[sr-dev] [tracker] Task opened: Kamailio 4.0.x crash with pua_reginfo : reginfo_handle_notify

Wed, 11 Sep 2013 22:29:31 -0700 

THIS IS AN AUTOMATED MESSAGE, DO NOT REPLY.

A new Flyspray task has been opened.  Details are below. 

User who did this - Wonbin Cho (wbcho) 

Attached to Project - sip-router
Summary - Kamailio 4.0.x crash with pua_reginfo : reginfo_handle_notify
Task Type - Bug Report
Category - Module
Status - Unconfirmed
Assigned To - 
Operating System - Linux
Severity - Critical
Priority - Normal
Reported Version - 4.0
Due in Version - Undecided
Due Date - Undecided
Details - Kamailio would crash when called the reginfo_handle_notify function 
of the PUA_REGINFO module.
Following is the log with debug level 9.

daemon.info /usr/sbin/kamailio[14933]: INFO: <script>: New Message: NOTIFY: 
sip:[email protected] (<null> 10.49.80.40:5060) -> sip:[email protected] 
(<null> 10.49.80.48:5060)
daemon.debug /usr/sbin/kamailio[14933]: DEBUG: <core> [select.c:425]: Calling 
SELECT 0x7e0cc81d2400
daemon.debug /usr/sbin/kamailio[14932]: DEBUG: pua [hash.c:397]: core_hash= 397
daemon.debug /usr/sbin/kamailio[14933]: DEBUG: tm [t_lookup.c:1395]: DEBUG: 
t_newtran: msg id=1 , global msg id=0 , T on entrance=0xffffffffffffffff
daemon.debug /usr/sbin/kamailio[14932]: DEBUG: pua [hash.c:406]: pres_uri= 
sip:[email protected]   watcher_uri=sip:[email protected]   callid= 
[email protected]   from_tag= 
533cb9e91f4b999cf76861cbb9ed54ed-2088
daemon.debug /usr/sbin/kamailio[14932]: DEBUG: pua [hash.c:413]: FOUND 
temporary dialog
daemon.debug /usr/sbin/kamailio[14932]: DEBUG: tm [t_reply.c:1547]: DEBUG: 
cleanup_uac_timers: RETR/FR timers reset
daemon.debug /usr/sbin/kamailio[14932]: DEBUG: <core> [usr_avp.c:644]: 
DEBUG:destroy_avp_list: destroying list (nil)
daemon.debug /usr/sbin/kamailio[14932]: DEBUG: <core> [usr_avp.c:644]: 
DEBUG:destroy_avp_list: destroying list (nil)
daemon.debug /usr/sbin/kamailio[14932]: DEBUG: <core> [usr_avp.c:644]: 
DEBUG:destroy_avp_list: destroying list (nil)
daemon.debug /usr/sbin/kamailio[14932]: DEBUG: <core> [usr_avp.c:644]: 
DEBUG:destroy_avp_list: destroying list (nil)
daemon.debug /usr/sbin/kamailio[14932]: DEBUG: <core> [usr_avp.c:644]: 
DEBUG:destroy_avp_list: destroying list (nil)
daemon.debug /usr/sbin/kamailio[14933]: DEBUG: <core> 
[parser/msg_parser.c:106]: found end of header
daemon.debug /usr/sbin/kamailio[14932]: DEBUG: <core> [usr_avp.c:644]: 
DEBUG:destroy_avp_list: destroying list (nil)
daemon.debug /usr/sbin/kamailio[14932]: DEBUG: <core> [xavp.c:447]: destroying 
xavp list (nil)
daemon.debug /usr/sbin/kamailio[14933]: DEBUG: tm [t_lookup.c:534]: 
t_lookup_request: start searching: hash=33078, isACK=0
daemon.debug /usr/sbin/kamailio[14932]: DEBUG: <core> [receive.c:293]: 
receive_msg: cleaning up
daemon.debug /usr/sbin/kamailio[14933]: DEBUG: tm [t_lookup.c:492]: DEBUG: 
RFC3261 transaction matching failed
daemon.debug /usr/sbin/kamailio[14933]: DEBUG: tm [t_lookup.c:716]: DEBUG: 
t_lookup_request: no transaction found
daemon.debug /usr/sbin/kamailio[14933]: DEBUG: tm [t_hooks.c:374]: DBG: 
trans=0x7e0cc631d5b0, callback type 1, id 0 entered
daemon.debug /usr/sbin/kamailio[14933]: DEBUG: pua [hash.c:558]: 'To' header 
ALREADY PARSED: <sip:[email protected]>
daemon.debug /usr/sbin/kamailio[14933]: DEBUG: pua [hash.c:361]: core_hash= 397
daemon.err /usr/sbin/kamailio[14933]: ERROR: pua [hash.c:607]: no record for 
the dialog found in hash table
daemon.debug /usr/sbin/kamailio[14933]: DEBUG: pua_reginfo [notify.c:409]: Body 
is <?xml version="1.0"?> <reginfo xmlns="urn:ietf:params:xml:ns:reginfo" 
version="0" state="full">   <registration aor="sip:[email protected]" 
id="0x692a484bf5f0"
kern.info kernel: [1824899.083979] kamailio[14933]: segfault at 0 ip 
00007e0cc4edcd77 sp 00007ef57b8d3de0 error 4 in usrloc.so[7e0cc4ec6000+1c000]
kern.alert kernel: [1824899.084043] grsec: From 10.49.8.78: Segmentation fault 
occurred at            (nil) in /usr/sbin/kamailio[kamailio:14933] 
uid/euid:1000/1000 gid/egid:1000/1000, parent 
/usr/sbin/kamailio[kamailio:14902] uid/euid:1000/1000 g
daemon.crit /usr/sbin/kamailio[14962]: : <core> [pass_fd.c:293]: ERROR: 
receive_fd: EOF on 18
daemon.debug /usr/sbin/kamailio[14962]: DEBUG: <core> [tcp_main.c:3605]: DBG: 
handle_ser_child: dead child 8, pid 14933 (shutting down?)
daemon.debug /usr/sbin/kamailio[14962]: DEBUG: <core> [io_wait.h:617]: DBG: 
io_watch_del (0xb9762d347b0, 18, -1, 0x0) fd_no=21 called
daemon.alert /usr/sbin/kamailio[14902]: ALERT: <core> [main.c:788]: child 
process 14933 exited by a signal 11
daemon.alert /usr/sbin/kamailio[14902]: ALERT: <core> [main.c:791]: core was 
not generated
daemon.info /usr/sbin/kamailio[14902]: INFO: <core> [main.c:803]: INFO: 
terminating due to SIGCHLD
daemon.info /usr/sbin/kamailio[14959]: INFO: <core> [main.c:854]: INFO: signal 
15 received


A simple fix for this might be:
"kamailio-4.0.1/modules/pua_reginfo/notify.c" Line 374

next_registration:
                // if (ul_record) ul.release_urecord(ul_record);                
                /* Unlock the domain for this AOR: */
                if(aor.len > 0) {
                        ul.unlock_udomain(domain, &aor);
                }

                registrations = registrations->next;
        }



More information can be found at the following URL:
http://sip-router.org/tracker/index.php?do=details&task_id=338

You are receiving this message because you have requested it from the Flyspray 
bugtracking system.  If you did not expect this message or don't want to 
receive mails in future, you can change your notification settings at the URL 
shown above.

_______________________________________________
sr-dev mailing list
[email protected]
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev

Reply via email to