Kamailio 5.8 core dumps with regex module

[dkovik]

Description

I tried to update to a new version of kamailio and it didn't start with the old configuration file, I found out that the regex module is responsible.
Log after start:
0(713737) INFO: regex [regex_mod.c:417]: load_pcres(): num groups = 1 0(713737) INFO: regex [regex_mod.c:419]: load_pcres(): <group[0]>((^[1-9]\d{5}$)|(^ukrb[12]$)) </group[0]> (size = 29) 0(713735) ERROR: <core> [core/daemonize.c:302]: daemonize(): Main process exited before writing to pipe

Troubleshooting

Reproduction

grep regex /usr/local/etc/kamailio/kamailio.cfg
loadmodule "regex.so"
modparam("regex", "file", "/usr/local/etc/kamailio/regex_groups")

cat /usr/local/etc/kamailio/regex_groups
[0]
#cislo linky
(^[1-9]\d{5}$)
(^ukrb[12]$)

Debugging Data

 gdb /usr/local/sbin/kamailio /core
GNU gdb (Debian 10.1-1.7) 10.1.90.20210103-git
Copyright (C) 2021 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.
      
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /usr/local/sbin/kamailio...
      
warning: Can't open file /dev/zero (deleted) during file-backed mapping note processing
[New LWP 713740]
      
warning: Section `.reg-xstate/713740' in core file too small.
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `/usr/local/sbin/kamailio -S -P /run/kamailio/kamailio.pid -f /usr/local/etc/kam'.
Program terminated with signal SIGSEGV, Segmentation fault.
      
