### Description
coredump kamailio start
### Troubleshooting
#### Debugging Data
``` (gdb) bt #0 0x00007ffff7dd56b1 in __memmove_avx_unaligned_erms () from /lib64/libc.so.6 #1 0x00007ffff639d5df in pv_parse_hdr_name (sp=0x7ffff6ae4ce8, in=0x7fffffffd620) at pv_core.c:3594 #2 0x00000000005658e6 in pv_parse_spec2 (in=0x7ffff6ae4cd0, e=0x7ffff6ae4ce8, silent=0) at core/pvapi.c:969 #3 0x0000000000560fcd in pv_cache_add (name=0x7fffffffd810) at core/pvapi.c:359 #4 0x0000000000562898 in pv_spec_lookup (name=0x7fffffffd8d0, len=0x7fffffffd8cc) at core/pvapi.c:498 #5 0x000000000056903c in pv_parse_format (in=0x7fffffffd9d0, el=0x7ffff6ae4bb8) at core/pvapi.c:1194 #6 0x000000000062e790 in fix_param (type=256, param=0x7ffff6afc4a8) at core/sr_module.c:1214 #7 0x000000000062ee08 in fix_param_types (types=256, param=0x7ffff6afc4a8) at core/sr_module.c:1336 #8 0x000000000050de56 in fixup_spve_null (param=0x7ffff6afc4a8, param_no=1) at core/mod_fix.c:564 #9 0x00007ffff1ae0074 in fixup_hvalue_param (param=0x7ffff6afc4a8, param_no=2) at textopsx.c:622 #10 0x00007ffff1ae0e63 in fixup_hname_str (param=0x7ffff6afc4a8, param_no=2) at textopsx.c:719 #11 0x00007ffff1ae89ff in append_hf_value_fixup (param=0x7ffff6afc4a8, param_no=2) at textopsx.c:1644 #12 0x00000000005a3abd in fix_actions (a=0x7ffff6afc430) at core/route.c:932 #13 0x000000000059f111 in fix_actions (a=0x7ffff6afc6e8) at core/route.c:723 #14 0x00000000005b0dd3 in fix_rl (rt=0x91bec0 <main_rt>) at core/route.c:2102 #15 0x00000000005b0e0a in fix_rls () at core/route.c:2118 #16 0x0000000000438084 in main (argc=12, argv=0x7fffffffe608) at main.c:3047 (gdb) bt full #0 0x00007ffff7dd56b1 in __memmove_avx_unaligned_erms () from /lib64/libc.so.6 No symbol table info available. #1 0x00007ffff639d5df in pv_parse_hdr_name (sp=0x7ffff6ae4ce8, in=0x7fffffffd620) at pv_core.c:3594 s = {s = 0x7ffff6af9178 "\001", len = -156263992} p = 0x82be18 <__func__.9> "pv_init_buffer" nsp = 0x0 hdr = {type = 8368264, name = {s = 0x85 <error: Cannot access memory at address 0x85>, len = -10896}, body = {s = 0x5634f1 <pv_lookup_spec_name+910> "\205\300u<H\213EȋP\020H\213\205p\377\377\377\211\020H\213E\310H\213P\030H\213\205p\377\377\377H\211P\bH\213E\310H\213P H\213\205p\377\377\377H\211P\020H\213E\310\353\037H\213E\310H\213@PH\211E\310H\203", <incomplete sequence \310>, len = -156349208}, len = -10736, parsed = 0x1, next = 0x0} __func__ = "pv_parse_hdr_name" #2 0x00000000005658e6 in pv_parse_spec2 (in=0x7ffff6ae4cd0, e=0x7ffff6ae4ce8, silent=0) at core/pvapi.c:969 p = 0x7ffff6ae4d53 ")[0])" s = {s = 0x7ffff6ae4d4e "X-CID)[0])", len = 5} pvname = {s = 0x7ffff6ae4d4a "hdr(X-CID)[0])", len = 3} pvstate = 2 tr = 0x0 pte = 0x7ffff6500c38 n = 0 __func__ = "pv_parse_spec2" #3 0x0000000000560fcd in pv_cache_add (name=0x7fffffffd810) at core/pvapi.c:359 pvn = 0x7ffff6ae4cd0 pvid = 949637875 p = 0x0 __func__ = "pv_cache_add" #4 0x0000000000562898 in pv_spec_lookup (name=0x7fffffffd8d0, len=0x7fffffffd8cc) at core/pvapi.c:498 pvs = 0x0 tname = {s = 0x7ffff6afc668 "$(hdr(X-CID)[0])", len = 16} __func__ = "pv_spec_lookup" #5 0x000000000056903c in pv_parse_format (in=0x7fffffffd9d0, el=0x7ffff6ae4bb8) at core/pvapi.c:1194 p = 0x7ffff6afc668 "$(hdr(X-CID)[0])" p0 = 0xc600000001 <error: Cannot access memory at address 0xc600000001> n = 1 e = 0x7ffff6ae4c48 e0 = 0x0 s = {s = 0x7ffff6afc668 "$(hdr(X-CID)[0])", len = 16} len = 16 __func__ = "pv_parse_format" #6 0x000000000062e790 in fix_param (type=256, param=0x7ffff6afc4a8) at core/sr_module.c:1214 p = 0x7ffff6ae4ba8 name = {s = 0x7ffff6afc668 "$(hdr(X-CID)[0])", len = 16} s = {s = 0x1800000 <error: Cannot access memory at address 0x1800000>, len = 0} num = 32767 err = -156291736 __func__ = "fix_param" #7 0x000000000062ee08 in fix_param_types (types=256, param=0x7ffff6afc4a8) at core/sr_module.c:1336 ret = -156248399 t = 256 #8 0x000000000050de56 in fixup_spve_null (param=0x7ffff6afc4a8, param_no=1) at core/mod_fix.c:564 ret = 0 fp = 0x0 __func__ = "fixup_spve_null" #9 0x00007ffff1ae0074 in fixup_hvalue_param (param=0x7ffff6afc4a8, param_no=2) at textopsx.c:622 No locals. #10 0x00007ffff1ae0e63 in fixup_hname_str (param=0x7ffff6afc4a8, param_no=2) at textopsx.c:719 No locals. #11 0x00007ffff1ae89ff in append_hf_value_fixup (param=0x7ffff6afc4a8, param_no=2) at textopsx.c:1644 res = 0 __func__ = "append_hf_value_fixup" #12 0x00000000005a3abd in fix_actions (a=0x7ffff6afc430) at core/route.c:932 t = 0x7ffff6afc430 p = 0x7ffff6af8730 tmp = 0x4bbed9 <sr_event_exec+415> "\211E\374\213E\374\351/\003" tmp_p = 0x7ffff6afc668 ret = 0 i = 1 cmd = 0x7ffff6528150 s = {s = 0x7ffff6af99c8 "\001", len = -8700} he = 0x7fffffffded0 ip = {af = 25165824, len = 0, u = {addrl = {0, 140737488346496}, addr32 = {0, 0, 4294958464, 32767}, addr16 = {0, 0, 0, 0, 56704, 65535, 32767, 0}, addr = "\000\000\000\000\000\000\000\000\200\335\377\377\377\177\000"}} si = 0x7fffffffdecc lval = 0x7fffffffded4 rve = 0x7ffff6af8398 err_rve = 0x4000000 rve_type = RV_NONE err_type = 133 expected_type = RV_NONE rv = 0x7ffff6af8448 rve_param_no = 0 __func__ = "fix_actions" #13 0x000000000059f111 in fix_actions (a=0x7ffff6afc6e8) at core/route.c:723 t = 0x7ffff6afc6e8 p = 0x0 tmp = 0x6f16b7 <qm_malloc+1321> "H\203\304\020H\213E\310H\213P\030H\213E\270H\213" tmp_p = 0x7ffff6af88f0 ret = 0 i = 2 cmd = 0x7ffff652bab8 s = {s = 0x7ffff6ac87f8 "LIS_REPLY", len = 9} he = 0x7fffffffe020 ip = {af = 0, len = 0, u = {addrl = {140737274206128, 140737488347056}, addr32 = {4080818096, 32767, 4294959024, 32767}, addr16 = {22448, 62268, 32767, 0, 57264, 65535, 32767, 0}, addr = "\260W<\363\377\177\000\000\260\337\377\377\377\177\000"}} si = 0xaab32f7585fd7500 lval = 0x7ffff6ac7520 rve = 0x7ffff6afbc18 err_rve = 0x0 rve_type = RV_INT err_type = 32 expected_type = RV_NONE rv = 0x7ffff6ac91e0 rve_param_no = 0 __func__ = "fix_actions" #14 0x00000000005b0dd3 in fix_rl (rt=0x91bec0 <main_rt>) at core/route.c:2102 i = 97 ret = 0 #15 0x00000000005b0e0a in fix_rls () at core/route.c:2118 ret = 0 #16 0x0000000000438084 in main (argc=12, argv=0x7fffffffe608) at main.c:3047 cfg_stream = 0x9c02d0 c = -1 r = 0 tmp = 0x7fffffffe8bb "" tmp_len = 896 port = 896 proto = 896 ahost = 0x0 aport = 0 options = 0x7fe158 ":f:cm:M:dVIhEeb:l:L:n:vKrRDTN:W:w:t:u:g:P:G:SQ:O:a:A:x:X:Y:" ret = -1 seed = 4231472377 rfd = 4 debug_save = 0 debug_flag = 0 dont_fork_cnt = 2 n_lst = 0x0 p = 0xc2 <error: Cannot