[sr-dev] [kamailio/kamailio] dialog: crash when trying to print error info (#807)

Victor Seva notifications at github.com
Fri Sep 30 16:28:04 CEST 2016 

```
Reading symbols from kamailio...Reading symbols from /usr/lib/debug/.build-id/10/824757bd1066806f2e19310929e17a9009a991.debug...done.
done.
[New LWP 5578]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `/usr/sbin/kamailio -f /etc/kamailio/proxy/kamailio.cfg -P /var/run/kamailio/kam'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00007f4871c9adcc in vfprintf () from /lib/x86_64-linux-gnu/libc.so.6
(gdb) bt
#0  0x00007f4871c9adcc in vfprintf () from /lib/x86_64-linux-gnu/libc.so.6
#1  0x00007f4871d34466 in __vsyslog_chk () from /lib/x86_64-linux-gnu/libc.so.6
#2  0x00007f4871d345bf in syslog () from /lib/x86_64-linux-gnu/libc.so.6
#3  0x00007f485b71d796 in dlg_onroute (req=0x7f4866d8e5f0, route_params=0x7fffff82, param=0x7ffceb21fd60) at dlg_handlers.c:1336
#4  0x00007f48632aa2cd in run_rr_callbacks (req=0x7f4866d8e5f0, rr_param=0x7f48634bd8d0 <routed_params>) at rr_cb.c:96
#5  0x00007f486329e051 in after_loose (_m=0x7f4866d8e5f0, preloaded=2) at loose.c:914
#6  0x0000000000446700 in do_action (h=0x7ffceb220830, a=0x7f4865d1f1a0, msg=0x7f4866d8e5f0) at action.c:1060
#7  0x00000000004451c5 in run_actions (h=0x6, h at entry=0x7ffceb220830, a=0x7fffff82, msg=0x7ffceb21fd60) at action.c:1549
#8  0x0000000000451b97 in run_actions_safe (h=0x7ffceb221b00, a=<optimized out>, msg=<optimized out>) at action.c:1614
#9  0x0000000000426d20 in rval_get_int (h=0x7ffceb221b00, msg=0x6, i=0x7ffceb220b60, rv=0xffffffffffffffff, cache=0x6) at rvalue.c:912
#10 0x000000000042caac in rval_expr_eval_int (h=0x7ffceb221b00, msg=0x7f4866d8e5f0, res=0x7ffceb220b60, rve=0x7f4865d1f2d0) at rvalue.c:1910
#11 0x0000000000446bd7 in do_action (h=0x7ffceb221b00, a=0x7f4865d6c508, msg=0x7f4866d8e5f0) at action.c:1030
#12 0x00000000004451c5 in run_actions (h=0x6, a=0x7fffff82, msg=0x7ffceb21fd60) at action.c:1549
#13 0x0000000000446df0 in do_action (h=0x7ffceb221b00, a=0x7f4866624370, msg=0x7f4866d8e5f0) at action.c:678
#14 0x00000000004451c5 in run_actions (h=0x6, a=0x7fffff82, msg=0x7ffceb21fd60) at action.c:1549
#15 0x0000000000446c28 in do_action (h=0x7ffceb221b00, a=0x7f4866cbbe10, msg=0x7f4866d8e5f0) at action.c:1049
#16 0x00000000004451c5 in run_actions (h=0x6, h at entry=0x7ffceb221b00, a=0x7fffff82, a at entry=0x7f4866c6a758, msg=0x7ffceb21fd60, msg at entry=0x7f4866d8e5f0) at action.c:1549
#17 0x0000000000451c35 in run_top_route (a=0x7f4866c6a758, msg=0x7f4866d8e5f0, c=<optimized out>) at action.c:1635
#18 0x000000000055b4ae in receive_msg (buf=0x0, len=1725490672, rcv_info=0x7ffceb221de0) at receive.c:240
#19 0x000000000047abe0 in udp_rcv_loop () at udp_server.c:495
#20 0x000000000050360e in main_loop () at main.c:1600
#21 0x000000000041cdbc in main (argc=0, argv=0x0) at main.c:2616
(gdb) f 3
#3  0x00007f485b71d796 in dlg_onroute (req=0x7f4866d8e5f0, route_params=0x7fffff82, param=0x7ffceb21fd60) at dlg_handlers.c:1336
1336	dlg_handlers.c: No such file or directory.
```

