<!-- Kamailio Project uses GitHub Issues only for bugs in the code or feature requests. Please use this template only for bug reports.
If you have questions about using Kamailio or related to its configuration file, ask on sr-users mailing list:
* http://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
If you have questions about developing extensions to Kamailio or its existing C code, ask on sr-dev mailing list:
* http://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev
Please try to fill this template as much as possible for any issue. It helps the developers to troubleshoot the issue.
If there is no content to be filled in a section, the entire section can be removed.
You can delete the comments from the template sections when filling.
You can delete next line and everything above before submitting (it is a comment). -->
### Description
<!-- Explain what you did, what you expected to happen, and what actually happened. --> Hello! I have faced with Kamailio (5.1.7) crashes, probably it is connected to cdp module, please check the source of issue.
### Troubleshooting
#### Reproduction
<!-- If the issue can be reproduced, describe how it can be done. -->
#### Debugging Data
<!-- If you got a core dump, use gdb to extract troubleshooting data - full backtrace, local variables and the list of the code at the issue location.
gdb /path/to/kamailio /path/to/corefile bt full info locals list
If you are familiar with gdb, feel free to attach more of what you consider to be relevant. -->
``` GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-114.el7 Copyright (C) 2013 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-redhat-linux-gnu". For bug reporting instructions, please see: http://www.gnu.org/software/gdb/bugs/... Reading symbols from /usr/sbin/kamailio...Reading symbols from /usr/lib/debug/usr/sbin/kamailio.debug...done. done. [New LWP 5649] [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib64/libthread_db.so.1". Core was generated by `kamailio -f kamailio.cfg -E'. Program terminated with signal 6, Aborted. #0 0x00007fbde6015207 in raise () from /lib64/libc.so.6 Missing separate debuginfos, use: debuginfo-install glibc-2.17-260.el7_6.3.x86_64 keyutils-libs-1.5.8-3.el7.x86_64 krb5-libs-1.15.1-37.el7_6.x86_64 libcom_err-1.42.9-13.el7.x86_64 libgcc-4.8.5-36.el7.x86_64 libselinux-2.5-14.1.el7.x86_64 libstdc++-4.8.5-36.el7.x86_64 libxml2-2.9.1-6.el7_2.3.x86_64 mariadb-libs-5.5.60-1.el7_5.x86_64 openssl-libs-1.0.2k-16.el7.x86_64 pcre-8.32-17.el7.x86_64 xz-libs-5.2.2-1.el7.x86_64 zlib-1.2.7-18.el7.x86_64 (gdb) bt full #0 0x00007fbde6015207 in raise () from /lib64/libc.so.6 No symbol table info available. #1 0x00007fbde60168f8 in abort () from /lib64/libc.so.6 No symbol table info available. #2 0x0000000000673469 in qm_debug_check_frag (qm=0x7fbdd94fd000, f=0x7fbdd97e0c98, file=0x7fbdde6bb992 "cdp: diameter_avp.c", line=365, efile=0x7dc6b7 "core/mem/q_malloc.c", eline=504) at core/mem/q_malloc.c:151 __FUNCTION__ = "qm_debug_check_frag" #3 0x00000000006765ec in qm_free (qmp=0x7fbdd94fd000, p=0x7fbdd97e0cd0, file=0x7fbdde6bb992 "cdp: diameter_avp.c", func=0x7fbdde6bd478 <__FUNCTION__.7016> "AAAFreeAVP", line=365, mname=0x7fbdde6bb7c0 "cdp") at core/mem/q_malloc.c:504 qm = 0x7fbdd94fd000 f = 0x7fbdd97e0c98 size = 140730526467984 next = 0x7a8db8 prev = 0x7a8db8 __FUNCTION__ = "qm_free" #4 0x0000000000680148 in qm_shm_free (qmp=0x7fbdd94fd000, p=0x7fbdd97e0cd0, file=0x7fbdde6bb992 "cdp: diameter_avp.c", func=0x7fbdde6bd478 <__FUNCTION__.7016> "AAAFreeAVP", line=365, mname=0x7fbdde6bb7c0 "cdp") at core/mem/q_malloc.c:1268 No locals. #5 0x00007fbdde696e61 in AAAFreeAVP (avp=0x7ffe610a0860) at diameter_avp.c:365 __FUNCTION__ = "AAAFreeAVP" #6 0x00007fbdde65c88f in AAAFreeAVPList (avpList=0x7fbdd97e07d8) at diameter_msg.c:396 avp_t = 0x7fbdd97e0cd0 avp = 0x7fbdd97e0bb8 #7 0x00007fbdde65cc4c in AAAFreeMessage (msg=0x7ffe610a0910) at diameter_msg.c:416 __FUNCTION__ = "AAAFreeMessage" #8 0x00007fbdde63f05e in Process_CEA (p=0x7fbdd979e368, cea=0x7fbdd97e0788) at peerstatemachine.c:804 avp = 0x7fbdd97e10b0 #9 0x00007fbdde638223 in sm_process (p=0x7fbdd979e368, event=I_Rcv_CEA, msg=0x7fbdd97e0788, peer_locked=0, sock=8) at peerstatemachine.c:166 result_code = -563425872 next_event = 32701 msg_received = 0 __FUNCTION__ = "sm_process" #10 0x00007fbdde6874be in receive_message (msg=0x7fbdd97e0788, sp=0x7fbde59538b0) at receiver.c:1147 avp1 = 0xde6b2c50 avp2 = 0x7fbdd97e0990 __FUNCTION__ = "receive_message" #11 0x00007fbdde67c5bb in do_receive (sp=0x7fbde59538b0) at receiver.c:598 cnt = 152 n = 152 version = 1 dst = 0x7fbdd97e1164 "" dmsg = 0x7fbdd97e0788 __FUNCTION__ = "do_receive" #12 0x00007fbdde68038e in receive_loop (original_peer=0x7fbdd979e368) at receiver.c:805 rfds = {__fds_bits = {256, 0 <repeats 15 times>}} efds = {__fds_bits = {0 <repeats 16 times>}} tv = {tv_sec = 0, tv_usec = 999998} n = 1 max = 21 cnt = 1 msg = 0x0 sp = 0x7fbde59538b0 sp2 = 0x7fbde59538b0 p = 0x7fbdd979e368 fd = 8 fd_exchange_pipe_local = 21 __FUNCTION__ = "receive_loop" #13 0x00007fbdde679aec in receiver_process (p=0x7fbdd979e368) at receiver.c:464 ---Type <return> to continue, or q <return> to quit--- __FUNCTION__ = "receiver_process" #14 0x00007fbdde62a7d5 in diameter_peer_start (blocking=0) at diameter_peer.c:289 pid = 0 k = -1 p = 0x7fbdd979e368 __FUNCTION__ = "diameter_peer_start" #15 0x00007fbdde61c9a8 in cdp_child_init (rank=0) at cdp_mod.c:243 __FUNCTION__ = "cdp_child_init" #16 0x000000000053b6b1 in init_mod_child (m=0x7fbde5885150, rank=0) at core/sr_module.c:943 __FUNCTION__ = "init_mod_child" #17 0x000000000053b353 in init_mod_child (m=0x7fbde5885dc8, rank=0) at core/sr_module.c:939 __FUNCTION__ = "init_mod_child" #18 0x000000000053b353 in init_mod_child (m=0x7fbde5886190, rank=0) at core/sr_module.c:939 __FUNCTION__ = "init_mod_child" #19 0x000000000053b353 in init_mod_child (m=0x7fbde58865d0, rank=0) at core/sr_module.c:939 __FUNCTION__ = "init_mod_child" #20 0x000000000053ba85 in init_child (rank=0) at core/sr_module.c:970 No locals. #21 0x0000000000424fe5 in