sr-dev May 2023

sr-dev@lists.kamailio.org

16 participants
323 discussions

[kamailio/kamailio] pv_cache gets filled if dynamic names are used (Issue #3440)
by Victor Seva 23 Nov '23

23 Nov '23

### Description _**Sipwise** hat on_ We noticed that pkg memory was getting exhausted and we found out that pv_cache_add() was the origin of the allocations. We are using ``$xavp(user_<UUID>)`` variables that, for sure, are kind of dynamic. There is a pv_cache_drop() that tries to remove ``$sht()`` occurrences when the cache is about to be filled but in our case that's not helping. #### Log Messages ``` WARNING: ROUTE_SET_CALLEE_DIALOG_TOTAL <core> [core/pvapi.c:340]: pv_cache_add(): pv cache limit is going to be exceeded - pkg memory may get filled with pv declarations WARNING: dialog:failed <core> [core/pvapi.c:340]: pv_cache_add(): pv cache limit is going to be exceeded - pkg memory may get filled with pv declarations ``` ### Possible Solutions Possible solutions that came on the top of my head: - add a datetime member to struct _pv_cache so we can keep the last time it was accessed and search for the oldest and remove them in pv_cache_drop() - add pv module parameter to define a magic prefix, for instance '__' that will mark those vars as "temporal" should remove it from cache when needed. - add pv module parameter to control what types of variables will be added to cache Any thoughts about this? -- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/3440 You are receiving this because you are subscribed to this thread. Message ID: <kamailio/kamailio/issues/3440(a)github.com>

3 5

[kamailio/kamailio] Random segmentation fault when using 2-argument variant of 'save' function from IMS Registrar SCSCF module (Issue #3412)
by Przemysław Ołtarzewski 23 Nov '23

23 Nov '23

### Description We've been experiencing random Kamailio crashes related to invalid memory access attempts at `0xffff` in `w_save` call, `ims_registrar_scscf_mod.c`: ``` Core was generated by `kamailio -w /home -DD -E -e -f /etc/kamailio/kamailio_scscf.cfg'. Program terminated with signal SIGSEGV, Segmentation fault. #0 0x00007f5be796c452 in w_save (_m=0x7f5beafa5188, _route=0x7f5beaeab988 " \b\361\352[\177", _d=0x7f5be3bf8200 "", mode=0x7f5beafa5188 "4", _cflags=0xffff <error: Cannot access memory at address 0xffff>) at ims_registrar_scscf_mod.c:628 ``` We are running the latest Kamailio 5.6.4 using the official Docker image. ### Analysis We were able to analyze corresponding core dump using `gdb` and determine the cause of those random crashes. It turns out that it is related to calling the `save` function of IMS Registrar SCSCF module with 2 arguments. Example configuration: ``` save("REG_SAR_REPLY", "location"); ``` According to documentation, this call is valid, as `mode` and `flags` parameters are optional: https://kamailio.org/docs/modules/5.6.x/modules/ims_registrar_scscf.html#id… The `save` function is exported in `ims_registrar_scscf_mod.c` as follows: ``` /*! \brief * Exported functions */ static cmd_export_t cmds[] = { {"save", (cmd_function) w_save, 2, assign_save_fixup3_async, 0, REQUEST_ROUTE | ONREPLY_ROUTE}, {"save", (cmd_function) w_save, 3, assign_save_fixup3_async, 0, REQUEST_ROUTE | ONREPLY_ROUTE}, {"save", (cmd_function) w_save, 4, save_fixup3, free_uint_fixup, REQUEST_ROUTE | ONREPLY_ROUTE}, ... } ``` And implemented as: ``` /*! \brief * Wrapper to save(location) */ static int w_save(struct sip_msg* _m, char* _route, char* _d, char* mode, char* _cflags) { if(_cflags){ return save(_m, _d, _route, ((int)(*_cflags))); } return save(_m, _d, _route, 0); } ``` Using the 2-argument `save` variant in configuration effectively causes the `w_save` to be called from `src/core/action.c :: do_action` via a 3-argument function-pointer cast: ``` case MODULE2_T: MODF_CALL(cmd_function, h, msg, a->val, (char*)a->val[2].u.data, (char*)a->val[3].u.data ); break; ``` Unfortunately, this cast is inherently unsafe - it leaves the `mode` and `_cflags` undetermined. They are probably effectively bound to some memory area beyond the parameter values of the stack frame corresponding to the function call. Our guess is that incidentally `_cflags == 0x0000` for most of those calls, due to how the stack is structured. But sometimes `_cflags == 0xFFFF` which satisfies the condition in `w_save`, causes `(int)(*_cflags)` dereference attempt and leads to the segmentation fault we've encountered. ### Workaround Based on source code analysis, we have determined that always using `save` with a full set of arguments (including optional ones) will result in `w_save` being called via a 5-argument function pointer, which matches its signature and avoids the issue. Example configuration with workaround applied: ``` save("REG_SAR_REPLY", "location", "0", "0"); ``` After introducing this workaround on target environment we are no longer experiencing the problem. -- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/3412 You are receiving this because you are subscribed to this thread. Message ID: <kamailio/kamailio/issues/3412(a)github.com>

2 2

[kamailio/kamailio] Crash with "F_TCPCONN connection marked as bad" (Issue #3392)
by David Cunningham 23 Nov '23

23 Nov '23

We had a Kamailio 5.5.4 server crash. There were lots of the following errors repeated over and over in the Kamailio log: Mar 10 14:59:14 px1 /usr/sbin/kamailio[1375]: WARNING: <core> [core/tcp_read.c:1840]: handle_io(): F_TCPCONN connection marked as bad: 0x7f48e97ecdc8 id 0 fd -1 refcnt 0 ([]:0 -> []:0) Mar 10 14:59:14 px1 /usr/sbin/kamailio[1375]: CRITICAL: <core> [core/io_wait.h:596]: io_watch_del(): invalid fd -1, not in [0, 2) And in the syslog it said: Mar 10 14:59:14 px1 kernel: [731786.728781] kamailio[1363]: segfault at 10 ip 00007f48e6dde42d sp 00007ffc2d23ef00 error 4 in tls.so[7f48e6d9c000+47000] Mar 10 14:59:14 px1 kernel: [731786.728814] Code: 98 01 5c 24 28 41 29 dd 49 01 84 24 40 01 00 00 c7 44 24 6c 00 00 00 00 85 c9 0f 85 be 08 00 00 49 8b 94 24 90 01 00 00 31 f6 <48> 8b 7a 10 31 d2 e8 38 10 fc ff 85 c0 0f 8e 90 0d 00 00 45 31 db Is anyone able to advise whether this is a known issue, and if it's fixed in a more recent version? The only related bug report I found was issue #748 which was closed without resolution. Our Kamailio is installed from the Ubuntu 22.04 repository. -- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/3392 You are receiving this because you are subscribed to this thread. Message ID: <kamailio/kamailio/issues/3392(a)github.com>

3 7

[kamailio/kamailio] tls.reload during tls relaying cause tls memory double free (Issue #3319)
by JiangHai2011 23 Nov '23

