API tools faq
paste
Advertisement
armenb

Kamailio crash in tcp_read_headers()

armenb
Jun 4th, 2017
118
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
GDB 6.31 KB | None | 0 0
raw download clone embed print report
  1. Program terminated with signal SIGSEGV, Segmentation fault.
  2. #0  0x000000000060519a in tcp_read_headers (c=0x7f752cecd640, read_flags=0x7ffeb1c5ba88) at tcp_read.c:628
  3. 628                 switch (*p){
  4. (gdb) bt
  5. #0  0x000000000060519a in tcp_read_headers (c=0x7f752cecd640, read_flags=0x7ffeb1c5ba88) at tcp_read.c:628
  6. #1  0x0000000000608a0a in tcp_read_req (con=0x7f752cecd640, bytes_read=0x7ffeb1c5ba8c, read_flags=0x7ffeb1c5ba88) at tcp_read.c:1314
  7. #2  0x000000000060d411 in handle_io (fm=0x7f7918138330, events=1, idx=-1) at tcp_read.c:1619
  8. #3  0x00000000005ff992 in io_wait_loop_epoll (h=0xa637c0 <io_w>, t=2, repeat=0) at io_wait.h:1065
  9. #4  0x000000000060f260 in tcp_receive_loop (unix_sock=50) at tcp_read.c:1789
  10. #5  0x00000000004dddfd in tcp_init_children () at tcp_main.c:4796
  11. #6  0x0000000000507728 in main_loop () at main.c:1704
  12. #7  0x000000000050dd10 in main (argc=13, argv=0x7ffeb1c5c0e8) at main.c:2631
  13. (gdb) frame 0
  14. #0  0x000000000060519a in tcp_read_headers (c=0x7f752cecd640, read_flags=0x7ffeb1c5ba88) at tcp_read.c:628
  15. 628                 switch (*p){
  16. (gdb) print *c
  17. $4 = {s = 5880, fd = 10, write_lock = {val = 0}, id = 121213, reader_pid = 30748, rcv = {src_ip = {af = 2, len = 4, u = {addrl = {1667391840, 0},
  18.         addr32 = {1667391840, 0, 0, 0}, addr16 = {3141, 32282, 0, 0, 0, 0, 0, 0}, addr = "E\f\032~", '\000' <repeats 11 times>}}, dst_ip = {af = 2,
  19.       len = 4, u = {addrl = {1498961750, 0}, addr32 = {1498961750, 0, 0, 0}, addr16 = {23481, 27403, 0, 0, 0, 0, 0, 0},
  20.         addr = "\271[\vk", '\000' <repeats 11 times>}}, src_port = 40265, dst_port = 5060, proto_reserved1 = 0, proto_reserved2 = 0, src_su = {s = {
  21.         sa_family = 2, sa_data = "\235IE\f\032~\000\000\000\000\000\000\000"}, sin = {sin_family = 2, sin_port = 18845, sin_addr = {
  22.           s_addr = 1667391840}, sin_zero = "\000\000\000\000\000\000\000"}, sin6 = {sin6_family = 2, sin6_port = 18845, sin6_flowinfo = 1667391840,
  23.         sin6_addr = {__in6_u = {__u6_addr8 = "\000\000\000\000\000\000\000\000\377\377\377\377\001\000\000", __u6_addr16 = {0, 0, 0, 0, 65535,
  24.               65535, 1, 0}, __u6_addr32 = {0, 0, 4294967295, 1}}}, sin6_scope_id = 9600}}, bind_address = 0x7f791600a690, proto = 2 '\002'}, req = {
  25.     next = 0x0, buf = 0x7f752cecd930 "", start = 0x7f752cecd930 "", pos = 0x7f752cecd930 "",
  26.     parsed = 0x7f732cecd930 <error: Cannot access memory at address 0x7f732cecd930>, body = 0x0, b_size = 16383, content_len = 0, chunk_size = 0,
  27.     flags = 0, bytes_to_go = 0, error = TCP_REQ_OK, state = H_SKIP_EMPTY}, refcnt = {val = 2}, type = PROTO_TCP, flags = 16408, send_flags = {
  28.     f = 0 '\000', blst_imask = 0 '\000'}, state = S_CONN_ACCEPT, extra_data = 0x0, timer = {next = 0x0, prev = 0x0, expire = 1504288668,
  29.     initial_timeout = 57680, data = 0x7f752cecd640, f = 0x4d7c84 <tcpconn_main_timeout>, flags = 512, slow_idx = 0}, timeout = 1504288668,
  30.   lifetime = 57680, id_hash = 381, id_next = 0x7f7532ba5088, id_prev = 0x0, c_next = 0x0, c_prev = 0x0, con_aliases = {{parent = 0x7f752cecd640,
  31.       next = 0x7f751c844c80, prev = 0x0, port = 40265, hash = 2909}, {parent = 0x7f752cecd640, next = 0x7f751c844ca0, prev = 0x0, port = 40265,