main_loop () at main.c:1701 i = 4 pid = 5641 si = 0x0 si_desc = "udp receiver child=3 sock=10.10.10.10:5060\000\275\177\000\000\300\023\na\376\177\000\000\022\000\000\000\000\000\000\000\000\000\000\004\000\000\000\000\000\000\200\000\000\000\000\000\263\215z", '\000' <repeats 13 times>, "\220\026\na\376\177\000\000\207"\003\346\275\177\000\000\260yw\000\000\000\000\000\060;\223\345\275\177\000" nrprocs = 4 woneinit = 1 __FUNCTION__ = "main_loop" #22 0x000000000042b994 in main (argc=4, argv=0x7ffe610a1778) at main.c:2642 cfg_stream = 0x103a020 c = -1 r = 0 tmp = 0x0 tmp_len = 0 port = 0 proto = 0 options = 0x758c10 ":f:cm:M:dVIhEeb:l:L:n:vKrRDTN:W:w:t:u:g:P:G:SQ:O:a:A:x:X:Y:" ret = -1 seed = 1364069336 rfd = 4 debug_save = 0 debug_flag = 0 dont_fork_cnt = 0 n_lst = 0x0 p = 0x0 st = {st_dev = 19, st_ino = 68292, st_nlink = 2, st_mode = 16832, st_uid = 995, st_gid = 994, __pad0 = 0, st_rdev = 0, st_size = 40, st_blksize = 4096, st_blocks = 0, st_atim = {tv_sec = 1550156643, tv_nsec = 630000000}, st_mtim = {tv_sec = 1550158563, tv_nsec = 502470819}, st_ctim = {tv_sec = 1550158563, tv_nsec = 502470819}, __unused = {0, 0, 0}} __FUNCTION__ = "main" (gdb) ```
#### Log Messages
<!-- Check the syslog file and if there are relevant log messages printed by Kamailio, add them next, or attach to issue, or provide a link to download them (e.g., to a pastebin site). -->
``` 14(5649) INFO: cdp [receiver.c:455]: receiver_process(): receiver_process(): [diameter1.dev] Receiver process doing init on new process... 14(5649) INFO: cdp [receiver.c:188]: add_serviced_peer(): add_serviced_peer(): Adding serviced_peer_t to receiver for peer [diameter1.dev] 14(5649) INFO: cdp [receiver.c:460]: receiver_process(): receiver_process(): [diameter1.dev] Receiver process starting up... 14(5649) DEBUG: cdp [receiver.c:106]: log_serviced_peers(): --- Receiver cdp_receiver_peer=diameter1.dev Serviced Peers: --- 14(5649) DEBUG: cdp [receiver.c:112]: log_serviced_peers(): Peer: diameter1.dev TCP Socket: -1 Recv.State: 0 14(5649) DEBUG: cdp [receiver.c:114]: log_serviced_peers(): -------------------------------------------------------- 14(5649) DEBUG: cdp [receiver.c:106]: log_serviced_peers(): --- Receiver cdp_receiver_peer=diameter1.dev Serviced Peers: --- 14(5649) DEBUG: cdp [receiver.c:112]: log_serviced_peers(): Peer: diameter1.dev TCP Socket: -1 Recv.State: 0 14(5649) DEBUG: cdp [receiver.c:114]: log_serviced_peers(): -------------------------------------------------------- 16(5651) DEBUG: <core> [core/sr_module.c:942]: init_mod_child(): idx 16 rank 1001: cdp [cdp_timer] 16(5651) DEBUG: <core> [core/sr_module.c:942]: init_mod_child(): idx 16 rank 1001: cdp_avp [cdp_timer] 16(5651) DEBUG: cdp_avp [cdp_avp_mod.c:211]: cdp_avp_child_init(): Initializing child in module cdp_avp for rank [1001] 15(5650) DEBUG: <core> [core/sr_module.c:942]: init_mod_child(): idx 15 rank 1000: acc [cdp_acceptor] 15(5650) DEBUG: <core> [core/sr_module.c:942]: init_mod_child(): idx 15 rank 1000: uac [cdp_acceptor] 16(5651) DEBUG: <core> [core/sr_module.c:942]: init_mod_child(): idx 16 rank 1001: ims_charging [cdp_timer] 16(5651) DEBUG: <core> [core/sr_module.c:942]: init_mod_child(): idx 16 rank 1001: ims_dialog [cdp_timer] 15(5650) DEBUG: <core> [core/sr_module.c:942]: init_mod_child(): idx 15 rank 1000: htable [cdp_acceptor] 15(5650) DEBUG: htable [htable.c:236]: child_init(): rank is (1000) 15(5650) DEBUG: <core> [core/sr_module.c:942]: init_mod_child(): idx 15 rank 1000: carrierroute [cdp_acceptor] 15(5650) DEBUG: <core> [core/sr_module.c:942]: init_mod_child(): idx 15 rank 1000: dispatcher [cdp_acceptor] 16(5651) INFO: cdp [timer.c:205]: timer_process(): Timer process starting up... 15(5650) DEBUG: <core> [core/sr_module.c:942]: init_mod_child(): idx 15 rank 1000: cdp [cdp_acceptor] 15(5650) DEBUG: <core> [core/sr_module.c:942]: init_mod_child(): idx 15 rank 1000: cdp_avp [cdp_acceptor] 15(5650) DEBUG: cdp_avp [cdp_avp_mod.c:211]: cdp_avp_child_init(): Initializing child in module cdp_avp for rank [1000] 15(5650) DEBUG: <core> [core/sr_module.c:942]: init_mod_child(): idx 15 rank 1000: ims_charging [cdp_acceptor] 15(5650) DEBUG: <core> [core/sr_module.c:942]: init_mod_child(): idx 15 rank 1000: ims_dialog [cdp_acceptor] 15(5650) INFO: cdp [acceptor.c:81]: acceptor_process(): Acceptor process starting up... 15(5650) DEBUG: cdp [tcp_accept.c:114]: create_socket(): create_sockets: create socket and bind for IPv4... 15(5650) WARNING: cdp [tcp_accept.c:121]: create_socket(): create_socket(): Trying to open/bind/listen on 10.10.10.10 port 38680 15(5650) WARNING: cdp [tcp_accept.c:146]: create_socket(): create_socket(): Successful socket open/bind/listen on 10.10.10.10 port 38680 15(5650) INFO: cdp [acceptor.c:95]: acceptor_process(): Acceptor opened sockets. Entering accept loop ... [root@10-10-10-10 kamailio]# 17(5652) DEBUG: <core> [core/sr_module.c:942]: init_mod_child(): idx 17 rank -4: kex [tcp main process] 17(5652) DEBUG: kex [kex_mod.c:157]: child_init(): rank is (-4) 17(5652) DEBUG: <core> [sruid.c:106]: sruid_init(): root for sruid is [srid-5c658bbb-1614-] (0 / 19) 17(5652) DEBUG: <core> [core/sr_module.c:942]: init_mod_child(): idx 17 rank -4: corex [tcp main process] 17(5652) DEBUG: <core> [core/sr_module.c:942]: init_mod_child(): idx 17 rank -4: tm [tcp main process] 17(5652) DEBUG: tm [callid.c:137]: child_init_callid(): callid: '46ac84cd57961b27-5652@10.10.10.10' 17(5652) DEBUG: <core> [core/sr_module.c:942]: init_mod_child(): idx 17 rank -4: tmx [tcp main process] 17(5652) DEBUG: tmx [tmx_mod.c:261]: child_init(): rank is (-4) 17(5652) DEBUG: <core> [core/sr_module.c:942]: init_mod_child(): idx 17 rank -4: sl [tcp main process] 17(5652) DEBUG: <core> [core/sr_module.c:942]: init_mod_child(): idx 17 rank -4: usrloc [tcp main process] 17(5652) DEBUG: <core> [sruid.c:106]: sruid_init(): root for sruid is [ulcx-5c658bbb-1614-] (0 / 19) 17(5652) DEBUG: <core> [core/sr_module.c:942]: init_mod_child(): idx 17 rank -4: registrar [tcp main process] 17(5652) DEBUG: <core> [sruid.c:106]: sruid_init(): root