[sr-dev] Crash bug on reply

Daniel-Constantin Mierla miconda at gmail.com
Fri May 16 23:06:21 CEST 2014


Providing the version makes things simpler and easier to answer when the 
source code is not around.

Anyhow, if you were using branch 4.1 or master, you have to upgrade to 
the latest version on the respective branch, there was a fix to an 
issues that looked like the trace you gave.

Cheers,
Daniel

On 16/05/14 21:06, Alex Balashov wrote:
> I'm running a version of Kamailio from commit 
> a7dc504075d3b5c74c6af6a3216338a0d604d1d8 (18 Feb), so I'm not sure if 
> this has been fixed.
>
> Anyway, I was testing a TCP client and the dialog went stale and was 
> timed out by the dialog module using a local BYE. One of the endpoints 
> responded to the BYE with a 481 message, and Kamailio appears to have 
> crashed on this.
>
> (gdb) where
> #0  0xb717c432 in t_reply_matching (p_msg=0xb7419990, 
> p_branch=0xbfe26e98)
>     at t_lookup.c:987
> #1  0xb717f52a in t_check_msg (p_msg=0xb7419990, param_branch=0xbfe26e98)
>     at t_lookup.c:1129
> #2  0xb71800e4 in t_check (p_msg=0xb7419990, param_branch=0xbfe26e98)
>     at t_lookup.c:1171
> #3  0xb71aa189 in reply_received (p_msg=0xb7419990) at t_reply.c:2187
> #4  0x0809fd8d in do_forward_reply (msg=0xb7419990, mode=-1289507656)
>     at forward.c:777
> #5  0x080eafb5 in receive_msg (
>     buf=0x82d6800 "SIP/2.0 481 Unknown Dialog\r\nVia: SIP/2.0/UDP 
> 208.52.173.18;branch=z9hG4bK931e.95a61f6", '0' <repeats 25 times>, 
> ".0\r\nTo: 
> <sip:+14046822836 at 208.52.173.18;user=phone>;tag=SDjfglb99-ac3f4687+1+f2d10012+a5eff02c\r\nFrom: 
> <sip:+1404xxxxxxx at yyyyyyyyyy.net;user=phone>;tag=acd791cf4\r\nCSeq: 
> 24980 BYE\r\nCall-ID: 3f7eb5b5-57ca-4de0-80eb-4d8f28ceb7ca\r\n\r\n", 
> len=337,
>     rcv_info=<value optimized out>) at receive.c:273
> #6  0x08184cd8 in udp_rcv_loop () at udp_server.c:536
> #7  0x080b0f10 in main_loop () at main.c:1617
> #8  0x080b4234 in main (argc=11, argv=0xbfe27374) at main.c:2533
>
> The actual crash is here:
>
> (gdb) frame 0
> #0  0xb717c432 in t_reply_matching (p_msg=0xb7419990, 
> p_branch=0xbfe26e98)
>     at t_lookup.c:987
> 987                    (p_msg->callid->body.len != 
> p_cell->uas.request->callid->body.len ||
>
> And, it would seem that the cause is that is p_cell->uas.request == NULL:
>
> (gdb) print p_cell->uas.request
> $1 = (struct sip_msg *) 0x0
>
> This is all the information I have, and unfortunately I don't think I 
> can reproduce this crash.
>
> -- Alex
>

-- 
Daniel-Constantin Mierla - http://www.asipto.com
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda




More information about the sr-dev mailing list