opensips 2.3 mid-registrar crashing

[attermann]

opensips 2.3 is frequently crashing in various places in code, but most appear related to the mid-registrar transaction callback mid_reg_resp_in. It looks like it could be memory corruption or something related which is beyond my experience with opensips. Details of my build and config below, as well as GDB and some debug log output for four separate crashes. Unfortunately the debug logs appear to be missing from immediately before some of the segfaults (caching?), but including anyway in case they are of any help.

version: opensips 2.3.1 (x86_64/linux)
flags: STATS: On, DISABLE_NAGLE, USE_MCAST, SHM_MMAP, PKG_MALLOC, F_MALLOC, FAST_LOCK-ADAPTIVE_WAIT
ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16, MAX_URI_SIZE 1024, BUF_SIZE 65535
poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
git revision: 62e4fdf
main.c compiled on 16:51:21 Aug 18 2017 with gcc 4.6

modparam("mid_registrar", "mode", 2)
modparam("mid_registrar", "outgoing_expires", 7200)
modparam("mid_registrar", "insertion_mode", 0)

modparam("usrloc", "use_domain", 1)
modparam("usrloc", "nat_bflag", "NAT")
modparam("usrloc", "db_mode", 0)

CRASH # 1

GNU gdb (Ubuntu/Linaro 7.4-2012.04-0ubuntu2.1) 7.4-2012.04
Copyright (C) 2012 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
For bug reporting instructions, please see:
<http://bugs.launchpad.net/gdb-linaro/>...
Reading symbols from /sbin/opensips...done.
[New LWP 6097]

warning: Can't read pathname for load map: Input/output error.

warning: no loadable sections found in added symbol-file system-supplied DSO at 0x7fff30314000
Core was generated by `/sbin/opensips -P /var/run/opensips/opensips.pid -m 256 -M 32 -u opensips -g op'.
Program terminated with signal 11, Segmentation fault.
#0  unlock_udomain (_d=0x0, _aor=0x7fa6f9f56178) at udomain.c:1219
1219            sl = core_hash(_aor, 0, _d->size);
(gdb) 
(gdb) bt full
#0  unlock_udomain (_d=0x0, _aor=0x7fa6f9f56178) at udomain.c:1219
        sl = 4168984016
#1  0x00007fa6f816ca3b in mid_reg_resp_in (t=<optimized out>, 
    type=<optimized out>, params=<optimized out>) at save.c:1374
        mri = 0x7fa6f9f56108
        rec = 0x7fa6f9e12028
        rpl = <optimized out>
        req = <optimized out>
        code = <optimized out>
        __FUNCTION__ = "mid_reg_resp_in"
#2  0x00007fa6f9478364 in run_trans_callbacks (type=2, trans=0x7fa6fa0310b0, 
    req=<optimized out>, rpl=<optimized out>, code=<optimized out>)
    at t_hooks.c:209
        params = {req = 0x7fa6fa091bb0, rpl = 0x7fa709b13bd8, code = 200, 
          param = 0x7fa6f9ffe808, extra1 = 0x0, extra2 = 0x0}
        cbp = 0x7fa6f9ffe7f8
        backup = 0x88b9e8
        trans_backup = 0x7fa6fa0310b0
        __FUNCTION__ = "run_trans_callbacks"
#3  0x00007fa6f947fc3c in t_reply_matching (p_msg=0x7fa709b13bd8, 
    p_branch=0x7fff30232410) at t_lookup.c:843
        p_cell = <optimized out>
        hash_index = <optimized out>
---Type <return> to continue, or q <return> to quit---
        entry_label = <optimized out>
        branch_id = <optimized out>
        hashi = <optimized out>
        branchi = <optimized out>
        p = <optimized out>
        hashl = <optimized out>
        branchl = <optimized out>
        scan_space = <optimized out>
        cseq = 0x7fa709b15320
        loopi = 0x0
        loopl = <optimized out>
        syni = <optimized out>
        synl = <optimized out>
        __FUNCTION__ = "t_reply_matching"
#4  0x00007fa6f94802f5 in t_check (p_msg=0x7fa709b13bd8, 
    param_branch=<optimized out>) at t_lookup.c:918
        local_branch = 231
        __FUNCTION__ = "t_check"
#5  0x00007fa6f94a12a3 in reply_received (p_msg=0x7fa709b13bd8)
    at t_reply.c:1416
        msg_status = <optimized out>
        last_uac_status = <optimized out>
        branch = <optimized out>
---Type <return> to continue, or q <return> to quit---
        reply_status = <optimized out>
        timer = <optimized out>
        cancel_bitmap = <optimized out>
        uac = <optimized out>
        t = <optimized out>
        backup_list = <optimized out>
        has_reply_route = <optimized out>
        __FUNCTION__ = "reply_received"
#6  0x000000000044c389 in forward_reply (msg=0x7fa709b13bd8) at forward.c:495
        new_buf = 0x0
        to = 0x0
        new_len = <optimized out>
        mod = 0x7fa709ae42c0
        proto = <optimized out>
        id = 0
        send_sock = <optimized out>
        s = <optimized out>
        len = <optimized out>
        __FUNCTION__ = "forward_reply"
#7  0x00000000004aade5 in receive_msg (
    buf=0x8ad080 "SIP/2.0 200 OK\r\nVia: SIP/2.0/UDP 70.42.44.204:6050;branch=z9hG4bK218a.ff30a145.0;i=558451b4;received=70.42.44.204\r\nVia: SIP/2.0/TCP 70.42.44.203:54564;received=70.42.44.203;branch=z9hG4bKEGZhhStM4KqAg"..., 
---Type <return> to continue, or q <return> to quit---
    len=<optimized out>, rcv_info=<optimized out>, existing_context=0x0)
    at receive.c:257
        ctx = 0x7fa709b14808
        msg = 0x7fa709b13bd8
        start = {tv_sec = 8827968, tv_usec = 140355134490672}
        rc = 3
        tmp = 0x0
        in_buff = {
          s = 0x8ad080 "SIP/2.0 200 OK\r\nVia: SIP/2.0/UDP 70.42.44.204:6050;branch=z9hG4bK218a.ff30a145.0;i=558451b4;received=70.42.44.204\r\nVia: SIP/2.0/TCP 70.42.44.203:54564;received=70.42.44.203;branch=z9hG4bKEGZhhStM4KqAg"..., 
          len = 646}
        __FUNCTION__ = "receive_msg"
#8  0x00000000005f6c9b in udp_read_req (si=<optimized out>, 
    bytes_read=<optimized out>) at net/proto_udp/proto_udp.c:192
        ri = {src_ip = {af = 2, len = 4, u = {addrl = {140356011319883, 
                6425680}, addr32 = {775053899, 32679, 6425680, 0}, addr16 = {
                25163, 11826, 32679, 0, 3152, 98, 0, 0}, 
              addr = "Kb2.\247\177\000\000P\fb\000\000\000\000"}}, dst_ip = {
            af = 2, len = 4, u = {addrl = {3425446470, 0}, addr32 = {
                3425446470, 0, 0, 0}, addr16 = {10822, 52268, 0, 0, 0, 0, 0, 
                0}, addr = "F*,\314", '\000' <repeats 11 times>}}, 
          src_port = 5060, dst_port = 6050, proto = 1, proto_reserved1 = 0, 
---Type <return> to continue, or q <return> to quit---
          proto_reserved2 = 0, src_su = {s = {sa_family = 2, 
              sa_data = "\023\304Kb2.\000\000\000\000\000\000\000"}, sin = {
              sin_family = 2, sin_port = 50195, sin_addr = {
                s_addr = 775053899}, 
              sin_zero = "\000\000\000\000\000\000\000"}, sin6 = {
              sin6_family = 2, sin6_port = 50195, sin6_flowinfo = 775053899, 
              sin6_addr = {__in6_u = {
                  __u6_addr8 = "\000\000\000\000\000\000\000\000\260k\260\t\247\177\000", __u6_addr16 = {0, 0, 0, 0, 27568, 2480, 32679, 0}, __u6_addr32 = {0, 
                    0, 162556848, 32679}}}, sin6_scope_id = 5201799}}, 
          bind_address = 0x7fa709ae36e0}
        len = <optimized out>
        buf = "SIP/2.0 200 OK\r\nVia: SIP/2.0/UDP 70.42.44.204:6050;branch=z9hG4bK218a.ff30a145.0;i=558451b4;received=70.42.44.204\r\nVia: SIP/2.0/TCP 70.42.44.203:54564;received=70.42.44.203;branch=z9hG4bKEGZhhStM4KqAg"...
        tmp = 0x0
        fromlen = 16
        p = <optimized out>
        msg = {
          s = 0x8ad080 "SIP/2.0 200 OK\r\nVia: SIP/2.0/UDP 70.42.44.204:6050;branch=z9hG4bK218a.ff30a145.0;i=558451b4;received=70.42.44.204\r\nVia: SIP/2.0/TCP 70.42.44.203:54564;received=70.42.44.203;branch=z9hG4bKEGZhhStM4KqAg"..., 
          len = 646}
---Type <return> to continue, or q <return> to quit---
        __FUNCTION__ = "udp_read_req"
#9  0x00000000005d8eec in handle_io (fm=0x7fa709b06c10, idx=<optimized out>, 
    event_type=<optimized out>) at net/net_udp.c:259
        read = 32512
#10 io_wait_loop_epoll (repeat=0, t=1, h=<optimized out>)
    at net/../io_wait_loop.h:284
        ret = 1
        n = 1
        r = 0
        i = <optimized out>
        e = 0x7fa709b06c10
        ep_event = {events = 206119283, data = {ptr = 0x4e164400007fa7, 
            fd = 32679, u32 = 32679, u64 = 21979529497051047}}
        fd = <optimized out>
#11 0x00000000005dc858 in udp_start_processes (chd_rank=<optimized out>, 
    startup_done=0x0) at net/net_udp.c:389
        si = <optimized out>
        load_p = 0x7fa6f9df8b20
        pid = <optimized out>
        i = <optimized out>
        __FUNCTION__ = "udp_start_processes"
#12 0x000000000041d4c5 in main_loop () at main.c:677
        startup_done = 0x0
---Type <return> to continue, or q <return> to quit---
        chd_rank = 2
#13 main (argc=<optimized out>, argv=<optimized out>) at main.c:1283
        cfg_stream = <optimized out>
        c = <optimized out>
        r = <optimized out>
        tmp = 0x7fff30232e95 ""
        tmp_len = <optimized out>
        port = <optimized out>
        proto = 807611108
        protos_no = <optimized out>
        options = 0x6116e8 "f:cCm:M:b:l:n:N:rRvdDFETSVhw:t:u:g:P:G:W:o:"
        ret = -1
        seed = 2536210741
        rfd = 4
        __FUNCTION__ = "main"
(gdb) 

