16 May
2014
16 May
'14
10:06 p.m.
I'm running a version of Kamailio from commit
a7dc504075d3b5c74c6af6a3216338a0d604d1d8 (18 Feb), so I'm not sure if
this has been fixed.
Anyway, I was testing a TCP client and the dialog went stale and was
timed out by the dialog module using a local BYE. One of the endpoints
responded to the BYE with a 481 message, and Kamailio appears to have
crashed on this.
(gdb) where
#0 0xb717c432 in t_reply_matching (p_msg=0xb7419990, p_branch=0xbfe26e98)
at t_lookup.c:987
#1 0xb717f52a in t_check_msg (p_msg=0xb7419990, param_branch=0xbfe26e98)
at t_lookup.c:1129
#2 0xb71800e4 in t_check (p_msg=0xb7419990, param_branch=0xbfe26e98)
at t_lookup.c:1171
#3 0xb71aa189 in reply_received (p_msg=0xb7419990) at t_reply.c:2187
#4 0x0809fd8d in do_forward_reply (msg=0xb7419990, mode=-1289507656)
at forward.c:777
#5 0x080eafb5 in receive_msg (
buf=0x82d6800 "SIP/2.0 481 Unknown Dialog\r\nVia: SIP/2.0/UDP
208.52.173.18;branch=z9hG4bK931e.95a61f6", '0' <repeats 25 times>,
".0\r\nTo:
<sip:+14046822836@208.52.173.18;user=phone>;tag=SDjfglb99-ac3f4687+1+f2d10012+a5eff02c\r\nFrom:
<sip:+1404xxxxxxx@yyyyyyyyyy.net;user=phone>;tag=acd791cf4\r\nCSeq:
24980 BYE\r\nCall-ID: 3f7eb5b5-57ca-4de0-80eb-4d8f28ceb7ca\r\n\r\n",
len=337,
rcv_info=<value optimized out>) at receive.c:273
#6 0x08184cd8 in udp_rcv_loop () at udp_server.c:536
#7 0x080b0f10 in main_loop () at main.c:1617
#8 0x080b4234 in main (argc=11, argv=0xbfe27374) at main.c:2533
The actual crash is here:
(gdb) frame 0
#0 0xb717c432 in t_reply_matching (p_msg=0xb7419990, p_branch=0xbfe26e98)
at t_lookup.c:987
987 (p_msg->callid->body.len !=
p_cell->uas.request->callid->body.len ||
And, it would seem that the cause is that is p_cell->uas.request == NULL:
(gdb) print p_cell->uas.request
$1 = (struct sip_msg *) 0x0
This is all the information I have, and unfortunately I don't think I
can reproduce this crash.
-- Alex
--
Alex Balashov - Principal
Evariste Systems LLC
Tel: +1-678-954-0670
Web: http://www.evaristesys.com/, http://www.alexbalashov.com/
Please be kind to the English language:
http://www.entrepreneur.com/article/232906
17 May
17 May
12:06 a.m.
Providing the version makes things simpler and easier to answer when the
source code is not around.
Anyhow, if you were using branch 4.1 or master, you have to upgrade to
the latest version on the respective branch, there was a fix to an
issues that looked like the trace you gave.
Cheers,
Daniel
On 16/05/14 21:06, Alex Balashov wrote:
I'm running a version of Kamailio from commit
a7dc504075d3b5c74c6af6a3216338a0d604d1d8 (18 Feb), so I'm not sure if
this has been fixed.
Anyway, I was testing a TCP client and the dialog went stale and was
timed out by the dialog module using a local BYE. One of the endpoints
responded to the BYE with a 481 message, and Kamailio appears to have
crashed on this.
(gdb) where
#0 0xb717c432 in t_reply_matching (p_msg=0xb7419990,
p_branch=0xbfe26e98)
at t_lookup.c:987
#1 0xb717f52a in t_check_msg (p_msg=0xb7419990, param_branch=0xbfe26e98)
at t_lookup.c:1129
#2 0xb71800e4 in t_check (p_msg=0xb7419990, param_branch=0xbfe26e98)
at t_lookup.c:1171
#3 0xb71aa189 in reply_received (p_msg=0xb7419990) at t_reply.c:2187
#4 0x0809fd8d in do_forward_reply (msg=0xb7419990, mode=-1289507656)
at forward.c:777
#5 0x080eafb5 in receive_msg (
buf=0x82d6800 "SIP/2.0 481 Unknown Dialog\r\nVia: SIP/2.0/UDP
208.52.173.18;branch=z9hG4bK931e.95a61f6", '0' <repeats 25 times>,
".0\r\nTo:
<sip:+14046822836@208.52.173.18;user=phone>;tag=SDjfglb99-ac3f4687+1+f2d10012+a5eff02c\r\nFrom:
<sip:+1404xxxxxxx@yyyyyyyyyy.net;user=phone>;tag=acd791cf4\r\nCSeq:
24980 BYE\r\nCall-ID: 3f7eb5b5-57ca-4de0-80eb-4d8f28ceb7ca\r\n\r\n",
len=337,
rcv_info=<value optimized out>) at receive.c:273
#6 0x08184cd8 in udp_rcv_loop () at udp_server.c:536
#7 0x080b0f10 in main_loop () at main.c:1617
#8 0x080b4234 in main (argc=11, argv=0xbfe27374) at main.c:2533
The actual crash is here:
(gdb) frame 0
#0 0xb717c432 in t_reply_matching (p_msg=0xb7419990,
p_branch=0xbfe26e98)
at t_lookup.c:987
987 (p_msg->callid->body.len !=
p_cell->uas.request->callid->body.len ||
And, it would seem that the cause is that is p_cell->uas.request == NULL:
(gdb) print p_cell->uas.request
$1 = (struct sip_msg *) 0x0
This is all the information I have, and unfortunately I don't think I
can reproduce this crash.
-- Alex
--
Daniel-Constantin Mierla - http://www.asipto.com
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
1:27 a.m.
On 05/16/2014 05:06 PM, Daniel-Constantin Mierla wrote:
Providing the version makes things simpler and easier
to answer when the
source code is not around.
Sorry, I should have indeed provided the version. It's a clone of the
4.1 branch at commit a7dc504075d3b5c74c6af6a3216338a0d604d1d8.
--
Alex Balashov - Principal
Evariste Systems LLC
Tel: +1-678-954-0670
Web: http://www.evaristesys.com/, http://www.alexbalashov.com/
Please be kind to the English language:
http://www.entrepreneur.com/article/232906
1:28 a.m.
And yes, it appears this exact patch to t_lookup.c fixed it:
http://git.sip-router.org/cgi-bin/gitweb.cgi?p=sip-router;a=commitdiff;h=17…
Sorry for the bogus report!
--
Alex Balashov - Principal
Evariste Systems LLC
Tel: +1-678-954-0670
Web: http://www.evaristesys.com/, http://www.alexbalashov.com/
Please be kind to the English language:
http://www.entrepreneur.com/article/232906
3844
days inactive
3844
days old
3 comments
2 participants
participants (2)
-
Alex Balashov -
Daniel-Constantin Mierla