<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Hello,<br>
<br>
for later references in the archive -- based on private follow up
with more details from the core and troubleshooting, the issue
should be fixed between 4.0.3 and 4.0.4.<br>
<br>
Cheers,<br>
Daniel<br>
<br>
<div class="moz-cite-prefix">On 11/22/13 11:26 AM, Dragos Oancea
wrote:<br>
</div>
<blockquote
cite="mid:1385116009.68219.YahooMailNeo@web124903.mail.ne1.yahoo.com"
type="cite">
<div style="color:#000; background-color:#fff;
font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial,
Lucida Grande, sans-serif;font-size:10pt">
<div>Hi</div>
<div style="color: rgb(0, 0, 0); font-size: 13px; font-family:
HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida
Grande', sans-serif; background-color: transparent;
font-style: normal;"><br>
</div>
<div style="color: rgb(0, 0, 0); font-size: 13px; font-family:
HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida
Grande', sans-serif; background-color: transparent;
font-style: normal;">Here is the output.</div>
<div style="color: rgb(0, 0, 0); font-size: 13px; font-family:
HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida
Grande', sans-serif; background-color: transparent;
font-style: normal;"><br>
</div>
<div style="color: rgb(0, 0, 0); font-size: 13px; font-family:
HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida
Grande', sans-serif; background-color: transparent;
font-style: normal;">1st core file:</div>
<div style="color: rgb(0, 0, 0); font-size: 13px; font-family:
HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida
Grande', sans-serif; background-color: transparent;
font-style: normal;">(gdb) p *(struct
qm_frag_end*)((char*)frag-sizeof(struct qm_frag_end))</div>
<div><span></span></div>
<div>$1 = {size = 64, prev_free = 0x7fd961885e90}</div>
<div><br>
</div>
<div>2nd core file:</div>
<div>
<div>(gdb) p *(struct qm_frag_end*)((char*)frag-sizeof(struct
qm_frag_end))</div>
<div>$1 = {size = 64, prev_free = 0x7f563a34e0d0}</div>
<div><br>
</div>
<div><br>
</div>
<div>Regards,</div>
<div>Dragos</div>
</div>
<div class="yahoo_quoted" style="display: block;"> <br>
<br>
<div style="font-family: HelveticaNeue, 'Helvetica Neue',
Helvetica, Arial, 'Lucida Grande', sans-serif; font-size:
10pt;">
<div style="font-family: HelveticaNeue, 'Helvetica Neue',
Helvetica, Arial, 'Lucida Grande', sans-serif; font-size:
12pt;">
<div dir="ltr"> <font face="Arial" size="2"> On Thursday,
November 21, 2013 7:58 PM, Daniel-Constantin Mierla
<a class="moz-txt-link-rfc2396E" href="mailto:miconda@gmail.com"><miconda@gmail.com></a> wrote:<br>
</font> </div>
<div class="y_msg_container">
<div id="yiv2848087840">
<div> Hello,<br clear="none">
<br clear="none">
the values are invalid, probably the previous
fragment was writing more.<br clear="none">
<br clear="none">
For now, can you give:<br clear="none">
<br clear="none">
p *(struct qm_frag_end*)((char*)frag-sizeof(struct
qm_frag_end))<br clear="none">
<br clear="none">
I expect to be some invalid values as well.<br
clear="none">
<br clear="none">
Later I will try to come up with a gdb script to
spot the previous fragment.<br clear="none">
<br clear="none">
MEMDBG=1 will make it slightly slower and increases
a bit the overhead. But I guess you don't run at the
limits of CPU. In the past we used to have it for
couple of releases on and nobody complained about
performances.<br clear="none">
<br clear="none">
Cheers,<br clear="none">
Daniel<br clear="none">
<br clear="none">
<div class="yiv2848087840yqt0778459855"
id="yiv2848087840yqtfd44001">
<div class="yiv2848087840moz-cite-prefix">On
11/21/13 7:39 PM, Dragos Oancea wrote:<br
clear="none">
</div>
<blockquote type="cite">
<div style="color: rgb(0, 0, 0);
background-color: rgb(255, 255, 255);
