[SR-Users] Crash Kamailio 4.1.4

Igor Potjevlesch igor.potjevlesch at gmail.com
Tue Sep 23 19:16:47 CEST 2014


Hello Daniel,

 

Patching has been done in the same time than the upgrade to 4.1.5.

A new crash occurred in pvapi.c (in addition of my other recent post “Crash Kamailio 4.1.5”).

 

Here is the result of a “bt full”:

#0  0x000000000049580e in pv_get_strval (msg=0x7f14efe24ea8, param=0x7f14fb65d058, res=0x7fff6c6b7430, sval=0x22) at pvapi.c:521

No locals.

#1  0x00007f14f9677f2b in pv_get_pai (msg=0x7f14efe24ea8, param=0x7f14fb65d058, res=0x7fff6c6b7430) at pv_core.c:1026

        idxf = 0

        idx = 0

        pai_body = 0x7f14fb679d38

        pai_uri = 0xa

        i = 0

        cur_id = 0

        __FUNCTION__ = "pv_get_pai"

#2  0x0000000000499594 in pv_get_spec_value (msg=0x7f14efe24ea8, sp=0x7f14fb65d040, value=0x7fff6c6b7430) at pvapi.c:1266

        ret = 0

        __FUNCTION__ = "pv_get_spec_value"

#3  0x00007f14f7d3481d in extra2strar (extra=0x7f14fb65d030, rq=0x7f14efe24ea8, val_arr=0x7f14f7f41e30, int_arr=0x7f14f7f4237c, type_arr=0x7f14f7f424e7 "\002\002\002\002") at acc_extra.c:261

        value = {rs = {s = 0x0, len = 0}, ri = 0, flags = 0}

        n = 4

        r = 0

        __FUNCTION__ = "extra2strar"

#4  0x00007f14f7d2c3e3 in acc_db_request (rq=0x7f14efe24ea8) at acc.c:474

        m = 7

        n = -270381400

        i = 6

        t = 0x414cc0

        __FUNCTION__ = "acc_db_request"

#5  0x00007f14f7d36bc8 in acc_onreply (t=0x7f14efe525b8, req=0x7f14efe24ea8, reply=0x7f14fb670c48, code=200) at acc_logic.c:471

        new_uri_bk = {s = 0x7f14efe25590 "sip:ABCDEFGHIJ@<IP_GW>oTE sINVITE sip:ABCDEFGHIJ at sip.fqdn.tld SIP/2.0\r\nVia: SIP/2.0/UDP <IP_UAC>:5060;branch=z9hG4bK5f32deec\r\nMax-Forwards: 69\r\nFrom: \"KLMNOPQRST\" <sip:KLMNOPQRST at sip.fqdn."..., len = 19}

        br = 0

        hdr = 0x7f14f7d3dc20

        __FUNCTION__ = "acc_onreply"

#6  0x00007f14f7d3730a in tmcb_func (t=0x7f14efe525b8, type=512, ps=0x7fff6c6b76b0) at acc_logic.c:573

        __FUNCTION__ = "tmcb_func"

#7  0x00007f14f9f3146c in run_trans_callbacks_internal (cb_lst=0x7f14efe52628, type=512, trans=0x7f14efe525b8, params=0x7fff6c6b76b0) at t_hooks.c:290

        cbp = 0x7f14ee4c81b0

        backup_from = 0x934630

        backup_to = 0x934638

        backup_dom_from = 0x934640

        backup_dom_to = 0x934648

        backup_uri_from = 0x934620

        backup_uri_to = 0x934628

        backup_xavps = 0x934760

        __FUNCTION__ = "run_trans_callbacks_internal"

#8  0x00007f14f9f3167e in run_trans_callbacks_with_buf (type=512, rbuf=0x7f14efe52678, req=0x7f14efe24ea8, repl=0x7f14fb670c48, flags=183) at t_hooks.c:336

        params = {req = 0x7f14efe24ea8, rpl = 0x7f14fb670c48, param = 0x7f14ee4c81c0, code = 200, flags = 183, branch = 0, t_rbuf = 0x7f14efe52678, dst = 0x7f14efe526c8, send_buf = {

            s = 0x7f14efd7c408 "SIP/2.0 200 OK\r\nVia: SIP/2.0/UDP <IP_UAC>:5060;rport=5060;branch=z9hG4bK5f32deec\r\nCall-ID: 7846f7332ce6a7db4484c3d06ce1c387 at sip.fqdn.tld\r\nFrom: \"KLMNOPQRST\" <sip:KLMNOPQRST at sip.fqdn.tld>"..., len = 980}}

