[SR-Users] crash when sending reply

Sergey Safarov s.safarov at gmail.com
Fri Jul 2 12:13:25 CEST 2021


        s = 0xef41e788a0679800 <error: Cannot access memory at address
0xef41e788a0679800>
        len = -1685145520

you can check
https://github.com/kamailio/kamailio/issues/2788
https://github.com/kamailio/kamailio/issues/2736

Here changed memory handling
You can try the current master or manually apply commits with fix

If the issue still reproduced please report using the master branch if
possible.



On Fri, Jul 2, 2021 at 11:30 AM Juha Heinanen <jh at tutpro.com> wrote:

> Kamailio 5.5 crashed when sending reply (bt full below).  Before the
> crash there had been several mysql related error messages ("Lost
> connection to MySQL server during query" and "Too many connections") in
> syslog when async worker tried to insert accounting data.  So perhaps
> this core dump has something to do with that.
>
> -- Juha
>
> Reading symbols from /usr/bin/sip-proxy...done.
> [New LWP 21324]
> [Thread debugging using libthread_db enabled]
> Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
> Core was generated by `/usr/bin/sip-proxy -f /etc/sip-proxy/sip-proxy.cfg
> -P /run/sip-proxy/sip-proxy.'.
> Program terminated with signal SIGSEGV, Segmentation fault.
> #0  0x00007fd274ce3b6e in run_trans_callbacks_internal
> (cb_lst=0x7fd2532503a8, type=512, trans=0x7fd253250330,
> params=0x7fff9b8eb2b0) at t_hooks.c:254
> 254     t_hooks.c: No such file or directory.
> (gdb) bt full
> #0  0x00007fd274ce3b6e in run_trans_callbacks_internal
> (cb_lst=0x7fd2532503a8, type=512, trans=0x7fd253250330,
> params=0x7fff9b8eb2b0) at t_hooks.c:254
>         cbp = 0x10
>         backup_from = 0x5613ccfb37f0 <def_list+16>
>         backup_to = 0x5613ccfb37f8 <def_list+24>
>         backup_dom_from = 0x5613ccfb3800 <def_list+32>
>         backup_dom_to = 0x5613ccfb3808 <def_list+40>
>         backup_uri_from = 0x5613ccfb37e0 <def_list>
>         backup_uri_to = 0x5613ccfb37e8 <def_list+8>
>         backup_xavps = 0x5613ccf56270 <_xavp_list_head>
>         backup_xavus = 0x5613ccf56278 <_xavu_list_head>
>         backup_xavis = 0x5613ccf56280 <_xavi_list_head>
>         __func__ = "run_trans_callbacks_internal"
> #1  0x00007fd274ce41f7 in run_trans_callbacks_with_buf (type=512,
> rbuf=0x7fd253250400, req=0x7fd252d6dd20, repl=0x7fd2758bf0b0, flags=0) at
> t_hooks.c:303
>         params = {req = 0x7fd252d6dd20, rpl = 0x7fd2758bf0b0, param =
> 0x7fd254760f60, code = 486, flags = 0, branch = 0, t_rbuf = 0x7fd253250400,
> dst = 0x7fd253250450, send_buf = {
>             s = 0x7fd25325b9f0 "@", len = 579}}
>         trans = 0x7fd253250330
> #2  0x00007fd274c88c15 in relay_reply (t=0x7fd253250330,
> p_msg=0x7fd2758bf0b0, branch=0, msg_status=486, cancel_data=0x7fff9b8eb580,
> do_put_on_wait=1) at t_reply.c:2133
>         relay = 0
>         save_clone = 0
>         buf = 0x7fd275ca0ff0 "SIP/2.0 486 Busy Here\r\nTo:
> <sip:XXXXX at XXXXX.com;user=phone>;tag=h7g4Esbg_11002529899813\r\nFrom:
> <sip:XXXXX at XXXXX>;tag=as6964f29d\r\nCal"...