23 Nov '23

### Description during tls relaying, do tls.reload repeatedly, tcp receiver task will crash ### Troubleshooting #### Reproduction (1)write a simple request_route logic in kamailio.cfg, as follows: request_route { add_local_rport(); $du = "sip:192.168.131.190:1001;transport=tls"; forward(); } (2)start sipp caller to kamailio tls:0.0.0.0:5061 and kamailio will relay this request to callee (3)at the same time, in another console, run the following cmds: while true; do /opt/kamailio/sbin/kamcmd tls.reload && sleep 0.1&& echo `date`; done; #### Debugging Data ``` (gdb) bt full #0 0x00007f69569e81f7 in raise () from /lib64/libc.so.6 No symbol table info available. #1 0x00007f69569e98e8 in abort () from /lib64/libc.so.6 No symbol table info available. #2 0x00000000006d59cf in tlsf_free (tlsf=0x7f6920869000, ptr=0x7f6927ca74b8, file=0x7f694ccb73e4 "tls: tls_init.c", function=0x7f694ccb8b7e <__FUNCTION__.23358> "ser_free", line=323, mname=0x7f694ccb73e0 "tls") at core/mem/tlsf_malloc.c:1031 control = 0x7f6920869000 block = 0x7f6927ca7488 __FUNCTION__ = "tlsf_free" #3 0x00000000006da1ee in tlsf_shm_free (tlsfmp=0x7f6920869000, p=0x7f6927ca74b8, file=0x7f694ccb73e4 "tls: tls_init.c", func=0x7f694ccb8b7e <__FUNCTION__.23358> "ser_free", line=323, mname=0x7f694ccb73e0 "tls") at core/mem/tlsf_malloc.c:1544 No locals. #4 0x00007f694cc68cea in ser_free (ptr=0x7f6927ca74b8, fname=0x7f694c6fba75 "crypto/err/err.c", fline=450) at tls_init.c:323 __FUNCTION__ = "ser_free" #5 0x00007f694c617de3 in CRYPTO_free (str=0x7f6927ca74b8, file=0x7f694c6fba75 "crypto/err/err.c", line=450) at crypto/mem.c:299 No locals. #6 0x00007f694c5e656a in ERR_clear_error () at crypto/err/err.c:450 i = 1 es = 0x7f69208d17e8 #7 0x00007f694c9f8fbc in state_machine (s=0x7f6927ca4e58, server=1) at ssl/statem/statem.c:311 buf = 0x0 cb = 0x0 st = 0x7f6927ca4ea0 ret = -1 ssret = 57 #8 0x00007f694c9f8f17 in ossl_statem_accept (s=0x7f6927ca4e58) at ssl/statem/statem.c:255 No locals. ---Type <return> to continue, or q <return> to quit--- #9 0x00007f694c9dfd81 in SSL_do_handshake (s=0x7f6927ca4e58) at ssl/ssl_lib.c:3661 ret = 1 #10 0x00007f694c9dbfb9 in SSL_accept (s=0x7f6927ca4e58) at ssl/ssl_lib.c:1652 No locals. #11 0x00007f694cc9048e in tls_accept (c=0x7f6927c9f2a8, error=0x7ffe3a31e894) at tls_server.c:468 ret = 1 ssl = 0x7f6927ca4e58 cert = 0x0 tls_c = 0x7f6927c9ed50 tls_log = 32617 __FUNCTION__ = "tls_accept" pkey = 0x0 #12 0x00007f694cc9ab97 in tls_h_read_f (c=0x7f6927c9f2a8, flags=0x7ffe3a31ece0) at tls_server.c:1173 r = 0x7f6927c9f3d0 bytes_free = 16383 bytes_read = 194 read_size = 16383 ssl_error = 0 ssl_read = 0 ssl = 0x7f6927ca4e58 rd_buf = "\026\003\001\000\275\001\000\000\271\003\003\357$\303\342a\362C\v\220\n\031Fs=E\267m\215\260\031\341\376\027A\213Ѱ)\\\251\036\336\000\000\070\300,\300\060\000\237̨̩̪\300+\300/\000\236\300$\300(\000k\300#\300'\000g\300\n\300\024\000\071\300\t\300\023\000\063\000\235\000\234\000=\000<\000\065\000/\000\377\001\000\000X\000\v\000\004\003\000\001\002\000\n\000\f\000\n\000\035\000\027\000\036\000\031\000\030\000#\000\000\000\026\000\000\000\027\000\000\000\r\000\060\000.\004\003\005\003\006\003\b\a\b\b\b\t\b\n\b\v\b\004\b\005\b\006\004\001\005\001\006\001\003\003\002\003\003\001\002\001\003\002\002\002\004\002\005\002\006\002\232\203\002?\267,\241/\\\331"... wr_buf = "\026\003\003\000\272\004\000\000\266\000\000\034 \000\260\201\227\230o\346/%W\246\306o&\210j\017@\036\352\064\240\---Type <return> to continue, or q <return> to quit--- 346\351(q\233\374\321\332D1|\rI\235\b`\022v^Xk\265\f\270a\243\260\373\311\t<o\v\324\245\205@\344\vz\016\005Vbud\254f\n\326!\306\nm>r]\271e\351\345w\214\200\037\t\265\307\064)\033.\273{1\351\326W,\262\264\267\241\237M\254\276\372\026\227j8\344#Aw\r\025ULM\021\245\222:\004a\006zm?\374\243\224\275\300\310AG\347\305\376\257\303\035I\215\064\035\215\021\300\210o\036A\373\037\231l\242_\324\017\312^\024\r\312\340yq\375?\317 \024\003\003\000\001\001\026\003\003\000"... rd = {buf = 0x7ffe3a30e890 "\026\003\001", pos = 0, used = 194, size = 65536} wr = {buf = 0x7ffe3a2fe890 "\026\003\003", pos = 0, used = 0, size = 65536} tls_c = 0x7f6927c9ed50 enc_rd_buf = 0x0 n = 0 flush_flags = 1 err_src = 0x7f694ccc1878 "TLS read:" ip_buf = "192.168.131.190", '\000' <repeats 48 times> x = 0 tls_dbg = 0 __FUNCTION__ = "tls_h_read_f" #13 0x00000000006b6509 in tcp_read_headers (c=0x7f6927c9f2a8, read_flags=0x7ffe3a31ece0) at core/tcp_read.c:441 bytes = 65535 remaining = 0 p = 0x7f6925192572 ": 100587 <sip:100587@Sipproxy.gs:5062>;tag=588\r\nTo: 100 <sip:100@sipproxy.gs:5061;transport=TLS>;tag=21794\r\nCall-ID: 588-49839(a)192.168.131.190\r\nCSeq: 1 INVITE\r\nServer: Grandstream UCM6301V1.2C 1.0.13."... r = 0x7f6927c9f3d0 mc = 622404320 body_len = 0 mfline = 0x0 mtransid = {s = 0x7f6925191f40 "\030\002", len = 622403416} __FUNCTION__ = "tcp_read_headers" #14 0x00000000006bdd81 in tcp_read_req (con=0x7f6927c9f2a8, bytes_read=0x7ffe3a31ece4, read_flags=0x7ffe3a31ece0) ---Type <return> to continue, or q <return> to quit--- at core/tcp_read.c:1469 bytes = -1 total_bytes = 0 resp = 1 size = 140729874770784 req = 0x7f6927c9f3d0 dst = {send_sock = 0x400000010, to = {s = {sa_family = 0, sa_data = "\300+\002\000\000\000\001\000\061:\006\000\000"}, sin = {sin_family = 0, sin_port = 11200, sin_addr = {s_addr = 2}, sin_zero = "\001\000\061:\006\000\000"}, sin6 = { sin6_family = 0, sin6_port = 11200, sin6_flowinfo = 2, sin6_addr = {__in6_u = { __u6_addr8 = "\001\000\061:\006\000\000\000\000F\265\000\000\000\000", __u6_addr16 = {1, 14897, 6, 0, 17920, 181, 0, 0}, __u6_addr32 = {976289793, 6, 11879936, 0}}}, sin6_scope_id = 8233784}, sas = {ss_family = 0, __ss_padding = "\300+\002\000\000\000\001\000\061:\006\000\000\000\000F\265\000\000\000\000\000\070\243}\000\004\274{ \020\000\000\000\020\000\000\000 \354\061:\371\273{ \002\000\000\000\000\000\000\000\024\000\000\000\000\000\000\000\001\000\000\000\001\000\000\000\a\000\000\000\000\000\000\000\000\000\300+\000\000\000\000\330\354\061:\376\177\000\000\b", '\000' <repeats 22 times>, __ss_align = 140729874770800}}, id = 1, send_flags = {f = 0, blst_imask = 0}, proto = 80 'P', proto_pad0 = -21 '\353', proto_pad1 = 14897} c = 58 ':' ret = 0 __FUNCTION__ = "tcp_read_req" #15 0x00000000006c29e7 in handle_io (fm=0x7f6952f58a58, events=1, idx=-1) at core/tcp_read.c:1780 ret = 8 n = 8 read_flags = RD_CONN_SHORT_READ con = 0x7f6927c9f2a8 s = 7 resp = 1 t = 0 ---Type <return> to continue, or q <return> to quit--- ee = 0x0 __FUNCTION__ = "handle_io" #16 0x00000000006b1729 in io_wait_loop_epoll (h=0xb54600 <io_w>, t=2, repeat=0) at core/io_wait.h:1070 n = 1 r = 0 fm = 