<html><body><div style="color:#000; background-color:#fff; font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:10pt"><div>Hi</div><div style="color: rgb(0, 0, 0); font-size: 13px; font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; background-color: transparent; font-style: normal;"><br></div><div style="color: rgb(0, 0, 0); font-size: 13px; font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; background-color: transparent; font-style: normal;">Here is the output.</div><div style="color: rgb(0, 0, 0); font-size: 13px; font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; background-color: transparent; font-style: normal;"><br></div><div style="color: rgb(0, 0, 0); font-size: 13px; font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; background-color:
transparent; font-style: normal;">1st core file:</div><div style="color: rgb(0, 0, 0); font-size: 13px; font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; background-color: transparent; font-style: normal;">(gdb) p *(struct qm_frag_end*)((char*)frag-sizeof(struct qm_frag_end))</div><div><span></span></div><div>$1 = {size = 64, prev_free = 0x7fd961885e90}</div><div><br></div><div>2nd core file:</div><div><div>(gdb) p *(struct qm_frag_end*)((char*)frag-sizeof(struct qm_frag_end))</div><div>$1 = {size = 64, prev_free = 0x7f563a34e0d0}</div><div><br></div><div><br></div><div>Regards,</div><div>Dragos</div></div><div class="yahoo_quoted" style="display: block;"> <br> <br> <div style="font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 10pt;"> <div style="font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 12pt;">
<div dir="ltr"> <font size="2" face="Arial"> On Thursday, November 21, 2013 7:58 PM, Daniel-Constantin Mierla <miconda@gmail.com> wrote:<br> </font> </div> <div class="y_msg_container"><div id="yiv2848087840"><div>
Hello,<br clear="none">
<br clear="none">
the values are invalid, probably the previous fragment was writing
more.<br clear="none">
<br clear="none">
For now, can you give:<br clear="none">
<br clear="none">
p *(struct qm_frag_end*)((char*)frag-sizeof(struct qm_frag_end))<br clear="none">
<br clear="none">
I expect to be some invalid values as well.<br clear="none">
<br clear="none">
Later I will try to come up with a gdb script to spot the previous
fragment.<br clear="none">
<br clear="none">
MEMDBG=1 will make it slightly slower and increases a bit the
overhead. But I guess you don't run at the limits of CPU. In the
past we used to have it for couple of releases on and nobody
complained about performances.<br clear="none">
<br clear="none">
Cheers,<br clear="none">
Daniel<br clear="none">
<br clear="none">
<div class="yiv2848087840yqt0778459855" id="yiv2848087840yqtfd44001"><div class="yiv2848087840moz-cite-prefix">On 11/21/13 7:39 PM, Dragos Oancea
wrote:<br clear="none">
</div>
<blockquote type="cite">
<div style="color: rgb(0, 0, 0); background-color: rgb(255, 255, 255); font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 10pt;">
<div><span>Hi</span></div>
<div style="color: rgb(0, 0, 0); font-size: 13px; font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; background-color: transparent; font-style: normal;"><span><br clear="none">
</span></div>
<div style="color: rgb(0, 0, 0); font-size: 13px; font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; background-color: transparent; font-style: normal;"><span>Here is the output:</span></div>
<div style="color: rgb(0, 0, 0); font-size: 13px; font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; background-color: transparent; font-style: normal;"><span><br clear="none">
</span></div>
<div style="background-color:transparent;">gdb) </div>
<div style="background-color:transparent;">(gdb) frame 0</div>
<div style="background-color:transparent;">#0 qm_detach_free
(qm=0x7fd96175e010, size=112) at mem/q_malloc.c:266</div>
<div style="background-color:transparent;">266<span class="yiv2848087840Apple-tab-span" style="white-space:pre;"> </span>in
mem/q_malloc.c</div>
<div style="background-color:transparent;">(gdb) </div>
<div style="background-color:transparent;">#0 qm_detach_free
(qm=0x7fd96175e010, size=112) at mem/q_malloc.c:266</div>
<div style="background-color:transparent;">266<span class="yiv2848087840Apple-tab-span" style="white-space:pre;"> </span>in
mem/q_malloc.c</div>
<div style="background-color:transparent;">(gdb) p *frag</div>
<div style="background-color:transparent;">$1 = {size =
7599108840079127868, u = {nxt_free = 0x3965663931343a64,
is_free = 4135824228634344036}}</div>
<div style="background-color:transparent;">(gdb) </div>
<div style="background-color:transparent;">$2 = {size =
7599108840079127868, u = {nxt_free = 0x3965663931343a64,
is_free = 4135824228634344036}}</div>
<div style="background-color:transparent;">(gdb) </div>
<div style="background-color:transparent;">$3 = {size =
7599108840079127868, u = {nxt_free = 0x3965663931343a64,
is_free = 4135824228634344036}}</div>
<div style="background-color:transparent;">(gdb) p
*((char*)frag + sizeof(struct qm_frag))</div>
<div style="background-color:transparent;"><span></span></div>
<div style="background-color:transparent;">$4 = 99 'c'</div>
<div><br clear="none">
</div>
<div>Is it okay to run with <span style="font-family: 'Courier New'; white-space: pre; font-size: 10pt;">MEMDBG=1 in
production ? Wouldn't it make it a little slow ?</span></div>
<div><br clear="none">
</div>
<div>Just let me know if u want so see something else with gdb.