        trans = 0x7f14efe525b8

#9  0x00007f14f9f63bfa in relay_reply (t=0x7f14efe525b8, p_msg=0x7f14fb670c48, branch=0, msg_status=183, cancel_data=0x7fff6c6b7a10, do_put_on_wait=1) at t_reply.c:2001

        relay = 0

        save_clone = 0

        buf = 0x7f14fb67e740 "SIP/2.0 183 Session Progress\r\nVia: SIP/2.0/UDP <IP_UAC>:5060;rport=5060;branch=z9hG4bK5f32deec\r\nCall-ID: 7846f7332ce6a7db4484c3d06ce1c387 at sip.fqdn.tld\r\nFrom: \"KLMNOPQRST\" <sip:KLMNOPQRST at tru"...

        res_len = 777

        relayed_code = 183

        relayed_msg = 0x7f14fb670c48

        reply_bak = 0x414cc0

        bm = {to_tag_val = {s = 0x7f14efe53b50 "", len = -79437808}}

        totag_retr = 0

        reply_status = RPS_PROVISIONAL

        uas_rb = 0x7f14efe52678

        to_tag = 0x0

        reason = {s = 0x800000001 <Address 0x800000001 out of bounds>, len = 1}

        onsend_params = {req = 0x200924970, rpl = 0x7f14f9f83f90, param = 0x414cc0, code = 1818984640, flags = 3, branch = 0, t_rbuf = 0x0, dst = 0x7f14fb670e40, send_buf = {s = 0x7fff6c6b7830 "`xkl\377\177", len = -101469275}}

        __FUNCTION__ = "relay_reply"

#10 0x00007f14f9f660ab in reply_received (p_msg=0x7f14fb670c48) at t_reply.c:2499

        msg_status = 183

        last_uac_status = 183

        ack = 0x40 <Address 0x40 out of bounds>

        ack_len = 0

        branch = 0

        reply_status = -77092928

        onreply_route = 1

        cancel_data = {cancel_bitmap = 0, reason = {cause = 0, u = {text = {s = 0x0, len = 9586205}, e2e_cancel = 0x0, packed_hdrs = {s = 0x0, len = 9586205}}}}

        uac = 0x7f14efe52720

        t = 0x7f14efe525b8

        lack_dst = {send_sock = 0x7f14fb584420, to = {s = {sa_family = 57360, sa_data = "C\373\024\177\000\000\000F#\000\000\000\000"}, sin = {sin_family = 57360, sin_port = 64323, sin_addr = {s_addr = 32532}, sin_zero = "\000F#\000\000\000\000"}, sin6 = {

              sin6_family = 57360, sin6_port = 64323, sin6_flowinfo = 32532, sin6_addr = {__in6_u = {__u6_addr8 = "\000F#\000\000\000\000\000\020\341C\373\024\177\000", __u6_addr16 = {17920, 35, 0, 0, 57616, 64323, 32532, 0}, __u6_addr32 = {2311680, 0, 4215529744, 

                    32532}}}, sin6_scope_id = 4215529744}}, id = 32532, proto = 96 '`', send_flags = {f = 64 '@', blst_imask = 103 'g'}}

        backup_user_from = 0x934630

        backup_user_to = 0x934638

        backup_domain_from = 0x934640

       backup_domain_to = 0x934648

        backup_uri_from = 0x934620

        backup_uri_to = 0x934628

        backup_xavps = 0x934760

        replies_locked = 1

        branch_ret = 0

        prev_branch = 1818983120

        blst_503_timeout = 32767

        hf = 0x7f14fb670c68

        onsend_params = {req = 0x7fff6c6b7a90, rpl = 0x550bb0, param = 0x234540, code = 0, flags = 3, branch = 0, t_rbuf = 0x7f14fb43e380, dst = 0x7f14fb674030, send_buf = {s = 0x7fff6c6b7a90 "`G\223", len = 5538065}}

        ctx = {rec_lev = 0, run_flags = 0, last_retcode = 0, jmp_env = {{__jmpbuf = {139728093908544, 1898006658898931560, 4279488, 140735012372672, 0, 0, 1898006658936680296, -1897762211976106136}, __mask_was_saved = 0, __saved_mask = {__val = {9586373, 

                  1365809186688, 124554051613, 9586450, 139728093947840, 9587056, 9586211, 361695345073193192, 9586309, 9586288, 4217874320, 139728093947840, 139728093942016, 139728093908544, 4279488, 140735012372672}}}}}