for sruid is [uloc-5c658bbb-1614-] (0 / 19) 17(5652) DEBUG: <core> [core/sr_module.c:942]: init_mod_child(): idx 17 rank -4: ctl [tcp main process] 17(5652) DEBUG: <core> [core/sr_module.c:942]: init_mod_child(): idx 17 rank -4: acc [tcp main process] 17(5652) DEBUG: <core> [core/sr_module.c:942]: init_mod_child(): idx 17 rank -4: uac [tcp main process] 17(5652) DEBUG: <core> [core/sr_module.c:942]: init_mod_child(): idx 17 rank -4: htable [tcp main process] 17(5652) DEBUG: htable [htable.c:236]: child_init(): rank is (-4) 17(5652) DEBUG: <core> [core/sr_module.c:942]: init_mod_child(): idx 17 rank -4: carrierroute [tcp main process] 17(5652) DEBUG: <core> [core/sr_module.c:942]: init_mod_child(): idx 17 rank -4: dispatcher [tcp main process] 17(5652) DEBUG: <core> [core/sr_module.c:942]: init_mod_child(): idx 17 rank -4: cdp [tcp main process] 17(5652) DEBUG: <core> [core/sr_module.c:942]: init_mod_child(): idx 17 rank -4: cdp_avp [tcp main process] 17(5652) DEBUG: cdp_avp [cdp_avp_mod.c:211]: cdp_avp_child_init(): Initializing child in module cdp_avp for rank [-4] 17(5652) DEBUG: <core> [core/sr_module.c:942]: init_mod_child(): idx 17 rank -4: ims_charging [tcp main process] 17(5652) DEBUG: <core> [core/sr_module.c:942]: init_mod_child(): idx 17 rank -4: ims_dialog [tcp main process] 17(5652) DEBUG: <core> [core/local_timer.c:61]: init_local_timer(): timer_list between 0xa6e0a8 and 0xab20a8 17(5652) DEBUG: <core> [core/io_wait.h:380]: io_watch_add(): DBG: io_watch_add(0xa6dee0, 7, 4, 0x7fbdd97d7bec), fd_no=0 17(5652) DEBUG: <core> [core/io_wait.h:380]: io_watch_add(): DBG: io_watch_add(0xa6dee0, 8, 4, 0x7fbdd97d7c78), fd_no=1 17(5652) DEBUG: <core> [core/io_wait.h:380]: io_watch_add(): DBG: io_watch_add(0xa6dee0, 9, 4, 0x7fbdd97d7d04), fd_no=2 17(5652) DEBUG: <core> [core/io_wait.h:380]: io_watch_add(): DBG: io_watch_add(0xa6dee0, 10, 4, 0x7fbdd97d7d90), fd_no=3 17(5652) DEBUG: <core> [core/io_wait.h:380]: io_watch_add(): DBG: io_watch_add(0xa6dee0, 11, 4, 0x7fbdd97d7e1c), fd_no=4 17(5652) DEBUG: <core> [core/io_wait.h:380]: io_watch_add(): DBG: io_watch_add(0xa6dee0, 12, 4, 0x7fbdd97d7ea8), fd_no=5 17(5652) DEBUG: <core> [core/io_wait.h:380]: io_watch_add(): DBG: io_watch_add(0xa6dee0, 13, 4, 0x7fbdd97d7f34), fd_no=6 17(5652) DEBUG: <core> [core/io_wait.h:380]: io_watch_add(): DBG: io_watch_add(0xa6dee0, 15, 4, 0x7fbdd97d7fc0), fd_no=7 17(5652) DEBUG: <core> [core/io_wait.h:380]: io_watch_add(): DBG: io_watch_add(0xa6dee0, 4, 4, 0x7fbdd97d804c), fd_no=8 17(5652) DEBUG: <core> [core/io_wait.h:380]: io_watch_add(): DBG: io_watch_add(0xa6dee0, 16, 4, 0x7fbdd97d80d8), fd_no=9 17(5652) DEBUG: <core> [core/io_wait.h:380]: io_watch_add(): DBG: io_watch_add(0xa6dee0, 17, 4, 0x7fbdd97d8164), fd_no=10 17(5652) DEBUG: <core> [core/io_wait.h:380]: io_watch_add(): DBG: io_watch_add(0xa6dee0, 18, 4, 0x7fbdd97d81f0), fd_no=11 17(5652) DEBUG: <core> [core/io_wait.h:380]: io_watch_add(): DBG: io_watch_add(0xa6dee0, 23, 4, 0x7fbdd97d827c), fd_no=12 17(5652) DEBUG: <core> [core/io_wait.h:380]: io_watch_add(): DBG: io_watch_add(0xa6dee0, 24, 4, 0x7fbdd97d8308), fd_no=13 17(5652) DEBUG: <core> [core/io_wait.h:380]: io_watch_add(): DBG: io_watch_add(0xa6dee0, 25, 4, 0x7fbdd97d8394), fd_no=14 17(5652) DEBUG: <core> [core/io_wait.h:380]: io_watch_add(): DBG: io_watch_add(0xa6dee0, 26, 4, 0x7fbdd97d8420), fd_no=15 5(5640) DEBUG: ims_charging [ro_timer.c:252]: ro_timer_routine(): getting expired ro-sessions 5(5640) DEBUG: ims_charging [ro_timer.c:211]: get_expired_ro_sessions(): my ticks are [32829471] 13(5648) DEBUG: cdp [receiver.c:106]: log_serviced_peers(): --- Receiver cdp receiver peer unknown Serviced Peers: --- 13(5648) DEBUG: cdp [receiver.c:114]: log_serviced_peers(): -------------------------------------------------------- 16(5651) DEBUG: cdp [peermanager.c:263]: peer_timer(): peer_timer(): taking care of peers... 16(5651) DEBUG: cdp [peermanager.c:280]: peer_timer(): peer_timer(): Peer diameter1.dev State 0 16(5651) DEBUG: cdp [peerstatemachine.c:90]: sm_process(): sm_process(): Peer diameter1.dev State Closed Event Start 16(5651) INFO: cdp [peerstatemachine.c:525]: I_Snd_Conn_Req(): I_Snd_Conn_Req(): Peer diameter1.dev 14(5649) DEBUG: cdp [receiver.c:106]: log_serviced_peers(): --- Receiver cdp_receiver_peer=diameter1.dev Serviced Peers: --- 14(5649) DEBUG: cdp [receiver.c:112]: log_serviced_peers(): Peer: diameter1.dev TCP Socket: -1 Recv.State: 0 14(5649) DEBUG: cdp [receiver.c:114]: log_serviced_peers(): -------------------------------------------------------- 16(5651) INFO: cdp [receiver.c:875]: peer_connect(): peer_connect(): Trying to connect to 10.10.10.20 port 3868 16(5651) INFO: cdp [receiver.c:954]: peer_connect(): peer_connect(): Peer diameter1.dev:3868 connected 14(5649) DEBUG: cdp [receiver.c:702]: receive_loop(): select_recv(): There is something on the fd exchange pipe 14(5649) DEBUG: cdp [receiver.c:711]: receive_loop(): select_recv(): fd exchange pipe says fd [8] for peer 0x7fbdd979e368:[diameter1.dev] 14(5649) DEBUG: cdp [peerstatemachine.c:90]: sm_process(): sm_process(): Peer diameter1.dev State Wait_Conn_Ack Event I_Rcv_Conn_Ack 14(5649) DEBUG: cdp [diameter_msg.c:184]: AAANewMessage(): AAANewMessage: param session received null and it's a request!! 