[sr-dev] [kamailio/kamailio] Segfault in t_reply of Kamailio v5.2.2 rev. 9bc44f (#2055)

Muhammad Shahzad Shafi notifications at github.com
Tue Sep 3 16:06:47 CEST 2019 

<!--
Kamailio Project uses GitHub Issues only for bugs in the code or feature requests. Please use this template only for bug reports.

If you have questions about using Kamailio or related to its configuration file, ask on sr-users mailing list:

  * http://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

If you have questions about developing extensions to Kamailio or its existing C code, ask on sr-dev mailing list:

  * http://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev

Please try to fill this template as much as possible for any issue. It helps the developers to troubleshoot the issue.

If there is no content to be filled in a section, the entire section can be removed.

You can delete the comments from the template sections when filling.

You can delete next line and everything above before submitting (it is a comment).
-->

### Description
Kamailio v5.2.2 rev. 9bc44f randomly crashes once a week. The problem seems to be related to TM and ASYNC modules as seen in back-trace of dump core below.

<!--
Explain what you did, what you expected to happen, and what actually happened.
-->

### Troubleshooting
None. We have dump core file available for analysis.

#### Reproduction
Randomly, roughly once every 5 to 7 days.

<!--
If the issue can be reproduced, describe how it can be done.
-->

#### Debugging Data

<!--
If you got a core dump, use gdb to extract troubleshooting data - full backtrace,
local variables and the list of the code at the issue location.

  gdb /path/to/kamailio /path/to/corefile
  bt full
  info locals
  list

If you are familiar with gdb, feel free to attach more of what you consider to
be relevant.
-->

```
Program terminated with signal 11, Segmentation fault.
#0  0xb4ecdb33 in faked_env (t=0x7ad779f8, msg=0x0, is_async_env=1) at t_reply.c:813
813     t_reply.c: No such file or directory.

(gdb) info locals
__FUNCTION__ = "faked_env"

(gdb) list
808     in t_reply.c

(gdb) bt full
#0  0xb4ecdb33 in faked_env (t=0x7ad779f8, msg=0x0, is_async_env=1) at t_reply.c:813
        __FUNCTION__ = "faked_env"
#1  0xb4eedba2 in t_continue_helper (hash_index=48512, label=393930873, rtact=0xb5ba6184, cbname=0x0, cbparam=0x0) at t_suspend.c:337
        t = 0x7ad779f8
        backup_T = 0xffffffff
        backup_T_branch = -1
        faked_req = 0x7afdf1bc
        brpl = 0x0
        erpl = 0x8055fd2
        faked_req_len = 3176
        cancel_data = {cancel_bitmap = 3076137104, reason = {cause = 26896, u = {text = {s = 0xb51cc7e0 "\254\026\003", len = 134606304}, e2e_cancel = 0xb51cc7e0,
              packed_hdrs = {s = 0xb51cc7e0 "\254\026\003", len = 134606304}}}}
        branch = 0
        uac = 0x7ad77b64
        ret = 0
        cb_type = 2
        msg_status = -1256442488
        last_uac_status = -1245318100
        reply_status = 137942287
        do_put_on_wait = 134606304
        hdr = 0xb55987d8
        prev = 0x0
        tmp = 0x0
        route_type_bk = 1
        keng = 0x0
        evname = {s = 0xb4f31305 "tm:continue", len = 11}
        __FUNCTION__ = "t_continue_helper"
#2  0xb4ef0a2d in t_continue (hash_index=48512, label=393930873, route=0xb5ba6184) at t_suspend.c:583
No locals.
#3  0xb43ceac3 in async_exec_task (param=0x7a94bf54) at async_sleep.c:233
        atp = 0x7a94bf54
        keng = 0x0
        cbname = {s = 0x0, len = 0}
        evname = {s = 0xb43d1a94 "async:task-exec", len = 15}
        __FUNCTION__ = "async_exec_task"
#4  0x080894c6 in async_task_run (idx=4) at core/async_task.c:282
        ptask = 0x7a94bf4c
        received = 4
        __FUNCTION__ = "async_task_run"
#5  0x08087ca1 in async_task_child_init (rank=0) at core/async_task.c:185
        pid = 0
        i = 3
        __FUNCTION__ = "async_task_child_init"
#6  0x08201d26 in init_child (rank=0) at core/sr_module.c:871
        ret = 62
#7  0x0806b3d9 in main_loop () at main.c:1737
        i = 4
        pid = 5982
        si = 0x0
        si_desc = "udp receiver child=3 sock=85.118.42.43:5080\000\000\002a\267гn\267p\037\000\000\240\263n\267\364\237n\267\240\263n\267`\025\316\b\220W\371\277\315\002a\267\220\000\000\000`\025\316\b\364\237n\267\025\000\000\000\060X\371\277\355\ng\267\060/\316\b0/\316\b at q\245\265\000@\000\000@\220n\267\000\000\000"
        nrprocs = 4
        woneinit = 1
        __FUNCTION__ = "main_loop"
#8  0x08071e84 in main (argc=13, argv=0xbff95be4) at main.c:2696
        cfg_stream = 0x8bd3008
        c = -1
        r = 0
        tmp = 0xbff96822 ""
        tmp_len = -1218858976
        port = 2209
        proto = 1
        options = 0x83779a8 ":f:cm:M:dVIhEeb:l:L:n:vKrRDTN:W:w:t:u:g:P:G:SQ:O:a:A:x:X:Y:"
        ret = -1
        seed = 1217010649
        rfd = 4
        debug_save = 0
        debug_flag = 0
        dont_fork_cnt = 0
        n_lst = 0xbff95be4
        p = 0x805e474 "[\201\303\060\037@"
        st = {st_dev = 14, __pad1 = 0, st_ino = 10873, st_mode = 16832, st_nlink = 2, st_uid = 0, st_gid = 0, st_rdev = 0, __pad2 = 0, st_size = 120,
          st_blksize = 4096, st_blocks = 0, st_atim = {tv_sec = 1559687937, tv_nsec = 2808493}, st_mtim = {tv_sec = 1566372756, tv_nsec = 587274417}, st_ctim = {
            tv_sec = 1567450779, tv_nsec = 139516276}, __unused4 = 0, __unused5 = 0}
        __FUNCTION__ = "main"