Aug 20 10:50:18 ingress-nyj /sbin/opensips[6097]: DBG:core:parse_msg: SIP Reply  (status):
Aug 20 10:50:18 ingress-nyj /sbin/opensips[6097]: DBG:core:parse_msg:  version: <SIP/2.0>
Aug 20 10:50:18 ingress-nyj /sbin/opensips[6097]: DBG:core:parse_msg:  status:  <200>
Aug 20 10:50:18 ingress-nyj /sbin/opensips[6097]: DBG:core:parse_msg:  reason:  <OK>
Aug 20 10:50:18 ingress-nyj /sbin/opensips[6097]: DBG:core:parse_headers: flags=2
Aug 20 10:50:18 ingress-nyj /sbin/opensips[6097]: DBG:core:parse_via_param: found param type 232, <branch> = <z9hG4bKe69d.632337b6.0>; state=6
Aug 20 10:50:18 ingress-nyj /sbin/opensips[6097]: DBG:core:parse_via_param: found param type 236, <i> = <2e7451b4>; state=6
Aug 20 10:50:18 ingress-nyj /sbin/opensips[6097]: DBG:core:parse_via_param: found param type 234, <received> = <70.42.44.204>; state=16
Aug 20 10:50:18 ingress-nyj /sbin/opensips[6097]: DBG:core:parse_via: end of header reached, state=5
Aug 20 10:50:18 ingress-nyj /sbin/opensips[6097]: DBG:core:parse_headers: via found, flags=2
Aug 20 10:50:18 ingress-nyj /sbin/opensips[6097]: DBG:core:parse_headers: this is the first via
Aug 20 10:50:18 ingress-nyj /sbin/opensips[6097]: DBG:core:receive_msg: After parse_msg...
Aug 20 10:50:18 ingress-nyj /sbin/opensips[6097]: DBG:core:comp_scriptvar: int 20 : 6050 / 5060
Aug 20 10:50:18 ingress-nyj /sbin/opensips[6097]: DBG:core:comp_scriptvar: int 20 : 6050 / 6050
Aug 20 10:50:18 ingress-nyj /sbin/opensips[6097]: DBG:core:parse_headers: flags=2000
Aug 20 10:50:18 ingress-nyj /sbin/opensips[6097]: DBG:core:parse_via_param: found param type 234, <received> = <70.42.44.203>; state=6
Aug 20 10:50:18 ingress-nyj /sbin/opensips[6097]: DBG:core:parse_via_param: found param type 232, <branch> = <z9hG4bK21eRhRlUvPHWJCKe>; state=6
Aug 20 10:50:18 ingress-nyj /sbin/opensips[6097]: DBG:core:parse_via_param: found param type 235, <rport> = <54106>; state=16
Aug 20 10:50:18 ingress-nyj /sbin/opensips[6097]: DBG:core:parse_via: end of header reached, state=5
Aug 20 10:50:18 ingress-nyj /sbin/opensips[6097]: DBG:core:parse_headers: via found, flags=2000
Aug 20 10:50:18 ingress-nyj /sbin/opensips[6097]: DBG:core:parse_headers: parse_headers: this is the second via
Aug 20 10:50:18 ingress-nyj /sbin/opensips[6097]: DBG:core:parse_to: end of header reached, state=10
Aug 20 10:50:18 ingress-nyj /sbin/opensips[6097]: DBG:core:parse_to: display={"Joe Kaufman"}, ruri={sip:213m@labyrinth.20463.service}
Aug 20 10:50:18 ingress-nyj /sbin/opensips[6097]: DBG:core:get_hdr_field: <To> [50]; uri=[sip:213m@labyrinth.20463.service] 
Aug 20 10:50:18 ingress-nyj /sbin/opensips[6097]: DBG:core:get_hdr_field: to body ["Joe Kaufman" <sip:213m@labyrinth.20463.service>#015#012]
Aug 20 10:50:18 ingress-nyj /sbin/opensips[6097]: DBG:core:get_hdr_field: cseq <CSeq>: <12> <REGISTER>
Aug 20 10:50:18 ingress-nyj /sbin/opensips[6097]: DBG:core:get_hdr_field: content_length=0
Aug 20 10:50:18 ingress-nyj /sbin/opensips[6097]: DBG:sipmsgops:has_body_f: content length is zero
Aug 20 10:50:18 ingress-nyj /sbin/opensips[6097]: DBG:core:pv_get_dsturi_attr: no destination URI
Aug 20 10:50:18 ingress-nyj /sbin/opensips[6097]: DBG:core:parse_to_param: tag=4369BB8A4C14ECD4272B01FCECF0388B
Aug 20 10:50:18 ingress-nyj /sbin/opensips[6097]: DBG:core:parse_to: end of header reached, state=29
Aug 20 10:50:18 ingress-nyj /sbin/opensips[6097]: DBG:core:parse_to: display={"Joe Kaufman"}, ruri={sip:213m@labyrinth.20463.service}
Aug 20 10:50:18 ingress-nyj /sbin/opensips[6097]: onreply: udp:75.98.50.46:5060 -> 70.42.44.204:6050 -> <null>:<null>:<null> 200 <null>, from: sip:213m@labyrinth.20463.service, to: sip:213m@labyrinth.20463.service
Aug 20 10:50:18 ingress-nyj /sbin/opensips[6097]: DBG:core:forward_reply: found module tm, passing reply to it
Aug 20 10:50:18 ingress-nyj /sbin/opensips[6097]: DBG:tm:t_check: start=0xffffffffffffffff
Aug 20 10:50:18 ingress-nyj /sbin/opensips[6097]: DBG:core:parse_headers: flags=22
Aug 20 10:50:18 ingress-nyj /sbin/opensips[6097]: DBG:tm:t_reply_matching: hash 55662 label 1802711606 branch 0
Aug 20 10:50:18 ingress-nyj /sbin/opensips[6097]: DBG:tm:t_reply_matching: REF_UNSAFE:[0x7fa6f9f1e1b0] after is 1
Aug 20 10:50:18 ingress-nyj /sbin/opensips[6097]: DBG:tm:t_reply_matching: reply matched (T=0x7fa6f9f1e1b0)!
Aug 20 10:50:18 ingress-nyj /sbin/opensips[6097]: DBG:tm:run_trans_callbacks: trans=0x7fa6f9f1e1b0, callback type 2, id 1 entered
Aug 20 10:50:18 ingress-nyj /sbin/opensips[6097]: DBG:mid_registrar:mid_reg_resp_in: pushing reply back to caller: 200
Aug 20 10:50:18 ingress-nyj /sbin/opensips[6097]: DBG:mid_registrar:mid_reg_resp_in: request -------------- #012REGISTER sip:labyrinth.20463.service SIP/2.0#015#012Via: SIP/2.0/TCP 70.42.44.203:54106;branch=z9hG4bK21eRhRlUvPHWJCKe;rport#015#012Contact: <sip:213m@70.42.44.203:54106;rinstance=3C3276C5;transport=tcp>;expires=600#015#012Max-Forwards: 69#015#012From: "Joe Kaufman" <sip:213m@labyrinth.20463.service>;tag=4369BB8A4C14ECD4272B01FCECF0388B#015#012Allow: OPTIONS, INVITE, ACK, REFER, CANCEL, BYE, NOTIFY#015#012Supported: replaces, path#015#012User-Agent: ReachUC SIPIS#015#012To: "Joe Kaufman" <sip:213m@labyrinth.20463.service>#015#012Expires: 600#015#012Call-ID: 2C3418C63F751A1CB1AA378283D443A11056C0B1#015#012CSeq: 12 REGISTER#015#012Proxy-Authorization: Digest username="213m",realm="labyrinth.20463.service",algorithm=MD5,uri="sip:labyrinth.20463.service",nonce="3082f740c9f60e58221e28746dc856c4",response="e029977cc3d5b93329f713976aaad5e2"#015#012Content-Length: 0#015#012#015#012#012xxx: 
Aug 20 10:50:18 ingress-nyj /sbin/opensips[6097]: DBG:mid_registrar:mid_reg_resp_in: reply -------------- #012SIP/2.0 200 OK#015#012Via: SIP/2.0/UDP 70.42.44.204:6050;branch=z9hG4bKe69d.632337b6.0;i=2e7451b4;received=70.42.44.204#015#012Via: SIP/2.0/TCP 70.42.44.203:54106;received=70.42.44.203;branch=z9hG4bK21eRhRlUvPHWJCKe;rport=54106#015#012To: "Joe Kaufman" <sip:213m@labyrinth.20463.service>#015#012From: "Joe Kaufman" <sip:213m@labyrinth.20463.service>;tag=4369BB8A4C14ECD4272B01FCECF0388B#015#012Call-ID: 2C3418C63F751A1CB1AA378283D443A11056C0B1#015#012CSeq: 12 REGISTER#015#012Contact: <sip:213m@labyrinth.20463.service>;expires=600#015#012Expires: 600#015#012Server: NetSapiens SiPBx v37-1-3x4#015#012Allow: INVITE,ACK,CANCEL,BYE,OPTIONS,REFER,SUBSCRIBE#015#012Content-Length: 0#015#012#015#012
Aug 20 10:50:18 ingress-nyj /sbin/opensips[6097]: DBG:core:parse_headers: flags=ffffffffffffffff
Aug 20 10:50:18 ingress-nyj /sbin/opensips[6097]: DBG:core:parse_params: Parsing params for:[expires=600]
Aug 20 10:50:18 ingress-nyj /sbin/opensips[6097]: DBG:core:parse_headers: flags=ffffffffffffffff
Aug 20 10:50:18 ingress-nyj /sbin/opensips[6097]: DBG:core:get_hdr_field: found end of header
Aug 20 10:50:18 ingress-nyj /sbin/opensips[6097]: DBG:core:parse_params: Parsing params for:[expires=600]
Aug 20 10:50:18 ingress-nyj /sbin/opensips[6097]: DBG:mid_registrar:mid_reg_resp_in: rec=0x7fa6f9eb5ff8
Aug 20 10:50:18 ingress-nyj /sbin/opensips[6097]: DBG:mid_registrar:save_restore_req_contacts: saving + restoring all contact URIs ... 
Aug 20 10:50:18 ingress-nyj /sbin/opensips[6097]: DBG:mid_registrar:calc_contact_expires: expires: 600
Aug 20 10:50:18 ingress-nyj /sbin/opensips[6097]: DBG:mid_registrar:calc_contact_expires: expires: 600
Aug 20 10:50:18 ingress-nyj /sbin/opensips[6097]: DBG:mid_registrar:save_restore_req_contacts: expires: 600 - 600
Aug 20 10:50:18 ingress-nyj /sbin/opensips[6097]: DBG:mid_registrar:save_restore_req_contacts: REQ ct: 'sip:213m@70.42.44.203:54106;rinstance=3C3276C5;transport=tcp']
Aug 20 10:50:18 ingress-nyj /sbin/opensips[6097]: DBG:mid_registrar:save_restore_req_contacts: appending initial Contact to reply: 'Contact: <sip:213m@70.42.44.203:54106;rinstance=3C3276C5;transport=tcp>;expires=600#015#012'
Aug 20 10:50:18 ingress-nyj /sbin/opensips[6097]: DBG:mid_registrar:save_restore_req_contacts:     >> REGISTER 600s ------- 600s 200 OK <<!
Aug 20 10:50:18 ingress-nyj /sbin/opensips[6097]: DBG:core:parse_headers: flags=8000000
Aug 20 10:50:18 ingress-nyj /sbin/opensips[6097]: DBG:core:parse_headers: flags=ffffffffffffffff
Aug 20 10:50:18 ingress-nyj /sbin/opensips[6097]: DBG:core:parse_methods: methods 0x142F
Aug 20 10:50:18 ingress-nyj /sbin/opensips[6097]: DBG:mid_registrar:save_restore_req_contacts: UPDATING .....
Aug 20 10:50:18 ingress-nyj /sbin/opensips[6097]: DBG:core:evi_param_set: adding string param
Aug 20 10:50:18 ingress-nyj /sbin/opensips[6097]: DBG:core:evi_param_set: adding string param
Aug 20 10:50:18  /sbin/opensips[6097]: last message repeated 2 times
Aug 20 10:50:18 ingress-nyj /sbin/opensips[6097]: DBG:core:evi_param_set: adding int param
Aug 20 10:50:18 ingress-nyj /sbin/opensips[6097]: DBG:core:evi_param_set: adding string param
Aug 20 10:50:18 ingress-nyj /sbin/opensips[6097]: DBG:core:evi_param_set: adding int param
Aug 20 10:50:18 ingress-nyj /sbin/opensips[6097]: DBG:core:evi_param_set: adding int param
Aug 20 10:50:18 ingress-nyj /sbin/opensips[6097]: DBG:core:evi_param_set: adding string param
Aug 20 10:50:18 ingress-nyj /sbin/opensips[6097]: DBG:core:evi_param_set: adding int param
Aug 20 10:50:18 ingress-nyj /sbin/opensips[6097]: DBG:core:destroy_avp_list: destroying list (nil)
Aug 20 10:50:18 ingress-nyj /sbin/opensips[6097]: DBG:usrloc:update_ucontact: exists callback for type= UL_CONTACT_UPDATE
Aug 20 10:50:18 ingress-nyj /sbin/opensips[6097]: DBG:usrloc:run_ul_callbacks: contact=0x7fa6fa042738, callback type 2/15, id 0 entered
Aug 20 10:50:18 ingress-nyj /sbin/opensips[6097]: DBG:mid_registrar:mid_reg_ct_event: Contact callback (2): contact='sip:213m@70.42.44.203:54106;rinstance=3C3276C5;transport=tcp' | param=(0x7fa6fa042868 -> 0x7fa6f9f486b0) | data[0]=(0x7fa6f9f486b0)
Aug 20 10:50:18 ingress-nyj /sbin/opensips[6097]: DBG:mid_registrar:mid_reg_ct_event: setting e_out to 600
Aug 20 10:50:18 ingress-nyj /sbin/opensips[6097]: DBG:mid_registrar:mid_reg_resp_in: got ptr back: 0x7fa6f9f56108
Aug 20 10:50:18 ingress-nyj /sbin/opensips[6097]: DBG:mid_registrar:mid_reg_resp_in: RESPONSE FORWARDED TO caller!
Aug 20 10:50:18 ingress-nyj /sbin/opensips[6097]: DBG:mid_registrar:mri_free: aor: '213m@labyrinth.20463.service' 0x7fa6f9e05b28
Aug 20 10:50:18 ingress-nyj /sbin/opensips[6097]: DBG:mid_registrar:mri_free: from: 'sip:213m@labyrinth.20463.service' 0x7fa6fa10e558
Aug 20 10:50:18 ingress-nyj /sbin/opensips[6097]: DBG:mid_registrar:mri_free: to: 'sip:213m@labyrinth.20463.service' 0x7fa6f9e05ae8
Aug 20 10:50:18 ingress-nyj /sbin/opensips[6097]: DBG:mid_registrar:mri_free: callid: '2C3418C63F751A1CB1AA378283D443A11056C0B1' 0x7fa6f9fcc260
Aug 20 10:50:18 ingress-nyj /sbin/opensips[6097]: DBG:mid_registrar:mri_free: main reg: 'sip:sip.outboundproxy.com' 0x7fa6f9e51e90
Aug 20 10:50:18 ingress-nyj /sbin/opensips[6097]: DBG:mid_registrar:mri_free: ct_uri: '' (nil)
Aug 20 10:50:18 ingress-nyj /sbin/opensips[6097]: DBG:tm:t_check: end=0x7fa6f9f1e1b0
Aug 20 10:50:18 ingress-nyj /sbin/opensips[6097]: DBG:tm:reply_received: org. status uas=0, uac[0]=0 local=0 is_invite=0)
Aug 20 10:50:18 ingress-nyj /sbin/opensips[6097]: DBG:tm:t_should_relay_response: T_code=0, new_code=200
Aug 20 10:50:18 ingress-nyj /sbin/opensips[6097]: DBG:tm:relay_reply: T_state=4, branch=0, save=0, relay=0, cancel_BM=0
Aug 20 10:50:18 ingress-nyj /sbin/opensips[6097]: DBG:core:parse_headers: flags=2000
Aug 20 10:50:18 ingress-nyj /sbin/opensips[6097]: DBG:core:build_res_buf_from_sip_res:  old size: 616, new size: 545
Aug 20 10:50:18 ingress-nyj /sbin/opensips[6097]: DBG:core:build_res_buf_from_sip_res: copied size: orig:614, new: 545, rest: 2 msg=#012SIP/2.0 200 OK#015#012Via: SIP/2.0/TCP 70.42.44.203:54106;received=70.42.44.203;branch=z9hG4bK21eRhRlUvPHWJCKe;rport=54106#015#012To: "Joe Kaufman" <sip:213m@labyrinth.20463.service>#015#012From: "Joe Kaufman" <sip:213m@labyrinth.20463.service>;tag=4369BB8A4C14ECD4272B01FCECF0388B#015#012Call-ID: 2C3418C63F751A1CB1AA378283D443A11056C0B1#015#012CSeq: 12 REGISTER#015#012Expires: 600#015#012Server: NetSapiens SiPBx v37-1-3x4#015#012Allow: INVITE,ACK,CANCEL,BYE,OPTIONS,REFER,SUBSCRIBE#015#012Content-Length: 0#015#012Contact: <sip:213m@70.42.44.203:54106;rinstance=3C3276C5;transport=tcp>;expires=600#015#012#015#012
Aug 20 10:50:18 ingress-nyj /sbin/opensips[6097]: DBG:core:_shm_resize: resize(0) called
Aug 20 10:50:18 ingress-nyj /sbin/opensips[6097]: DBG:tm:insert_timer_unsafe: [2]: 0x7fa6f9f1e230 (2975)
Aug 20 10:50:18 ingress-nyj /sbin/opensips[6097]: DBG:core:tcp_conn_get: con found in state 0
Aug 20 10:50:18 ingress-nyj /sbin/opensips[6097]: DBG:core:tcp_conn_get: tcp connection found (0x7fa6f9ea0420), acquiring fd
Aug 20 10:50:18 ingress-nyj /sbin/opensips[6097]: DBG:core:tcp_conn_get: c= 0x7fa6f9ea0420, n=16, Usock=25
Aug 20 10:50:18 ingress-nyj /sbin/opensips[6097]: DBG:core:tcp_conn_get: after receive_fd: c= 0x7fa6f9ea0420 n=8 fd=28
Aug 20 10:50:18 ingress-nyj kernel: [2668950.486590] opensips[6097]: segfault at 10 ip 00007fa6f85becb9 sp 00007fff30232150 error 4 in usrloc.so[7fa6f85a4000+34000]

CRASH # 2

Copyright (C) 2012 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
For bug reporting instructions, please see:
<http://bugs.launchpad.net/gdb-linaro/>...
Reading symbols from /sbin/opensips...done.
[New LWP 32478]

warning: Can't read pathname for load map: Input/output error.

warning: no loadable sections found in added symbol-file system-supplied DSO at 0x7fff165ed000
Core was generated by `/sbin/opensips -P /var/run/opensips/opensips.pid -m 256 -M 32 -u opensips -g op'.
Program terminated with signal 11, Segmentation fault.
#0  0x000000000052c2db in fm_remove_free (n=0x7f5dac7002b0, qm=0x7f5dac3c6000)
    at mem/f_malloc.c:200
200     *pf=n->u.nxt_free;
(gdb) 
(gdb) bt full
#0  0x000000000052c2db in fm_remove_free (n=0x7f5dac7002b0, qm=0x7f5dac3c6000)
    at mem/f_malloc.c:200
        pf = 0x0
        hash = 16
#1  fm_malloc (qm=0x7f5dac3c6000, size=128) at mem/f_malloc.c:428
        frag = 0x7f5dac7002b0
        n = <optimized out>
        hash = <optimized out>
        __FUNCTION__ = "fm_malloc"
#2  0x00007f5daaa4ad6b in shm_malloc (size=128)
    at ../../net/../mem/shm_mem.h:437
        p = <optimized out>
#3  mri_dup (mri=0x7f5dac7002c8) at save.c:471
        ret = 0x400
#4  0x00007f5daaa50ba5 in save_restore_req_contacts (req=0x7f5dac899d78, 
    rpl=0x7f5dbc3febd8, mri=0x7f5dac7002c8, _a=0x7f5dac700338, r=0x0)
    at save.c:987
        ri = <optimized out>
        cti = <optimized out>
        ci = 0x0
        c = <optimized out>
        _c = 0x7f5dbc480618
        __c = <optimized out>
---Type <return> to continue, or q <return> to quit---
        __cn = <optimized out>
        cflags = 0
        e = <optimized out>
        e_out = 600
        e_max = 0
        tcp_check = 0
        uri = {user = {s = 0x3000000018 <Address 0x3000000018 out of bounds>, 
            len = 373491920}, passwd = {
            s = 0x7fff16430810 "\377\377\377\377\377\377\377\377 \357G\274]\177", len = 8187}, host = {s = 0x2 <Address 0x2 out of bounds>, len = 1}, port = {
            s = 0x1 <Address 0x1 out of bounds>, len = 11}, params = {
            s = 0xffffffffffffffa0 <Address 0xffffffffffffffa0 out of bounds>, 
            len = 27251680}, headers = {s = 0x7f5dbefbb720 "", len = 8208}, 
          port_no = 8208, proto = 0, type = ERROR_URI_T, transport = {
            s = 0x19ff3f0 "", len = 8208}, ttl = {
            s = 0x7f5dbec84ae4 "L\215k\020L\211\350H\213\\$\020H\213l$\030L\213d$ L\213l$(L\213t$0H\203\304\070\303\017\037\200", len = -1090797648}, 
          user_param = {s = 0x7fff16430700 "\a", len = -1090799840}, maddr = {
            s = 0x19fd3f0 "", len = 90}, method = {s = 0x19fd3e0 "`\002", 
            len = 112}, lr = {s = 0x7f5dbec863fe "H\211\302\203=\254\255\063", 
            len = -1090799840}, r2 = {
            s = 0x100000000 <Address 0x100000000 out of bounds>, 
            len = 373491600}, gr = {s = 0x1 <Address 0x1 out of bounds>, 
---Type <return> to continue, or q <return> to quit---
            len = 11}, transport_val = {s = 0x0, len = 0}, ttl_val = {
            s = 0x1 <Address 0x1 out of bounds>, len = 11}, user_param_val = {
            s = 0x19fd3f0 "", len = 21}, maddr_val = {
            s = 0x1 <Address 0x1 out of bounds>, len = 11}, method_val = {
            s = 0xffffffffffffffa0 <Address 0xffffffffffffffa0 out of bounds>, 
            len = 373491704}, lr_val = {
            s = 0x7f5dbecf2edf "H\213\234", <incomplete sequence \310>, 
            len = 27251696}, r2_val = {
            s = 0x7f5daaa62e45 "DBG:mid_registrar:%s: rec=%p\n", len = 7}, 
          gr_val = {s = 0x1400000008 <Address 0x1400000008 out of bounds>, 
            len = 7}, u_name = {{
              s = 0xe700000000 <Address 0xe700000000 out of bounds>, len = 1}, 
            {
              s = 0xffffffffffffc7c0 <Address 0xffffffffffffc7c0 out of bounds>, 
              len = 27128256}, {
              s = 0x100002600 <Address 0x100002600 out of bounds>, 
              len = 9728}, {
              s = 0x54c42e "\205\300\017\205\257\364\377\377\307E", len = 11}, 
            {
              s = 0x52c40b "I\215D$\030H\203\304@[]A\\Ã\302\001\201\372\063\b", 
              len = 373491664}, {s = 0x7f5dbc480660 "\310\005H\274]\177", 
              len = 104}, {
              s = 0x7f5dabd97a28 "DBG:tm:%s: trans=%p, callback type %d, id %d e---Type <return> to continue, or q <return> to quit---
ntered\n", len = 27251696}, {s = 0x0, len = 27251696}, {
              s = 0x7f5dbc480618 "=Ҋ", len = 89}, {
              s = 0x599979c7 <Address 0x599979c7 out of bounds>, len = 63}}, 
          u_val = {{s = 0x7f5dac899d78 "\r\004", len = 8827712}, {
              s = 0x7f5dac7002c8 "", len = -1136661544}, {
              s = 0x7f5dac700338 "`\351}\254]\177", len = -1400267400}, {
              s = 0x7f5dbecf3272 "H\201\304", <incomplete sequence \330>, 
              len = 0}, {
              s = 0x3000000028 <Address 0x3000000028 out of bounds>, 
              len = 373491920}, {
              s = 0x7fff16430810 "\377\377\377\377\377\377\377\377 \357G\274]\177", len = -1}, {s = 0x7f5dbc47ef20 "+", len = -1136661544}, {
              s = 0x7f5daaa630f0 "mid_reg_resp_in", len = 0}, {
              s = 0x86b440 "", len = -1136661544}, {s = 0x0, 
              len = -1401034400}}, u_params_no = 29}
        anchor = <optimized out>
        ct = <optimized out>
        buf = <optimized out>
        len = <optimized out>
        __FUNCTION__ = "save_restore_req_contacts"
#5  0x00007f5daaa57edc in mid_reg_resp_in (t=<optimized out>, 
    type=<optimized out>, params=<optimized out>) at save.c:1368
        mri = 0x7f5dac7002c8
---Type <return> to continue, or q <return> to quit---
        rec = 0x0
        rpl = 0x7f5dbc3febd8
        req = 0x7f5dac899d78
        code = <optimized out>
        __FUNCTION__ = "mid_reg_resp_in"
#6  0x00007f5dabd63364 in run_trans_callbacks (type=2, trans=0x7f5dacaa2bb8, 
    req=<optimized out>, rpl=<optimized out>, code=<optimized out>)
    at t_hooks.c:209
        params = {req = 0x7f5dac899d78, rpl = 0x7f5dbc3febd8, code = 200, 
          param = 0x7f5daca6b928, extra1 = 0x0, extra2 = 0x0}
        cbp = 0x7f5daca6b918
        backup = 0x88b9e8
        trans_backup = 0x7f5dacaa2bb8
        __FUNCTION__ = "run_trans_callbacks"
#7  0x00007f5dabd6ac3c in t_reply_matching (p_msg=0x7f5dbc3febd8, 
    p_branch=0x7fff16430b70) at t_lookup.c:843
        p_cell = <optimized out>
        hash_index = <optimized out>
        entry_label = <optimized out>
        branch_id = <optimized out>
        hashi = <optimized out>
        branchi = <optimized out>
        p = <optimized out>
---Type <return> to continue, or q <return> to quit---
        hashl = <optimized out>
        branchl = <optimized out>
        scan_space = <optimized out>
        cseq = 0x7f5dbc3fff58
        loopi = 0x0
        loopl = <optimized out>
        syni = <optimized out>
        synl = <optimized out>
        __FUNCTION__ = "t_reply_matching"
#8  0x00007f5dabd6b2f5 in t_check (p_msg=0x7f5dbc3febd8, 
    param_branch=<optimized out>) at t_lookup.c:918
        local_branch = 231
        __FUNCTION__ = "t_check"
#9  0x00007f5dabd8c2a3 in reply_received (p_msg=0x7f5dbc3febd8)
    at t_reply.c:1416
        msg_status = <optimized out>
        last_uac_status = <optimized out>
        branch = <optimized out>
        reply_status = <optimized out>
        timer = <optimized out>
        cancel_bitmap = <optimized out>
        uac = <optimized out>
        t = <optimized out>
---Type <return> to continue, or q <return> to quit---
        backup_list = <optimized out>
        has_reply_route = <optimized out>
        __FUNCTION__ = "reply_received"
#10 0x000000000044c389 in forward_reply (msg=0x7f5dbc3febd8) at forward.c:495
        new_buf = 0x0
        to = 0x0
        new_len = <optimized out>
        mod = 0x7f5dbc3cf2c0
        proto = <optimized out>
        id = 0
        send_sock = <optimized out>
        s = <optimized out>
        len = <optimized out>
        __FUNCTION__ = "forward_reply"
#11 0x00000000004aade5 in receive_msg (
    buf=0x8ad080 "SIP/2.0 200 OK\r\nVia: SIP/2.0/UDP 70.42.44.204:6050;branch=z9hG4bK9866.750784e2.0;i=cbee70a3;received=70.42.44.204\r\nVia: SIP/2.0/TCP 70.42.44.203:53748;received=70.42.44.203;branch=z9hG4bKKsakP15BMwum0"..., 
    len=<optimized out>, rcv_info=<optimized out>, existing_context=0x0)
    at receive.c:257
        ctx = 0x7f5dbc3ff808
        msg = 0x7f5dbc3febd8
        start = {tv_sec = 8827968, tv_usec = 140040301781480}
---Type <return> to continue, or q <return> to quit---
        rc = 3
        tmp = 0x0
        in_buff = {
          s = 0x8ad080 "SIP/2.0 200 OK\r\nVia: SIP/2.0/UDP 70.42.44.204:6050;branch=z9hG4bK9866.750784e2.0;i=cbee70a3;received=70.42.44.204\r\nVia: SIP/2.0/TCP 70.42.44.203:53748;received=70.42.44.203;branch=z9hG4bKKsakP15BMwum0"..., 
          len = 647}
        __FUNCTION__ = "receive_msg"
#12 0x00000000005f6c9b in udp_read_req (si=<optimized out>, 
    bytes_read=<optimized out>) at net/proto_udp/proto_udp.c:192
        ri = {src_ip = {af = 2, len = 4, u = {addrl = {140038183739979, 
                6425680}, addr32 = {775053899, 32605, 6425680, 0}, addr16 = {
                25163, 11826, 32605, 0, 3152, 98, 0, 0}, 
              addr = "Kb2.]\177\000\000P\fb\000\000\000\000"}}, dst_ip = {
            af = 2, len = 4, u = {addrl = {3425446470, 0}, addr32 = {
                3425446470, 0, 0, 0}, addr16 = {10822, 52268, 0, 0, 0, 0, 0, 
                0}, addr = "F*,\314", '\000' <repeats 11 times>}}, 
          src_port = 5060, dst_port = 6050, proto = 1, proto_reserved1 = 0, 
          proto_reserved2 = 0, src_su = {s = {sa_family = 2, 
              sa_data = "\023\304Kb2.\000\000\000\000\000\000\000"}, sin = {
              sin_family = 2, sin_port = 50195, sin_addr = {
                s_addr = 775053899}, 
              sin_zero = "\000\000\000\000\000\000\000"}, sin6 = {
---Type <return> to continue, or q <return> to quit---
              sin6_family = 2, sin6_port = 50195, sin6_flowinfo = 775053899, 
              sin6_addr = {__in6_u = {
                  __u6_addr8 = "\000\000\000\000\000\000\000\000\260\033?\274]\177\000", __u6_addr16 = {0, 0, 0, 0, 7088, 48191, 32605, 0}, __u6_addr32 = {0, 
                    0, 3158252464, 32605}}}, sin6_scope_id = 5201799}}, 
          bind_address = 0x7f5dbc3ce6e0}
        len = <optimized out>
        buf = "SIP/2.0 200 OK\r\nVia: SIP/2.0/UDP 70.42.44.204:6050;branch=z9hG4bK9866.750784e2.0;i=cbee70a3;received=70.42.44.204\r\nVia: SIP/2.0/TCP 70.42.44.203:53748;received=70.42.44.203;branch=z9hG4bKKsakP15BMwum0"...
        tmp = 0x0
        fromlen = 16
        p = <optimized out>
        msg = {
          s = 0x8ad080 "SIP/2.0 200 OK\r\nVia: SIP/2.0/UDP 70.42.44.204:6050;branch=z9hG4bK9866.750784e2.0;i=cbee70a3;received=70.42.44.204\r\nVia: SIP/2.0/TCP 70.42.44.203:53748;received=70.42.44.203;branch=z9hG4bKKsakP15BMwum0"..., 
          len = 647}
        __FUNCTION__ = "udp_read_req"
#13 0x00000000005d8eec in handle_io (fm=0x7f5dbc3f1c10, idx=<optimized out>, 
    event_type=<optimized out>) at net/net_udp.c:259
        read = 32512
#14 io_wait_loop_epoll (repeat=0, t=1, h=<optimized out>)
---Type <return> to continue, or q <return> to quit---
    at net/../io_wait_loop.h:284
        ret = 1
        n = 1
        r = 0
        i = <optimized out>
        e = 0x7f5dbc3f1c10
        ep_event = {events = 3201814899, data = {ptr = 0x4e164400007f5d, 
            fd = 32605, u32 = 32605, u64 = 21979529497050973}}
        fd = <optimized out>
#15 0x00000000005dc858 in udp_start_processes (chd_rank=<optimized out>, 
    startup_done=0x0) at net/net_udp.c:389
        si = <optimized out>
        load_p = 0x7f5dac6e3b20
        pid = <optimized out>
        i = <optimized out>
        __FUNCTION__ = "udp_start_processes"
#16 0x000000000041d4c5 in main_loop () at main.c:677
        startup_done = 0x0
        chd_rank = 4
#17 main (argc=<optimized out>, argv=<optimized out>) at main.c:1283
        cfg_stream = <optimized out>
        c = <optimized out>
        r = <optimized out>
---Type <return> to continue, or q <return> to quit---
        tmp = 0x7fff16432e95 ""
        tmp_len = <optimized out>
        port = <optimized out>
        proto = 373494244
        protos_no = <optimized out>
        options = 0x6116e8 "f:cCm:M:b:l:n:N:rRvdDFETSVhw:t:u:g:P:G:W:o:"
        ret = -1
        seed = 2327298814
        rfd = 4
        __FUNCTION__ = "main"
(gdb) 