14(5649) ERROR: cdp [peerstatemachine.c:634]: I_Snd_CER(): I_Snd_CER(): Error on finding local host address > Socket operation on non-socket 14(5649) DEBUG: cdp [diameter_msg.c:81]: AAABuildMsgBuffer(): AAABuildMsgBuffer(): len=184 14(5649) DEBUG: cdp [receiver.c:1013]: peer_send_msg(): peer_send_msg(): Pipe push [0x7fbdd97e0788] 14(5649) DEBUG: cdp [receiver.c:106]: log_serviced_peers(): --- Receiver cdp_receiver_peer=diameter1.dev Serviced Peers: --- 14(5649) DEBUG: cdp [receiver.c:112]: log_serviced_peers(): Peer: diameter1.dev TCP Socket: 8 Recv.State: 0 14(5649) DEBUG: cdp [receiver.c:114]: log_serviced_peers(): -------------------------------------------------------- 14(5649) DEBUG: cdp [receiver.c:756]: receive_loop(): select_recv(): There is something on the send pipe 14(5649) DEBUG: cdp [receiver.c:769]: receive_loop(): select_recv(): Send pipe says [0x7fbdd97e0788] 8 14(5649) DEBUG: cdp [diameter_msg.c:410]: AAAFreeMessage(): AAAFreeMessage: Freeing message (0x7fbdd97e0788) 257 14(5649) DEBUG: cdp [receiver.c:106]: log_serviced_peers(): --- Receiver cdp_receiver_peer=diameter1.dev Serviced Peers: --- 14(5649) DEBUG: cdp [receiver.c:112]: log_serviced_peers(): Peer: diameter1.dev TCP Socket: 8 Recv.State: 0 14(5649) DEBUG: cdp [receiver.c:114]: log_serviced_peers(): -------------------------------------------------------- 16(5651) DEBUG: cdp [peermanager.c:143]: log_peer_list(): --- Peer List: --- 16(5651) DEBUG: cdp [peermanager.c:145]: log_peer_list(): State of peer: Wait_I_CEA FQDN: diameter1.dev Port: 3868 Is dynamic 16(5651) DEBUG: cdp [peermanager.c:149]: log_peer_list(): ------------------ 16(5651) DEBUG: cdp [session.c:396]: cdp_sessions_log(): ------- CDP Sessions ---------------- 16(5651) DEBUG: cdp [session.c:431]: cdp_sessions_log(): ------------------------------------- 14(5649) DEBUG: cdp [receiver.c:106]: log_serviced_peers(): --- Receiver cdp_receiver_peer=diameter1.dev Serviced Peers: --- 14(5649) DEBUG: cdp [receiver.c:112]: log_serviced_peers(): Peer: diameter1.dev TCP Socket: 8 Recv.State: 1 14(5649) DEBUG: cdp [receiver.c:114]: log_serviced_peers(): -------------------------------------------------------- 14(5649) DEBUG: cdp [receiver.c:579]: do_receive(): receive_loop(): [diameter1.dev] Recv Version 1 Length 172 14(5649) DEBUG: cdp [receiver.c:106]: log_serviced_peers(): --- Receiver cdp_receiver_peer=diameter1.dev Serviced Peers: --- 14(5649) DEBUG: cdp [receiver.c:112]: log_serviced_peers(): Peer: diameter1.dev TCP Socket: 8 Recv.State: 2 14(5649) DEBUG: cdp [receiver.c:114]: log_serviced_peers(): -------------------------------------------------------- 14(5649) DEBUG: cdp [receiver.c:1107]: receive_message(): receive_message(): [diameter1.dev] Recv msg 257 14(5649) DEBUG: cdp [peerstatemachine.c:90]: sm_process(): sm_process(): Peer diameter1.dev State Wait_I_CEA Event I_Rcv_CEA 14(5649) DEBUG: cdp [peerstatemachine.c:698]: count_Supported_Vendor_Id_AVPS(): Found 1 Supported_Vendor AVPS14(5649) DEBUG: cdp [peerstatemachine.c:681]: add_peer_application(): Application 0 of maximum 1 14(5649) DEBUG: cdp [peerstatemachine.c:750]: save_peer_applications(): Found Supported Vendor for Application 0: 10415 14(5649) DEBUG: cdp [peerstatemachine.c:681]: add_peer_application(): Application 1 of maximum 1 14(5649) DEBUG: cdp [diameter_msg.c:410]: AAAFreeMessage(): AAAFreeMessage: Freeing message (0x7fbdd97e0788) 257 14(5649) CRITICAL: <core> [core/mem/q_malloc.c:149]: qm_debug_check_frag(): BUG: qm: prev. fragm. tail overwritten(28af, abcdefed)[0x7fbdd97e0c98:0x7fbdd97e0cd0]! Memory allocator was called from cdp: diameter_avp.c:365. Fragment marked by cdp: diameter_avp.c:142. Exec from core/mem/q_malloc.c:504. 5(5640) DEBUG: ims_charging [ro_timer.c:252]: ro_timer_routine(): getting expired ro-sessions 5(5640) DEBUG: ims_charging [ro_timer.c:211]: get_expired_ro_sessions(): my ticks are [32829472] 13(5648) DEBUG: cdp [receiver.c:106]: log_serviced_peers(): --- Receiver cdp receiver peer unknown Serviced Peers: --- 13(5648) DEBUG: cdp [receiver.c:114]: log_serviced_peers(): -------------------------------------------------------- 15(5650) DEBUG: cdp [tcp_accept.c:221]: accept_loop(): accept_loop(): No connection attempts 5(5640) DEBUG: ims_charging [ro_timer.c:252]: ro_timer_routine(): getting expired ro-sessions 5(5640) DEBUG: ims_charging [ro_timer.c:211]: get_expired_ro_sessions(): my ticks are [32829473] 13(5648) DEBUG: cdp [receiver.c:106]: log_serviced_peers(): --- Receiver cdp receiver peer unknown Serviced Peers: --- 13(5648) DEBUG: cdp [receiver.c:114]: log_serviced_peers(): -------------------------------------------------------- 17(5652) CRITICAL: <core> [core/pass_fd.c:277]: receive_fd(): EOF on 24 17(5652) DEBUG: <core> [core/tcp_main.c:3513]: handle_ser_child(): dead child 14, pid 5649 (shutting down?) 17(5652) DEBUG: <core> [core/io_wait.h:602]: io_watch_del(): DBG: io_watch_del (0xa6dee0, 24, -1, 0x0) fd_no=16 called 0(5635) ALERT: <core> [main.c:739]: handle_sigs(): child process 5649 exited by a signal 6 0(5635) ALERT: <core> [main.c:742]: handle_sigs(): core was generated 0(5635) INFO: <core> [main.c:764]: handle_sigs(): terminating due to SIGCHLD 0(5635) DEBUG: <core> [main.c:766]: handle_sigs(): terminating due to SIGCHLD 16(5651) INFO: <core> [main.c:819]: sig_usr(): signal 15 received
```
#### SIP Traffic
<!-- If the issue is exposed by processing specific SIP messages, grab them with ngrep or save in a pcap file, then add them next, or attach to issue, or provide a link to download them (e.g., to a pastebin site). -->
``` It happens on startup ```
### Possible Solutions
<!-- If you found a solution or workaround for the issue, describe it. Ideally, provide a pull request with a fix. -->
### Additional Information
* **Kamailio Version** - output of `kamailio -v`
```
version: kamailio 5.1.7 (x86_64/linux) 567df3 flags: STATS: Off, USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS, DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MEM, SHM_MMAP, PKG_MALLOC, Q_MALLOC, F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLACKLIST, HAVE_RESOLV_RES ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144 MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT PKG_SIZE 8MB poll method support: poll, epoll_lt, epoll_et, sigio_rt, select. id: 567df3 compiled on 02:06:09 Feb 2 2019 with gcc 4.8.5 ```
* **Operating System**:
<!-- Details about the operating system, the type: Linux (e.g.,: Debian 8.4, Ubuntu 16.04, CentOS 7.1, ...), MacOS, xBSD, Solaris, ...; Kernel details (output of `uname -a`) -->
``` uname -a Linux 10-60-28-127.ams.kwebbl.dev 3.10.0-957.5.1.el7.x86_64 #1 SMP Fri Feb 1 14:54:57 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
CentOS Linux release 7.6.1810 (Core)
```
I found a potential write after the boundary of an allocated array, fix pushed with the commit referenced above.