access memory at address 0xc2> st = {st_dev = 56, st_ino = 279340502, st_nlink = 2, st_mode = 16832, st_uid = 0, st_gid = 0, __pad0 = 0, st_rdev = 0, st_size = 120, st_blksize = 4096, st_blocks = 0, st_atim = {tv_sec = 1622741422, tv_nsec = 474562221}, st_mtim = {tv_sec = 1624650702, tv_nsec = 443892052}, st_ctim = {tv_sec = 1624650702, tv_nsec = 443892052}, __glibc_reserved = {0, 0, 0}} tbuf = "\000\342\377\377\377\177", '\000' <repeats 11 times>, "\342\377\377\377\177", '\000' <repeats 18 times>, "\260\027\375\367\377\177\000\000\350\317\377\367\377\177\000\000\b\345\377\367\377\177\000\000\340\031\375\367\377\177\000\000\025\217\376\367\377\177\000\000$f\307\367\377\177\000\000\354K\377\367\377\177\000\000\336K\377\367\377\177\000\000\205\317c\t\000\000\000\000\300S\374\367\377\177\000\000ߏ\376\367\377\177\000\000\000\000\000\000\254\202\226\006\334P\307\367\377\177\000\000\000\000\000\000\000\000\000\000\300S\374\367\377\177\000\000\001\000\000\000\000\000\000\000@\347N\360\356"\000\000\240\341\377\367\377\177\000\000\370\377\377\377\377\377\377\377\240\341\377\367\377\177\000\000R"... option_index = 12 long_options = {{name = 0x800836 "help", has_arg = 0, flag = 0x0, val = 104}, {name = 0x7fb521 "version", has_arg = 0, flag = 0x0, val = 118}, {name = 0x80083b "alias", has_arg = 1, flag = 0x0, val = 1024}, {name = 0x800841 "subst", has_arg = 1, flag = 0x0, val = 1025}, {name = 0x800847 "substdef", has_arg = 1, flag = 0x0, val = 1026}, {name = 0x800850 "substdefs", has_arg = 1, flag = 0x0, val = 1027}, {name = 0x80085a "server-id", has_arg = 1, flag = 0x0, val = 1028}, {name = 0x800864 "loadmodule", has_arg = 1, flag = 0x0, val = 1029}, {name = 0x80086f "modparam", has_arg = 1, flag = 0x0, val = 1030}, {name = 0x800878 "log-engine", has_arg = 1, flag = 0x0, val = 1031}, {name = 0x800883 "debug", has_arg = 1, flag = 0x0, val = 1032}, {name = 0x800889 "cfg-print", has_arg = 0, flag = 0x0, val = 1033}, {name = 0x800893 "atexit", has_arg = 1, flag = 0x0, val = 1034}, {name = 0x0, has_arg = 0, flag = 0x0, val = 0}} __func__ = "main" ```
### Additional Information
master on CentOS8
Master has `return 1;` at `modules/pv/pv_core.c` line 3594. Provide:
``` kamailio -v uname -a ```
And from gdb:
``` frame 1 list ```
``` [root@safarov-dell kamailio]# /usr/local/sbin/kamailio -v version: kamailio 5.6.0-dev0 (x86_64/linux) df23ea flags: USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS, DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MMAP, PKG_MALLOC, Q_MALLOC, F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLOCKLIST, HAVE_RESOLV_RES, TLS_PTHREAD_MUTEX_SHARED ADAPTIVE_WAIT_LOOPS 1024, MAX_RECV_BUFFER_SIZE 262144, MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT PKG_SIZE 8MB poll method support: poll, epoll_lt, epoll_et, sigio_rt, select. id: df23ea compiled on 12:48:46 Jun 18 2021 with gcc 10.2.1 ``` Here is a master with my commits. As base used 5d03c9235f79ce4af35b6f79eddebae9f512f1d3
``` [root@safarov-dell kamailio]# uname -a Linux safarov-dell.home 5.9.10-200.fc33.x86_64 #1 SMP Mon Nov 23 18:12:50 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux ``` Here Fedora 33 (Not CentOS 8, but same behavior on CentOS8).
