[kamailio/kamailio] xmpp module causes crash in component mode with prosody (Issue #4154) - sr-dev

23 Feb 2025


      jrozhon created an issue (kamailio/kamailio#4154)
<!--
Kamailio Project uses GitHub Issues only for bugs in the code or feature requests. Please use this template only for bug reports.
If you have questions about using Kamailio or related to its configuration file, ask on sr-users mailing list:
* https://lists.kamailio.org/mailman3/postorius/lists/sr-users.lists.kamailio....
If you have questions about developing extensions to Kamailio or its existing C code, ask on sr-dev mailing list:
* https://lists.kamailio.org/mailman3/postorius/lists/sr-dev.lists.kamailio.or...
Please try to fill this template as much as possible for any issue. It helps the developers to troubleshoot the issue.
Note that an issue report may be closed automatically after about 2 months
if there is no interest from developers or community users on pursuing it, being
considered expired. In such case, it can be reopened by writing a comment that includes
the token `/notexpired`. About two weeks before considered expired, the issue is
marked with the label `stale`, trying to notify the submitter and everyone else
that might be interested in it. To remove the label `stale`, write a comment that
includes the token `/notstale`. Also, any comment postpone the `expire` timeline,
being considered that there is interest in pursuing the issue.
If there is no content to be filled in a section, the entire section can be removed.
You can delete the comments from the template sections when filling.
You can delete next line and everything above before submitting (it is a comment).
-->
### Description
I have Kamailio configured to act as a gateway between SIP and XMPP in my lab setup. I only have module configured, no routing is implemented yet. When handshake with XMPP server (Prosody) occurs, Kamailio crashes.
### Troubleshooting
I cannot use newer version of kamailio as it crashes because of presence module. Older versions up to 5.5.7 behave the same.
If i get backtrace right crash is caused by a problem with parsing the incoming xml, but it seems fine to me.
#### Reproduction
Have prosody xmpp server configured to accept component connection from kamailio.
In kamailio have xmpp.so module loaded with following parameters set:
modparam("xmpp", "backend", "component")
modparam("xmpp", "gateway_domain", "kamailio-dns")
modparam("xmpp", "xmpp_domain", "xmpp-dns")
modparam("xmpp", "xmpp_host", "xmpp-dns")
modparam("xmpp", "xmpp_port", 5347)
modparam("xmpp", "xmpp_password", "shared-password")
#### Debugging Data
```
(gdb) bt full
#0  _xode_put_expatattribs (owner=0x13c5480, atts=0x13be6d0) at xstream.c:35
        i = 10
#1  0x00007f77df410211 in _xode_stream_startElement (xs=0x13c07f0, name=0x13c0170 "stream:stream", atts=0x13be6d0) at xstream.c:56
        p = 0x13be110
#2  0x00007f77df3c2934 in doContent () from /lib64/libexpat.so.1
No symbol table info available.
#3  0x00007f77df3c0fde in doProlog () from /lib64/libexpat.so.1
No symbol table info available.
#4  0x00007f77df3c1eac in prologProcessor () from /lib64/libexpat.so.1
No symbol table info available.
#5  0x00007f77df3b958f in callProcessor () from /lib64/libexpat.so.1
No symbol table info available.
#6  0x00007f77df3c60a7 in XML_ParseBuffer () from /lib64/libexpat.so.1
No symbol table info available.
#7  0x00007f77df410594 in xode_stream_eat (xs=0x13c07f0, 
    buff=0x7f77df4185e0 <buf> "<?xml version='1.0'?><stream:stream xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:component:accept' id='09b989ba-0ba4-4b58-ad8e-53b07fe2f13a' from='sip.xmpp.osk3.lab' xml:lang='en'>", len=197) at xstream.c:176
        err = 0x4000000 <error: Cannot access memory at address 0x4000000>
        xerr = 0x7f77e4d06ed0 <syslog>
        maxerr = "maximum node size reached"
        deeperr = "maximum node depth reached"
#8  0x00007f77df404955 in xmpp_component_child_process (data_pipe=9) at xmpp_component.c:237
