I can see Kamailio cush then kazoo sends zero string as payload.
Crush happens Kamailio start.
(gdb) bt full
#0 strlen () at ../sysdeps/aarch64/strlen.S:94
No locals.
#1 0x0000ffff98237274 in json_tokener_parse_ex (tok=0x1fe5a930, str=0x0, len=-1) at json_tokener.c:259
obj = 0x0
c = 1 '\001'
oldlocale = 0xffffffffffffffff
newloc = <optimized out>
#2 0x0000ffff982b7c34 in kz_json_parse (str=0x0) at kz_json.c:285
tok = 0x1fe5a930
obj = 0x0
__func__ = "kz_json_parse"
#3 0x0000ffff982a4550 in kz_amqp_consumer_event (Evt=0xffff9ce07a60) at kz_amqp.c:2427
json_obj = 0x0
#4 0x0000ffff982b1450 in kz_amqp_consumer_worker_cb (fd=16, event=2, arg=0xffffc5e8b350) at kz_amqp.c:3277
cmd = 0x0
Evt = 0xffff9ce07a60
__func__ = "kz_amqp_consumer_worker_cb"
#5 0x0000ffff98193628 in event_process_active_single_queue () from /lib64/libevent-2.1.so.6
No symbol table info available.
#6 0x0000ffff98193ee8 in event_base_loop () from /lib64/libevent-2.1.so.6
No symbol table info available.
#7 0x0000ffff982b1878 in kz_amqp_consumer_worker_proc (cmd_pipe=16) at kz_amqp.c:3292
pipe_ev = {ev_evcallback = {evcb_active_next = {tqe_next = 0x0, tqe_prev = 0x1fb68f40}, evcb_flags = 130, evcb_pri = 0 '\000', evcb_closure = 2 '\002', evcb_cb_union = {evcb_callback = 0xffff982b080c <kz_amqp_consumer_worker_cb>, evcb_selfcb = 0xffff982b080c <kz_amqp_consumer_worker_cb>, evcb_evfinalize = 0xffff982b080c <kz_amqp_consumer_worker_cb>, evcb_cbfinalize = 0xffff982b080c <kz_amqp_consumer_worker_cb>}, evcb_arg = 0xffffc5e8b350}, ev_timeout_pos = {ev_next_with_common_timeout = {tqe_next = 0xffffffffffff, tqe_prev = 0xffffc5e8b5c0}, min_heap_idx = -1}, ev_fd = 16, ev_base = 0x1fe4e360, ev_ = {ev_io = {ev_io_next = {le_next = 0x0, le_prev = 0x1fdd0ec0}, ev_timeout = {tv_sec = 0, tv_usec = 0}}, ev_signal = {ev_signal_next = {le_next = 0x0, le_prev = 0x1fdd0ec0}, ev_ncalls = 0, ev_pncalls = 0x0}}, ev_events = 18, ev_res = 2, ev_timeout = {tv_sec = 281473255792648, tv_usec = 0}}
#8 0x0000ffff98279a94 in mod_child_init (rank=0) at kazoo.c:412
pid = 0
i = 2
g = 0xffff9e491868
s = 0x8e2210
__func__ = "mod_child_init"
#9 0x00000000005c93a8 in init_mod_child (m=0xffff9defe638, rank=0) at core/sr_module.c:864
__func__ = "init_mod_child"
#10 0x00000000005c8f5c in init_mod_child (m=0xffff9df16b30, rank=0) at core/sr_module.c:860
__func__ = "init_mod_child"
#11 0x00000000005c8f5c in init_mod_child (m=0xffff9df9fde0, rank=0) at core/sr_module.c:860
__func__ = "init_mod_child"
#12 0x00000000005c8f5c in init_mod_child (m=0xffff9dfa03a0, rank=0) at core/sr_module.c:860
__func__ = "init_mod_child"
#13 0x00000000005c8f5c in init_mod_child (m=0xffff9dfa2750, rank=0) at core/sr_module.c:860
__func__ = "init_mod_child"
#14 0x00000000005c8f5c in init_mod_child (m=0xffff9dfa4e70, rank=0) at core/sr_module.c:860
__func__ = "init_mod_child"
#15 0x00000000005c8f5c in init_mod_child (m=0xffff9e09c900, rank=0) at core/sr_module.c:860
__func__ = "init_mod_child"
#16 0x00000000005c8f5c in init_mod_child (m=0xffff9e09df60, rank=0) at core/sr_module.c:860
__func__ = "init_mod_child"
#17 0x00000000005c8f5c in init_mod_child (m=0xffff9e09e608, rank=0) at core/sr_module.c:860
__func__ = "init_mod_child"
#18 0x00000000005c8f5c in init_mod_child (m=0xffff9e09e978, rank=0) at core/sr_module.c:860
__func__ = "init_mod_child"
#19 0x00000000005c8f5c in init_mod_child (m=0xffff9e09ece8, rank=0) at core/sr_module.c:860
