### Description
Event routes that are executed without a real SIP message available use the default "fake SIP message". The fake message has a source IPv4 address of 1.0.0.127 which belongs to CloudFlare (1.0.0.0/24).. and this led us to believe that traffic is coming from CF but could not find the messages on tcpdumps or HEP exports. Had a bit of a wild goose chase there trying to find the source. I believe the original intention has been to use 127.0.0.1 loopback address but the bytes are reversed at:
https://github.com/kamailio/kamailio/blob/master/src/core/fmsg.c#L78
It would be best to change this address to well ANYTHING that doesn't imply CloudFlare is pinging you 😂
--
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/3817
You are receiving this because you are subscribed to this thread.
Message ID: <kamailio/kamailio/issues/3817(a)github.com>
### Description
We have a quite basic scenario which sends a SIP MESSAGE and then receives SIP MESSAGE back. It also sets up two voice calls using SIP INVITE. It is only this specific scenario that is causing the core dump. Some time the core dump occur just a few seconds after the call/message scenario, but occasionally it takes up to 50 minutes.
We have been using the uac module for sending SIP MESSAGE in several other scenarios without experiencing a crash.
We always see the same lines in the log just prior to the core dump: CRITICAL: <core> [core/pass_fd.c:281]: receive_fd(): EOF on 49
We are using Kamailio 5.6 retrieved from the kamailio repository: http://deb.kamailio.org/kamailio56. We are running Kamailio in a Docker container which runs on "5.10.0-25-cloud-amd64 #1 SMP Debian 5.10.191-1 (2023-08-16) x86_64 GNU/Linux"
We have also tried Kamailio 5.7 from the same repo which crashes in exactly the same way.
### Troubleshooting
#### Reproduction
We have troubles to consistently reproduce it and it only happen from time to time when running a specific scenario sending SIP MESSAGE using the uac module. It does not happen for every call of this call scenario. At one instance Kamailo crashed with just 15 seconds in-between during the call scenario.
#### Debugging Data
```
# gdb /usr/sbin/kamailio /core
GNU gdb (Debian 10.1-1.7) 10.1.90.20210103-git
Copyright (C) 2021 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /usr/sbin/kamailio...
(No debugging symbols found in /usr/sbin/kamailio)
warning: Can't open file /dev/zero (deleted) during file-backed mapping note processing
[New LWP 4777]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `/usr/sbin/kamailio -DD -M 18 -m 192 -A serverId=17173 -A sendTraceLocal="sip:10'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 __strlen_evex () at ../sysdeps/x86_64/multiarch/strlen-evex.S:77
77 ../sysdeps/x86_64/multiarch/strlen-evex.S: No such file or directory.
(gdb) bt full
#0 __strlen_evex () at ../sysdeps/x86_64/multiarch/strlen-evex.S:77
No locals.
#1 0x00007f5425e34b78 in __vfprintf_internal (s=s@entry=0x55a06e969a60,
format=format@entry=0x55a06e558020 "%s: %.*s%s%s%sBUG: qm: fragm. %p (address %p) beginning overwritten (%lx)! Memory allocator was called from %s:%u. Fragment marked by %s:%lu. Exec from %s:%u.\n",
ap=ap@entry=0x7ffd6bebfb50, mode_flags=mode_flags@entry=0) at vfprintf-internal.c:1647