warning: Section `.reg-xstate/713740' in core file too small.
#0  load_pcres (action=0) at regex_mod.c:466
466             *pcres = *pcres_tmp;
(gdb) bt full
#0  load_pcres (action=0) at regex_mod.c:466
        i = 1
        j = 32
        f = 0x55c5775ea6b0
        line = '\000' <repeats 499 times>
        patterns = 0x7f7e7ad3a230
        pcre_error_num = 100
        pcre_error = '\000' <repeats 16 times>, "\277Fou\305U\000\000\000\000\000\000m\000\000\000(Hou\305U\000\000\332Gou\305U\000\000\220\000\000\000\000\000\000\000\020\240\303z~\177\000\000 \274$u\305U\000\000\037\000\000\000\004\000\000\000\001\000\000\000%\000\000\000\n\344\n\000\000\000\000\000 \274$u\305U\000\000\000\000\000\000\000\000\000\000\n\344\n\000\000\000\000\000\360\212\355\255\374\177\000"
        pcre_erroffset = 0
        num_pcres_tmp = 1
        pcres_tmp = 0x7f7e7ad62c00
        llen = 19
        __func__ = "load_pcres"
#1  0x00007f7e79f62c92 in mod_init () at regex_mod.c:245
        __func__ = "mod_init"
#2  0x000055c5754a99f7 in init_mod (m=0x7f7e7adeb1f0) at core/sr_module.c:1036
        ret = -2097389668
        __func__ = "init_mod"
#3  0x000055c5754a9687 in init_mod (m=0x7f7e7adeb6c0) at core/sr_module.c:1031
        ret = 0
        __func__ = "init_mod"
#4  0x000055c5754a9687 in init_mod (m=0x7f7e7adebda0) at core/sr_module.c:1031
        ret = -2097386271
        __func__ = "init_mod"
#5  0x000055c5754a9687 in init_mod (m=0x7f7e7adec3b0) at core/sr_module.c:1031
        ret = 0
        __func__ = "init_mod"
#6  0x000055c5754a9687 in init_mod (m=0x7f7e7adec910) at core/sr_module.c:1031
        ret = -1376937648
        __func__ = "init_mod"
#7  0x000055c5754a9687 in init_mod (m=0x7f7e7adece70) at core/sr_module.c:1031
        ret = 0
        __func__ = "init_mod"
#8  0x000055c5754a9687 in init_mod (m=0x7f7e7aded520) at core/sr_module.c:1031
        ret = 0
        __func__ = "init_mod"
#9  0x000055c5754a9687 in init_mod (m=0x7f7e7adedc10) at core/sr_module.c:1031
        ret = 0
        __func__ = "init_mod"
#10 0x000055c5754a9687 in init_mod (m=0x7f7e7adee1f0) at core/sr_module.c:1031
        ret = -1376937902
        __func__ = "init_mod"
#11 0x000055c5754a9687 in init_mod (m=0x7f7e7adeeaf0) at core/sr_module.c:1031
        ret = 0
        __func__ = "init_mod"
#12 0x000055c5754a9687 in init_mod (m=0x7f7e7adef4d0) at core/sr_module.c:1031
        ret = 16
        __func__ = "init_mod"
#13 0x000055c5754a9687 in init_mod (m=0x7f7e7adef8e0) at core/sr_module.c:1031
        ret = 0
        __func__ = "init_mod"
#14 0x000055c5754a9687 in init_mod (m=0x7f7e7adefdd0) at core/sr_module.c:1031
        ret = 0
        __func__ = "init_mod"
#15 0x000055c5754a9687 in init_mod (m=0x7f7e7adf3320) at core/sr_module.c:1031
        ret = 2053729903
        __func__ = "init_mod"
#16 0x000055c5754a9687 in init_mod (m=0x7f7e7adf3770) at core/sr_module.c:1031
        ret = -1
        __func__ = "init_mod"
#17 0x000055c5754a9687 in init_mod (m=0x7f7e7adf3ba0) at core/sr_module.c:1031
        ret = 0
        __func__ = "init_mod"
#18 0x000055c5754a9687 in init_mod (m=0x7f7e7adf4140) at core/sr_module.c:1031
        ret = 0
        __func__ = "init_mod"
#19 0x000055c5754a9687 in init_mod (m=0x7f7e7adf4550) at core/sr_module.c:1031
        ret = 0
        __func__ = "init_mod"
#20 0x000055c5754a9687 in init_mod (m=0x7f7e7adf6140) at core/sr_module.c:1031
        ret = 713738
        __func__ = "init_mod"
#21 0x000055c5754a9dc4 in init_modules () at core/sr_module.c:1067
        t = 0xae40a
        i = -1
        __func__ = "init_modules"
#22 0x000055c57526927c in main (argc=12, argv=0x7ffcaded9fd8) at main.c:3202
        cfg_stream = 0x55c57746a2a0
        c = -1
        r = 0
        tmp = 0x7ffcadedae88 ""
        tmp_len = 832
        port = 5060
        proto = 0
        aproto = 0
        ahost = 0x0
        aport = 0
        options = 0x55c5756b8368 ":f:cm:M:dVIhEeb:B:l:L:n:vKrRDTN:W:w:t:u:g:P:G:SQ:O:a:A:x:X:Y:"
        ret = -1
        seed = 4165046025
        rfd = 4
        debug_save = 0
        debug_flag = 0
        dont_fork_cnt = 0
        n_lst = 0x98000000980
        p = 0x180000000 <error: Cannot access memory at address 0x180000000>
        st = {st_dev = 115, st_ino = 321140, st_nlink = 2, st_mode = 16888, st_uid = 0, st_gid = 0, __pad0 = 0, st_rdev = 0, st_size = 40, st_blksize = 4096, st_blocks = 0, st_atim = {tv_sec = 1712844094, tv_nsec = 899597355}, st_mtim = {tv_sec = 1712844094, tv_nsec = 899597355}, st_ctim = {tv_sec = 1712844094, tv_nsec = 899597355}, __glibc_reserved = {0, 0, 0}}
--Type <RET> for more, q to quit, c to continue without paging--
        l1 = 2048
        tbuf = "p\233\355\255\374\177\000\000\310%ǂ~\177\000\000\020D\373\202~\177\000\000\000\000\000\000\000\000\000\000\360\233\355\255\374\177\000\000\000\000\000\000\000\000\000\000\360\233\355\255\374\177", '\000' <repeats 18 times>, "`\307\373\202~\177\000\000\350\204\376\202~\177\000\000\204\311\373\202~\177\000\000\060\304\373\202~\177\000\000Hp\376\202~\177\000\000\000\300\373\202~\177\000\000\000\000\000\000\000\000\000\000\001\000\000\000\000\000\000\000@\342ł~\177", '\000' <repeats 66 times>...
        option_index = 12
        long_options = {{name = 0x55c5756ba886 "help", has_arg = 0, flag = 0x0, val = 104}, {name = 0x55c5756b554c "version", has_arg = 0, flag = 0x0, val = 118}, {name = 0x55c5756ba88b "alias", has_arg = 1, flag = 0x0, val = 1024}, {name = 0x55c5756ba891 "subst", has_arg = 1, flag = 0x0, val = 1025}, {name = 0x55c5756ba897 "substdef", has_arg = 1, flag = 0x0, val = 1026}, {name = 0x55c5756ba8a0 "substdefs",
            has_arg = 1, flag = 0x0, val = 1027}, {name = 0x55c5756ba8aa "server-id", has_arg = 1, flag = 0x0, val = 1028}, {name = 0x55c5756ba8b4 "loadmodule", has_arg = 1, flag = 0x0, val = 1029}, {name = 0x55c5756ba8bf "modparam", has_arg = 1, flag = 0x0, val = 1030}, {name = 0x55c5756ba8c8 "log-engine", has_arg = 1, flag = 0x0, val = 1031}, {name = 0x55c5756ba8d3 "debug", has_arg = 1, flag = 0x0, val = 1032}, {
            name = 0x55c5756ba8d9 "cfg-print", has_arg = 0, flag = 0x0, val = 1033}, {name = 0x55c5756ba8e3 "atexit", has_arg = 1, flag = 0x0, val = 1034}, {name = 0x55c5756ba8ea "all-errors", has_arg = 0, flag = 0x0, val = 1035}, {name = 0x0, has_arg = 0, flag = 0x0, val = 0}}
        __func__ = "main"