0x7f6952f58a58 revents = 1 __FUNCTION__ = "io_wait_loop_epoll" #17 0x00000000006c5519 in tcp_receive_loop (unix_sock=16) at core/tcp_read.c:1976 __FUNCTION__ = "tcp_receive_loop" #18 0x0000000000535888 in tcp_init_children (woneinit=0x7ffe3a31f09c) at core/tcp_main.c:5227 r = 1 i = 5 reader_fd_1 = 16 pid = 0 si_desc = "tcp receiver (generic)\000\000\000\000\000\000\000\000\000\000@\304A\000\000\000\000\000SI\203\000\000\000\000\000\070\243}\000\000\000\000\000\000\000\300+\000\000\000\000\060\360\061:\376\177\000\000\347SW\000\000\000\000\000\060\360\061:\376\177\000\000\n\363e\000\000\000\000\000\340\357\061:\376\177\000\000)\310w\000\000\000\000\000\t\000\000\000\n\000\000\000\000\263\206 i\177\000" si = 0x0 __FUNCTION__ = "tcp_init_children" #19 0x000000000042d562 in main_loop () at main.c:1849 i = 0 pid = 37536 si = 0x0 si_desc = "\v\000\000\000z\000\000\000\004\000\000\000j\001\000\000\000\000\000\000\376\177\000\000\200p\000\000\000\000\000\000p\025\252\002\000\000\000\000 \261\206 i\177\000\000\240\243^Ni\177\000\000\000\000\000\000\000\000\000\000`\366\061:\376\177\00---Type <return> to continue, or q <return> to quit--- 0\000\230Y^Ni\177\000\000SI\203\000\000\000\000\000\070\243}\000\000\000\000\000\250\225^Ni\177\000\000\217U\252Vi\177\000\000\000\362\061:\376\177\000\000\060\000\000\000\060\000\000" nrprocs = 5143176 woneinit = 1 __FUNCTION__ = "main_loop" #20 0x0000000000436b1e in main (argc=7, argv=0x7ffe3a31f748) at main.c:3078 cfg_stream = 0x2a130a0 c = -1 r = 0 tmp = 0x7ffe3a32157d "" tmp_len = 0 port = 0 proto = 0 ahost = 0x0 aport = 0 options = 0x7dd4e0 ":f:cm:M:dVIhEeb:l:L:n:vKrRDTN:W:w:t:u:g:P:G:SQ:O:a:A:x:X:Y:" ret = -1 seed = 2220745850 rfd = 4 debug_save = 0 debug_flag = 0 dont_fork_cnt = 0 n_lst = 0x7ffe3a31f600 p = 0x0 st = {st_dev = 18, st_ino = 104172, st_nlink = 2, st_mode = 16832, st_uid = 0, st_gid = 0, __pad0 = 0, st_rdev = 0, st_size = 40, st_blksize = 4096, st_blocks = 0, st_atim = {tv_sec = 1672026025, tv_nsec = 194902649}, st_mtim = { tv_sec = 1672281302, tv_nsec = 856611068}, st_ctim = {tv_sec = 1672281302, tv_nsec = 856611068}, __unused = {0, 0, 0}} ---Type <return> to continue, or q <return> to quit--- tbuf = "\216\377w\001", '\000' <repeats 12 times>, "\250\061\234Vi\177\000\000\000\360\212Wi\177", '\000' <repeats 90 times>, "\200\"\254\000\000\000\000\000\300\310A\000\000\000\000\000@\367\061:\376\177", '\000' <repeats 26 times>, "\336\310jWi\177\000\000\001", '\000' <repeats 23 times>... option_index = 0 long_options = {{name = 0x7df90f "help", has_arg = 0, flag = 0x0, val = 104}, {name = 0x7da7b4 "version", has_arg = 0, flag = 0x0, val = 118}, {name = 0x7df914 "alias", has_arg = 1, flag = 0x0, val = 1024}, {name = 0x7df91a "subst", has_arg = 1, flag = 0x0, val = 1025}, {name = 0x7df920 "substdef", has_arg = 1, flag = 0x0, val = 1026}, { name = 0x7df929 "substdefs", has_arg = 1, flag = 0x0, val = 1027}, {name = 0x7df933 "server-id", has_arg = 1, flag = 0x0, val = 1028}, {name = 0x7df93d "loadmodule", has_arg = 1, flag = 0x0, val = 1029}, { name = 0x7df948 "modparam", has_arg = 1, flag = 0x0, val = 1030}, {name = 0x7df951 "log-engine", has_arg = 1, flag = 0x0, val = 1031}, {name = 0x7df95c "debug", has_arg = 1, flag = 0x0, val = 1032}, {name = 0x7df962 "cfg-print", has_arg = 0, flag = 0x0, val = 1033}, {name = 0x7df96c "atexit", has_arg = 1, flag = 0x0, val = 1034}, {name = 0x0, has_arg = 0, flag = 0x0, val = 0}} __FUNCTION__ = "main" (gdb) (gdb) info locals cfg_stream = 0x2a130a0 c = -1 r = 0 tmp = 0x7ffe3a32157d "" tmp_len = 0 port = 0 proto = 0 ahost = 0x0 aport = 0 options = 0x7dd4e0 ":f:cm:M:dVIhEeb:l:L:n:vKrRDTN:W:w:t:u:g:P:G:SQ:O:a:A:x:X:Y:" ret = -1 seed = 2220745850 rfd = 4 debug_save = 0 debug_flag = 0 dont_fork_cnt = 0 n_lst = 0x7ffe3a31f600 p = 0x0 st = {st_dev = 18, st_ino = 104172, st_nlink = 2, st_mode = 16832, st_uid = 0, st_gid = 0, __pad0 = 0, st_rdev = 0, st_size = 40, st_blksize = 4096, st_blocks = 0, st_atim = {tv_sec = 1672026025, tv_nsec = 194902649}, st_mtim = {tv_sec = 1672281302, tv_nsec = 856611068}, st_ctim = {tv_sec = 1672281302, tv_nsec = 856611068}, __unused = {0, 0, 0}} tbuf = "\216\377w\001", '\000' <repeats 12 times>, "\250\061\234Vi\177\000\000\000\360\212Wi\177", '\000' <repeats 90 times>, "\200\"\254\000\000\000\000\000\300\310A\000\000\000\000\000@\367\061:\376\177", '\000' <repeats 26 times>, "\336\310jWi\177\000\000\001", '\000' <repeats 23 times>... option_index = 0 long_options = {{name = 0x7df90f "help", has_arg = 0, flag = 0x0, val = 104}, {name = 0x7da7b4 "version", has_arg = 0, flag = 0x0, val = 118}, {name = 0x7df914 "alias", has_arg = 1, flag = 0x0, val = 1024}, {name = 0x7df91a "subst", has_arg = 1, flag = 0x0, ---Type <return> to continue, or q <return> to quit--- val = 1025}, {name = 0x7df920 "substdef", has_arg = 1, flag = 0x0, val = 1026}, {name = 0x7df929 "substdefs", has_arg = 1, flag = 0x0, val = 1027}, {name = 0x7df933 "server-id", has_arg = 1, flag = 0x0, val = 1028}, {name = 0x7df93d "loadmodule", has_arg = 1, flag = 0x0, val = 1029}, {name = 0x7df948 "modparam", has_arg = 1, flag = 0x0, val = 1030}, { name = 0x7df951 "log-engine", has_arg = 1, flag = 0x0, val = 1031}, {name = 0x7df95c "debug", has_arg = 1, flag = 0x0, val = 1032}, {name = 0x7df962 "cfg-print", has_arg = 0, flag = 0x0, val = 1033}, {name = 0x7df96c "atexit", has_arg = 1, flag = 0x0, val = 1034}, {name = 0x0, has_arg = 0, flag = 0x0, val = 0}} __FUNCTION__ = "main" (gdb) list 1978 int main(int argc, char** argv) 1979 { 1980 1981 FILE* cfg_stream; 1982 int c,r; 1983 char *tmp; 1984 int tmp_len; 1985 int port; 1986 int proto; 1987 char *ahost = NULL; ``` #### Log Messages #### SIP Traffic ### Possible Solutions ### Additional Information * **Kamailio Version** - output of `kamailio -v` ``` version: kamailio 5.6.2 (x86_64/linux) flags: USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS, DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MMAP, PKG_MALLOC, Q_MALLOC, F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLOCKLIST, HAVE_RESOLV_RES ADAPTIVE_WAIT_LOOPS 1024, MAX_RECV_BUFFER_SIZE 262144, MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT PKG_SIZE 8MB poll method support: poll, epoll_lt, epoll_et, sigio_rt, select. id: unknown compiled on 10:33:27 Dec 29 2022 with gcc 4.9.4 ``` * **Operating System**:  ``` Linux localhost.localdomain 3.10.0-327.el7.x86_64 #1 SMP Thu Nov 19 22:10:57 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux ``` -- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/3319 You are receiving this because you are subscribed to this thread. Message ID: <kamailio/kamailio/issues/3319(a)github.com>

