Hi,

Our Kamailio has stopped with a segmentation fault 4 times the last week.

There has been no changes to the configuration file the last 15 days, so I suspect a SIP phone is sending a SIP packet that Kamailio does not like.

We have a core dump file but I cannot read anything usefull from the backtrace. Can you see what is wrong from the backtrace?

Regards
Morten

The output from gdb (bt full):

Core was generated by `/usr/local/sbin/kamailio -P /var/run/kamailio/kamailio.pid -m 256 -M 8 -u kamai'.
Program terminated with signal 11, Segmentation fault.
#0  0x00007f0e10de17b2 in cancel_branch (t=0x7f0dfbf38e10, branch=0, reason=<value optimized out>, flags=4) at t_cancel.c:284
284             if (cfg_get(tm, tm_cfg, reparse_invite) ||
Missing separate debuginfos, use: debuginfo-install glibc-2.12-1.107.el6.x86_64 hiredis-0.10.1-3.el6.x86_64 keyutils-libs-1.4-4.el6.x86_64 krb5-libs-1.10.3-10.el6.x86_64 libcom_err-1.41.12-14.el6.x86_64 libselinux-2.0.94-5.3.el6.x86_64 libxml2-2.7.6-12.el6_4.1.x86_64 mysql-libs-5.1.67-1.el6_3.x86_64 nss-softokn-freebl-3.12.9-11.el6.x86_64 openssl-1.0.0-27.el6_4.2.x86_64 zlib-1.2.3-29.el6.x86_64
(gdb) bt full
#0  0x00007f0e10de17b2 in cancel_branch (t=0x7f0dfbf38e10, branch=0, reason=<value optimized out>, flags=4) at t_cancel.c:284
        cancel = <value optimized out>
        len = <value optimized out>
        crb = 0x7f0dfbf39008
        irb = 0x7f0dfbf38f80
        ret = 1
        tmp_cd = {cancel_bitmap = 0, reason = {cause = 0, u = {text = {s = 0x0, len = 0}, e2e_cancel = 0x0, packed_hdrs = {s = 0x0, len = 0}}}}
        pcbuf = <value optimized out>
        __FUNCTION__ = "cancel_branch"
#1  0x00007f0e10e298ab in reply_received (p_msg=0x7f0e124ce760) at t_reply.c:2194
        msg_status = <value optimized out>
        last_uac_status = 408
        ack = 0x7f0dfbf38e10 "Ð
                               \267\373\r\177"
        ack_len = <value optimized out>
        branch = 0
        reply_status = <value optimized out>
        onreply_route = <value optimized out>
        cancel_data = {cancel_bitmap = 0, reason = {cause = 408, u = {text = {s = 0x0, len = 307468800}, e2e_cancel = 0x0, packed_hdrs = {s = 0x0, len = 307468800}}}}
        uac = <value optimized out>
        t = 0x7f0dfbf38e10
        lack_dst = {send_sock = 0x0, to = {s = {sa_family = 6704, sa_data = "\\#\377\177\000\000\000\000\000\000\000\000\000"}, sin = {sin_family = 6704, sin_port = 9052, sin_addr = {s_addr = 32767},
              sin_zero = "\000\000\000\000\000\000\000"}, sin6 = {sin6_family = 6704, sin6_port = 9052, sin6_flowinfo = 32767, sin6_addr = {__in6_u = {
                  __u6_addr8 = "\000\000\000\000\000\000\000\000p{1\022\016\177\000", __u6_addr16 = {0, 0, 0, 0, 31600, 4657, 32526, 0}, __u6_addr32 = {0, 0, 305232752, 32526}}},
              sin6_scope_id = 307029856}}, id = 32526, proto = 28 '\034', send_flags = {f = 0 '\000', blst_imask = 0 '\000'}}
        backup_user_from = <value optimized out>
        backup_user_to = <value optimized out>
        backup_domain_from = <value optimized out>
        backup_domain_to = <value optimized out>
        backup_uri_from = <value optimized out>
        backup_uri_to = <value optimized out>
        backup_xavps = <value optimized out>
        replies_locked = 0
        branch_ret = <value optimized out>
        prev_branch = <value optimized out>
        blst_503_timeout = <value optimized out>
        hf = <value optimized out>
        onsend_params = {req = 0x8d8a39, rpl = 0x541db4, param = 0x7f0e1253e528, code = 307029856, flags = 32526, branch = 0, t_rbuf = 0x7fff235c1a30, dst = 0x7f0e12317b70, send_buf = {
            s = 0x375311000000000 <Address 0x375311000000000 out of bounds>, len = 0}}
        ctx = {rec_lev = 307491008, run_flags = 32526, last_retcode = 5674412, jmp_env = {{__jmpbuf = {140733786626256, 63331951475841423, 139698413054576, 139698413299552, 9276465, 139698039855608,
                -63254168797292145, 63332490682325391}, __mask_was_saved = 0, __saved_mask = {__val = {139698413734928, 0, 139698411522821, 1, 140733786626608, 6185835, 5972697, 8586176, 9275699,
                  69026945952, 3, 9276465, 9275673, 139698413738496, 9275961, 139698413760704}}}}}
        __FUNCTION__ = "reply_received"
#2  0x0000000000456444 in do_forward_reply (msg=0x7f0e124ce760, mode=<value optimized out>) at forward.c:799
