### Description
Crash occurred during load test.
#### Reproduction
This cannot be reproduced at will.
It happened after about 40 days of load testing.
#### Debugging Data
```
[root@lab002201-flip-server ~]$ gdb /usr/local/src/git/kamailio-5.5/src/kamailio /core
GNU gdb (Debian 10.1-1.7) 10.1.90.20210103-git
Copyright (C) 2021 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /usr/local/src/git/kamailio-5.5/src/kamailio...
warning: Can't open file /dev/zero (deleted) during file-backed mapping note
processing
[New LWP 730446]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `/usr/local/src/git/kamailio-5.5/src/kamailio -m 1024 -f
/usr/local/etc/kamailio'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x00007fb609cba495 in run_dlg_callbacks (type=4, dlg=0x7fb5ca1798d0,
req=0x7fb5ce0a7380, rpl=0xffffffffffffffff, dir=2, dlg_data=0x0) at dlg_cb.c:273
273 cb->callback( dlg, type, ¶ms );
(gdb) bt full
#0 0x00007fb609cba495 in run_dlg_callbacks (type=4, dlg=0x7fb5ca1798d0,
req=0x7fb5ce0a7380, rpl=0xffffffffffffffff, dir=2, dlg_data=0x0) at dlg_cb.c:273
cb = 0x7fb609ce7a23 <dlg_iuid_sfree>
__func__ = "run_dlg_callbacks"
#1 0x00007fb609ceb3ee in dlg_onreply (t=0x7fb5cfa8a1f0, type=1048576,
param=0x7fff4bdc6060) at dlg_handlers.c:576
dlg = 0x7fb5ca1798d0
iuid = 0x7fb5cca0bbf0
new_state = 5
old_state = 2
unref = 1
event = 4
tag = {s = 0x80d000001ff <error: Cannot access memory at address
0x80d000001ff>, len = 174085573}
req = 0x7fb5ce0a7380
rpl = 0xffffffffffffffff
__func__ = "dlg_onreply"
#2 0x00007fb60a53c399 in run_trans_callbacks_internal (cb_lst=0x7fb5cfa8a268,
type=1048576, trans=0x7fb5cfa8a1f0, params=0x7fff4bdc6060) at t_hooks.c:258
cbp = 0x7fb5cb5b2520
backup_from = 0x5591e2acbe90 <def_list+16>
backup_to = 0x5591e2acbe98 <def_list+24>
backup_dom_from = 0x5591e2acbea0 <def_list+32>
backup_dom_to = 0x5591e2acbea8 <def_list+40>
backup_uri_from = 0x5591e2acbe80 <def_list>
backup_uri_to = 0x5591e2acbe88 <def_list+8>
backup_xavps = 0x5591e2acbfd8 <_xavp_list_head>
backup_xavus = 0x5591e2acbfe0 <_xavu_list_head>
backup_xavis = 0x5591e2acbfe8 <_xavi_list_head>
__func__ = "run_trans_callbacks_internal"
#3 0x00007fb60a53c5b2 in run_trans_callbacks_with_buf (type=1048576, rbuf=0x7fb5cfa8a2c0,
req=0x7fb5ce0a7380, repl=0xffffffffffffffff, flags=0) at t_hooks.c:303
params = {req = 0x7fb5ce0a7380, rpl = 0xffffffffffffffff, param = 0x7fb5cb5b2530,
code = 408, flags = 0, branch = 0, t_rbuf = 0x7fb5cfa8a2c0, dst = 0x7fb5cfa8a310, send_buf
= {
s = 0x7fb5caa9cda0 "SIP/2.0 408 Request Timeout\r\nVia: SIP/2.0/UDP
192.168.2.202:5020;rport=5020;branch=z9hG4bK-2375372-4769-10;received=192.168.2.202\r\nFrom:
\"0312341234\"
<sip:0312341234@fakedomain.com>;tag=2375372SIPpTag"..., len = 407}}
trans = 0x7fb5cfa8a1f0
#4 0x00007fb60a5b322d in relay_reply (t=0x7fb5cfa8a1f0, p_msg=0xffffffffffffffff,
branch=0, msg_status=408, cancel_data=0x7fff4bdc6280, do_put_on_wait=0) at
t_reply.c:2094
relay = 0
save_clone = 0
buf = 0x7fb60a8f6b68 "SIP/2.0 408 Request Timeout\r\nVia: SIP/2.0/UDP
192.168.2.202:5020;rport=5020;branch=z9hG4bK-2375372-4769-10;received=192.168.2.202\r\nFrom:
\"0312341234\"
<sip:0312341234@fakedomain.com>;tag=2375372SIPpTag"...
