#106 Crash in anchor_lump

1.4.x
closed-fixed
modules (454)
2
2009-04-01
2009-02-28
Anonymous
No

Feb 28 12:00:26 vs-netlp-196 opensips[2805]: CRITICAL:core:anchor_lump: offset exceeds message size (952 > 949) aborting...
Feb 28 12:00:26 vs-netlp-196 opensips[2768]: INFO:core:handle_sigs: child process 2805 exited by a signal 6
Feb 28 12:00:26 vs-netlp-196 opensips[2851]: CRITICAL:core:receive_fd: EOF on 12
Feb 28 12:00:26 vs-netlp-196 opensips[2768]: INFO:core:handle_sigs: core was generated
Feb 28 12:00:26 vs-netlp-196 opensips[2768]: INFO:core:handle_sigs: terminating due to SIGCHLD
Feb 28 12:00:26 vs-netlp-196 opensips[2851]: INFO:core:sig_usr: signal 15 received
Feb 28 12:00:26 vs-netlp-196 opensips[2837]: INFO:core:sig_usr: signal 15 received
Feb 28 12:00:26 vs-netlp-196 opensips[2843]: INFO:core:sig_usr: signal 15 received

Discussion

  • Core was generated by `/usr/local/sbin/opensips -P /var/run/opensips.pid'.
    Program terminated with signal 6, Aborted.
    #0 0x00fe9402 in __kernel_vsyscall ()
    (gdb) bt
    #0 0x00fe9402 in __kernel_vsyscall ()
    #1 0x003f7f30 in raise () from /lib/i686/nosegneg/libc.so.6
    #2 0x003f9911 in abort () from /lib/i686/nosegneg/libc.so.6
    #3 0x0805ffcf in anchor_lump (msg=0x81b2770, offset=950, len=0, type=HDR_OTHER_T) at data_lump.c:345
    #4 0x0021d382 in force_rtp_proxy2_f (msg=0x81b2770, str1=0xbfdf3dbb "", str2=0xbfdf3d8c "200.69.XXX.197") at nathelper.c:2745
    #5 0x00220332 in force_rtp_proxy0_f (msg=0x81b2770, str1=0x0, str2=0x0) at nathelper.c:2772
    #6 0x08052fa6 in do_action (a=0x81ab8a8, msg=0x81b2770) at action.c:845
    #7 0x08055819 in run_action_list (a=0x81ab8a8, msg=0x81b2770) at action.c:138
    #8 0x080544c5 in do_action (a=0x81ab910, msg=0x81b2770) at action.c:717
    #9 0x08055819 in run_action_list (a=0x81ab910, msg=0x81b2770) at action.c:138
    #10 0x08054df2 in do_action (a=0x81ab978, msg=0x81b2770) at action.c:723
    #11 0x08055819 in run_action_list (a=0x81ab978, msg=0x81b2770) at action.c:138
    #12 0x08054088 in do_action (a=0x81ab338, msg=0x81b2770) at action.c:118
    #13 0x08055819 in run_action_list (a=0x81a4068, msg=0x81b2770) at action.c:138
    #14 0x08055bb3 in run_top_route (a=0x81a4068, msg=0x81b2770) at action.c:118
    #15 0x08094f79 in receive_msg (
    buf=0x817a200 "INVITE sip:002914530254@voip.XXXXXXXX.com.ar SIP/2.0\r\nVia: SIP/2.0/UDP 200.59.112.179:33131;branch=z9hG4bK-d87543-fd18d04ea12c3a1d-1--d87543-;rport\r\nMax-Forwards: 69\r\nContact: <sip:1191@200.59.112.179"..., len=947, rcv_info=0xbfdf4964) at receive.c:165
    #16 0x080d7b37 in udp_rcv_loop () at udp_server.c:449
    #17 0x0806d5ce in main (argc=3, argv=0xbfdf4b54) at main.c:780

