[sr-dev] [kamailio/kamailio] MOHQUEUE: Crash on procesing ACK (#2370)

Alexander Butenko notifications at github.com
Wed Jun 24 00:40:17 CEST 2020 

### Description

Kamailio is crashing every 2-3 calls with this sample config. I dont mind paying for a paid support. Please help :)

Ive used asterisk server to generate calls like
```
for i in `seq 1 4`;do asterisk -rx'originate Local/1 at test application MusicOnHold';done
extensions.conf:
[test]
exten => 1,1,Set(CALLERID(all)=12345)
        same=n,Dial(SIP/q_1_Test_Queue at 1.1.1.1:5060)


request_route {
    # MOH queue?
    if ($rU=~"c_" || $rU=~"q_") {
        if (mohq_process ()) {
            if (is_method("INVITE")) {
                route(ACCSTART);
                xlog("L_INFO", "QUEUE JOIN: $ci $rm from $fu to $rU/$ruri (IP:$si:$sp)\n");
            }
            exit;
        }
    }
}

route[ACCPREPARE] {
    $var(callid) = "$ci";
    $var(referCallid) = "";
    $var(did) = "$rU";
    $var(clid) = "$fU";
}

route[ACCSTART] {
    route(ACCPREPARE);
    xlog("L_INFO", "ACC START: did $var(did) didid $var(didid) action $var(action)-$var(value) valueid $var(valueid) trunk $si:$sp\n refered-by $(hdr(Referred-By))");
}
```
### Troubleshooting


```
Jun 23 22:33:38 dialer-gw-qa kamailio: INFO: <script>: ACC START: did $rU didid 0 action 0-0 valueid 0 trunk 45.55.203.176:5060#012 refered-by <null>
Jun 23 22:33:38 dialer-gw-qa kamailio: INFO: <script>: QUEUE JOIN: 42c9d48d39329106158a600b6c4b059e at xxxx:5060 INVITE from sip:12345 at xxxxx to q_1_Test_Queue/sip:q_1_Test_Queue at xxxxx:5060 
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff6825ad5 in t_check_msg (p_msg=0x7ffff76941a0, param_branch=0x0) at t_lookup.c:1086
1086	t_lookup.c: No such file or directory.
(gdb) 
(gdb) 
(gdb) bt
#0  0x00007ffff6825ad5 in t_check_msg (p_msg=0x7ffff76941a0, param_branch=0x0) at t_lookup.c:1086
#1  0x00007ffff6826997 in t_check (p_msg=0x7ffff76941a0, param_branch=0x0) at t_lookup.c:1137
#2  0x00007ffff68d1b94 in t_release (msg=0x7ffff76941a0) at tm.c:1528
#3  0x00007ffff68d1c0b in w_t_release (msg=0x7ffff76941a0, str=0x2 <error: Cannot access memory at address 0x2>, str2=0x7ffff76941a0 "\b") at tm.c:1540
#4  0x00007ffff64ce57f in ack_msg (pmsg=0x7ffff7695d38, pcall=0x7ffff2301050) at mohq_funcs.c:218
#5  0x00007ffff64e9431 in mohq_process (pmsg=0x7ffff7695d38) at mohq_funcs.c:2733
#6  0x0000555555731e23 in do_action (h=0x7fffffffcc90, a=0x7ffff76703b0, msg=0x7ffff7695d38) at core/action.c:1071
#7  0x000055555573fe86 in run_actions (h=0x7fffffffcc90, a=0x7ffff76703b0, msg=0x7ffff7695d38) at core/action.c:1576
#8  0x000055555574058c in run_actions_safe (h=0x7fffffffde80, a=0x7ffff76703b0, msg=0x7ffff7695d38) at core/action.c:1640
#9  0x0000555555593f30 in rval_get_int (h=0x7fffffffde80, msg=0x7ffff7695d38, i=0x7fffffffd000, rv=0x7ffff7670508, cache=0x0) at core/rvalue.c:915
#10 0x0000555555598a80 in rval_expr_eval_int (h=0x7fffffffde80, msg=0x7ffff7695d38, res=0x7fffffffd000, rve=0x7ffff7670500) at core/rvalue.c:1913
#11 0x0000555555731890 in do_action (h=0x7fffffffde80, a=0x7ffff7671ff8, msg=0x7ffff7695d38) at core/action.c:1047
#12 0x000055555573fe86 in run_actions (h=0x7fffffffde80, a=0x7ffff7671ff8, msg=0x7ffff7695d38) at core/action.c:1576
#13 0x0000555555731d8f in do_action (h=0x7fffffffde80, a=0x7ffff7672148, msg=0x7ffff7695d38) at core/action.c:1062
#14 0x000055555573fe86 in run_actions (h=0x7fffffffde80, a=0x7ffff7672148, msg=0x7ffff7695d38) at core/action.c:1576
#15 0x0000555555740698 in run_top_route (a=0x7ffff7672148, msg=0x7ffff7695d38, c=0x0) at core/action.c:1661
#16 0x0000555555747718 in receive_msg (
    buf=0x555555a31820 <buf> "ACK sip:q_1_Test_Queue at xxxx:5060 SIP/2.0\r\nVia: SIP/2.0/UDP xxxx:5060;branch=z9hG4bK1415e654\r\nMax-Forwards: 70\r\nFrom: <sip:12345 at xxx>;tag=as2aeac8b5\r\nTo: <sip:q_1_Test_Queu"..., len=429, rcv_info=0x7fffffffe270) at core/receive.c:423
#17 0x0000555555613318 in udp_rcv_loop () at core/udp_server.c:554
#18 0x00005555555857a5 in main_loop () at main.c:1471
#19 0x000055555559043b in main (argc=2, argv=0x7fffffffebb8) at main.c:2802
(gdb) 
```
#### SIP Traffic

there is nothing special in the SIP dialog. everything looks correct.

### Possible Solutions
no solution yet.

### Additional Information
````
Happens with all versions of kamailio 5.2.1,5.3.1-5.3.5
version: kamailio 5.3.5 (x86_64/linux) 
flags: USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS, DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MMAP, PKG_MALLOC, Q_MALLOC, F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLACKLIST, HAVE_RESOLV_RES, TLS_PTHREAD_MUTEX_SHARED
ADAPTIVE_WAIT_LOOPS 1024, MAX_RECV_BUFFER_SIZE 262144, MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT PKG_SIZE 8MB
poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
id: unknown 
compiled with gcc 8.3.0
```


* **Operating System**:
debian 10 latest updates
```


-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/2370
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-dev/attachments/20200623/f443b940/attachment.html>

More information about the sr-dev mailing list