6 16

[kamailio/kamailio] kamailio crash alert (Issue #3290)
by 6ecbl 23 Nov '23

23 Nov '23

### Description crashes the server, raised by qm_debug_check_frag()[?] ### Troubleshooting #### Reproduction happens randomly #### Debugging Data ``` [New LWP 13364] [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". Core was generated by `/var/lib/ums/sbin/kamailio -m 2048 -M 12 -P /var/run/kamailio/kamailio.pid -f /'. Program terminated with signal SIGSEGV, Segmentation fault. #0 __strlen_avx2 () at ../sysdeps/x86_64/multiarch/strlen-avx2.S:65 65 ../sysdeps/x86_64/multiarch/strlen-avx2.S: No such file or directory. (gdb) bt full #0 __strlen_avx2 () at ../sysdeps/x86_64/multiarch/strlen-avx2.S:65 No locals. #1 0x00007fbaf0bf99ef in _IO_vfprintf_internal (s=s@entry=0x1874040, format=format@entry=0xa6217c "%s: %.*s%s%s%sBUG: qm: fragm. %p (address %p) beginning overwritten (%lx)! Memory allocator was called from %s:%u. Fragment marked by %s:%lu. Exec from %s:%u.\n", ap=ap@entry=0x7ffc043b3b60) at vfprintf.c:1638 len = <optimized out> string_malloced = 0 step0_jumps = {0, 3637, 3213, 3109, 4653, 2997, 4437, 4037, 3717, 4869, 4773, 3397, 4557, 4549, 3589, 4981, 3701, 4757, 3317, 2021, 1429, 1221, 2261, 1701, 1653, 797, 1773, 437, 437, 4333} space = 0 is_short = 0 use_outdigits = 0 outc = <optimized out> step1_jumps = {0, 0, 0, 0, 0, 0, 0, 0, 0, 4869, 4773, 3397, 4557, 4549, 3589, 4981, 3701, 4757, 3317, 2021, 1429, 1221, 2261, 1701, 1653, 797, 1773, 437, 437, 0} group = 0 prec = <optimized out> step2_jumps = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 4773, 3397, 4557, 4549, 3589, 4981, 3701, 4757, 3317, 2021, 1429, 1221, 2261, 1701, 1653, 797, 1773, 437, 437, 0} string = 0x8 <error: Cannot access memory at address 0x8> left = 0 is_long_double = <optimized out> width = 0 signed_number = <optimized out> step3a_jumps = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 3493, 0, 0, 0, 3589, 4981, 3701, 4757, 3317, 0, 0, 0, 0, 1701, 0, 0, 0, 0, 0, 0} alt = 0 showsign = 0 is_long = <optimized out> is_char = <optimized out> pad = 32 ' ' step3b_jumps = {0 <repeats 11 times>, 4557, 0, 0, 3589, 4981, 3701, 4757, 3317, 2021, 1429, 1221, 2261, 1701, 1653, 797, 1773, 0, 0, 0} step4_jumps = {0 <repeats 14 times>, 3589, 4981, 3701, 4757, 3317, 2021, 1429, 1221, 2261, 1701, 1653, 797, 1773, 0, 0, 0} args_value = <optimized out> is_negative = <optimized out> number = <optimized out> base = <optimized out> the_arg = {pa_wchar = 10882210 L'\xa60ca2', pa_int = 10882210, pa_long_int = 10882210, pa_long_long_int = 10882210, pa_u_int = 10882210, pa_u_long_int = 10882210, pa_u_long_long_int = 10882210, pa_double = 5.3765261118300716e-317, pa_long_double = <invalid float value>, pa_string = 0xa60ca2 "fragm. from qm_malloc", pa_wstring = 0xa60ca2 L"\x67617266\x66202e6d\x206d6f72\x6d5f6d71\x6f6c6c61\x633c0063\x3e65726f\x6f635b20\x6d2f6572\x712f6d65\x6c616d5f\x2e636f6c\x31343a63\x203a5d39\x64322500\x29642528\x3a732520\x2a2e2520\x25732573\x71732573\x616d5f6d\x636f6c6c\x2c702528\x756c2520\x65722029\x6e727574\x64612073\x73657264\x70252073\x61726620\x25202e67\x73282070\x3d657a69\x29756c25\x206e6f20\x2d206425\x68206874\xa7469\x726f633c\x5b203e65\x65726f63\x6d656d2f\x6d5f712f\x6f6c6c61\x3a632e63\x5d323334\x2500203a\x25286432\x25202964\x25203a73\x25732a2e\x25732573\x5f6d7173\x6c6c616d\x2528636f\x25202c70\x2029756c\x6c6c6163\x66206465\x206d6f72\x203a7325\x25287325\x202c2964\x75646f6d\x203a656c\x203b7325\x65657246\x61726620\x6e656d67\x6f6e2074\x6f662074\x21646e75\x6d71000a\x6572665f\x633c0065\x3e65726f\x6f635b20\x6d2f6572\x712f6d65\x6c616d5f\x2e636f6c\x38343a63\x203a5d32\x64322500\x29642528\x3a732520\x2a2e2520\x25732573\x71732573\x72665f6d\x25286565\x25202c70\x202c2970\x6c6c6163\x66206465\x206d6f72\x203a7325\x25287325\xa2964\x726f633c\x5b203e65\x65726f63\x6d656d2f\x6d5f712f\x6f6c6c61\x3a632e63\x5d373834\x2500203a\x25286432\x25202964\x25203a73\x25732a2e\x25732573\x52415773\x474e494e\x7266203a\x30286565\x61632029\x64656c6c\x6f726620\x7325206d\x7325203a\x29642528\x633c000a\x3e65726f\x6f635b20\x6d2f6572\x712f6d65\x6c616d5f\x2e636f6c\x39343a63\x203a5d38\x64322500\x29642528\x3a732520\x2a2e2520\x25732573\x42732573\x203a4755\x20646162\x6e696f70\x20726574\x28207025\x2074756f\x6d20666f\x726f6d65\x6c622079\x216b636f\x61632029\x64656c6c\x6f726620\x7325206d\x7325203a\x29642528\x61202d20\x74726f62\xa676e69\x6f633c00\x203e6572\x726f635b\x656d2f65\x5f712f6d\x6c6c616d\x632e636f\x3230353a\x203a5d\x28643225\x20296425\x203a7325\x732a2e25\x73257325\x55427325\x62203a47\x70206461\x746e696f\x25207265\x6f282070\x6f207475\x656d2066\x79726f6d\x6f6c6220\x29216b63\x6c616320\x2064656c\x6d6f7266\x3a732520\x28732520\x20296425\x6769202d\x69726f6e\xa676e\x726f633c\x5b203e65\x65726f63\x6d656d2f\x6d5f712f\x6f6c6c61\x3a632e63\x5d363135\x2500203a"..., pa_pointer = 0xa60ca2, pa_user = 0xa60ca2} spec = 115 's' _buffer = {__routine = 0xe043b3a30, __arg = 0xaab0000000000000, __canceltype = 70989632, __prev = 0x87aa86 <qm_find_free+70>} _avail = <optimized out> thousands_sep = 0x0 grouping = 0xffffffffffffffff <error: Cannot access memory at address 0xffffffffffffffff> done = 223 f = 0xa62203 "s:%lu. Exec from %s:%u.\n" lead_str_end = 0xa6217c "%s: %.*s%s%s%sBUG: qm: fragm. %p (address %p) beginning overwritten (%lx)! Memory allocator was called from %s:%u. Fragment marked by %s:%lu. Exec from %s:%u.