len = <optimized out>
step0_jumps = {0, 1717, 1621, 3413, 3317, 3997, 2677, 2837, 3613, 1773, 4309, 4445, 3517, 4437, 4389, 2789, 4197, 3917, 3221, 2997, 1141, 1365, 1997, 1925, 1885, 733, 3709, 533, 533, 4101}
space = <optimized out>
is_short = <optimized out>
use_outdigits = 0
outc = <optimized out>
step1_jumps = {0, 0, 0, 0, 0, 0, 0, 0, 0, 1773, 4309, 4445, 3517, 4437, 4389, 2789, 4197, 3917, 3221, 2997, 1141, 1365, 1997, 1925, 1885, 733, 3709, 533, 533, 0}
group = 0
prec = -1
step2_jumps = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 4309, 4445, 3517, 4437, 4389, 2789, 4197, 3917, 3221, 2997, 1141, 1365, 1997, 1925, 1885, 733, 3709, 533, 533, 0}
string = 0x756d6f7266222c22 <error: Cannot access memory at address 0x756d6f7266222c22>
left = 0
is_long_double = <optimized out>
width = 0
signed_number = <optimized out>
step3a_jumps = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 4213, 0, 0, 0, 4389, 2789, 4197, 3917, 3221, 0, 0, 0, 0, 1925, 0, 0, 0, 0, 0, 0}
alt = <optimized out>
showsign = 0
is_long = 0
is_char = <optimized out>
pad = <optimized out>
step3b_jumps = {0 <repeats 11 times>, 3517, 0, 0, 4389, 2789, 4197, 3917, 3221, 2997, 1141, 1365, 1997, 1925, 1885, 733, 3709, 0, 0, 0}
step4_jumps = {0 <repeats 14 times>, 4389, 2789, 4197, 3917, 3221, 2997, 1141, 1365, 1997, 1925, 1885, 733, 3709, 0, 0, 0}
args_value = <optimized out>
is_negative = <optimized out>
number = {longlong = <optimized out>, word = <optimized out>}
base = <optimized out>
the_arg = {pa_wchar = 4777 L'\x12a9', pa_int = 4777, pa_long_int = 4777, pa_long_long_int = 4777, pa_u_int = 4777, pa_u_long_int = 4777, pa_u_long_long_int = 4777,
pa_double = 2.3601515901836347e-320, pa_long_double = 1.74131181638025811763e-4947, pa_float128 = 3.09319115455554459548860449034534676e-4962,
pa_string = 0x12a9 <error: Cannot access memory at address 0x12a9>, pa_wstring = 0x12a9 <error: Cannot access memory at address 0x12a9>, pa_pointer = 0x12a9, pa_user = 0x12a9}
spec = 115 's'
_buffer = {__routine = 0x4, __arg = 0xd, __canceltype = 1855363680, __prev = 0xe0}
_avail = <optimized out>
thousands_sep = 0x0
grouping = 0xffffffffffffffff <error: Cannot access memory at address 0xffffffffffffffff>
done = 238
f = 0x55a06e5580a7 "s:%lu. Exec from %s:%u.\n"
lead_str_end = 0x55a06e558020 "%s: %.*s%s%s%sBUG: qm: fragm. %p (address %p) beginning overwritten (%lx)! Memory allocator was called from %s:%u. Fragment marked by %s:%lu. Exec from %s:%u.\n"
end_of_spec = <optimized out>
work_buffer = "h\r\000\000\000\000\000\000\000\000\000\000\060\000\000\000\000\000\000\000\375\177\000\000 \372\353k\375\177\000\000\237MSn\n\000\000\000\000\000\000\000\240U", '\000' <repeats 18 times>, "P\225Un\240U\000\000\000\000\000\000[\214A\323\f\000\000\000\000\000\000\000\377\377\377\377\377\377\377\377\206\002", '\000' <repeats 14 times>, "\004\000\000\000\000\000\000\000 \367\353k\375\177\000\000\301\225Un\240U\000\000\323\262\vn\240U\000\000\000\000\000\000\000\000\000\000s\374On\240U\000\000W\225Un\240U\000\000\350>\212\027T\177\000\000 \323\365$T\177\000\000\060\a\354k\375\177\000\00--Type <RET> for more, q to quit, c to continue without paging--
0\220\371\227n\240U\000\000"...