        __FUNCTION__ = "reply_received"

#11 0x000000000045d853 in do_forward_reply (msg=0x7f14fb670c48, mode=0) at forward.c:777

        new_buf = 0x0

        dst = {send_sock = 0x0, to = {s = {sa_family = 0, sa_data = '\000' <repeats 13 times>}, sin = {sin_family = 0, sin_port = 0, sin_addr = {s_addr = 0}, sin_zero = "\000\000\000\000\000\000\000"}, sin6 = {sin6_family = 0, sin6_port = 0, sin6_flowinfo = 0, 

              sin6_addr = {__in6_u = {__u6_addr8 = '\000' <repeats 15 times>, __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}, id = 0, proto = 0 '\000', send_flags = {f = 0 '\000', blst_imask = 0 '\000'}}

        new_len = 32532

        r = 1

        s = 0x370fb670c50 <Address 0x370fb670c50 out of bounds>

        len = 0

        __FUNCTION__ = "do_forward_reply"

#12 0x000000000045e114 in forward_reply (msg=0x7f14fb670c48) at forward.c:860

No locals.

#13 0x00000000004a5903 in receive_msg (buf=0x924600 "SIP/2.0 183 Session Progress\r\nVia: SIP/2.0/UDP <IP_KAMAILIO>;branch=z9hG4bKca48.51c2c569361ea0fedd9c6c70c21b5eed.0;received=<IP_KAMAILIO>\r\nVia: SIP/2.0/UDP <IP_UAC>:5060;rport=5060;branch=z9hG4bK5f32d"..., 

    len=880, rcv_info=0x7fff6c6b7d90) at receive.c:273

        msg = 0x7f14fb670c48

        ctx = {rec_lev = 8868984, run_flags = 0, last_retcode = 0, jmp_env = {{__jmpbuf = {0, 0, 0, 263853236176, 1, 0, 171719254808, 9586112}, __mask_was_saved = 1818983832, __saved_mask = {__val = {139728091862768, 12884901899, 139728091862768, 4279488, 

                  140735012372672, 140735012371728, 5477982, 0, 139727728366976, 50195, 171356018048, 9586112, 140735012371856, 140735012371776, 5474817, 4279488}}}}}

        ret = 32532

        inb = {s = 0x924600 "SIP/2.0 183 Session Progress\r\nVia: SIP/2.0/UDP <IP_KAMAILIO>;branch=z9hG4bKca48.51c2c569361ea0fedd9c6c70c21b5eed.0;received=<IP_KAMAILIO>\r\nVia: SIP/2.0/UDP <IP_UAC>:5060;rport=5060;branch=z9hG4bK5f32d"..., len = 880}

        __FUNCTION__ = "receive_msg"

#14 0x000000000053c9c4 in udp_rcv_loop () at udp_server.c:536

        len = 880

        buf = "SIP/2.0 183 Session Progress\r\nVia: SIP/2.0/UDP <IP_KAMAILIO>;branch=z9hG4bKca48.51c2c569361ea0fedd9c6c70c21b5eed.0;received=<IP_KAMAILIO>\r\nVia: SIP/2.0/UDP <IP_UAC>:5060;rport=5060;branch=z9hG4bK5f32d"...

        tmp = 0x9245c0 "10.143.1.10"

        from = 0x7f14fb5add70

        fromlen = 16

        ri = {src_ip = {af = 2, len = 4, u = {addrl = {403182777, 139728091862768}, addr32 = {403182777, 0, 4215789296, 32532}, addr16 = {5305, 6152, 0, 0, 55024, 64327, 32532, 0}, addr = "\271\024\b\030\000\000\000\000\360\326G\373\024\177\000"}}, dst_ip = {af = 2, 

            len = 4, u = {addrl = {67638457, 0}, addr32 = {67638457, 0, 0, 0}, addr16 = {5305, 1032, 0, 0, 0, 0, 0, 0}, addr = "\271\024\b\004", '\000' <repeats 11 times>}}, src_port = 5060, dst_port = 5060, proto_reserved1 = 0, proto_reserved2 = 0, src_su = {s = {

              sa_family = 2, sa_data = "\023Ĺ\024\b\030\000\000\000\000\000\000\000"}, sin = {sin_family = 2, sin_port = 50195, sin_addr = {s_addr = 403182777}, sin_zero = "\000\000\000\000\000\000\000"}, sin6 = {sin6_family = 2, sin6_port = 50195, 

              sin6_flowinfo = 403182777, sin6_addr = {__in6_u = {__u6_addr8 = '\000' <repeats 15 times>, __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}, bind_address = 0x7f14fb47d588, proto = 1 '\001'}

