[sr-dev] [kamailio/kamailio] Kamailio-5.4.0 : Crashes from keepalive module (#2448)
sagarmalam
notifications at github.com
Mon Aug 31 11:44:21 CEST 2020
I have generated fresh core dump :
```
GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-110.el7
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /usr/local/sbin/kamailio...done.
[New LWP 77082]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Core was generated by `/usr/local/sbin/kamailio -m 5000 -M 500 -P /run/kamailio/kamailio.pid'.
Program terminated with signal 11, Segmentation fault.
#0 0x00007fee0197dc7c in ka_options_callback (t=0x7fecc97f8450, type=1024, ps=0x7ffc051e10f0) at keepalive_core.c:126
126 ka_dest->statechanged_clb(&ka_dest->uri, state, ka_dest->user_attr);
Missing separate debuginfos, use: debuginfo-install cyrus-sasl-lib-2.1.26-23.el7.x86_64 glibc-2.17-222.el7.x86_64 keyutils-libs-1.5.8-3.el7.x86_64 krb5-libs-1.15.1-19.el7.x86_64 libcom_err-1.42.9-12.el7_5.x86_64 libcurl-7.29.0-51.el7.x86_64 libevent-2.0.21-4.el7.x86_64 libgcc-4.8.5-36.el7_6.2.x86_64 libidn-1.28-4.el7.x86_64 libselinux-2.5-12.el7.x86_64 libssh2-1.4.3-10.el7_2.1.x86_64 libstdc++-4.8.5-36.el7_6.2.x86_64 libuuid-2.23.2-52.el7_5.1.x86_64 mariadb-libs-5.5.64-1.el7.x86_64 nspr-4.19.0-1.el7_5.x86_64 nss-3.36.0-5.el7_5.x86_64 nss-softokn-freebl-3.36.0-5.el7_5.x86_64 nss-util-3.36.0-1.el7_5.x86_64 openldap-2.4.44-15.el7_5.x86_64 openssl-libs-1.0.2k-16.el7_6.1.x86_64 pcre-8.32-17.el7.x86_64 zlib-1.2.7-18.el7.x86_64
(gdb) bt full
#0 0x00007fee0197dc7c in ka_options_callback (t=0x7fecc97f8450, type=1024, ps=0x7ffc051e10f0) at keepalive_core.c:126
uri = {
s = 0x7fecc97fa612 "sip:1006 at 10.50.8.11:9090;alias=10.50.8.1~5060~1;pb-ip=43.228.229.106;pb-pt=39524;tp=tcp>\r\nFrom: <sip:keepalive at fromsbc>;tag=c7bfd876be500fff196414658218fc27-ab6132c4\r\nCSeq: 10 OPTIONS\r\nCall-ID: 7d20b9"..., len = 87}
msg = 0x0
state = 1
state_routes = {0x7fee01983844 "", 0x7fee0198393d "keepalive:dst-up", 0x7fee0198394e "keepalive:dst-down"}
ka_dest = 0x7fecc98b1350
__FUNCTION__ = "ka_options_callback"
#1 0x00007fee08911dd8 in run_trans_callbacks_internal (cb_lst=0x7fecc97f84c8, type=1024, trans=0x7fecc97f8450, params=0x7ffc051e10f0)
at t_hooks.c:258
cbp = 0x7fecc97fa7b8
backup_from = 0xb2a750 <def_list+16>
backup_to = 0xb2a758 <def_list+24>
backup_dom_from = 0xb2a760 <def_list+32>
backup_dom_to = 0xb2a768 <def_list+40>
backup_uri_from = 0xb2a740 <def_list>
backup_uri_to = 0xb2a748 <def_list+8>
backup_xavps = 0xb29fd0 <_xavp_list_head>
backup_xavus = 0xb29fd8 <_xavu_list_head>
backup_xavis = 0xb29fe0 <_xavi_list_head>
__FUNCTION__ = "run_trans_callbacks_internal"
#2 0x00007fee08911f0a in run_trans_callbacks (type=1024, trans=0x7fecc97f8450, req=0x0, rpl=0x7fee0be2d230, code=200) at t_hooks.c:285
params = {req = 0x0, rpl = 0x7fee0be2d230, param = 0x7fecc97fa7c8, code = 200, flags = 0, branch = 0, t_rbuf = 0x0, dst = 0x0, send_buf = {
s = 0x0, len = 0}}