workend = 0x7ffd6bebf9f8 ""
ap_save = {{gp_offset = 16, fp_offset = 48, overflow_arg_area = 0x7ffd6bebfc30, reg_save_area = 0x7ffd6bebfb70}}
nspecs_done = 10
save_errno = 4
readonly_format = 0
do_longlong_number = <optimized out>
__result = <optimized out>
#2 0x00007f5425ec079f in __vsyslog_internal (pri=<optimized out>,
fmt=0x55a06e558020 "%s: %.*s%s%s%sBUG: qm: fragm. %p (address %p) beginning overwritten (%lx)! Memory allocator was called from %s:%u. Fragment marked by %s:%lu. Exec from %s:%u.\n",
ap=0x7ffd6bebfb50, mode_flags=0) at ../misc/syslog.c:233
now_tm = {tm_sec = 8, tm_min = 18, tm_hour = 12, tm_mday = 23, tm_mon = 0, tm_year = 124, tm_wday = 2, tm_yday = 22, tm_isdst = 0, tm_gmtoff = 0, tm_zone = 0x55a06e94c5e0 "UTC"}
now = 1706012288
fd = <optimized out>
f = 0x55a06e969a60
buf = 0x0
bufsize = 0
msgoff = 21
saved_errno = <optimized out>
failbuf = "`\232\226n\240U\000\000\000\204\201\247[\214A\323`\374\353k\375\177\000\000\300p\371%T"
clarg = {buf = <optimized out>, oldaction = <optimized out>}
#3 0x00007f5425ec0c46 in __syslog (pri=<optimized out>, fmt=<optimized out>) at ../misc/syslog.c:117
ap = {{gp_offset = 48, fp_offset = 48, overflow_arg_area = 0x7ffd6bebfc70, reg_save_area = 0x7ffd6bebfb70}}
#4 0x000055a06e3b7839 in ?? ()
No symbol table info available.
#5 0x000055a06e3bc039 in qm_free ()
No symbol table info available.
#6 0x000055a06e3c7c28 in qm_shm_free ()
No symbol table info available.
#7 0x00007f542325fb8e in uac_send_tm_callback () from /usr/lib/x86_64-linux-gnu/kamailio/modules/uac.so
No symbol table info available.
#8 0x00007f5424a2f002 in run_trans_callbacks_internal () from /usr/lib/x86_64-linux-gnu/kamailio/modules/tm.so
No symbol table info available.
#9 0x00007f5424a2f179 in run_trans_callbacks () from /usr/lib/x86_64-linux-gnu/kamailio/modules/tm.so
No symbol table info available.
#10 0x00007f54249d5e8c in free_cell_helper () from /usr/lib/x86_64-linux-gnu/kamailio/modules/tm.so
No symbol table info available.
#11 0x00007f5424aa8f82 in wait_handler () from /usr/lib/x86_64-linux-gnu/kamailio/modules/tm.so
No symbol table info available.
#12 0x000055a06e37a263 in ?? ()
No symbol table info available.
#13 0x000055a06e37a79d in ?? ()
No symbol table info available.
#14 0x000055a06e37acc6 in timer_main ()
No symbol table info available.
#15 0x000055a06e0a5f62 in main_loop ()
No symbol table info available.
--Type <RET> for more, q to quit, c to continue without paging--
#16 0x000055a06e0b120c in main ()
No symbol table info available.
(gdb) info locals
No locals.