     
  • (gdb) bt full
    #0 0x00fe9402 in __kernel_vsyscall ()
    No symbol table info available.
    #1 0x003f7f30 in raise () from /lib/i686/nosegneg/libc.so.6
    No symbol table info available.
    #2 0x003f9911 in abort () from /lib/i686/nosegneg/libc.so.6
    No symbol table info available.
    #3 0x0805ffcf in anchor_lump (msg=0x81b2770, offset=950, len=0, type=HDR_OTHER_T) at data_lump.c:345
    tmp = <value optimized out>
    prev = <value optimized out>
    t = <value optimized out>
    list = <value optimized out>
    __FUNCTION__ = "anchor_lump"
    #4 0x0021d382 in force_rtp_proxy2_f (msg=0x81b2770, str1=0xbfdf3dbb "", str2=0xbfdf3d8c "200.69.XXX.197") at nathelper.c:2745
    body = {
    s = 0x817a44d "v=0\r\no=- 5490616 5490639 IN IP4 200.59.112.179\r\ns=eyeBeam\r\nc=IN IP4 200.59.112.179\r\nt=0 0\r\nm=audio 35867 RTP/AVP 100 6 0 8 3 18 98 97 5 102 101\r\na=alt:1 1 : 1EDD7A3B DE47B706 200.59.112.179 35867\r\na=f"..., len = 361}
    body1 = {
    s = 0x817a488 "c=IN IP4 200.59.112.179\r\nt=0 0\r\nm=audio 35867 RTP/AVP 100 6 0 8 3 18 98 97 5 102 101\r\na=alt:1 1 : 1EDD7A3B DE47B706 200.59.112.179 35867\r\na=fmtp:101 0-15\r\na=rtpmap:100 speex/16000\r\na=rtpmap:98 ilbc/80"..., len = 302}
    oldport = {
    s = 0x817a4b0 "35867 RTP/AVP 100 6 0 8 3 18 98 97 5 102 101\r\na=alt:1 1 : 1EDD7A3B DE47B706 200.59.112.179 35867\r\na=fmtp:101 0-15\r\na=rtpmap:100 speex/16000\r\na=rtpmap:98 ilbc/8000\r\na=rtpmap:97 speex/8000\r\na=rtpmap:102"..., len = 5}
    oldip = {
    s = 0x817a491 "200.59.112.179\r\nt=0 0\r\nm=audio 35867 RTP/AVP 100 6 0 8 3 18 98 97 5 102 101\r\na=alt:1 1 : 1EDD7A3B DE47B706 200.59.112.179 35867\r\na=fmtp:101 0-15\r\na=rtpmap:100 speex/16000\r\na=rtpmap:98 ilbc/8000\r\na=rtp"..., len = 14}
    newport = {s = 0x819ad38 "35456", len = 5}
    newip = {s = 0x2286af "200.69.196.196", len = 14}
    callid = {
    s = 0x817a354 "103ddf45602ebf12@QVJJRUwx\r\nCSeq: 1 INVITE\r\nAllow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, SUBSCRIBE, INFO\r\nContent-Type: application/sdp\r\nSupported: eventlist\r\nUser-Agent: eyeBeam r"..., len = 25}
    create = 1
    len = <value optimized out>
    asymmetric = 0
    flookup = 0
    argc = 2
    proxied = 0
    real = 0
    orgip = 0
    commip = 0
    oidx = 1
    pf = 2
    pf1 = 2
    force = 0
    swap = 0
    opts = "U\000\000\000ô\017Q\000Ï¢\027\b\000\000\000"
    cp = 0x2286be ""
    cpend = <value optimized out>
    next = <value optimized out>
    ap = <value optimized out>
    argv = {0x2286a9 "35456", 0x2286af "200.69.196.196", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}
    anchor = <value optimized out>
    node = <value optimized out>
    v = {{iov_base = 0x2287c0, iov_len = 9}, {iov_base = 0xbfdf3cd8, iov_len = 1}, {iov_base = 0x225a49, iov_len = 1}, {iov_base = 0x817a354,