  32.       hash = 957}, {parent = 0x7f752cecd640, next = 0x7f75348c51b8, prev = 0x0, port = 40265, hash = 2078}, {parent = 0x0, next = 0x0, prev = 0x0,
  33.       port = 0, hash = 0}, {parent = 0x0, next = 0x0, prev = 0x0, port = 0, hash = 0}, {parent = 0x0, next = 0x0, prev = 0x0, port = 0, hash = 0}, {
  34.       parent = 0x0, next = 0x0, prev = 0x0, port = 0, hash = 0}, {parent = 0x0, next = 0x0, prev = 0x0, port = 0, hash = 0}, {parent = 0x0,
  35.       next = 0x0, prev = 0x0, port = 0, hash = 0}, {parent = 0x0, next = 0x0, prev = 0x0, port = 0, hash = 0}, {parent = 0x0, next = 0x0,
  36.       prev = 0x0, port = 0, hash = 0}, {parent = 0x0, next = 0x0, prev = 0x0, port = 0, hash = 0}}, aliases = 3, wbuf_q = {first = 0x0, last = 0x0,
  37.     wr_timeout = 0, queued = 0, offset = 0, last_used = 0}}
  38. (gdb) info locals
  39. bytes = 0
  40. remaining = 2
  41. p = 0x7f742cecd930 <error: Cannot access memory at address 0x7f742cecd930>
  42. r = 0x7f752cecd6c0
  43. mc = 0
  44. body_len = 0
  45. mfline = 0x0
  46. mtransid = {s = 0x7827e0 <__FUNCTION__.9595> "tcp_read_req", len = 2}
  47. __FUNCTION__ = "tcp_read_headers"
  48. (gdb) print *r
  49. $5 = {next = 0x0, buf = 0x7f752cecd930 "", start = 0x7f752cecd930 "", pos = 0x7f752cecd930 "",
  50.   parsed = 0x7f732cecd930 <error: Cannot access memory at address 0x7f732cecd930>, body = 0x0, b_size = 16383, content_len = 0, chunk_size = 0,
  51.   flags = 0, bytes_to_go = 0, error = TCP_REQ_OK, state = H_SKIP_EMPTY}
  52. (gdb) frame 1
  53. #1  0x0000000000608a0a in tcp_read_req (con=0x7f752cecd640, bytes_read=0x7ffeb1c5ba8c, read_flags=0x7ffeb1c5ba88) at tcp_read.c:1314
  54. 1314                    bytes=tcp_read_headers(con, read_flags);
  55. (gdb) info locals
  56. bytes = -1
  57. total_bytes = 0
  58. resp = 1
  59. size = 140731880945984
  60. req = 0x7f752cecd6c0
  61. dst = {send_sock = 0x7ffeb1c5ba80, to = {s = {sa_family = 8, sa_data = '\000' <repeats 13 times>}, sin = {sin_family = 8, sin_port = 0, sin_addr = {
  62.         s_addr = 0}, sin_zero = "\000\000\000\000\000\000\000"}, sin6 = {sin6_family = 8, sin6_port = 0, sin6_flowinfo = 0, sin6_addr = {__in6_u = {
  63.           __u6_addr8 = '\000' <repeats 15 times>, __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {0, 0, 0, 0}}},
  64.       sin6_scope_id = 2982525264}}, id = 32766, proto = 1 '\001', send_flags = {f = 0 '\000', blst_imask = 0 '\000'}}
  65. c = 111 'o'
  66. ret = 0
  67. __FUNCTION__ = "tcp_read_req"
  68. (gdb) frame 0
  69. #0  0x000000000060519a in tcp_read_headers (c=0x7f752cecd640, read_flags=0x7ffeb1c5ba88) at tcp_read.c:628
  70. 628                 switch (*p){
  71. (gdb) p r->buf[0]
  72. $1 = 0 '\000'
  73. (gdb) p r->buf[1]
  74. $2 = 0 '\000'
  75. (gdb) p r->buf[2]
  76. $3 = 0 '\000'
  77. (gdb) p r->buf[3]
  78. $4 = 0 '\000'
  79. (gdb) frame 3
  80. #3  0x00000000005ff992 in io_wait_loop_epoll (h=0xa637c0 <io_w>, t=2, repeat=0) at io_wait.h:1065
  81. 1065                            (handle_io(fm, revents, -1)>0) && repeat);
  82. (gdb) info locals
  83. n = 1
  84. r = 0
  85. fm = 0x7f7918138330
  86. revents = 1
  87. __FUNCTION__ = "io_wait_loop_epoll"
  88. (gdb) p *h
  89. $5 = {poll_method = POLL_EPOLL_LT, flags = 0, fd_hash = 0x7f7918137e80, fd_no = 2, max_fd_no = 65769, fd_array = 0x0, crt_fd_array_idx = 0,
  90.   epfd = 8, ep_array = 0x7f79182b94a0, sset = {__val = {0 <repeats 16 times>}}, signo = 0, master_rset = {__fds_bits = {0 <repeats 16 times>}},
  91.   master_wset = {__fds_bits = {0 <repeats 16 times>}}, max_fd_select = 0}
  92. (gdb) p *fm
  93. $6 = {fd = 50, type = 1, data = 0x0, events = 1}
  94. (gdb)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!