\n" end_of_spec = <optimized out> work_buffer = '\000' <repeats 88 times>, "\035\270\314\357\272\177", '\000' <repeats 22 times>, "\020\000\000\000\000\000\000\000\000\000|\266\340\066;\004\374\177\000\000\221\222\207\000\000\000\000\000\003\b\000\000\000\000\000\000\001\b\000\000\003\b\000\000\220\301\264o\272\177\000\000\220\301\264o\272\177\000\000\360-+y\272\177\000\000\000@\261o\272\177\000\000@7;\004\374\177\000\000"... workstart = 0x0 workend = <optimized out> ap_save = {{gp_offset = 16, fp_offset = 48, overflow_arg_area = 0x7ffc043b3c40, reg_save_area = 0x7ffc043b3b80}} nspecs_done = 10 save_errno = 0 readonly_format = 0 __PRETTY_FUNCTION__ = "_IO_vfprintf_internal" __result = <optimized out> #2 0x00007fbaf0c9bc68 in __GI___vsyslog_chk (pri=<optimized out>, flag=-1, fmt=<optimized out>, ap=0x7ffc043b3b60) at ../misc/syslog.c:220 now_tm = {tm_sec = 47, tm_min = 6, tm_hour = 6, tm_mday = 1, tm_mon = 11, tm_year = 122, tm_wday = 4, tm_yday = 334, tm_isdst = 0, tm_gmtoff = -28800, tm_zone = 0x175a950 "PST"} now = 1669903607 fd = <optimized out> f = 0x1874040 buf = 0x0 bufsize = 0 msgoff = 21 saved_errno = 0 failbuf = "\000\000\000\000\001", '\000' <repeats 23 times> clarg = <optimized out> #3 0x00007fbaf0c9bd4c in __syslog (pri=<optimized out>, fmt=<optimized out>) at ../misc/syslog.c:117 ap = {{gp_offset = 48, fp_offset = 48, overflow_arg_area = 0x7ffc043b3c80, reg_save_area = 0x7ffc043b3b80}} #4 0x000000000087b7e1 in qm_debug_check_frag (qm=0x7fba6fb14000, f=0x7fba792aa810, file=0x7fbaeff5065c "tls: tls_init.c", line=293, efile=0xa61ea3 "core/mem/q_malloc.c", eline=391) at core/mem/q_malloc.c:123 __llevel = -3 p = 0x7ffc043b41a0 #5 0x0000000000879b37 in qm_malloc (qmp=0x7fba6fb14000, size=120, file=0x7fbaeff5065c "tls: tls_init.c", func=0x7fbaeff5066c "ser_malloc", line=293, mname=0x7fbaeff4e021 "tls") at core/mem/q_malloc.c:391 qm = 0x7fba6fb14000 f = 0x7fba792aa810 hash = 710 list_cntr = 1 #6 0x000000000088fd7a in qm_shm_malloc (qmp=0x7fba6fb14000, size=120, file=0x7fbaeff5065c "tls: tls_init.c", func=0x7fbaeff5066c "ser_malloc", line=293, mname=0x7fbaeff4e021 "tls") at core/mem/q_malloc.c:1227 r = 0x7fba792b6fd8 #7 0x00007fbaefee3b8e in ser_malloc (size=120, fname=0x7fbaefd6dab1 "crypto/bio/bio_lib.c", fline=73) at tls_init.c:293 No locals. #8 0x00007fbaefcc8e51 in CRYPTO_zalloc () from /var/lib/ums/lib/libcrypto.so.1.1 No symbol table info available. #9 0x00007fbaefbc449e in BIO_new () from /var/lib/ums/lib/libcrypto.so.1.1 No symbol table info available. #10 0x00007fbaefe632a0 in ssl_init_wbio_buffer () from /var/lib/ums/lib/libssl.so.1.1 No symbol table info available. #11 0x00007fbaefe748e3 in state_machine () from /var/lib/ums/lib/libssl.so.1.1 No symbol table info available. #12 0x00007fbaefee9fc8 in tls_accept (c=0x7fba792a3a10, error=0x7ffc043d5fc8) at tls_server.c:468 ret = 16383 ssl = 0x7fba792abf78 cert = 0x7ffc043b4d80 tls_c = 0x7fba792abee0 tls_log = 0 pkey = 0x0 #13 0x00007fbaefefc11c in tls_h_read_f (c=0x7fba792a3a10, flags=0x7ffc043d844c) at tls_server.c:1172 r = 0x7fba792a3b38 bytes_free = 16383 bytes_read = 296 read_size = 16383 ssl_error = 0 ssl_read = 0 ssl = 0x7fba792abf78 rd_buf = "\026\003\001\001#\001\000\001\037\003\003\236\244\005YYR5\"\367\370\213\352p\340\250~\020\376\a\265\224\360\064ՃvF\361\066\242\274\300\000\000\202\300\060\300,\300(\300$\300\024\300\n\000\245\000\243\000\241\000\237\000k\000j\000i\000h\000\071\000\070\000\067\000\066\000\210\000\207\000\206\000\205\300\062\300.\300*\300&\300\017\300\005\000\235\000=\000\065\000\204\300/\300+\300'\300#\300\023\300\t\000\244\000\242\000\240\000\236\000g\000@\000?\000>\000\063\000\062\000\061\000\060\000E\000D\000C\000B\300\061\300-\300)\300%\300\016\300\004\000\234\000<\000/\000A\000\377\001\000\000t\000\000\000\033\000\031\000\000\026"... wr_buf = '\000' <repeats 1856 times>... rd = {buf = 0x7ffc043c5fb0 "\026\003\001\001#\001", pos = 0, used = 296, size = 65536} wr = {buf = 0x7ffc043b5fb0 "", pos = 0, used = 0, size = 65536} tls_c = 0x7fba792abee0 enc_rd_buf = 0x0 n = 0 flush_flags = 0 err_src = 0x7fbaeff51207 "TLS read:" ip_buf = '\000' <repeats 63 times> x = 0 tls_dbg = 0 #14 0x0000000000801508 in tcp_read_headers (c=0x7fba792a3a10, read_flags=0x7ffc043d844c) at core/tcp_read.c:457 bytes = 32698 remaining = 2013924776 p = 0xffff780a14b3 <error: Cannot access memory at address 0xffff780a14b3> r = 0x7fba792a3b38 mc = 32698 body_len = 29151 mfline = 0x33100000080 <error: Cannot access memory at address 0x33100000080> mtransid = {s = 0x400000002 <error: Cannot access memory at address 0x400000002>, len = -2099512625} #15 0x00000000008099bd in tcp_read_req (con=0x7fba792a3a10, bytes_read=0x7ffc043d8450, read_flags=0x7ffc043d844c) at core/tcp_read.c:1472 bytes = -1 total_bytes = 0 resp = 1 size = 140720379622384 req = 0x7fba792a3b38 dst = {send_sock = 0x7fbaf0034118, to = {s = {sa_family = 2, sa_data = "\260Y\317\372ۂ\000\000\000\000\000\000\000"}, sin = {sin_family = 2, sin_port = 22960, sin_addr = {s_addr = 2195454671}, sin_zero = "\000\000\000\000\000\000\000"}, sin6 = {sin6_family = 2, sin6_port = 22960, sin6_flowinfo = 2195454671, sin6_addr = {__in6_u = { __u6_addr8 = "\000\000\000\000\000\000\000\000H\360\264o\272\177\000", __u6_addr16 = {0, 0, 0, 0, 61512, 28596, 32698, 0}, __u6_addr32 = {0, 0, 1874128968, 32698}}}, sin6_scope_id = 160}, sas = {ss_family = 2, __ss_padding = "\260Y\317\372ۂ\000\000\000\000\000\000\000\000H\360\264o\272\177\000\000\240\000\000\000\200\a\000\000\243\276\202a\005\000\000\000\377\377\377\377\001\000\000\000\200%\000\000\200%\000\000\024\000\000\000\000\000\000\000\001\000\000\000\001\000\000\000s\000\000\000\272\177\000\000\270s=\004\374\177\000\000\310s=\004\374\177\000\000\070hPr\272\177\000\000\b\000\000\000\377\377\377\377@\204=\004\374\177\000", __ss_align = 8}}, id = -1, send_flags = {f = 0, blst_imask = 0}, proto = 0 '\000', proto_pad0 = 0 '\000', proto_pad1 = 0} c = 54 '6' ret = 0 #16 0x000000000082310b in handle_io (fm=0x7fbaf01ff0b0, events=1, idx=-1) at core/tcp_read.c:1782 ret = 8 n = 8 read_flags = RD_CONN_SHORT_READ con = 0x7fba792a3a10 s = 115 resp = 1 t = 1646043924 ee = 0x0 #17 0x000000000081fee0 in io_wait_loop_epoll (h=0xb51830 <io_w>, t=2, repeat=0) at core/io_wait.h:1070 n = 1 r = 0 fm = 0x7fbaf01ff0b0 revents = 1 #18 0x000000000081341e in tcp_receive_loop (unix_sock=44) at core/tcp_read.c:1978 No locals. #19 0x00000000005fc385 in tcp_init_children (woneinit=0x7ffc043da918) at core/tcp_main.c:5153 r = 0 i = 7 reader_fd_1 = 44 pid = 0 si_desc = "tcp receiver (generic)\000\000\a\000\000\000\000\000\000\000\320[\003\360\272\177\000\000P\027\036\360\272\177\000\000\300\216=\004\374\177\000\000\234\b\232\000\000\000\000\000\060\375\210\000\000\000\000\000\360\311=\004\374\177\000\000\000\004\000\000\001\000\000\000H\360\264o\272\177\000\000\000\217=\004\374\177\000\000,\256\232\000\000\000\000\000\350\322\037\360\000\000\000\000pR\003\360$\000\000" si = 0x0 #20 