        buf = 0x7f77df4185e0 <buf> "<?xml version='1.0'?><stream:stream xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:component:accept' id='09b989ba-0ba4-4b58-ad8e-53b07fe2f13a' from='sip.xmpp.osk3.lab' xml:lang='en'>"
        fd = 5
        maxfd = 9
        rv = 1
        fdset = {__fds_bits = {32, 0 <repeats 15 times>}}
        pool = 0x13bae50
        stream = 0x13c07f0
        priv = {fd = 5, running = 1}
        cmd = 0xa09250 <main_state+16>
        __func__ = "xmpp_component_child_process"
#9  0x00007f77df3fafef in xmpp_process (rank=1) at xmpp.c:280
        __func__ = "xmpp_process"
#10 0x00007f77df3fac4b in child_init (rank=0) at xmpp.c:263
        pid = 0
#11 0x0000000000650a0c in init_mod_child (m=0x7f77e44b8f90, rank=0) at core/sr_module.c:911
        ret = 0
        __func__ = "init_mod_child"
#12 0x0000000000650656 in init_mod_child (m=0x7f77e44b93e0, rank=0) at core/sr_module.c:903
        ret = 0
        __func__ = "init_mod_child"
#13 0x0000000000650656 in init_mod_child (m=0x7f77e44b9b78, rank=0) at core/sr_module.c:903
        ret = 0
        __func__ = "init_mod_child"
#14 0x0000000000650656 in init_mod_child (m=0x7f77e44ba000, rank=0) at core/sr_module.c:903
        ret = 0
        __func__ = "init_mod_child"
#15 0x0000000000650656 in init_mod_child (m=0x7f77e44bafa0, rank=0) at core/sr_module.c:903
        ret = 32
        __func__ = "init_mod_child"
#16 0x0000000000650656 in init_mod_child (m=0x7f77e44bb498, rank=0) at core/sr_module.c:903
        ret = 0
        __func__ = "init_mod_child"
#17 0x0000000000650656 in init_mod_child (m=0x7f77e44bbe58, rank=0) at core/sr_module.c:903
        ret = 0
        __func__ = "init_mod_child"
#18 0x0000000000650656 in init_mod_child (m=0x7f77e44bc370, rank=0) at core/sr_module.c:903
        ret = 1
        __func__ = "init_mod_child"
#19 0x0000000000651207 in init_child (rank=0) at core/sr_module.c:990
        ret = -464031792
        type = 0x884ffb "PROC_MAIN"
        __func__ = "init_child"
#20 0x000000000042fb48 in main_loop () at main.c:1929
        i = 8
        pid = 450007
        si = 0x0
        si_desc = "udp receiver child=7 sock=kamailio.osk3.lab:5060\000K\207\362\377\177\000\000\000\000\000\000\000\000\000\000PQ\207\362\377\177\000\000\263\266\204\000\000\000\000\0000\277K\344w\177\000\000\320n\320\344w\177\000\000\000\000\000\004\000\000\000\000jo\320\344w\177\000\0000\000\000\0000\000\000\000\bM\207\362\377\177\000"
        nrprocs = 8
        woneinit = 1
        __func__ = "main_loop"
#21 0x0000000000439d03 in main (argc=11, argv=0x7ffff2875268) at main.c:3213
        cfg_stream = 0x130b380
        c = -1
        r = 0
        tmp = 0x7ffff2876ea2 ""
        tmp_len = 0
        port = 0
        proto = 0
        ahost = 0x0
        aport = 0
        options = 0x8373a8 ":f:cm:M:dVIhEeb:l:L:n:vKrRDTN:W:w:t:u:g:P:G:SQ:O:a:A:x:X:Y:"
        ret = -1
        seed = 863415900
        rfd = 4
        debug_save = 0
        debug_flag = 0
        dont_fork_cnt = 2
        n_lst = 0x40
        p = 0x1000000 <error: Cannot access memory at address 0x1000000>
        st = {st_dev = 23, st_ino = 1015, st_nlink = 2, st_mode = 16832, st_uid = 977, st_gid = 976, __pad0 = 0, st_rdev = 0, st_size = 40, st_blksize = 4096, 
          st_blocks = 0, st_atim = {tv_sec = 1739449861, tv_nsec = 919999685}, st_mtim = {tv_sec = 1740224132, tv_nsec = 607723775}, st_ctim = {tv_sec = 1740224132, 
            tv_nsec = 607723775}, __glibc_reserved = {0, 0, 0}}
        tbuf = "9M\t\345w\177\000\000\210\n\006\345w\177\000\000\340N\207\362\377\177\000\000\006\000\000\000\000\000\000\000\b\367\005\345w\177\000\000\006\000\000\000\020\000\000\0000Z\t\345w\177\000\000\325\331\006\345w\177\000\000\000\000\000\000\000\000\000\000\240\354\006\345w\177\000\000\370\377\300\344w\177\000\000\000:\005\345w\177\000\000\000\000\000\000\000\000\000\000\001\000\000\000\000\000\000\000\260N\207\362\377\177\000\000\240\n\006\345w\177\000\000\240\n\006\345w\177\000\000\000\000\000\000\000\000\000\000`H\005\345w\177\000\000\260N\207\362\377\177\000\000\200e\t\345w\177\000\000\000\360\005\345w\177\000\000\342\373\005\345w\177\000\000v\244\006\345w\177\000\000\334#\300\344w\177\000\000"...