Aug 20 08:00:07 ingress-nyj /sbin/opensips[32478]: DBG:core:parse_msg: SIP Reply  (status):
Aug 20 08:00:07 ingress-nyj /sbin/opensips[32478]: DBG:core:parse_msg:  version: <SIP/2.0>
Aug 20 08:00:07 ingress-nyj /sbin/opensips[32478]: DBG:core:parse_msg:  status:  <200>
Aug 20 08:00:07 ingress-nyj /sbin/opensips[32478]: DBG:core:parse_msg:  reason:  <OK>
Aug 20 08:00:07 ingress-nyj /sbin/opensips[32478]: DBG:core:parse_headers: flags=2
Aug 20 08:00:07 ingress-nyj /sbin/opensips[32478]: DBG:core:parse_via_param: found param type 232, <branch> = <z9hG4bK9866.750784e2.0>; state=6
Aug 20 08:00:07 ingress-nyj /sbin/opensips[32478]: DBG:core:parse_via_param: found param type 236, <i> = <cbee70a3>; state=6
Aug 20 08:00:07 ingress-nyj /sbin/opensips[32478]: DBG:core:parse_via_param: found param type 234, <received> = <70.42.44.204>; state=16
Aug 20 08:00:07 ingress-nyj /sbin/opensips[32478]: DBG:core:parse_via: end of header reached, state=5
Aug 20 08:00:07 ingress-nyj /sbin/opensips[32478]: DBG:core:parse_headers: via found, flags=2
Aug 20 08:00:07 ingress-nyj /sbin/opensips[32478]: DBG:core:parse_headers: this is the first via
Aug 20 08:00:07 ingress-nyj /sbin/opensips[32478]: DBG:core:receive_msg: After parse_msg...
Aug 20 08:00:07 ingress-nyj /sbin/opensips[32478]: DBG:core:comp_scriptvar: int 20 : 6050 / 5060
Aug 20 08:00:07 ingress-nyj /sbin/opensips[32478]: DBG:core:comp_scriptvar: int 20 : 6050 / 6050
Aug 20 08:00:07 ingress-nyj /sbin/opensips[32478]: DBG:core:parse_headers: flags=2000
Aug 20 08:00:07 ingress-nyj /sbin/opensips[32478]: DBG:core:parse_via_param: found param type 234, <received> = <70.42.44.203>; state=6
Aug 20 08:00:07 ingress-nyj /sbin/opensips[32478]: DBG:core:parse_via_param: found param type 232, <branch> = <z9hG4bKKsakP15BMwum0tMa>; state=6
Aug 20 08:00:07 ingress-nyj /sbin/opensips[32478]: DBG:core:parse_via_param: found param type 235, <rport> = <53748>; state=16
Aug 20 08:00:07 ingress-nyj /sbin/opensips[32478]: DBG:core:parse_via: end of header reached, state=5
Aug 20 08:00:07 ingress-nyj /sbin/opensips[32478]: DBG:core:parse_headers: via found, flags=2000
Aug 20 08:00:07 ingress-nyj /sbin/opensips[32478]: DBG:core:parse_headers: parse_headers: this is the second via
Aug 20 08:00:07 ingress-nyj /sbin/opensips[32478]: DBG:core:parse_to: end of header reached, state=10
Aug 20 08:00:07 ingress-nyj /sbin/opensips[32478]: DBG:core:parse_to: display={"Terry Crews"}, ruri={sip:4908m@skyswitch.15611.service}
Aug 20 08:00:07 ingress-nyj /sbin/opensips[32478]: DBG:core:get_hdr_field: <To> [51]; uri=[sip:4908m@skyswitch.15611.service] 
Aug 20 08:00:07 ingress-nyj /sbin/opensips[32478]: DBG:core:get_hdr_field: to body ["Terry Crews" <sip:4908m@skyswitch.15611.service>#015#012]
Aug 20 08:00:07 ingress-nyj /sbin/opensips[32478]: DBG:core:get_hdr_field: cseq <CSeq>: <22> <REGISTER>
Aug 20 08:00:07 ingress-nyj /sbin/opensips[32478]: DBG:core:get_hdr_field: content_length=0
Aug 20 08:00:07 ingress-nyj /sbin/opensips[32478]: DBG:sipmsgops:has_body_f: content length is zero
Aug 20 08:00:07 ingress-nyj /sbin/opensips[32478]: DBG:core:pv_get_dsturi_attr: no destination URI
Aug 20 08:00:07 ingress-nyj /sbin/opensips[32478]: DBG:core:parse_to_param: tag=D99083EAB540CF3C20AEB33376CB1EE8
Aug 20 08:00:07 ingress-nyj /sbin/opensips[32478]: DBG:core:parse_to: end of header reached, state=29
Aug 20 08:00:07 ingress-nyj /sbin/opensips[32478]: DBG:core:parse_to: display={"Terry Crews"}, ruri={sip:4908m@skyswitch.15611.service}
Aug 20 08:00:07 ingress-nyj /sbin/opensips[32478]: onreply: udp:75.98.50.46:5060 -> 70.42.44.204:6050 -> <null>:<null>:<null> 200 <null>, from: sip:4908m@skyswitch.15611.service, to: sip:4908m@skyswitch.15611.service
Aug 20 08:00:07 ingress-nyj /sbin/opensips[32478]: DBG:core:forward_reply: found module tm, passing reply to it
Aug 20 08:00:07 ingress-nyj /sbin/opensips[32478]: DBG:tm:t_check: start=0xffffffffffffffff
Aug 20 08:00:07 ingress-nyj /sbin/opensips[32478]: DBG:core:parse_headers: flags=22
Aug 20 08:00:07 ingress-nyj /sbin/opensips[32478]: DBG:tm:t_reply_matching: hash 26249 label 776499287 branch 0
Aug 20 08:00:07 ingress-nyj /sbin/opensips[32478]: DBG:tm:t_reply_matching: REF_UNSAFE:[0x7f5dacaa2bb8] after is 1
Aug 20 08:00:07 ingress-nyj /sbin/opensips[32478]: DBG:tm:t_reply_matching: reply matched (T=0x7f5dacaa2bb8)!
Aug 20 08:00:07 ingress-nyj /sbin/opensips[32478]: DBG:tm:run_trans_callbacks: trans=0x7f5dacaa2bb8, callback type 2, id 1 entered
Aug 20 08:00:07 ingress-nyj /sbin/opensips[32478]: DBG:mid_registrar:mid_reg_resp_in: pushing reply back to caller: 200
Aug 20 08:00:07 ingress-nyj /sbin/opensips[32478]: DBG:mid_registrar:mid_reg_resp_in: request -------------- #012REGISTER sip:skyswitch.15611.service SIP/2.0#015#012Via: SIP/2.0/TCP 70.42.44.203:53748;branch=z9hG4bKKsakP15BMwum0tMa;rport#015#012Contact: <sip:4908m@70.42.44.203:53748;rinstance=710DA152;transport=tcp>;expires=600#015#012Max-Forwards: 69#015#012From: "Terry Crews" <sip:4908m@skyswitch.15611.service>;tag=D99083EAB540CF3C20AEB33376CB1EE8#015#012Allow: OPTIONS, INVITE, ACK, REFER, CANCEL, BYE, NOTIFY#015#012Supported: replaces, path#015#012User-Agent: ReachUC SIPIS#015#012To: "Terry Crews" <sip:4908m@skyswitch.15611.service>#015#012Expires: 600#015#012Call-ID: F8B9FAADFDA0E2C001BF80660C18564F0C84F7DD#015#012CSeq: 22 REGISTER#015#012Proxy-Authorization: Digest username="4908m",realm="skyswitch.15611.service",algorithm=MD5,uri="sip:skyswitch.15611.service",nonce="8aed325f788676a3ba944561255ab45f",response="8360be41acdcdbf4083cda4316da0da9"#015#012Content-Length: 0#015#012#015#012#012xxx: 
Aug 20 08:00:07 ingress-nyj /sbin/opensips[32478]: DBG:mid_registrar:mid_reg_resp_in: reply -------------- #012SIP/2.0 200 OK#015#012Via: SIP/2.0/UDP 70.42.44.204:6050;branch=z9hG4bK9866.750784e2.0;i=cbee70a3;received=70.42.44.204#015#012Via: SIP/2.0/TCP 70.42.44.203:53748;received=70.42.44.203;branch=z9hG4bKKsakP15BMwum0tMa;rport=53748#015#012To: "Terry Crews" <sip:4908m@skyswitch.15611.service>#015#012From: "Terry Crews" <sip:4908m@skyswitch.15611.service>;tag=D99083EAB540CF3C20AEB33376CB1EE8#015#012Call-ID: F8B9FAADFDA0E2C001BF80660C18564F0C84F7DD#015#012CSeq: 22 REGISTER#015#012Contact: <sip:4908m@70.42.44.203:53748;rinstance=710DA152;transport=tcp>;expires=600#015#012Expires: 600#015#012Server: NetSapiens SiPBx v37-1-3x4#015#012Allow: INVITE,ACK,CANCEL,BYE,OPTIONS,REFER,SUBSCRIBE#015#012Content-Length: 0#015#012#015#012
Aug 20 08:00:07 ingress-nyj /sbin/opensips[32478]: DBG:core:parse_headers: flags=ffffffffffffffff
Aug 20 08:00:07 ingress-nyj /sbin/opensips[32478]: DBG:core:parse_params: Parsing params for:[expires=600]
Aug 20 08:00:07 ingress-nyj /sbin/opensips[32478]: DBG:core:parse_headers: flags=ffffffffffffffff
Aug 20 08:00:07 ingress-nyj /sbin/opensips[32478]: DBG:core:get_hdr_field: found end of header
Aug 20 08:00:07 ingress-nyj /sbin/opensips[32478]: DBG:core:parse_params: Parsing params for:[expires=600]
Aug 20 08:00:07 ingress-nyj /sbin/opensips[32478]: DBG:mid_registrar:mid_reg_resp_in: rec=(nil)
Aug 20 08:00:07 ingress-nyj /sbin/opensips[32478]: DBG:mid_registrar:save_restore_req_contacts: saving + restoring all contact URIs ... 
Aug 20 08:00:07 ingress-nyj /sbin/opensips[32478]: DBG:mid_registrar:calc_contact_expires: expires: 600
Aug 20 08:00:07 ingress-nyj kernel: [2658756.987711] opensips[32478]: segfault at 0 ip 000000000052c2db sp 00007fff16430460 error 6 in opensips[400000+26a000]

CRASH # 3

GNU gdb (Ubuntu/Linaro 7.4-2012.04-0ubuntu2.1) 7.4-2012.04
Copyright (C) 2012 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
For bug reporting instructions, please see:
<http://bugs.launchpad.net/gdb-linaro/>...
Reading symbols from /sbin/opensips...done.
[New LWP 17959]

warning: Can't read pathname for load map: Input/output error.

