[sr-dev] [tracker] Task opened: Kamailio 4.0.x crash with pua_reginfo : reginfo_handle_notify

sip-router bugtracker at sip-router.org
Thu Sep 12 07:29:02 CEST 2013


THIS IS AN AUTOMATED MESSAGE, DO NOT REPLY.

A new Flyspray task has been opened.  Details are below. 

User who did this - Wonbin Cho (wbcho) 

Attached to Project - sip-router
Summary - Kamailio 4.0.x crash with pua_reginfo : reginfo_handle_notify
Task Type - Bug Report
Category - Module
Status - Unconfirmed
Assigned To - 
Operating System - Linux
Severity - Critical
Priority - Normal
Reported Version - 4.0
Due in Version - Undecided
Due Date - Undecided
Details - Kamailio would crash when called the reginfo_handle_notify function of the PUA_REGINFO module.
Following is the log with debug level 9.

daemon.info /usr/sbin/kamailio[14933]: INFO: <script>: New Message: NOTIFY: sip:reginfo at 10.49.80.48 (<null> 10.49.80.40:5060) -> sip:reginfo at 10.49.80.48 (<null> 10.49.80.48:5060)
daemon.debug /usr/sbin/kamailio[14933]: DEBUG: <core> [select.c:425]: Calling SELECT 0x7e0cc81d2400
daemon.debug /usr/sbin/kamailio[14932]: DEBUG: pua [hash.c:397]: core_hash= 397
daemon.debug /usr/sbin/kamailio[14933]: DEBUG: tm [t_lookup.c:1395]: DEBUG: t_newtran: msg id=1 , global msg id=0 , T on entrance=0xffffffffffffffff
daemon.debug /usr/sbin/kamailio[14932]: DEBUG: pua [hash.c:406]: pres_uri= sip:6000 at phs3.kor.jwm2.net   watcher_uri=sip:reginfo at 10.49.80.48   callid= 7464330662d7a359-14926 at 127.0.0.1   from_tag= 533cb9e91f4b999cf76861cbb9ed54ed-2088
daemon.debug /usr/sbin/kamailio[14932]: DEBUG: pua [hash.c:413]: FOUND temporary dialog
daemon.debug /usr/sbin/kamailio[14932]: DEBUG: tm [t_reply.c:1547]: DEBUG: cleanup_uac_timers: RETR/FR timers reset
daemon.debug /usr/sbin/kamailio[14932]: DEBUG: <core> [usr_avp.c:644]: DEBUG:destroy_avp_list: destroying list (nil)
daemon.debug /usr/sbin/kamailio[14932]: DEBUG: <core> [usr_avp.c:644]: DEBUG:destroy_avp_list: destroying list (nil)
daemon.debug /usr/sbin/kamailio[14932]: DEBUG: <core> [usr_avp.c:644]: DEBUG:destroy_avp_list: destroying list (nil)
daemon.debug /usr/sbin/kamailio[14932]: DEBUG: <core> [usr_avp.c:644]: DEBUG:destroy_avp_list: destroying list (nil)
daemon.debug /usr/sbin/kamailio[14932]: DEBUG: <core> [usr_avp.c:644]: DEBUG:destroy_avp_list: destroying list (nil)
daemon.debug /usr/sbin/kamailio[14933]: DEBUG: <core> [parser/msg_parser.c:106]: found end of header
daemon.debug /usr/sbin/kamailio[14932]: DEBUG: <core> [usr_avp.c:644]: DEBUG:destroy_avp_list: destroying list (nil)
daemon.debug /usr/sbin/kamailio[14932]: DEBUG: <core> [xavp.c:447]: destroying xavp list (nil)
daemon.debug /usr/sbin/kamailio[14933]: DEBUG: tm [t_lookup.c:534]: t_lookup_request: start searching: hash=33078, isACK=0
daemon.debug /usr/sbin/kamailio[14932]: DEBUG: <core> [receive.c:293]: receive_msg: cleaning up
daemon.debug /usr/sbin/kamailio[14933]: DEBUG: tm [t_lookup.c:492]: DEBUG: RFC3261 transaction matching failed
daemon.debug /usr/sbin/kamailio[14933]: DEBUG: tm [t_lookup.c:716]: DEBUG: t_lookup_request: no transaction found
daemon.debug /usr/sbin/kamailio[14933]: DEBUG: tm [t_hooks.c:374]: DBG: trans=0x7e0cc631d5b0, callback type 1, id 0 entered
daemon.debug /usr/sbin/kamailio[14933]: DEBUG: pua [hash.c:558]: 'To' header ALREADY PARSED: <sip:reginfo at 10.49.80.48>
daemon.debug /usr/sbin/kamailio[14933]: DEBUG: pua [hash.c:361]: core_hash= 397
daemon.err /usr/sbin/kamailio[14933]: ERROR: pua [hash.c:607]: no record for the dialog found in hash table
daemon.debug /usr/sbin/kamailio[14933]: DEBUG: pua_reginfo [notify.c:409]: Body is <?xml version="1.0"?> <reginfo xmlns="urn:ietf:params:xml:ns:reginfo" version="0" state="full">   <registration aor="sip:6000 at phs3.kor.jwm2.net" id="0x692a484bf5f0"
kern.info kernel: [1824899.083979] kamailio[14933]: segfault at 0 ip 00007e0cc4edcd77 sp 00007ef57b8d3de0 error 4 in usrloc.so[7e0cc4ec6000+1c000]
kern.alert kernel: [1824899.084043] grsec: From 10.49.8.78: Segmentation fault occurred at            (nil) in /usr/sbin/kamailio[kamailio:14933] uid/euid:1000/1000 gid/egid:1000/1000, parent /usr/sbin/kamailio[kamailio:14902] uid/euid:1000/1000 g
daemon.crit /usr/sbin/kamailio[14962]: : <core> [pass_fd.c:293]: ERROR: receive_fd: EOF on 18
daemon.debug /usr/sbin/kamailio[14962]: DEBUG: <core> [tcp_main.c:3605]: DBG: handle_ser_child: dead child 8, pid 14933 (shutting down?)
daemon.debug /usr/sbin/kamailio[14962]: DEBUG: <core> [io_wait.h:617]: DBG: io_watch_del (0xb9762d347b0, 18, -1, 0x0) fd_no=21 called
daemon.alert /usr/sbin/kamailio[14902]: ALERT: <core> [main.c:788]: child process 14933 exited by a signal 11
daemon.alert /usr/sbin/kamailio[14902]: ALERT: <core> [main.c:791]: core was not generated
daemon.info /usr/sbin/kamailio[14902]: INFO: <core> [main.c:803]: INFO: terminating due to SIGCHLD
daemon.info /usr/sbin/kamailio[14959]: INFO: <core> [main.c:854]: INFO: signal 15 received


A simple fix for this might be:
"kamailio-4.0.1/modules/pua_reginfo/notify.c" Line 374

next_registration:
		// if (ul_record) ul.release_urecord(ul_record);		
		/* Unlock the domain for this AOR: */
		if(aor.len > 0) {
			ul.unlock_udomain(domain, &aor);
		}

		registrations = registrations->next;
	}



More information can be found at the following URL:
http://sip-router.org/tracker/index.php?do=details&task_id=338

You are receiving this message because you have requested it from the Flyspray bugtracking system.  If you did not expect this message or don't want to receive mails in future, you can change your notification settings at the URL shown above.



More information about the sr-dev mailing list