Test with master branch or using the patch of the commit and if all ok, then I will backport.
If still an issue, then reopen.
Closed #1851.
I have updated Kamailio from repo: http://download.opensuse.org/repositories/home:/kamailio:/v5.2.x-rpms/CentOS...
So I hope your patch is there: [root@kamailio]# kamailio -v version: kamailio 5.2.1 (x86_64/linux) 947769 compiled on 20:48:14 Feb 26 2019 with gcc 4.8.5
But got crash again:
```12(9454) INFO: cdp [timer.c:205]: timer_process(): Timer process starting up... 1(9443) DEBUG: ims_charging [ro_timer.c:252]: ro_timer_routine(): getting expired ro-sessions 1(9443) DEBUG: ims_charging [ro_timer.c:211]: get_expired_ro_sessions(): my ticks are [72551102] 9(9451) DEBUG: cdp [receiver.c:106]: log_serviced_peers(): --- Receiver cdp receiver peer unknown Serviced Peers: --- 9(9451) DEBUG: cdp [receiver.c:114]: log_serviced_peers(): -------------------------------------------------------- 10(9452) DEBUG: cdp [receiver.c:106]: log_serviced_peers(): --- Receiver cdp_receiver_peer=diameter.dev Serviced Peers: --- 10(9452) DEBUG: cdp [receiver.c:112]: log_serviced_peers(): Peer: diameter.dev TCP Socket: -1 Recv.State: 0 10(9452) DEBUG: cdp [receiver.c:114]: log_serviced_peers(): -------------------------------------------------------- 12(9454) DEBUG: cdp [peermanager.c:263]: peer_timer(): peer_timer(): taking care of peers... 12(9454) DEBUG: cdp [peermanager.c:280]: peer_timer(): peer_timer(): Peer diameter.dev State 0 12(9454) DEBUG: cdp [peerstatemachine.c:90]: sm_process(): sm_process(): Peer diameter.dev State Closed Event Start 12(9454) INFO: cdp [peerstatemachine.c:525]: I_Snd_Conn_Req(): I_Snd_Conn_Req(): Peer diameter.dev 12(9454) INFO: cdp [receiver.c:875]: peer_connect(): peer_connect(): Trying to connect to 10.10.10.143 port 3868 12(9454) DEBUG: cdp [receiver.c:886]: peer_connect(): peer_connect(): connetting to peer via src addr=10.10.10.12712(9454) INFO: cdp [receiver.c:954]: peer_connect(): peer_connect(): Peer diameter.dev:3868 connected 10(9452) DEBUG: cdp [receiver.c:702]: receive_loop(): select_recv(): There is something on the fd exchange pipe 10(9452) DEBUG: cdp [receiver.c:711]: receive_loop(): select_recv(): fd exchange pipe says fd [18] for peer 0x7f2ac7c48b60:[diameter.dev] 10(9452) DEBUG: cdp [peerstatemachine.c:90]: sm_process(): sm_process(): Peer diameter.dev State Wait_Conn_Ack Event I_Rcv_Conn_Ack 10(9452) DEBUG: cdp [diameter_msg.c:184]: AAANewMessage(): AAANewMessage: param session received null and it's a request!! 10(9452) ERROR: cdp [peerstatemachine.c:634]: I_Snd_CER(): I_Snd_CER(): Error on finding local host address > Socket operation on non-socket 10(9452) DEBUG: cdp [diameter_msg.c:81]: AAABuildMsgBuffer(): AAABuildMsgBuffer(): len=216 10(9452) DEBUG: cdp [receiver.c:1013]: peer_send_msg(): peer_send_msg(): Pipe push [0x7f2ac7c8a8f0] 10(9452) DEBUG: cdp [receiver.c:106]: log_serviced_peers(): --- Receiver cdp_receiver_peer=diameter.dev Serviced Peers: --- 10(9452) DEBUG: cdp [receiver.c:112]: log_serviced_peers(): Peer: diameter.dev TCP Socket: 18 Recv.State: 0 10(9452) DEBUG: cdp [receiver.c:114]: log_serviced_peers(): -------------------------------------------------------- 10(9452) DEBUG: cdp [receiver.c:756]: receive_loop(): select_recv(): There is something on the send pipe 10(9452) DEBUG: cdp [receiver.c:769]: receive_loop(): select_recv(): Send pipe says [0x7f2ac7c8a8f0] 8 10(9452) DEBUG: cdp [diameter_msg.c:410]: AAAFreeMessage(): AAAFreeMessage: Freeing message (0x7f2ac7c8a8f0) 257 10(9452) DEBUG: cdp [receiver.c:106]: log_serviced_peers(): --- Receiver cdp_receiver_peer=diameter.dev Serviced Peers: --- 10(9452) DEBUG: cdp [receiver.c:112]: log_serviced_peers(): Peer: diameter.dev TCP Socket: 18 Recv.State: 0 10(9452) DEBUG: cdp [receiver.c:114]: log_serviced_peers(): -------------------------------------------------------- 12(9454) DEBUG: cdp [peermanager.c:143]: log_peer_list(): --- Peer List: --- 12(9454) DEBUG: cdp [peermanager.c:145]: log_peer_list(): State of peer: Wait_I_CEA FQDN: diameter.dev Port: 3868 Is dynamic 12(9454) DEBUG: cdp [peermanager.c:149]: log_peer_list(): ------------------ 10(9452) DEBUG: cdp [receiver.c:106]: log_serviced_peers(): --- Receiver cdp_receiver_peer=diameter.dev Serviced Peers: --- 10(9452) DEBUG: cdp [receiver.c:112]: log_serviced_peers(): Peer: diameter.dev TCP Socket: 18 Recv.State: 1 10(9452) DEBUG: cdp [receiver.c:114]: log_serviced_peers(): -------------------------------------------------------- 10(9452) DEBUG: cdp [receiver.c:579]: do_receive(): receive_loop(): [diameter.dev] Recv Version 1 Length 216 10(9452) DEBUG: cdp [receiver.c:106]: log_serviced_peers(): --- Receiver cdp_receiver_peer=diameter.dev Serviced Peers: --- 10(9452) DEBUG: cdp [receiver.c:112]: log_serviced_peers(): Peer: diameter.dev TCP Socket: 18 Recv.State: 2 10(9452) DEBUG: cdp [receiver.c:114]: log_serviced_peers(): -------------------------------------------------------- 10(9452) DEBUG: cdp [receiver.c:1107]: receive_message(): receive_message(): [diameter.dev] Recv msg 257 10(9452) DEBUG: cdp [peerstatemachine.c:90]: sm_process(): sm_process(): Peer diameter.dev State Wait_I_CEA Event I_Rcv_CEA 10(9452) DEBUG: cdp [peerstatemachine.c:698]: count_Supported_Vendor_Id_AVPS(): Found 1 Supported_Vendor AVPS10(9452) DEBUG: cdp [peerstatemachine.c:681]: add_peer_application(): Application 0 of maximum 5 10(9452) DEBUG: cdp [peerstatemachine.c:750]: save_peer_applications(): Found Supported Vendor for Application 0: 10415 10(9452) DEBUG: cdp [peerstatemachine.c:681]: add_peer_application(): Application 1 of maximum 5 10(9452) DEBUG: cdp [peerstatemachine.c:681]: add_peer_application(): Application 2 of maximum 5 10(9452) DEBUG: cdp [peerstatemachine.c:750]: save_peer_applications(): Found Supported Vendor for Application 0: 10415 10(9452) DEBUG: cdp [peerstatemachine.c:681]: add_peer_application(): Application 3 of maximum 5 10(9452) DEBUG: cdp [peerstatemachine.c:681]: add_peer_application(): Application 4 of maximum 5 10(9452) DEBUG: cdp [peerstatemachine.c:763]: save_peer_applications(): Found Supported Vendor for Application 1: 10415 10(9452) DEBUG: cdp [peerstatemachine.c:681]: add_peer_application(): Application 5 of maximum 5 10(9452) CRITICAL: <core> [core/mem/q_malloc.c:149]: qm_debug_check_frag(): BUG: qm: prev. fragm. tail overwritten(1000028af, abcdefed)[0x7f2ac7c8b628:0x7f2ac7c8b660]! Memory allocator was called from cdp: diameter_avp.c:142. Fragment marked by cdp: peerstatemachine.c:732. Exec from core/mem/q_malloc.c:384. 0(9442) ALERT: <core> [main.c:756]: handle_sigs(): child process 9452 exited by a signal 6 0(9442) ALERT: <core> [main.c:759]: handle_sigs(): core was generated 0(9442) INFO: <core> [main.c:778]: handle_sigs(): dont_fork turned on, living on ```
**core.9442**
``` [root@kamailio]# gdb kamailio core.9442 GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-114.el7 Copyright (C) 2013 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-redhat-linux-gnu". For bug reporting instructions, please see: http://www.gnu.org/software/gdb/bugs/... Reading symbols from /usr/sbin/kamailio...Reading symbols from /usr/lib/debug/usr/sbin/kamailio.debug...done. done. [New LWP 9442] [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib64/libthread_db.so.1". Core was generated by `kamailio -f kamailio.cfg -D 2 -E'. Program terminated with signal 6, Aborted. #0 0x00007f2ad44ba207 in raise () from /lib64/libc.so.6 Missing separate debuginfos, use: debuginfo-install glibc-2.17-260.el7_6.3.x86_64 keyutils-libs-1.5.8-3.el7.x86_64 krb5-libs-1.15.1-37.el7_6.x86_64 libcom_err-1.42.9-13.el7.x86_64 libgcc-4.8.5-36.el7.x86_64 libselinux-2.5-14.1.el7.x86_64 libstdc++-4.8.5-36.el7.x86_64 libxml2-2.9.1-6.el7_2.3.x86_64 mariadb-libs-5.5.60-1.el7_5.x86_64 openssl-libs-1.0.2k-16.el7.x86_64 pcre-8.32-17.el7.x86_64 xz-libs-5.2.2-1.el7.x86_64 zlib-1.2.7-18.el7.x86_64 (gdb) bt full #0 0x00007f2ad44ba207 in raise () from /lib64/libc.so.6 No symbol table info available. #1 0x00007f2ad44bb8f8 in abort () from /lib64/libc.so.6 No symbol table info available. #2 0x000000000041a734 in sig_alarm_abort (signo=14) at main.c:663 __FUNCTION__ = "sig_alarm_abort" #3 <signal handler called> No symbol table info available. #4 0x00007f2ad457c1c7 in syscall () from /lib64/libc.so.6 No symbol table info available. #5 0x00007f2acca87aee in futex_get (lock=0x7f2ac7c489a0) at ../../core/futexlock.h:121 v = 1 i = 0 #6 0x00007f2acca881c4 in peer_manager_destroy () at peermanager.c:110 foo = 0x2 bar = 0x200000001 __FUNCTION__ = "peer_manager_destroy" #7 0x00007f2acca702b4 in diameter_peer_destroy () at diameter_peer.c:392 pid = 9447 status = 32554 h = 0x7f2ad3c83010 __FUNCTION__ = "diameter_peer_destroy" #8 0x00007f2acca60fb6 in cdp_exit () at cdp_mod.c:256 __FUNCTION__ = "cdp_exit" #9 0x00000000005627e1 in destroy_modules () at core/sr_module.c:732 t = 0x7f2ad3d2a918 foo = 0x7f2ad3d2a078 __FUNCTION__ = "destroy_modules" #10 0x00000000004192eb in cleanup (show_status=1) at main.c:537 memlog = 0 __FUNCTION__ = "cleanup" #11 0x000000000041aa1a in shutdown_children (sig=15, show_status=1) at main.c:680 __FUNCTION__ = "shutdown_children" #12 0x000000000041b43c in handle_sigs () at main.c:711 chld = 0 chld_status = 0 any_chld_stopped = 0 memlog = 0 __FUNCTION__ = "handle_sigs" #13 0x000000000041dc08 in sig_usr (signo=2) at main.c:824 memlog = 0 __FUNCTION__ = "sig_usr" #14 <signal handler called> No symbol table info available. #15 0x00007f2ad4582da1 in __recvfrom_nocancel () from /lib64/libc.so.6 No symbol table info available. #16 0x00000000004b4afa in udp_rcv_loop () at core/udp_server.c:460 len = 32767 buf = '\000' <repeats 65535 times> tmp = 0xffffffffffffffff <Address 0xffffffffffffffff out of bounds> from = 0x7f2ad3df99f0 fromlen = 16 ri = {src_ip = {af = 8065648, len = 0, u = {addrl = {139818365353984, 140733193388033}, addr32 = {0, 32554, 1, 32767}, addr16 = {0, 0, 32554, 0, 1, 0, 32767, 0}, addr = "\000\000\000\000*\177\000\000\001\000\000\000\377\177\000"}}, dst_ip = {af = 2, len = 4, u = {addrl = {2132753418, 0}, addr32 = {2132753418, 0, 0, 0}, addr16 = {15370, 32543, 0, 0, 0, 0, 0, 0}, addr = "\n<\037\177", '\000' <repeats 11 times>}}, src_port = 0, dst_port = 5060, proto_reserved1 = 0, proto_reserved2 = 0, src_su = {s = {sa_family = 0, sa_data = "\000\000\301\333|\000\000\000\000\000H<\321", <incomplete sequence \323>}, sin = {sin_family = 0, sin_port = 0, sin_addr = {s_addr = 8182721}, sin_zero = "\000\000\000\000H<\321", <incomplete sequence \323>}, sin6 = {sin6_family = 0, sin6_port = 0, sin6_flowinfo = 8182721, sin6_addr = {__in6_u = { __u6_addr8 = "\000\000\000\000H<\321\323*\177\000\000\210%\340", <incomplete sequence \323>, __u6_addr16 = {0, 0, 15432, 54225, 32554, 0, 9608, 54240}, __u6_addr32 = {0, 3553705032, 32554, ---Type <return> to continue, or q <return> to quit--- 3554682248}}}, sin6_scope_id = 32554}}, bind_address = 0x7f2ad3d13ac8, proto = 1 '\001'} evp = {data = 0x0, rcv = 0x0, dst = 0x0} printbuf = "\230\003|\000\000\000\000\000x\356z\000\000\000\000\000\340\026W\247\377\177\000\000\n\303\n\314*\177\000\000\020*\v\314*\177\000\000\001", '\000' <repeats 15 times>, "\036\000\000\000\024\000\000\000\n\000\000\000\001\000\000\000t#\310\307*\177\000\000\000\000\000\000\000\000\000\000\266&\346\313*\177\000\000\230\003|", '\000' <repeats 