warning: no loadable sections found in added symbol-file system-supplied DSO at 0x7fffd8bfe000
Core was generated by `/sbin/opensips -P /var/run/opensips/opensips.pid -m 256 -M 32 -u opensips -g op'.
Program terminated with signal 11, Segmentation fault.
#0  0x00007fc165824361 in run_trans_callbacks (type=2, trans=0x7fc166255788, 
    req=<optimized out>, rpl=<optimized out>, code=<optimized out>)
    at t_hooks.c:209
209             cbp->callback( trans, type, &params );
(gdb) 
(gdb) bt full
#0  0x00007fc165824361 in run_trans_callbacks (type=2, trans=0x7fc166255788, 
    req=<optimized out>, rpl=<optimized out>, code=<optimized out>)
    at t_hooks.c:209
        params = {req = 0x7fc166405478, rpl = 0x7fc175ebfbd8, code = 200, 
          param = 0x7fc16634e3c0, extra1 = 0x0, extra2 = 0x0}
        cbp = 0x7fc16634e3b0
        backup = 0x88b9e8
        trans_backup = 0x7fc166255788
        __FUNCTION__ = "run_trans_callbacks"
#1  0x00007fc16582bc3c in t_reply_matching (p_msg=0x7fc175ebfbd8, 
    p_branch=0x7fffd8bf26c0) at t_lookup.c:843
        p_cell = <optimized out>
        hash_index = <optimized out>
        entry_label = <optimized out>
        branch_id = <optimized out>
        hashi = <optimized out>
        branchi = <optimized out>
        p = <optimized out>
        hashl = <optimized out>
        branchl = <optimized out>
        scan_space = <optimized out>
        cseq = 0x7fc175ec1320
        loopi = 0x0
---Type <return> to continue, or q <return> to quit---
        loopl = <optimized out>
        syni = <optimized out>
        synl = <optimized out>
        __FUNCTION__ = "t_reply_matching"
#2  0x00007fc16582c2f5 in t_check (p_msg=0x7fc175ebfbd8, 
    param_branch=<optimized out>) at t_lookup.c:918
        local_branch = 231
        __FUNCTION__ = "t_check"
#3  0x00007fc16584d2a3 in reply_received (p_msg=0x7fc175ebfbd8)
    at t_reply.c:1416
        msg_status = <optimized out>
        last_uac_status = <optimized out>
        branch = <optimized out>
        reply_status = <optimized out>
        timer = <optimized out>
        cancel_bitmap = <optimized out>
        uac = <optimized out>
        t = <optimized out>
        backup_list = <optimized out>
        has_reply_route = <optimized out>
        __FUNCTION__ = "reply_received"
#4  0x000000000044c389 in forward_reply (msg=0x7fc175ebfbd8) at forward.c:495
        new_buf = 0x0
---Type <return> to continue, or q <return> to quit---
        to = 0x0
        new_len = <optimized out>
        mod = 0x7fc175e902c0
        proto = <optimized out>
        id = 0
        send_sock = <optimized out>
        s = <optimized out>
        len = <optimized out>
        __FUNCTION__ = "forward_reply"
#5  0x00000000004aade5 in receive_msg (
    buf=0x8ad080 "SIP/2.0 200 OK\r\nVia: SIP/2.0/UDP 70.42.44.204:6050;branch=z9hG4bKade9.8b23c6e1.0;i=5086def3;received=70.42.44.204\r\nVia: SIP/2.0/TCP 70.42.44.203:54414;received=70.42.44.203;branch=z9hG4bKfLusfXP6UraDA"..., 
    len=<optimized out>, rcv_info=<optimized out>, existing_context=0x0)
    at receive.c:257
        ctx = 0x7fc175ec0808
        msg = 0x7fc175ebfbd8
        start = {tv_sec = 8827968, tv_usec = 140468619711216}
        rc = 3
        tmp = 0x0
        in_buff = {
          s = 0x8ad080 "SIP/2.0 200 OK\r\nVia: SIP/2.0/UDP 70.42.44.204:6050;branch=z9hG4bKade9.8b23c6e1.0;i=5086def3;received=70.42.44.204\r\nVia: SIP/2.0/TCP ---Type <return> to continue, or q <return> to quit---
70.42.44.203:54414;received=70.42.44.203;branch=z9hG4bKfLusfXP6UraDA"..., 
          len = 652}
        __FUNCTION__ = "receive_msg"
#6  0x00000000005f6c9b in udp_read_req (si=<optimized out>, 
    bytes_read=<optimized out>) at net/proto_udp/proto_udp.c:192
        ri = {src_ip = {af = 2, len = 4, u = {addrl = {140467680469579, 
                6425680}, addr32 = {775053899, 32705, 6425680, 0}, addr16 = {
                25163, 11826, 32705, 0, 3152, 98, 0, 0}, 
              addr = "Kb2.\301\177\000\000P\fb\000\000\000\000"}}, dst_ip = {
            af = 2, len = 4, u = {addrl = {3425446470, 0}, addr32 = {
                3425446470, 0, 0, 0}, addr16 = {10822, 52268, 0, 0, 0, 0, 0, 
                0}, addr = "F*,\314", '\000' <repeats 11 times>}}, 
          src_port = 5060, dst_port = 6050, proto = 1, proto_reserved1 = 0, 
          proto_reserved2 = 0, src_su = {s = {sa_family = 2, 
              sa_data = "\023\304Kb2.\000\000\000\000\000\000\000"}, sin = {
              sin_family = 2, sin_port = 50195, sin_addr = {
                s_addr = 775053899}, 
              sin_zero = "\000\000\000\000\000\000\000"}, sin6 = {
              sin6_family = 2, sin6_port = 50195, sin6_flowinfo = 775053899, 
              sin6_addr = {__in6_u = {
                  __u6_addr8 = "\000\000\000\000\000\000\000\000\260+\353u\301\177\000", __u6_addr16 = {0, 0, 0, 0, 11184, 30187, 32705, 0}, __u6_addr32 = {0, 
                    0, 1978346416, 32705}}}, sin6_scope_id = 5201799}}, 
---Type <return> to continue, or q <return> to quit---
          bind_address = 0x7fc175e8f6e0}
        len = <optimized out>
        buf = "SIP/2.0 200 OK\r\nVia: SIP/2.0/UDP 70.42.44.204:6050;branch=z9hG4bKade9.8b23c6e1.0;i=5086def3;received=70.42.44.204\r\nVia: SIP/2.0/TCP 70.42.44.203:54414;received=70.42.44.203;branch=z9hG4bKfLusfXP6UraDA"...
        tmp = 0x0
        fromlen = 16
        p = <optimized out>
        msg = {
          s = 0x8ad080 "SIP/2.0 200 OK\r\nVia: SIP/2.0/UDP 70.42.44.204:6050;branch=z9hG4bKade9.8b23c6e1.0;i=5086def3;received=70.42.44.204\r\nVia: SIP/2.0/TCP 70.42.44.203:54414;received=70.42.44.203;branch=z9hG4bKfLusfXP6UraDA"..., 
          len = 652}
        __FUNCTION__ = "udp_read_req"
#7  0x00000000005d8eec in handle_io (fm=0x7fc175eb2c10, idx=<optimized out>, 
    event_type=<optimized out>) at net/net_udp.c:259
        read = 32512
#8  io_wait_loop_epoll (repeat=0, t=1, h=<optimized out>)
    at net/../io_wait_loop.h:284
        ret = 1
        n = 1
        r = 0
        i = <optimized out>
---Type <return> to continue, or q <return> to quit---
        e = 0x7fc175eb2c10
        ep_event = {events = 2021908851, data = {ptr = 0x4e164400007fc1, 
            fd = 32705, u32 = 32705, u64 = 21979529497051073}}
        fd = <optimized out>
#9  0x00000000005dc85f in udp_start_processes (chd_rank=<optimized out>, 
    startup_done=0x0) at net/net_udp.c:389
        si = <optimized out>
        load_p = 0x7fc1661a4b20
        pid = <optimized out>
        i = <optimized out>
        __FUNCTION__ = "udp_start_processes"
#10 0x000000000041d4c5 in main_loop () at main.c:677
        startup_done = 0x0
        chd_rank = 1
#11 main (argc=<optimized out>, argv=<optimized out>) at main.c:1283
        cfg_stream = <optimized out>
        c = <optimized out>
        r = <optimized out>
        tmp = 0x7fffd8bf4e95 ""
        tmp_len = <optimized out>
        port = <optimized out>
        proto = -658559516
        protos_no = <optimized out>
---Type <return> to continue, or q <return> to quit---
        options = 0x6116e8 "f:cCm:M:b:l:n:N:rRvdDFETSVhw:t:u:g:P:G:W:o:"
        ret = -1
        seed = 3424843775
        rfd = 4
        __FUNCTION__ = "main"
(gdb) 

Aug 20 10:00:25 ingress-nyj /sbin/opensips[17959]: DBG:core:parse_msg: SIP Reply  (status):
Aug 20 10:00:25 ingress-nyj /sbin/opensips[17959]: DBG:core:parse_msg:  version: <SIP/2.0>
Aug 20 10:00:25 ingress-nyj /sbin/opensips[17959]: DBG:core:parse_msg:  status:  <200>
Aug 20 10:00:25 ingress-nyj /sbin/opensips[17959]: DBG:core:parse_msg:  reason:  <OK>
Aug 20 10:00:25 ingress-nyj /sbin/opensips[17959]: DBG:core:parse_headers: flags=2
Aug 20 10:00:25 ingress-nyj /sbin/opensips[17959]: DBG:core:parse_via_param: found param type 232, <branch> = <z9hG4bK149b.12c98724.0>; state=6
Aug 20 10:00:25 ingress-nyj /sbin/opensips[17959]: DBG:core:parse_via_param: found param type 236, <i> = <c286def3>; state=6
Aug 20 10:00:25 ingress-nyj /sbin/opensips[17959]: DBG:core:parse_via_param: found param type 234, <received> = <70.42.44.204>; state=16
Aug 20 10:00:25 ingress-nyj /sbin/opensips[17959]: DBG:core:parse_via: end of header reached, state=5
Aug 20 10:00:25 ingress-nyj /sbin/opensips[17959]: DBG:core:parse_headers: via found, flags=2
Aug 20 10:00:25 ingress-nyj /sbin/opensips[17959]: DBG:core:parse_headers: this is the first via
Aug 20 10:00:25 ingress-nyj /sbin/opensips[17959]: DBG:core:receive_msg: After parse_msg...
Aug 20 10:00:25 ingress-nyj /sbin/opensips[17959]: DBG:core:comp_scriptvar: int 20 : 6050 / 5060
Aug 20 10:00:25 ingress-nyj /sbin/opensips[17959]: DBG:core:comp_scriptvar: int 20 : 6050 / 6050
Aug 20 10:00:25 ingress-nyj /sbin/opensips[17959]: DBG:core:parse_headers: flags=2000
Aug 20 10:00:25 ingress-nyj /sbin/opensips[17959]: DBG:core:parse_via_param: found param type 234, <received> = <70.42.44.203>; state=6
Aug 20 10:00:25 ingress-nyj /sbin/opensips[17959]: DBG:core:parse_via_param: found param type 232, <branch> = <z9hG4bKtmgA4bxyn9ItAXfV>; state=6
Aug 20 10:00:25 ingress-nyj /sbin/opensips[17959]: DBG:core:parse_via_param: found param type 235, <rport> = <54178>; state=16
Aug 20 10:00:25 ingress-nyj /sbin/opensips[17959]: DBG:core:parse_via: end of header reached, state=5
Aug 20 10:00:25 ingress-nyj /sbin/opensips[17959]: DBG:core:parse_headers: via found, flags=2000
Aug 20 10:00:25 ingress-nyj /sbin/opensips[17959]: DBG:core:parse_headers: parse_headers: this is the second via
Aug 20 10:00:25 ingress-nyj /sbin/opensips[17959]: DBG:core:parse_to: end of header reached, state=10
Aug 20 10:00:25 ingress-nyj /sbin/opensips[17959]: DBG:core:parse_to: display={"Victoria Gelabert"}, ruri={sip:1000m@oit.20463.service}
Aug 20 10:00:26 ingress-nyj kernel: [2665963.251068] traps: opensips[17959] general protection ip:7fc165824361 sp:7fffd8bf24a0 error:0 in tm.so[7fc1657e0000+82000]

CRASH # 4

GNU gdb (Ubuntu/Linaro 7.4-2012.04-0ubuntu2.1) 7.4-2012.04
Copyright (C) 2012 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
For bug reporting instructions, please see:
<http://bugs.launchpad.net/gdb-linaro/>...
Reading symbols from /sbin/opensips...done.
[New LWP 6106]

warning: Can't read pathname for load map: Input/output error.