``` (gdb) frame 1 #1 0x00007ffff639d5df in pv_parse_hdr_name (sp=0x7ffff6ae4c08, in=0x7fffffffd610) at pv_core.c:3594 3594 memcpy(p, in->s, in->len); (gdb) list 3589 { 3590 LM_ERR("name too long\n"); 3591 return -1; 3592 } 3593 p = pv_get_buffer(); 3594 memcpy(p, in->s, in->len); 3595 p[in->len] = ':'; 3596 s.s = p; 3597 s.len = in->len+1; 3598 (gdb) p p $1 = 0x82be18 <__func__.9> "pv_init_buffer" (gdb) p in->s $2 = 0x7ffff6ae4c6e "X-CID)[0])" (gdb) p in $3 = (str *) 0x7fffffffd610 (gdb) p *in $4 = {s = 0x7ffff6ae4c6e "X-CID)[0])", len = 5} ```
Relevant [string](https://github.com/kamailio/kamailio/blob/master/src/modules/pv/pv_core.c#L3...) in current master.
I will retest on the 14d92c0d7ab1229996176b131ab8edcabc3a5717 commit.
Test on 14d92c0d7ab1229996176b131ab8edcabc3a5717
``` (gdb) bt #0 0x00007ffff7dd56b1 in __memmove_avx_unaligned_erms () from /lib64/libc.so.6 #1 0x00007ffff6392fd4 in pv_parse_hdr_name (sp=0x7ffff6ae4d20, in=0x7fffffffd610) at pv_core.c:3617 #2 0x0000000000566304 in pv_parse_spec2 (in=0x7ffff6ae4d08, e=0x7ffff6ae4d20, silent=0) at core/pvapi.c:969 #3 0x00000000005619eb in pv_cache_add (name=0x7fffffffd800) at core/pvapi.c:359 #4 0x00000000005632b6 in pv_spec_lookup (name=0x7fffffffd8c0, len=0x7fffffffd8bc) at core/pvapi.c:498 #5 0x0000000000569a5a in pv_parse_format (in=0x7fffffffd9c0, el=0x7ffff6ae4bf0) at core/pvapi.c:1194 #6 0x000000000062f1ae in fix_param (type=256, param=0x7ffff6afc4e0) at core/sr_module.c:1214 #7 0x000000000062f826 in fix_param_types (types=256, param=0x7ffff6afc4e0) at core/sr_module.c:1336 #8 0x000000000050e874 in fixup_spve_null (param=0x7ffff6afc4e0, param_no=1) at core/mod_fix.c:564 #9 0x00007ffff1ad2074 in fixup_hvalue_param (param=0x7ffff6afc4e0, param_no=2) at textopsx.c:622 #10 0x00007ffff1ad2e63 in fixup_hname_str (param=0x7ffff6afc4e0, param_no=2) at textopsx.c:719 #11 0x00007ffff1ada9ff in append_hf_value_fixup (param=0x7ffff6afc4e0, param_no=2) at textopsx.c:1644 #12 0x00000000005a44db in fix_actions (a=0x7ffff6afc468) at core/route.c:932 #13 0x000000000059fb2f in fix_actions (a=0x7ffff6afc720) at core/route.c:723 #14 0x00000000005b17f1 in fix_rl (rt=0x91c0c0 <main_rt>) at core/route.c:2102 #15 0x00000000005b1828 in fix_rls () at core/route.c:2118 #16 0x00000000004381c0 in main (argc=12, argv=0x7fffffffe5f8) at main.c:3066 (gdb) set pagination off (gdb) bt full #0 0x00007ffff7dd56b1 in __memmove_avx_unaligned_erms () from /lib64/libc.so.6 No symbol table info available. #1 0x00007ffff6392fd4 in pv_parse_hdr_name (sp=0x7ffff6ae4d20, in=0x7fffffffd610) at pv_core.c:3617 s = {s = 0x7ffff6af91b0 "\001", len = -156263936} p = 0x82c058 <__func__.9> "pv_init_buffer" nsp = 0x0 hdr = {type = 8368264, name = {s = 0x85 <error: Cannot access memory at address 0x85>, len = -10912}, body = {s = 0x563f0f <pv_lookup_spec_name+910> "\205\300u<H\213EȋP\020H\213\205p\377\377\377\211\020H\213E\310H\213P\030H\213\205p\377\377\377H\211P\bH\213E\310H\213P H\213\205p\377\377\377H\211P\020H\213E\310\353\037H\213E\310H\213@PH\211E\310H\203", <incomplete sequence \310>, len = -156349152}, len = -10752, parsed = 0x1, next = 0x0} __func__ = "pv_parse_hdr_name" #2 0x0000000000566304 in pv_parse_spec2 (in=0x7ffff6ae4d08, e=0x7ffff6ae4d20, silent=0) at core/pvapi.c:969 p = 0x7ffff6ae4d8b ")[0])" s = {s = 0x7ffff6ae4d86 "X-CID)[0])", len = 5} pvname = {s = 0x7ffff6ae4d82 "hdr(X-CID)[0])", len = 3} pvstate = 2 tr = 0x0 pte = 0x7ffff6500c38 n = 0 __func__ = "pv_parse_spec2" #3 0x00000000005619eb in pv_cache_add (name=0x7fffffffd800) at core/pvapi.c:359 pvn = 0x7ffff6ae4d08 pvid = 949637875 p = 0x0 __func__ = "pv_cache_add" #4 0x00000000005632b6 in pv_spec_lookup (name=0x7fffffffd8c0, len=0x7fffffffd8bc) at core/pvapi.c:498 pvs = 0x0 tname = {s = 0x7ffff6afc6a0 "$(hdr(X-CID)[0])", len = 16} __func__ = "pv_spec_lookup" #5 0x0000000000569a5a in pv_parse_format (in=0x7fffffffd9c0, el=0x7ffff6ae4bf0) at core/pvapi.c:1194 p = 0x7ffff6afc6a0 "$(hdr(X-CID)[0])" p0 = 0xc600000001 <error: Cannot access memory at address 0xc600000001> n = 1 e = 0x7ffff6ae4c80 e0 = 0x0 s = {s = 0x7ffff6afc6a0 "$(hdr(X-CID)[0])", len = 16} len = 16 __func__ = "pv_parse_format" #6 0x000000000062f1ae in fix_param (type=256, param=0x7ffff6afc4e0) at core/sr_module.c:1214 p = 0x7ffff6ae4be0 name = {s = 0x7ffff6afc6a0 "$(hdr(X-CID)[0])", len = 16} s = {s = 0x1800000 <error: Cannot access memory at address 0x1800000>, len = 0} num = 32767 err = -156291680 __func__ = "fix_param" #7 0x000000000062f826 in fix_param_types (types=256, param=0x7ffff6afc4e0) at core/sr_module.c:1336 ret = -156248343 t = 256 #8 0x000000000050e874 in fixup_spve_null (param=0x7ffff6afc4e0, param_no=1) at core/mod_fix.c:564 ret = 0 fp = 0x0 __func__ = "fixup_spve_null" #9 0x00007ffff1ad2074 in fixup_hvalue_param (param=0x7ffff6afc4e0, param_no=2) at textopsx.c:622 No locals. #10 0x00007ffff1ad2e63 in fixup_hname_str (param=0x7ffff6afc4e0, param_no=2) at textopsx.c:719 No locals. #11 0x00007ffff1ada9ff in append_hf_value_fixup (param=0x7ffff6afc4e0, param_no=2) at textopsx.c:1644 res = 0 __func__ = "append_hf_value_fixup" #12 0x00000000005a44db in fix_actions (a=0x7ffff6afc468) at core/route.c:932 t = 0x7ffff6afc468 p = 0x7ffff6af8768 tmp = 0x4bc015 <sr_event_exec+415> "\211E\374\213E\374\351/\003" tmp_p = 0x7ffff6afc6a0 ret = 0 i = 1 cmd = 0x7ffff6528188 s = {s = 0x7ffff6af9a00 "\001", len = -8716} he = 0x7fffffffdec0 ip = {af = 25165824, len = 0, u = {addrl = {0, 140737488346480}, addr32 = {0, 0, 4294958448, 32767}, addr16 = {0, 0, 0, 0, 56688, 65535, 32767, 0}, addr = "\000\000\000\000\000\000\000\000p\335\377\377\377\177\000"}} si = 0x7fffffffdebc lval = 0x7fffffffdec4 rve = 0x7ffff6af83d0 err_rve = 0x4000000 rve_type = RV_NONE err_type = 133 expected_type = RV_NONE rv = 0x7ffff6af8480 rve_param_no = 0 __func__ = "fix_actions" #13 0x000000000059fb2f in fix_actions (a=0x7ffff6afc720) at core/route.c:723 t = 0x7ffff6afc720 p = 0x0 tmp = 0x6f20d5 <qm_malloc+1321> "H\203\304\020H\213E\310H\213P\030H\213E\270H\213" tmp_p = 0x7ffff6af8928 ret = 0 i = 2 cmd = 0x7ffff652baf0 s = {s = 0x7ffff6ac8830 "LIS_REPLY", len = 9} he = 0x7fffffffe010 ip = {af = 0, len = 0, u = {addrl = {140737274161072, 140737488347040}, addr32 = {4080773040, 32767, 4294959008, 32767}, addr16 = {42928, 62267, 32767, 0, 57248, 65535, 32767, 0}, addr = "\260\247;\363\377\177\000\000\240\337\377\377\377\177\000"}} si = 0xf5240eac1757200 lval = 0x7ffff6ac7558 rve = 0x7ffff6afbc50 err_rve = 0x0 rve_type = RV_INT err_type = 32 expected_type = RV_NONE rv = 0x7ffff6ac9218 rve_param_no = 0 __func__ = "fix_actions" #14 0x00000000005b17f1 in fix_rl (rt=0x91c0c0 <main_rt>) at core/route.c:2102 i = 97 ret = 0 #15 0x00000000005b1828 in fix_rls () at core/route.c:2118 ret = 0 #16 0x00000000004381c0 in main (argc=12, argv=0x7fffffffe5f8) at main.c:3066 cfg_stream = 0x9c02d0 c = -1 r = 0 tmp = 0x7fffffffe8b3 "" tmp_len = 896 port = 896 proto = 896 ahost = 0x0 aport = 0 options = 0x7fe218 ":f:cm:M:dVIhEeb:l:L:n:vKrRDTN:W:w:t:u:g:P:G:SQ:O:a:A:x:X:Y:" ret = -1 seed = 3821576408 rfd = 4 debug_save = 0 debug_flag = 0 dont_fork_cnt = 2 n_lst = 0x0 p = 0xc2 <error: Cannot access memory at address 0xc2> st = {st_dev = 47, st_ino = 279340502, st_nlink = 2, st_mode = 16832, st_uid = 0, st_gid = 0, __pad0 = 0, st_rdev = 0, st_size = 120, st_blksize = 4096, st_blocks = 0, st_atim = {tv_sec = 1622741422, tv_nsec = 474562221}, st_mtim = {tv_sec = 1624710986, tv_nsec = 414222440}, st_ctim = {tv_sec = 1624710986, tv_nsec = 414222440}, __glibc_reserved = {0, 0, 0}} tbuf = "\360\341\377\377\377\177\000\000\000\000\000\000\000\000\000\000\360\341\377\377\377\177", '\000' <repeats 18 times>, "\260\027\375\367\377\177\000\000\350\317\377\367\377\177\000\000\b\345\377\367\377\177\000\000\340\031\375\367\377\177\000\000\025\217\376\367\377\177\000\000$f\307\367\377\177\000\000\354K\377\367\377\177\000\000\336K\377\367\377\177\000\000\205\317c\t\000\000\000\000\300S\374\367\377\177\000\000ߏ\376\367\377\177\000\000\000\000\000\000\254\202\226\006\334P\307\367\377\177\000\000\000\000\000\000\000\000\000\000\300S\374\367\377\177\000\000\001\000\000\000\000\000\000\000\366/\210\333i\005\000\000\240\341\377\367\377\177\000\000\370\377\377\377\377\377\377\377\240\341\377\367\377\177\000\000R"... option_index = 12 long_options = {{name = 0x8008f6 "help", has_arg = 0, flag = 0x0, val = 104}, {name = 0x7fb521 "version", has_arg = 0, flag = 0x0, val = 118}, {name = 0x8008fb "alias", has_arg = 1, flag = 0x0, val = 1024}, {name = 0x800901 "subst", has_arg = 1, flag = 0x0, val = 1025}, {name = 0x800907 "substdef", has_arg = 1, flag = 0x0, val = 1026}, {name = 0x800910 "substdefs", has_arg = 1, flag = 0x0, val = 1027}, {name = 0x80091a "server-id", has_arg = 1, flag = 0x0, val = 1028}, {name = 0x800924 "loadmodule", has_arg = 1, flag = 0x0, val = 1029}, {name = 0x80092f "modparam", has_arg = 1, flag = 0x0, val = 1030}, {name = 0x800938 "log-engine", has_arg = 1, flag = 0x0, val = 1031}, {name = 0x800943 "debug", has_arg = 1, flag = 0x0, val = 1032}, {name = 0x800949 "cfg-print", has_arg = 0, flag = 0x0, val = 1033}, {name = 0x800953 "atexit", has_arg = 1, flag = 0x0, val = 1034}, {name = 0x0, has_arg = 0, flag = 0x0, val = 0}} __func__ = "main" (gdb) frame 1 #1 0x00007ffff6392fd4 in pv_parse_hdr_name (sp=0x7ffff6ae4d20, in=0x7fffffffd610) at pv_core.c:3617 3617 memcpy(p, in->s, in->len); (gdb) list 3612 { 3613 LM_ERR("name too long\n"); 3614 return -1; 3615 } 3616 p = pv_get_buffer(); 3617 memcpy(p, in->s, in->len); 3618 p[in->len] = ':'; 3619 s.s = p; 3620 s.len = in->len+1; 3621 (gdb) p p $1 = 0x82c058 <__func__.9> "pv_init_buffer" (gdb) p in $2 = (str *) 0x7fffffffd610 (gdb) p *in $3 = {s = 0x7ffff6ae4d86 "X-CID)[0])", len = 5} (gdb) ```
The error is related to use of unaligned memory address, but it should not be the case, being related to a pointer that is allocated.
That happens in the fixup for `append_hf_value()`. I suggest that you use default `kamailio.cfg` by adding also this function in the request_route() and then see if starts ok.
If yes, then it is a problem with your config, are you using modules that are not in stock kamailio repo?
On server used stock modules compiled for `ARM` arch. Used `kazoo` config with customization. I can create a minimal config that allows reproducing the issue on another PC.
The `pv_get_buffer()` return the pointer of the allocated buffer, which should be aligned:
``` 3593 p = pv_get_buffer(); 3594 memcpy(p, in->s, in->len); ```
That means there is a buffer overflow/memory overwrite in one of the components you use. If you can narrow it down to a minimal config, it would help a lot. Also, knowing if default `kamailio.cfg` + `append_hf_value()` works or not would help to rule out many modules.