>         res_len = 579
>         relayed_code = 486
>         relayed_msg = 0x7fd2758bf0b0
>         reply_bak = 0x7fd2510f1000
>         bm = {to_tag_val = {s = 0x7fd25216e4c0 "@\003", len = 1377234752}}
>         totag_retr = 0
>         reply_status = RPS_COMPLETED
>         uas_rb = 0x7fd253250400
>         to_tag = 0x7fd25216e820
>         reason = {s = 0x7fd25216e830 "0", len = 1394935248}
>         onsend_params = {req = 0x9b8eb420, rpl = 0x7fd274c6b10d
> <futex_get+40>, param = 0x1, code = 1359984720, flags = 32722, branch = 0,
> t_rbuf = 0x7fff9b8eb460, dst = 0xa0679800, send_buf = {
>             s = 0x19b8eb450 <error: Cannot access memory at address
> 0x19b8eb450>, len = 1359984720}}
>         ip = {af = 2609820752, len = 32767, u = {addrl = {94643040895493,
> 0}, addr32 = {3436528133, 22035, 0, 0}, addr16 = {16901, 52437, 22035, 0,
> 0, 0, 0, 0},
>             addr =
> "\005B\325\314\023V\000\000\000\000\000\000\000\000\000"}}
>         __func__ = "relay_reply"
> #3  0x00007fd274c8de6b in reply_received (p_msg=0x7fd2758bf0b0) at
> t_reply.c:2680
>         msg_status = 486
>         last_uac_status = 180
>         ack = 0x7fd25216e830 "0"
>         ack_len = 459
>         branch = 0
>         reply_status = 32722
>         onreply_route = 2
>         cancel_data = {cancel_bitmap = 0, reason = {cause = 0, u = {text =
> {s = 0x0, len = 1977055608}, e2e_cancel = 0x0, packed_hdrs = {s = 0x0, len
> = 1977055608}}}}
>         uac = 0x7fd2532505c0
>         t = 0x7fd253250330
>         lack_dst = {send_sock = 0x40, to = {s = {sa_family = 49168,
> sa_data = "\207u\322\177\000\000\220\266\216\233\377\177\000"}, sin =
> {sin_family = 49168, sin_port = 30087, sin_addr = {
>                 s_addr = 32722}, sin_zero =
> "\220\266\216\233\377\177\000"}, sin6 = {sin6_family = 49168, sin6_port =
> 30087, sin6_flowinfo = 32722, sin6_addr = {__in6_u = {
>                   __u6_addr8 =
> "\220\266\216\233\377\177\000\000L=\215s\322\177\000", __u6_addr16 =
> {46736, 39822, 32767, 0, 15692, 29581, 32722, 0}, __u6_addr32 =
> {2609821328, 32767, 1938636108,
>                     32722}}}, sin6_scope_id = 1971831024}, sas =
> {ss_family = 49168,
>               __ss_padding =
> "\207u\322\177\000\000\220\266\216\233\377\177\000\000L=\215s\322\177\000\000\360\300\207u\322\177",
> '\000' <repeats 13 times>,
> "\b\000\000\000\000\060Z\264u\322\177\000\000\213\t\342\316\023V\000\000;\b\342\316\023V\000\000\020\313\320\000\000\000\000\000\020\000\000\000\000\000\000\000I\001\000\000\000\000\000\000\000\230g\240\210\347A\357\300\266\216\233\377\177\000\000\000\230g\240\210\347",
> <incomplete sequence \357>, __ss_align = 0}}, id = 0, send_flags = {f = 0,
> blst_imask = 0}, proto = 0 '\000', proto_pad0 = 0 '\000', proto_pad1 = 0}
>         backup_user_from = 0x5613ccfb37f0 <def_list+16>
>         backup_user_to = 0x5613ccfb37f8 <def_list+24>