```

#### Log Messages

<!--
Check the syslog file and if there are relevant log messages printed by Kamailio, add them next, or attach to issue, or provide a link to download them (e.g., to a pastebin site).
-->

```
Sep  3 03:02:03 webrtc-as1 kernel: [7785063.653846] kamailio[5987]: segfault at 318 ip b4ecdb33 sp bff94f90 error 6 in tm.so[b4e15000+12a000]
```

#### SIP Traffic
Not available

### Possible Solutions
N/A

### Additional Information

  * **Kamailio Version** - output of `kamailio -v`

```
version: kamailio 5.2.2 (i386/linux) 9bc44f
flags: STATS: Off, USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS, DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MEM, SHM_MMAP, PKG_MALLOC, Q_MALLOC, F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLACKLIST, HAVE_RESOLV_RES
ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144 MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT PKG_SIZE 8MB
poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
id: 9bc44f -dirty
compiled on 11:33:22 Apr 29 2019 with gcc 4.7.2
```

* **Operating System**:

<!--
Details about the operating system, the type: Linux (e.g.,: Debian 8.4, Ubuntu 16.04, CentOS 7.1, ...), MacOS, xBSD, Solaris, ...;
Kernel details (output of `uname -a`)
-->

```
Linux webrtc-as1 3.16.0-0.bpo.4-686-pae #1 SMP Debian 3.16.36-1+deb8u2~bpo70+1 (2016-10-19) i686 GNU/Linux
```


-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/2055
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-dev/attachments/20190903/a4985626/attachment-0001.html>

More information about the sr-dev mailing list