[sr-dev] [kamailio/kamailio] Kamailio crashed in ims_dialog (#2221)

harishyadav1465 notifications at github.com
Wed Feb 19 13:23:30 CET 2020 

**Description**

Recently we have upgraded to **kamailio 5.3** version and we are  performing load tests on it for scalability but Unfortunately it is **crashed** while performing in **ims_dialog** module. 
we are using **ims_dialog** module instead of **dialog** module for **diameter** protocol purpose.

**Troubleshooting**

We found out that **dlg_out** is **NULL** but we are accessing the **dlg_out->to_tag.len** this leads to the crash..But unfortunately we don't know how this gets **NULL**  as **dlg_out** is assigned to **d_entry_out->first** which is **NOT NULL**

**GDB messages:**

(gdb) 
#0  0x00007fbe5a646ea6 in next_state_dlg (dlg=0x7fbe57dcf268, event=3, old_state=0x7ffc8b03f0a0, new_state=0x7ffc8b03f0a4, 
    unref=0x7ffc8b03f09c, to_tag=0x7ffc8b03f080) at dlg_hash.c:1180
#1  0x00007fbe5a622170 in dlg_onreply (t=0x7fbe57f7a3f0, type=1048576, param=0x7ffc8b03f2f0) at dlg_handlers.c:1276
#2  0x00007fbe5e2b5517 in run_trans_callbacks_internal (cb_lst=0x7fbe57f7a468, type=1048576, trans=0x7fbe57f7a3f0, 
    params=0x7ffc8b03f2f0) at t_hooks.c:254
#3  0x00007fbe5e2b5733 in run_trans_callbacks_with_buf (type=1048576, rbuf=0x7fbe57f7a4c0, req=0x7fbe57f7bab0, 
    repl=0x7fbe5fa1d218, flags=0) at t_hooks.c:297
#4  0x00007fbe5e2fc05f in relay_reply (t=0x7fbe57f7a3f0, p_msg=0x7fbe5fa1d218, branch=1, msg_status=183, 
    cancel_data=0x7ffc8b03f760, do_put_on_wait=1) at t_reply.c:1986
#5  0x00007fbe5e300ec3 in reply_received (p_msg=0x7fbe5fa1d218) at t_reply.c:2540
#6  0x00000000004b6f43 in do_forward_reply (msg=0x7fbe5fa1d218, mode=0) at core/forward.c:745
#7  0x00000000004b8a8f in forward_reply (msg=0x7fbe5fa1d218) at core/forward.c:846
#8  0x00000000005527c7 in receive_msg (
    buf=0xb3b740 "SIP/2.0 183 Session Progress\r\nVia: SIP/2.0/UDP 182.72.244.91:5060;branch=z9hG4bK7fea.85af5c92096548bdd857481789b3e50f.1, SIP/2.0/UDP 182.72.244.91:5080;received=182.72.244.91;rport=5080;branch=z9hG4bK"..., len=613, rcv_info=0x7ffc8b040000)
    at core/receive.c:510
#9  0x0000000000675077 in udp_rcv_loop () at core/udp_server.c:548
#10 0x0000000000425f4b in main_loop () at main.c:1673
#11 0x000000000042e52a in main (argc=13, argv=0x7ffc8b040808) at main.c:2802

*******************************************************************************

(gdb) f 0
#0  0x00007fbe5a646ea6 in next_state_dlg (dlg=0x7fbe57dcf268, event=3, old_state=0x7ffc8b03f0a0, new_state=0x7ffc8b03f0a4, 
    unref=0x7ffc8b03f09c, to_tag=0x7ffc8b03f080) at dlg_hash.c:1180
1180	                        if (dlg_out->to_tag.len == to_tag->len && memcmp(dlg_out->to_tag.s, to_tag->s, dlg_out->to_tag.len) == 0) {
(gdb) info locals
d_entry = 0x7fbe57d5ab70
d_entry_out = 0x7fbe57dcf378
dlg_out = 0x0
found = -1
delete = 1
__FUNCTION__ = "next_state_dlg"
(gdb) p d_entry_out->first
$10 = (struct dlg_cell_out *) 0x7fbe57fcf6b8



**Additional Information**

**version**: kamailio 5.3.2 (x86_64/linux)

Thanks in Advance...I am beginning to work with kamailio ....can you guys please give me some hints how to move forward with this..

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/2221
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-dev/attachments/20200219/82a0d9c3/attachment-0001.html>

More information about the sr-dev mailing list