[sr-dev] [kamailio/kamailio] kamailio crashes on CANCEL due to empty reply_lumps (#872)

Victor Seva notifications at github.com
Thu Feb 2 14:37:51 CET 2017


now we are getting crashes when CANCEL from caller is received at the same time as 487 from callee by another process.

This core is from the process of the 487
```
Core was generated by `/usr/sbin/kamailio -f /etc/kamailio/proxy/kamailio.cfg -P /var/run/kamailio/kam'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  atomic_get (v=<optimized out>) at ../../mem/../atomic/atomic_common.h:74
74      ../../mem/../atomic/atomic_common.h: No such file or directory.
(gdb) bt
#0  atomic_get (v=<optimized out>) at ../../mem/../atomic/atomic_common.h:74
#1  dlg_unref_helper (dlg=0x7f59490bcdf8, cnt=1, fname=0x5335 <error: Cannot access memory at address 0x5335>, fline=1637) at dlg_hash.c:925
#2  0x00007f59f8a0ce12 in dlg_run_event_route (dlg=0x7f59490bcdf8, msg=0x7f5a040d3138, ostate=983121128, nstate=4) at dlg_handlers.c:1637
#3  0x00007f59f8a0d157 in dlg_onreply (t=0x7f5948ee57a8, type=6, param=0x7ffea05ae620) at dlg_handlers.c:458
#4  0x00007f5a00ea2c16 in run_trans_callbacks_internal (cb_lst=0x7f5948e46938, type=1048576, trans=0x7f5948ee57a8, params=0x7ffea05ae620) at t_hooks.c:268
#5  0x00007f5a00ea2fa5 in run_trans_callbacks_with_buf (type=<optimized out>, rbuf=<optimized out>, req=<optimized out>, repl=<optimized out>, flags=<optimized out>)
    at t_hooks.c:314
#6  0x00007f5a00e5ef53 in relay_reply (t=0x7f5948ee57a8, p_msg=0x6, branch=983121128, msg_status=700, cancel_data=0x1, do_put_on_wait=100) at t_reply.c:1915
#7  0x00007f5a00e61d43 in reply_received (p_msg=0x7f5a040d3138) at t_reply.c:2466
#8  0x00000000004f7306 in do_forward_reply (msg=0x7f5a040d3138, mode=0) at forward.c:747
#9  0x0000000000556f03 in receive_msg (buf=0x0, len=67973432, rcv_info=0x7f5a03da93f8) at receive.c:299
#10 0x0000000000479f10 in udp_rcv_loop () at udp_server.c:495
#11 0x00000000004ffe39 in main_loop () at main.c:1614
#12 0x000000000041cd6c in main (argc=0, argv=0x0) at main.c:2631
(gdb) f 1
#1  dlg_unref_helper (dlg=0x7f59490bcdf8, cnt=1, fname=0x5335 <error: Cannot access memory at address 0x5335>, fline=1637) at dlg_hash.c:925
925     dlg_hash.c: No such file or directory.
(gdb) p d_entry
$1 = (dlg_entry_t *) 0x7f644ccda358
(gdb) p *d_entry
Cannot access memory at address 0x7f644ccda358
```
This is kamailio 4.4.4
@apogrebennyk 

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/872#issuecomment-276958892
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-dev/attachments/20170202/15633f8d/attachment-0001.html>


More information about the sr-dev mailing list