font-family: HelveticaNeue, 'Helvetica Neue',
Helvetica, Arial, 'Lucida Grande', sans-serif;
font-size: 10pt;">
<div><span>Hi</span></div>
<div style="color: rgb(0, 0, 0); font-size:
13px; font-family: HelveticaNeue, 'Helvetica
Neue', Helvetica, Arial, 'Lucida Grande',
sans-serif; background-color: transparent;
font-style: normal;"><span><br clear="none">
</span></div>
<div style="color: rgb(0, 0, 0); font-size:
13px; font-family: HelveticaNeue, 'Helvetica
Neue', Helvetica, Arial, 'Lucida Grande',
sans-serif; background-color: transparent;
font-style: normal;"><span>Here is the
output:</span></div>
<div style="color: rgb(0, 0, 0); font-size:
13px; font-family: HelveticaNeue, 'Helvetica
Neue', Helvetica, Arial, 'Lucida Grande',
sans-serif; background-color: transparent;
font-style: normal;"><span><br clear="none">
</span></div>
<div style="background-color:transparent;">gdb) </div>
<div style="background-color:transparent;">(gdb)
frame 0</div>
<div style="background-color:transparent;">#0
qm_detach_free (qm=0x7fd96175e010,
size=112) at mem/q_malloc.c:266</div>
<div style="background-color:transparent;">266<span
class="yiv2848087840Apple-tab-span"
style="white-space:pre;"> </span>in
mem/q_malloc.c</div>
<div style="background-color:transparent;">(gdb) </div>
<div style="background-color:transparent;">#0
qm_detach_free (qm=0x7fd96175e010,
size=112) at mem/q_malloc.c:266</div>
<div style="background-color:transparent;">266<span
class="yiv2848087840Apple-tab-span"
style="white-space:pre;"> </span>in
mem/q_malloc.c</div>
<div style="background-color:transparent;">(gdb)
p *frag</div>
<div style="background-color:transparent;">$1
= {size = 7599108840079127868, u = {nxt_free
= 0x3965663931343a64, is_free =
4135824228634344036}}</div>
<div style="background-color:transparent;">(gdb) </div>
<div style="background-color:transparent;">$2
= {size = 7599108840079127868, u = {nxt_free
= 0x3965663931343a64, is_free =
4135824228634344036}}</div>
<div style="background-color:transparent;">(gdb) </div>
<div style="background-color:transparent;">$3
= {size = 7599108840079127868, u = {nxt_free
= 0x3965663931343a64, is_free =
4135824228634344036}}</div>
<div style="background-color:transparent;">(gdb)
p *((char*)frag + sizeof(struct qm_frag))</div>
<div style="background-color:transparent;"><span></span></div>
<div style="background-color:transparent;">$4
= 99 'c'</div>
<div><br clear="none">
</div>
<div>Is it okay to run with <span
style="font-family: 'Courier New';
white-space: pre; font-size: 10pt;">MEMDBG=1
in production ? Wouldn't it make it a
little slow ?</span></div>
<div><br clear="none">
</div>
<div>Just let me know if u want so see
something else with gdb. Unfortunally I do
not have SIP traces, but I have the core
file and some logs.</div>
<div><br clear="none">
</div>
<div><br clear="none">
</div>
<div>Regards,</div>
<div>Dragos</div>
<div class="yiv2848087840yahoo_quoted"
style="display: block;"> <br clear="none">
<br clear="none">
<div style="font-family: HelveticaNeue,
'Helvetica Neue', Helvetica, Arial,
'Lucida Grande', sans-serif; font-size:
10pt;">
<div style="font-family: HelveticaNeue,
'Helvetica Neue', Helvetica, Arial,
'Lucida Grande', sans-serif; font-size:
12pt;">
<div dir="ltr"> <font face="Arial"
size="2"> On Thursday, November 21,
2013 6:50 PM, Daniel-Constantin
Mierla <a moz-do-not-send="true"
rel="nofollow" shape="rect"
class="yiv2848087840moz-txt-link-rfc2396E"
ymailto="mailto:miconda@gmail.com"
target="_blank"
href="mailto:miconda@gmail.com"><miconda@gmail.com></a>
wrote:<br clear="none">
</font> </div>
<div
class="yiv2848087840y_msg_container">
<div id="yiv2848087840">
<div>
<div
class="yiv2848087840moz-cite-prefix">Hello,<br
clear="none">
<br clear="none">
can you provde the output in gdb
for:<br clear="none">
<br clear="none">
