[SR-Users] Segmentaion fault in Kamailio 4.0.3

Mon Oct 21 20:15:05 CEST 2013

Hello,

can you upgrade to 4.0.4? there were some fixes related to new fields in 
sip message structure that resulted in some out bound memory inside 
transactions.

The config file and database is the same, so just re-install over the 
previous installation.

Cheers,
Daniel

On 10/21/13 11:10 AM, Morten Isaksen wrote:
> Hi,
>
> Our Kamailio has stopped with a segmentation fault 4 times the last week.
>
> There has been no changes to the configuration file the last 15 days, 
> so I suspect a SIP phone is sending a SIP packet that Kamailio does 
> not like.
>
> We have a core dump file but I cannot read anything usefull from the 
> backtrace. Can you see what is wrong from the backtrace?
>
> Regards
> Morten
>
> The output from gdb (bt full):
>
> Core was generated by `/usr/local/sbin/kamailio -P 
> /var/run/kamailio/kamailio.pid -m 256 -M 8 -u kamai'.
> Program terminated with signal 11, Segmentation fault.
> #0  0x00007f0e10de17b2 in cancel_branch (t=0x7f0dfbf38e10, branch=0, 
> reason=<value optimized out>, flags=4) at t_cancel.c:284
> 284             if (cfg_get(tm, tm_cfg, reparse_invite) ||
> Missing separate debuginfos, use: debuginfo-install 
> glibc-2.12-1.107.el6.x86_64 hiredis-0.10.1-3.el6.x86_64 
> keyutils-libs-1.4-4.el6.x86_64 krb5-libs-1.10.3-10.el6.x86_64 
> libcom_err-1.41.12-14.el6.x86_64 libselinux-2.0.94-5.3.el6.x86_64 
> libxml2-2.7.6-12.el6_4.1.x86_64 mysql-libs-5.1.67-1.el6_3.x86_64 
> nss-softokn-freebl-3.12.9-11.el6.x86_64 
> openssl-1.0.0-27.el6_4.2.x86_64 zlib-1.2.3-29.el6.x86_64
> (gdb) bt full
> #0  0x00007f0e10de17b2 in cancel_branch (t=0x7f0dfbf38e10, branch=0, 
> reason=<value optimized out>, flags=4) at t_cancel.c:284
>         cancel = <value optimized out>
>         len = <value optimized out>
>         crb = 0x7f0dfbf39008
>         irb = 0x7f0dfbf38f80
>         ret = 1
>         tmp_cd = {cancel_bitmap = 0, reason = {cause = 0, u = {text = 
> {s = 0x0, len = 0}, e2e_cancel = 0x0, packed_hdrs = {s = 0x0, len = 0}}}}
>         pcbuf = <value optimized out>
>         __FUNCTION__ = "cancel_branch"
> #1  0x00007f0e10e298ab in reply_received (p_msg=0x7f0e124ce760) at 
> t_reply.c:2194
>         msg_status = <value optimized out>
>         last_uac_status = 408
>         ack = 0x7f0dfbf38e10 "Ð
>                                \267\373\r\177"
>         ack_len = <value optimized out>
>         branch = 0
>         reply_status = <value optimized out>
>         onreply_route = <value optimized out>
>         cancel_data = {cancel_bitmap = 0, reason = {cause = 408, u = 
> {text = {s = 0x0, len = 307468800}, e2e_cancel = 0x0, packed_hdrs = {s 
> = 0x0, len = 307468800}}}}
>         uac = <value optimized out>
>         t = 0x7f0dfbf38e10
>         lack_dst = {send_sock = 0x0, to = {s = {sa_family = 6704, 
> sa_data = "\\#\377\177\000\000\000\000\000\000\000\000\000"}, sin = 
> {sin_family = 6704, sin_port = 9052, sin_addr = {s_addr = 32767},
>               sin_zero = "\000\000\000\000\000\000\000"}, sin6 = 
> {sin6_family = 6704, sin6_port = 9052, sin6_flowinfo = 32767, 
> sin6_addr = {__in6_u = {
>                   __u6_addr8 = 
> "\000\000\000\000\000\000\000\000p{1\022\016\177\000", __u6_addr16 = 
> {0, 0, 0, 0, 31600, 4657, 32526, 0}, __u6_addr32 = {0, 0, 305232752, 
> 32526}}},
>               sin6_scope_id = 307029856}}, id = 32526, proto = 28 