Log Messages

0(713842) WARNING: tls [tls_mod.c:747]: mod_register(): OpenSSL 1.1.1 setting cryptorand random engine
 0(713842) INFO: rtimer [rtimer_mod.c:298]: stm_t_param(): created rtimer name=iptables interval=60 mode=1
 0(713842) INFO: <core> [core/tcp_main.c:5205]: init_tcp(): using epoll_lt as the io watch method (auto detected)
loading modules under config path: /usr/local/lib64/kamailio/modules/
Listening on 
             udp: 81.31.45.42 [81.31.45.42]:5060
             udp: 81.31.45.42 [81.31.45.42]:6688
             udp: 81.31.45.42 [81.31.45.42]:443
             udp: 81.31.45.42 [81.31.45.42]:6699
             tcp: 81.31.45.42 [81.31.45.42]:5060
             tcp: 81.31.45.42 [81.31.45.42]:443
             tcp: 81.31.45.42 [81.31.45.42]:6688
             tcp: 81.31.45.42 [81.31.45.42]:6699
             tls: 81.31.45.42 [81.31.45.42]:5061
             tls: 81.31.45.42 [81.31.45.42]:6689
             tls: 81.31.45.42 [81.31.45.42]:6670
Aliases: 
             *: sip2.gope.cz:*
             *: sipo.smartel.cz:*
             *: sipi.smartel.cz:*
             *: siptest.odorik.cz:*
             *: *.odorik.cz:*

 0(713844) INFO: rr [../outbound/api.h:53]: ob_load_api(): unable to import bind_ob - maybe module is not loaded
 0(713844) INFO: rr [rr_mod.c:185]: mod_init(): outbound module not available
 0(713844) INFO: geoip2 [geoip2_mod.c:96]: mod_init(): using GeoIP database path /var/kamailio/GeoLite2-City-17.06.22.mmdb, library version 1.5.2
 0(713844) INFO: cfgutils [cfgutils.c:829]: mod_init(): no hash_file given, disable hash functionality
 0(713844) INFO: regex [regex_mod.c:417]: load_pcres(): num groups = 1
 0(713844) INFO: regex [regex_mod.c:419]: load_pcres(): <group[0]>(((^[1-9]\d{5}$))|((^ukrb[12]$)))</group[0]> (size = 33)
 0(713842) ERROR: <core> [core/daemonize.c:302]: daemonize(): Main process exited before writing to pipe

SIP Traffic

(paste your sip traffic here)

Possible Solutions

Additional Information

• Kamailio Version - output of kamailio -v

kamailio -v
version: kamailio 5.8.1 (x86_64/linux) 215af5-dirty
flags: USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS, DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MMAP, PKG_MALLOC, MEM_JOIN_FREE, Q_MALLOC, F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLOCKLIST, HAVE_RESOLV_RES, TLS_PTHREAD_MUTEX_SHARED
ADAPTIVE_WAIT_LOOPS 1024, MAX_RECV_BUFFER_SIZE 262144, MAX_SEND_BUFFER_SIZE 262144, MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT PKG_SIZE 8MB
poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
id: 215af5 -dirty
compiled on 15:32:24 Apr 11 2024 with gcc 10.2.1

• Operating System:

lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description:    Debian GNU/Linux 11 (bullseye)
Release:        11
Codename:       bullseye

uname -a
Linux serZT 6.1.0-18-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.76-1 (2024-02-01) x86_64 GNU/Linux

[miconda]

Looked a bot over it and the pcres global was not allocated, by an assign to *pcres was done.

On the other hand, I am not sure if it is enough, I guess the compiled regex has to be stored in shared memory and I cannot say it is done. Maybe @linuxmaniac can have more insights on it.

With pcre3 library, there was a function from the lib that returned a contiguous block for the compiled regex that was then copied to shm.

[linuxmaniac]

Yes, I have this issue in my TODO list. Hopefully I will get to it this week.