    iov_len = 25}, {iov_base = 0x225a49, iov_len = 1}, {iov_base = 0x228c00, iov_len = 14}, {iov_base = 0x225a49, iov_len = 1}, {iov_base = 0x817a4b0,
    iov_len = 5}, {iov_base = 0x225a49, iov_len = 1}, {iov_base = 0x817a341, iov_len = 8}, {iov_base = 0x225b48, iov_len = 1}, {iov_base = 0xbfdf3cc4,
    iov_len = 1}, {iov_base = 0x225a49, iov_len = 1}, {iov_base = 0x0, iov_len = 0}, {iov_base = 0x225b48, iov_len = 1}, {iov_base = 0xbfdf3cc4,
    iov_len = 1}}
    v1p = <value optimized out>
    v2p = 0x817a44d "v=0\r\no=- 5490616 5490639 IN IP4 200.59.112.179\r\ns=eyeBeam\r\nc=IN IP4 200.59.112.179\r\nt=0 0\r\nm=audio 35867 RTP/AVP 100 6 0 8 3 18 98 97 5 102 101\r\na=alt:1 1 : 1EDD7A3B DE47B706 200.59.112.179 35867\r\na=f"...
    c1p = 0x817a488 "c=IN IP4 200.59.112.179\r\nt=0 0\r\nm=audio 35867 RTP/AVP 100 6 0 8 3 18 98 97 5 102 101\r\na=alt:1 1 : 1EDD7A3B DE47B706 200.59.112.179 35867\r\na=fmtp:101 0-15\r\na=rtpmap:100 speex/16000\r\na=rtpmap:98 ilbc/80"...
    c2p = 0x0
    m1p = <value optimized out>
    m2p = 0x817a4a8 "m=audio 35867 RTP/AVP 100 6 0 8 3 18 98 97 5 102 101\r\na=alt:1 1 : 1EDD7A3B DE47B706 200.59.112.179 35867\r\na=fmtp:101 0-15\r\na=rtpmap:100 speex/16000\r\na=rtpmap:98 ilbc/8000\r\na=rtpmap:97 speex/8000\r\na=rt"...
    bodylimit = 0x817a5b6 "2\r\nVia: SIP/2.0/UDP 200.73.183.203;rport=5060;received=200.73.183.203;branch=0\r\nVia: SIP/2.0/UDP 200.73.182.228:5060;rport=56505;x-route-tag=\"tgrp:SKYTONE-BASICO\";branch=z9hG4bK225472653\r\nFrom: \"anon"...
    o1p = 0x0
    medianum_buf = "1\000ß¿\000\000\000\000quG\000\212°@\000\000\000\000"
    medianum = 1
    tmpstr1 = {
    s = 0x817a4a8 "m=audio 35867 RTP/AVP 100 6 0 8 3 18 98 97 5 102 101\r\na=alt:1 1 : 1EDD7A3B DE47B706 200.59.112.179 35867\r\na=fmtp:101 0-15\r\na=rtpmap:100 speex/16000\r\na=rtpmap:98 ilbc/8000\r\na=rtpmap:97 speex/8000\r\na=rt"..., len = 270}
    c1p_altered = 1
    __FUNCTION__ = "force_rtp_proxy2_f"
    #5 0x00220332 in force_rtp_proxy0_f (msg=0x81b2770, str1=0x0, str2=0x0) at nathelper.c:2772
    arg = ""
    #6 0x08052fa6 in do_action (a=0x81ab8a8, msg=0x81b2770) at action.c:845
    ret = <value optimized out>
    v = <value optimized out>
    to = <value optimized out>
    p = <value optimized out>
    tmp = <value optimized out>
    end = <value optimized out>
    crt = <value optimized out>
    len = <value optimized out>
    user = <value optimized out>
    uri = {user = {s = 0x81ab7d0 "\002", len = 135997296}, passwd = {s = 0x0, len = 4439232}, host = {s = 0x512140 "", len = 161736688}, port = {
    s = 0x0, len = 0}, params = {s = 0x46c914 "\201ÃàF\n", len = 161736680}, headers = {s = 0xbfdf413c "\a¢\027\bðç£\t", len = 0}, port_no = 0, proto = 0,
    type = 5312500, transport = {s = 0x0, len = 1}, ttl = {s = 0xbfdf4200 "(Bß¿\2147H", len = 4722294}, user_param = {s = 0x9a3e7f0 "\200!Q", len = 17},