warning: no loadable sections found in added symbol-file system-supplied DSO at 0x7fff30314000
Core was generated by `/sbin/opensips -P /var/run/opensips/opensips.pid -m 256 -M 32 -u opensips -g op'.
Program terminated with signal 11, Segmentation fault.
#0  0x000000000052c2db in fm_remove_free (n=0x7fa6f9f560f0, qm=0x7fa6f9adb000)
    at mem/f_malloc.c:200
200     *pf=n->u.nxt_free;
(gdb) 
(gdb) bt full
#0  0x000000000052c2db in fm_remove_free (n=0x7fa6f9f560f0, qm=0x7fa6f9adb000)
    at mem/f_malloc.c:200
        pf = 0x0
        hash = 16
#1  fm_malloc (qm=0x7fa6f9adb000, size=128) at mem/f_malloc.c:428
        frag = 0x7fa6f9f560f0
        n = <optimized out>
        hash = <optimized out>
        __FUNCTION__ = "fm_malloc"
#2  0x00007fa6f8162cb5 in shm_malloc (size=128)
    at ../../net/../mem/shm_mem.h:437
        p = <optimized out>
#3  prepare_forward (msg=0x7fa709b13bd8, ud=0x7fa6f9ded8c8, 
    aor=0x7fff3022fa38, sctx=0x7fff3022fa30) at save.c:1394
        mri = 0x400
        to = <optimized out>
        from = <optimized out>
        __FUNCTION__ = "prepare_forward"
#4  0x00007fa6f817099b in mid_reg_save (msg=0x7fa709b13bd8, 
    dom=<optimized out>, flags_gp=<optimized out>, to_uri_gp=<optimized out>, 
    expires_gp=<optimized out>) at save.c:2070
        ud = <optimized out>
        rec = 0x7fa6f9f103f8
---Type <return> to continue, or q <return> to quit---
        flags_str = {s = 0x0, len = 0}
        to_uri = {
          s = 0x89d1ee "sip:106m@SurgicalDirect.20387.service>\r\nExpires: 600\r\nCall-ID: 22E656D4B98FAF3AF3140879796B9AEF1C82BFFE\r\nCSeq: 12 REGISTER\r\nProxy-Authorization: Digest username=\"106m\",realm=\"SurgicalDirect.20387.serv"..., len = 37}
        sctx = {flags = 0, aor = {
            s = 0x7fa6f837e9c0 "106m@surgicaldirect.20387.service", len = 33}, 
          max_contacts = 0, expires = 0, expires_out = 7200, star = 0, 
          min_expires = 0, max_expires = 0}
        st = 0
        __FUNCTION__ = "mid_reg_save"
#5  0x0000000000421174 in do_action (a=0x7fa709aed7c0, msg=0x7fa709b13bd8)
    at action.c:1862
        increment = <optimized out>
        decrement = <optimized out>
        val_number = <optimized out>
        j = <optimized out>
        val_s = {s = 0x0, len = 807600768}
        cdb_reply = <optimized out>
        aux = {s = 0x0, len = 0}
        i = <optimized out>
        key_number = <optimized out>
---Type <return> to continue, or q <return> to quit---
        it = <optimized out>
        avp_val = {n = 3, s = {
            s = 0x1300000003 <Address 0x1300000003 out of bounds>, 
            len = 162615544}}
        avp_name = {n = 162616008, s = {s = 0x7fa709b152c8 "", len = 51}}
        avp_type = <optimized out>
        ret = -5
        v = <optimized out>
        sec = <optimized out>
        usec = <optimized out>
        to = <optimized out>
        p = <optimized out>
        tmp = <optimized out>
        new_uri = <optimized out>
        end = <optimized out>
        crt = <optimized out>
        len = <optimized out>
        i = <optimized out>
        user = 0
        expires = 0
        vals = {{s = 0x0, len = 0}, {s = 0x0, len = 0}, {s = 0x0, len = 0}, {
            s = 0x0, len = 0}, {s = 0x0, len = 0}}
        result = {s = 0x1 <Address 0x1 out of bounds>, len = 9177184}
---Type <return> to continue, or q <return> to quit---
        uri = {user = {s = 0x0, len = 0}, passwd = {s = 0x0, len = 0}, host = {
            s = 0x0, len = 0}, port = {s = 0x0, len = 0}, params = {s = 0x0, 
            len = 0}, headers = {s = 0x0, len = 0}, port_no = 0, proto = 0, 
          type = ERROR_URI_T, transport = {s = 0x0, len = 0}, ttl = {s = 0x0, 
            len = 0}, user_param = {s = 0x0, len = 0}, maddr = {s = 0x0, 
            len = 0}, method = {s = 0x0, len = 0}, lr = {s = 0x0, len = 0}, 
          r2 = {s = 0x0, len = 0}, gr = {s = 0x0, len = 0}, transport_val = {
            s = 0x0, len = 0}, ttl_val = {s = 0x0, len = 0}, user_param_val = {
            s = 0x0, len = 0}, maddr_val = {s = 0x0, len = 0}, method_val = {
            s = 0x0, len = 0}, lr_val = {s = 0x0, len = 0}, r2_val = {s = 0x0, 
            len = 0}, gr_val = {s = 0x0, len = 0}, u_name = {{s = 0x0, 
              len = 0}, {s = 0x0, len = 0}, {s = 0x0, len = 0}, {s = 0x0, 
              len = 0}, {s = 0x0, len = 0}, {s = 0x0, len = 0}, {s = 0x0, 
              len = 0}, {s = 0x0, len = 0}, {s = 0x0, len = 0}, {s = 0x0, 
              len = 0}}, u_val = {{s = 0x0, len = 0}, {s = 0x0, len = 0}, {
              s = 0x0, len = 0}, {s = 0x0, len = 0}, {s = 0x0, len = 0}, {
              s = 0x0, len = 0}, {s = 0x0, len = 0}, {s = 0x0, len = 0}, {
              s = 0x0, len = 0}, {s = 0x0, len = 0}}, u_params_no = 0}
        next_hop = {user = {s = 0x0, len = 0}, passwd = {s = 0x0, len = 0}, 
          host = {s = 0x0, len = 162443848}, port = {
            s = 0xffffffff <Address 0xffffffff out of bounds>, 
            len = 162610136}, params = {s = 0x7fa709b13bd8 "\341\002", 
            len = 162444072}, headers = {s = 0x0, len = 4359010}, port_no = 0, 
---Type <return> to continue, or q <return> to quit---
          proto = 0, type = ERROR_URI_T, transport = {s = 0x0, len = 0}, 
          ttl = {s = 0x0, len = 0}, user_param = {s = 0x7fa709aeb328 "\002", 
            len = 162610136}, maddr = {s = 0x7fa709aeaca8 "\020", len = -1}, 
          method = {
            s = 0x421174 "\211\305D\017\266+\351\211\325\377\377\270\002", 
            len = 0}, lr = {s = 0x0, len = 0}, r2 = {s = 0x0, len = 0}, gr = {
            s = 0x0, len = 0}, transport_val = {s = 0x0, len = 0}, ttl_val = {
            s = 0x0, len = 0}, user_param_val = {s = 0x0, len = 0}, 
          maddr_val = {s = 0x0, len = 0}, method_val = {s = 0x0, len = 0}, 
          lr_val = {s = 0x0, len = 0}, r2_val = {s = 0x0, len = 0}, gr_val = {
            s = 0x0, len = 0}, u_name = {{s = 0x0, len = 0}, {s = 0x0, 
              len = 0}, {s = 0x0, len = 0}, {s = 0x0, len = 0}, {s = 0x0, 
              len = 0}, {s = 0x0, len = 0}, {s = 0x0, len = 0}, {s = 0x0, 
              len = 0}, {s = 0x0, len = 0}, {s = 0x0, len = 0}}, u_val = {{
              s = 0x0, len = 0}, {s = 0x0, len = 0}, {s = 0x0, len = 0}, {
              s = 0x0, len = 0}, {s = 0x0, len = 0}, {s = 0x0, len = 0}, {
              s = 0x0, len = 0}, {s = 0x0, len = 0}, {s = 0x0, len = 0}, {
              s = 0x0, len = 0}}, u_params_no = 0}
        u = <optimized out>
        port = <optimized out>
        cmatch = <optimized out>
        aitem = <optimized out>
        adefault = <optimized out>
---Type <return> to continue, or q <return> to quit---
        spec = <optimized out>
        model = <optimized out>
        val = {rs = {s = 0x8c0854 "0", len = 5424139}, ri = 1, flags = 0}
        pve = <optimized out>
        name_s = {s = 0x7fa709b152a8 ";r2=on", len = 162615944}
        start = {tv_sec = 0, tv_usec = 140355121095990}
        aux_counter = <optimized out>
        __FUNCTION__ = "do_action"
#6  0x0000000000428362 in run_action_list (a=<optimized out>, 
    msg=0x7fa709b13bd8) at action.c:172
        ret = <optimized out>
        t = 0x7fa709aed7c0
#7  0x000000000042869d in run_actions (msg=<optimized out>, a=<optimized out>)
    at action.c:137
        ret = <optimized out>
#8  run_actions (a=<optimized out>, msg=<optimized out>) at action.c:118
        ret = <optimized out>
#9  0x00000000004238b5 in do_action (a=0x7fa709aeb038, msg=0x7fa709b13bd8)
    at action.c:761
        increment = <optimized out>
        decrement = <optimized out>
        val_number = <optimized out>
        j = <optimized out>
---Type <return> to continue, or q <return> to quit---
        val_s = {
          s = 0xffffffffffffffa0 <Address 0xffffffffffffffa0 out of bounds>, 
          len = 23586816}
        cdb_reply = <optimized out>
        aux = {s = 0x7fa70c6d0720 "", len = 8208}
        i = <optimized out>
        key_number = <optimized out>
        it = <optimized out>
        avp_val = {n = 8208, s = {
            s = 0x383100002010 <Address 0x383100002010 out of bounds>, 
            len = 23595024}}
        avp_name = {n = 8208, s = {
            s = 0x3835000000002010 <Address 0x3835000000002010 out of bounds>, 
            len = 206126296}}
        avp_type = <optimized out>
        ret = -5
        v = <optimized out>
        sec = <optimized out>
        usec = <optimized out>
        to = <optimized out>
        p = <optimized out>
        tmp = <optimized out>
        new_uri = <optimized out>
---Type <return> to continue, or q <return> to quit---
        end = <optimized out>
        crt = <optimized out>
        len = <optimized out>
        i = <optimized out>
        user = 0
        expires = 0
        vals = {{s = 0x3000000010 <Address 0x3000000010 out of bounds>, 
            len = 807602928}, {s = 0x7fff30230a30 "\034\350g\001", 
            len = 205325560}, {s = 0x0, len = 8180}, {
            s = 0x3630313600000002 <Address 0x3630313600000002 out of bounds>, 
            len = 0}, {s = 0x0, len = 0}}
        result = {s = 0x7fff30230c10 " \am\f\247\177", len = 8187}
        uri = {user = {s = 0x5 <Address 0x5 out of bounds>, len = 204867452}, 
          passwd = {s = 0x0, len = 206126302}, host = {s = 0x0, len = 1}, 
          port = {s = 0x0, len = 0}, params = {s = 0x167e5b0 "x\am\f\247\177", 
            len = 807602784}, headers = {s = 0x7fff30230a78 "I,L", 
            len = 206126299}, port_no = 5, proto = 0, type = ERROR_URI_T, 
          transport = {s = 0x7fa70c36077c "\213\003\366Āu\030H\213\223\210", 
            len = 32}, ttl = {s = 0x0, len = 23586224}, user_param = {
            s = 0x7fff30230aa0 "\001", len = 807602872}, maddr = {
            s = 0x7fa70c493cdb "[%d]", len = 5}, method = {
            s = 0x7fa70c36077c "\213\003\366Āu\030H\213\223\210", 
            len = 807603192}, lr = {s = 0x7fa70c493cde "]", len = 90}, r2 = {
---Type <return> to continue, or q <return> to quit---
            s = 0x1 <Address 0x1 out of bounds>, len = 0}, gr = {
            s = 0x62d177 "}\n", len = 807602372}, transport_val = {
            s = 0x2 <Address 0x2 out of bounds>, len = 32}, ttl_val = {
            s = 0x7fa70c493cdd "d]", len = 23586048}, user_param_val = {
            s = 0x7fff30230b20 "0\f#0\377\177", len = 23586148}, maddr_val = {
            s = 0x0, len = -4}, method_val = {s = 0x0, len = 32}, lr_val = {
            s = 0x7fa70c393e0e "H\211E(\353\277\017\037@", len = 23586224}, 
          r2_val = {s = 0x7fff30230b60 "\260\r#0\377\177", len = 807603352}, 
          gr_val = {s = 0x62805d "DBG:core:%s: to body [%.*s]\n", len = 91}, 
          u_name = {{s = 0x7fa70c36077c "\213\003\366Āu\030H\213\223\210", 
              len = 0}, {s = 0x628077 "]\n", len = 23586224}, {
              s = 0x7fff30230ba0 " \am\f\247\177", len = 807603128}, {
              s = 0x7fa70c493cdb "[%d]", len = 5}, {
              s = 0x7fa70c36077c "\213\003\366Āu\030H\213\223\210", 
              len = -156}, {s = 0x7fa70c493cde "]", len = 0}, {
              s = 0x1 <Address 0x1 out of bounds>, len = 37}, {s = 0x0, 
              len = 0}, {s = 0x0, len = 32}, {s = 0x0, len = 6476121}}, 
          u_val = {{s = 0x0, len = 0}, {s = 0x0, len = -4}, {s = 0x0, 
              len = 32}, {
              s = 0xffffffff00000000 <Address 0xffffffff00000000 out of bounds>, len = 23586224}, {s = 0x7fff30230c60 "\025", len = 807603608}, {
              s = 0x7fa6f89efd88 "DBG:uri:%s: no totag\n", len = 17}, {
              s = 0x7fa70c36077c "\213\003\366Āu\030H\213\223\210", len = 0}, 
---Type <return> to continue, or q <return> to quit---
            {s = 0x7fa6f89efd92 ": no totag\n", len = 807602788}, {
              s = 0xb <Address 0xb out of bounds>, len = 807603200}, {
              s = 0x7fa709aeaca8 "\020", len = -1}}, u_params_no = 15320}
        next_hop = {user = {s = 0x7fa709b13bd8 "\341\002", len = 162442632}, 
          passwd = {s = 0x0, len = 4359010}, host = {
            s = 0x30230ab7 <Address 0x30230ab7 out of bounds>, len = 0}, 
          port = {s = 0x7fa700000000 "", len = 0}, params = {s = 0x0, 
            len = 162442632}, headers = {s = 0x7fa709b13bd8 "\341\002", 
            len = 162610136}, port_no = 44424, proto = 2478, type = 32679, 
          transport = {s = 0x4c3134 "H\205\333t\n\307C\024\030", len = 0}, 
          ttl = {s = 0x1 <Address 0x1 out of bounds>, len = -1}, user_param = {
            s = 0xffffffffffffffff <Address 0xffffffffffffffff out of bounds>, 
            len = 0}, maddr = {s = 0x7fa70c493cde "]", len = 807603864}, 
          method = {s = 0x7fa6f89efd91 "s: no totag\n", len = 0}, lr = {
            s = 0x7fa70c36077c "\213\003\366Āu\030H\213\223\210", len = 9}, 
          r2 = {s = 0x7fa6f89efe30 "has_totag", len = 23586224}, gr = {
            s = 0x7fa70c362eac "\200\275\240\372\377\377", len = 807603640}, 
          transport_val = {s = 0x0, len = -123798128}, ttl_val = {s = 0x0, 
            len = -4}, user_param_val = {s = 0x7fa70c493cde "]", len = 32}, 
          maddr_val = {s = 0x1 <Address 0x1 out of bounds>, len = 23586224}, 
          method_val = {s = 0x7fff30230df0 "[Ӊ", len = 807604008}, lr_val = {
            s = 0x63fa00 "DBG:core:%s: Async successful write from first try on %p\n", len = 84}, r2_val = {
---Type <return> to continue, or q <return> to quit---
            s = 0x7fa70c36077c "\213\003\366Āu\030H\213\223\210", len = 0}, 
          gr_val = {s = 0x63fa38 "\n", len = 807603188}, u_name = {{s = 0x0, 
              len = -4}, {s = 0x0, len = 32}, {
              s = 0xffffffff00000000 <Address 0xffffffff00000000 out of bounds>, len = 23586224}, {s = 0x7fff30230e60 "", len = 807604120}, {
              s = 0x640128 "DBG:core:%s: after write: c= %p n=%d fd=%d\n", 
              len = 67}, {
              s = 0x7fa70c36077c "\213\003\366Āu\030H\213\223\210", len = 0}, 
            {s = 0x640152 "\n", len = 807603300}, {
              s = 0x1 <Address 0x1 out of bounds>, len = 13}, {
              s = 0x7fa70c493cdd "d]", len = -102697984}, {
              s = 0x1000000000 <Address 0x1000000000 out of bounds>, 
              len = 1918985572}}, u_val = {{s = 0x7fff30230c68 "\001", 
              len = 0}, {s = 0x7fa70c362eac "\200\275\240\372\377\377", 
              len = 807603372}, {s = 0x0, len = -2}, {s = 0x0, 
              len = 807603232}, {s = 0x7fa700000000 "", len = 120}, {s = 0x0, 
              len = 59}, {
              s = 0x7fa70c3d04f8 "L\213T$\bL\213D$\020\351\300\360\377\377f\017\037\204", len = 120}, {s = 0x1ff4 <Address 0x1ff4 out of bounds>, len = 2}, {
              s = 0xffffffffffffffff <Address 0xffffffffffffffff out of bounds>, len = 0}, {s = 0x0, len = 807602944}}, u_params_no = 0}
        u = <optimized out>
        port = <optimized out>
---Type <return> to continue, or q <return> to quit---
        cmatch = <optimized out>
        aitem = <optimized out>
        adefault = <optimized out>
        spec = <optimized out>
        model = <optimized out>
        val = {rs = {s = 0x7fff30230ba0 " \am\f\247\177", len = 0}, ri = 16, 
          flags = 48}
        pve = <optimized out>
        name_s = {s = 0x2 <Address 0x2 out of bounds>, len = 1}
        start = {tv_sec = 1, tv_usec = 0}
        aux_counter = <optimized out>
        __FUNCTION__ = "do_action"
#10 0x0000000000428362 in run_action_list (a=<optimized out>, 
    msg=0x7fa709b13bd8) at action.c:172
        ret = <optimized out>
        t = 0x7fa709aeb038
#11 0x0000000000424668 in do_action (a=0x7fa709aebd38, msg=0x7fa709b13bd8)
    at action.c:1124
        increment = <optimized out>
        decrement = <optimized out>
        val_number = <optimized out>
        j = <optimized out>
        val_s = {s = 0x0, len = 0}
---Type <return> to continue, or q <return> to quit---
        cdb_reply = <optimized out>
        aux = {s = 0x3000000018 <Address 0x3000000018 out of bounds>, len = 1}
        i = <optimized out>
        key_number = <optimized out>
        it = <optimized out>
        avp_val = {n = -1, s = {
            s = 0x36303136ffffffff <Address 0x36303136ffffffff out of bounds>, 
            len = -1}}
        avp_name = {n = 0, s = {
            s = 0x7fff00000000 <Address 0x7fff00000000 out of bounds>, 
            len = 807605816}}
        avp_type = <optimized out>
        ret = 1
        v = 1
        sec = <optimized out>
        usec = <optimized out>
        to = <optimized out>
        p = <optimized out>
        tmp = <optimized out>
        new_uri = <optimized out>
        end = <optimized out>
        crt = <optimized out>
        len = <optimized out>
---Type <return> to continue, or q <return> to quit---
        i = <optimized out>
        user = 0
        expires = 0
        vals = {{s = 0x167e5b0 "x\am\f\247\177", len = 0}, {
            s = 0xfffffffffffffffc <Address 0xfffffffffffffffc out of bounds>, 
            len = 0}, {s = 0x20 <Address 0x20 out of bounds>, 
            len = 205078030}, {s = 0x167e5b0 "x\am\f\247\177", 
            len = 807606176}, {s = 0x7fff302318d8 " ", len = 6455680}}
        result = {s = 0x7fa700000000 "", len = 0}
        uri = {user = {s = 0x1 <Address 0x1 out of bounds>, len = 0}, 
          passwd = {
            s = 0xffffffffffffffa0 <Address 0xffffffffffffffa0 out of bounds>, 
            len = 23586816}, host = {s = 0x7fa70c6d0720 "", len = 8208}, 
          port = {s = 0x2010 <Address 0x2010 out of bounds>, len = 23595024}, 
          params = {s = 0x2010 <Address 0x2010 out of bounds>, 
            len = 205101796}, headers = {s = 0x7fa70c6d0fb0 "\340\341e\001", 
            len = 807603360}, port_no = 1824, proto = 3181, type = 32679, 
          transport = {
            s = 0x167e810 "<135>Aug 20 10:50:18 /sbin/opensips[6106]: DBG:mid_registrar:prepare_forward: Contact: '<sip:106m@70.42.44.203:54150;rinstance=765A6C05;transport=tcp>;expires=600'\n", len = 72}, ttl = {s = 0x167e800 "`\002", 
            len = 80}, user_param = {
            s = 0x7fa70c39b3fe "H\211\302\203=\254\255\063", len = 208471840}, 
---Type <return> to continue, or q <return> to quit---
          maddr = {s = 0x100000000 <Address 0x100000000 out of bounds>, 
            len = 807603504}, method = {s = 0x1 <Address 0x1 out of bounds>, 
            len = 0}, lr = {s = 0x0, len = 0}, r2 = {
            s = 0x1 <Address 0x1 out of bounds>, len = 0}, gr = {
            s = 0x167e810 "<135>Aug 20 10:50:18 /sbin/opensips[6106]: DBG:mid_registrar:prepare_forward: Contact: '<sip:106m@70.42.44.203:54150;rinstance=765A6C05;transport=tcp>;expires=600'\n", len = 21}, transport_val = {
            s = 0x1 <Address 0x1 out of bounds>, len = 0}, ttl_val = {
            s = 0xffffffffffffffa0 <Address 0xffffffffffffffa0 out of bounds>, 
            len = 807603608}, user_param_val = {
            s = 0x7fa70c407edf "H\213\234", <incomplete sequence \310>, 
            len = 55}, maddr_val = {
            s = 0x7fa6f89efd88 "DBG:uri:%s: no totag\n", len = 18}, 
          method_val = {s = 0x140000000a <Address 0x140000000a out of bounds>, 
            len = 7}, lr_val = {
            s = 0xe700000000 <Address 0xe700000000 out of bounds>, len = 1}, 
          r2_val = {
            s = 0xffffffffffffc7c0 <Address 0xffffffffffffc7c0 out of bounds>, 
            len = 23454144}, gr_val = {
            s = 0x89d1dc "\"Phil Reichwein\" <sip:106m@SurgicalDirect.20387.service>\r\nExpires: 600\r\nCall-ID: 22E656D4B98FAF3AF3140879796B9AEF1C82BFFE\r\nCSeq: 12 REGISTER\r\nProxy-Authorization: Digest username=\"106m\",realm=\"Surgica"..., len = -4}, u_name = {{s = 0x0, len = 162610136}, {
---Type <return> to continue, or q <return> to quit---
              s = 0x7fa709b13bd8 "\341\002", len = 8}, {
              s = 0x52c40b "I\215D$\030H\203\304@[]A\\Ã\302\001\201\372\063\b", len = 9032539}, {s = 0x7fa70c408272 "H\201\304", <incomplete sequence \330>, 
              len = 23586832}, {s = 0x0, len = 23586832}, {
              s = 0x89d1dc "\"Phil Reichwein\" <sip:106m@SurgicalDirect.20387.service>\r\nExpires: 600\r\nCall-ID: 22E656D4B98FAF3AF3140879796B9AEF1C82BFFE\r\nCSeq: 12 REGISTER\r\nProxy-Authorization: Digest username=\"106m\",realm=\"Surgica"..., len = 71}, {s = 0x5999a1aa <Address 0x5999a1aa out of bounds>, 
              len = 162613520}, {
              s = 0xffffffff <Address 0xffffffff out of bounds>, 
              len = 162610136}, {s = 0x7fa709b13bd8 "\341\002", len = 16}, {
              s = 0x0, len = 0}}, u_val = {{
              s = 0x7fa70c408272 "H\201\304", <incomplete sequence \330>, 
              len = 0}, {
              s = 0x3000000020 <Address 0x3000000020 out of bounds>, 
              len = 807603824}, {s = 0x7fff30230db0 " \022#0\377\177", 
              len = 807604768}, {s = 0x0, len = 8208}, {
              s = 0x7fa6f89efe30 "has_totag", len = 3}, {
              s = 0x1 <Address 0x1 out of bounds>, len = 8}, {
              s = 0x89d1d8 "To: \"Phil Reichwein\" <sip:106m@SurgicalDirect.20387.service>\r\nExpires: 600\r\nCall-ID: 22E656D4B98FAF3AF3140879796B9AEF1C82BFFE\r\nCSeq: 12 REGISTER\r\nProxy-Authorization: Digest username=\"106m\",realm=\"Sur"..., len = 9032539}, {
---Type <return> to continue, or q <return> to quit---
              s = 0x534296 "I\211\304D\213\003A\215@\001\203\370,v}L\213=\224p3", len = 807604817}, {s = 0x0, len = 9031936}, {s = 0x7fa709aea880 "\020", 
              len = -1}}, u_params_no = 15320}
        next_hop = {user = {s = 0x7fa709b13bd8 "\341\002", len = 162441568}, 
          passwd = {s = 0x0, len = 4359010}, host = {
            s = 0x10 <Address 0x10 out of bounds>, len = 0}, port = {s = 0x0, 
            len = -123832728}, params = {s = 0x0, len = 162441568}, headers = {
            s = 0x7fa709b13bd8 "\341\002", len = 162610136}, port_no = 43360, 
          proto = 2478, type = 32679, transport = {
            s = 0x4c3134 "H\205\333t\n\307C\024\030", len = 0}, ttl = {
            s = 0x6173f0 "pv_get_useragent", len = 7}, user_param = {
            s = 0x7fa70c362eac "\200\275\240\372\377\377", len = 1}, maddr = {
            s = 0x0, len = 6390417}, method = {s = 0x0, len = 23586832}, lr = {
            s = 0x1c6 <Address 0x1c6 out of bounds>, len = 162620472}, r2 = {
            s = 0x3b <Address 0x3b out of bounds>, len = 10}, gr = {
            s = 0x1c6 <Address 0x1c6 out of bounds>, len = -102697856}, 
          transport_val = {
            s = 0x7fa70c408272 "H\201\304", <incomplete sequence \330>, 
            len = 23586832}, ttl_val = {s = 0x0, len = 23586832}, 
          user_param_val = {s = 0x7fff30230f40 "o", len = 111}, maddr_val = {
            s = 0x59999cee <Address 0x59999cee out of bounds>, 
            len = 807604256}, method_val = {s = 0x7fa6f9e0f48c "", len = 454}, 
          lr_val = {s = 0x1c6 <Address 0x1c6 out of bounds>, len = 0}, 
---Type <return> to continue, or q <return> to quit---
          r2_val = {s = 0x400 <Address 0x400 out of bounds>, len = 162620472}, 
          gr_val = {
            s = 0x7fa70c408272 "H\201\304", <incomplete sequence \330>, 
            len = -4}, u_name = {{
              s = 0x3000000030 <Address 0x3000000030 out of bounds>, 
              len = 807604344}, {s = 0x7fff30230fb0 "\260\345g\001", 
              len = 23586224}, {
              s = 0x52c40b "I\215D$\030H\203\304@[]A\\Ã\302\001\201\372\063\b", len = 807606136}, {s = 0x640aab "proto_tcp_send", len = -102697856}, {
              s = 0x1c6 <Address 0x1c6 out of bounds>, len = 0}, {
              s = 0x52c40b "I\215D$\030H\203\304@[]A\\Ã\302\001\201\372\063\b", len = 454}, {
              s = 0x5e4a86 "\351\204\373\377\377\350`\342\342\377I\211\301\213=\237i(", len = -1}, {s = 0x7fa709b14d98 "\006", len = -102697856}, {
              s = 0x534bad "\351\036\370\377\377H\213\225\230\001", len = 59}, 
            {
              s = 0x52c40b "I\215D$\030H\203\304@[]A\\Ã\302\001\201\372\063\b", 
              len = 162610136}}, u_val = {{s = 0x7fa6f9e0f48c "", 
              len = -102697856}, {
              s = 0x7fa70c3d04f8 "L\213T$\bL\213D$\020\351\300\360\377\377f\017\037\204", len = 23586224}, {s = 0x7fff302316e0 " \am\f\247\177", 
              len = 807606008}, {s = 0x7fa70c493cdb "[%d]", len = 5}, {
              s = 0x7fa70c36077c "\213\003\366Āu\030H\213\223\210", 
---Type <return> to continue, or q <return> to quit---
              len = 807604896}, {s = 0x7fa70c493cde "]", len = 16}, {
              s = 0x1 <Address 0x1 out of bounds>, len = 807604688}, {
              s = 0xffffffff00000000 <Address 0xffffffff00000000 out of bounds>, len = 0}, {s = 0x0, len = 892482864}, {
              s = 0x3137363130434445 <Address 0x3137363130434445 out of bounds>, len = 959526721}}, u_params_no = 20}
        u = <optimized out>
        port = <optimized out>
        cmatch = <optimized out>
        aitem = <optimized out>
        adefault = <optimized out>
        spec = <optimized out>
        model = <optimized out>
        val = {rs = {s = 0x0, len = 0}, ri = -156, flags = -1}
        pve = <optimized out>
        name_s = {s = 0x20 <Address 0x20 out of bounds>, len = 0}
        start = {tv_sec = 140733193388032, tv_usec = 0}
