "\000\000\000\000\000\000\000"}, sin6 = {sin6_family = 2, sin6_port = 50195, sin6_flowinfo = 1040384010, sin6_addr = {__in6_u = {
                __u6_addr8 = '\000' <repeats 15 times>, __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 1}}, bind_address = 0x7f263efd2640},
      buf = 0x7f258364eed8 "INVITE sip:17188780812@209.105.251.133;user=phone SIP/2.0\r\nVia: SIP/2.0/UDP 10.0.3.62:5060;branch=z9hG4bKa622.1baebbf4.0\r\nMax-Forwards: 63\r\nFrom: <sip:Anonymous@74.117.36.133:5060>;tag=N426cU4Br59FB\r\n"..., len = 1042,
      new_uri = {s = 0x7f2641315b88 "sip:17188780812@69.30.55.128;user=phone", len = 39}, dst_uri = {s = 0x0, len = 0}, ruri_q = -1, ruri_bflags = 0, force_send_socket = 0x0, path_vec = {s = 0x0, len = 0}, parsed_uri_ok = 0, parsed_uri = {user = {
          s = 0x7f264131393c "", len = 11}, passwd = {s = 0x0, len = 0}, host = {s = 0x7f2641313948 "", len = 15}, port = {s = 0x0, len = 0}, params = {s = 0x7f2641313958 "", len = 10}, headers = {s = 0x0, len = 0}, port_no = 0, proto = 0, type = TEL_URI_T,
        transport = {s = 0x0, len = 0}, ttl = {s = 0x0, len = 0}, user_param = {s = 0x7f2641313958 "", len = 10}, maddr = {s = 0x0, len = 0}, method = {s = 0x0, len = 0}, lr = {s = 0x0, len = 0}, r2 = {s = 0x0, len = 0}, gr = {s = 0x0, len = 0},
        transport_val = {s = 0x0, len = 0}, ttl_val = {s = 0x0, len = 0}, user_param_val = {s = 0x7f264131395d "", len = 5}, maddr_val = {s = 0x0, len = 0}, method_val = {s = 0x0, len = 0}, lr_val = {s = 0x0, len = 0}, r2_val = {s = 0x0, len = 0}, gr_val = {
          s = 0x0, len = 0}, u_name = {{s = 0x0, len = 0}, {s = 0x0, len = 0}, {s = 0x0, len = 0}, {s = 0x0, len = 0}, {s = 0x0, len = 0}, {s = 0x0, len = 0}, {s = 0x0, len = 0}, {s = 0x0, len = 0}, {s = 0x0, len = 0}, {s = 0x0, len = 0}}, u_val = {{
            s = 0x0, len = 0}, {s = 0x0, len = 0}, {s = 0x0, len = 0}, {s = 0x0, len = 0}, {s = 0x0, len = 0}, {s = 0x0, len = 0}, {s = 0x0, len = 0}, {s = 0x0, len = 0}, {s = 0x0, len = 0}, {s = 0x0, len = 0}}, u_params_no = 0}, parsed_orig_ruri_ok = 0,
      parsed_orig_ruri = {user = {s = 0x0, len = 0}, passwd = {s = 0x0, len = 0}, host = {s = 0x0, len = 0}, port = {s = 0x0, len = 0}, params = {s = 0x0, len = 0}, headers = {s = 0x0, len = 0}, port_no = 0, proto = 0, type = ERROR_URI_T, transport = {
          s = 0x0, len = 0}, ttl = {s = 0x0, len = 0}, user_param = {s = 0x0, len = 0}, maddr = {s = 0x0, len = 0}, method = {s = 0x0, len = 0}, lr = {s = 0x0, len = 0}, r2 = {s = 0x0, len = 0}, gr = {s = 0x0, len = 0}, transport_val = {s = 0x0, len = 0},
        ttl_val = {s = 0x0, len = 0}, user_param_val = {s = 0x0, len = 0}, maddr_val = {s = 0x0, len = 0}, method_val = {s = 0x0, len = 0}, lr_val = {s = 0x0, len = 0}, r2_val = {s = 0x0, len = 0}, gr_val = {s = 0x0, len = 0}, u_name = {{s = 0x0, len = 0}, {
            s = 0x0, len = 0}, {s = 0x0, len = 0}, {s = 0x0, len = 0}, {s = 0x0, len = 0}, {s = 0x0, len = 0}, {s = 0x0, len = 0}, {s = 0x0, len = 0}, {s = 0x0, len = 0}, {s = 0x0, len = 0}}, u_val = {{s = 0x0, len = 0}, {s = 0x0, len = 0}, {s = 0x0,
            len = 0}, {s = 0x0, len = 0}, {s = 0x0, len = 0}, {s = 0x0, len = 0}, {s = 0x0, len = 0}, {s = 0x0, len = 0}, {s = 0x0, len = 0}, {s = 0x0, len = 0}}, u_params_no = 0}, add_rm = 0x7f2580b2e310, body_lumps = 0x0, reply_lump = 0x0,
      add_to_branch_s = '\000' <repeats 57 times>, add_to_branch_len = 0, hash_index = 8810, flags = 0, msg_flags = 164064, set_global_address = {s = 0x0, len = 0}, set_global_port = {s = 0x0, len = 0}, msg_cb = 0x0}