Unfortunally I do not have SIP traces, but I have the core
file and some logs.</div>
<div><br clear="none">
</div>
<div><br clear="none">
</div>
<div>Regards,</div>
<div>Dragos</div>
<div class="yiv2848087840yahoo_quoted" style="display: block;"> <br clear="none">
<br clear="none">
<div style="font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 10pt;">
<div style="font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 12pt;">
<div dir="ltr"> <font face="Arial" size="2"> On Thursday,
November 21, 2013 6:50 PM, Daniel-Constantin Mierla
<a rel="nofollow" shape="rect" class="yiv2848087840moz-txt-link-rfc2396E" ymailto="mailto:miconda@gmail.com" target="_blank" href="mailto:miconda@gmail.com"><miconda@gmail.com></a> wrote:<br clear="none">
</font> </div>
<div class="yiv2848087840y_msg_container">
<div id="yiv2848087840">
<div>
<div class="yiv2848087840moz-cite-prefix">Hello,<br clear="none">
<br clear="none">
can you provde the output in gdb for:<br clear="none">
<br clear="none">
</div>
</div>
<div>
<pre class="yiv2848087840code">frame 0
p *frag
p *((char*)frag + sizeof(struct qm_frag))
</pre>
There were similar reports, so apparently there is a
buffer overflow somewhere.<br clear="none">
<br clear="none">
You should update to latest git branch 4.0, because
there were some other fixes from 4.0.3. With this
occasion, you should set MEMDBG=1 in Makefile.defs
before recompiling the new version to be able to
catch easier the overwrites of memory.<br clear="none">
<br clear="none">
Cheers,<br clear="none">
Daniel<br clear="none">
<br clear="none">
On 11/21/13 6:36 PM, Dragos Oancea wrote:<br clear="none">
<blockquote type="cite">
<div class="yiv2848087840yqt9292292783" id="yiv2848087840yqt19129">
<div style="color: rgb(0, 0, 0); background-color: rgb(255, 255, 255); font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 10pt;">
<div>Hello</div>
<div><br clear="none">
</div>
<div style="color: rgb(0, 0, 0); font-size: 13px; font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; background-color: transparent; font-style: normal;">We had this crash today
with kamailio 4.0.3 .</div>
<div style="color: rgb(0, 0, 0); font-size: 13px; font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; background-color: transparent; font-style: normal;">It ran stable for few
weeks until this crash.</div>
<div style="color: rgb(0, 0, 0); font-size: 13px; font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; background-color: transparent; font-style: normal;"><br clear="none">
</div>
<div style="color: rgb(0, 0, 0); font-size: 13px; font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; background-color: transparent; font-style: normal;">GDB here:</div>
<div style="color: rgb(0, 0, 0); font-size: 13px; font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; background-color: transparent; font-style: normal;"><br clear="none">
</div>
<div style="background-color:transparent;"><a rel="nofollow" shape="rect" class="yiv2848087840moz-txt-link-freetext" target="_blank" href="http://pastebin.com/rACV31z8">http://pastebin.com/rACV31z8</a><br clear="none">
</div>
<div style="background-color: transparent; color: rgb(0, 0, 0); font-size: 13px; font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-style: normal;"><br clear="none">
</div>
<div style="background-color: transparent; color: rgb(0, 0, 0); font-size: 13px; font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-style: normal;"><br clear="none">
</div>
<div style="background-color: transparent; color: rgb(0, 0, 0); font-size: 13px; font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-style: normal;">Regards,</div>
<div style="background-color: transparent; color: rgb(0, 0, 0); font-size: 13px; font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-style: normal;">Dragos</div>
</div>
</div>
</blockquote>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</blockquote>
<br clear="none">
</div></div></div><br><br></div> </div> </div> </div> </div></body></html>