<!--
Kamailio Project uses GitHub Issues only for bugs in the code or feature requests. Please
use this template only for bug reports.
If you have questions about using Kamailio or related to its configuration file, ask on
sr-users mailing list:
*
http://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
If you have questions about developing extensions to Kamailio or its existing C code, ask
on sr-dev mailing list:
*
http://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev
Please try to fill this template as much as possible for any issue. It helps the
developers to troubleshoot the issue.
If there is no content to be filled in a section, the entire section can be removed.
You can delete the comments from the template sections when filling.
You can delete next line and everything above before submitting (it is a comment).
-->
### Description
We have segfault in Kamailio v5.0.7 rev. 7ab0b1 installed on Debain 7.x 32bit KVM when
processing sip reply 408 due to RING Timeout.
<!--
Explain what you did, what you expected to happen, and what actually happened.
-->
### Troubleshooting
No troubleshooting was done, since it happened on a production server. We simply restarted
the server.
#### Reproduction
The problem is random and has happened a couple of times within a month.
<!--
If the issue can be reproduced, describe how it can be done.
-->
#### Debugging Data
Here is back trace from core dump generated by kamailio.
<pre>
Core was generated by `/usr/local/adx-webrtc/sbin/kamailio -f
/usr/local/adx-webrtc/etc/kamailio/kamai'.
Program terminated with signal 11, Segmentation fault.
#0 0xb4f9bcb9 in run_failure_handlers (t=0x92d6111c, rpl=0xffffffff, code=408,
extra_flags=96) at t_reply.c:1013
1013 t_reply.c: No such file or directory.
(gdb) bt
#0 0xb4f9bcb9 in run_failure_handlers (t=0x92d6111c, rpl=0xffffffff, code=408,
extra_flags=96) at t_reply.c:1013
#1 0xb4f9ea32 in t_should_relay_response (Trans=0x92d6111c, new_code=408, branch=0,
should_store=0xbf90fba4, should_relay=0xbf90fba8, cancel_data=0xbf90fc28,
reply=0xffffffff) at t_reply.c:1382
#2 0xb4fa1431 in relay_reply (t=0x92d6111c, p_msg=0xffffffff, branch=0, msg_status=408,
cancel_data=0xbf90fc28, do_put_on_wait=0) at t_reply.c:1785
#3 0xb4f4bbca in fake_reply (t=0x92d6111c, branch=0, code=408) at timer.c:340
#4 0xb4f4bfe7 in final_response_handler (r_buf=0x92d61288, t=0x92d6111c) at timer.c:506
#5 0xb4f4c07e in retr_buf_handler (ticks=368965158, tl=0x92d6129c, p=0xfffffffe) at
timer.c:562
#6 0x08250eb4 in slow_timer_main () at core/timer.c:1131
#7 0x08069a4e in main_loop () at main.c:1679
#8 0x08070868 in main (argc=13, argv=0xbf9103a4) at main.c:2642
</pre>
Here is full back trace.
<!--
If you got a core dump, use gdb to extract troubleshooting data - full backtrace,
local variables and the list of the code at the issue location.
gdb /path/to/kamailio /path/to/corefile
bt full
info locals
list
If you are familiar with gdb, feel free to attach more of what you consider to
be relevant.
-->
```
(gdb) bt full
#0 0xb4f9bcb9 in run_failure_handlers (t=0x92d6111c, rpl=0xffffffff, code=408,
extra_flags=96) at t_reply.c:1013
faked_req = 0x984311f4
faked_req_len = 4512
shmem_msg = 0x94ed18b8
on_failure = 2
keng = 0x0
__FUNCTION__ = "run_failure_handlers"
#1 0xb4f9ea32 in t_should_relay_response (Trans=0x92d6111c, new_code=408, branch=0,
should_store=0xbf90fba4, should_relay=0xbf90fba8, cancel_data=0xbf90fc28,
reply=0xffffffff) at t_reply.c:1382
branch_cnt = 1
picked_code = 408
new_branch = -1755505652
inv_through = 0
extra_flags = 96
i = 0
replies_dropped = 0
__FUNCTION__ = "t_should_relay_response"
#2 0xb4fa1431 in relay_reply (t=0x92d6111c, p_msg=0xffffffff, branch=0, msg_status=408,
cancel_data=0xbf90fc28, do_put_on_wait=0) at t_reply.c:1785
relay = -65536
save_clone = 0
buf = 0x0
res_len = 0
relayed_code = 0
relayed_msg = 0x0
reply_bak = 0xb5002368
bm = {to_tag_val = {s = 0xb5a847f7 "ation", len = 10}}
totag_retr = 0
reply_status = RPS_ERROR
uas_rb = 0x0
to_tag = 0x0
reason = {s = 0x0, len = 1946659428}
onsend_params = {req = 0xb5002368, rpl = 0x0, param = 0xbf910234, code =
-1081017352, flags = 56659, branch = 46322, t_rbuf = 0xb4fd5a10, dst = 0x2, send_buf = {