#9 t_should_relay_response (reply=0x7f26413179a8, cancel_bitmap=, should_relay=, should_store=, branch=, new_code=403, Trans=0x7f25826f30e8) at t_reply.c:911

    branch_cnt = <optimized out>
    inv_through = <optimized out>
    do_cancel = <optimized out>

---Type to continue, or q to quit---
#10 relay_reply (t=0x7f25826f30e8, p_msg=0x7f26413179a8, branch=, msg_status=403, cancel_bitmap=) at t_reply.c:1125

    relay = <optimized out>
    save_clone = <optimized out>
    buf = 0x0
    res_len = 0
    relayed_code = 0
    relayed_msg = 0x0
    bm = {to_tag_val = {s = 0x7f263efd2640 "\f", len = 1056546824}}
    totag_retr = 0
    uas_rb = <optimized out>
    cb_s = {s = 0x0, len = -2106642200}
    text = {s = 0x7f26413179a8 "\373;\005", len = 0}
    __FUNCTION__ = "relay_reply"

#11 0x00007f257d64b83e in reply_received (p_msg=0x7f26413179a8) at t_reply.c:1505

    msg_status = 403
    last_uac_status = 100
    branch = 0
    reply_status = <optimized out>
    timer = 139798994323554
    cancel_bitmap = 0
    uac = 0x7f25826f32c0
    t = 0x7f25826f30e8
    backup_list = <optimized out>
    has_reply_route = <optimized out>
    __FUNCTION__ = "reply_received"

#12 0x000000000043b1a9 in forward_reply (msg=msg@entry=0x7f26413179a8) at forward.c:467

    new_buf = 0x0
    to = 0x0
    new_len = 0
    mod = 0x7f263ef12848
    proto = <optimized out>
    id = 0
    send_sock = <optimized out>
    s = <optimized out>
    len = <optimized out>
    __FUNCTION__ = "forward_reply"

#13 0x000000000048d011 in receive_msg (

buf=0x856840 <buf> "SIP/2.0 403 Forbidden **ANI BLOCKED**\r\nRecord-Route: <sip:10.0.2.72;lr;ftag=N426cU4Br59FB;did=499.5b87af8>\r\nVia: SIP/2.0/UDP 10.0.2.72:5060;branch=z9hG4bKa622.5a4ffbc6.0\r\nVia: SIP/2.0/UDP 10.0.3.62:50"..., len=<optimized out>,
rcv_info=rcv_info@entry=0x7ffddf300200, existing_context=existing_context@entry=0x0) at receive.c:257
    ctx = 0x7f26413159d0
    msg = 0x7f26413179a8
    start = {tv_sec = 139798996448608, tv_usec = 139798996448608}
    rc = 3
    in_buff = {s = 0x856840 <buf> "SIP/2.0 403 Forbidden **ANI BLOCKED**\r\nRecord-Route: <sip:10.0.2.72;lr;ftag=N426cU4Br59FB;did=499.5b87af8>\r\nVia: SIP/2.0/UDP 10.0.2.72:5060;branch=z9hG4bKa622.5a4ffbc6.0\r\nVia: SIP/2.0/UDP 10.0.3.62:50"..., len = 473}
    __FUNCTION__ = "receive_msg"

