[sr-dev] [tracker] Task opened: Kamailio 4.0.x crash with pua_reginfo : reginfo_handle_notify

THIS IS AN AUTOMATED MESSAGE, DO NOT REPLY.

A new Flyspray task has been opened. Details are below.

User who did this - Wonbin Cho (wbcho)

Attached to Project - sip-router Summary - Kamailio 4.0.x crash with pua_reginfo : reginfo_handle_notify Task Type - Bug Report Category - Module Status - Unconfirmed Assigned To - Operating System - Linux Severity - Critical Priority - Normal Reported Version - 4.0 Due in Version - Undecided Due Date - Undecided Details - Kamailio would crash when called the reginfo_handle_notify function of the PUA_REGINFO module. Following is the log with debug level 9.

daemon.info /usr/sbin/kamailio[14933]: INFO: <script>: New Message: NOTIFY: sip:reginfo@10.49.80.48 (<null> 10.49.80.40:5060) -> sip:reginfo@10.49.80.48 (<null> 10.49.80.48:5060) daemon.debug /usr/sbin/kamailio[14933]: DEBUG: <core> [select.c:425]: Calling SELECT 0x7e0cc81d2400 daemon.debug /usr/sbin/kamailio[14932]: DEBUG: pua [hash.c:397]: core_hash= 397 daemon.debug /usr/sbin/kamailio[14933]: DEBUG: tm [t_lookup.c:1395]: DEBUG: t_newtran: msg id=1 , global msg id=0 , T on entrance=0xffffffffffffffff daemon.debug /usr/sbin/kamailio[14932]: DEBUG: pua [hash.c:406]: pres_uri= sip:6000@phs3.kor.jwm2.net watcher_uri=sip:reginfo@10.49.80.48 callid= 7464330662d7a359-14926@127.0.0.1 from_tag= 533cb9e91f4b999cf76861cbb9ed54ed-2088 daemon.debug /usr/sbin/kamailio[14932]: DEBUG: pua [hash.c:413]: FOUND temporary dialog daemon.debug /usr/sbin/kamailio[14932]: DEBUG: tm [t_reply.c:1547]: DEBUG: cleanup_uac_timers: RETR/FR timers reset daemon.debug /usr/sbin/kamailio[14932]: DEBUG: <core> [usr_avp.c:644]: DEBUG:destroy_avp_list: destroying list (nil) daemon.debug /usr/sbin/kamailio[14932]: DEBUG: <core> [usr_avp.c:644]: DEBUG:destroy_avp_list: destroying list (nil) daemon.debug /usr/sbin/kamailio[14932]: DEBUG: <core> [usr_avp.c:644]: DEBUG:destroy_avp_list: destroying list (nil) daemon.debug /usr/sbin/kamailio[14932]: DEBUG: <core> [usr_avp.c:644]: DEBUG:destroy_avp_list: destroying list (nil) daemon.debug /usr/sbin/kamailio[14932]: DEBUG: <core> [usr_avp.c:644]: DEBUG:destroy_avp_list: destroying list (nil) daemon.debug /usr/sbin/kamailio[14933]: DEBUG: <core> [parser/msg_parser.c:106]: found end of header daemon.debug /usr/sbin/kamailio[14932]: DEBUG: <core> [usr_avp.c:644]: DEBUG:destroy_avp_list: destroying list (nil) daemon.debug /usr/sbin/kamailio[14932]: DEBUG: <core> [xavp.c:447]: destroying xavp list (nil) daemon.debug /usr/sbin/kamailio[14933]: DEBUG: tm [t_lookup.c:534]: t_lookup_request: start searching: hash=33078, isACK=0 daemon.debug /usr/sbin/kamailio[14932]: DEBUG: <core> [receive.c:293]: receive_msg: cleaning up daemon.debug /usr/sbin/kamailio[14933]: DEBUG: tm [t_lookup.c:492]: DEBUG: RFC3261 transaction matching failed daemon.debug /usr/sbin/kamailio[14933]: DEBUG: tm [t_lookup.c:716]: DEBUG: t_lookup_request: no transaction found daemon.debug /usr/sbin/kamailio[14933]: DEBUG: tm [t_hooks.c:374]: DBG: trans=0x7e0cc631d5b0, callback type 1, id 0 entered daemon.debug /usr/sbin/kamailio[14933]: DEBUG: pua [hash.c:558]: 'To' header ALREADY PARSED: sip:reginfo@10.49.80.48 daemon.debug /usr/sbin/kamailio[14933]: DEBUG: pua [hash.c:361]: core_hash= 397 daemon.err /usr/sbin/kamailio[14933]: ERROR: pua [hash.c:607]: no record for the dialog found in hash table daemon.debug /usr/sbin/kamailio[14933]: DEBUG: pua_reginfo [notify.c:409]: Body is <?xml version="1.0"?> <reginfo xmlns="urn:ietf:params:xml:ns:reginfo" version="0" state="full"> <registration aor="sip:6000@phs3.kor.jwm2.net" id="0x692a484bf5f0" kern.info kernel: [1824899.083979] kamailio[14933]: segfault at 0 ip 00007e0cc4edcd77 sp 00007ef57b8d3de0 error 4 in usrloc.so[7e0cc4ec6000+1c000] kern.alert kernel: [1824899.084043] grsec: From 10.49.8.78: Segmentation fault occurred at (nil) in /usr/sbin/kamailio[kamailio:14933] uid/euid:1000/1000 gid/egid:1000/1000, parent /usr/sbin/kamailio[kamailio:14902] uid/euid:1000/1000 g daemon.crit /usr/sbin/kamailio[14962]: : <core> [pass_fd.c:293]: ERROR: receive_fd: EOF on 18 daemon.debug /usr/sbin/kamailio[14962]: DEBUG: <core> [tcp_main.c:3605]: DBG: handle_ser_child: dead child 8, pid 14933 (shutting down?) daemon.debug /usr/sbin/kamailio[14962]: DEBUG: <core> [io_wait.h:617]: DBG: io_watch_del (0xb9762d347b0, 18, -1, 0x0) fd_no=21 called daemon.alert /usr/sbin/kamailio[14902]: ALERT: <core> [main.c:788]: child process 14933 exited by a signal 11 daemon.alert /usr/sbin/kamailio[14902]: ALERT: <core> [main.c:791]: core was not generated daemon.info /usr/sbin/kamailio[14902]: INFO: <core> [main.c:803]: INFO: terminating due to SIGCHLD daemon.info /usr/sbin/kamailio[14959]: INFO: <core> [main.c:854]: INFO: signal 15 received

A simple fix for this might be: "kamailio-4.0.1/modules/pua_reginfo/notify.c" Line 374

next_registration: // if (ul_record) ul.release_urecord(ul_record); /* Unlock the domain for this AOR: */ if(aor.len > 0) { ul.unlock_udomain(domain, &aor); }

registrations = registrations->next; }

More information can be found at the following URL: http://sip-router.org/tracker/index.php?do=details&task_id=338

You are receiving this message because you have requested it from the Flyspray bugtracking system. If you did not expect this message or don't want to receive mails in future, you can change your notification settings at the URL shown above.