        __FUNCTION__ = "udp_rcv_loop"

#15 0x000000000046d447 in main_loop () at main.c:1617

        i = 13

        pid = 0

        si = 0x7f14fb47d588

        si_desc = "udp receiver child=13 sock=<IP_KAMAILIO>:5060\000\373\024\177\000\000\b$P\373\024\177\000\000\036\205^\000\000\000\000\000\000w^\000\000\000\000\000\000\244\303v\000\000\000\000\300LA\000\000\000\000\000\300\200kl\377\177", '\000' <repeats 19 times>, "\177kl\377\177\000\000\020\245K\000\000\000\000"

        nrprocs = 15

        __FUNCTION__ = "main_loop"

#16 0x000000000047054f in main (argc=7, argv=0x7fff6c6b80c8) at main.c:2545

        cfg_stream = 0xf42010

        c = -1

        r = 0

        tmp = 0x7fff6c6b8f70 ""

        tmp_len = 0

        port = 0

        proto = 0

        options = 0x5e0a58 ":f:cm:M:dVIhEeb:l:L:n:vKrRDTN:W:w:t:u:g:P:G:SQ:O:a:A:"

        ret = -1

        seed = 3572644655

        rfd = 4

        debug_save = 0

        debug_flag = 0

        dont_fork_cnt = 0

        n_lst = 0x3d6f60fb88

        p = 0x5caba0 "H\211l$\330L\211d$\340H\215-O\244*"

        __FUNCTION__ = "main"

 

Let me know if you need further information.

 

Regards,

 

Igor.

 

 

De : Daniel-Constantin Mierla [mailto:miconda at gmail.com] 
Envoyé : mercredi 6 août 2014 16:39
À : Igor Potjevlesch
Cc : 'Kamailio \(SER\) - Users Mailing List'
Objet : Re: [SR-Users] Crash Kamailio 4.1.4

 

Hello,

it is not in my plans for 4.1.5, because I didn't get any feedback on testing and its results, whether it fixes or not the issue.

Cheers,
Daniel

On 06/08/14 16:07, Igor Potjevlesch wrote:

Hello Daniel,

 

Thank you for this exhaustive feedback. 

Do you include the patch to 4.1.5?

Regards,

 

Igor.

 

De : Daniel-Constantin Mierla [ <mailto:miconda at gmail.com> mailto:miconda at gmail.com] 
Envoyé : lundi 4 août 2014 16:24
À : Igor Potjevlesch
Cc : Kamailio \(SER\) - Users Mailing List
Objet : Re: [SR-Users] Crash Kamailio 4.1.4

 

Hello,

the problem was that a structure in shared memory (the request cloned in tm) could have been used in parallel by different kamailio processes.

If there were two processes at the same time, parsing PAI resulted in setting the header pointer to a private memory. The other process could overtake in processing, using the same cloned request, and this time the pai pointer is set, but to another private memory zone. I added the locks for calling the callbacks, so the process that parse the PAI is the one cleaning it.

Performances should not be impacted that much, the transaction lock is used and will add sequential processing when there are two replies at the same time, which is not the common.

Cheers,
Daniel

On 07/07/14 12:40, Igor Potjevlesch wrote:

Hello,

 

Can you explain the modification and the impact on our plateform?

Is it for the pai problem?

 

Do you have explanation for the km_val.c problem wich cause crash for Kamailio too?

 

Regards,

 

Igor

 

 

 

2014-07-01 16:40 GMT+02:00 Daniel-Constantin Mierla <miconda at gmail.com <mailto:miconda at gmail.com> >:

Hello,

can you give it a try with the patch from next commit?

-  <http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=da9d56be28e050dd0cb4aed50efcbda043a3e5cf> http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=da9d56be28e050dd0cb4aed50efcbda043a3e5cf

If all goes fine while testing, I will backport.

Cheers,
Daniel 

 

On 26/06/14 12:58, Igor Potjevlesch wrote:

Hello,

 

Here the result :

 

(gdb) frame 6 


#6  0x00007f127cb6dde6 in acc_onreply (t=0x7f1274c157f0, req=0x7f1274c3ac08, 
    reply=0x7f12804a6d70, code=200) at acc_logic.c:501