res_len = 407
relayed_code = 408
relayed_msg = 0xffffffffffffffff
reply_bak = 0x7fff4bdc6220
bm = {to_tag_val = {
s = 0x7fb60a8f6c5f "0a86cd31e4e6805cdd7f1dffc4ec5169-53cd2e21\r\nCall-ID:
4769-2375372(a)192.168.2.202\r\nCSeq: 801 INVITE\r\nServer: kamailio (5.5.4
(x86_64/linux))\r\nContent-Length: 0\r\n\r\n", len = 41}}
totag_retr = 0
reply_status = RPS_COMPLETED
uas_rb = 0x7fb5cfa8a2c0
to_tag = 0x7fb60a61cb30 <tm_tag>
reason = {s = 0x5591e2933463 "Request Timeout", len = 15}
onsend_params = {req = 0x40, rpl = 0x0, param = 0x1c9f56660, code = -923035960,
flags = 32693, branch = 0, t_rbuf = 0x7fff4bdc61b0, dst = 0x5591e27f9149
<futex_release+29>, send_buf = {
s = 0x2260 <error: Cannot access memory at address 0x2260>, len =
-923035960}}
ip = {af = 3407219152, len = 32693, u = {addrl = {140418773026976, 1}, addr32 =
{3407218848, 32693, 1, 0}, addr16 = {2208, 51990, 32693, 0, 1, 0, 0, 0},
addr = "\240\b\026˵\177\000\000\001\000\000\000\000\000\000"}}
__func__ = "relay_reply"
#5 0x00007fb60a540ec0 in fake_reply (t=0x7fb5cfa8a1f0, branch=0, code=408) at
timer.c:295
--Type <RET> for more, q to quit, c to continue without paging--c
cancel_data = {cancel_bitmap = 0, reason = {cause = 0, u = {text = {s = 0x0, len =
-811032080}, e2e_cancel = 0x0, packed_hdrs = {s = 0x0, len = -811032080}}}}
do_cancel_branch = 1
reply_status = 730446
#6 0x00007fb60a54132e in final_response_handler (r_buf=0x7fb5cfa8a490, t=0x7fb5cfa8a1f0)
at timer.c:462
silent = 0
branch_ret = 0
prev_branch = 0
now = 0
#7 0x00007fb60a5413f2 in retr_buf_handler (ticks=280654947, tl=0x7fb5cfa8a4b0, p=0x7d0)
at timer.c:518
rbuf = 0x7fb5cfa8a490
fr_remainder = 0
retr_remainder = 32693
retr_interval = 3371932768
new_retr_interval_ms = 4294967296
crt_retr_interval_ms = 0
t = 0x7fb5cfa8a1f0
__func__ = "retr_buf_handler"
#8 0x00005591e27bda9f in timer_list_expire (t=280654947, h=0x7fb5c8ffdd40,
slow_l=0x7fb5c8fff2a8, slow_mark=48435) at core/timer.c:857
tl = 0x7fb5cfa8a4b0
ret = 0
#9 0x00005591e27bdfa9 in timer_handler () at core/timer.c:922
saved_ticks = 280654947
run_slow_timer = 0
i = 307
__func__ = "timer_handler"
#10 0x00005591e27be4ac in timer_main () at core/timer.c:961
No locals.
#11 0x00005591e25066cf in main_loop () at main.c:1839
i = 12
pid = 0
si = 0x0
si_desc = "udp receiver child=11
sock=192.168.2.201:9060\000\270\000\340e\334K\377\177\000\000\000\000\000\000\000\000\000\000\360e\334K\377\177\000\000)+\373\b\266\177\000\000\b\024l\n\266\177\000\000]q\373\b\266\177",
'\000' <repeats 14 times>,
"\001\000\000\000\360e\334K\377\177\000\000⌀\342\221U\000"
nrprocs = 12
woneinit = 1
__func__ = "main_loop"
#12 0x00005591e25112ab in main (argc=8, argv=0x7fff4bdc6bd8) at main.c:3053
cfg_stream = 0x5591e46482d0
c = -1
r = 0
tmp = 0x7fff4bdc8d08 ""
tmp_len = 0
port = 0
proto = 0
ahost = 0x0
aport = 0
options = 0x5591e291d0b8
":f:cm:M:dVIhEeb:l:L:n:vKrRDTN:W:w:t:u:g:P:G:SQ:O:a:A:x:X:Y:"
ret = -1
seed = 529371157
rfd = 4
debug_save = 0
debug_flag = 0
dont_fork_cnt = 0
n_lst = 0x0
p = 0xc2 <error: Cannot access memory at address 0xc2>
st = {st_dev = 22, st_ino = 2420, st_nlink = 2, st_mode = 16877, st_uid = 0,
st_gid = 0, __pad0 = 0, st_rdev = 0, st_size = 60, st_blksize = 4096, st_blocks = 0,
st_atim = {tv_sec = 1646813990, tv_nsec = 961425837}, st_mtim = {tv_sec = 1647220116,
tv_nsec = 385726158}, st_ctim = {tv_sec = 1647220120, tv_nsec = 853813654},
__glibc_reserved = {0, 0, 0}}
tbuf =
"\020\357\027\v\266\177\000\000\300\372\344\n\001\000\000\000\377\377\377\377",
'\000' <repeats 12 times>,
"(\326\030\v\266\177\000\000\350\211\033\v\266\177\000\000\377\377\377\377",
'\000' <repeats 12 times>,
"@\265\343\n\266\177\000\000\020\364\027\v\266\177\000\000\350\224\033\v\266\177\000\000\204\331\030\v\266\177\000\000\060\324\030\v\266\177\000\000XR\001\v\266\177\000\000h\211\033\v\266\177\000\000`\200\033\v\266\177\000\000
l\334K\377\177\000\000\200\221\033\v\266\177\000\000\000\000\000\000\000\000\000\000#\306\031\v\266\177\000\000\001",
'\000' <repeats 23 times>,
"(\326\030\v\266\177\000\000\060j\334K\377\177\000\000"...
