[SR-Users] Coredump while exchanging diameter capabilities

Tsvetan Filev tsvetan.filev at inno-networks.com
Tue Jan 16 09:49:45 CET 2018


Hi.

I get a coredump which is caused by bad memory handling during the 
diameter capability exchange process.
Here is part of the log file:
===================================
2018-01-16T09:16:39.890992+02:00 linux-o12d kamailio[13298]: 87(13388) 
INFO: cdp [worker.c:332]: worker_process(): [0] Worker process started...
2018-01-16T09:16:40.296393+02:00 linux-o12d systemd-coredump[13196]: 
Process 13193 (kamailio) of user 479 dumped core.
2018-01-16T09:16:40.871483+02:00 linux-o12d kamailio[13298]: 94(13395) 
DEBUG: cdp [peermanager.c:263]: peer_timer(): peer_timer(): taking care 
of peers...
2018-01-16T09:16:40.871545+02:00 linux-o12d kamailio[13298]: 94(13395) 
DEBUG: cdp [peermanager.c:280]: peer_timer(): peer_timer(): Peer 
hss.epc.mnc019.mcc425.3gppnetwork.org State 0
2018-01-16T09:16:40.871596+02:00 linux-o12d kamailio[13298]: 94(13395) 
DEBUG: cdp [peerstatemachine.c:90]: sm_process(): sm_process(): Peer 
hss.epc.mnc019.mcc425.3gppnetwork.org State Closed Event Start
2018-01-16T09:16:40.871612+02:00 linux-o12d kamailio[13298]: 94(13395) 
INFO: cdp [peerstatemachine.c:525]: I_Snd_Conn_Req(): I_Snd_Conn_Req(): 
Peer hss.epc.mnc019.mcc425.3gppnetwork.org
2018-01-16T09:16:40.871636+02:00 linux-o12d kamailio[13298]: 94(13395) 
INFO: cdp [receiver.c:869]: peer_connect(): peer_connect(): Trying to 
connect to 10.82.10.85 port 3868
2018-01-16T09:16:40.871782+02:00 linux-o12d kamailio[13298]: 94(13395) 
INFO: cdp [receiver.c:937]: peer_connect(): peer_connect(): Peer 
hss.epc.mnc019.mcc425.3gppnetwork.org:3868 connected
2018-01-16T09:16:40.871813+02:00 linux-o12d kamailio[13298]: 92(13393) 
DEBUG: cdp [receiver.c:697]: receive_loop(): select_recv(): There is 
something on the fd exchange pipe
2018-01-16T09:16:40.871828+02:00 linux-o12d kamailio[13298]: 92(13393) 
DEBUG: cdp [receiver.c:706]: receive_loop(): select_recv(): fd exchange 
pipe says fd [22] for peer 
0x7f0626b91c98:[hss.epc.mnc019.mcc425.3gppnetwork.org]
2018-01-16T09:16:40.871910+02:00 linux-o12d kamailio[13298]: 92(13393) 
DEBUG: cdp [peerstatemachine.c:90]: sm_process(): sm_process(): Peer 
hss.epc.mnc019.mcc425.3gppnetwork.org State Wait_Conn_Ack Event 
I_Rcv_Conn_Ack
2018-01-16T09:16:40.871933+02:00 linux-o12d kamailio[13298]: 92(13393) 
DEBUG: cdp [diameter_msg.c:184]: AAANewMessage(): AAANewMessage: param 
session received null and it's a request!!
2018-01-16T09:16:40.872011+02:00 linux-o12d kamailio[13298]: 92(13393) 
DEBUG: cdp [diameter_msg.c:81]: AAABuildMsgBuffer(): 
AAABuildMsgBuffer(): len=204
2018-01-16T09:16:40.872041+02:00 linux-o12d kamailio[13298]: 92(13393) 
DEBUG: cdp [receiver.c:994]: peer_send_msg(): peer_send_msg(): Pipe push 
[0x7f0626c02548]
2018-01-16T09:16:40.872064+02:00 linux-o12d kamailio[13298]: 92(13393) 
DEBUG: cdp [receiver.c:751]: receive_loop(): select_recv(): There is 
something on the send pipe
2018-01-16T09:16:40.872084+02:00 linux-o12d kamailio[13298]: 92(13393) 
DEBUG: cdp [receiver.c:764]: receive_loop(): select_recv(): Send pipe 
says [0x7f0626c02548] 8
2018-01-16T09:16:40.872104+02:00 linux-o12d kamailio[13298]: 92(13393) 
DEBUG: cdp [diameter_msg.c:410]: AAAFreeMessage(): AAAFreeMessage: 
Freeing message (0x7f0626c02548) 257
2018-01-16T09:16:40.872277+02:00 linux-o12d kamailio[13298]: 92(13393) 
DEBUG: cdp [receiver.c:574]: do_receive(): receive_loop(): 
[hss.epc.mnc019.mcc425.3gppnetwork.org] Recv Version 1 Length 360
2018-01-16T09:16:40.872322+02:00 linux-o12d kamailio[13298]: 92(13393) 
DEBUG: cdp [receiver.c:1088]: receive_message(): receive_message(): 
[hss.epc.mnc019.mcc425.3gppnetwork.org] Recv msg 257
2018-01-16T09:16:40.872345+02:00 linux-o12d kamailio[13298]: 92(13393) 
DEBUG: cdp [peerstatemachine.c:90]: sm_process(): sm_process(): Peer 
hss.epc.mnc019.mcc425.3gppnetwork.org State Wait_I_CEA Event I_Rcv_CEA
2018-01-16T09:16:40.872372+02:00 linux-o12d kamailio[13298]: 92(13393) 