s = 0xbf90fce8 "\030\375\220\277\034\021֒\210\022֒\240", len =
1946588245}}
ip = {af = 0, len = 3213949832, u = {addrl = {4294967295, 0, 3213951540,
3213949832}, addr32 = {4294967295, 0, 3213951540, 3213949832}, addr16 = {65535, 65535, 0,
0, 564, 49041, 64392,
49040}, addr =
"\377\377\377\377\000\000\000\000\064\002\221\277\210", <incomplete sequence
\373\220\277>}}
__FUNCTION__ = "relay_reply"
#3 0xb4f4bbca in fake_reply (t=0x92d6111c, branch=0, code=408) at timer.c:340
cancel_data = {cancel_bitmap = 0, reason = {cause = 0, u = {text = {s = 0x0, len =
5}, e2e_cancel = 0x0, packed_hdrs = {s = 0x0, len = 5}}}}
do_cancel_branch = 1
reply_status = 29068
#4 0xb4f4bfe7 in final_response_handler (r_buf=0x92d61288, t=0x92d6111c) at timer.c:506
silent = 0
branch_ret = -1258282136
prev_branch = 0
now = 0
#5 0xb4f4c07e in retr_buf_handler (ticks=368965158, tl=0x92d6129c, p=0xfffffffe) at
timer.c:562
rbuf = 0x92d61288
fr_remainder = 0
retr_remainder = 12
retr_interval = 1674326491
new_retr_interval_ms = 160
crt_retr_interval_ms = 3213950232
t = 0x92d6111c
__FUNCTION__ = "retr_buf_handler"
#6 0x08250eb4 in slow_timer_main () at core/timer.c:1131
n = 12
ret = 0
tl = 0x92d6129c
i = 516
__FUNCTION__ = "slow_timer_main"
#7 0x08069a4e in main_loop () at main.c:1679
i = 4
pid = 0
si = 0x0
si_desc = "udp receiver child=3
sock=xx.xx.xx.xx:5060\000\000\000\000\000\004\000\000\000\030\000\221\277\333\061\314c\001\000\000\000\333\061\314c\230\377\220\277\264\n(\bd\024<t\004\000\000\000\331\332\066\b\260\354\066\bq\000\000\000t\331\066\b\v\020\000\000Y\222\350\264D\221\257\265;\031B\264\\\"C\264\214#\000\000\000\000\000"
nrprocs = 4
woneinit = 1
__FUNCTION__ = "main_loop"
#8 0x08070868 in main (argc=13, argv=0xbf9103a4) at main.c:2642
cfg_stream = 0x8a4a008
c = -1
r = 0
tmp = 0xbf910903 ""
tmp_len = -1218121696
port = 2209
proto = 1
options = 0x8344f9c
":f:cm:M:dVIhEeb:l:L:n:vKrRDTN:W:w:t:u:g:P:G:SQ:O:a:A:x:X:Y:"
ret = -1
seed = 3093231387
rfd = 4
debug_save = 0
debug_flag = 0
dont_fork_cnt = 0
n_lst = 0xbf9103a4
p = 0x805d60c "[\201\303\354\253<"
st = {st_dev = 14, __pad1 = 0, st_ino = 10259, st_mode = 16832, st_nlink = 2,
st_uid = 0, st_gid = 0, st_rdev = 0, __pad2 = 0, st_size = 60, st_blksize = 4096,
st_blocks = 0, st_atim = {
tv_sec = 1542580403, tv_nsec = 128163439}, st_mtim = {tv_sec = 1542580752,
tv_nsec = 236241520}, st_ctim = {tv_sec = 1542580752, tv_nsec = 236241520}, __unused4 = 0,
__unused5 = 0}
__FUNCTION__ = "main"
```
#### Log Messages
No logs available since it happend on a production server.
<!--
Check the syslog file and if there are relevant log messages printed by Kamailio, add them
next, or attach to issue, or provide a link to download them (e.g., to a pastebin site).
-->
```
Jan 10 16:00:53 webrtc-as kernel: [25983771.956320] kamailio[29068]: segfault at 36c ip
b4f9bcb9 sp bf90f7a0 error 6 in tm.so[b4eeb000+117000]
```
#### SIP Traffic
No SIP traffic available.
<!--
If the issue is exposed by processing specific SIP messages, grab them with ngrep or save
in a pcap file, then add them next, or attach to issue, or provide a link to download them
(e.g., to a pastebin site).
-->
### Additional Information
* **Kamailio Version** - output of `kamailio -v`
```
version: kamailio 5.0.7 (i386/linux) 7ab0b1
flags: STATS: Off, USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS, DISABLE_NAGLE,
USE_MCAST, DNS_IP_HACK, SHM_MEM, SHM_MMAP, PKG_MALLOC, Q_MALLOC, F_MALLOC, TLSF_MALLOC,
DBG_SR_MEMORY, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR,
USE_DST_BLACKLIST, HAVE_RESOLV_RES
ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16, MAX_URI_SIZE 1024,
BUF_SIZE 65535, DEFAULT PKG_SIZE 8MB
poll method support: poll, select.
id: 7ab0b1
compiled on 22:43:08 Aug 27 2018 with gcc 4.7.2
```
* **Operating System**:
<!--
Details about the operating system, the type: Linux (e.g.,: Debian 8.4, Ubuntu 16.04,
CentOS 7.1, ...), MacOS, xBSD, Solaris, ...;
Kernel details (output of `uname -a`)
-->
```
Linux webrtc-as1 3.16.0-0.bpo.4-686-pae #1 SMP Debian 3.16.36-1+deb8u2~bpo70+1
(2016-10-19) i686 GNU/Linux
```
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/1806