Re: [SR-Users] Segmentaion fault in Kamailio 4.0.3

21 Oct 2013


      Hello,
can you upgrade to 4.0.4? there were some fixes related to new fields in 
sip message structure that resulted in some out bound memory inside 
transactions.
The config file and database is the same, so just re-install over the 
previous installation.
Cheers,
Daniel
On 10/21/13 11:10 AM, Morten Isaksen wrote:
...
Hi,
Our Kamailio has stopped with a segmentation fault 4 times the last week.
There has been no changes to the configuration file the last 15 days, 
so I suspect a SIP phone is sending a SIP packet that Kamailio does 
not like.
We have a core dump file but I cannot read anything usefull from the 
backtrace. Can you see what is wrong from the backtrace?
Regards
Morten
The output from gdb (bt full):
Core was generated by `/usr/local/sbin/kamailio -P 
/var/run/kamailio/kamailio.pid -m 256 -M 8 -u kamai'.
Program terminated with signal 11, Segmentation fault.
#0  0x00007f0e10de17b2 in cancel_branch (t=0x7f0dfbf38e10, branch=0, 
reason=<value optimized out>, flags=4) at t_cancel.c:284
284             if (cfg_get(tm, tm_cfg, reparse_invite) ||
Missing separate debuginfos, use: debuginfo-install 
glibc-2.12-1.107.el6.x86_64 hiredis-0.10.1-3.el6.x86_64 
keyutils-libs-1.4-4.el6.x86_64 krb5-libs-1.10.3-10.el6.x86_64 
libcom_err-1.41.12-14.el6.x86_64 libselinux-2.0.94-5.3.el6.x86_64 
libxml2-2.7.6-12.el6_4.1.x86_64 mysql-libs-5.1.67-1.el6_3.x86_64 
nss-softokn-freebl-3.12.9-11.el6.x86_64 
openssl-1.0.0-27.el6_4.2.x86_64 zlib-1.2.3-29.el6.x86_64
(gdb) bt full
#0  0x00007f0e10de17b2 in cancel_branch (t=0x7f0dfbf38e10, branch=0, 
reason=<value optimized out>, flags=4) at t_cancel.c:284
        cancel = <value optimized out>
        len = <value optimized out>
        crb = 0x7f0dfbf39008
        irb = 0x7f0dfbf38f80
        ret = 1
        tmp_cd = {cancel_bitmap = 0, reason = {cause = 0, u = {text = 
{s = 0x0, len = 0}, e2e_cancel = 0x0, packed_hdrs = {s = 0x0, len = 0}}}}
        pcbuf = <value optimized out>
        __FUNCTION__ = "cancel_branch"
#1  0x00007f0e10e298ab in reply_received (p_msg=0x7f0e124ce760) at 
t_reply.c:2194
        msg_status = <value optimized out>
        last_uac_status = 408
        ack = 0x7f0dfbf38e10 "Ð
                               \267\373\r\177"
        ack_len = <value optimized out>
        branch = 0
        reply_status = <value optimized out>
        onreply_route = <value optimized out>
        cancel_data = {cancel_bitmap = 0, reason = {cause = 408, u = 
{text = {s = 0x0, len = 307468800}, e2e_cancel = 0x0, packed_hdrs = {s 
= 0x0, len = 307468800}}}}
        uac = <value optimized out>
        t = 0x7f0dfbf38e10
        lack_dst = {send_sock = 0x0, to = {s = {sa_family = 6704, 
sa_data = "\#\377\177\000\000\000\000\000\000\000\000\000"}, sin = 
{sin_family = 6704, sin_port = 9052, sin_addr = {s_addr = 32767},
              sin_zero = "\000\000\000\000\000\000\000"}, sin6 = 
{sin6_family = 6704, sin6_port = 9052, sin6_flowinfo = 32767, 
sin6_addr = {__in6_u = {
                  __u6_addr8 = 
"\000\000\000\000\000\000\000\000p{1\022\016\177\000", __u6_addr16 = 
{0, 0, 0, 0, 31600, 4657, 32526, 0}, __u6_addr32 = {0, 0, 305232752, 
32526}}},
              sin6_scope_id = 307029856}}, id = 32526, proto = 28 