0x0000000000439e28 in main_loop () at main.c:1857 i = 8 pid = 13357 si = 0x0 si_desc = "udp receiver child=7 sock=127.0.0.1:5060\000\060\066\060", '\000' <repeats 12 times>, "\260\373A", '\000' <repeats 21 times>, "\240\251=\004\374\177\000\000m\361}\000\000\000\000\000\300x\327\357\272\177\000\000\000\000\000\000\004\000\000\000\210\033\272", '\000' <repeats 12 times> nrprocs = 8 woneinit = 1 #21 0x0000000000448d4d in main (argc=9, argv=0x7ffc043dc9f8) at main.c:3053 long_options = {{name = 0xa7fe94 "help", has_arg = 0, flag = 0x0, val = 104}, {name = 0xa2a4bd "version", has_arg = 0, flag = 0x0, val = 118}, {name = 0xa3e626 "alias", has_arg = 1, flag = 0x0, val = 1024}, {name = 0xa28a8f "subst", has_arg = 1, flag = 0x0, val = 1025}, {name = 0xa28a95 "substdef", has_arg = 1, flag = 0x0, val = 1026}, {name = 0xa28a9e "substdefs", has_arg = 1, flag = 0x0, val = 1027}, {name = 0xa28aa8 "server-id", has_arg = 1, flag = 0x0, val = 1028}, {name = 0xa28ab2 "loadmodule", has_arg = 1, flag = 0x0, val = 1029}, {name = 0xa28abd "modparam", has_arg = 1, flag = 0x0, val = 1030}, {name = 0xa28ac6 "log-engine", has_arg = 1, flag = 0x0, val = 1031}, {name = 0xa2a5cd "debug", has_arg = 1, flag = 0x0, val = 1032}, { name = 0xa28ad1 "cfg-print", has_arg = 0, flag = 0x0, val = 1033}, {name = 0xa28adb "atexit", has_arg = 1, flag = 0x0, val = 1034}, {name = 0x0, has_arg = 0, flag = 0x0, val = 0}} cfg_stream = 0x1691290 c = -1 r = 0 tmp = 0x7ffc043dd7b6 "" tmp_len = 0 port = 10641941 proto = 0 ahost = 0x0 aport = 0 options = 0xa28ae2 ":f:cm:M:dVIhEeb:l:L:n:vKrRDTN:W:w:t:u:g:P:G:SQ:O:a:A:x:X:Y:" ret = -1 seed = 2591128234 rfd = 4 debug_save = 0 debug_flag = 0 dont_fork_cnt = 0 n_lst = 0x0 p = 0x0 st = {st_dev = 21, st_ino = 1379545578, st_nlink = 2, st_mode = 16877, st_uid = 990, st_gid = 990, __pad0 = 0, st_rdev = 0, st_size = 40, st_blksize = 4096, st_blocks = 0, st_atim = { tv_sec = 1669273250, tv_nsec = 445763824}, st_mtim = {tv_sec = 1669273250, tv_nsec = 445763824}, st_ctim = {tv_sec = 1669273250, tv_nsec = 445763824}, __glibc_reserved = {0, 0, 0}} tbuf = '\000' <repeats 24 times>, "\200\037\000\000\377\377\000\000kage/lib/mysql:", '\000' <repeats 153 times>... option_index = 0 ``` #### Log Messages ``` /var/lib/ums/sbin/kamailio[13339]: ALERT: <core> [main.c:789]: handle_sigs(): child process 13364 exited by a signal 11 /var/lib/ums/sbin/kamailio[13339]: ALERT: <core> [main.c:792]: handle_sigs(): core was generated /var/lib/ums/sbin/kamailio[13339]: INFO: <core> [main.c:813]: handle_sigs(): terminating due to SIGCHLD /var/lib/ums/sbin/kamailio[13371]: INFO: <core> [main.c:868]: sig_usr(): signal 15 received /var/lib/ums/sbin/kamailio[13370]: INFO: <core> [main.c:868]: sig_usr(): signal 15 received /var/lib/ums/sbin/kamailio[13367]: INFO: <core> [main.c:868]: sig_usr(): signal 15 received /var/lib/ums/sbin/kamailio[13365]: INFO: <core> [main.c:868]: sig_usr(): signal 15 received /var/lib/ums/sbin/kamailio[13366]: INFO: <core> [main.c:868]: sig_usr(): signal 15 received /var/lib/ums/sbin/kamailio[13360]: INFO: <core> [main.c:868]: sig_usr(): signal 15 received /var/lib/ums/sbin/kamailio[13369]: INFO: <core> [main.c:868]: sig_usr(): signal 15 received /var/lib/ums/sbin/kamailio[13350]: INFO: <core> [main.c:868]: sig_usr(): signal 15 received /var/lib/ums/sbin/kamailio[13353]: INFO: <core> [main.c:868]: sig_usr(): signal 15 received /var/lib/ums/sbin/kamailio[13356]: INFO: <core> [main.c:868]: sig_usr(): signal 15 received /var/lib/ums/sbin/kamailio[13340]: INFO: <core> [main.c:868]: sig_usr(): signal 15 received /var/lib/ums/sbin/kamailio[13355]: INFO: <core> [main.c:868]: sig_usr(): signal 15 received /var/lib/ums/sbin/kamailio[13348]: INFO: <core> [main.c:868]: sig_usr(): signal 15 received /var/lib/ums/sbin/kamailio[13354]: INFO: <core> [main.c:868]: sig_usr(): signal 15 received /var/lib/ums/sbin/kamailio[13351]: INFO: <core> [main.c:868]: sig_usr(): signal 15 received /var/lib/ums/sbin/kamailio[13349]: INFO: <core> [main.c:868]: sig_usr(): signal 15 received /var/lib/ums/sbin/kamailio[13347]: INFO: <core> [main.c:868]: sig_usr(): signal 15 received /var/lib/ums/sbin/kamailio[13344]: INFO: <core> [main.c:868]: sig_usr(): signal 15 received /var/lib/ums/sbin/kamailio[13342]: INFO: <core> [main.c:868]: sig_usr(): signal 15 received /var/lib/ums/sbin/kamailio[13343]: INFO: <core> [main.c:868]: sig_usr(): signal 15 received /var/lib/ums/sbin/kamailio[13346]: INFO: <core> [main.c:868]: sig_usr(): signal 15 received /var/lib/ums/sbin/kamailio[13345]: INFO: <core> [main.c:868]: sig_usr(): signal 15 received /var/lib/ums/sbin/kamailio[13341]: INFO: <core> [main.c:868]: sig_usr(): signal 15 received /var/lib/ums/sbin/kamailio[13357]: INFO: <core> [main.c:868]: sig_usr(): signal 15 received /var/lib/ums/sbin/kamailio[13363]: INFO: <core> [main.c:868]: sig_usr(): signal 15 received /var/lib/ums/sbin/kamailio[13359]: INFO: <core> [main.c:868]: sig_usr(): signal 15 received /var/lib/ums/sbin/kamailio[13362]: INFO: <core> [main.c:868]: sig_usr(): signal 15 received /var/lib/ums/sbin/kamailio[13361]: INFO: <core> [main.c:868]: sig_usr(): signal 15 received /var/lib/ums/sbin/kamailio[13358]: INFO: <core> [main.c:868]: sig_usr(): signal 15 received ``` ### Additional Information * **Kamailio Version** ``` version: kamailio 5.5.4 (x86_64/linux) 54c9df flags: USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS, DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MMAP, PKG_MALLOC, Q_MALLOC, F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLOCKLIST, HAVE_RESOLV_RES, TLS_PTHREAD_MUTEX_SHARED ADAPTIVE_WAIT_LOOPS 1024, MAX_RECV_BUFFER_SIZE 262144, MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT PKG_SIZE 8MB poll method support: poll, epoll_lt, epoll_et, sigio_rt, select. id: 54c9df compiled on 09:03:48 Nov 17 2022 with clang 9.0 ``` * **Operating System**: ``` Distributor ID: Debian Description: Debian GNU/Linux 10 (buster) Release: 10 Codename: buster ``` -- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/3290 You are receiving this because you are subscribed to this thread. Message ID: <kamailio/kamailio/issues/3290(a)github.com>