DEBUG: cdp [peerstatemachine.c:692]: count_Supported_Vendor_Id_AVPS(): 
Found 4 Supported_Vendor AVPS92(13393) DEBUG: cdp 
[peerstatemachine.c:743]: save_peer_applications(): Found Supported 
Vendor for Application 0: 5535
2018-01-16T09:16:40.872389+02:00 linux-o12d kamailio[13298]: 92(13393) 
DEBUG: cdp [peerstatemachine.c:743]: save_peer_applications(): Found 
Supported Vendor for Application 0: 10415
2018-01-16T09:16:40.872405+02:00 linux-o12d kamailio[13298]: 92(13393) 
DEBUG: cdp [peerstatemachine.c:743]: save_peer_applications(): Found 
Supported Vendor for Application 0: 13019
2018-01-16T09:16:40.872420+02:00 linux-o12d kamailio[13298]: 92(13393) 
DEBUG: cdp [peerstatemachine.c:743]: save_peer_applications(): Found 
Supported Vendor for Application 0: 58637
2018-01-16T09:16:40.872438+02:00 linux-o12d kamailio[13298]: 92(13393) 
DEBUG: cdp [peerstatemachine.c:743]: save_peer_applications(): Found 
Supported Vendor for Application 0: 5535
2018-01-16T09:16:40.872453+02:00 linux-o12d kamailio[13298]: 92(13393) 
DEBUG: cdp [peerstatemachine.c:743]: save_peer_applications(): Found 
Supported Vendor for Application 0: 10415
2018-01-16T09:16:40.872468+02:00 linux-o12d kamailio[13298]: 92(13393) 
DEBUG: cdp [peerstatemachine.c:743]: save_peer_applications(): Found 
Supported Vendor for Application 0: 13019
2018-01-16T09:16:40.872486+02:00 linux-o12d kamailio[13298]: 92(13393) 
DEBUG: cdp [peerstatemachine.c:743]: save_peer_applications(): Found 
Supported Vendor for Application 0: 58637
2018-01-16T09:16:40.872504+02:00 linux-o12d kamailio[13298]: 92(13393) 
DEBUG: cdp [peerstatemachine.c:743]: save_peer_applications(): Found 
Supported Vendor for Application 0: 5535
2018-01-16T09:16:40.872523+02:00 linux-o12d kamailio[13298]: 92(13393) 
DEBUG: cdp [peerstatemachine.c:743]: save_peer_applications(): Found 
Supported Vendor for Application 0: 10415
2018-01-16T09:16:40.872539+02:00 linux-o12d kamailio[13298]: 92(13393) 
DEBUG: cdp [peerstatemachine.c:743]: save_peer_applications(): Found 
Supported Vendor for Application 0: 13019
2018-01-16T09:16:40.872554+02:00 linux-o12d kamailio[13298]: 92(13393) 
DEBUG: cdp [peerstatemachine.c:743]: save_peer_applications(): Found 
Supported Vendor for Application 0: 58637
2018-01-16T09:16:40.872570+02:00 linux-o12d kamailio[13298]: 92(13393) 
DEBUG: cdp [peerstatemachine.c:756]: save_peer_applications(): Found 
Supported Vendor for Application 1: 5535
2018-01-16T09:16:40.872586+02:00 linux-o12d kamailio[13298]: 92(13393) 
DEBUG: cdp [peerstatemachine.c:756]: save_peer_applications(): Found 
Supported Vendor for Application 1: 10415
2018-01-16T09:16:40.872601+02:00 linux-o12d kamailio[13298]: 92(13393) 
DEBUG: cdp [peerstatemachine.c:756]: save_peer_applications(): Found 
Supported Vendor for Application 1: 13019
2018-01-16T09:16:40.872616+02:00 linux-o12d kamailio[13298]: 92(13393) 
DEBUG: cdp [peerstatemachine.c:756]: save_peer_applications(): Found 
Supported Vendor for Application 1: 58637
2018-01-16T09:16:40.872634+02:00 linux-o12d kamailio[13298]: 92(13393) 
CRITICAL: <core> [core/mem/q_malloc.c:145]: qm_debug_frag(): BUG: qm: 
prev. fragm. tail overwritten(28af01000000, 
0)[0x7f0626c038d0:0x7f0626c03908]! Memory allocator was called from cdp: 
diameter_avp.c:365. Fragment marked by cdp: diameter_avp.c:142.
2018-01-16T09:16:41.054292+02:00 linux-o12d kamailio[13298]: 0(13298) 
ALERT: <core> [main.c:746]: handle_sigs(): child process 13393 exited by 
a signal 6
2018-01-16T09:16:41.054403+02:00 linux-o12d kamailio[13298]: 0(13298) 
ALERT: <core> [main.c:749]: handle_sigs(): core was generated
2018-01-16T09:16:41.054422+02:00 linux-o12d kamailio[13298]: 0(13298) 
INFO: <core> [main.c:771]: handle_sigs(): terminating due to SIGCHLD
2018-01-16T09:16:41.054438+02:00 linux-o12d kamailio[13298]: 0(13298) 
DEBUG: <core> [main.c:773]: handle_sigs(): terminating due to SIGCHLD
2018-01-16T09:16:41.054464+02:00 linux-o12d kamailio[13298]: 2(13303) 
INFO: <core> [main.c:826]: sig_usr(): signal 15 received
...
===================================