__func__ = "init_mod_child"
#20 0x00000000005c8f5c in init_mod_child (m=0xffff9e3577a8, rank=0) at core/sr_module.c:860
__func__ = "init_mod_child"
#21 0x00000000005c8f5c in init_mod_child (m=0xffff9e358888, rank=0) at core/sr_module.c:860
__func__ = "init_mod_child"
#22 0x00000000005c8f5c in init_mod_child (m=0xffff9e391358, rank=0) at core/sr_module.c:860
__func__ = "init_mod_child"
#23 0x00000000005c8f5c in init_mod_child (m=0xffff9e45dc90, rank=0) at core/sr_module.c:860
__func__ = "init_mod_child"
#24 0x00000000005c8f5c in init_mod_child (m=0xffff9e483c60, rank=0) at core/sr_module.c:860
__func__ = "init_mod_child"
#25 0x00000000005c8f5c in init_mod_child (m=0xffff9e484190, rank=0) at core/sr_module.c:860
__func__ = "init_mod_child"
#26 0x00000000005c8f5c in init_mod_child (m=0xffff9e484e38, rank=0) at core/sr_module.c:860
__func__ = "init_mod_child"
#27 0x00000000005c8f5c in init_mod_child (m=0xffff9e4868c8, rank=0) at core/sr_module.c:860
__func__ = "init_mod_child"
#28 0x00000000005c8f5c in init_mod_child (m=0xffff9e4c1fb8, rank=0) at core/sr_module.c:860
__func__ = "init_mod_child"
#29 0x00000000005c8f5c in init_mod_child (m=0xffff9e51d880, rank=0) at core/sr_module.c:860
__func__ = "init_mod_child"
#30 0x00000000005c8f5c in init_mod_child (m=0xffff9e54c6c0, rank=0) at core/sr_module.c:860
__func__ = "init_mod_child"
#31 0x00000000005c8f5c in init_mod_child (m=0xffff9e5b3130, rank=0) at core/sr_module.c:860
__func__ = "init_mod_child"
#32 0x00000000005c9d8c in init_child (rank=0) at core/sr_module.c:909
ret = -974598928
type = 0x8e4180 "PROC_MAIN"
__func__ = "init_child"
#33 0x0000000000431f70 in main_loop () at main.c:1849
i = 8
pid = 174778
si = 0x0
si_desc = "udp receiver child=7 sock=[2600:1f1c:6d5:aa02::c6]:5080\000\230\352\356\235\377\377\000\000\360\315\350\305\377\377\000\000\340\004S\236\377\377\000\000\020\316\350\305\377\377\000\000 \316\350\305\377\377\000\000 \316\350\305\377\377\000\000\360\315\350\305\377\377\000\000\320\377\377\377\200\377\377\377\000\355w\200t\232'\376"
nrprocs = 8
woneinit = 1
__func__ = "main_loop"
#34 0x000000000043de90 in main (argc=11, argv=0xffffc5e8d3c8) at main.c:3053
cfg_stream = 0x1fae02d0
c = -1
r = 0
tmp = 0xffffc5e8fee1 ""
tmp_len = 65535
port = 1
proto = 0
ahost = 0x0
aport = 0
options = 0x8ae128 ":f:cm:M:dVIhEeb:l:L:n:vKrRDTN:W:w:t:u:g:P:G:SQ:O:a:A:x:X:Y:"
ret = -1
seed = 2101103603
rfd = 4
debug_save = 0
debug_flag = 0
dont_fork_cnt = 2
n_lst = 0x0
p = 0xffff9f660da8 <__libc_start_main+168> ""
st = {st_dev = 25, st_ino = 18714, st_mode = 16832, st_nlink = 2, st_uid = 991, st_gid = 986, st_rdev = 0, __pad1 = 0, st_size = 60, st_blksize = 65536, __pad2 = 0, st_blocks = 0, st_atim = {tv_sec = 1624850771, tv_nsec = 439999983}, st_mtim = {tv_sec = 1625171374, tv_nsec = 987883153}, st_ctim = {tv_sec = 1625171374, tv_nsec = 987883153}, __glibc_reserved = {0, 0}}
tbuf = "\000\000\000\000\000\000\000\000\000\000\230\237\377\377\000\000\000\000\000\000\000\000\000\000\330\375\233\237\377\377", '\000' <repeats 58 times>, "x\376\233\237\377\377\000\000h\376\233\237\377\377\000\000\b\376\233\237\377\377\000\000(\376\233\237\377\377\000\000\070\376\233\237\377\377\000\000\250\376\233\237\377\377\000\000\270\376\233\237\377\377\000\000\310\376\233\237\377\377\000\000H\376\233\237\377\377\000\000X\376\233\237\377\377", '\000' <repeats 18 times>, "\330\375\233\237\377\377", '\000' <repeats 42 times>...