#3 0x00007fee088a83f1 in local_reply (t=0x7fecc97f8450, p_msg=0x7fee0be2d230, branch=0, msg_status=200, cancel_data=0x7ffc051e14e0)
at t_reply.c:2265
local_store = 0
local_winner = 0
reply_status = RPS_COMPLETED
winning_msg = 0x7fee0be2d230
winning_code = 200
totag_retr = 0
__FUNCTION__ = "local_reply"
#4 0x00007fee088ab28d in reply_received (p_msg=0x7fee0be2d230) at t_reply.c:2648
---Type <return> to continue, or q <return> to quit---
msg_status = 200
last_uac_status = 0
ack = 0x5adbb1 <sr_event_exec+415> "\211E\374\213E\374\351\270\002"
ack_len = 198791384
branch = 0
reply_status = 198791440
onreply_route = 0
cancel_data = {cancel_bitmap = 0, reason = {cause = 200, u = {text = {s = 0x0, len = 11322688}, e2e_cancel = 0x0, packed_hdrs = {s = 0x0,
len = 11322688}}}}
uac = 0x7fecc97f86e0
t = 0x7fecc97f8450
lack_dst = {send_sock = 0xacc673 <buf.7133+723>, to = {s = {sa_family = 50496,
sa_data = "\254\000\000\000\000\000@\025\036\005\374\177\000"}, sin = {sin_family = 50496, sin_port = 172, sin_addr = {s_addr = 0},
sin_zero = "@\025\036\005\374\177\000"}, sin6 = {sin6_family = 50496, sin6_port = 172, sin6_flowinfo = 0, sin6_addr = {__in6_u = {
__u6_addr8 = "@\025\036\005\374\177\000\000\240\327o\000\000\000\000", __u6_addr16 = {5440, 1310, 32764, 0, 55200, 111, 0, 0},
__u6_addr32 = {85857600, 32764, 7329696, 0}}}, sin6_scope_id = 85857600}, sas = {ss_family = 50496,
__ss_padding = "\254\000\000\000\000\000@\025\036\005\374\177\000\000\240\327o\000\000\000\000\000@\025\036\005\374\177\000\000l=s\000\000\000\000\000\220N\205\000\000\000\000\000\006-\001\000\207\000\000\000dr\205\000\000\000\000\000x\365\332\v\356\177\000\000sƬ\000\000\000\000\000\066Ŭ\000\000\000\000\000\000\025\036\005\374\177\000\000\020Q\331\v\356\177\000\000sƬ\000\000\000\000\000\060Ŭ\000\000\000\000",
__ss_align = 140720394343680}}, id = 0, send_flags = {f = 0, blst_imask = 0}, proto = -73 '\267', proto_pad0 = -60 '\304',
proto_pad1 = 172}
backup_user_from = 0x533d48 <get_send_socket2+38>
backup_user_to = 0x52be18 <init_su+941>
backup_domain_from = 0x3ce0c0
backup_domain_to = 0x737024 <get_hdr_field+6416>
backup_uri_from = 0x16
backup_uri_to = 0x8
backup_xavps = 0x7ffc051e16f0
backup_xavus = 0x0
backup_xavis = 0x0
replies_locked = 1
branch_ret = 524288000
prev_branch = 0
blst_503_timeout = 7582578
hf = 0x854e90
---Type <return> to continue, or q <return> to quit---
onsend_params = {req = 0x7ffc051e1540, rpl = 0x6c640e <qm_malloc+2479>, param = 0x854e90, code = 7562879, flags = 0, branch = 0,
t_rbuf = 0x3cd9f8, dst = 0x12d06, send_buf = {s = 0x41b8b0 <_start> "1\355I\211\321^H\211\342H\203\344\360PTI\307\300p\367|",
len = 85862032}}
ctx = {rec_lev = 0, run_flags = 0, last_retcode = 1, jmp_env = {{__jmpbuf = {77062, -1461319875154594989, 8736400, 7140757, 140720394343312,
140660373053456, 140660377843008, 140660373053456}, __mask_was_saved = 85857232, __saved_mask = {__val = {140660210063967,