(gdb) list
72 in ../sysdeps/x86_64/multiarch/strlen-evex.S
```
#### Log Messages
```
Log file:
2024-01-23T13:18:08.828+01:00 Jan 23 12:18:08 /usr/sbin/kamailio[4789]: INFO: <script>: Incoming SIP TCP request conid 21 call-id un0rihsRLJLvP-grn6LO-A
2024-01-23T13:18:08.835+01:00 Jan 23 12:18:08 /usr/sbin/kamailio[4789]: INFO: <script>: Incoming SIP TCP request conid 21 call-id WQjhldpRJbxjZRYe7fWgbw
2024-01-23T13:18:08.860+01:00 Jan 23 12:18:08 /usr/sbin/kamailio[4795]: CRITICAL: <core> [core/pass_fd.c:281]: receive_fd(): EOF on 49
2024-01-23T13:18:09.486+01:00 Jan 23 12:18:09 /usr/sbin/kamailio[4751]: ALERT: <core> [main.c:783]: handle_sigs(): child process 4777 exited by a signal 11
2024-01-23T13:18:09.486+01:00 Jan 23 12:18:09 /usr/sbin/kamailio[4751]: ALERT: <core> [main.c:787]: handle_sigs(): core was generated
2024-01-23T13:18:09.516+01:00 Jan 23 12:18:09 /usr/sbin/kamailio[4751]: INFO: <core> [core/sctp_core.c:53]: sctp_core_destroy(): SCTP API not initialized
2024-01-23T13:18:09.570+01:00 Started /root/sipconfig/startkamailio.sh
2024-01-23T13:18:09.570+01:00 info: :-) Starting Kamailio
```
#### SIP Traffic
### Possible Solutions
### Additional Information
* **Kamailio Version** - output of `kamailio -v`
```
# /usr/sbin/kamailio -v
version: kamailio 5.6.5 (x86_64/linux)
flags: USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS, DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MMAP, PKG_MALLOC, Q_MALLOC, F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLOCKLIST, HAVE_RESOLV_RES, TLS_PTHREAD_MUTEX_SHARED
ADAPTIVE_WAIT_LOOPS 1024, MAX_RECV_BUFFER_SIZE 262144, MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT PKG_SIZE 8MB
poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
id: unknown
compiled with gcc 10.2.1
```
* **Operating System**:
```
# lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description: Debian GNU/Linux 11 (bullseye)
Release: 11
Codename: bullseye
Linux ip-nn-nn-nn-nn 5.10.0-25-cloud-amd64 #1 SMP Debian 5.10.191-1 (2023-08-16) x86_64 GNU/Linux
```
--
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/3725
You are receiving this because you are subscribed to this thread.
Message ID: <kamailio/kamailio/issues/3725(a)github.com>
<!--
Kamailio Project uses GitHub Issues only for bugs in the code or feature requests. Please use this template only for bug reports.
If you have questions about using Kamailio or related to its configuration file, ask on sr-users mailing list:
* https://lists.kamailio.org/mailman3/postorius/lists/sr-users.lists.kamailio…
If you have questions about developing extensions to Kamailio or its existing C code, ask on sr-dev mailing list:
* https://lists.kamailio.org/mailman3/postorius/lists/sr-dev.lists.kamailio.o…
Please try to fill this template as much as possible for any issue. It helps the developers to troubleshoot the issue.
If there is no content to be filled in a section, the entire section can be removed.
You can delete the comments from the template sections when filling.
You can delete next line and everything above before submitting (it is a comment).
-->
### Description
<!--
Explain what you did, what you expected to happen, and what actually happened.
-->
Hello. I use uac_req_send to send registration to the asterisk pool. If some asterisk did not authorize and re-sent the 401 code, the module causes a kamailio crash
### Troubleshooting
ds_select("BACKENDS","0");
while(ds_set_dst()) {
xlog("L_DBG",">>> BACKEND du=$du\n");
$uac_req(ruri)="sip:" + $(du{uri.host});
$uac_req(furi)="sip:" + $avp(username) + "@" + $(du{uri.host});
$uac_req(turi)=$uac_req(furi);
uac_req_send();
ds_next_dst();
}
#### Reproduction
<!--
If the issue can be reproduced, describe how it can be done.
-->
#### Debugging Data
<!--
If you got a core dump, use gdb to extract troubleshooting data - full backtrace,
local variables and the list of the code at the issue location.
gdb /path/to/kamailio /path/to/corefile
bt full
info locals
list
If you are familiar with gdb, feel free to attach more of what you consider to
be relevant.
-->
```
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `/usr/sbin/kamailio -P /run/kamailio/kamailio.pid -f /etc/kamailio/kamailio.cfg'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x00005557272803b9 in timer_list_expire (t=1180105352, h=0x7f73b30a3bb8, slow_l=0x7f73b30a73a0, slow_mark=2907) at core/timer.c:846
846 core/timer.c: No such file or directory.