        aux_counter = <optimized out>
        __FUNCTION__ = "do_action"
#12 0x0000000000428362 in run_action_list (a=<optimized out>, 
    msg=0x7fa709b13bd8) at action.c:172
        ret = <optimized out>
        t = 0x7fa709aebd38
---Type <return> to continue, or q <return> to quit---
#13 0x0000000000425269 in do_action (a=0x7fa709aebe18, msg=0x7fa709b13bd8)
    at action.c:1130
        increment = <optimized out>
        decrement = <optimized out>
        val_number = <optimized out>
        j = <optimized out>
        val_s = {s = 0x7fa700000020 "", len = 5424139}
        cdb_reply = <optimized out>
        aux = {s = 0x9ae66a8 <Address 0x9ae66a8 out of bounds>, 
          len = 162610136}
        i = <optimized out>
        key_number = <optimized out>
        it = <optimized out>
        avp_val = {n = 9032137, s = {
            s = 0x89d1c9 "ReachUC SIPIS\r\nTo: \"Phil Reichwein\" <sip:106m@SurgicalDirect.20387.service>\r\nExpires: 600\r\nCall-ID: 22E656D4B98FAF3AF3140879796B9AEF1C82BFFE\r\nCSeq: 12 REGISTER\r\nProxy-Authorization: Digest username=\"1"..., len = 5425047}}
        avp_name = {n = 0, s = {s = 0x0, len = 162618624}}
        avp_type = <optimized out>
        ret = <optimized out>
        v = 0
        sec = <optimized out>
---Type <return> to continue, or q <return> to quit---
        usec = <optimized out>
        to = <optimized out>
        p = <optimized out>
        tmp = <optimized out>
        new_uri = <optimized out>
        end = <optimized out>
        crt = <optimized out>
        len = <optimized out>
        i = <optimized out>
        user = 0
        expires = 0
        vals = {{s = 0x7fff30231d24 "6106H!#0\377\177", len = 32}, {
            s = 0x7fff302319b0 "\002", len = 807606512}, {
            s = 0x167e810 "<135>Aug 20 10:50:18 /sbin/opensips[6106]: DBG:mid_registrar:prepare_forward: Contact: '<sip:106m@70.42.44.203:54150;rinstance=765A6C05;transport=tcp>;expires=600'\n", len = 0}, {
            s = 0x167e810 "<135>Aug 20 10:50:18 /sbin/opensips[6106]: DBG:mid_registrar:prepare_forward: Contact: '<sip:106m@70.42.44.203:54150;rinstance=765A6C05;transport=tcp>;expires=600'\n", len = 6459144}, {
            s = 0x7fa709b15d48 "1b4\r\n", len = 0}}
        result = {s = 0x89d35b "", len = 5447347}
        uri = {user = {s = 0x0, len = 13}, passwd = {s = 0x0, len = 0}, 
          host = {s = 0x7fff30231460 "\311щ", len = 205469655}, port = {
---Type <return> to continue, or q <return> to quit---
            s = 0x0, len = -96}, params = {s = 0x7fff302314c8 "\001", 
            len = 807605600}, headers = {s = 0x7fff302314d0 "\360\020f\001", 
            len = 6455532}, port_no = 4336, proto = 358, type = ERROR_URI_T, 
          transport = {s = 0x100000000 <Address 0x100000000 out of bounds>, 
            len = 162422360}, ttl = {s = 0x1660fe0 "", len = 1}, user_param = {
            s = 0xd0000000d <Address 0xd0000000d out of bounds>, 
            len = 9032137}, maddr = {s = 0x0, len = 0}, method = {s = 0x0, 
            len = 2}, lr = {s = 0x1 <Address 0x1 out of bounds>, len = 2}, 
          r2 = {s = 0x618288 "DBG:core:%s: no User-Agent header\n", len = 9}, 
          gr = {s = 0x140000000a <Address 0x140000000a out of bounds>, 
            len = 23586832}, transport_val = {s = 0x0, len = 9032137}, 
          ttl_val = {s = 0x167a7c0 "@{g\001", len = 0}, user_param_val = {
            s = 0x0, len = 0}, maddr_val = {s = 0x0, len = 0}, method_val = {
            s = 0xd00000000 <Address 0xd00000000 out of bounds>, len = 13}, 
          lr_val = {s = 0x60000000d <Address 0x60000000d out of bounds>, 
            len = 0}, r2_val = {s = 0x1661198 "", len = 16777217}, gr_val = {
            s = 0x1 <Address 0x1 out of bounds>, len = 23466224}, u_name = {{
              s = 0xffffffff00000000 <Address 0xffffffff00000000 out of bounds>, len = 0}, {s = 0x0, len = 0}, {s = 0x0, len = 0}, {
              s = 0x1 <Address 0x1 out of bounds>, len = 0}, {s = 0x0, 
              len = 0}, {
              s = 0x7fa70c408272 "H\201\304", <incomplete sequence \330>, 
              len = 24}, {
---Type <return> to continue, or q <return> to quit---
              s = 0x52c40b "I\215D$\030H\203\304@[]A\\Ã\302\001\201\372\063\b", len = 807605776}, {s = 0x7fff30231550 "\002", len = 2}, {
              s = 0x52c797 "H\203\304([]\303H\211\312H\301\352\003\351\033\377\377\377L\213_\020\351S\377\377\377M\205\311\017\210o\001", len = 13}, {
              s = 0x7fa709b14850 "\033", len = 162610136}}, u_val = {{
              s = 0x89d1bd "User-Agent: ReachUC SIPIS\r\nTo: \"Phil Reichwein\" <sip:106m@SurgicalDirect.20387.service>\r\nExpires: 600\r\nCall-ID: 22E656D4B98FAF3AF3140879796B9AEF1C82BFFE\r\nCSeq: 12 REGISTER\r\nProxy-Authorization: Digest"..., len = 134217728}, {
              s = 0x7fa70c3d04f8 "L\213T$\bL\213D$\020\351\300\360\377\377f\017\037\204", len = 9032539}, {s = 0x1ff4 <Address 0x1ff4 out of bounds>, 
              len = 2}, {s = 0x0, len = 9032137}, {s = 0x0, len = 807606240}, {
              s = 0xa00000000 <Address 0xa00000000 out of bounds>, len = 16}, {
              s = 0x7fff302317d0 "p", len = 807606032}, {
              s = 0x7fa709b13bd8 "\341\002", len = 0}, {s = 0x0, 
              len = 807606768}, {s = 0x7fa709aea2e0 "\020", len = -1}}, 
          u_params_no = 15320}
        next_hop = {user = {s = 0x7fa709b13bd8 "\341\002", len = 162440128}, 
          passwd = {s = 0x0, len = 4359010}, host = {s = 0x0, len = 1}, 
          port = {s = 0x383130231870 <Address 0x383130231870 out of bounds>, 
            len = 0}, params = {s = 0x0, len = 162440128}, headers = {
            s = 0x7fa709b13bd8 "\341\002", len = 162610136}, port_no = 41920, 
          proto = 2478, type = 32679, transport = {
---Type <return> to continue, or q <return> to quit---
            s = 0x4c3134 "H\205\333t\n\307C\024\030", len = 24}, ttl = {
            s = 0x7fff302319b0 "\002", len = 807606512}, user_param = {
            s = 0x1ffb <Address 0x1ffb out of bounds>, len = 2}, maddr = {
            s = 0x1 <Address 0x1 out of bounds>, len = 1}, method = {s = 0x0, 
            len = -96}, lr = {s = 0x167e800 "`\002", len = 208471840}, r2 = {
            s = 0x2010 <Address 0x2010 out of bounds>, len = 8208}, gr = {
            s = 0x1680810 "", len = 8208}, transport_val = {
            s = 0x7fa70c399ae4 "L\215k\020L\211\350H\213\\$\020H\213l$\030L\213d$ L\213l$(L\213t$0H\203\304\070\303\017\037\200", len = 208474032}, ttl_val = {
            s = 0x7fff302317e0 "\022", len = 208471840}, user_param_val = {
            s = 0x167e810 "<135>Aug 20 10:50:18 /sbin/opensips[6106]: DBG:mid_registrar:prepare_forward: Contact: '<sip:106m@70.42.44.203:54150;rinstance=765A6C05;transport=tcp>;expires=600'\n", len = 88}, maddr_val = {
            s = 0x167e800 "`\002", len = 96}, method_val = {
            s = 0x7fa70c39b3fe "H\211\302\203=\254\255\063", len = 208471840}, 
          lr_val = {s = 0x100000000 <Address 0x100000000 out of bounds>, 
            len = 807606384}, r2_val = {s = 0x1 <Address 0x1 out of bounds>, 
            len = 0}, gr_val = {s = 0x0, len = 0}, u_name = {{
              s = 0x1 <Address 0x1 out of bounds>, len = 0}, {
              s = 0x167e810 "<135>Aug 20 10:50:18 /sbin/opensips[6106]: DBG:mid_registrar:prepare_forward: Contact: '<sip:106m@70.42.44.203:54150;rinstance=765A6C05;transport=tcp>;expires=600'\n", len = 21}, {
              s = 0x1 <Address 0x1 out of bounds>, len = 0}, {
---Type <return> to continue, or q <return> to quit---
              s = 0xffffffffffffffa0 <Address 0xffffffffffffffa0 out of bounds>, len = 807606488}, {
              s = 0x7fa70c407edf "H\213\234", <incomplete sequence \310>, 
              len = 112}, {s = 0x628180 "DBG:core:%s: found end of header\n", 
              len = 18}, {
              s = 0x140000000a <Address 0x140000000a out of bounds>, len = 7}, 
            {s = 0xe700000000 <Address 0xe700000000 out of bounds>, len = 1}, {
              s = 0xffffffffffffc7c0 <Address 0xffffffffffffc7c0 out of bounds>, len = 23454144}, {s = 0x1 <Address 0x1 out of bounds>, len = 0}}, u_val = {{
              s = 0x167e810 "<135>Aug 20 10:50:18 /sbin/opensips[6106]: DBG:mid_registrar:prepare_forward: Contact: '<sip:106m@70.42.44.203:54150;rinstance=765A6C05;transport=tcp>;expires=600'\n", len = 21}, {
              s = 0x1 <Address 0x1 out of bounds>, len = 0}, {
              s = 0xffffffffffffffa0 <Address 0xffffffffffffffa0 out of bounds>, len = 807606632}, {
              s = 0x7fa70c407edf "H\213\234", <incomplete sequence \310>, 
              len = 23586832}, {s = 0x0, len = 23586832}, {
              s = 0x140000000a <Address 0x140000000a out of bounds>, 
              len = 87}, {s = 0x5999a1aa <Address 0x5999a1aa out of bounds>, 
              len = 1}, {s = 0x89d359 "\r\n", len = 9032539}, {
              s = 0x7fa709b15d00 "+", len = -1}, {s = 0x89d359 "\r\n", 
              len = 9032539}}, u_params_no = 33394}
        u = <optimized out>
---Type <return> to continue, or q <return> to quit---
        port = <optimized out>
        cmatch = <optimized out>
        aitem = <optimized out>
        adefault = <optimized out>
        spec = <optimized out>
        model = <optimized out>
        val = {rs = {s = 0x8 <Address 0x8 out of bounds>, len = 5511073}, 
          ri = 807606848, flags = 32767}
        pve = <optimized out>
        name_s = {s = 0x2 <Address 0x2 out of bounds>, len = 9032285}
        start = {tv_sec = 17179869192, tv_usec = 9032288}
        aux_counter = <optimized out>
        __FUNCTION__ = "do_action"
#14 0x0000000000428362 in run_action_list (a=<optimized out>, 
    msg=0x7fa709b13bd8) at action.c:172
        ret = <optimized out>
        t = 0x7fa709aebe18
#15 0x0000000000425269 in do_action (a=0x7fa709aebef8, msg=0x7fa709b13bd8)
    at action.c:1130
        increment = <optimized out>
        decrement = <optimized out>
        val_number = <optimized out>
        j = <optimized out>
---Type <return> to continue, or q <return> to quit---
        val_s = {s = 0x89d35b "", len = 162612944}
        cdb_reply = <optimized out>
        aux = {s = 0x7fa709b144d8 "\001", len = 6459158}
        i = <optimized out>
        key_number = <optimized out>
        it = <optimized out>
        avp_val = {n = 0, s = {s = 0x0, len = 0}}
        avp_name = {n = 23586832, s = {
            s = 0x167e810 "<135>Aug 20 10:50:18 /sbin/opensips[6106]: DBG:mid_registrar:prepare_forward: Contact: '<sip:106m@70.42.44.203:54150;rinstance=765A6C05;transport=tcp>;expires=600'\n", len = 0}}
        avp_type = <optimized out>
        ret = <optimized out>
        v = 0
        sec = <optimized out>
        usec = <optimized out>
        to = <optimized out>
        p = <optimized out>
        tmp = <optimized out>
        new_uri = <optimized out>
        end = <optimized out>
        crt = <optimized out>
        len = <optimized out>
---Type <return> to continue, or q <return> to quit---
        i = <optimized out>
        user = 0
        expires = 0
        vals = {{s = 0x66 <Address 0x66 out of bounds>, len = 23586816}, {
            s = 0x70 <Address 0x70 out of bounds>, len = 205108222}, {
            s = 0x7fa70c6d0720 "", len = 0}, {
            s = 0x7fff30232200 "\020\350g\001", len = 1}, {s = 0x0, len = 0}}
        result = {s = 0x1 <Address 0x1 out of bounds>, len = -14400}
        uri = {user = {s = 0x7fff30232300 "\260\064\256\t\247\177", len = 0}, 
          passwd = {s = 0x0, len = 0}, host = {
            s = 0xffffffff00000000 <Address 0xffffffff00000000 out of bounds>, 
            len = 1}, port = {
            s = 0x7fffffffffff <Address 0x7fffffffffff out of bounds>, 
            len = -1}, params = {s = 0x0, len = 0}, headers = {
            s = 0x7fa6f9ebfb00 "p\034", len = 6400970}, port_no = 24832, 
          proto = 98, type = ERROR_URI_T, transport = {
            s = 0x7fff30231fe8 "\260 #0\377\177", len = 11}, ttl = {
            s = 0x61af00 "receive_msg", len = 807608364}, user_param = {
            s = 0x7fa70c362eac "\200\275\240\372\377\377", len = -1}, maddr = {
            s = 0x0, len = 6400969}, method = {s = 0x0, len = 120}, lr = {
            s = 0x0, len = 0}, r2 = {
            s = 0xa00000000 <Address 0xa00000000 out of bounds>, len = 0}, 
          gr = {s = 0x3 <Address 0x3 out of bounds>, len = 0}, 
---Type <return> to continue, or q <return> to quit---
          transport_val = {
            s = 0xffffffffffffffff <Address 0xffffffffffffffff out of bounds>, 
            len = 807608487}, ttl_val = {s = 0x7fa70c493cdd "d]", len = 0}, 
          user_param_val = {s = 0x64058e "d \n", len = 0}, maddr_val = {
            s = 0x7fff30232098 "\344\232\071\f\247\177", len = 100}, 
          method_val = {s = 0x7fff302320a8 "p!#0\377\177", len = -4}, 
          lr_val = {s = 0x7fa70c362eac "\200\275\240\372\377\377", len = -10}, 
          r2_val = {s = 0x0, len = 6554961}, gr_val = {s = 0x0, len = 1024}, 
          u_name = {{s = 0x0, len = -1328567296}, {
              s = 0xa00000000 <Address 0xa00000000 out of bounds>, len = 0}, {
              s = 0x5 <Address 0x5 out of bounds>, len = 0}, {
              s = 0xffffffffffffffff <Address 0xffffffffffffffff out of bounds>, len = 807608654}, {
              s = 0x7fa70c3d04f8 "L\213T$\bL\213D$\020\351\300\360\377\377f\017\037\204", len = 0}, {s = 0x1ff4 <Address 0x1ff4 out of bounds>, len = 2}, {
              s = 0x7fff30232148 "\240\377\377\377\377\377\377\377h\"#0\377\177", len = 100}, {s = 0x7fff30232158 "\337~@\f\247\177", len = 807608160}, {
              s = 0xa00000000 <Address 0xa00000000 out of bounds>, len = 16}, {
              s = 0x7fff30231f50 "p!#0\377\177", len = 807607952}}, u_val = {{
              s = 0x0, len = 32}, {s = 0x0, len = 807608788}, {s = 0x0, 
              len = 59}, {s = 0xa00000000 <Address 0xa00000000 out of bounds>, 
              len = -256}, {s = 0x4 <Address 0x4 out of bounds>, len = 0}, {
              s = 0xffffffffffffffff <Address 0xffffffffffffffff out of bounds>,---Type <return> to continue, or q <return> to quit---
 len = 807608854}, {s = 0x7fa70c362eac "\200\275\240\372\377\377", len = 0}, {
              s = 0x63d988 "d\n", len = 0}, {s = 0x7fa70c493cd8 "T ", 
              len = 23586844}, {
              s = 0x167e81c "10:50:18 /sbin/opensips[6106]: DBG:mid_registrar:prepare_forward: Contact: '<sip:106m@70.42.44.203:54150;rinstance=765A6C05;transport=tcp>;expires=600'\n", len = 208462784}}, u_params_no = 7}
        next_hop = {user = {
            s = 0x3000000018 <Address 0x3000000018 out of bounds>, 
            len = 807608624}, passwd = {s = 0x7fff30232070 " \am\f\247\177", 
            len = 8187}, host = {s = 0x2 <Address 0x2 out of bounds>, 
            len = 1}, port = {s = 0x1 <Address 0x1 out of bounds>, len = 0}, 
          params = {
            s = 0xffffffffffffffa0 <Address 0xffffffffffffffa0 out of bounds>, 
            len = 205325560}, headers = {s = 0x7fa70c6d0720 "", len = 8180}, 
          port_no = 2, proto = 0, type = 909127990, transport = {
            s = 0x1680810 "", len = 8208}, ttl = {
            s = 0x7fa70c399ae4 "L\215k\020L\211\350H\213\\$\020H\213l$\030L\213d$ L\213l$(L\213t$0H\203\304\070\303\017\037\200", len = 807608496}, 
          user_param = {s = 0xa00000000 <Address 0xa00000000 out of bounds>, 
            len = 16}, maddr = {s = 0x7fff302320a0 "\260\017m\f\247\177", 
            len = 807608288}, method = {s = 0x167e800 "`\002", len = 112}, 
          lr = {s = 0x7fa70c39b3fe "H\211\302\203=\254\255\063", 
            len = 208471840}, r2 = {
---Type <return> to continue, or q <return> to quit---
            s = 0x100000000 <Address 0x100000000 out of bounds>, 
            len = 807608304}, gr = {s = 0x1 <Address 0x1 out of bounds>, 
            len = 0}, transport_val = {s = 0x0, len = 0}, ttl_val = {
            s = 0x1 <Address 0x1 out of bounds>, len = 0}, user_param_val = {
            s = 0x7fa70c3d04f8 "L\213T$\bL\213D$\020\351\300\360\377\377f\017\037\204", len = 21}, maddr_val = {s = 0x1ff4 <Address 0x1ff4 out of bounds>, 
            len = 2}, method_val = {s = 0x7fa70c493cd8 "T ", len = 23586844}, 
          lr_val = {
            s = 0x167e81c "10:50:18 /sbin/opensips[6106]: DBG:mid_registrar:prepare_forward: Contact: '<sip:106m@70.42.44.203:54150;rinstance=765A6C05;transport=tcp>;expires=600'\n", len = 807608688}, r2_val = {
            s = 0xa00000000 <Address 0xa00000000 out of bounds>, len = 16}, 
          gr_val = {s = 0x7fff30232160 "\021\am\f\247\177", len = 807608480}, 
          u_name = {{s = 0x1ffb <Address 0x1ffb out of bounds>, len = 2}, {
              s = 0x1 <Address 0x1 out of bounds>, len = 1}, {s = 0x0, 
              len = -96}, {s = 0x167e800 "`\002", len = 208471840}, {
              s = 0x2010 <Address 0x2010 out of bounds>, len = 8208}, {
              s = 0x1680810 "", len = 8208}, {
              s = 0x7fa70c399ae4 "L\215k\020L\211\350H\213\\$\020H\213l$\030L\213d$ L\213l$(L\213t$0H\203\304\070\303\017\037\200", len = 208474032}, {
              s = 0x7fff302320b0 " \am\f\247\177", len = 208471840}, {
              s = 0x7fa70c493cd8 "T ", len = 23586844}, {
              s = 0x167e81c "10:50:18 /sbin/opensips[6106]: DBG:mid_registrar:pr---Type <return> to continue, or q <return> to quit---
epare_forward: Contact: '<sip:106m@70.42.44.203:54150;rinstance=765A6C05;transport=tcp>;expires=600'\n", len = 208462784}}, u_val = {{
              s = 0x7 <Address 0x7 out of bounds>, len = 24}, {
              s = 0x7fff30232340 "\020\350g\001", len = 807608960}, {
              s = 0x1ffb <Address 0x1ffb out of bounds>, len = 2}, {
              s = 0x1 <Address 0x1 out of bounds>, len = 1}, {s = 0x0, 
              len = -96}, {s = 0x167e800 "`\002", len = 208471840}, {
              s = 0x2010 <Address 0x2010 out of bounds>, len = 8208}, {
              s = 0x1680810 "", len = 8208}, {
              s = 0x7fa70c399ae4 "L\215k\020L\211\350H\213\\$\020H\213l$\030L\213d$ L\213l$(L\213t$0H\203\304\070\303\017\037\200", len = 208474032}, {
              s = 0x7fff30232170 "\022", len = 208471840}}, 
          u_params_no = 59408}
        u = <optimized out>
        port = <optimized out>
        cmatch = <optimized out>
        aitem = <optimized out>
        adefault = <optimized out>
        spec = <optimized out>
        model = <optimized out>
        val = {rs = {s = 0x7fff30232268 "\370\276\256\t\247\177", 
            len = 205553375}, ri = 208471825, flags = 32679}
        pve = <optimized out>
---Type <return> to continue, or q <return> to quit---
        name_s = {s = 0x165e1c0 "EDT", len = 32}
        start = {tv_sec = 140734000996992, tv_usec = 140734000996800}
        aux_counter = <optimized out>
        __FUNCTION__ = "do_action"
#16 0x0000000000428362 in run_action_list (a=<optimized out>, 
    msg=0x7fa709b13bd8) at action.c:172
        ret = <optimized out>
        t = 0x7fa709aebef8
#17 0x0000000000428a4f in run_actions (msg=0x7fa709b13bd8, a=0x7fa709ae6d30)
    at action.c:137
No locals.
#18 run_actions (msg=0x7fa709b13bd8, a=0x7fa709ae6d30) at action.c:191
No locals.
#19 run_top_route (a=0x7fa709ae6d30, msg=0x7fa709b13bd8) at action.c:214
        bk_action_flags = 0
        bk_rec_lev = 0
        ret = <optimized out>
        ctx = 0x0
        __FUNCTION__ = "run_top_route"
#20 0x00000000004ab1bb in receive_msg (
    buf=0x89d020 "REGISTER sip:SurgicalDirect.20387.service SIP/2.0\r\nVia: SIP/2.0/TCP 70.42.44.203:54150;branch=z9hG4bKgQpFaKSBYddWsVcD;rport\r\nContact: <sip:106m@70.42.44.203:54150;rinstance=765A6C05;transport=tcp>;exp"..., 
---Type <return> to continue, or q <return> to quit---
    len=<optimized out>, rcv_info=<optimized out>, existing_context=0x0)
    at receive.c:208
        ctx = 0x7fa709b14690
        msg = 0x7fa709b13bd8
        start = {tv_sec = 23586832, tv_usec = 1503240609}
        rc = 3
        tmp = 0x0
        in_buff = {
          s = 0x89d020 "REGISTER sip:SurgicalDirect.20387.service SIP/2.0\r\nVia: SIP/2.0/TCP 70.42.44.203:54150;branch=z9hG4bKgQpFaKSBYddWsVcD;rport\r\nContact: <sip:106m@70.42.44.203:54150;rinstance=765A6C05;transport=tcp>;exp"..., 
          len = 827}
        __FUNCTION__ = "receive_msg"
#21 0x00000000005f05b2 in tcp_handle_req (_max_msg_chunks=<optimized out>, 
    con=0x7fa6fa06a250, req=0x89d020) at net/proto_tcp/tcp_common.h:412
        local_rcv = {src_ip = {af = 2, len = 4, u = {addrl = {3408669254, 0}, 
              addr32 = {3408669254, 0, 0, 0}, addr16 = {10822, 52012, 0, 0, 0, 
                0, 0, 0}, addr = "F*,\313", '\000' <repeats 11 times>}}, 
          dst_ip = {af = 2, len = 4, u = {addrl = {3425446470, 0}, addr32 = {
                3425446470, 0, 0, 0}, addr16 = {10822, 52268, 0, 0, 0, 0, 0, 
                0}, addr = "F*,\314", '\000' <repeats 11 times>}}, 
          src_port = 54150, dst_port = 5060, proto = 2, 
          proto_reserved1 = 1259685889, proto_reserved2 = 0, src_su = {s = {
---Type <return> to continue, or q <return> to quit---
              sa_family = 2, 
              sa_data = "ӆF*,\313\000\000\000\000\000\000\000"}, sin = {
              sin_family = 2, sin_port = 34515, sin_addr = {
                s_addr = 3408669254}, 
              sin_zero = "\000\000\000\000\000\000\000"}, sin6 = {
              sin6_family = 2, sin6_port = 34515, sin6_flowinfo = 3408669254, 
              sin6_addr = {__in6_u = {
                  __u6_addr8 = "\000\000\000\000\000\000\000\000\247\177\000\000\001\000\000", __u6_addr16 = {0, 0, 0, 0, 32679, 0, 1, 0}, __u6_addr32 = {0, 
                    0, 32679, 1}}}, sin6_scope_id = 0}}, 
          bind_address = 0x7fa709ae3e00}
        msg_buf = <optimized out>
        msg_len = <optimized out>
        c = 45 '-'
        size = 0
#22 tcp_read_req (con=0x7fa6fa06a250, bytes_read=0x7fff302325b0)
    at net/proto_tcp/proto_tcp.c:1158
        bytes = <optimized out>
        total_bytes = 827
        req = <optimized out>
        src_su = {s = {sa_family = 8, 
            sa_data = "\000\000\000\000\000\000\a\000\000\000\000\000\000"}, 
          sin = {sin_family = 8, sin_port = 0, sin_addr = {s_addr = 0}, 
---Type <return> to continue, or q <return> to quit---
            sin_zero = "\a\000\000\000\000\000\000"}, sin6 = {sin6_family = 8, 
            sin6_port = 0, sin6_flowinfo = 0, sin6_addr = {__in6_u = {
                __u6_addr8 = "\a\000\000\000\000\000\000\000\220%#0\377\177\000", __u6_addr16 = {7, 0, 0, 0, 9616, 12323, 32767, 0}, __u6_addr32 = {7, 0, 
                  807609744, 32767}}}, sin6_scope_id = 59}}
        dst_su = {s = {sa_family = 62592, 
            sa_data = "\340\371\246\177\000\000\063\000\000\000\000\000\000"}, 
          sin = {sin_family = 62592, sin_port = 63968, sin_addr = {
              s_addr = 32678}, sin_zero = "3\000\000\000\000\000\000"}, 
          sin6 = {sin6_family = 62592, sin6_port = 63968, 
            sin6_flowinfo = 32678, sin6_addr = {__in6_u = {
                __u6_addr8 = "3\000\000\000\000\000\000\000\260k\260\t\247\177\000", __u6_addr16 = {51, 0, 0, 0, 27568, 2480, 32679, 0}, __u6_addr32 = {51, 0, 
                  162556848, 32679}}}, sin6_scope_id = 51}}
        __FUNCTION__ = "tcp_read_req"
#23 0x00000000005d4f9c in handle_io (fm=<optimized out>, idx=17, 
    event_type=<optimized out>) at net/net_tcp_proc.c:231
        ret = 0
        n = <optimized out>
        con = 0x7fa6fa06a250
        s = <optimized out>
        rw = <optimized out>
        resp = <optimized out>
---Type <return> to continue, or q <return> to quit---
        response = {140355133568128, 1}
        __FUNCTION__ = "handle_io"
#24 0x00000000005d5fbe in io_wait_loop_epoll (repeat=0, t=2, h=<optimized out>)
    at net/../io_wait_loop.h:280
        ret = 1
        n = 1
        r = 17
        i = <optimized out>
        e = 0x7fa709b072a0
        ep_event = {events = 23454144, data = {ptr = 0xc34867a00000000, 
            fd = 0, u32 = 0, u64 = 879475685788221440}}
        fd = <optimized out>
#25 0x00000000005d6f4b in tcp_worker_proc_loop () at net/net_tcp_proc.c:359
        __FUNCTION__ = "tcp_worker_proc_loop"
#26 0x00000000005cd2dc in tcp_start_processes (chd_rank=0x86fd24, 
    startup_done=0x0) at net/net_tcp.c:1837
        r = <optimized out>
        n = <optimized out>
        reader_fd = {48, 52}
        pid = <optimized out>
        si = <optimized out>
        load_p = 0x7fa6f9df8e20
        __FUNCTION__ = "tcp_start_processes"
---Type <return> to continue, or q <return> to quit---
#27 0x000000000041d4da in main_loop () at main.c:683
        startup_done = 0x0
        chd_rank = 11
#28 main (argc=<optimized out>, argv=<optimized out>) at main.c:1283
        cfg_stream = <optimized out>
        c = <optimized out>
        r = <optimized out>
        tmp = 0x7fff30232e95 ""
        tmp_len = <optimized out>
        port = <optimized out>
        proto = 807611108
        protos_no = <optimized out>
        options = 0x6116e8 "f:cCm:M:b:l:n:N:rRvdDFETSVhw:t:u:g:P:G:W:o:"
        ret = -1
        seed = 2536210741
        rfd = 4
        __FUNCTION__ = "main"
(gdb) 