Issue reproduced with the minimal config from #2736 ``` loadmodule "ipops.so" loadmodule "pv.so" loadmodule "textops.so" loadmodule "textopsx.so"
pv_buffer_slots = 30
#!substdef "!MAJOR!$(version(num){re.subst,/^(([^.])*.([^.])*)..*/\1/})!g" #!substdef "!MY_HOSTNAME!$HN(f)!g" #!substdef "!MY_WEBSOCKET_DOMAIN!$HN(d)!g" #!substdef "!KAMAILIO_DBMS!$def(KZ_DB_MODULE)!g"
#!substdef "!MY_IP_ADDRESS!$HN(i)!g" #!substdef "!SANITY_SUBST_CACHE_PERIOD!$def(SANITY_CACHE_PERIOD)!g"
#!substdef "!KZQ_CHECK_MEDIA_SERVER_INSERT!insert into dispatcher (setid, destination) select $var(SetId), "$var(MediaUrl)" from DUAL where not exists(select * from dispatcher where destination = "$var(MediaUrl)")!g" #!substdef "!KZQ_COUNT_SUBSCRIBERS!select event, (select count(*) from active_watchers b where presentity_uri = "$var(presentity)" and b.event = a.event) count from event_list a!g" #!substdef "!KZQ_HANDLE_NEW_SUBSCRIBE_DELETE1!delete from active_watchers where callid = "$ci"!g" #!substdef "!KZQ_HANDLE_NEW_SUBSCRIBE_DELETE2!delete from active_watchers where watcher_username="$fU" and presentity_uri="$var(presentity_uri)" and to_user="$tU" and watcher_domain="$fd" and event="$hdr(Event)"!g" #!substdef "!KZQ_RESET_PUBLISHER_UPDATE!update active_watchers set expires = $TS where id in (select * from (select b.id from presentity a inner join active_watchers b on a.username = b.to_user and a.domain = b.to_domain and a.event = b.event where a.sender = "$var(MediaUrl)") AS presentity_temp)!g" #!substdef "!KZQ_PRESENCE_SEARCH_DETAIL!select * from active_watchers_log where presentity_uri = "$var(presentity_uri)"!g" #!substdef "!KZQ_PRESENCE_SEARCH_SUMMARY!select * from active_watchers where watcher_domain = "$var(Domain)"!g" #!substdef "!KZQ_PRESENCE_RESET!delete from presentity where sender = "$var(MediaUrl)"!g"
listen=tcp:127.0.0.1:5090
####### Routing Logic ######## route { $avp(device_id) = $hdr(X-Device-Id); $avp(account_db) = $hdr(X-Account-Db); $var(text) = $hdr(Contact); $var(expires) = $hdr(Expires); $var(header) = $hdr(X-KAZOO-Respond-With); $var(xxxx) = $hdr(To); $var(rr_base) = $hdr(Record-Route); $xavp(hf=>X-AUTH-IP) = $hdr(X-AUTH-IP); $xavp(hf=>X-AUTH-PORT) = $hdr(X-AUTH-PORT); $var(LocalRoute) = $hdr(X-TM-Local); $ru = $hdr(X-URN-Service); append_hf_value("Call-Info", "$(hdr(X-NenaCallId)[0])");
if ($hdr(X-KAZOO-INVITE-FORMAT) == "route") { $var(referred_by) = $hdr(Referred-By); }
if ($hdr(X-Redirect-Server) != $null) { $avp(destination_uri) = $hdr(X-KAZOO-AOR); }
} ```
Here used only 4 modules ``` loadmodule "ipops.so" loadmodule "pv.so" loadmodule "textops.so" loadmodule "textopsx.so" ``` Will retest with this config c146ef490e1d7d35add7d3ee593f6d3d20e327ad and if o, then bisect
I have tested c146ef490e1d7d35add7d3ee593f6d3d20e327ad with config above. Issue present. Before I tested c146ef490e1d7d35add7d3ee593f6d3d20e327ad with kazoo config. This commit with kazoo commit works.
If I comment `pv_buffer_slots` or delete any variable from the config file, then Kamailio started properly.
I also added into default Kamailio config as the first command in `request_route` ``` append_hf_value("Call-Info", "$(hdr(X-NenaCallId)[0])"); ``` With this config, Kamailio started.
It looks like related to use of substdefs with variables, I will look into it.
@sergey-safarov try with latest master and let's see if it's solved.
test commit 56d41f6238f39d0046c97527abcb23b8dd7924be. Issue not reproduced. Closing ticket
Closed #2788.
-
Daniel-Constantin Mierla -
sergey-safarov