501                             clean_hdr_field(hdr);
(gdb) print hdr
$1 = (hdr_field_t *) 0x7f1274c3c238
(gdb) print *hdr
$2 = {type = HDR_PAI_T, name = {
    s = 0x7f1274c3b6cd "P-Asserted-Identity: < <sip:0123456789 at domain;user=phone> sip:0123456789 at domain;user=phone>\r\nP-Sig-Options: Sending-Complete\r\n\r\nv=0\r\no=- 111851 1 IN IP4 A.B.C.D\r\ns=-\r\nt=0 0\r\nm=audio 21336 RTP/AVP 8 101 13\r\nc=IN IP4 A.B.C"..., len = 19}, body = {
    s = 0x7f1274c3b6e2 "< <sip:0123456789 at domain;user=phone> sip:0123456789 at domain;user=phone>\r\nP-Sig-Options: Sending-Complete\r\n\r\nv=0\r\no=- 111851 1 IN IP4 A.B.C.D\r\ns=-\r\nt=0 0\r\nm=audio 21336 RTP/AVP 8 101 13\r\nc=IN IP4 A.B.C.D\r\na=rtpmap:101 tele"..., len = 44}, len = 67, parsed = 0x0, next = 0x7f1274c3c278}

 

(gdb) frame 4 


#4  0x000000000056e5e6 in free_pai_ppi_body (pid_b=0x7f12803cb480)
    at parser/parse_ppi_pai.c:102

102                     pkg_free(pid_b);
(gdb) print *pid_b
$3 = {id = 0x0, num_ids = 0, next = 0x1d0}

 

This is the bt full : 



#0  0x0000003d6f6328a5 in raise () from /lib64/libc.so.6
No symbol table info available.
#1  0x0000003d6f634085 in abort () from /lib64/libc.so.6
No symbol table info available.
#2  0x0000000000546d3c in qm_debug_frag (qm=0x7f1280275010, f=0x7f12803cb450) at mem/q_malloc.c:142

        __FUNCTION__ = "qm_debug_frag" 


#3  0x0000000000548b26 in qm_free (qm=0x7f1280275010, p=0x7f12803cb480, file=0x6276a0 "<core>: parser/parse_ppi_pai.c", func=0x627a00 "free_pai_ppi_body", line=102) at mem/q_malloc.c:464

        f = 0x7f12803cb450
        size = 139717434027144
        next = 0xf00000000
        prev = 0x7f127cd79e00
        __FUNCTION__ = "qm_free" 


#4  0x000000000056e5e6 in free_pai_ppi_body (pid_b=0x7f12803cb480) at parser/parse_ppi_pai.c:102

        __FUNCTION__ = "free_pai_ppi_body" 


#5  0x000000000054fee0 in clean_hdr_field (hf=0x7f1274c3c238) at parser/hf.c:126

        h_parsed = 0x7f1274c3c268
        __FUNCTION__ = "clean_hdr_field" 


#6  0x00007f127cb6dde6 in acc_onreply (t=0x7f1274c157f0, req=0x7f1274c3ac08, reply=0x7f12804a6d70, code=200) at acc_logic.c:501

        new_uri_bk = {s = 0x7f1274b53cdf " <sip:0987654321 at GW%20SIP/2.0%5Cr%5CnRecord-Route:%20%3csip:A.B.C.D;lr=on%3e%5Cr%5CnVia:%20SIP/2.0/UDP%20A.B.C.D;branch=z9hG4bK512b.82b197888826f6b60c0c63b79801294d.0%5Cr%5CnVia:%20SIP/2.0/UDP%20A.B.C.D:2057;branch=z9hG4bK-12> sip:0987654321 at GW SIP/2.0\r\nRecord-Route: <sip:A.B.C.D;lr=on>\r\nVia: SIP/2.0/UDP A.B.C.D;branch=z9hG4bK512b.82b197888826f6b60c0c63b79801294d.0\r\nVia: SIP/2.0/UDP A.B.C.D:2057;branch=z9hG4bK-12"..., len = 19}
        br = 0
        hdr = 0x7f1274c3c238
        __FUNCTION__ = "acc_onreply" 


#7  0x00007f127cb6e30a in tmcb_func (t=0x7f1274c157f0, type=512, ps=0x7fff0b015580) at acc_logic.c:573

        __FUNCTION__ = "tmcb_func" 


#8  0x00007f127ed68478 in run_trans_callbacks_internal (cb_lst=0x7f1274c15860, type=512, trans=0x7f1274c157f0, params=0x7fff0b015580) at t_hooks.c:290

        cbp = 0x7f1274ac0e90
        backup_from = 0x934630
        backup_to = 0x934638
        backup_dom_from = 0x934640
        backup_dom_to = 0x934648
        backup_uri_from = 0x934620
        backup_uri_to = 0x934628
        backup_xavps = 0x934760
        __FUNCTION__ = "run_trans_callbacks_internal" 