13 times>, "`\030W\247\377\177\000\000\207rM\324*\177\000\000\230\003|\000\000\000\000\000\060\000\000\000\060\000\000\000\330\027W\247\377\177\000\000\360\026W\247\377\177\000\000p\022{\000\000\000\000\000\000\000\000\000\377\177\000\000\000\000\000\000\000\000\000\000\342$\000\000\000\000\000\000\230\003|\000\000\000\000\000"... i = 0 j = 0 l = 67108864 __FUNCTION__ = "udp_rcv_loop" #17 0x0000000000423854 in main_loop () at main.c:1449 i = 0 pid = 9444 si = 0x1004189a0 si_desc = "@\212\337\323*\177\000\000\200\243\331\323*\177\000\000\000\000\000\000\003\000\000\000\270>\322\323*\177\000\000\000\032W\247\001\000\000\000\300\026\335\323*\177\000\000\000\032W\247\377\177\000\000\016\000\000\000\000\000\000\000\000\000\000\004\000\000\000\000\000\000\200\000\000\000\000\000\223\003|", '\000' <repeats 13 times>, "\320\034W\247\377\177\000\000\207rM\324*\177\000\000@\360x\000\000\000\000\000\220\205\335\323*\177\000" nrprocs = 0 woneinit = 0 __FUNCTION__ = "main_loop" #18 0x000000000042c4e9 in main (argc=6, argv=0x7fffa7571db8) at main.c:2675 cfg_stream = 0x12b3020 c = -1 r = 0 tmp = 0x0 tmp_len = 0 port = 0 proto = 0 options = 0x7697a0 ":f:cm:M:dVIhEeb:l:L:n:vKrRDTN:W:w:t:u:g:P:G:SQ:O:a:A:x:X:Y:" ret = -1 seed = 760083249 rfd = 4 debug_save = 0 debug_flag = 0 dont_fork_cnt = 1 n_lst = 0x0 p = 0x0 st = {st_dev = 19, st_ino = 63546, st_nlink = 2, st_mode = 16832, st_uid = 995, st_gid = 994, __pad0 = 0, st_rdev = 0, st_size = 40, st_blksize = 4096, st_blocks = 0, st_atim = {tv_sec = 1551264348, tv_nsec = 86000000}, st_mtim = {tv_sec = 1551275648, tv_nsec = 168545048}, st_ctim = {tv_sec = 1551275648, tv_nsec = 168545048}, __unused = {0, 0, 0}} __FUNCTION__ = "main" (gdb) (gdb) info locals cfg_stream = 0x12b3020 c = -1 r = 0 tmp = 0x0 tmp_len = 0 port = 0 proto = 0 options = 0x7697a0 ":f:cm:M:dVIhEeb:l:L:n:vKrRDTN:W:w:t:u:g:P:G:SQ:O:a:A:x:X:Y:" ret = -1 seed = 760083249 rfd = 4 debug_save = 0 debug_flag = 0 dont_fork_cnt = 1 n_lst = 0x0 p = 0x0 st = {st_dev = 19, st_ino = 63546, st_nlink = 2, st_mode = 16832, st_uid = 995, st_gid = 994, __pad0 = 0, st_rdev = 0, st_size = 40, st_blksize = 4096, st_blocks = 0, st_atim = {tv_sec = 1551264348, tv_nsec = 86000000}, st_mtim = {tv_sec = 1551275648, tv_nsec = 168545048}, st_ctim = {tv_sec = 1551275648, tv_nsec = 168545048}, __unused = {0, 0, 0}} __FUNCTION__ = "main" (gdb) list 1866 int proto; 1867 char *options; 1868 int ret; 1869 unsigned int seed; 1870 int rfd; 1871 int debug_save, debug_flag; 1872 int dont_fork_cnt; 1873 struct name_lst* n_lst; 1874 char *p; 1875 struct stat st = {0}; (gdb) ```
**core.9452** ``` [root@kamailio]# gdb kamailio core.9452 GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-114.el7 Copyright (C) 2013 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-redhat-linux-gnu". For bug reporting instructions, please see: http://www.gnu.org/software/gdb/bugs/... Reading symbols from /usr/sbin/kamailio...Reading symbols from /usr/lib/debug/usr/sbin/kamailio.debug...done. done. [New LWP 9452] [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib64/libthread_db.so.1". Core was generated by `kamailio -f kamailio.cfg -D 2 -E'. Program terminated with signal 6, Aborted. #0 0x00007f2ad44ba207 in raise () from /lib64/libc.so.6 Missing separate debuginfos, use: debuginfo-install glibc-2.17-260.el7_6.3.x86_64 keyutils-libs-1.5.8-3.el7.x86_64 krb5-libs-1.15.1-37.el7_6.x86_64 libcom_err-1.42.9-13.el7.x86_64 libgcc-4.8.5-36.el7.x86_64 libselinux-2.5-14.1.el7.x86_64 libstdc++-4.8.5-36.el7.x86_64 libxml2-2.9.1-6.el7_2.3.x86_64 mariadb-libs-5.5.60-1.el7_5.x86_64 openssl-libs-1.0.2k-16.el7.x86_64 pcre-8.32-17.el7.x86_64 xz-libs-5.2.2-1.el7.x86_64 zlib-1.2.7-18.el7.x86_64 (gdb) bt full #0 0x00007f2ad44ba207 in raise () from /lib64/libc.so.6 No symbol table info available. #1 0x00007f2ad44bb8f8 in abort () from /lib64/libc.so.6 No symbol table info available. #2 0x000000000068aad3 in qm_debug_check_frag (qm=0x7f2ac7941000, f=0x7f2ac7c8b628, file=0x7f2accb00022 "cdp: diameter_avp.c", line=142, efile=0x7f2857 "core/mem/q_malloc.c", eline=384) at core/mem/q_malloc.c:151 __FUNCTION__ = "qm_debug_check_frag" #3 0x000000000068c5e0 in qm_malloc (qmp=0x7f2ac7941000, size=56, file=0x7f2accb00022 "cdp: diameter_avp.c", func=0x7f2accb01a9a <__FUNCTION__.6983> "AAACreateAVP", line=142, mname=0x7f2accaffe50 "cdp") at core/mem/q_malloc.c:384 qm = 0x7f2ac7941000 f = 0x7f2ac7c8b628 hash = 2060 list_cntr = 1 __FUNCTION__ = "qm_malloc" #4 0x0000000000697694 in qm_shm_malloc (qmp=0x7f2ac7941000, size=56, file=0x7f2accb00022 "cdp: diameter_avp.c", func=0x7f2accb01a9a <__FUNCTION__.6983> "AAACreateAVP", line=142, mname=0x7f2accaffe50 "cdp") at core/mem/q_malloc.c:1219 r = 0x7c0398 #5 0x00007f2accad9b40 in AAACreateAVP (code=266, flags=(AAA_AVP_FLAG_MANDATORY | AAA_AVP_FLAG_END_TO_END_ENCRYPT), vendorId=0, data=0x7f2ac7c8b47c "", length=4, data_status=AVP_DONT_FREE_DATA) at diameter_avp.c:142 avp = 0x0 __FUNCTION__ = "AAACreateAVP" #6 0x00007f2accadddb9 in AAAUngroupAVPS (buf=...) at diameter_avp.c:678 ptr = 0x7f2ac7c8b47c "" avp = 0xccae835b avp_code = 266 avp_flags = 96 '`' avp_len = 12 avp_vendorID = 0 avp_data_len = 4 lh = {head = 0x0, tail = 0x0} __FUNCTION__ = "AAAUngroupAVPS" #7 0x00007f2acca83750 in save_peer_applications (p=0x7f2ac7c48b60, msg=0x7f2ac7c8a8f0) at peerstatemachine.c:771 total_cnt = 5 supported_vendor_id_avp_cnt = 1 avp = 0x7f2ac7c8ac10 avp_vendor = 0x7f2ac7c8b518 avp2 = 0x24ec group = {head = 0x1e400000180, tail = 0x1e4ccaf4939} id = 4 vendor = 10415 __FUNCTION__ = "save_peer_applications" #8 