140660373061248, 0, 524288000, 7312777, 3989744, 5422768, 5455176, 8, 140660377843104, 140660377843088, 140720394343424, 5954481,
0, 21483460608, 656}}}}}
bctx = 0x7fee0be2d230
keng = 0x0
ret = 0
evname = {s = 0x7fee08944dcc "on_sl_reply", len = 11}
__FUNCTION__ = "reply_received"
#5 0x000000000053bac3 in do_forward_reply (msg=0x7fee0be2d230, mode=0) at core/forward.c:757
new_buf = 0x0
dst = {send_sock = 0x0, to = {s = {sa_family = 0, sa_data = '\000' <repeats 13 times>}, sin = {sin_family = 0, sin_port = 0, sin_addr = {
s_addr = 0}, sin_zero = "\000\000\000\000\000\000\000"}, sin6 = {sin6_family = 0, sin6_port = 0, sin6_flowinfo = 0, sin6_addr = {
__in6_u = {__u6_addr8 = '\000' <repeats 15 times>, __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {0, 0, 0, 0}}},
sin6_scope_id = 0}, sas = {ss_family = 0, __ss_padding = '\000' <repeats 117 times>, __ss_align = 0}}, id = 0, send_flags = {f = 0,
blst_imask = 0}, proto = 0 '\000', proto_pad0 = 0 '\000', proto_pad1 = 0}
new_len = 1
r = 1
ip = {af = 4307120, len = 0, u = {addrl = {77062, 4259919}, addr32 = {77062, 0, 4259919, 0}, addr16 = {11526, 1, 0, 0, 79, 65, 0, 0},
addr = "\006-\001\000\000\000\000\000O\000A\000\000\000\000"}}
s = 0x7fee0be2da60 ""
len = 32764
__FUNCTION__ = "do_forward_reply"
#6 0x000000000053d795 in forward_reply (msg=0x7fee0be2d230) at core/forward.c:858
No locals.
#7 0x00000000005c70a4 in receive_msg (
buf=0xacc3a0 <buf.7133> "SIP/2.0 200 OK\r\nVia: SIP/2.0/UDP 198.136.226.11:5060;received=10.50.8.11;branch=z9hG4bK6e61.3b138063", '0' <repeats 24 times>, ".0\r\nRecord-Route: <sip:198.136.226.1:5060;lr>\r\nTo: <sip:1006 at 10.50.8.11:9090"..., len=723, rcv_info=0x7ffc051e1e10)
at core/receive.c:509
msg = 0x7fee0be2d230
ctx = {rec_lev = 0, run_flags = 0, last_retcode = 0, jmp_env = {{__jmpbuf = {0, 0, 0, 0, 0, 0, 0, 0}, __mask_was_saved = 0, __saved_mask = {
__val = {0 <repeats 13 times>, 77062, 140660911038800, 126}}}}}
---Type <return> to continue, or q <return> to quit---
bctx = 0x0
ret = -1
tvb = {tv_sec = 0, tv_usec = 0}
tve = {tv_sec = 0, tv_usec = 0}
diff = 0
inb = {
s = 0xacc3a0 <buf.7133> "SIP/2.0 200 OK\r\nVia: SIP/2.0/UDP 198.136.226.11:5060;received=10.50.8.11;branch=z9hG4bK6e61.3b138063", '0' <repeats 24 times>, ".0\r\nRecord-Route: <sip:198.136.226.1:5060;lr>\r\nTo: <sip:1006 at 10.50.8.11:9090"..., len = 723}
netinfo = {data = {s = 0x0, len = 0}, rcv = 0x0, dst = 0x0}
keng = 0x0
evp = {data = 0x7ffc051e1940, obuf = {s = 0x0, len = 0}, rcv = 0x7ffc051e1e10, dst = 0x0, req = 0x0, rpl = 0x0, rplcode = 0, mode = 0}
cidlockidx = 0
cidlockset = 0
errsipmsg = 0
exectime = 0
__FUNCTION__ = "receive_msg"
#8 0x000000000048c09e in udp_rcv_loop () at core/udp_server.c:543
len = 723
buf = "SIP/2.0 200 OK\r\nVia: SIP/2.0/UDP 198.136.226.11:5060;received=10.50.8.11;branch=z9hG4bK6e61.3b138063", '0' <repeats 24 times>, ".0\r\nRecord-Route: <sip:198.136.226.1:5060;lr>\r\nTo: <sip:1006 at 10.50.8.11:9090"...