#9  0x00007f127ed6868a in run_trans_callbacks_with_buf (type=512, rbuf=0x7f1274c158b0, req=0x7f1274c3ac08, repl=0x7f12804a6d70, flags=200) at t_hooks.c:336

        params = {req = 0x7f1274c3ac08, rpl = 0x7f12804a6d70, param = 0x7f1274ac0ea0, code = 200, flags = 200, branch = 0, t_rbuf = 0x7f1274c158b0, dst = 0x7f1274c15900, send_buf = {
            s = 0x7f1274c27620 "SIP/2.0 200 OK\r\nVia: SIP/2.0/UDP A.B.C.D:2057;branch=z9hG4bK-129F259C;rport=2057\r\nCall-ID:  <mailto:cb03dc02e909d3118f86009033290024 at A.B.C.D%5Cr%5CnFrom> cb03dc02e909d3118f86009033290024 at A.B.C.D\r\nFrom: < <sip:0123456789 at domain;user=phone> sip:0123456789 at domain;user=phone>;epid=00903"..., len = 1021}}
        trans = 0x7f1274c157f0 


#10 0x00007f127ed9ac06 in relay_reply (t=0x7f1274c157f0, p_msg=0x7f12804a6d70, branch=0, msg_status=200, cancel_data=0x7fff0b0158e0, do_put_on_wait=1) at t_reply.c:2001

        relay = 0
        save_clone = 0
        buf = 0x7f12804a7cc0 "SIP/2.0 200 OK\r\nVia: SIP/2.0/UDP A.B.C.D:2057;branch=z9hG4bK-129F259C;rport=2057\r\nCall-ID:  <mailto:cb03dc02e909d3118f86009033290024 at A.B.C.D%5Cr%5CnFrom> cb03dc02e909d3118f86009033290024 at A.B.C.D\r\nFrom: < <sip:0123456789 at domain;user=phone> sip:0123456789 at domain;user=phone>;epid=00903"...
        res_len = 1021
        relayed_code = 200
        relayed_msg = 0x7f12804a6d70
        reply_bak = 0x7fff0b015730
        bm = {to_tag_val = {s = 0x7f1274c16d88 "", len = 5449343}}
        totag_retr = 0
        reply_status = RPS_COMPLETED
        uas_rb = 0x7f1274c158b0
        to_tag = 0x0
        reason = {s = 0x10b0156e0 <Address 0x10b0156e0 out of bounds>, len = 1}
        onsend_params = {req = 0x200924a64, rpl = 0x7f127edbaf90, param = 0x414cc0, code = 1, flags = 0, branch = 0, t_rbuf = 0x7f126a80c828, dst = 0x7f12804a6f68, send_buf = {s = 0xb015700 <Address 0xb015700 out of bounds>, len = 1024}}
        __FUNCTION__ = "relay_reply" 


#11 0x00007f127ed9d0b7 in reply_received (p_msg=0x7f12804a6d70) at t_reply.c:2499

        msg_status = 200
        last_uac_status = 183
        ack = 0x40 <Address 0x40 out of bounds>
        ack_len = 0
        branch = 0
        reply_status = - <tel:2143420688> 2143420688
        onreply_route = 1
        cancel_data = {cancel_bitmap = 0, reason = {cause = 200, u = {text = {s = 0x0, len = 9586191}, e2e_cancel = 0x0, packed_hdrs = {s = 0x0, len = 9586191}}}}
        uac = 0x7f1274c15958
        t = 0x7f1274c157f0
        lack_dst = {send_sock = 0x7f12803e4110, to = {s = {sa_family = 20496, sa_data = "'\200\022\177\000\000\310\036#\000\000\000\000"}, sin = {sin_family = 20496, sin_port = 32807, sin_addr = {s_addr = 32530}, sin_zero = "\310\036#\000\000\000\000"}, sin6 = {
              sin6_family = 20496, sin6_port = 32807, sin6_flowinfo = 32530, sin6_addr = {__in6_u = {__u6_addr8 = "\310\036#\000\000\000\000\000\360\247=\200\022\177\000", __u6_addr16 = {7880, 35, 0, 0, 42992, 32829, 32530, 0}, __u6_addr32 = {2301640, 0, 2151524336, 
                    32530}}}, sin6_scope_id = 2150060928}}, id = 32530, proto = 72 'H', send_flags = {f = 228 '\344', blst_imask = 61 '='}}
        backup_user_from = 0x934630
        backup_user_to = 0x934638
        backup_domain_from = 0x934640
        backup_domain_to = 0x934648
        backup_uri_from = 0x934620
        backup_uri_to = 0x934628
        backup_xavps = 0x934760
        replies_locked = 1
        branch_ret = 0
        prev_branch = 184637856
        blst_503_timeout = 32767
        hf = 0x7f12804a6d90
        onsend_params = {req = 0x7fff0b015960, rpl = 0x550b94, param = 0x231dc8, code = 0, flags = 3, branch = 0, t_rbuf = 0x7f1280275380, dst = 0x7f12803de418, send_buf = {s = 0x7fff0b015960 "`G\223", len = 5538037}}
        ctx = {rec_lev = 0, run_flags = 0, last_retcode = 0, jmp_env = {{__jmpbuf = {139717438500712, 3644308075193502665, 4279488, 140733378027408, 0, 0, 3644308075281583049, -3644194520509117495}, __mask_was_saved = 0, __saved_mask = {__val = {9586395, 
                  1065161476041, 124554051613, 9586471, 139717437685488, 9587300, 9586197, 361695345073193192, 9586295, 9586274, 2151546560, 139717437685488, 139717437615640, 139717438500712, 4279488, 140733378027408}}}}}
        __FUNCTION__ = "reply_received" 


