[sr-dev] [kamailio/kamailio] Segmentation fault using http_async_client on kamailio 5.0.0 (#1056)

Davy Van De Moere notifications at github.com
Wed Apr 5 12:03:06 CEST 2017


Using kamailio-dbg:

Reading symbols from /usr/sbin/kamailio...Reading symbols from /usr/lib/debug/.build-id/fe/4d6c322f76df685bbec9adafde99fc43c0bc6a.debug...done.
done.
[New LWP 11891]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `/usr/sbin/kamailio -f /etc/kamailio/kamailio.cfg'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00007f226e50760a in t_continue (hash_index=1984, label=122428216, route=0x7f2270bb15f0) at t_suspend.c:411
411	t_suspend.c: No such file or directory.
(gdb) bt full
#0  0x00007f226e50760a in t_continue (hash_index=1984, label=122428216, route=0x7f2270bb15f0) at t_suspend.c:411
        t = 0x7f2262786938
        faked_req = 0x7f226e4763a1 <t_lookup_ident+962>
        faked_req_len = 0
        cancel_data = {cancel_bitmap = 0, reason = {cause = 0, u = {text = {s = 0x0, len = 2}, e2e_cancel = 0x0, packed_hdrs = {s = 0x0, len = 2}}}}
        branch = 0
        uac = 0x0
        ret = 32765
        cb_type = 3
        msg_status = 32765
        last_uac_status = 1646426056
        reply_status = 4
        do_put_on_wait = 1
        hdr = 0xffffffff00000011
        prev = 0x0
        tmp = 0x0
        route_type_bk = 32546
        __FUNCTION__ = "t_continue"
#1  0x00007f226c317848 in async_http_cb (reply=0x7f22627d9d28, param=0x7f22626d16f8) at async_http.c:217
        aq = 0x7f22626d16f8
        act = 0x7f2270bb15f0
        tindex = 1984
        tlabel = 122428216
        t = 0x7f2262786938
        p = 0x0
        newbuf = {s = 0x0, len = 0}
        fmsg = 0x26c3860
        __FUNCTION__ = "async_http_cb"
#2  0x00007f226c311a72 in check_multi_info (g=0x7f22626ac5a8) at http_multi.c:573
        eff_url = 0x26cd640 "https://109.68.161.209:9443/customers/cdr/"
        msg = 0x26c3880
        msgs_left = 0
        easy = 0x26c3860
        res = CURLE_OK
        cell = 0x7f226279b068
        __FUNCTION__ = "check_multi_info"
#3  0x00007f226c3096a4 in event_cb (fd=11, kind=2, userp=0x26c3860) at http_multi.c:145
        g = 0x7f22626ac5a8
        rc = CURLM_OK
        easy = 0x26c3860
        cell = 0x7f226279b068
        __FUNCTION__ = "event_cb"
        action = 1
#4  0x00007f226be483dc in event_base_loop () from /usr/lib/x86_64-linux-gnu/libevent-2.0.so.5
No symbol table info available.
#5  0x00007f226c314c3d in async_http_run_worker (worker=0x7f2262418430) at async_http.c:86
No locals.
#6  0x00007f226c2fe86e in child_init (rank=0) at http_async_client_mod.c:367
---Type <return> to continue, or q <return> to quit--- 
        pid = 0
        i = 0
        __FUNCTION__ = "child_init"
#7  0x000000000053d8c2 in init_mod_child (m=0x7f2270a5d5c8, rank=0) at core/sr_module.c:921
        __FUNCTION__ = "init_mod_child"
#8  0x000000000053d5e0 in init_mod_child (m=0x7f2270a5e1e0, rank=0) at core/sr_module.c:918
        __FUNCTION__ = "init_mod_child"
#9  0x000000000053d5e0 in init_mod_child (m=0x7f2270a5e850, rank=0) at core/sr_module.c:918
        __FUNCTION__ = "init_mod_child"
#10 0x000000000053d5e0 in init_mod_child (m=0x7f2270a5edb0, rank=0) at core/sr_module.c:918
        __FUNCTION__ = "init_mod_child"
#11 0x000000000053d5e0 in init_mod_child (m=0x7f2270a5f420, rank=0) at core/sr_module.c:918
        __FUNCTION__ = "init_mod_child"
#12 0x000000000053d5e0 in init_mod_child (m=0x7f2270a5f8d0, rank=0) at core/sr_module.c:918
        __FUNCTION__ = "init_mod_child"
#13 0x000000000053d5e0 in init_mod_child (m=0x7f2270a5ffe8, rank=0) at core/sr_module.c:918
        __FUNCTION__ = "init_mod_child"
#14 0x000000000053d5e0 in init_mod_child (m=0x7f2270a60440, rank=0) at core/sr_module.c:918
        __FUNCTION__ = "init_mod_child"
#15 0x000000000053d5e0 in init_mod_child (m=0x7f2270a607e8, rank=0) at core/sr_module.c:918
        __FUNCTION__ = "init_mod_child"
#16 0x000000000053d5e0 in init_mod_child (m=0x7f2270a60b88, rank=0) at core/sr_module.c:918
        __FUNCTION__ = "init_mod_child"
#17 0x000000000053d5e0 in init_mod_child (m=0x7f2270a60fc8, rank=0) at core/sr_module.c:918
        __FUNCTION__ = "init_mod_child"
#18 0x000000000053d5e0 in init_mod_child (m=0x7f2270a61370, rank=0) at core/sr_module.c:918
