[sr-dev] [kamailio/kamailio] Unexpected kamailio 5.4 segfault related to dialog variables (#2828)

iliesh notifications at github.com
Wed Jun 22 12:13:23 CEST 2022 

Still happening to me, sometimes twice per day, and I cannot understand why, @miconda, @henningw - when you'll have some time could you please look into that, more details are below, I hope that this will help:
```
Core was generated by `/usr/local/sbin/kamailio -P /var/run/kamailio/kamailio.pid -f /usr/local/etc/ka'.
Program terminated with signal 11, Segmentation fault.
#0  0x00007fd96e8684e5 in print_lists (dlg=0x7fd97c996850) at dlg_var.c:277
277                             varlist = varlist->next;


(gdb) bt
#0  0x00007fd96e8684e5 in print_lists (dlg=0x7fd97c996850) at dlg_var.c:277
#1  0x00007fd96e86a637 in pv_set_dlg_variable (msg=0x7fd9b56ad978, param=0x7fd9b5268db8, op=254, val=0x7ffc5b9dd850) at dlg_var.c:443
#2  0x00000000004b44db in lval_pvar_assign (h=0x7ffc5b9df4d0, msg=0x7fd9b56ad978, lv=0x7fd9b5268e80, rv=0x7fd9b52691b0) at core/lvalue.c:352
#3  0x00000000004b4fd9 in lval_assign (h=0x7ffc5b9df4d0, msg=0x7fd9b56ad978, lv=0x7fd9b5268e80, rve=0x7fd9b52691a8) at core/lvalue.c:400
#4  0x0000000000480500 in do_action (h=0x7ffc5b9df4d0, a=0x7fd9b52698d8, msg=0x7fd9b56ad978) at core/action.c:1458
#5  0x000000000048223c in run_actions (h=0x7ffc5b9df4d0, a=0x7fd9b5268b50, msg=0x7fd9b56ad978) at core/action.c:1584
#6  0x0000000000474df8 in do_action (h=0x7ffc5b9df4d0, a=0x7fd9b526d058, msg=0x7fd9b56ad978) at core/action.c:1070
#7  0x000000000048223c in run_actions (h=0x7ffc5b9df4d0, a=0x7fd9b5267340, msg=0x7fd9b56ad978) at core/action.c:1584
#8  0x00000000004715d9 in do_action (h=0x7ffc5b9df4d0, a=0x7fd9b5468870, msg=0x7fd9b56ad978) at core/action.c:703
#9  0x000000000048223c in run_actions (h=0x7ffc5b9df4d0, a=0x7fd9b5467f98, msg=0x7fd9b56ad978) at core/action.c:1584
#10 0x0000000000482980 in run_top_route (a=0x7fd9b5467f98, msg=0x7fd9b56ad978, c=0x7ffc5b9df4d0) at core/action.c:1669
#11 0x00007fd97068d1e5 in reply_received (p_msg=0x7fd9b56ad978) at t_reply.c:2543
#12 0x0000000000573f3d in do_forward_reply (msg=0x7fd9b56ad978, mode=0) at core/forward.c:764
#13 0x0000000000575c23 in forward_reply (msg=0x7fd9b56ad978) at core/forward.c:865
#14 0x00000000005e6f0b in receive_msg (buf=0xad3c40 <buf.7141> "SIP/2.0 487 Request Terminated\r\nTo: <sip:ID-10 at 192.168.1.10:5060>;tag=cedbb55fde9a2d72i0\r\nFrom: \"022201201\" <sip:022201201 at sbc1.local>;tag=as080fece1\r\nCall-ID: 3c70f1ad5617828309e112"..., len=622,
    rcv_info=0x7ffc5b9dffc0) at core/receive.c:509
#15 0x00000000004dc6b5 in udp_rcv_loop () at core/udp_server.c:543
#16 0x0000000000429f6b in main_loop () at main.c:1711
#17 0x000000000043424e in main (argc=13, argv=0x7ffc5b9e0858) at main.c:2942


(gdb) frame 0
#0  0x00007fd96e8684e5 in print_lists (dlg=0x7fd97c996850) at dlg_var.c:277
277                             varlist = varlist->next;
(gdb) list
272                     while (varlist) {
273                             LM_DBG("%.*s=%.*s (flags %i)\n",
274                                     varlist->key.len, varlist->key.s,
275                                     varlist->value.len, varlist->value.s,
276                                     varlist->vflags);
277                             varlist = varlist->next;
278                     }
279             }
280     }
281
(gdb) info locals
varlist = 0x7574617473706973
__FUNCTION__ = "print_lists"
(gdb) p varlist
$1 = (struct dlg_var *) 0x7574617473706973
(gdb) p *varlist
Cannot access memory at address 0x7574617473706973

(gdb) frame 1
#1  0x00007fd96e86a637 in pv_set_dlg_variable (msg=0x7fd9b56ad978, param=0x7fd9b5268db8, op=254, val=0x7ffc5b9dd850) at dlg_var.c:443
443             print_lists(dlg);
(gdb) list
438                             /* dlg_lock() / dlg_unlock() are reentrant */
439                             update_dialog_dbinfo(dlg);
440                     }
441                     dlg_unlock(d_table, &(d_table->entries[dlg->h_entry]));
442             }
443             print_lists(dlg);
444
445             dlg_release(dlg);
446             return 0;
447     error:
(gdb) info locals
dlg = 0x7fd97c996850
ret = 0
__FUNCTION__ = "pv_set_dlg_variable"
(gdb) p dlg
$2 = (dlg_cell_t *) 0x7fd97c996850
(gdb) p *dlg
$3 = {ref = 2, next = 0x0, prev = 0x0, h_id = 7212, h_entry = 1387, state = 2, lifetime = 10800, init_ts = 1655889534, start_ts = 0, end_ts = 0, dflags = 512, iflags = 0, sflags = 0, toroute = 0, toroute_name = {s = 0x0, len = 0}, from_rr_nb = 0, tl = {next = 0x0, prev = 0x0, timeout = 0},
  callid = {s = 0x7fd97c9969c0 "3c70f1ad5617828309e112be5c3db23e at sbc1.local", len = 55}, from_uri = {s = 0x7fd97c9969f8 "sip:022201201 at sbc1.local", len = 37}, to_uri = {s = 0x7fd97c996a1e "sip:ID-10 at 192.168.1.10:5060", len = 31}, req_uri = {
    s = 0x7fd97c996a3e "sip:ID-10 at 1.2.3.4:48452", len = 34}, tag = {{s = 0x7fd9787d7f28 "as080fece1.64", len = 10}, {s = 0x0, len = 0}}, cseq = {{s = 0x7fd97fa7aa10 "102", len = 3}, {s = 0x0, len = 0}}, route_set = {{s = 0x7fd979276e50 "log", len = 0}, {s = 0x0, len = 0}},
  contact = {{s = 0x7fd979731df8 "sip:022201201 at 192.168.1.137:50601\300\300\300\300", len = 31}, {s = 0x0, len = 0}}, bind_addr = {0x7fd9b51d6810, 0x0}, cbs = {first = 0x0, types = 0}, profile_links = 0x0, vars = 0x7fd97fea2830, ka_src_counter = 0, ka_dst_counter = 0}
(gdb)

(gdb) p full_version
$4 = "kamailio 5.4.8 (x86_64/linux) 604dc4"
(gdb)

```

-- 
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/2828#issuecomment-1162911935
You are receiving this because you are subscribed to this thread.

Message ID: <kamailio/kamailio/issues/2828/1162911935 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-dev/attachments/20220622/75c8720e/attachment.htm>

More information about the sr-dev mailing list