0x00007f2acca83a1c in Process_CEA (p=0x7f2ac7c48b60, cea=0x7f2ac7c8a8f0) at peerstatemachine.c:803 avp = 0x7f2ac7c8b338 #9 0x00007f2acca7cba5 in sm_process (p=0x7f2ac7c48b60, event=I_Rcv_CEA, msg=0x7f2ac7c8a8f0, peer_locked=0, sock=18) at peerstatemachine.c:166 result_code = -860919936 next_event = 32554 msg_received = 0 __FUNCTION__ = "sm_process" #10 0x00007f2accad4cf1 in receive_message (msg=0x7f2ac7c8a8f0, sp=0x7f2ad3df8310) at receiver.c:1147 avp1 = 0xccaf9190 avp2 = 0x7f2ac7c8b518 __FUNCTION__ = "receive_message" #11 0x00007f2accac9cdc in do_receive (sp=0x7f2ad3df8310) at receiver.c:598 cnt = 196 n = 196 version = 1 dst = 0x7f2ac7c8b3ec "" dmsg = 0x7f2ac7c8a8f0 ---Type <return> to continue, or q <return> to quit--- __FUNCTION__ = "do_receive" #12 0x00007f2accacdb21 in receive_loop (original_peer=0x7f2ac7c48b60) at receiver.c:805 rfds = {__fds_bits = {262144, 0 <repeats 15 times>}} efds = {__fds_bits = {0 <repeats 16 times>}} tv = {tv_sec = 0, tv_usec = 999997} n = 1 max = 24 cnt = 1 msg = 0x0 sp = 0x7f2ad3df8310 sp2 = 0x7f2ad3df8310 p = 0x7f2ac7c48b60 fd = 18 fd_exchange_pipe_local = 24 __FUNCTION__ = "receive_loop" #13 0x00007f2accac71d8 in receiver_process (p=0x7f2ac7c48b60) at receiver.c:464 __FUNCTION__ = "receiver_process" #14 0x00007f2acca6e8d6 in diameter_peer_start (blocking=0) at diameter_peer.c:289 pid = 0 k = -1 p = 0x7f2ac7c48b60 __FUNCTION__ = "diameter_peer_start" #15 0x00007f2acca609bd in cdp_child_init (rank=0) at cdp_mod.c:241 __FUNCTION__ = "cdp_child_init" #16 0x0000000000562c32 in init_mod_child (m=0x7f2ad3d2a918, rank=0) at core/sr_module.c:846 __FUNCTION__ = "init_mod_child" #17 0x00000000005628ce in init_mod_child (m=0x7f2ad3d2b568, rank=0) at core/sr_module.c:842 __FUNCTION__ = "init_mod_child" #18 0x00000000005628ce in init_mod_child (m=0x7f2ad3d2b908, rank=0) at core/sr_module.c:842 __FUNCTION__ = "init_mod_child" #19 0x00000000005628ce in init_mod_child (m=0x7f2ad3d2bd20, rank=0) at core/sr_module.c:842 __FUNCTION__ = "init_mod_child" #20 0x0000000000563011 in init_child (rank=0) at core/sr_module.c:874 ret = 0 #21 0x0000000000423344 in main_loop () at main.c:1434 i = 0 pid = 9444 si = 0x1004189a0 si_desc = "@\212\337\323*\177\000\000\200\243\331\323*\177\000\000\000\000\000\000\003\000\000\000\270>\322\323*\177\000\000\000\032W\247\001\000\000\000\300\026\335\323*\177\000\000\000\032W\247\377\177\000\000\016\000\000\000\000\000\000\000\000\000\000\004\000\000\000\000\000\000\200\000\000\000\000\000\223\003|", '\000' <repeats 13 times>, "\320\034W\247\377\177\000\000\207rM\324*\177\000\000@\360x\000\000\000\000\000\220\205\335\323*\177\000" nrprocs = 0 woneinit = 0 __FUNCTION__ = "main_loop" #22 0x000000000042c4e9 in main (argc=6, argv=0x7fffa7571db8) at main.c:2675 cfg_stream = 0x12b3020 c = -1 r = 0 tmp = 0x0 tmp_len = 0 port = 0 proto = 0 options = 0x7697a0 ":f:cm:M:dVIhEeb:l:L:n:vKrRDTN:W:w:t:u:g:P:G:SQ:O:a:A:x:X:Y:" ret = -1 seed = 760083249 rfd = 4 debug_save = 0 debug_flag = 0 ---Type <return> to continue, or q <return> to quit--- dont_fork_cnt = 1 n_lst = 0x0 p = 0x0 st = {st_dev = 19, st_ino = 63546, st_nlink = 2, st_mode = 16832, st_uid = 995, st_gid = 994, __pad0 = 0, st_rdev = 0, st_size = 40, st_blksize = 4096, st_blocks = 0, st_atim = {tv_sec = 1551264348, tv_nsec = 86000000}, st_mtim = {tv_sec = 1551275648, tv_nsec = 168545048}, st_ctim = {tv_sec = 1551275648, tv_nsec = 168545048}, __unused = {0, 0, 0}} __FUNCTION__ = "main" (gdb) info locals cfg_stream = 0x12b3020 c = -1 r = 0 tmp = 0x0 tmp_len = 0 port = 0 proto = 0 options = 0x7697a0 ":f:cm:M:dVIhEeb:l:L:n:vKrRDTN:W:w:t:u:g:P:G:SQ:O:a:A:x:X:Y:" ret = -1 seed = 760083249 rfd = 4 debug_save = 0 debug_flag = 0 dont_fork_cnt = 1 n_lst = 0x0 p = 0x0 st = {st_dev = 19, st_ino = 63546, st_nlink = 2, st_mode = 16832, st_uid = 995, st_gid = 994, __pad0 = 0, st_rdev = 0, st_size = 40, st_blksize = 4096, st_blocks = 0, st_atim = {tv_sec = 1551264348, tv_nsec = 86000000}, st_mtim = {tv_sec = 1551275648, tv_nsec = 168545048}, st_ctim = {tv_sec = 1551275648, tv_nsec = 168545048}, __unused = {0, 0, 0}} __FUNCTION__ = "main" (gdb) list 1866 int proto; 1867 char *options; 1868 int ret; 1869 unsigned int seed; 1870 int rfd; 1871 int debug_save, debug_flag; 1872 int dont_fork_cnt; 1873 struct name_lst* n_lst; 1874 char *p; 1875 struct stat st = {0}; (gdb)
```
As written in the comment of the github issue, the patch is only in master branch. No rpms are generated from there, so you have to build from source code.
Cheers, Daniel
On 27.02.19 15:12, denyspozniak wrote:
I have updated Kamailio from repo: http://download.opensuse.org/repositories/home:/kamailio:/v5.2.x-rpms/CentOS...
So I hope your patch is there: [root@kamailio]# kamailio -v version: kamailio 5.2.1 (x86_64/linux) 947769 compiled on 20:48:14 Feb 26 2019 with gcc 4.8.5
But got crash again:
--
Daniel-Constantin Mierla -- www.asipto.com www.twitter.com/miconda -- www.linkedin.com/in/miconda Kamailio World Conference - May 6-8, 2019 -- www.kamailioworld.com Kamailio Advanced Training - Mar 4-6, 2019 in Berlin; Mar 25-27, 2019, in Washington, DC, USA -- www.asipto.com
Hello! Issue is fixed! Thanks!
Now it shows error without crashing. ``` Feb 28 11:15:08 kamailio /usr/sbin/kamailio[10918]: ERROR: cdp [peerstatemachine.c:634]: I_Snd_CER(): I_Snd_CER(): Error on finding local host address > Socket operation on non-socket Feb 28 11:15:08 kamailio /usr/sbin/kamailio[10918]: ERROR: cdp [peerstatemachine.c:674]: add_peer_application(): Too many applications for this peer (max 5), not adding Application 4:10415. ```
-
Daniel-Constantin Mierla -
Daniel-Constantin Mierla -
Denys
-
denyspozniak