        new_buf = 0x0
        dst = {send_sock = 0x0, to = {s = {sa_family = 0, sa_data = '\000' <repeats 13 times>}, sin = {sin_family = 0, sin_port = 0, sin_addr = {s_addr = 0}, sin_zero = "\000\000\000\000\000\000\000"},
            sin6 = {sin6_family = 0, sin6_port = 0, sin6_flowinfo = 0, sin6_addr = {__in6_u = {__u6_addr8 = '\000' <repeats 15 times>, __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {0, 0, 0, 0}}},
              sin6_scope_id = 0}}, id = 0, proto = 0 '\000', send_flags = {f = 0 '\000', blst_imask = 0 '\000'}}
        new_len = <value optimized out>
        r = <value optimized out>
        s = <value optimized out>
        len = <value optimized out>
        __FUNCTION__ = "do_forward_reply"
#3  0x000000000049e15e in receive_msg (buf=<value optimized out>, len=313, rcv_info=0x7fff235c1cd0) at receive.c:270
        msg = 0x7f0e124ce760
        ctx = {rec_lev = 11, run_flags = 0, last_retcode = 206110737, jmp_env = {{__jmpbuf = {139698036884436, 11, 219309716216, 139698419720192, 140733786627520, 4294967295, 140733786627647, 1},
              __mask_was_saved = 8576456, __saved_mask = {__val = {0, 28, 16, 0, 219305533392, 1, 0, 139698411461552, 219309716216, 139698036884436, 139698413732672, 139698419717800, 139698413732680,
                  140733786627416, 219305559701, 140733786627288}}}}}
        ret = <value optimized out>
        inb = {
          s = 0x8d8900 "SIP/2.0 100 Trying\r\nVia: SIP/2.0/UDP 178.21.249.20;branch=z9hG4bK8149.c6575a95.0\r\nTo: sip:201@78799865.pbx.one-connect.dk;tag=07c44e68\r\nFrom: sip:201@78799865.pbx.one-connect.dk;tag=a6a1c5f60faecf035a"..., len = 313}
        __FUNCTION__ = "receive_msg"
#4  0x0000000000530e46 in udp_rcv_loop () at udp_server.c:557
---Type <return> to continue, or q <return> to quit---
        len = 313
        buf = "SIP/2.0 100 Trying\r\nVia: SIP/2.0/UDP 178.21.249.20;branch=z9hG4bK8149.c6575a95.0\r\nTo: sip:201@78799865.pbx.one-connect.dk;tag=07c44e68\r\nFrom: sip:201@78799865.pbx.one-connect.dk;tag=a6a1c5f60faecf035a"...
        from = 0x7f0e12538340
        fromlen = 16
        ri = {src_ip = {af = 2, len = 4, u = {addrl = {2993962576, 0}, addr32 = {2993962576, 0, 0, 0}, addr16 = {15952, 45684, 0, 0, 0, 0, 0, 0}, addr = "P>t\262", '\000' <repeats 11 times>}}, dst_ip = {
            af = 2, len = 4, u = {addrl = {351868338, 0}, addr32 = {351868338, 0, 0, 0}, addr16 = {5554, 5369, 0, 0, 0, 0, 0, 0}, addr = "\262\025\371\024", '\000' <repeats 11 times>}}, src_port = 35754,
          dst_port = 5060, proto_reserved1 = 0, proto_reserved2 = 0, src_su = {s = {sa_family = 2, sa_data = "\213\252P>t\262\000\000\000\000\000\000\000"}, sin = {sin_family = 2, sin_port = 43659,
              sin_addr = {s_addr = 2993962576}, sin_zero = "\000\000\000\000\000\000\000"}, sin6 = {sin6_family = 2, sin6_port = 43659, sin6_flowinfo = 2993962576, sin6_addr = {__in6_u = {
                  __u6_addr8 = '\000' <repeats 15 times>, __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}, bind_address = 0x7f0e124cfbd0, proto = 1 '\001'}
        __FUNCTION__ = "udp_rcv_loop"
#5  0x000000000046716a in main_loop () at main.c:1638
        i = <value optimized out>
        pid = <value optimized out>
        si = <value optimized out>
        si_desc = "udp receiver child=2 sock=178.21.249.20:5060\000\000\000\000\200\303P\022\016\177\000\000\000\000\000\000\000\000\000\000\003\000\000\000\000\000\000\000\001\000\000\000\001\000\000\000@\350\216\000\000\000\000\000\001\000\000\000\000\000\000\000\200\350\216\000\000\000\000\000\000\000\200\020", '\000' <repeats 12 times>, "\005\000\000\000\000\000\000"
        nrprocs = <value optimized out>
        __FUNCTION__ = "main_loop"
#6  0x000000000046a002 in main (argc=<value optimized out>, argv=<value optimized out>) at main.c:2566
        cfg_stream = <value optimized out>
        c = <value optimized out>
        r = <value optimized out>
        tmp = 0x7fff235c377f ""
        tmp_len = 0
        options = 0x5c08c8 ":f:cm:M:dVIhEeb:l:L:n:vKrRDTN:W:w:t:u:g:P:G:SQ:O:a:A:"
        ret = -1
        seed = 1722854551
        rfd = <value optimized out>
        debug_save = <value optimized out>
        debug_flag = <value optimized out>
        dont_fork_cnt = <value optimized out>
        n_lst = <value optimized out>
        p = <value optimized out>
        __FUNCTION__ = "main"
(gdb)





--
Morten Isaksen