Hi!
Looking for some help as to why the SCA module is crashing randomly on 4.0.4. It has crashed several times with a backtrace that shows these stack calls:
(gdb) backtrace #0 0x00000000 in ?? () #1 0x4dceca11 in sca_hash_table_slot_kv_delete_unsafe () from /usr/lib/kamailio/modules/sca.so #2 0x4dcecaaa in sca_hash_table_slot_kv_delete () from /usr/lib/kamailio/modules/sca.so #3 0x4dcecb1e in sca_hash_table_index_kv_delete () from /usr/lib/kamailio/modules/sca.so #4 0x4dcecb99 in sca_hash_table_kv_delete () from /usr/lib/kamailio/modules/sca.so #5 0x4dcf30bc in sca_appearance_unregister () from /usr/lib/kamailio/modules/sca.so #6 0x4dd0d9b9 in sca_call_info_update () from /usr/lib/kamailio/modules/sca.so #7 0x126a6a9a in do_action () #8 0x126af88e in run_actions () #9 0x126a4731 in do_action () #10 0x126af88e in run_actions () #11 0x126b007f in run_top_route () #12 0x1269dd7e in receive_msg () #13 0x12734f01 in udp_rcv_loop () #14 0x126d3f56 in main_loop () #15 0x126d76de in main () The message that seemed to trigger the crash in this particular case was the following INVITE:
INVITE sip:35705@10.250.16.71;user=phone SIP/2.0 *Record-Route:*sip:10.250.16.70;lr=on;ftag=D8B14B68-93D21A25;did=513b.a3741 *Via:* SIP/2.0/UDP 10.250.16.70;branch=z9hG4bKc43b.14d180e6.0 *Via:* SIP/2.0/UDP 10.250.88.116;branch=z9hG4bK8d3ec33e632D8AB3 *From:* PIN-1 WKL USA sip:15862@*obscured*;tag=D8B14B68-93D21A25 *To:* sip:0@*obscured*;user=phone *CSeq:* 1 INVITE *Call-ID:* c69594c-ff17a5d9-d6ed4f6a@10.250.88.116 *Contact:* sip:15862@10.250.88.116 *Allow:* INVITE, ACK, BYE, CANCEL, OPTIONS, INFO, MESSAGE, SUBSCRIBE, NOTIFY, PRACK, UPDATE, REFER *User-Agent:* PolycomSoundPointIP-SPIP_335-UA/4.0.3.7562 *Accept-Language:* en *Supported:* 100rel,replaces *Allow-Events:* conference,talk,hold *Max-Forwards:* 32 *Content-Type:* application/sdp *Content-Length:* 296
v=0 o=- 1383792680 1383792680 IN IP4 10.250.88.116 s=Polycom IP Phone c=IN IP4 10.250.88.116 t=0 0 a=sendrecv m=audio 2230 RTP/AVP 9 18 0 8 101 a=rtpmap:9 G722/8000 a=rtpmap:18 G729/8000 a=fmtp:18 annexb=no a=rtpmap:0 PCMU/8000 a=rtpmap:8 PCMA/8000 a=rtpmap:101 telephone-event/8000 I have a pcap trace that shows all the calls from 3 hours prior and this is the first time this device appeared.
I followed the code down to the sca_hash_table_slot_kv_delete_unsafe ()routine and it appears to have crashed when it tried to use e->free_entry which seems to have been NULL at that point. I'm not sure how it could be NULL since it should have been initialized in sca_hash_table_slot_kv_insert_unsafe (). I'm guessing that either e->free_entry was never initialized or somehow it was overwritten. Since several backtraces end in the same way the bug seems to have be specific to some sequence of events I have not been able to identify.
Any help tracking this down would be appreciated.
Thanks, Bob