Aug 20 10:50:17 ingress-nyj /sbin/opensips[6106]: DBG:core:tcp_read_req: Using the global ( per process ) buff 
Aug 20 10:50:17 ingress-nyj /sbin/opensips[6106]: DBG:core:tcp_handle_req: content-length= 0
Aug 20 10:50:17 ingress-nyj /sbin/opensips[6106]: DBG:core:async_tsend_stream: Async successful write from first try on 0x7fa6fa03ea10
Aug 20 10:50:17 ingress-nyj /sbin/opensips[6106]: DBG:core:tcp_read_req: tcp_read_req end
Aug 20 10:50:17 ingress-nyj /sbin/opensips[6106]: DBG:core:tcp_read_req: Using the global ( per process ) buff 
Aug 20 10:50:17 ingress-nyj /sbin/opensips[6106]: DBG:core:tcp_handle_req: content-length= 0
Aug 20 10:50:17 ingress-nyj /sbin/opensips[6106]: DBG:core:tcp_handle_req: Nothing more to read on TCP conn 0x7fa6fa020bd0, currently in state 0 
Aug 20 10:50:17 ingress-nyj /sbin/opensips[6106]: DBG:core:parse_msg: SIP Request:
Aug 20 10:50:17 ingress-nyj /sbin/opensips[6106]: DBG:core:parse_msg:  method:  <REGISTER>
Aug 20 10:50:17 ingress-nyj /sbin/opensips[6106]: DBG:core:parse_msg:  uri:     <sip:mnxsolutions.20881.service>
Aug 20 10:50:17 ingress-nyj /sbin/opensips[6106]: DBG:core:parse_msg:  version: <SIP/2.0>
Aug 20 10:50:17 ingress-nyj /sbin/opensips[6106]: DBG:core:parse_headers: flags=2
Aug 20 10:50:17 ingress-nyj /sbin/opensips[6106]: DBG:core:parse_via_param: found param type 232, <branch> = <z9hG4bK3aZ1b7rLLu3L7uET>; state=6
Aug 20 10:50:17 ingress-nyj /sbin/opensips[6106]: DBG:core:parse_via_param: found param type 235, <rport> = <n/a>; state=17
Aug 20 10:50:17 ingress-nyj /sbin/opensips[6106]: DBG:core:parse_via: end of header reached, state=5
Aug 20 10:50:17 ingress-nyj /sbin/opensips[6106]: DBG:core:parse_headers: via found, flags=2
Aug 20 10:50:17 ingress-nyj /sbin/opensips[6106]: DBG:core:parse_headers: this is the first via
Aug 20 10:50:17 ingress-nyj /sbin/opensips[6106]: DBG:core:receive_msg: After parse_msg...
Aug 20 10:50:17 ingress-nyj /sbin/opensips[6106]: DBG:core:receive_msg: preparing to run routing scripts...
Aug 20 10:50:17 ingress-nyj /sbin/opensips[6106]: DBG:core:parse_headers: flags=100
Aug 20 10:50:17 ingress-nyj /sbin/opensips[6106]: DBG:maxfwd:is_maxfwd_present: value = 70 
Aug 20 10:50:17 ingress-nyj /sbin/opensips[6106]: DBG:core:parse_headers: flags=8000000
Aug 20 10:50:17 ingress-nyj /sbin/opensips[6106]: DBG:core:parse_headers: flags=8
Aug 20 10:50:17 ingress-nyj /sbin/opensips[6106]: DBG:core:parse_to: end of header reached, state=10
Aug 20 10:50:17 ingress-nyj /sbin/opensips[6106]: DBG:core:parse_to: display={"Nathan Calvas"}, ruri={sip:140m@mnxsolutions.20881.service}
Aug 20 10:50:17 ingress-nyj /sbin/opensips[6106]: DBG:core:get_hdr_field: <To> [55]; uri=[sip:140m@mnxsolutions.20881.service] 
Aug 20 10:50:17 ingress-nyj /sbin/opensips[6106]: DBG:core:get_hdr_field: to body ["Nathan Calvas" <sip:140m@mnxsolutions.20881.service>#015#012]
Aug 20 10:50:17 ingress-nyj /sbin/opensips[6106]: DBG:uri:has_totag: no totag
Aug 20 10:50:17 ingress-nyj /sbin/opensips[6106]: DBG:core:parse_headers: flags=ffffffffffffffff
Aug 20 10:50:17 ingress-nyj /sbin/opensips[6106]: DBG:core:get_hdr_field: cseq <CSeq>: <11> <REGISTER>
Aug 20 10:50:17 ingress-nyj /sbin/opensips[6106]: DBG:core:get_hdr_field: content_length=0
Aug 20 10:50:17 ingress-nyj /sbin/opensips[6106]: DBG:core:get_hdr_field: found end of header
Aug 20 10:50:17 ingress-nyj /sbin/opensips[6106]: DBG:core:parse_to_param: tag=7EF0F932A39BBF4D0A14C71D2EE825CA
Aug 20 10:50:17 ingress-nyj /sbin/opensips[6106]: DBG:core:parse_to: end of header reached, state=29
Aug 20 10:50:17 ingress-nyj /sbin/opensips[6106]: DBG:core:parse_to: display={"Nathan Calvas"}, ruri={sip:140m@mnxsolutions.20881.service}
Aug 20 10:50:17 ingress-nyj /sbin/opensips[6106]: DBG:core:parse_headers: flags=ffffffffffffffff
Aug 20 10:50:17 ingress-nyj /sbin/opensips[6106]: DBG:core:parse_params: Parsing params for:[expires=600]
Aug 20 10:50:17 ingress-nyj /sbin/opensips[6106]: register: tcp:70.42.44.203:55016 -> 70.42.44.204:5060 REGISTER sip:mnxsolutions.20881.service, from: sip:140m@mnxsolutions.20881.service, to: sip:140m@mnxsolutions.20881.service, contact: <sip:140m@70.42.44.203:55016;rinstance=2DBEE1B6;transport=tcp>;expires=600
Aug 20 10:50:17 ingress-nyj /sbin/opensips[6106]: DBG:mid_registrar:mid_reg_save: saving to location...
Aug 20 10:50:17 ingress-nyj /sbin/opensips[6106]: DBG:core:parse_headers: flags=ffffffffffffffff
Aug 20 10:50:17 ingress-nyj /sbin/opensips[6106]: DBG:mid_registrar:process_contacts_by_aor: AoR info: e=0, e_out=600, lrts=1503240023...
Aug 20 10:50:17 ingress-nyj /sbin/opensips[6106]: DBG:core:parse_headers: flags=8000000
Aug 20 10:50:17 ingress-nyj /sbin/opensips[6106]: DBG:mid_registrar:calc_contact_expires: expires: 600
Aug 20 10:50:17 ingress-nyj /sbin/opensips[6106]: DBG:mid_registrar:process_contacts_by_aor: found >> [ 600, 600 ], e=600, e_out=600
Aug 20 10:50:17 ingress-nyj /sbin/opensips[6106]: DBG:core:parse_headers: flags=8000000
Aug 20 10:50:17 ingress-nyj /sbin/opensips[6106]: DBG:core:parse_headers: flags=ffffffffffffffff
Aug 20 10:50:17 ingress-nyj /sbin/opensips[6106]: DBG:core:parse_methods: methods 0x142F
Aug 20 10:50:17 ingress-nyj /sbin/opensips[6106]: DBG:core:evi_param_set: adding string param
Aug 20 10:50:17 ingress-nyj /sbin/opensips[6106]: DBG:core:evi_param_set: adding string param
Aug 20 10:50:17 ingress-nyj /sbin/opensips[6106]: DBG:core:evi_param_set: adding string param
Aug 20 10:50:17 ingress-nyj /sbin/opensips[6106]: DBG:core:evi_param_set: adding string param
Aug 20 10:50:17 ingress-nyj /sbin/opensips[6106]: DBG:core:evi_param_set: adding int param
Aug 20 10:50:17 ingress-nyj /sbin/opensips[6106]: DBG:core:evi_param_set: adding string param
Aug 20 10:50:17 ingress-nyj /sbin/opensips[6106]: DBG:core:evi_param_set: adding int param
Aug 20 10:50:17 ingress-nyj /sbin/opensips[6106]: DBG:core:evi_param_set: adding int param
Aug 20 10:50:17 ingress-nyj /sbin/opensips[6106]: DBG:core:evi_param_set: adding string param
Aug 20 10:50:17 ingress-nyj /sbin/opensips[6106]: DBG:core:evi_param_set: adding int param
Aug 20 10:50:17 ingress-nyj /sbin/opensips[6106]: DBG:core:destroy_avp_list: destroying list (nil)
Aug 20 10:50:17 ingress-nyj /sbin/opensips[6106]: DBG:usrloc:update_ucontact: exists callback for type= UL_CONTACT_UPDATE
Aug 20 10:50:17 ingress-nyj /sbin/opensips[6106]: DBG:usrloc:run_ul_callbacks: contact=0x7fa6f9ebd830, callback type 2/15, id 0 entered
Aug 20 10:50:17 ingress-nyj /sbin/opensips[6106]: DBG:mid_registrar:mid_reg_ct_event: Contact callback (2): contact='sip:140m@70.42.44.203:55016;rinstance=2DBEE1B6;transport=tcp' | param=(0x7fa6f9ebd960 -> 0x7fa6f9f4cf48) | data[0]=(0x7fa6f9f4cf48)
Aug 20 10:50:17 ingress-nyj /sbin/opensips[6106]: DBG:mid_registrar:mid_reg_ct_event: setting e_out to 600
Aug 20 10:50:17 ingress-nyj /sbin/opensips[6106]: DBG:mid_registrar:calc_max_ct_diff: ct - 600 - 600 - -1
Aug 20 10:50:17 ingress-nyj /sbin/opensips[6106]: DBG:mid_registrar:calc_max_ct_diff: max diff: 0
Aug 20 10:50:17 ingress-nyj /sbin/opensips[6106]: DBG:mid_registrar:process_contacts_by_aor: max diff: 0, absorb until=1503240023, current time=1503240617
Aug 20 10:50:17 ingress-nyj /sbin/opensips[6106]: DBG:mid_registrar:prepare_forward: from: '"Nathan Calvas" <sip:140m@mnxsolutions.20881.service>;tag=7EF0F932A39BBF4D0A14C71D2EE825CA'
Aug 20 10:50:17 ingress-nyj /sbin/opensips[6106]: DBG:mid_registrar:prepare_forward: Call-ID: 'F200C8D2FE59FEE61CC6E3F6AC046B8265ACAF2D'
Aug 20 10:50:17 ingress-nyj /sbin/opensips[6106]: DBG:mid_registrar:prepare_forward: Contact: '<sip:140m@70.42.44.203:55016;rinstance=2DBEE1B6;transport=tcp>;expires=600'
Aug 20 10:50:17 ingress-nyj /sbin/opensips[6106]: DBG:mid_registrar:prepare_forward: registering ptr 0x7fa6f9ef42e0 on TMCB_REQUEST_FWDED ...
Aug 20 10:50:17 ingress-nyj /sbin/opensips[6106]: DBG:mid_registrar:prepare_forward: registering callback on TMCB_RESPONSE_FWDED, mri=0x7fa6f9ef42e0 ...
Aug 20 10:50:17 ingress-nyj /sbin/opensips[6106]: *** relaying REGISTER to main registrar
Aug 20 10:50:17 ingress-nyj /sbin/opensips[6106]: DBG:core:comp_scriptvar: int 20 : 5060 / 5060
Aug 20 10:50:17 ingress-nyj /sbin/opensips[6106]: DBG:core:comp_scriptvar: str 20 : udp
Aug 20 10:50:17 ingress-nyj /sbin/opensips[6106]: DBG:tm:t_newtran: transaction on entrance=0xffffffffffffffff
Aug 20 10:50:17 ingress-nyj /sbin/opensips[6106]: DBG:core:parse_headers: flags=ffffffffffffffff
Aug 20 10:50:17 ingress-nyj /sbin/opensips[6106]: DBG:core:parse_headers: flags=78
Aug 20 10:50:17 ingress-nyj /sbin/opensips[6106]: DBG:tm:t_lookup_request: start searching: hash=10498, isACK=0
Aug 20 10:50:17 ingress-nyj /sbin/opensips[6106]: DBG:tm:matching_3261: RFC3261 transaction matching failed
Aug 20 10:50:17 ingress-nyj /sbin/opensips[6106]: DBG:tm:t_lookup_request: no transaction found
Aug 20 10:50:17 ingress-nyj /sbin/opensips[6106]: DBG:tm:run_trans_callbacks: trans=0x7fa6fa06e090, callback type 4, id 0 entered
Aug 20 10:50:17 ingress-nyj /sbin/opensips[6106]: DBG:core:parse_headers: flags=ffffffffffffffff
Aug 20 10:50:17 ingress-nyj /sbin/opensips[6106]: DBG:mid_registrar:mid_reg_req_fwded: msg expires: '600'
Aug 20 10:50:17 ingress-nyj /sbin/opensips[6106]: DBG:mid_registrar:calc_contact_expires: expires: 600
Aug 20 10:50:17 ingress-nyj /sbin/opensips[6106]: DBG:mid_registrar:calc_ob_contact_expires: outgoing expires: 1503244217
Aug 20 10:50:17 ingress-nyj /sbin/opensips[6106]: DBG:mid_registrar:overwrite_contact_expirations: ....... contact: 'sip:140m@70.42.44.203:55016;rinstance=2DBEE1B6;transport=tcp>;expires=600#015' Calculated TIMEOUT = 1503244217 (3600)
Aug 20 10:50:17 ingress-nyj /sbin/opensips[6106]: DBG:mid_registrar:mid_reg_req_fwded: trimming all Contact URIs into one...
Aug 20 10:50:17 ingress-nyj /sbin/opensips[6106]: DBG:mid_registrar:trim_to_single_contact: deleting Contact '<sip:140m@70.42.44.203:55016;rinstance=2DBEE1B6;transport=tcp>;expires=600'
Aug 20 10:50:17 ingress-nyj /sbin/opensips[6106]: DBG:mid_registrar:trim_to_single_contact: inserting new Contact '<sip:140m@mnxsolutions.20881.service>'
Aug 20 10:50:17 ingress-nyj /sbin/opensips[6106]: DBG:mid_registrar:mid_reg_req_fwded: REQ FORWARDED TO 'sip:sip.outboundproxy.com', expires=3600
Aug 20 10:50:17 ingress-nyj /sbin/opensips[6106]: DBG:core:mk_proxy: doing DNS lookup...
Aug 20 10:50:17 ingress-nyj /sbin/opensips[6106]: DBG:core:sip_resolvehost: no port, has proto -> do SRV lookup!
Aug 20 10:50:17 ingress-nyj /sbin/opensips[6106]: DBG:core:do_srv_lookup: resolving [dal.nms.skyswitch.net]
Aug 20 10:50:17 ingress-nyj /sbin/opensips[6106]: DBG:core:do_srv_lookup: SRV(_sip._udp.sip.outboundproxy.com) = dal.nms.skyswitch.net:5060
Aug 20 10:50:18 ingress-nyj kernel: [2668950.571629] opensips[6106]: segfault at 0 ip 000000000052c2db sp 00007fff3022f910 error 6 in opensips[400000+26a000]