>         backup_domain_from = 0x5613ccfb3800 <def_list+32>
>         backup_domain_to = 0x5613ccfb3808 <def_list+40>
>         backup_uri_from = 0x5613ccfb37e0 <def_list>
>         backup_uri_to = 0x5613ccfb37e8 <def_list+8>
>         backup_xavps = 0x5613ccf56270 <_xavp_list_head>
>         backup_xavus = 0x5613ccf56278 <_xavu_list_head>
>         backup_xavis = 0x5613ccf56280 <_xavi_list_head>
>         replies_locked = 1
>         branch_ret = 0
>         prev_branch = 1971830800
>         blst_503_timeout = 32722
>         hf = 0xb5c750
>         onsend_params = {req = 0x7fff9b8eb5e0, rpl = 0xef41e788a0679800,
> param = 0x30, code = 0, flags = 0, branch = 0, t_rbuf = 0x0, dst =
> 0x7fd27d972cb0 <__syslog>, send_buf = {
>             s = 0x5613ccec69b3 "INFO", len = -1603823616}}
>         ctx = {rec_lev = 0, run_flags = 2, last_retcode = -1, jmp_env =
> {{__jmpbuf = {0, -5133089567146157739, 0, 140542026919088, 94643042412979,
> 536870912, -5133089567232140971, -1505551737941960363},
>               __mask_was_saved = 0, __saved_mask = {__val =
> {140735803210560, 13683472, 7765887371, 140735803209568, 94643041089583, 0,
> 17240315422543681536, 0, 0, 0, 0, 94643042412979,
>                   17240315422543681536, 140735803209872, 94643041372964,
> 2866715017336}}}}}
>         bctx = 0x7fd27587c010
>         keng = 0x0
>         ret = 0
>         evname = {s = 0x7fd274d3696f "on_sl_reply", len = 11}
>         __func__ = "reply_received"
> #4  0x00005613ccbba0d4 in do_forward_reply (msg=0x7fd2758bf0b0, mode=0) at
> core/forward.c:764
>         new_buf = 0x0
>         dst = {send_sock = 0x0, to = {s = {sa_family = 0, sa_data = '\000'
> <repeats 13 times>}, sin = {sin_family = 0, sin_port = 0, sin_addr =
> {s_addr = 0}, sin_zero = "\000\000\000\000\000\000\000"},
>             sin6 = {sin6_family = 0, sin6_port = 0, sin6_flowinfo = 0,
> sin6_addr = {__in6_u = {__u6_addr8 = '\000' <repeats 15 times>, __u6_addr16
> = {0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {0, 0, 0,
>                     0}}}, sin6_scope_id = 0}, sas = {ss_family = 0,
> __ss_padding = '\000' <repeats 117 times>, __ss_align = 0}}, id = 0,
> send_flags = {f = 0, blst_imask = 0}, proto = 0 '\000',
>           proto_pad0 = 0 '\000', proto_pad1 = 0}
>         new_len = 0
>         r = 2
>         ip = {af = 1, len = 6356993, u = {addrl = {140735803210560,
> 140541891965104}, addr32 = {2609822528, 32767, 1972105392, 32722}, addr16 =
> {47936, 39822, 32767, 0, 61616, 30091, 32722, 0},
>             addr =
> "@\273\216\233\377\177\000\000\260\360\213u\322\177\000"}}
>         s = 0xef41e788a0679800 <error: Cannot access memory at address
> 0xef41e788a0679800>
>         len = -1685145520
>         __func__ = "do_forward_reply"
> #5  0x00005613ccbbc23c in forward_reply (msg=0x7fd2758bf0b0) at
> core/forward.c:865
> No locals.