        option_index = 12
        long_options = {{name = 0x839a46 "help", has_arg = 0, flag = 0x0, val = 104}, {name = 0x8344f4 "version", has_arg = 0, flag = 0x0, val = 118}, {
            name = 0x839a4b "alias", has_arg = 1, flag = 0x0, val = 1024}, {name = 0x839a51 "subst", has_arg = 1, flag = 0x0, val = 1025}, {name = 0x839a57 "substdef", 
            has_arg = 1, flag = 0x0, val = 1026}, {name = 0x839a60 "substdefs", has_arg = 1, flag = 0x0, val = 1027}, {name = 0x839a6a "server-id", has_arg = 1, 
            flag = 0x0, val = 1028}, {name = 0x839a74 "loadmodule", has_arg = 1, flag = 0x0, val = 1029}, {name = 0x839a7f "modparam", has_arg = 1, flag = 0x0, 
            val = 1030}, {name = 0x839a88 "log-engine", has_arg = 1, flag = 0x0, val = 1031}, {name = 0x839a93 "debug", has_arg = 1, flag = 0x0, val = 1032}, {
            name = 0x839a99 "cfg-print", has_arg = 0, flag = 0x0, val = 1033}, {name = 0x839aa3 "atexit", has_arg = 1, flag = 0x0, val = 1034}, {
            name = 0x839aaa "all-errors", has_arg = 0, flag = 0x0, val = 1035}, {name = 0x0, has_arg = 0, flag = 0x0, val = 0}}
        __func__ = "main"
```
```
(gdb) info locals
i = 10
```
```
(gdb) list
30	static void _xode_put_expatattribs(xode owner, const char **atts)
31	{
32		int i = 0;
33		if(atts == NULL)
34			return;
35		while(*(atts[i]) != '\0') {
36			xode_put_attrib(owner, atts[i], atts[i + 1]);
37			i += 2;
38		}
39	}
```
#### Log Messages
<!--
Check the syslog file and if there are relevant log messages printed by Kamailio, add them next, or attach to issue, or provide a link to download them (e.g., to a pastebin site).
-->
```
Feb 22 11:39:10 kamailio /usr/sbin/kamailio[445061]: INFO: tls [tls_domain.c:418]: ksr_tls_fill_missing(): TLSc<default>: verify_client=0
Feb 22 11:39:10 kamailio /usr/sbin/kamailio[445061]: INFO: tls [tls_domain.c:781]: set_verification(): TLSc<default>: Server MAY present invalid certificate
Feb 22 11:39:10 kamailio /usr/sbin/kamailio[445109]: CRITICAL: <core> [core/pass_fd.c:281]: receive_fd(): EOF on 28
Feb 22 11:39:10 kamailio /usr/sbin/kamailio[445066]: INFO: tls [tls_mod.c:576]: mod_child(): OpenSSL loaded private keys in child: 3
Feb 22 11:39:11 kamailio /usr/sbin/kamailio[445107]: INFO: tls [tls_mod.c:576]: mod_child(): OpenSSL loaded private keys in child: 15
Feb 22 11:39:11 kamailio /usr/sbin/kamailio[445065]: INFO: tls [tls_mod.c:576]: mod_child(): OpenSSL loaded private keys in child: 2
Feb 22 11:39:11 kamailio /usr/sbin/kamailio[445088]: INFO: ctl [io_listener.c:214]: io_listen_loop(): using epoll_lt io watch method (config)
Feb 22 11:39:11 kamailio /usr/sbin/kamailio[445070]: INFO: tls [tls_mod.c:576]: mod_child(): OpenSSL loaded private keys in child: 4
Feb 22 11:39:11 kamailio /usr/sbin/kamailio[445064]: INFO: tls [tls_mod.c:576]: mod_child(): OpenSSL loaded private keys in child: 1
Feb 22 11:39:11 kamailio /usr/sbin/kamailio[445074]: INFO: tls [tls_mod.c:576]: mod_child(): OpenSSL loaded private keys in child: 7
Feb 22 11:39:11 kamailio /usr/sbin/kamailio[445076]: INFO: tls [tls_mod.c:576]: mod_child(): OpenSSL loaded private keys in child: 8
Feb 22 11:39:11 kamailio /usr/sbin/kamailio[445096]: INFO: tls [tls_mod.c:576]: mod_child(): OpenSSL loaded private keys in child: 9
Feb 22 11:39:11 kamailio /usr/sbin/kamailio[445085]: INFO: jsonrpcs [jsonrpcs_sock.c:471]: jsonrpc_dgram_process(): a new child 0/445085
Feb 22 11:39:11 kamailio /usr/sbin/kamailio[445072]: INFO: tls [tls_mod.c:576]: mod_child(): OpenSSL loaded private keys in child: 6
Feb 22 11:39:11 kamailio /usr/sbin/kamailio[445108]: INFO: tls [tls_mod.c:576]: mod_child(): OpenSSL loaded private keys in child: 16