> '\034', send_flags = {f = 0 '\000', blst_imask = 0 '\000'}}
>         backup_user_from = <value optimized out>
>         backup_user_to = <value optimized out>
>         backup_domain_from = <value optimized out>
>         backup_domain_to = <value optimized out>
>         backup_uri_from = <value optimized out>
>         backup_uri_to = <value optimized out>
>         backup_xavps = <value optimized out>
>         replies_locked = 0
>         branch_ret = <value optimized out>
>         prev_branch = <value optimized out>
>         blst_503_timeout = <value optimized out>
>         hf = <value optimized out>
>         onsend_params = {req = 0x8d8a39, rpl = 0x541db4, param = 
> 0x7f0e1253e528, code = 307029856, flags = 32526, branch = 0, t_rbuf = 
> 0x7fff235c1a30, dst = 0x7f0e12317b70, send_buf = {
>             s = 0x375311000000000 <Address 0x375311000000000 out of 
> bounds>, len = 0}}
>         ctx = {rec_lev = 307491008, run_flags = 32526, last_retcode = 
> 5674412, jmp_env = {{__jmpbuf = {140733786626256, 63331951475841423, 
> 139698413054576, 139698413299552, 9276465, 139698039855608,
>                 -63254168797292145, 63332490682325391}, 
> __mask_was_saved = 0, __saved_mask = {__val = {139698413734928, 0, 
> 139698411522821, 1, 140733786626608, 6185835, 5972697, 8586176, 9275699,
>                   69026945952, 3, 9276465, 9275673, 139698413738496, 
> 9275961, 139698413760704}}}}}
>         __FUNCTION__ = "reply_received"
> #2  0x0000000000456444 in do_forward_reply (msg=0x7f0e124ce760, 
> mode=<value optimized out>) at forward.c:799
>         new_buf = 0x0
>         dst = {send_sock = 0x0, to = {s = {sa_family = 0, sa_data = 
> '\000' <repeats 13 times>}, sin = {sin_family = 0, sin_port = 0, 
> sin_addr = {s_addr = 0}, sin_zero = "\000\000\000\000\000\000\000"},
>             sin6 = {sin6_family = 0, sin6_port = 0, sin6_flowinfo = 0, 
> sin6_addr = {__in6_u = {__u6_addr8 = '\000' <repeats 15 times>, 
> __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {0, 0, 0, 0}}},
>               sin6_scope_id = 0}}, id = 0, proto = 0 '\000', 
> send_flags = {f = 0 '\000', blst_imask = 0 '\000'}}
>         new_len = <value optimized out>
>         r = <value optimized out>
>         s = <value optimized out>
>         len = <value optimized out>
>         __FUNCTION__ = "do_forward_reply"
> #3  0x000000000049e15e in receive_msg (buf=<value optimized out>, 
> len=313, rcv_info=0x7fff235c1cd0) at receive.c:270
>         msg = 0x7f0e124ce760
>         ctx = {rec_lev = 11, run_flags = 0, last_retcode = 206110737, 
> jmp_env = {{__jmpbuf = {139698036884436, 11, 219309716216, 
> 139698419720192, 140733786627520, 4294967295, 140733786627647, 1},
>               __mask_was_saved = 8576456, __saved_mask = {__val = {0, 
> 28, 16, 0, 219305533392, 1, 0, 139698411461552, 219309716216, 
> 139698036884436, 139698413732672, 139698419717800, 139698413732680,
>                   140733786627416, 219305559701, 140733786627288}}}}}
>         ret = <value optimized out>
>         inb = {
>           s = 0x8d8900 "SIP/2.0 100 Trying\r\nVia: SIP/2.0/UDP 
> 178.21.249.20;branch=z9hG4bK8149.c6575a95.0\r\nTo: 
> sip:201 at 78799865.pbx.one-connect.dk 
> <mailto:sip%3A201 at 78799865.pbx.one-connect.dk>;tag=07c44e68\r\nFrom: 
> sip:201 at 78799865.pbx.one-connect.dk 
> <mailto:sip%3A201 at 78799865.pbx.one-connect.dk>;tag=a6a1c5f60faecf035a"..., 
> len = 313}
>         __FUNCTION__ = "receive_msg"