(gdb) bt full
#0 0x00005557272803b9 in timer_list_expire (t=1180105352, h=0x7f73b30a3bb8, slow_l=0x7f73b30a73a0, slow_mark=2907) at core/timer.c:846
tl = 0x7f73b3a49a88
ret = 0
#1 0x00005557272809cf in timer_handler () at core/timer.c:922
saved_ticks = 1180105352
run_slow_timer = 0
i = 859
__func__ = "timer_handler"
#2 0x0000555727280f53 in timer_main () at core/timer.c:961
No locals.
#3 0x0000555726f77736 in main_loop () at /build/kamailio-5.6.4+ubuntu22.04/src/main.c:1831
i = 6
pid = 0
si = 0x0
si_desc = "udp receiver child=5 sock=10.153.5.40:5060\000\000\020\000\000\000\003\000\000\000!\000\000\000\000\262\270\224RE&\035(\247K'WU\000\000WqA'WU\000\000\000\000\000\000\000\000\000\000c\367@'WU\000\000!\000\000\000\000\000\000\000\260\325\022\371s\177\000\000 \236.\220\375\177\000\000Ý•\024'WU\000"
nrprocs = 6
woneinit = 1
__func__ = "main_loop"
#4 0x0000555726f83d11 in main (argc=12, argv=0x7ffd902ea398) at /build/kamailio-5.6.4+ubuntu22.04/src/main.c:3078
cfg_stream = 0x555727e12380
c = -1
r = 0
tmp = 0x7ffd902ebe36 ""
tmp_len = 0
port = 0
proto = 0
ahost = 0x0
aport = 0
options = 0x55572744e898 ":f:cm:M:dVIhEeb:l:L:n:vKrRDTN:W:w:t:u:g:P:G:SQ:O:a:A:x:X:Y:"
ret = -1
seed = 4270110361
rfd = 4
debug_save = 0
debug_flag = 0
dont_fork_cnt = 0
n_lst = 0x7ffd902ea398
p = 0x7ffd902ea310 ""
st = {st_dev = 25, st_ino = 5514, st_nlink = 2, st_mode = 16888, st_uid = 0, st_gid = 0, __pad0 = 0, st_rdev = 0, st_size = 40, st_blksize = 4096, st_blocks = 0, st_atim = {tv_sec = 1690276408, tv_nsec = 971865637}, st_mtim = {tv_sec = 1690276408,
tv_nsec = 971865637}, st_ctim = {tv_sec = 1690276408, tv_nsec = 971865637}, __glibc_reserved = {0, 0, 0}}
tbuf = '\000' <repeats 80 times>, "\377\000\000\000\377\000\000\000\000\377\000\000\000\000\000\000", '/' <repeats 16 times>, "\230\r", '\000' <repeats 14 times>, "`", '\000' <repeats 15 times>, "\001", '\000' <repeats 144 times>...
option_index = 12
long_options = {{name = 0x55572740a2e9 "help", has_arg = 0, flag = 0x0, val = 104}, {name = 0x55572740b84a "version", has_arg = 0, flag = 0x0, val = 118}, {name = 0x55572740f6e4 "alias", has_arg = 1, flag = 0x0, val = 1024}, {name = 0x55572740a2ee "subst",
has_arg = 1, flag = 0x0, val = 1025}, {name = 0x55572740a2f4 "substdef", has_arg = 1, flag = 0x0, val = 1026}, {name = 0x55572740a2fd "substdefs", has_arg = 1, flag = 0x0, val = 1027}, {name = 0x55572740a307 "server-id", has_arg = 1, flag = 0x0, val = 1028},
{name = 0x55572740a311 "loadmodule", has_arg = 1, flag = 0x0, val = 1029}, {name = 0x55572740a31c "modparam", has_arg = 1, flag = 0x0, val = 1030}, {name = 0x55572740a325 "log-engine", has_arg = 1, flag = 0x0, val = 1031}, {name = 0x55572740b967 "debug",
has_arg = 1, flag = 0x0, val = 1032}, {name = 0x55572740a330 "cfg-print", has_arg = 0, flag = 0x0, val = 1033}, {name = 0x55572740a33a "atexit", has_arg = 1, flag = 0x0, val = 1034}, {name = 0x0, has_arg = 0, flag = 0x0, val = 0}}
__func__ = "main"
(gdb) info locals
tl = 0x7f73b3a49a88
ret = 0
(gdb) list
841 in core/timer.c
(gdb)
```
```
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `/usr/sbin/kamailio -P /run/kamailio/kamailio.pid -f /etc/kamailio/kamailio.cfg'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x00007f73f575d4d0 in free_hash_table () at /build/kamailio-5.6.4+ubuntu22.04/src/modules/tm/h_table.c:464
464 /build/kamailio-5.6.4+ubuntu22.04/src/modules/tm/h_table.c: No such file or directory.