#14 0x00000000005a930d in udp_read_req (si=, bytes_read=) at net/proto_udp/proto_udp.c:190

    ri = {src_ip = {af = 2, len = 4, u = {addrl = {140725811544074, 18446744073709551615}, addr32 = {1208090634, 32765, 4294967295, 4294967295}, addr16 = {10, 18434, 32765, 0, 65535, 65535, 65535, 65535},
          addr = "\n\000\002H\375\177\000\000\377\377\377\377\377\377\377\377"}}, dst_ip = {af = 2, len = 4, u = {addrl = {1208090634, 0}, addr32 = {1208090634, 0, 0, 0}, addr16 = {10, 18434, 0, 0, 0, 0, 0, 0},
          addr = "\n\000\002H", '\000' <repeats 11 times>}}, src_port = 5062, dst_port = 5060, proto = 1, proto_reserved1 = 0, proto_reserved2 = 0, src_su = {s = {sa_family = 2, sa_data = "\023\306\n\000\002H\000\000\000\000\000\000\000"}, sin = {
          sin_family = 2, sin_port = 50707, sin_addr = {s_addr = 1208090634}, sin_zero = "\000\000\000\000\000\000\000"}, sin6 = {sin6_family = 2, sin6_port = 50707, sin6_flowinfo = 1208090634, sin6_addr = {__in6_u = {__u6_addr8 = '\000' <repeats 15 times>,
              __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 5056854}}, bind_address = 0x7f263efd2640}
    len = <optimized out>
    buf = "SIP/2.0 403 Forbidden **ANI BLOCKED**\r\nRecord-Route: <sip:10.0.2.72;lr;ftag=N426cU4Br59FB;did=499.5b87af8>\r\nVia: SIP/2.0/UDP 10.0.2.72:5060;branch=z9hG4bKa622.5a4ffbc6.0\r\nVia: SIP/2.0/UDP 10.0.3.62:50"...
    fromlen = 16
    p = <optimized out>
    msg = {s = 0x856840 <buf> "SIP/2.0 403 Forbidden **ANI BLOCKED**\r\nRecord-Route: <sip:10.0.2.72;lr;ftag=N426cU4Br59FB;did=499.5b87af8>\r\nVia: SIP/2.0/UDP 10.0.2.72:5060;branch=z9hG4bKa622.5a4ffbc6.0\r\nVia: SIP/2.0/UDP 10.0.3.62:50"..., len = 473}
    __FUNCTION__ = "udp_read_req"

#15 0x000000000059c38a in handle_io (idx=, event_type=, fm=) at net/net_udp.c:259

    read = 1056008232
    fm = <optimized out>

#16 io_wait_loop_epoll (h=, t=, repeat=) at net/../io_wait_loop.h:225

    ret = <optimized out>
    e = <optimized out>
    n = 1
    r = 0

#17 udp_rcv_loop (si=si@entry=0x7f263efd2640) at net/net_udp.c:308

    __FUNCTION__ = "udp_rcv_loop"

#18 0x000000000059d8ea in udp_start_processes (chd_rank=chd_rank@entry=0x819680 <chd_rank>, startup_done=startup_done@entry=0x7f257eb63f20) at net/net_udp.c:372

    si = 0x7f263efd2640
    load_p = 0x7f257eb63f40
    pid = <optimized out>
    i = <optimized out>
    __FUNCTION__ = "udp_start_processes"

---Type to continue, or q to quit---
#19 0x00000000004195a1 in main_loop () at main.c:671

    startup_done = 0x7f257eb63f20
    chd_rank = 21

#20 main (argc=, argv=) at main.c:1252

    cfg_stream = <optimized out>
    c = <optimized out>
    r = <optimized out>
    tmp = 0x7ffddf301e36 ""
    tmp_len = <optimized out>
    port = <optimized out>
    proto = <optimized out>
    options = 0x5c0248 "f:cCm:M:b:l:n:N:rRvdDFETSVhw:t:u:g:P:G:W:o:"
    ret = -1
    seed = 2821571356
    __FUNCTION__ = "main"
@bogdan-iancu
Copy link
Member

@46labs , this is a generic memory corruption, for sure a result of the bogus dialog refcounting (investigated by @liviuchircu). I will rename this ticket, just to have a reference to that crash.

@bogdan-iancu bogdan-iancu changed the title Segfault in hp_malloc.c:220 Segfault due wrong dialog ref counting Apr 20, 2016
@bogdan-iancu bogdan-iancu added this to the 2.3 milestone Apr 20, 2016
@bogdan-iancu bogdan-iancu mentioned this issue Apr 20, 2016
Closed
@bogdan-iancu bogdan-iancu mentioned this issue May 19, 2016
Closed
@bogdan-iancu
Copy link
Member

This was fixed via 047b1b3 and backported to all maintained versions of OpenSIPS.

Many thanks @46labs for the tremendous support and patience in troubleshooting and testing this issues.

This was referenced May 19, 2016
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@liviuchircu liviuchircu

Labels
bug
Projects
None yet
Milestone
2.3.6
Development

No branches or pull requests
2 participants
@bogdan-iancu @liviuchircu