#12 0x000000000045d837 in do_forward_reply (msg=0x7f12804a6d70, mode=0) at forward.c:777

        new_buf = 0x0
        dst = {send_sock = 0x0, to = {s = {sa_family = 0, sa_data = '\000' <repeats 13 times>}, sin = {sin_family = 0, sin_port = 0, sin_addr = {s_addr = 0}, sin_zero = "\000\000\000\000\000\000\000"}, sin6 = {sin6_family = 0, sin6_port = 0, sin6_flowinfo = 0, 
              sin6_addr = {__in6_u = {__u6_addr8 = '\000' <repeats 15 times>, __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}, id = 0, proto = 0 '\000', send_flags = {f = 0 '\000', blst_imask = 0 '\000'}}
        new_len = 32530
        r = 1
        s = 0x464804a6d78 <Address 0x464804a6d78 out of bounds>
        len = 0
        __FUNCTION__ = "do_forward_reply" 


#13 0x000000000045e0f8 in forward_reply (msg=0x7f12804a6d70) at forward.c:860

No locals.
#14 0x00000000004a58e7 in receive_msg (buf=0x924600 "SIP/2.0 200 OK\r\nVia: SIP/2.0/UDP 185.20.8.4;branch=z9hG4bK512b.82b197888826f6b60c0c63b79801294d.0;received=185.20.8.4\r\nVia: SIP/2.0/UDP 10.143.1.2:2057;branch=z9hG4bK-129F259C;rport=2057\r\nCall-ID: cb0"..., 

    len=1124, rcv_info=0x7fff0b015c60) at receive.c:273

         msg = 0x7f12804a6d70
        ctx = {rec_lev = 8868984, run_flags = 0, last_retcode = 0, jmp_env = {{__jmpbuf = {0, 0, 0, 263853236176, 1, 0, 169653785368, 9586112}, __mask_was_saved = 184638568, __saved_mask = {__val = {139717436454816, 12884901899, 139717436454816, 4279488, 
                  140733378027408, 140733378026464, 5477954, 0, 139717072962944, 50195, 169290548608, 9586112, 140733378026592, 140733378026512, 5474789, 4279488}}}}}
        ret = 32530
        inb = {s = 0x924600 "SIP/2.0 200 OK\r\nVia: SIP/2.0/UDP A.B.C.D;branch=z9hG4bK512b.82b197888826f6b60c0c63b79801294d.0;received=A.B.C.D\r\nVia: SIP/2.0/UDP A.B.C.D:2057;branch=z9hG4bK-129F259C;rport=2057\r\nCall-ID: cb0"..., len = 1124}
        __FUNCTION__ = "receive_msg" 


