[SR-Users] crash at 480 reply to INVITE

Juha Heinanen jh at tutpro.com
Tue Feb 5 10:08:58 CET 2019


Kamailio 5.2 crashed when it received 480 reply to INVITE.  Below is
backtrace from the core file.

The crash happens in t_reply.c on the last line of this block:

        uac=&t->uac[branch];                                                    
        LM_DBG("org. status uas=%d, uac[%d]=%d local=%d is_invite=%d)\n",       
                t->uas.status, branch, uac->last_received,                      
                is_local(t), is_invite(t));                                     
        last_uac_status=uac->last_received;

Earlier it was checked that the transaction was found.  Its uac[0]
seems to be broken.

-- Juha

-----------------------------------------

Program terminated with signal SIGSEGV, Segmentation fault.
#0_  0x00007f1073e234c3 in reply_received (p_msg=0x7f1076b605f0) at 
t_reply.c:2240
2240_ _ _  t_reply.c: No such file or directory.
(gdb) bt full
#0_  0x00007f1073e234c3 in reply_received (p_msg=0x7f1076b605f0) at 
t_reply.c:2240
 _ _ _ _ _ _ _  msg_status = 480
 _ _ _ _ _ _ _  last_uac_status = 1590315756
 _ _ _ _ _ _ _  ack = 0x50550c4 <error: Cannot access memory at address 0x50550c4>
 _ _ _ _ _ _ _  ack_len = 4
 _ _ _ _ _ _ _  branch = 0
 _ _ _ _ _ _ _  reply_status = 29
 _ _ _ _ _ _ _  onreply_route = 9941216
 _ _ _ _ _ _ _  cancel_data = {cancel_bitmap = 0, reason = {cause = 0, u = 
{text = {s = 0x0, len = 1590087991}, e2e_cancel = 0x0, packed_hdrs = {s 
= 0x0, len = 1590087991}}}}
 _ _ _ _ _ _ _  uac = 0x0
 _ _ _ _ _ _ _  t = 0x7f105dfe6480
 _ _ _ _ _ _ _  lack_dst = {send_sock = 0x555b5f02720f <buf+431>, to = {s = 
{sa_family = 29127, sa_data = "XXX"}, 
sin = {sin_family = 29127, sin_port = 24322, sin_addr = {s_addr = 
21851}, sin_zero = "XXX"}, sin6 = {
 _ _ _ _ _ _ _ _ _ _ _ _ _  sin6_family = 29127, sin6_port = 24322, sin6_flowinfo = 
21851, sin6_addr = {__in6_u = {__u6_addr8 = 
"XXX", __u6_addr16 = {XXX, XXX, XXX, XXX, XXX, XXX, XXX, XXX}, __u6_addr32 = {XXX, XXX, 
XXX, _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _  XXX}}}, sin6_scope_id = 1980563656}}, id = 32528, 
proto = 112 'p', send_flags = {f = 30268, blst_imask = 32528}}
 _ _ _ _ _ _ _  backup_user_from = 0x0
 _ _ _ _ _ _ _  backup_user_to = 0xXXX <qm_info+46>
 _ _ _ _ _ _ _  backup_domain_from = 0xXXX
 _ _ _ _ _ _ _  backup_domain_to = 0xXXX
 _ _ _ _ _ _ _  backup_uri_from = 0x0
 _ _ _ _ _ _ _  backup_uri_to = 0xXXX
 _ _ _ _ _ _ _  backup_xavps = 0x45ed834e3
 _ _ _ _ _ _ _  replies_locked = 1
 _ _ _ _ _ _ _  branch_ret = 1593995512
 _ _ _ _ _ _ _  prev_branch = 21851
 _ _ _ _ _ _ _  blst_503_timeout = 340003632
 _ _ _ _ _ _ _  hf = 0x7f1076490810
 _ _ _ _ _ _ _  onsend_params = {req = 0x7f10763c4898, rpl = 0x7f10763c4888, 
param = 0x97b5f0, code = 10751248, flags = 0, branch = 0, t_rbuf = 
0xaf95c0, dst = 0x7f1076db4fc0 <__syslog>, send_buf = {s = 
0x555b5ed834e3 "INFO", len = 134217728}}
 _ _ _ _ _ _ _  ctx = {rec_lev = 1593995791, run_flags = 21851, last_retcode = 
1593995708, jmp_env = {{__jmpbuf = {48, 139708676767760, 93849330384899, 
-7479270984431321856, 93850924380609, 139708690288576, 93850921612515, 