</div>
</div>
<div>
<pre class="yiv2848087840code">frame 0
p *frag
p *((char*)frag + sizeof(struct qm_frag))
</pre>
There were similar reports, so
apparently there is a buffer
overflow somewhere.<br
clear="none">
<br clear="none">
You should update to latest git
branch 4.0, because there were
some other fixes from 4.0.3. With
this occasion, you should set
MEMDBG=1 in Makefile.defs before
recompiling the new version to be
able to catch easier the
overwrites of memory.<br
clear="none">
<br clear="none">
Cheers,<br clear="none">
Daniel<br clear="none">
<br clear="none">
On 11/21/13 6:36 PM, Dragos Oancea
wrote:<br clear="none">
<blockquote type="cite">
<div
class="yiv2848087840yqt9292292783"
id="yiv2848087840yqt19129">
<div style="color: rgb(0, 0,
0); background-color:
rgb(255, 255, 255);
font-family: HelveticaNeue,
'Helvetica Neue', Helvetica,
Arial, 'Lucida Grande',
sans-serif; font-size:
10pt;">
<div>Hello</div>
<div><br clear="none">
</div>
<div style="color: rgb(0, 0,
0); font-size: 13px;
font-family:
HelveticaNeue, 'Helvetica
Neue', Helvetica, Arial,
'Lucida Grande',
sans-serif;
background-color:
transparent; font-style:
normal;">We had this crash
today with kamailio 4.0.3
.</div>
<div style="color: rgb(0, 0,
0); font-size: 13px;
font-family:
HelveticaNeue, 'Helvetica
Neue', Helvetica, Arial,
'Lucida Grande',
sans-serif;
background-color:
transparent; font-style:
normal;">It ran stable for
few weeks until this
crash.</div>
<div style="color: rgb(0, 0,
0); font-size: 13px;
font-family:
HelveticaNeue, 'Helvetica
Neue', Helvetica, Arial,
'Lucida Grande',
sans-serif;
background-color:
transparent; font-style:
normal;"><br clear="none">
</div>
<div style="color: rgb(0, 0,
0); font-size: 13px;
font-family:
HelveticaNeue, 'Helvetica
Neue', Helvetica, Arial,
'Lucida Grande',
sans-serif;
background-color:
transparent; font-style:
normal;">GDB here:</div>
<div style="color: rgb(0, 0,
0); font-size: 13px;
font-family:
HelveticaNeue, 'Helvetica
Neue', Helvetica, Arial,
'Lucida Grande',
sans-serif;
background-color:
transparent; font-style:
normal;"><br clear="none">
</div>
<div
style="background-color:transparent;"><a
moz-do-not-send="true"
rel="nofollow"
shape="rect"
class="yiv2848087840moz-txt-link-freetext"
target="_blank"
href="http://pastebin.com/rACV31z8">http://pastebin.com/rACV31z8</a><br
clear="none">
</div>
<div
style="background-color:
transparent; color: rgb(0,
0, 0); font-size: 13px;
font-family:
HelveticaNeue, 'Helvetica
Neue', Helvetica, Arial,
'Lucida Grande',
sans-serif; font-style:
normal;"><br clear="none">
</div>
<div
style="background-color:
transparent; color: rgb(0,
0, 0); font-size: 13px;
font-family:
HelveticaNeue, 'Helvetica
Neue', Helvetica, Arial,
'Lucida Grande',
sans-serif; font-style:
normal;"><br clear="none">
</div>
<div
style="background-color:
transparent; color: rgb(0,
0, 0); font-size: 13px;
font-family:
HelveticaNeue, 'Helvetica
Neue', Helvetica, Arial,
'Lucida Grande',
sans-serif; font-style:
normal;">Regards,</div>
<div
style="background-color:
transparent; color: rgb(0,
0, 0); font-size: 13px;
font-family:
HelveticaNeue, 'Helvetica
Neue', Helvetica, Arial,
'Lucida Grande',
sans-serif; font-style:
normal;">Dragos</div>
</div>
</div>
</blockquote>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</blockquote>
<br clear="none">
</div>
</div>
</div>
<br>
<br>
</div>
</div>
</div>
</div>
</div>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Daniel-Constantin Mierla - <a class="moz-txt-link-freetext" href="http://www.asipto.com">http://www.asipto.com</a>
<a class="moz-txt-link-freetext" href="http://twitter.com/#!/miconda">http://twitter.com/#!/miconda</a> - <a class="moz-txt-link-freetext" href="http://www.linkedin.com/in/miconda">http://www.linkedin.com/in/miconda</a></pre>
</body>
</html>