(gdb) bt full
#0 0x00007f73f575d4d0 in free_hash_table () at /build/kamailio-5.6.4+ubuntu22.04/src/modules/tm/h_table.c:464
p_cell = 0x0
tmp_cell = 0x0
i = 64459
__func__ = "free_hash_table"
#1 0x00007f73f5793e46 in tm_shutdown () at /build/kamailio-5.6.4+ubuntu22.04/src/modules/tm/t_funcs.c:88
__func__ = "tm_shutdown"
#2 0x00005557271db17b in destroy_modules () at core/sr_module.c:842
t = 0x7f73f68a65a0
foo = 0x7f73f68a59e0
__func__ = "destroy_modules"
#3 0x0000555726f64029 in cleanup (show_status=1) at /build/kamailio-5.6.4+ubuntu22.04/src/main.c:561
memlog = 0
__func__ = "cleanup"
#4 0x0000555726f66044 in shutdown_children (sig=15, show_status=1) at /build/kamailio-5.6.4+ubuntu22.04/src/main.c:704
__func__ = "shutdown_children"
#5 0x0000555726f697dc in handle_sigs () at /build/kamailio-5.6.4+ubuntu22.04/src/main.c:802
chld = 0
chld_status = 139
any_chld_stopped = 1
memlog = 0
__func__ = "handle_sigs"
#6 0x0000555726f78f42 in main_loop () at /build/kamailio-5.6.4+ubuntu22.04/src/main.c:1900
i = 6
pid = 37846
si = 0x0
si_desc = "udp receiver child=5 sock=10.153.5.40:5060\000\000\020\000\000\000\003\000\000\000!\000\000\000\000\262\270\224RE&\035(\247K'WU\000\000WqA'WU\000\000\000\000\000\000\000\000\000\000c\367@'WU\000\000!\000\000\000\000\000\000\000\260\325\022\371s\177\000\000 \236.\220\375\177\000\000Ý•\024'WU\000"
nrprocs = 6
woneinit = 1
__func__ = "main_loop"
#7 0x0000555726f83d11 in main (argc=12, argv=0x7ffd902ea398) at /build/kamailio-5.6.4+ubuntu22.04/src/main.c:3078
cfg_stream = 0x555727e12380
c = -1
r = 0
tmp = 0x7ffd902ebe36 ""
tmp_len = 0
port = 0
proto = 0
ahost = 0x0
aport = 0
options = 0x55572744e898 ":f:cm:M:dVIhEeb:l:L:n:vKrRDTN:W:w:t:u:g:P:G:SQ:O:a:A:x:X:Y:"
ret = -1
seed = 4270110361
rfd = 4
debug_save = 0
debug_flag = 0
dont_fork_cnt = 0
n_lst = 0x7ffd902ea398
p = 0x7ffd902ea310 ""
st = {st_dev = 25, st_ino = 5514, st_nlink = 2, st_mode = 16888, st_uid = 0, st_gid = 0, __pad0 = 0, st_rdev = 0, st_size = 40, st_blksize = 4096, st_blocks = 0, st_atim = {tv_sec = 1690276408, tv_nsec = 971865637}, st_mtim = {tv_sec = 1690276408,
tv_nsec = 971865637}, st_ctim = {tv_sec = 1690276408, tv_nsec = 971865637}, __glibc_reserved = {0, 0, 0}}
tbuf = '\000' <repeats 80 times>, "\377\000\000\000\377\000\000\000\000\377\000\000\000\000\000\000", '/' <repeats 16 times>, "\230\r", '\000' <repeats 14 times>, "`", '\000' <repeats 15 times>, "\001", '\000' <repeats 144 times>...