134217728}, __mask_was_saved = 12582912, __saved_mask = {
 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _  __val = {6, 140720648489936, 139708687844848, 
140720648490064, 93850920720905, 93850924380373, 139708676767760, 
140720648489904, 139708469727337, 139708679781296, 139708687844848, 
139708684105760, 140720648490560, 5888963087, 93849330384896, 11507136}}}}}
 _ _ _ _ _ _ _  bctx = 0x7f10760d0010
 _ _ _ _ _ _ _  keng = 0x0
 _ _ _ _ _ _ _  __func__ = "reply_received"
#1_  0x0000555b5eadf4dc in do_forward_reply (msg=0x7f1076b605f0, mode=0) 
at core/forward.c:747
 _ _ _ _ _ _ _  new_buf = 0x0
 _ _ _ _ _ _ _  dst = {send_sock = 0x0, to = {s = {sa_family = 0, sa_data = 
'\000' <repeats 13 times>}, sin = {sin_family = 0, sin_port = 0, 
sin_addr = {s_addr = 0}, sin_zero = "XXX"}, 
sin6 = {sin6_family = 0, sin6_port = 0, sin6_flowinfo = 0, sin6_addr = {
 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _  __in6_u = {__u6_addr8 = '\000' <repeats 15 times>, 
__u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {0, 0, 0, 0}}}, 
sin6_scope_id = 0}}, id = 0, proto = 0 '\000', send_flags = {f = 0, 
blst_imask = 0}}
 _ _ _ _ _ _ _  new_len = 0
 _ _ _ _ _ _ _  r = 1
 _ _ _ _ _ _ _  ip = {af = XXX, len = 32528, u = {addrl = {XXX, 
95}, addr32 = {XXX, XXX, XXX, 0}, addr16 = {XXX, XXX, XXX, XXX, XXX, XXX, XXX, XXX}, addr = 
"XXX"}}
 _ _ _ _ _ _ _  s = 0x7ffc14440c68 ""
 _ _ _ _ _ _ _  len = 32764
 _ _ _ _ _ _ _  __func__ = "do_forward_reply"
#2_  0x0000555b5eae12f9 in forward_reply (msg=0x7f1076b605f0) at 
core/forward.c:852
No locals.
#3_  0x0000555b5eb5b679 in receive_msg (
 _ _ _  buf=0x555b5f027060 <buf> "SIP/2.0 480 Request Terminated\r\nVia: 
SIP/2.0/UDP 
XXX;branch=z9hG4bKe951.40cf95b28fe54d0cbda88a8fa4c91d48.0\r\nVia: 
SIP/2.0/UDP XXX:5060;branch=z9hG4bK04B95fa49ac99a7fa91\r\nTo: 
<sip:XXX"..., len=431,
 _ _ _  rcv_info=0x7ffc14440ff0) at core/receive.c:433
 _ _ _ _ _ _ _  msg = 0x7f1076b605f0
 _ _ _ _ _ _ _  ctx = {rec_lev = 0, run_flags = 0, last_retcode = 1, jmp_env = 
{{__jmpbuf = {139708690288576, 9004276570109933907, 93850921612515, 
134217728, 12582912, 6, 9004276570114128211, 3007006209029601619}, 
__mask_was_saved = 0, __saved_mask = {__val = {0, 0, 0, 1,
 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _  139708266465728, 0, 0, 4634971920, 139708266465728, 
140720648490768, 93850918093314, 120, 93850918093450, 139708680838560, 
139708680838560, 140720648490832}}}}}
 _ _ _ _ _ _ _  bctx = 0x0
 _ _ _ _ _ _ _  ret = 1
 _ _ _ _ _ _ _  stats_on = 0
 _ _ _ _ _ _ _  tvb = {tv_sec = 0, tv_usec = 0}
 _ _ _ _ _ _ _  tve = {tv_sec = 0, tv_usec = 0}
 _ _ _ _ _ _ _  tz = {tz_minuteswest = 0, tz_dsttime = 0}
 _ _ _ _ _ _ _  diff = 0
 _ _ _ _ _ _ _  inb = {s = 0x555b5f027060 <buf> "SIP/2.0 480 Request 
Terminated\r\nVia: SIP/2.0/UDP 
XXX;branch=z9hG4bKe951.40cf95b28fe54d0cbda88a8fa4c91d48.0\r\nVia: 
SIP/2.0/UDP XXX:5060;branch=z9hG4bK04B95fa49ac99a7fa91\r\nTo: 
<sip:XXX"..., len = 431}
 _ _ _ _ _ _ _  netinfo = {data = {s = 0x0, len = 0}, rcv = 0x0, dst = 0x0}
 _ _ _ _ _ _ _  keng = 0x0
 _ _ _ _ _ _ _  evp = {data = 0x7ffc14440df0, rcv = 0x7ffc14440ff0, dst = 0x0}
 _ _ _ _ _ _ _  cidlockidx = 0
 _ _ _ _ _ _ _  cidlockset = 0