tmp = 0x7fecc91ae520 ""
fromaddr = 0x7fee0bdcb8a8
fromaddrlen = 16
rcvi = {src_ip = {af = 2, len = 4, u = {addrl = {185086474, 0}, addr32 = {185086474, 0, 0, 0}, addr16 = {12810, 2824, 0, 0, 0, 0, 0, 0},
addr = "\n2\b\v", '\000' <repeats 11 times>}}, dst_ip = {af = 2, len = 4, u = {addrl = {185086474, 0}, addr32 = {185086474, 0, 0, 0},
addr16 = {12810, 2824, 0, 0, 0, 0, 0, 0}, addr = "\n2\b\v", '\000' <repeats 11 times>}}, src_port = 9090, dst_port = 5060,
proto_reserved1 = 0, proto_reserved2 = 0, src_su = {s = {sa_family = 2, sa_data = "#\202\n2\b\v\000\000\000\000\000\000\000"}, sin = {
sin_family = 2, sin_port = 33315, sin_addr = {s_addr = 185086474}, sin_zero = "\000\000\000\000\000\000\000"}, sin6 = {
sin6_family = 2, sin6_port = 33315, sin6_flowinfo = 185086474, sin6_addr = {__in6_u = {__u6_addr8 = '\000' <repeats 15 times>,
__u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}, sas = {ss_family = 2,
__ss_padding = "#\202\n2\b\v", '\000' <repeats 111 times>, __ss_align = 0}}, bind_address = 0x7fee0b9b2d88, proto = 1 '\001',
proto_pad0 = 0 '\000', proto_pad1 = 0}
evp = {data = 0x0, obuf = {s = 0x0, len = 0}, rcv = 0x0, dst = 0x0, req = 0x0, rpl = 0x0, rplcode = 0, mode = 0}
printbuf = "\000\000\000\000\r\000\000\000\220\356\234\v\356\177", '\000' <repeats 90 times>, "L\206G\311\354\177\000\000\260\270A\000\000\000\000\000\220&\036\005\374\177", '\000' <repeats 18 times>, "`\035\036\005\374\177\000\000XxT", '\000' <repeats 93 times>...