Feb 22 11:39:11 kamailio /usr/sbin/kamailio[445061]: ALERT: <core> [main.c:792]: handle_sigs(): child process 445090 exited by a signal 11
Feb 22 11:39:11 kamailio /usr/sbin/kamailio[445061]: ALERT: <core> [main.c:796]: handle_sigs(): core was generated
Feb 22 11:39:11 kamailio /usr/sbin/kamailio[445061]: INFO: <core> [main.c:819]: handle_sigs(): terminating due to SIGCHLD
Feb 22 11:39:11 kamailio /usr/sbin/kamailio[445071]: INFO: tls [tls_mod.c:576]: mod_child(): OpenSSL loaded private keys in child: 5
Feb 22 11:39:11 kamailio /usr/sbin/kamailio[445066]: INFO: <core> [main.c:875]: sig_usr(): signal 15 received
Feb 22 11:39:11 kamailio /usr/sbin/kamailio[445065]: INFO: <core> [main.c:875]: sig_usr(): signal 15 received
Feb 22 11:39:11 kamailio /usr/sbin/kamailio[445076]: INFO: <core> [main.c:875]: sig_usr(): signal 15 received
Feb 22 11:39:11 kamailio /usr/sbin/kamailio[445064]: INFO: <core> [main.c:875]: sig_usr(): signal 15 received
Feb 22 11:39:11 kamailio /usr/sbin/kamailio[445083]: INFO: <core> [main.c:875]: sig_usr(): signal 15 received
Feb 22 11:39:11 kamailio /usr/sbin/kamailio[445089]: INFO: <core> [main.c:875]: sig_usr(): signal 15 received
Feb 22 11:39:11 kamailio /usr/sbin/kamailio[445081]: INFO: <core> [main.c:875]: sig_usr(): signal 15 received
Feb 22 11:39:11 kamailio /usr/sbin/kamailio[445109]: CRITICAL: <core> [core/pass_fd.c:281]: receive_fd(): EOF on 25
Feb 22 11:39:11 kamailio /usr/sbin/kamailio[445109]: CRITICAL: <core> [core/pass_fd.c:281]: receive_fd(): EOF on 17
Feb 22 11:39:11 kamailio /usr/sbin/kamailio[445109]: CRITICAL: <core> [core/pass_fd.c:281]: receive_fd(): EOF on 15
Feb 22 11:39:11 kamailio /usr/sbin/kamailio[445109]: CRITICAL: <core> [core/pass_fd.c:281]: receive_fd(): EOF on 8
Feb 22 11:39:11 kamailio /usr/sbin/kamailio[445088]: INFO: <core> [main.c:875]: sig_usr(): signal 15 received
Feb 22 11:39:11 kamailio /usr/sbin/kamailio[445109]: CRITICAL: <core> [core/pass_fd.c:281]: receive_fd(): EOF on 26
Feb 22 11:39:11 kamailio /usr/sbin/kamailio[445077]: INFO: <core> [main.c:875]: sig_usr(): signal 15 received
```
#### SIP Traffic
<!--
If the issue is exposed by processing specific SIP messages, grab them with ngrep or save in a pcap file, then add them next, or attach to issue, or provide a link to download them (e.g., to a pastebin site).
-->
```
no sip traffic, just simple xml exchanged
```
### Possible Solutions
<!--
If you found a solution or workaround for the issue, describe it. Ideally, provide a pull request with a fix.
-->
### Additional Information
* **Kamailio Version** - output of `kamailio -v`
```
version: kamailio 5.7.5 (x86_64/linux) 58499a
flags: USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS, DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MMAP, PKG_MALLOC, MEM_JOIN_FREE, Q_MALLOC, F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLOCKLIST, HAVE_RESOLV_RES, TLS_PTHREAD_MUTEX_SHARED
ADAPTIVE_WAIT_LOOPS 1024, MAX_RECV_BUFFER_SIZE 262144, MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT PKG_SIZE 8MB
poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
id: 58499a 
compiled on 00:00:00 Sep 13 2022 with gcc 11.4.1
```
* **Operating System**:
<!--
Details about the operating system, the type: Linux (e.g.,: Debian 8.4, Ubuntu 16.04, CentOS 7.1, ...), MacOS, xBSD, Solaris, ...;
Kernel details (output of `lsb_release -a` and `uname -a`)
-->
```
RHEL 9
Linux kamailio 5.14.0-503.15.1.el9_5.x86_64 #1 SMP PREEMPT_DYNAMIC Thu Nov 14 15:45:31 EST 2024 x86_64 x86_64 x86_64 GNU/Linux
```
-- 
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/4154
You are receiving this because you are subscribed to this thread.

Message ID: kamailio/kamailio/issues/4154@github.com