'\034', send_flags = {f = 0 '\000', blst_imask = 0 '\000'}}
        backup_user_from = <value optimized out>
        backup_user_to = <value optimized out>
        backup_domain_from = <value optimized out>
        backup_domain_to = <value optimized out>
        backup_uri_from = <value optimized out>
        backup_uri_to = <value optimized out>
        backup_xavps = <value optimized out>
        replies_locked = 0
        branch_ret = <value optimized out>
        prev_branch = <value optimized out>
        blst_503_timeout = <value optimized out>
        hf = <value optimized out>
        onsend_params = {req = 0x8d8a39, rpl = 0x541db4, param = 
0x7f0e1253e528, code = 307029856, flags = 32526, branch = 0, t_rbuf = 
0x7fff235c1a30, dst = 0x7f0e12317b70, send_buf = {
            s = 0x375311000000000 <Address 0x375311000000000 out of 
bounds>, len = 0}}
        ctx = {rec_lev = 307491008, run_flags = 32526, last_retcode = 
5674412, jmp_env = {{__jmpbuf = {140733786626256, 63331951475841423, 
139698413054576, 139698413299552, 9276465, 139698039855608,
                -63254168797292145, 63332490682325391}, 
__mask_was_saved = 0, __saved_mask = {__val = {139698413734928, 0, 
139698411522821, 1, 140733786626608, 6185835, 5972697, 8586176, 9275699,
                  69026945952, 3, 9276465, 9275673, 139698413738496, 
9275961, 139698413760704}}}}}
        __FUNCTION__ = "reply_received"
#2  0x0000000000456444 in do_forward_reply (msg=0x7f0e124ce760, 
mode=<value optimized out>) at forward.c:799
        new_buf = 0x0
        dst = {send_sock = 0x0, to = {s = {sa_family = 0, sa_data = 
'\000' <repeats 13 times>}, sin = {sin_family = 0, sin_port = 0, 
sin_addr = {s_addr = 0}, sin_zero = "\000\000\000\000\000\000\000"},
            sin6 = {sin6_family = 0, sin6_port = 0, sin6_flowinfo = 0, 
sin6_addr = {__in6_u = {__u6_addr8 = '\000' <repeats 15 times>, 
__u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {0, 0, 0, 0}}},
              sin6_scope_id = 0}}, id = 0, proto = 0 '\000', 
send_flags = {f = 0 '\000', blst_imask = 0 '\000'}}
        new_len = <value optimized out>
        r = <value optimized out>
        s = <value optimized out>
        len = <value optimized out>
        __FUNCTION__ = "do_forward_reply"
#3  0x000000000049e15e in receive_msg (buf=<value optimized out>, 
len=313, rcv_info=0x7fff235c1cd0) at receive.c:270
        msg = 0x7f0e124ce760
        ctx = {rec_lev = 11, run_flags = 0, last_retcode = 206110737, 
jmp_env = {{__jmpbuf = {139698036884436, 11, 219309716216, 
139698419720192, 140733786627520, 4294967295, 140733786627647, 1},
              __mask_was_saved = 8576456, __saved_mask = {__val = {0, 
28, 16, 0, 219305533392, 1, 0, 139698411461552, 219309716216, 
139698036884436, 139698413732672, 139698419717800, 139698413732680,
                  140733786627416, 219305559701, 140733786627288}}}}}
        ret = <value optimized out>
        inb = {
          s = 0x8d8900 "SIP/2.0 100 Trying\r\nVia: SIP/2.0/UDP 
178.21.249.20;branch=z9hG4bK8149.c6575a95.0\r\nTo: 
sip:201@78799865.pbx.one-connect.dk 
mailto:sip%3A201@78799865.pbx.one-connect.dk;tag=07c44e68\r\nFrom: 
sip:201@78799865.pbx.one-connect.dk 
mailto:sip%3A201@78799865.pbx.one-connect.dk;tag=a6a1c5f60faecf035a"..., 
len = 313}
        __FUNCTION__ = "receive_msg"