> #6  0x00005613ccc5eea9 in receive_msg (
>     buf=0x5613cee206f0 "SIP/2.0 486 Busy Here\r\nTo: <sip:XXXXX at XXXXX;user=phone>;tag=h7g4Esbg_11002529899813\r\nFrom:
> <sip:XXXXX at XXXXX>;tag=as6964f29d\r\nCal"..., len=667,
> rcv_info=0x7fd253b7cad8) at core/receive.c:587
>         msg = 0x7fd2758bf0b0
>         ctx = {rec_lev = 0, run_flags = 0, last_retcode = 1, jmp_env =
> {{__jmpbuf = {0, -5133089566915471019, 0, 140542026919088, 94643042412979,
> 536870912, -5133089567001454251, -1505551737941960363},
>               __mask_was_saved = 0, __saved_mask = {__val =
> {94643073835016, 65535, 17240315422543681536, 18446744073709551536, 2, 0,
> 140542026919088, 94643042412979, 536870912, 140735803211024,
>                   94643040635195, 140735803211696, 65535, 65536, 4095,
> 140735803211580}}}}}
>         bctx = 0x0
>         ret = 1
>         tvb = {tv_sec = 0, tv_usec = 0}
>         tve = {tv_sec = 0, tv_usec = 0}
>         diff = 0
>         inb = {s = 0x5613cee206f0 "SIP/2.0 486 Busy Here\r\nTo:
> <sip:XXXXX at XXXXX;user=phone>;tag=h7g4Esbg_11002529899813\r\nFrom:
> <sip:XXXXX at XXXXX>;tag=as6964f29d\r\nCal"..., len = 667}
>         netinfo = {data = {s = 0x5613cee206f0 "SIP/2.0 486 Busy
> Here\r\nTo: <sip:XXXXX at XXXXX;user=phone>;tag=h7g4Esbg_11002529899813\r\nFrom:
> <sip:XXXXX at XXXXX;tag=as6964f29d\r\nCal"..., len = 667}, rcv =
> 0x7fd253b7cad8, dst = 0x0}
>         keng = 0x0
>         evp = {data = 0x7fff9b8eba90, obuf = {s = 0x0, len = 0}, rcv =
> 0x7fd253b7cad8, dst = 0x0, req = 0x0, rpl = 0x0, rplcode = 0, mode = 0}
>         cidlockidx = 0
>         cidlockset = 0
>         errsipmsg = 0
>         exectime = 0
>         __func__ = "receive_msg"
> #7  0x00005613ccd1cf15 in receive_tcp_msg (tcpbuf=0x7fd253b7ce60 "SIP/2.0
> 486 Busy Here\r\nTo: <sip:XXXXX at XXXXX;user=phone>;tag=h7g4Esbg_11002529899813\r\nFrom:
> <sip:XXXXX at XXXXX>;tag=as6964f29d\r\nCal"..., len=667,
> rcv_info=0x7fd253b7cad8, con=0x7fd253b7cac0) at core/tcp_read.c:1424
>         buf = 0x5613cee206f0 "SIP/2.0 486 Busy Here\r\nTo: <sip:XXXXX at XXXXX;user=phone>;tag=h7g4Esbg_11002529899813\r\nFrom:
> <sip:XXXXX at XXXXX>;tag=as6964f29d\r\nCal"...
