``` Reading symbols from kamailio...Reading symbols from /usr/lib/debug/.build-id/10/824757bd1066806f2e19310929e17a9009a991.debug...done. done. [New LWP 5578] [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". Core was generated by `/usr/sbin/kamailio -f /etc/kamailio/proxy/kamailio.cfg -P /var/run/kamailio/kam'. Program terminated with signal SIGSEGV, Segmentation fault. #0 0x00007f4871c9adcc in vfprintf () from /lib/x86_64-linux-gnu/libc.so.6 (gdb) bt #0 0x00007f4871c9adcc in vfprintf () from /lib/x86_64-linux-gnu/libc.so.6 #1 0x00007f4871d34466 in __vsyslog_chk () from /lib/x86_64-linux-gnu/libc.so.6 #2 0x00007f4871d345bf in syslog () from /lib/x86_64-linux-gnu/libc.so.6 #3 0x00007f485b71d796 in dlg_onroute (req=0x7f4866d8e5f0, route_params=0x7fffff82, param=0x7ffceb21fd60) at dlg_handlers.c:1336 #4 0x00007f48632aa2cd in run_rr_callbacks (req=0x7f4866d8e5f0, rr_param=0x7f48634bd8d0 <routed_params>) at rr_cb.c:96 #5 0x00007f486329e051 in after_loose (_m=0x7f4866d8e5f0, preloaded=2) at loose.c:914 #6 0x0000000000446700 in do_action (h=0x7ffceb220830, a=0x7f4865d1f1a0, msg=0x7f4866d8e5f0) at action.c:1060 #7 0x00000000004451c5 in run_actions (h=0x6, h@entry=0x7ffceb220830, a=0x7fffff82, msg=0x7ffceb21fd60) at action.c:1549 #8 0x0000000000451b97 in run_actions_safe (h=0x7ffceb221b00, a=<optimized out>, msg=<optimized out>) at action.c:1614 #9 0x0000000000426d20 in rval_get_int (h=0x7ffceb221b00, msg=0x6, i=0x7ffceb220b60, rv=0xffffffffffffffff, cache=0x6) at rvalue.c:912 #10 0x000000000042caac in rval_expr_eval_int (h=0x7ffceb221b00, msg=0x7f4866d8e5f0, res=0x7ffceb220b60, rve=0x7f4865d1f2d0) at rvalue.c:1910 #11 0x0000000000446bd7 in do_action (h=0x7ffceb221b00, a=0x7f4865d6c508, msg=0x7f4866d8e5f0) at action.c:1030 #12 0x00000000004451c5 in run_actions (h=0x6, a=0x7fffff82, msg=0x7ffceb21fd60) at action.c:1549 #13 0x0000000000446df0 in do_action (h=0x7ffceb221b00, a=0x7f4866624370, msg=0x7f4866d8e5f0) at action.c:678 #14 0x00000000004451c5 in run_actions (h=0x6, a=0x7fffff82, msg=0x7ffceb21fd60) at action.c:1549 #15 0x0000000000446c28 in do_action (h=0x7ffceb221b00, a=0x7f4866cbbe10, msg=0x7f4866d8e5f0) at action.c:1049 #16 0x00000000004451c5 in run_actions (h=0x6, h@entry=0x7ffceb221b00, a=0x7fffff82, a@entry=0x7f4866c6a758, msg=0x7ffceb21fd60, msg@entry=0x7f4866d8e5f0) at action.c:1549 #17 0x0000000000451c35 in run_top_route (a=0x7f4866c6a758, msg=0x7f4866d8e5f0, c=<optimized out>) at action.c:1635 #18 0x000000000055b4ae in receive_msg (buf=0x0, len=1725490672, rcv_info=0x7ffceb221de0) at receive.c:240 #19 0x000000000047abe0 in udp_rcv_loop () at udp_server.c:495 #20 0x000000000050360e in main_loop () at main.c:1600 #21 0x000000000041cdbc in main (argc=0, argv=0x0) at main.c:2616 (gdb) f 3 #3 0x00007f485b71d796 in dlg_onroute (req=0x7f4866d8e5f0, route_params=0x7fffff82, param=0x7ffceb21fd60) at dlg_handlers.c:1336 1336 dlg_handlers.c: No such file or directory. ```

relevant code: https://github.com/kamailio/kamailio/blob/4.4/modules/dialog/dlg_handlers.c#... ``` /* run actions for the transition */ if (event==DLG_EVENT_REQBYE && new_state==DLG_STATE_DELETED && old_state!=DLG_STATE_DELETED) { LM_DBG("BYE successfully processed\n"); /* remove from timer */ ret = remove_dialog_timer(&dlg->tl); if (ret < 0) { LM_CRIT("unable to unlink the timer on dlg %p [%u:%u] " "with clid '%.*s' and tags '%.*s' '%.*s'\n", dlg, dlg->h_entry, dlg->h_id, dlg->callid.len, dlg->callid.s, dlg->tag[DLG_CALLER_LEG].len, dlg->tag[DLG_CALLER_LEG].s, dlg->tag[DLG_CALLEE_LEG].len, dlg->tag[DLG_CALLEE_LEG].s); } else if (ret > 0) { ```

``` (gdb) p dlg $1 = (dlg_cell_t *) 0x7f47c4c7d560 (gdb) p *dlg $2 = {ref = -419086585, next = 0x7f47c4c7d598, prev = 0xa, h_id = 2, h_entry = 0, state = 3301430691, lifetime = 32583, init_ts = 3, start_ts = 0, end_ts = 1475139409, dflags = 32583, iflags = 1601467251, sflags = 1650552421, toroute = 2030069100, toroute_name = {s = 0x58 <error: Cannot access memory at address 0x58>, len = 0}, from_rr_nb = 0, tl = {next = 0x0, prev = 0x6eaf61, timeout = 7257938}, callid = {s = 0x6acfa0 "core", len = 94}, from_uri = {s = 0x7f47f0f0f0f0 "", len = -1005795570}, to_uri = { s = 0x7f47c4c7d628 "sst_refresh_method", len = 18}, req_uri = {s = 0x2 <error: Cannot access memory at address 0x2>, len = -993536453}, tag = {{ s = 0x6 <error: Cannot access memory at address 0x6>, len = -993536672}, {s = 0x726665725f747373 <error: Cannot access memory at address 0x726665725f747373>, len = 1600680805}}, cseq = {{s = 0x5449564e4900646f <error: Cannot access memory at address 0x5449564e4900646f>, len = 69}, { s = 0xc0 <error: Cannot access memory at address 0xc0>, len = 0}}, route_set = {{s = 0x0, len = 0}, {s = 0x6eaf61 "core: xavp.c", len = 7257938}}, contact = {{ s = 0x6acfa0 "core", len = 94}, {s = 0x7f47f0f0f0f0 "", len = 2060094989}}, bind_addr = {0x7f47c4c7d6c8, 0x12}, cbs = {first = 0x2, types = -993536293}, profile_links = 0x3, vars = 0x7f47c4c7d5f0} (gdb) p dlg->callid $3 = {s = 0x6acfa0 "core", len = 94} (gdb) p dlg->tag[0] $4 = {s = 0x6 <error: Cannot access memory at address 0x6>, len = -993536672} (gdb) p dlg->tag[1] $5 = {s = 0x726665725f747373 <error: Cannot access memory at address 0x726665725f747373>, len = 1600680805} ```