3 4

[kamailio/kamailio] pua_usrloc doesn't send PUBLISH requests when a AOR has been removed by usrloc keepalive timeout (Issue #3273)
by admin-toneca 23 Nov '23

23 Nov '23

Hello, module pua_usrloc doesn't send PUBLISH when AOR has been removed by nathelper or usrloc keepalive timeout. modparam("usrloc", "timer_interval", 30) modparam("usrloc", "timer_procs", 1) modparam("usrloc", "use_domain", MULTIDOMAIN) /* enable DB persistency for location entries */ #!ifdef WITH_USRLOCDB modparam("usrloc", "db_url", DBURL_USRLOC) modparam("usrloc", "db_mode", 1) #!endif modparam("usrloc", "ka_mode", 1) modparam("usrloc", "ka_from", KEEPALIVE_FROM) modparam("usrloc", "ka_timeout", 120) modparam("presence", "db_url", FSDBURL) modparam("presence", "presentity_table", "sbc_presentity") modparam("presence", "active_watchers_table", "sbc_active_watchers") modparam("presence", "watchers_table", "sbc_watchers") modparam("presence_xml", "db_url", FSDBURL) modparam("presence_xml", "force_active", 1) modparam("presence_xml", "disable_bla", 0) modparam("presence_dialoginfo", "force_dummy_dialog", 1) modparam("presence_dialoginfo", "force_single_dialog", 1) modparam("pua", "db_url", FSDBURL) modparam("pua", "db_table", "sbc_pua") modparam("pua_usrloc", "default_domain", HOSTNAME) modparam("pua_dialoginfo", "include_callid", 0) modparam("pua_dialoginfo", "include_tags", 0) modparam("pua_dialoginfo", "include_localremote", 0) ### Additional Information ``` version: kamailio 5.6.2 (x86_64/linux) 54a9c1 flags: USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS, DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MMAP, PKG_MALLOC, Q_MALLOC, F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLOCKLIST, HAVE_RESOLV_RES, TLS_PTHREAD_MUTEX_SHARED ADAPTIVE_WAIT_LOOPS 1024, MAX_RECV_BUFFER_SIZE 262144, MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT PKG_SIZE 8MB poll method support: poll, epoll_lt, epoll_et, sigio_rt, select. id: 54a9c1 compiled on 15:40:44 Nov 1 2022 with gcc 9.4.0 ``` * **Operating System**: ``` No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 20.04.5 LTS Release: 20.04 Codename: focal ``` -- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/3273 You are receiving this because you are subscribed to this thread. Message ID: <kamailio/kamailio/issues/3273(a)github.com>

3 3

[kamailio/kamailio] packaging: cannot merge config files on system with ostree (Issue #3252)
by sergey-safarov 23 Nov '23

23 Nov '23

On Fedora Core when installed Kamailio and then installed additional packages then receive error ``` [root@caloes-1 ~]# journalctl -flu ostree-boot-complete.service -o cat Starting ostree-boot-complete.service - OSTree Complete Boot... error: ostree-finalize-staged.service failed on previous boot: During /etc merge: Modified config file newly defaults to directory 'kamailio', cannot merge ostree-boot-complete.service: Main process exited, code=exited, status=1/FAILURE ostree-boot-complete.service: Failed with result 'exit-code'. Failed to start ostree-boot-complete.service - OSTree Complete Boot. ostree-boot-complete.service - OSTree Complete Boot was skipped because all trigger condition checks failed. ostree-boot-complete.service - OSTree Complete Boot was skipped because all trigger condition checks failed. ostree-boot-complete.service - OSTree Complete Boot was skipped because all trigger condition checks failed. ``` Suggestion place default Kamailio config into dedicated package "kamailio-config-default". -- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/3252 You are receiving this because you are subscribed to this thread. Message ID: <kamailio/kamailio/issues/3252(a)github.com>

3 5

[kamailio/kamailio] PUBLISH presence terminated state results in NOTIFY confirmed or early (Issue #3229)
by Duncan Palmer 23 Nov '23