    maddr = {s = 0x88 <Address 0x88 out of bounds>, len = -322277503}, method = {s = 0x81b3088 "°¢\027\b", len = 4194304}, lr = {
    s = 0x1 <Address 0x1 out of bounds>, len = 135766535}, r2 = {s = 0x25 <Address 0x25 out of bounds>, len = 2141312}, transport_val = {
    s = 0xc <Address 0xc out of bounds>, len = 4732812}, ttl_val = {s = 0x0, len = 135966032}, user_param_val = {s = 0x81b2770 "À\b", len = 0}, maddr_val = {
    s = 0xbfdf4268 "", len = 134557606}, method_val = {s = 0x81b2770 "À\b", len = -1240879032}, lr_val = {s = 0x0, len = 0}, r2_val = {s = 0x0, len = 0}}
    next_hop = {user = {s = 0x0, len = 0}, passwd = {s = 0x0, len = 0}, host = {s = 0x0, len = 0}, port = {s = 0x0, len = 0}, params = {s = 0x0,
    len = 0}, headers = {s = 0x0, len = 0}, port_no = 0, proto = 0, type = ERROR_URI_T, transport = {s = 0x0, len = 0}, ttl = {s = 0x0, len = 0},
    user_param = {s = 0x0, len = -1552065627}, maddr = {s = 0x0, len = 1655571}, method = {s = 0x0, len = 0}, lr = {s = 0x194a13 "\201Ã¥×",
    len = -1552065627}, r2 = {s = 0x200 <Address 0x200 out of bounds>, len = 2141324}, transport_val = {s = 0x20ac88 "0254", len = 2140016}, ttl_val = {
    s = 0xb609b048 "\030°\t¶", len = -1240879032}, user_param_val = {s = 0xbfdf3ff8 "hBß¿¦/\005\bp'\033\bH°\t¶", len = 2098015}, maddr_val = {
    s = 0xb609b048 "\030°\t¶", len = -1075888164}, method_val = {s = 0xbfdf3fe8 "", len = 135968760}, lr_val = {s = 0x81b2770 "À\b", len = 4}, r2_val = {
    s = 0xbfdf4078 "èBß¿ÅD\005\b¨¸\032\bp'\033\b", len = 134889973}}
    u = <value optimized out>
    port = <value optimized out>
    cmatch = <value optimized out>
    aitem = <value optimized out>
    adefault = <value optimized out>
    spec = <value optimized out>
    model = <value optimized out>
    val = {rs = {s = 0x0, len = 0}, ri = 0, flags = 1}
    __FUNCTION__ = "do_action"
    #7 0x08055819 in run_action_list (a=0x81ab8a8, msg=0x81b2770) at action.c:138
    ret = 135969040
    t = (struct action *) 0x81ab8a8
    __FUNCTION__ = "run_action_list"

     
  • what opensips version are you using?

    Regards,
    Bogdan

     
    • labels: 1134769 --> modules
    • assigned_to: nobody --> bogdan_iancu
     
    • milestone: --> 1.4.x
     
  • any reply?

    It looks like an old problem in calculating the length of the body - this was fixed some time ago, so it is important to now what 1.4 subversion are you using.

    If no reply this week, the report will be closed as outdated.

    Regards,
    Bogdan

     
    • priority: 5 --> 2
     
  • This is happening to me too as well, and I'm using Opensips 1.4.2

    Please see the message titled -- Critical:core:anchor_lump: offset exceeds message size (1033 > 1000), aborting -- exited by signal 6 -- in Opensips users group

     
  • ok, the bug was found and fixed in all versions. Please update from SVN.

    Best regards,
    Bogdan

     
    • status: open --> closed-fixed