#4  0x0000000000530e46 in udp_rcv_loop () at udp_server.c:557
---Type <return> to continue, or q <return> to quit---
        len = 313
        buf = "SIP/2.0 100 Trying\r\nVia: SIP/2.0/UDP 
178.21.249.20;branch=z9hG4bK8149.c6575a95.0\r\nTo: 
sip:201@78799865.pbx.one-connect.dk 
mailto:sip%3A201@78799865.pbx.one-connect.dk;tag=07c44e68\r\nFrom: 
sip:201@78799865.pbx.one-connect.dk 
mailto:sip%3A201@78799865.pbx.one-connect.dk;tag=a6a1c5f60faecf035a"...
        from = 0x7f0e12538340
        fromlen = 16
        ri = {src_ip = {af = 2, len = 4, u = {addrl = {2993962576, 0}, 
addr32 = {2993962576, 0, 0, 0}, addr16 = {15952, 45684, 0, 0, 0, 0, 0, 
0}, addr = "P>t\262", '\000' <repeats 11 times>}}, dst_ip = {
            af = 2, len = 4, u = {addrl = {351868338, 0}, addr32 = 
{351868338, 0, 0, 0}, addr16 = {5554, 5369, 0, 0, 0, 0, 0, 0}, addr = 
"\262\025\371\024", '\000' <repeats 11 times>}}, src_port = 35754,
          dst_port = 5060, proto_reserved1 = 0, proto_reserved2 = 0, 
src_su = {s = {sa_family = 2, sa_data = 
"\213\252P>t\262\000\000\000\000\000\000\000"}, sin = {sin_family = 2, 
sin_port = 43659,
              sin_addr = {s_addr = 2993962576}, sin_zero = 
"\000\000\000\000\000\000\000"}, sin6 = {sin6_family = 2, sin6_port = 
43659, sin6_flowinfo = 2993962576, sin6_addr = {__in6_u = {
                  __u6_addr8 = '\000' <repeats 15 times>, __u6_addr16 
= {0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {0, 0, 0, 0}}}, 
sin6_scope_id = 0}}, bind_address = 0x7f0e124cfbd0, proto = 1 '\001'}
        __FUNCTION__ = "udp_rcv_loop"
#5  0x000000000046716a in main_loop () at main.c:1638
        i = <value optimized out>
        pid = <value optimized out>
        si = <value optimized out>
        si_desc = "udp receiver child=2 sock=178.21.249.20:5060 
http://178.21.249.20:5060\000\000\000\000\200\303P\022\016\177\000\000\000\000\000\000\000\000\000\000\003\000\000\000\000\000\000\000\001\000\000\000\001\000\000\000@\350\216\000\000\000\000\000\001\000\000\000\000\000\000\000\200\350\216\000\000\000\000\000\000\000\200\020", 
'\000' <repeats 12 times>, "\005\000\000\000\000\000\000"
        nrprocs = <value optimized out>
        __FUNCTION__ = "main_loop"
#6  0x000000000046a002 in main (argc=<value optimized out>, 
argv=<value optimized out>) at main.c:2566
        cfg_stream = <value optimized out>
        c = <value optimized out>
        r = <value optimized out>
        tmp = 0x7fff235c377f ""
        tmp_len = 0
        options = 0x5c08c8 
":f:cm:M:dVIhEeb:l:L:n:vKrRDTN:W:w:t:u:g:P:G:SQ:O:a:A:"
        ret = -1
        seed = 1722854551
        rfd = <value optimized out>
        debug_save = <value optimized out>
        debug_flag = <value optimized out>
        dont_fork_cnt = <value optimized out>
        n_lst = <value optimized out>
        p = <value optimized out>
        __FUNCTION__ = "main"
(gdb)
-- 
Morten Isaksen

SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
-- 
Daniel-Constantin Mierla - http://www.asipto.com
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Kamailio Advanced Trainings - Berlin, Nov 25-28; Miami, Nov 18-20, 2013
   - more details about Kamailio trainings at http://www.asipto.com -

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

Re: [SR-Users] Segmentaion fault in Kamailio 4.0.3