23 Nov '23

### Description I established a call between two extensions using TLS, and the presence state was replicated between two Kamailio servers using presence_dmq (no database backing). This all worked correctly except when it comes to sending a PUBLISH with a state terminated in the body, the presence_dmq sent the serialized data correctly, but the Kamailio server sends the wrong state and the caller is marked as busy on all subscribed phones until Kamailio is restarted. This occurs on version 5.6.1. In order generate this data, we use a separate script which responds to Asterisk events and sends the right PUBLISH at the right time to Kamailio, eg. if it sees a Hangup event, it sends a PUBLISH with the state in the body set to 'terminated' and the Expires: header set to 0. This appears to prompt Kamailio to send a NOTIFY with a state of early or confirmed to all subscribers. ### Troubleshooting #### Reproduction Install two Kamailio servers running Kamailio 5.6.1. I am using this installation command: `sudo apt install kamailio=5.6.1+bpo9 kamailio-dbg=5.6.1+bpo9 kamailio-lua-modules=5.6.1+bpo9 kamailio-memcached-modules=5.6.1+bpo9 kamailio-mysql-modules=5.6.1+bpo9 kamailio-presence-modules=5.6.1+bpo9 kamailio-redis-modules=5.6.1+bpo9 kamailio-tls-modules=5.6.1+bpo9 kamailio-utils-modules=5.6.1+bpo9` Some configuration detail for /etc/kamailio/kamailio.cfg: listen=tls:172.22.0.155:5061 # This ensures we have a UDP socket for sending HEP datagrams (we also send the plaintext UDP PUBLISH here) listen=udp:172.22.0.155:9060 port=5061 enable_tls=yes tcp_connection_lifetime=3605 #modules (this is not an exhaustive list) loadmodule "dmq.so" loadmodule "dialog.so" loadmodule "presence.so" loadmodule "presence_xml.so" loadmodule "presence_dialoginfo.so" loadmodule "pua.so" loadmodule "pua_dialoginfo.so" loadmodule "tls.so" modparam("dmq", "server_address", "sip:172.22.0.155:9060") modparam("dmq", "notification_address", "sip:172.22.1.124:9060") modparam("dialog", "db_url", DBURL) modparam("dialog", "enable_stats", 1) modparam("dialog", "db_mode", 0) # 0 - NO_DB - the memory content is not flushed into DB modparam("dialog", "dlg_flag", 9) modparam("dialog", "enable_dmq", 1) modparam("pua", "db_url", DBURL) modparam("pua", "db_mode", 0) # high speed memory based storage modparam("pua", "outbound_proxy", "sips:172.22.0.155:5061;transport=tls") modparam("pua_dialoginfo", "include_localremote", 0) modparam("presence", "db_url", DBURL) modparam("presence", "server_address", "sips:this.host.example.org:5061;transport=tls") modparam("presence", "db_table_lock_type", 0) modparam("presence", "subs_db_mode", 0) # 0 - This disables database completely. modparam("presence", "enable_dmq", 1) modparam("presence", "publ_cache", 2) modparam("presence", "subs_remove_match", 1) modparam("presence", "timeout_rm_subs", 0) modparam("presence_dialoginfo", "force_dummy_dialog", 1) modparam("presence_dialoginfo", "force_single_dialog", 1) modparam("presence_xml", "force_active", 1) modparam("presence_xml", "force_presence_single_body", 1) #### Log Messages These log aren't directly linked but Kamailio reports a 200 OK in response to the PUBLISH, but the NOTIFY to the handset is _not_ terminated. Difficult to capture this because of TLS. ``` Aug 26 13:32:26 this.host.example.org /usr/sbin/kamailio[4187]: DEBUG: presence [presence_dmq.c:467]: pres_dmq_replicate_presentity(): sending serialized data {"action":1,"presentity":{"domain":"sip.prod.example.org","user":"XXXX469","etag":"a.1661495738.4187.2612.0","expires":3600,"recv":1661520746,"event":"dialog"},"t_new":1,"cur_etag":"","ruid":"pres-630869ce-105b-43a","body":"<?xml version=\"1.0\"?>\n<dialog-info xmlns=\"urn:ietf:params:xml:ns:dialog-info\" version=\"0\" state=\"full\" entity=\"sip:XXXX469@sip.prod.example.org\">\n<dialog id=\"c95340dd-5266-450a-8c53-a5cd75c4bb67\" call-id=\"c95340dd-5266-450a-8c53-a5cd75c4bb67\" direction=\"recipient\">\n<state>confirmed</state>\n</dialog>\n</dialog-info>\n"} Aug 26 13:33:00 this.host.example.org /usr/sbin/kamailio[4187]: DEBUG: presence [presence_dmq.c:467]: pres_dmq_replicate_presentity(): sending serialized data {"action":1,"presentity":{"domain":"sip.prod.example.org","user":"XXXX469","etag":"a.1661495738.4187.2622.0","expires":0,"recv":1661520780,"event":"dialog"},"t_new":1,"cur_etag":"","ruid":"pres-630869ce-105b-e3a","body":"<?xml version=\"1.0\"?>\n<dialog-info xmlns=\"urn:ietf:params:xml:ns:dialog-info\" version=\"0\" state=\"full\" entity=\"sip:XXXX469@sip.prod.example.org\">\n<dialog id=\"c95340dd-5266-450a-8c53-a5cd75c4bb67\" call-id=\"c95340dd-5266-450a-8c53-a5cd75c4bb67\" direction=\"recipient\">\n<state>terminated</state>\n</dialog>\n</dialog-info>\n"} ``` This is a similar example: ``` Sep 1 12:37:14 this.host.example.org /usr/sbin/kamailio[5176]: INFO: presence [notify.c:1738]: send_notify_request(): NOTIFY sip:XXXX475@sip.prod.example.org via ÿÿÿÿÿÿÿÿ on behalf of sip:XXXX472@sip.prod.example.org for event dialog : 2_2191795053(a)172.31.29.18 Sep 1 12:37:14 this.host.example.org /usr/sbin/kamailio[5176]: DEBUG: presence [presence_dmq.c:400]: pres_dmq_replicate_presentity(): replicating presentity record - old etag a.1662035772.5176.17.0, new etag , ruid pres-6310a741-1438-11 Sep 1 12:37:14 this.host.example.org /usr/sbin/kamailio[5176]: DEBUG: presence [presence_dmq.c:467]: pres_dmq_replicate_presentity(): sending serialized data {"action":1,"presentity":{"domain":"sip.prod.example.org","user":"XXXX472","etag":"a.1662035772.5176.17.0","expires":0,"recv":1662035834,"event":"dialog"},"t_new":1,"cur_etag":"","ruid":"pres-6310a741-1438-11","body":"<?xml version=\"1.0\"?>\n<dialog-info xmlns=\"urn:ietf:params:xml:ns:dialog-info\" version=\"0\" state=\"full\" entity=\"sip:XXXX472@sip.prod.example.org\">\n<dialog id=\"76024a0e-2d35-47d8-afd1-a1363acbf859\" call-id=\"76024a0e-2d35-47d8-afd1-a1363acbf859\" direction=\"recipient\">\n<state>terminated</state>\n</dialog>\n</dialog-info>\n"} Sep 1 12:37:14 this.host.example.org /usr/sbin/kamailio[5176]: DEBUG: presence [presence_dmq.c:149]: pres_dmq_send(): sending dmq broadcast... ``` #### SIP Traffic ``` PUBLISH sip:XXXX469@sip.prod.example.org SIP/2.0 Via: SIP/2.0/UDP this.host.example.org;branch=656ebca4-5e71-4082-984a-7efa54bdd2cc To: sip:XXXX469@sip.prod.example.org From: sip:XXXX469@sip.prod.example.org;tag=a06f8d92-609b-4210-a1f0-f7042b871f07 CSeq: 12 PUBLISH Call-ID: d67c8bb5-f507-4ada-8f98-d7caa6d86721(a)this.host.example.org Content-Length: 323 User-Agent: Astertisk-Event-Bridge Max-Forwards: 70 Event: dialog Expires: 0 Content-Type: application/dialog-info+xml <?xml version="1.0"?> <dialog-info xmlns="urn:ietf:params:xml:ns:dialog-info" version="0" state="full" entity="sip:XXXX469@sip.prod.example.org"> <dialog id="9fa5bf3c-63f3-4d3f-82c5-cdff374c4e13" call-id="9fa5bf3c-63f3-4d3f-82c5-cdff374c4e13" direction="recipient"> <state>terminated</state> </dialog> </dialog-info> ``` ### Possible Solutions Downgrading to Kamailio version 5.5.4 resolves this problem. ### Additional Information * **Kamailio Version** - output of `kamailio -v` ``` $ kamailio -v version: kamailio 5.6.1 (x86_64/linux) flags: USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS, DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MMAP, PKG_MALLOC, Q_MALLOC, F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLOCKLIST, HAVE_RESOLV_RES, TLS_PTHREAD_MUTEX_SHARED ADAPTIVE_WAIT_LOOPS 1024, MAX_RECV_BUFFER_SIZE 262144, MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT PKG_SIZE 8MB poll method support: poll, epoll_lt, epoll_et, sigio_rt, select. id: unknown compiled with gcc 6.3.0 $ dpkg -l | egrep '^ii' | grep kamailio | awk '{ print $2, $3 }' kamailio 5.6.1+bpo9 kamailio-dbg:amd64 5.6.1+bpo9 kamailio-lua-modules:amd64 5.6.1+bpo9 kamailio-memcached-modules:amd64 5.6.1+bpo9 kamailio-mysql-modules:amd64 5.6.1+bpo9 kamailio-presence-modules:amd64 5.6.1+bpo9 kamailio-redis-modules:amd64 5.6.1+bpo9 kamailio-tls-modules:amd64 5.6.1+bpo9 kamailio-utils-modules:amd64 5.6.1+bpo9 ``` * **Operating System**: ``` $ lsb_release -a No LSB modules are available. Distributor ID: Debian Description: Debian GNU/Linux 9.2 (stretch) Release: 9.2 Codename: stretch $ uname -a Linux this.host.example.org 4.9.0-16-amd64 #1 SMP Debian 4.9.272-2 (2021-07-19) x86_64 GNU/Linux ``` -- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/3229 You are receiving this because you are subscribed to this thread. Message ID: <kamailio/kamailio/issues/3229(a)github.com>

3 6

[kamailio/kamailio] do not generate waring when used UDP protocol and no "Content-Length" header (Issue #3210)
by sergey-safarov 23 Nov '23

23 Nov '23

### Description According to [RFC3261](https://datatracker.ietf.org/doc/html/rfc3261#section-20.14) > The Content-Length header field indicates the size of the message- > body, in decimal number of octets, sent to the recipient. > Applications SHOULD use this field to indicate the size of the > message-body to be transferred, regardless of the media type of the > entity. If a stream-based protocol (such as TCP) is used as > transport, the header field MUST be used. When UDP protocol is used then this header is optional. When Kamailio receives an OPTIONS request like in the example, then it floods Kamailio logs with messages like ``` sanity [sanity.c:612]: check_cl(): content length header missing in request ``` OPTIONS message example ``` OPTIONS sip:sbc-0.example.com:5060 SIP/2.0 Via: SIP/2.0/UDP 64.58.61.151:5060;branch=z9hG4bKl7oo3f30a0som61aeu00 Call-ID: 49bc1fcac14b779958dad4b9c43954b400149n2(a)64.58.61.151 To: sip:ping@sbc-0.example.com From: <sip:ping@64.58.61.151>;tag=8fbe5af9178677655bc3a5388c2a8b8c00149n2 Max-Forwards: 70 CSeq: 299694 OPTIONS Route: <sip:3.236.25.4:5060;lr> ``` ### Expected behavior Do not generate warnings about SIP messages that are allowed according to RFC. #### Actual observed behavior Generated warning when "Content-Length" header missing and used UDP protocol. -- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/3210 You are receiving this because you are subscribed to this thread. Message ID: <kamailio/kamailio/issues/3210(a)github.com>

4 5

[kamailio/kamailio] [stirshaken] copy identity header and forward (Issue #3214)
by Artiom Baloian 23 Nov '23

23 Nov '23

### Description I am using STIR/SHAKEN as a third party service and wanted to know if there is a function to copy the Identity header from the 302 response into the original INVITE and then forward it. The Contact header from the 302 will make Kamailio server forward the INVITE to the SBC. Ideally having one function which does everything in one place would be a nice feature to have. -- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/3214 You are receiving this because you are subscribed to this thread. Message ID: <kamailio/kamailio/issues/3214(a)github.com>

3 4

← Newer
1
2
3
4
5
6
7
...
33
Older →

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

sr-dev May 2023