option_index = 12
long_options = {{name = 0x5591e291f516 "help", has_arg = 0, flag = 0x0,
val = 104}, {name = 0x5591e291a514 "version", has_arg = 0, flag = 0x0, val =
118}, {name = 0x5591e291f51b "alias", has_arg = 1, flag = 0x0, val = 1024},
{name = 0x5591e291f521 "subst", has_arg = 1, flag = 0x0, val = 1025}, {name =
0x5591e291f527 "substdef", has_arg = 1, flag = 0x0, val = 1026}, {name =
0x5591e291f530 "substdefs", has_arg = 1, flag = 0x0, val = 1027}, {name =
0x5591e291f53a "server-id", has_arg = 1, flag = 0x0, val = 1028}, {name =
0x5591e291f544 "loadmodule", has_arg = 1, flag = 0x0, val = 1029}, {name =
0x5591e291f54f "modparam", has_arg = 1, flag = 0x0, val = 1030}, {name =
0x5591e291f558 "log-engine", has_arg = 1, flag = 0x0, val = 1031}, {name =
0x5591e291f563 "debug", has_arg = 1, flag = 0x0, val = 1032}, {name =
0x5591e291f569 "cfg-print", has_arg = 0, flag = 0x0, val = 1033}, {name =
0x5591e291f573 "atexit", has_arg = 1, flag = 0x0, val = 1034}, {name = 0x0,
has_arg = 0, flag = 0x0, val = 0}}
__func__ = "main"
(gdb) info locals
cb = 0x7fb609ce7a23 <dlg_iuid_sfree>
__func__ = "run_dlg_callbacks"
(gdb) list
268
269 for ( cb=dlg->cbs.first; cb; cb=cb->next) {
270 if ( (cb->types)&type ) {
271 LM_DBG("dialog=%p, type=%d\n", dlg, type);
272 params.param = &cb->param;
273 cb->callback( dlg, type, ¶ms );
274 }
275 }
276 return;
277 }
(gdb)
```
### Additional Information
* **Kamailio Version** - output of `kamailio -v`
```
version: kamailio 5.5.4 (x86_64/linux) 54c9df
flags: USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS, DISABLE_NAGLE, USE_MCAST,
DNS_IP_HACK, SHM_MMAP, PKG_MALLOC, Q_MALLOC, F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY,
USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR,
USE_DST_BLOCKLIST, HAVE_RESOLV_RES, TLS_PTHREAD_MUTEX_SHARED
ADAPTIVE_WAIT_LOOPS 1024, MAX_RECV_BUFFER_SIZE 262144, MAX_URI_SIZE 1024, BUF_SIZE 65535,
DEFAULT PKG_SIZE 8MB
poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
id: 54c9df
compiled on 10:32:51 Mar 9 2022 with gcc 10.2.1
```
* **Operating System**:
```
[root@lab002201-flip-server ~]$ lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description: Debian GNU/Linux 11 (bullseye)
Release: 11
Codename: bullseye
[root@lab002201-flip-server ~]$ uname -a
Linux lab002201-flip-server 5.10.0-11-amd64 #1 SMP Debian 5.10.92-2 (2022-02-28) x86_64
GNU/Linux
```
--
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/3106
You are receiving this because you are subscribed to this thread.
Message ID: <kamailio/kamailio/issues/3106(a)github.com>