>         bsize = 65535
>         blen = 65535
>         __func__ = "receive_tcp_msg"
> #8  0x00005613ccd1f554 in tcp_read_req (con=0x7fd253b7cac0,
> bytes_read=0x7fff9b8ebf34, read_flags=0x7fff9b8ebf3c) at
> core/tcp_read.c:1607
>         bytes = 667
>         total_bytes = 667
>         resp = 1
>         size = 0
>         req = 0x7fd253b7cbe8
>         dst = {send_sock = 0x7fff9b8ebec0, to = {s = {sa_family = 32062,
> sa_data = "\303\314\023V\000\000p\276\216\233\377\177\000"}, sin =
> {sin_family = 32062, sin_port = 52419, sin_addr = {s_addr = 22035},
> sin_zero = "p\276\216\233\377\177\000"}, sin6 = {sin6_family = 32062,
> sin6_port = 52419, sin6_flowinfo = 22035, sin6_addr = {__in6_u =
> {__u6_addr8 = "p\276\216\233\377\177\000\000\030\000\000\000\000\000\000",
> __u6_addr16 = {48752, 39822, 32767, 0, 24, 0, 0, 0}, __u6_addr32 =
> {2609823344, 32767, 24, 0}}}, sin6_scope_id = 0}, sas = {ss_family = 32062,
> __ss_padding = "\303\314\023V\000\000p\276\216\233\377\177\000\000\030",
> '\000' <repeats 15 times>,
> "\225q\\\037P\000\000\000\070,\214u\322\177\000\000\000\244\374\314\023V\000\000\000\000\000\000\001
> \000\000\070,\214u\322\177\000\000\001\000\000\000\000\000\000\000\300ʷS\322\177\000\000\200\276\216\233\377\177\000\000\070,\214u\322\177\000\000\200\277\216\233\377\177\000\000\b\000\000\000\000\000\000",
> __ss_align = 20}}, id = 1, send_flags = {f = 1, blst_imask = 0}, proto = 31
> '\037', proto_pad0 = 0 '\000', proto_pad1 = 0}
>         c = 49 '1'
>         ret = 0
>         __func__ = "tcp_read_req"
> #9  0x00005613ccd23eb4 in handle_io (fm=0x7fd2758c2c38, events=1, idx=-1)
> at core/tcp_read.c:1857
>         ret = 0
>         n = 1404553920
>         read_flags = RD_CONN_SHORT_READ
>         con = 0x7fd253b7cac0
>         s = 1404554328
>         resp = 1
>         t = 526152085
>         ee = 0x0
>         __func__ = "handle_io"
> #10 0x00005613ccd0dd1e in io_wait_loop_epoll (h=0x5613ccfca240 <io_w>,
> t=2, repeat=0) at core/io_wait.h:1070
>         n = 1
>         r = 0
>         fm = 0x7fd2758c2c38
>         revents = 1
>         __func__ = "io_wait_loop_epoll"
> #11 0x00005613ccd25981 in tcp_receive_loop (unix_sock=39) at
> core/tcp_read.c:1978
>         __func__ = "tcp_receive_loop"
> #12 0x00005613ccb8561b in tcp_init_children (woneinit=0x7fff9b8ec338) at
> core/tcp_main.c:5139
>         r = 2
>         i = 7
>         reader_fd_1 = 39
>         pid = 0
>         si_desc = "tcp receiver
> (generic)\000\000\205\220\274\314\023V\000\000\020Î\233\377\177\000\000\301\200\313\314\000\000\000\000AS\000\000\000\000\000\000۸\352\314\023V\000\000\246\000\216\233\377\177\000\000\034\352\340\314\023V\000\000\340\302\216\233\001\000\000\000\360\311\017Q\322\177\000\000\340\302\216\233\377\177\000\000\340\227:S\001\000\000\000\000Î\233\377\177\000\000\274\353\340\314\023V\000"
>         si = 0x0
>         __func__ = "tcp_init_children"
> #13 0x00005613cca62bba in main_loop () at main.c:1857
>         i = 8
>         pid = 21313
>         si = 0x0
>         si_desc = "udp receiver child=7
> sock=XXX.XXX.XXX.XXX:5060\000\000\000\003\000\000\000
> \000\000\000\000\230g\240\210\347A\357\000\000\000\000\000\000\000\000\210P\347\314\023V\000\000\000\000\000\000\000\000\000\000\260,\227}\322\177\000\000\263i\354\314\023V\000\000\000\000\000