option_index = 12
long_options = {{name = 0x55572740a2e9 "help", has_arg = 0, flag = 0x0, val = 104}, {name = 0x55572740b84a "version", has_arg = 0, flag = 0x0, val = 118}, {name = 0x55572740f6e4 "alias", has_arg = 1, flag = 0x0, val = 1024}, {name = 0x55572740a2ee "subst",
has_arg = 1, flag = 0x0, val = 1025}, {name = 0x55572740a2f4 "substdef", has_arg = 1, flag = 0x0, val = 1026}, {name = 0x55572740a2fd "substdefs", has_arg = 1, flag = 0x0, val = 1027}, {name = 0x55572740a307 "server-id", has_arg = 1, flag = 0x0, val = 1028},
{name = 0x55572740a311 "loadmodule", has_arg = 1, flag = 0x0, val = 1029}, {name = 0x55572740a31c "modparam", has_arg = 1, flag = 0x0, val = 1030}, {name = 0x55572740a325 "log-engine", has_arg = 1, flag = 0x0, val = 1031}, {name = 0x55572740b967 "debug",
has_arg = 1, flag = 0x0, val = 1032}, {name = 0x55572740a330 "cfg-print", has_arg = 0, flag = 0x0, val = 1033}, {name = 0x55572740a33a "atexit", has_arg = 1, flag = 0x0, val = 1034}, {name = 0x0, has_arg = 0, flag = 0x0, val = 0}}
__func__ = "main"
(gdb) info locals
p_cell = 0x0
tmp_cell = 0x0
i = 64459
__func__ = "free_hash_table"
(gdb) list
459 in /build/kamailio-5.6.4+ubuntu22.04/src/modules/tm/h_table.c
```
#### Log Messages
<!--
Check the syslog file and if there are relevant log messages printed by Kamailio, add them next, or attach to issue, or provide a link to download them (e.g., to a pastebin site).
-->
```
CRITICAL: <core> [core/mem/q_malloc.c:519]: qm_free(): BUG: freeing already freed pointer (0x7f8a6c440050), called from uac: uac_send.c: uac_send_tm_callback(860), first free uac: uac_send.c: uac_send_info_clone(110) - ignoring
CRITICAL: <core> [core/mem/q_malloc.c:123]: qm_debug_check_frag(): BUG: qm: fragm. 0x7f74379f46b0 (address 0x7f74379f46e8) beginning overwritten (0)! Memory allocator was called from uac: uac_send.c:860. Fragment marked by (null):0. Exec from core/mem/q_malloc.c:511.
```
#### SIP Traffic
<!--
If the issue is exposed by processing specific SIP messages, grab them with ngrep or save in a pcap file, then add them next, or attach to issue, or provide a link to download them (e.g., to a pastebin site).