> #4  0x0000000000530e46 in udp_rcv_loop () at udp_server.c:557
> ---Type <return> to continue, or q <return> to quit---
>         len = 313
>         buf = "SIP/2.0 100 Trying\r\nVia: SIP/2.0/UDP 
> 178.21.249.20;branch=z9hG4bK8149.c6575a95.0\r\nTo: 
> sip:201 at 78799865.pbx.one-connect.dk 
> <mailto:sip%3A201 at 78799865.pbx.one-connect.dk>;tag=07c44e68\r\nFrom: 
> sip:201 at 78799865.pbx.one-connect.dk 
> <mailto:sip%3A201 at 78799865.pbx.one-connect.dk>;tag=a6a1c5f60faecf035a"...
>         from = 0x7f0e12538340
>         fromlen = 16
>         ri = {src_ip = {af = 2, len = 4, u = {addrl = {2993962576, 0}, 
> addr32 = {2993962576, 0, 0, 0}, addr16 = {15952, 45684, 0, 0, 0, 0, 0, 
> 0}, addr = "P>t\262", '\000' <repeats 11 times>}}, dst_ip = {
>             af = 2, len = 4, u = {addrl = {351868338, 0}, addr32 = 
> {351868338, 0, 0, 0}, addr16 = {5554, 5369, 0, 0, 0, 0, 0, 0}, addr = 
> "\262\025\371\024", '\000' <repeats 11 times>}}, src_port = 35754,
>           dst_port = 5060, proto_reserved1 = 0, proto_reserved2 = 0, 
> src_su = {s = {sa_family = 2, sa_data = 
> "\213\252P>t\262\000\000\000\000\000\000\000"}, sin = {sin_family = 2, 
> sin_port = 43659,
>               sin_addr = {s_addr = 2993962576}, sin_zero = 
> "\000\000\000\000\000\000\000"}, sin6 = {sin6_family = 2, sin6_port = 
> 43659, sin6_flowinfo = 2993962576, sin6_addr = {__in6_u = {
>                   __u6_addr8 = '\000' <repeats 15 times>, __u6_addr16 
> = {0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {0, 0, 0, 0}}}, 
> sin6_scope_id = 0}}, bind_address = 0x7f0e124cfbd0, proto = 1 '\001'}
>         __FUNCTION__ = "udp_rcv_loop"
> #5  0x000000000046716a in main_loop () at main.c:1638
>         i = <value optimized out>
>         pid = <value optimized out>
>         si = <value optimized out>
>         si_desc = "udp receiver child=2 sock=178.21.249.20:5060 
> <http://178.21.249.20:5060>\000\000\000\000\200\303P\022\016\177\000\000\000\000\000\000\000\000\000\000\003\000\000\000\000\000\000\000\001\000\000\000\001\000\000\000@\350\216\000\000\000\000\000\001\000\000\000\000\000\000\000\200\350\216\000\000\000\000\000\000\000\200\020", 
> '\000' <repeats 12 times>, "\005\000\000\000\000\000\000"
>         nrprocs = <value optimized out>
>         __FUNCTION__ = "main_loop"
> #6  0x000000000046a002 in main (argc=<value optimized out>, 
> argv=<value optimized out>) at main.c:2566
>         cfg_stream = <value optimized out>
>         c = <value optimized out>
>         r = <value optimized out>
>         tmp = 0x7fff235c377f ""
>         tmp_len = 0
>         options = 0x5c08c8 
> ":f:cm:M:dVIhEeb:l:L:n:vKrRDTN:W:w:t:u:g:P:G:SQ:O:a:A:"
>         ret = -1
>         seed = 1722854551
>         rfd = <value optimized out>
>         debug_save = <value optimized out>
>         debug_flag = <value optimized out>
>         dont_fork_cnt = <value optimized out>
>         n_lst = <value optimized out>
>         p = <value optimized out>
>         __FUNCTION__ = "main"
> (gdb)
>
>
>
>
>
> -- 
> Morten Isaksen
>
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

-- 
Daniel-Constantin Mierla - http://www.asipto.com
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Kamailio Advanced Trainings - Berlin, Nov 25-28; Miami, Nov 18-20, 2013
   - more details about Kamailio trainings at http://www.asipto.com -

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20131021/0a688fa5/attachment-0001.html>