> \000\000\000\000\260Ď\233\377\177\000\000\t\205\317\314\023V\000"
>         nrprocs = 8
>         woneinit = 1
>         __func__ = "main_loop"
> #14 0x00005613cca6d4aa in main (argc=17, argv=0x7fff9b8ec9f8) at
> main.c:3053
>         cfg_stream = 0x5613cecb6290
>         c = -1
>         r = 0
>         tmp = 0x7fff9b8ecf3f ""
>         tmp_len = 2109797928
>         port = 32722
>         proto = 2109962736
>         ahost = 0x0
>         aport = 0
>         options = 0x5613cce77ce0
> ":f:cm:M:dVIhEeb:l:L:n:vKrRDTN:W:w:t:u:g:P:G:SQ:O:a:A:x:X:Y:"
>         ret = -1
>         seed = 3769828628
>         rfd = 4
>         debug_save = 0
>         debug_flag = 0
>         dont_fork_cnt = 0
>         n_lst = 0x0
>         p = 0x0
>         st = {st_dev = 21, st_ino = 17087, st_nlink = 2, st_mode = 16832,
> st_uid = 109, st_gid = 115, __pad0 = 0, st_rdev = 0, st_size = 40,
> st_blksize = 4096, st_blocks = 0, st_atim = {tv_sec = 1620845793, tv_nsec =
> 887985330}, st_mtim = {tv_sec = 1625090397, tv_nsec = 157181302}, st_ctim =
> {tv_sec = 1625090401, tv_nsec = 197141517}, __glibc_reserved = {0, 0, 0}}
>         tbuf =
> "\000\000\000\000\000\000\000\000\b\000\000\000\000\000\000\000\060\207\303}\322\177\000\000\000\000\000\000\000\000\000\000\240q\237\233\377\177\000\000\364\212\301}\322\177\000\000\b\000\000\000\000\000\000\000\230r\237\233\377\177\000\000\060\207\303}\322\177\000\000\230ǎ\233\377\177\000\000\224ǎ\233\377\177",
> '\000' <repeats 18 times>,
> "\230r\237\233\377\177\000\000\250q\237\233\377\177\000\000'\376\237}\322\177\000\000&\260be\000\000\000\000\000Ɏ\233\377\177\000\000\300\212\225\001\000\000\000\000`Ȏ\233\377\177\000\000PȎ\233\377\177\000\000\230ǎ\233\377\177\000\000X\207\303}\322\177\000\000\001",
> '\000' <repeats 31 times>...
>         option_index = 0
>         long_options = {{name = 0x5613cce79f3f "help", has_arg = 0, flag =
> 0x0, val = 104}, {name = 0x5613cce754e0 "version", has_arg = 0, flag = 0x0,
> val = 118}, {name = 0x5613cce79f44 "alias", has_arg = 1, flag = 0x0, val =
> 1024}, {name = 0x5613cce79f4a "subst", has_arg = 1, flag = 0x0, val =
> 1025}, {name = 0x5613cce79f50 "substdef", has_arg = 1, flag = 0x0, val =
> 1026}, {name = 0x5613cce79f59 "substdefs", has_arg = 1, flag = 0x0, val =
> 1027}, {name = 0x5613cce79f63 "server-id", has_arg = 1, flag = 0x0, val =
> 1028}, {name = 0x5613cce79f6d "loadmodule", has_arg = 1, flag = 0x0, val =
> 1029}, {name = 0x5613cce79f78 "modparam", has_arg = 1, flag = 0x0, val =
> 1030}, {name = 0x5613cce79f81 "log-engine", has_arg = 1, flag = 0x0, val =
> 1031}, {name = 0x5613cce79f8c "debug", has_arg = 1, flag = 0x0, val =
> 1032}, {name = 0x5613cce79f92 "cfg-print", has_arg = 0, flag = 0x0, val =
> 1033}, {name = 0x5613cce79f9c "atexit", has_arg = 1, flag = 0x0, val =
> 1034}, {name = 0x0, has_arg = 0, flag = 0x0, val = 0}}
>         __func__ = "main"
> __________________________________________________________
> Kamailio - Users Mailing List - Non Commercial Discussions
>   * sr-users at lists.kamailio.org
> Important: keep the mailing list in the recipients, do not reply only to
> the sender!
> Edit mailing list options or unsubscribe:
>   * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20210702/22228e3c/attachment.htm>


More information about the sr-users mailing list