relevant code: https://github.com/kamailio/kamailio/blob/4.4/modules/dialog/dlg_handlers.c#L1336-L1349
```
/* run actions for the transition */
	if (event==DLG_EVENT_REQBYE && new_state==DLG_STATE_DELETED &&
	old_state!=DLG_STATE_DELETED) {
		LM_DBG("BYE successfully processed\n");
		/* remove from timer */
		ret = remove_dialog_timer(&dlg->tl);
		if (ret < 0) {
			LM_CRIT("unable to unlink the timer on dlg %p [%u:%u] "
				"with clid '%.*s' and tags '%.*s' '%.*s'\n",
				dlg, dlg->h_entry, dlg->h_id,
				dlg->callid.len, dlg->callid.s,
				dlg->tag[DLG_CALLER_LEG].len, dlg->tag[DLG_CALLER_LEG].s,
				dlg->tag[DLG_CALLEE_LEG].len, dlg->tag[DLG_CALLEE_LEG].s);
		} else if (ret > 0) {
```

```
(gdb) p dlg
$1 = (dlg_cell_t *) 0x7f47c4c7d560
(gdb) p *dlg
$2 = {ref = -419086585, next = 0x7f47c4c7d598, prev = 0xa, h_id = 2, h_entry = 0, state = 3301430691, lifetime = 32583, init_ts = 3, start_ts = 0, end_ts = 1475139409, 
  dflags = 32583, iflags = 1601467251, sflags = 1650552421, toroute = 2030069100, toroute_name = {s = 0x58 <error: Cannot access memory at address 0x58>, len = 0}, from_rr_nb = 0, 
  tl = {next = 0x0, prev = 0x6eaf61, timeout = 7257938}, callid = {s = 0x6acfa0 "core", len = 94}, from_uri = {s = 0x7f47f0f0f0f0 "", len = -1005795570}, to_uri = {
    s = 0x7f47c4c7d628 "sst_refresh_method", len = 18}, req_uri = {s = 0x2 <error: Cannot access memory at address 0x2>, len = -993536453}, tag = {{
      s = 0x6 <error: Cannot access memory at address 0x6>, len = -993536672}, {s = 0x726665725f747373 <error: Cannot access memory at address 0x726665725f747373>, 
      len = 1600680805}}, cseq = {{s = 0x5449564e4900646f <error: Cannot access memory at address 0x5449564e4900646f>, len = 69}, {
      s = 0xc0 <error: Cannot access memory at address 0xc0>, len = 0}}, route_set = {{s = 0x0, len = 0}, {s = 0x6eaf61 "core: xavp.c", len = 7257938}}, contact = {{
      s = 0x6acfa0 "core", len = 94}, {s = 0x7f47f0f0f0f0 "", len = 2060094989}}, bind_addr = {0x7f47c4c7d6c8, 0x12}, cbs = {first = 0x2, types = -993536293}, profile_links = 0x3, 
  vars = 0x7f47c4c7d5f0}
(gdb) p dlg->callid
$3 = {s = 0x6acfa0 "core", len = 94}
(gdb) p dlg->tag[0]
$4 = {s = 0x6 <error: Cannot access memory at address 0x6>, len = -993536672}
(gdb) p dlg->tag[1]
$5 = {s = 0x726665725f747373 <error: Cannot access memory at address 0x726665725f747373>, len = 1600680805}
```

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/807
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-dev/attachments/20160930/11f97790/attachment-0001.html>

More information about the sr-dev mailing list