        __FUNCTION__ = "init_mod_child"
#19 0x000000000053d5e0 in init_mod_child (m=0x7f2270a61780, rank=0) at core/sr_module.c:918
        __FUNCTION__ = "init_mod_child"
#20 0x000000000053d5e0 in init_mod_child (m=0x7f2270a61bc8, rank=0) at core/sr_module.c:918
        __FUNCTION__ = "init_mod_child"
#21 0x000000000053d5e0 in init_mod_child (m=0x7f2270a62380, rank=0) at core/sr_module.c:918
        __FUNCTION__ = "init_mod_child"
#22 0x000000000053d5e0 in init_mod_child (m=0x7f2270a62c00, rank=0) at core/sr_module.c:918
        __FUNCTION__ = "init_mod_child"
#23 0x000000000053d5e0 in init_mod_child (m=0x7f2270a65608, rank=0) at core/sr_module.c:918
        __FUNCTION__ = "init_mod_child"
#24 0x000000000053d5e0 in init_mod_child (m=0x7f2270a66290, rank=0) at core/sr_module.c:918
        __FUNCTION__ = "init_mod_child"
#25 0x000000000053d5e0 in init_mod_child (m=0x7f2270a66660, rank=0) at core/sr_module.c:918
        __FUNCTION__ = "init_mod_child"
#26 0x000000000053d5e0 in init_mod_child (m=0x7f2270a705d0, rank=0) at core/sr_module.c:918
        __FUNCTION__ = "init_mod_child"
#27 0x000000000053d5e0 in init_mod_child (m=0x7f2270a71ae0, rank=0) at core/sr_module.c:918
        __FUNCTION__ = "init_mod_child"
#28 0x000000000053dbf0 in init_child (rank=0) at core/sr_module.c:947
No locals.
#29 0x000000000042357c in main_loop () at main.c:1700
---Type <return> to continue, or q <return> to quit---
        i = 4
        pid = 11878
        si = 0x0
        si_desc = "udp receiver child=3 sock=185.165.211.54:5063\000\000\000\361\240u\000\000\000\000\000\000 \266\034$LU\250O\021\000\020\000\000\000\000a\021\230b\000\000\000\000\360xA\000\000\000\000\000\000\213\314Q\375\177", '\000' <repeats 18 times>, "\060\210\314Q\375\177\000\000\035\322^\000\000\000\000"
        nrprocs = 4
        woneinit = 1
        __FUNCTION__ = "main_loop"
#30 0x0000000000429f71 in main (argc=3, argv=0x7ffd51cc8b08) at main.c:2639
        cfg_stream = 0x25de010
        c = -1
        r = 0
        tmp = 0x7f22719c573d <_dl_lookup_symbol_x+349> "\203\370"
        tmp_len = 1897947560
        port = 32546
        proto = 1372359104
        options = 0x737490 ":f:cm:M:dVIhEeb:l:L:n:vKrRDTN:W:w:t:u:g:P:G:SQ:O:a:A:x:X:Y:"
        ret = -1
        seed = 444768467
        rfd = 4
        debug_save = 0
        debug_flag = 0
        dont_fork_cnt = 0
        n_lst = 0x0
        p = 0x1 <error: Cannot access memory at address 0x1>
        st = {st_dev = 47, st_ino = 29, st_nlink = 2, st_mode = 16877, st_uid = 104, st_gid = 110, __pad0 = 0, st_rdev = 0, st_size = 60, st_blksize = 4096, st_blocks = 0, 
          st_atim = {tv_sec = 1488206724, tv_nsec = 372702711}, st_mtim = {tv_sec = 1491386032, tv_nsec = 103114082}, st_ctim = {tv_sec = 1491386032, tv_nsec = 103114082}, 
          __glibc_reserved = {0, 0, 0}}
        __FUNCTION__ = "main"
(gdb) 
(gdb) info locals
t = 0x7f2262786938
faked_req = 0x7f226e4763a1 <t_lookup_ident+962>
faked_req_len = 0
cancel_data = {cancel_bitmap = 0, reason = {cause = 0, u = {text = {s = 0x0, len = 2}, e2e_cancel = 0x0, packed_hdrs = {s = 0x0, len = 2}}}}
branch = 0
uac = 0x0
ret = 32765
cb_type = 3
msg_status = 32765
last_uac_status = 1646426056
reply_status = 4
do_put_on_wait = 1
hdr = 0xffffffff00000011
prev = 0x0
tmp = 0x0
route_type_bk = 32546
__FUNCTION__ = "t_continue"

(gdb) list
406	in t_suspend.c
(gdb) 


The relevant part in the config which makes it crash is:

  $http_req(all) = $null;                    # reset the parameters
  $http_req(timeout) = 100;                  # 100 ms
  $http_req(method) = "POST";
     if ($rs=~"^[4-6][0-9][0-9]") {
          $http_req(body)="{'call_id': '" + $ci + "', 'from_ip': '" + $si + "', 'event': 'notanswered','disposition': '" + $rr ";
          http_async_query("https://<myserver>/customers/", "HTTP_REPLY");
          }
  I have http_async_query as well for invite, answers, ringing, etc, those all go well, but on call 4xx, 5xx, 6xx , it segfaults. 

With kamailio-dbg, we do see "411	t_suspend.c: No such file or directory." 


-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/1056#issuecomment-291814731
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-dev/attachments/20170405/e211b968/attachment-0001.html>


More information about the sr-dev mailing list