option_index = 12
long_options = {{name = 0x8b04e8 "help", has_arg = 0, flag = 0x0, val = 104}, {name = 0x8ab520 "version", has_arg = 0, flag = 0x0, val = 118}, {name = 0x8b04f0 "alias", has_arg = 1, flag = 0x0, val = 1024}, {name = 0x8b04f8 "subst", has_arg = 1, flag = 0x0, val = 1025}, {name = 0x8b0500 "substdef", has_arg = 1, flag = 0x0, val = 1026}, {name = 0x8b0510 "substdefs", has_arg = 1, flag = 0x0, val = 1027}, {name = 0x8b0520 "server-id", has_arg = 1, flag = 0x0, val = 1028}, {name = 0x8b0530 "loadmodule", has_arg = 1, flag = 0x0, val = 1029}, {name = 0x8b0540 "modparam", has_arg = 1, flag = 0x0, val = 1030}, {name = 0x8b0550 "log-engine", has_arg = 1, flag = 0x0, val = 1031}, {name = 0x8b0560 "debug", has_arg = 1, flag = 0x0, val = 1032}, {name = 0x8b0568 "cfg-print", has_arg = 0, flag = 0x0, val = 1033}, {name = 0x8b0578 "atexit", has_arg = 1, flag = 0x0, val = 1034}, {name = 0x0, has_arg = 0, flag = 0x0, val = 0}}
__func__ = "main"
Variables vlaues
(gdb) f 2
#2 0x0000ffff982b7c34 in kz_json_parse (str=0x0) at kz_json.c:285
285 obj = json_tokener_parse_ex(tok, str, -1);
(gdb) p obj
$3 = (struct json_object *) 0x0
(gdb) p *obj
Cannot access memory at address 0x0
(gdb) f 3
#3 0x0000ffff982a4550 in kz_amqp_consumer_event (Evt=0xffff9ce07a60) at kz_amqp.c:2427
2427 json_obj = kz_json_parse(Evt->payload);
(gdb) p *Evt
$4 = {payload = 0x0, delivery_tag = 1819, channel = 6, event_key = 0x0, event_subkey = 0x0, message_id = 0xffff9cfdd600, routing_key = 0x0, cmd = 0x0}
(gdb) p Evt->payload
$5 = 0x0
(gdb) p *Evt->payload
Cannot access memory at address 0x0
Check empty string zero inside kz_json_parse
function and NULL if received empty string.
kamailio -v
[root@bcf-e-0 ~]# kamailio -v
version: kamailio 5.6.0-dev0 (aarch64/linux) f03900
flags: USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS, DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MMAP, PKG_MALLOC, Q_MALLOC, F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT-NOSMP, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLOCKLIST, HAVE_RESOLV_RES, TLS_PTHREAD_MUTEX_SHARED
ADAPTIVE_WAIT_LOOPS 1024, MAX_RECV_BUFFER_SIZE 262144, MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT PKG_SIZE 8MB
poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
id: f03900
compiled on 17:17:36 Jun 26 2021 with gcc 8.4.1
Here is master branch with my customization
[root@bcf-e-0 ~]# uname -a
Linux bcf-e-0.la.cal911.net 4.18.0-305.3.1.el8.aarch64 #1 SMP Tue Jun 1 16:22:50 UTC 2021 aarch64 aarch64 aarch64 GNU/Linux
[root@bcf-e-0 ~]# cat /etc/os-release
NAME="CentOS Linux"
VERSION="8"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="8"
PLATFORM_ID="platform:el8"
PRETTY_NAME="CentOS Linux 8"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:8"
HOME_URL="https://centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"
CENTOS_MANTISBT_PROJECT="CentOS-8"
CENTOS_MANTISBT_PROJECT_VERSION="8"
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or unsubscribe.