#15 0x000000000053c9a8 in udp_rcv_loop () at udp_server.c:536

        len = 1124
        buf = "SIP/2.0 200 OK\r\nVia: SIP/2.0/UDP A.B.C.D;branch=z9hG4bK512b.82b197888826f6b60c0c63b79801294d.0;received=A.B.C.D\r\nVia: SIP/2.0/UDP A.B.C.D:2057;branch=z9hG4bK-129F259C;rport=2057\r\nCall-ID: cb0"...
        tmp = 0x9245c0 "10.143.1.10"
        from = 0x7f12803e3f68
        fromlen = 16
        ri = {src_ip = {af = 2, len = 4, u = {addrl = {403182777, 139717436454816}, addr32 = {403182777, 0, 2150315936, 32530}, addr16 = {5305, 6152, 0, 0, 14240, 32811, 32530, 0}, addr = "\271\024\b\030\000\000\000\000\240\067+\200\022\177\000"}}, dst_ip = {af = 2, 
            len = 4, u = {addrl = {67638457, 0}, addr32 = {67638457, 0, 0, 0}, addr16 = {5305, 1032, 0, 0, 0, 0, 0, 0}, addr = "\271\024\b\004", '\000' <repeats 11 times>}}, src_port = 5060, dst_port = 5060, proto_reserved1 = 0, proto_reserved2 = 0, src_su = {s = {
              sa_family = 2, sa_data = "\023Ĺ\024\b\030\000\000\000\000\000\000\000"}, sin = {sin_family = 2, sin_port = 50195, sin_addr = {s_addr = 403182777}, sin_zero = "\000\000\000\000\000\000\000"}, sin6 = {sin6_family = 2, sin6_port = 50195, 
              sin6_flowinfo = 403182777, sin6_addr = {__in6_u = {__u6_addr8 = '\000' <repeats 15 times>, __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}, bind_address = 0x7f12802b3638, proto = 1 '\001'}
        __FUNCTION__ = "udp_rcv_loop" 


#16 0x000000000046d42b in main_loop () at main.c:1617

        i = 1
        pid = 0
        si = 0x7f12802b3638
        si_desc = "udp receiver child=1 sock=A.B.C.D:5060\000D\200\022\177\000\000\000\206\063\200\022\177\000\000.\205^\000\000\000\000\000\020w^\000\000\000\000\000\275\005r/\000\000\000\000\300LA\000\000\000\000\000\220_\001\v\377\177", '\000' <repeats 18 times>"\320, ]\001\v\377\177\000\000\364\244K\000\000\000\000"
        nrprocs = 15
        __FUNCTION__ = "main_loop" 


#17 0x0000000000470533 in main (argc=7, argv=0x7fff0b015f98) at main.c:2545

        cfg_stream = 0xe20010
        c = -1
        r = 0
        tmp = 0x7fff0b017f70 ""
        tmp_len = 0
        port = 0
        proto = 0
        options = 0x5e0a68 ":f:cm:M:dVIhEeb:l:L:n:vKrRDTN:W:w:t:u:g:P:G:SQ:O:a:A:"
        ret = -1
        seed = 1972285608
        rfd = 4
debug_save = 0
        debug_flag = 0
        dont_fork_cnt = 0
        n_lst = 0x3d6f60fb88
        p = 0x5cab80 "H\211l$\330L\211d$\340H\215-o\244*"
        __FUNCTION__ = "main"

 

In a next mail you will find a new bt full of Kamailio 's crash but about  km_val.c : db_mysql_val2str

 

 

2014-06-25 18:26 GMT+02:00 Daniel-Constantin Mierla <miconda at gmail.com <mailto:miconda at gmail.com> >:

 

2014-06-25 18:26 GMT+02:00 Daniel-Constantin Mierla <miconda at gmail.com <mailto:miconda at gmail.com> >:

Hello,

can you give the output of:

frame 6
print hdr
print *hdr

frame 4
print *pid_b

Also, it would be good to have full trace for other details:

bt full

Cheers,
Daniel 



On 25/06/14 14:49, Igor Potjevlesch wrote:

Hello,

We updated this morning Kamailio in 4.1.4 with your patch.

[...]


-- 
Daniel-Constantin Mierla - http://www.asipto.com
http://twitter.com/#!/miconda <http://twitter.com/#%21/miconda>  - http://www.linkedin.com/in/miconda

 






-- 
Daniel-Constantin Mierla - http://www.asipto.com
http://twitter.com/#!/miconda <http://twitter.com/#%21/miconda>  - http://www.linkedin.com/in/miconda

 






-- 
Daniel-Constantin Mierla - http://www.asipto.com
http://twitter.com/#!/miconda <http://twitter.com/#%21/miconda>  - http://www.linkedin.com/in/miconda





-- 
Daniel-Constantin Mierla
 <http://twitter.com/#!/miconda> http://twitter.com/#!/miconda -  <http://www.linkedin.com/in/miconda> http://www.linkedin.com/in/miconda
Next Kamailio Advanced Trainings 2014 -  <http://www.asipto.com> http://www.asipto.com
Sep 22-25, Berlin, Germany ::: Oct 15-17, San Francisco, USA
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20140923/6ee832ce/attachment.html>


More information about the sr-users mailing list