-->
```
proto:UDP 2023-07-25T10:00:44.452898Z 10.153.5.40:5060 ---> 192.168.50.107:5060
REGISTER sip:192.168.50.107 SIP/2.0
Via: SIP/2.0/UDP 10.153.5.40;branch=z9hG4bK6a0b.834627a6000000000000000000000000.0
To: <sip:3408@192.168.50.107>
From: <sip:3408@192.168.50.107>;tag=b2f228866a24b161d346cfb256d45132-a0527658
CSeq: 10 REGISTER
Call-ID: 2332840947916a3e-39417(a)10.153.5.40
Max-Forwards: 70
Content-Length: 0
Contact: <sip:3408@10.153.5.40:5060>
Expires: 150
User-Agent: PortSIP UC Client Android - v11.8.1
proto:UDP 2023-07-25T10:00:44.464436Z 192.168.50.107:5060 ---> 10.153.5.40:5060
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 10.153.5.40;rport=5060;received=10.153.5.40;branch=z9hG4bK6a0b.834627a6000000000000000000000000.0
Call-ID: 2332840947916a3e-39417(a)10.153.5.40
From: <sip:3408@192.168.50.107>;tag=b2f228866a24b161d346cfb256d45132-a0527658
To: <sip:3408@192.168.50.107>;tag=z9hG4bK6a0b.834627a6000000000000000000000000.0
CSeq: 10 REGISTER
WWW-Authenticate: Digest realm="vpp",nonce="1690279244/67fc12dbaf6a76fa34181a4bd504de00",opaque="1680d45809efac86",algorithm=md5,qop="auth"
Server: Asterisk
Content-Length: 0
proto:UDP 2023-07-25T10:00:44.466447Z 10.153.5.40:5060 ---> 192.168.50.107:5060
REGISTER sip:192.168.50.107 SIP/2.0
Via: SIP/2.0/UDP 10.153.5.40;branch=z9hG4bK7a0b.5673b4d4000000000000000000000000.0
To: <sip:3408@192.168.50.107>
From: <sip:3408@192.168.50.107>;tag=b2f228866a24b161d346cfb256d45132-a0527658
CSeq: 11 REGISTER
Call-ID: 2332840947916a3e-39417(a)10.153.5.40
Max-Forwards: 70
Content-Length: 0
Contact: <sip:3408@10.153.5.40:5060>
Expires: 150
Authorization: Digest username="3408", realm="vpp", nonce="1690279244/67fc12dbaf6a76fa34181a4bd504de00", uri="sip:192.168.50.107", opaque="1680d45809efac86", qop=auth, nc=00000001, cnonce="1935694403", response="38bc75e831e1267ce943bcc50f76390a", algorithm=MD5
User-Agent: PortSIP UC Client Android - v11.8.1
proto:UDP 2023-07-25T10:00:44.477675Z 192.168.50.107:5060 ---> 10.153.5.40:5060
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 10.153.5.40;rport=5060;received=10.153.5.40;branch=z9hG4bK7a0b.5673b4d4000000000000000000000000.0
Call-ID: 2332840947916a3e-39417(a)10.153.5.40
From: <sip:3408@192.168.50.107>;tag=b2f228866a24b161d346cfb256d45132-a0527658
To: <sip:3408@192.168.50.107>;tag=z9hG4bK7a0b.5673b4d4000000000000000000000000.0
CSeq: 11 REGISTER
WWW-Authenticate: Digest realm="vpp",nonce="1690279244/67fc12dbaf6a76fa34181a4bd504de00",opaque="5adc30b867f02d18",algorithm=md5,qop="auth"
Server: Asterisk
Content-Length: 0
```
### Possible Solutions
<!--
If you found a solution or workaround for the issue, describe it. Ideally, provide a pull request with a fix.
-->
### Additional Information
* **Kamailio Version** - output of `kamailio -v`
```
version: kamailio 5.6.4 (x86_64/linux)
flags: USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS, DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MMAP, PKG_MALLOC, Q_MALLOC, F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLOCKLIST, HAVE_RESOLV_RES, TLS_PTHREAD_MUTEX_SHARED
ADAPTIVE_WAIT_LOOPS 1024, MAX_RECV_BUFFER_SIZE 262144, MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT PKG_SIZE 8MB
poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
id: unknown
compiled with gcc 11.3.0
```
* **Operating System**:
<!--
Details about the operating system, the type: Linux (e.g.,: Debian 8.4, Ubuntu 16.04, CentOS 7.1, ...), MacOS, xBSD, Solaris, ...;
Kernel details (output of `lsb_release -a` and `uname -a`)
-->
```
5.15.0-76-generic #83-Ubuntu SMP Thu Jun 15 19:16:32 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
```
--
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/3522
You are receiving this because you are subscribed to this thread.
Message ID: <kamailio/kamailio/issues/3522(a)github.com>