 _ _ _ _ _ _ _  errsipmsg = 0
 _ _ _ _ _ _ _  __func__ = "receive_msg"
#4_  0x0000555b5ea30dc4 in udp_rcv_loop () at core/udp_server.c:541
 _ _ _ _ _ _ _  len = 431
 _ _ _ _ _ _ _  buf = "SIP/2.0 480 Request Terminated\r\nVia: SIP/2.0/UDP 
XXX;branch=z9hG4bKe951.40cf95b28fe54d0cbda88a8fa4c91d48.0\r\nVia: 
SIP/2.0/UDP XXX:5060;branch=z9hG4bK04B95fa49ac99a7fa91\r\nTo: 
<sip:XXX"...
 _ _ _ _ _ _ _  tmp = 0x8000000 <error: Cannot access memory at address 0x8000000>
 _ _ _ _ _ _ _  from = 0x7f10764b1da0
 _ _ _ _ _ _ _  fromlen = 16
 _ _ _ _ _ _ _  ri = {src_ip = {af = 2, len = 4, u = {addrl = {XXX, 
XXX}, addr32 = {XXX, XXX, XXX, XXX}, 
addr16 = {XXX, XXX, XXX, XXX, XXX, XXX, XXX, XXX}, addr = 
"XXX"}}, dst_ip = {
 _ _ _ _ _ _ _ _ _ _ _  af = 2, len = 4, u = {addrl = {XXX, 0}, addr32 = 
{XXX, 0, 0, 0}, addr16 = {XXX, XXX, 0, 0, 0, 0, 0, 0}, addr = 
"XXX", '\000' <repeats 11 times>}}, src_port = 5060, dst_port = 
5060, proto_reserved1 = 0, proto_reserved2 = 0, src_su = {s = {
 _ _ _ _ _ _ _ _ _ _ _ _ _  sa_family = 2, sa_data = 
"XXX"}, sin = {sin_family = 2, sin_port 
= 50195, sin_addr = {s_addr = XXX}, sin_zero = 
"\000\000\000\000\000\000\000"}, sin6 = {sin6_family = 2, sin6_port = 
50195, sin6_flowinfo = 1345864889,
 _ _ _ _ _ _ _ _ _ _ _ _ _  sin6_addr = {__in6_u = {__u6_addr8 = '\000' <repeats 15 
times>, __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {0, 0, 0, 
0}}}, sin6_scope_id = 0}}, bind_address = 0xXXX, proto = 1 '\001'}
 _ _ _ _ _ _ _  evp = {data = 0x0, rcv = 0x0, dst = 0x0}
 _ _ _ _ _ _ _  printbuf = "XXX"...
 _ _ _ _ _ _ _  i = 1981052368
 _ _ _ _ _ _ _  j = 5
 _ _ _ _ _ _ _  l = 0
 _ _ _ _ _ _ _  __func__ = "udp_rcv_loop"
#5_  0x0000555b5e9c8e32 in main_loop () at main.c:1645
 _ _ _ _ _ _ _  i = 4
 _ _ _ _ _ _ _  pid = 0
 _ _ _ _ _ _ _  si = 0x7f1076130940
 _ _ _ _ _ _ _  si_desc = "udp receiver child=4 
sock=XXX:5060XXX"
 _ _ _ _ _ _ _  nrprocs = 8
 _ _ _ _ _ _ _  woneinit = 1
 _ _ _ _ _ _ _  __func__ = "main_loop"
#6_  0x0000555b5e9d0fdd in main (argc=17, argv=0x7ffc14441698) at main.c:2675
 _ _ _ _ _ _ _  cfg_stream = 0x555b5fe5c010
 _ _ _ _ _ _ _  c = -1
 _ _ _ _ _ _ _  r = 0
 _ _ _ _ _ _ _  tmp = 0x7ffc14442f30 ""
 _ _ _ _ _ _ _  tmp_len = 340006256
 _ _ _ _ _ _ _  port = 32764
 _ _ _ _ _ _ _  proto = 340006352
 _ _ _ _ _ _ _  options = 0x555b5ed33020 
":f:cm:M:dVIhEeb:l:L:n:vKrRDTN:W:w:t:u:g:P:G:SQ:O:a:A:x:X:Y:"
 _ _ _ _ _ _ _  ret = -1
 _ _ _ _ _ _ _  seed = 1181662442
 _ _ _ _ _ _ _  rfd = 4
 _ _ _ _ _ _ _  debug_save = 0
 _ _ _ _ _ _ _  debug_flag = 0
 _ _ _ _ _ _ _  dont_fork_cnt = 0
 _ _ _ _ _ _ _  n_lst = 0x0
 _ _ _ _ _ _ _  p = 0xffffffff <error: Cannot access memory at address 0xffffffff>
 _ _ _ _ _ _ _  st = {st_dev = 19, st_ino = 17502, st_nlink = 2, st_mode = 
16832, st_uid = 115, st_gid = 123, __pad0 = 0, st_rdev = 0, st_size = 
40, st_blksize = 4096, st_blocks = 0, st_atim = {tv_sec = 1547850959, 
tv_nsec = 183989794}, st_mtim = {tv_sec = 1547851014,
 _ _ _ _ _ _ _ _ _ _ _  tv_nsec = 719730801}, st_ctim = {tv_sec = 1547851014, 
tv_nsec = 955611149}, __glibc_reserved = {0, 0, 0}}
 _ _ _ _ _ _ _  __func__ = "main"




More information about the sr-users mailing list