Attached is wireshark trace.
Here is my DiameterPeer.xml:

===================================
<?xml version="1.0" encoding="UTF-8"?>
<DiameterPeer
         FQDN="ims110-scscf.epc.mnc019.mcc425.3gppnetwork.org"
         Realm="epc.mnc019.mcc425.3gppnetwork.org"
         Vendor_Id="10415"
         Product_Name="CDiameterPeer"
         AcceptUnknownPeers="1"
         DropUnknownOnDisconnect="1"
         Tc="30"
         Workers="4"
         QueueLength="8"
         TransactionTimeout="5"
         SessionsHashSize="128"
         DefaultAuthSessionTimeout="3600"
         MaxAuthSessionTimeout="3600">

         <Peer FQDN="hss.epc.mnc019.mcc425.3gppnetwork.org" 
Realm="epc.mnc019.mcc425.3gppnetwork.org" port="3868" />
         <Acceptor port="3869" bind="10.82.10.56" />
         <Auth id="16777216" vendor="10415" /> <!--3GPP CxDX -->
         <DefaultRoute 
FQDN="ims110-scscf.epc.mnc019.mcc425.3gppnetwork.org" metric="10" />
</DiameterPeer>
===================================

It looks like buffer overflow to me but I'm not sure.

kamailio version is:
===================================
kamailio -v
version: kamailio 5.1.0 (x86_64/linux)
flags: STATS: Off, USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, DISABLE_NAGLE, 
USE_MCAST, DNS_IP_HACK, SHM_MEM, SHM_MMAP, PKG_MALLOC, Q_MALLOC, 
F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY, USE_FUTEX, 
FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, 
USE_DST_BLACKLIST, HAVE_RESOLV_RES
ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16, 
MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT PKG_SIZE 8MB
poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
id: unknown
compiled on 05:30:36 Jan 15 2018 with gcc 4.8.5
===================================

OS is openSUSE Leap 42.3.
Kernel: Linux linux-o12d 4.4.104-39-default #1 SMP Thu Jan 4 08:11:03 
UTC 2018 (7db1912) x86_64 x86_64 x86_64 GNU/Linux

Do you have any idea what might be wrong ?
It could be bad config but still it should say something in the log 
without a crash.

Regards.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: diameter_trace.pcapng
Type: application/x-pcapng
Size: 3364 bytes
Desc: not available
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20180116/bb112781/attachment.bin>


More information about the sr-users mailing list