---Type <return> to continue, or q <return> to quit---
i = -1
j = 112640
l = 1
__FUNCTION__ = "udp_rcv_loop"
#9 0x0000000000429d17 in main_loop () at main.c:1683
i = 12
pid = 0
si = 0x7fee0b9b2d88
si_desc = "udp receiver child=12 sock=10.50.8.11:5060 (198.136.226.11:5060)\000\000\000\000\000\000\000\000\000@\027\311\354\177\000\000\002\000\000\000\000\000\000\000\200\262G\311\354\177\000\000\060!\036\005\374\177\000\000\210\212K\000\000\000\000\000\260\270A\000\000\000\000\000h\372\340\v\356\177\000"
nrprocs = 16
woneinit = 1
__FUNCTION__ = "main_loop"
#10 0x0000000000433a66 in main (argc=7, argv=0x7ffc051e2698) at main.c:2856
cfg_stream = 0x127d010
c = -1
r = 0
tmp = 0x7ffc051e3f26 ""
tmp_len = 0
port = 0
proto = 0
ahost = 0x0
aport = 0
options = 0x7d2498 ":f:cm:M:dVIhEeb:l:L:n:vKrRDTN:W:w:t:u:g:P:G:SQ:O:a:A:x:X:Y:"
ret = -1
seed = 2273675507
rfd = 4
debug_save = 0
debug_flag = 0
dont_fork_cnt = 0
n_lst = 0x0
p = 0x0
st = {st_dev = 23, st_ino = 30676, st_nlink = 2, st_mode = 16877, st_uid = 0, st_gid = 5001, __pad0 = 0, st_rdev = 0, st_size = 40,
st_blksize = 4096, st_blocks = 0, st_atim = {tv_sec = 1598866491, tv_nsec = 369804494}, st_mtim = {tv_sec = 1598866491,
---Type <return> to continue, or q <return> to quit---
tv_nsec = 360804455}, st_ctim = {tv_sec = 1598866491, tv_nsec = 369804494}, __unused = {0, 0, 0}}
tbuf = '\000' <repeats 88 times>, "p\342\252\000\000\000\000\000\260\270A\000\000\000\000\000\220&\036\005\374\177", '\000' <repeats 26 times>, "\036\237\201+\356\177\000\000\001", '\000' <repeats 23 times>, "\340\363\322*\356\177\000\000`&\036\005\374\177\000\000*\033\202+\356\177\000\000\034\000\000\000\000\000\000\000\000"...
option_index = 0
long_options = {{name = 0x7d468f "help", has_arg = 0, flag = 0x0, val = 104}, {name = 0x7cfc94 "version", has_arg = 0, flag = 0x0,
val = 118}, {name = 0x7d4694 "alias", has_arg = 1, flag = 0x0, val = 1024}, {name = 0x7d469a "subst", has_arg = 1, flag = 0x0,
val = 1025}, {name = 0x7d46a0 "substdef", has_arg = 1, flag = 0x0, val = 1026}, {name = 0x7d46a9 "substdefs", has_arg = 1, flag = 0x0,
val = 1027}, {name = 0x7d46b3 "server-id", has_arg = 1, flag = 0x0, val = 1028}, {name = 0x7d46bd "loadmodule", has_arg = 1, flag = 0x0,
val = 1029}, {name = 0x7d46c8 "modparam", has_arg = 1, flag = 0x0, val = 1030}, {name = 0x7d46d1 "log-engine", has_arg = 1, flag = 0x0,
val = 1031}, {name = 0x7d46dc "debug", has_arg = 1, flag = 0x0, val = 1032}, {name = 0x0, has_arg = 0, flag = 0x0, val = 0}}
__FUNCTION__ = "main"
(gdb)
(gdb)
(gdb)
(gdb)
(gdb)
(gdb)
(gdb)
(gdb)
(gdb) frame 0
#0 0x00007fee0197dc7c in ka_options_callback (t=0x7fecc97f8450, type=1024, ps=0x7ffc051e10f0) at keepalive_core.c:126
126 ka_dest->statechanged_clb(&ka_dest->uri, state, ka_dest->user_attr);
(gdb) p *ka_dest
$1 = {uri = {s = 0x113c98b000d <Address 0x113c98b000d out of bounds>, len = 0}, owner = {s = 0x7fecc98b1380 "uuid", len = 4}, flags = -913632379,
state = 32748, last_checked = 54, last_up = 4779817840673387893, last_down = 1598866510, counter = 0, ping_interval = 1316440388,
user_attr = 0x597855444f304544, statechanged_clb = 0x4d695657596b686a, response_clb = 0x4e786b7a4e30516a, sock = 0x4f7a4d324d355132, ip_address = {
af = 3031364, len = 0, u = {addrl = {3233857728, 2882400237}, addr32 = {3233857728, 0, 2882400237, 0}, addr16 = {49344, 49344, 0, 0, 61421,
43981, 0, 0}, addr = "\300\300\300\300\000\000\000\000\355\357ͫ\000\000\000"}}, port = 0, proto = 0, timer = 0x7fecc98b1580, next = 0x70}
(gdb)
```
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/2448#issuecomment-683678148
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-dev/attachments/20200831/eab41374/attachment-0001.htm>
More information about the sr-dev
mailing list