[attermann]

Here's another interesting crash. I took a look at the memory location that was supposed to be pointing to the "cbp" callback object in run_trans_callbacks and noticed that there was a string stored there instead. The string "sip:sip.outboundproxy.com" was assigned to the $ru variable in my script when the REGISTER request was received. Hopefully this provides a clue as to where memory overwriting/corruption may be occurring.

Backtrace:

[New LWP 10254]

warning: Can't read pathname for load map: Input/output error.

warning: no loadable sections found in added symbol-file system-supplied DSO at 0x7fffd1fba000
Core was generated by `/sbin/opensips -P /var/run/opensips/opensips.pid -m 256 -M 32 -u opensips -g op'.
Program terminated with signal 11, Segmentation fault.
#0  0x00007f36e2888361 in run_trans_callbacks (type=2, trans=0x7f36e339f318, req=<optimized out>, rpl=<optimized out>, code=<optimized out>) at t_hooks.c:209
209             cbp->callback( trans, type, &params );

Thread 1 (LWP 10254):
#0  0x00007f36e2888361 in run_trans_callbacks (type=2, trans=0x7f36e339f318, req=<optimized out>, rpl=<optimized out>, code=<optimized out>) at t_hooks.c:209
        params = {req = 0x7f36e32dc948, rpl = 0x7f36f2f23bd8, code = 200, param = 0x7f36e3349d78, extra1 = 0x0, extra2 = 0x0}
        cbp = 0x7f36e3349d68
        backup = 0x88b9e8
        trans_backup = 0x7f36e339f318
        __FUNCTION__ = "run_trans_callbacks"
#1  0x00007f36e288fc3c in t_reply_matching (p_msg=0x7f36f2f23bd8, p_branch=0x7fffd1f26f90) at t_lookup.c:843
        p_cell = <optimized out>
        hash_index = <optimized out>
        entry_label = <optimized out>
        branch_id = <optimized out>
        hashi = <optimized out>
        branchi = <optimized out>
        p = <optimized out>
        hashl = <optimized out>
        branchl = <optimized out>
        scan_space = <optimized out>
        cseq = 0x7f36f2f25320
        loopi = 0x0
        loopl = <optimized out>
        syni = <optimized out>
        synl = <optimized out>
        __FUNCTION__ = "t_reply_matching"
#2  0x00007f36e28902f5 in t_check (p_msg=0x7f36f2f23bd8, param_branch=<optimized out>) at t_lookup.c:918
        local_branch = 232
        __FUNCTION__ = "t_check"
#3  0x00007f36e28b12a3 in reply_received (p_msg=0x7f36f2f23bd8) at t_reply.c:1416
        msg_status = <optimized out>
        last_uac_status = <optimized out>
        branch = <optimized out>
        reply_status = <optimized out>
        timer = <optimized out>
        cancel_bitmap = <optimized out>
        uac = <optimized out>
        t = <optimized out>
        backup_list = <optimized out>
        has_reply_route = <optimized out>
        __FUNCTION__ = "reply_received"
#4  0x000000000044c389 in forward_reply (msg=0x7f36f2f23bd8) at forward.c:495
        new_buf = 0x0
        to = 0x0
        new_len = <optimized out>
        mod = 0x7f36f2ef42c0
        proto = <optimized out>
        id = 0
        send_sock = <optimized out>
        s = <optimized out>
        len = <optimized out>
        __FUNCTION__ = "forward_reply"
#5  0x00000000004aade5 in receive_msg (buf=0x8ad080 "SIP/2.0 200 OK\r\nVia: SIP/2.0/UDP 70.42.44.204:6050;branch=z9hG4bK6d7d.9735cd23.0;i=838fc5c5;received=70.42.44.204\r\nVia: SIP/2.0/TCP 70.42.44.203:54300;received=70.42.44.203;branch=z9hG4bKtTNNvNgoNn9Mm"..., len=<optimized out>, rcv_info=<optimized out>, existing_context=0x0) at receive.c:257
        ctx = 0x7f36f2f24808
        msg = 0x7f36f2f23bd8
        start = {tv_sec = 8827968, tv_usec = 139873717171744}
        rc = 3
        tmp = 0x0
        in_buff = {s = 0x8ad080 "SIP/2.0 200 OK\r\nVia: SIP/2.0/UDP 70.42.44.204:6050;branch=z9hG4bK6d7d.9735cd23.0;i=838fc5c5;received=70.42.44.204\r\nVia: SIP/2.0/TCP 70.42.44.203:54300;received=70.42.44.203;branch=z9hG4bKtTNNvNgoNn9Mm"..., len = 612}
        __FUNCTION__ = "receive_msg"
#6  0x00000000005f6c9b in udp_read_req (si=<optimized out>, bytes_read=<optimized out>) at net/proto_udp/proto_udp.c:192
        ri = {src_ip = {af = 2, len = 4, u = {addrl = {139870680015435, 6425680}, addr32 = {775053899, 32566, 6425680, 0}, addr16 = {25163, 11826, 32566, 0, 3152, 98, 0, 0}, addr = "Kb2.6\177\000\000P\fb\000\000\000\000"}}, dst_ip = {af = 2, len = 4, u = {addrl = {3425446470, 0}, addr32 = {3425446470, 0, 0, 0}, addr16 = {10822, 52268, 0, 0, 0, 0, 0, 0}, addr = "F*,\314", '\000' <repeats 11 times>}}, src_port = 5060, dst_port = 6050, proto = 1, proto_reserved1 = 0, proto_reserved2 = 0, src_su = {s = {sa_family = 2, sa_data = "\023\304Kb2.\000\000\000\000\000\000\000"}, sin = {sin_family = 2, sin_port = 50195, sin_addr = {s_addr = 775053899}, sin_zero = "\000\000\000\000\000\000\000"}, sin6 = {sin6_family = 2, sin6_port = 50195, sin6_flowinfo = 775053899, sin6_addr = {__in6_u = {__u6_addr8 = "\000\000\000\000\000\000\000\000\260k\361\362\066\177\000", __u6_addr16 = {0, 0, 0, 0, 27568, 62193, 32566, 0}, __u6_addr32 = {0, 0, 4075908016, 32566}}}, sin6_scope_id = 5201947}}, bind_address = 0x7f36f2ef36e0}
        len = <optimized out>
        buf = "SIP/2.0 200 OK\r\nVia: SIP/2.0/UDP 70.42.44.204:6050;branch=z9hG4bK6d7d.9735cd23.0;i=838fc5c5;received=70.42.44.204\r\nVia: SIP/2.0/TCP 70.42.44.203:54300;received=70.42.44.203;branch=z9hG4bKtTNNvNgoNn9Mm"...
        tmp = 0x0
        fromlen = 16
        p = <optimized out>
        msg = {s = 0x8ad080 "SIP/2.0 200 OK\r\nVia: SIP/2.0/UDP 70.42.44.204:6050;branch=z9hG4bK6d7d.9735cd23.0;i=838fc5c5;received=70.42.44.204\r\nVia: SIP/2.0/TCP 70.42.44.203:54300;received=70.42.44.203;branch=z9hG4bKtTNNvNgoNn9Mm"..., len = 612}
        __FUNCTION__ = "udp_read_req"
#7  0x00000000005d8eec in handle_io (fm=0x7f36f2f16c10, idx=<optimized out>, event_type=<optimized out>) at net/net_udp.c:259
        read = 32512
#8  io_wait_loop_epoll (repeat=0, t=1, h=<optimized out>) at net/../io_wait_loop.h:284
        ret = 1
        n = 1
        r = 0
        i = <optimized out>
        e = 0x7f36f2f16c10
        ep_event = {events = 4119470451, data = {ptr = 0x4e164400007f36, fd = 32566, u32 = 32566, u64 = 21979529497050934}}
        fd = <optimized out>
#9  0x00000000005dc85f in udp_start_processes (chd_rank=<optimized out>, startup_done=0x0) at net/net_udp.c:389
        si = <optimized out>
        load_p = 0x7f36e3208b20
        pid = <optimized out>
        i = <optimized out>
        __FUNCTION__ = "udp_start_processes"
#10 0x000000000041d4c5 in main_loop () at main.c:677
        startup_done = 0x0
        chd_rank = 1
#11 main (argc=<optimized out>, argv=<optimized out>) at main.c:1283
        cfg_stream = <optimized out>
        c = <optimized out>
        r = <optimized out>
        tmp = 0x7fffd1f27e95 ""
        tmp_len = <optimized out>
        port = <optimized out>
        proto = -772639260
        protos_no = <optimized out>
        options = 0x6116e8 "f:cCm:M:b:l:n:N:rRvdDFETSVhw:t:u:g:P:G:W:o:"
        ret = -1
        seed = 2401784065
        rfd = 4
        __FUNCTION__ = "main"

Memory (around cbp at 0x7f36e3349d68)

(gdb) x /20cb 0x7f36e3349d54
0x7f36e3349d54: 0 '\000'    0 '\000'    0 '\000'    0 '\000'    -48 '\320'  -74 '\266'  61 '='  -29 '\343'
0x7f36e3349d5c: 54 '6'  127 '\177'  0 '\000'    0 '\000'    0 '\0000 '\000' 0 '\000'    0 '\000'
0x7f36e3349d64: 0 '\000'    0 '\000'    0 '\000'    0 '\000'
(gdb) 
0x7f36e3349d68: 115 's' 105 'i' 112 'p' 58 ':'  115 's' 105 'i' 112 'p' 46 '.'
0x7f36e3349d70: 111 'o' 117 'u' 116 't' 98 'b'  111 'o' 117 'u' 110 'n' 100 'd'
0x7f36e3349d78: 112 'p' 114 'r' 111 'o' 120 'x'
(gdb) 
0x7f36e3349d7c: 121 'y' 46 '.'  99 'c'  111 'o' 109 'm' 0 '\000'    0 '\0000 '\000'
0x7f36e3349d84: 0 '\000'    0 '\000'    0 '\000'    0 '\000'    -96 '\240'  -86 '\252'  65 'A'  -29 '\343'
0x7f36e3349d8c: 54 '6'  127 '\177'  0 '\000'    0 '\000'
(gdb) 

[attermann]

FYI, I have a fix that I believe resolves these memory corruption issues. I will be submitting a pull request for the fix soon.

[attermann]

These memory corruption issues should be resolved with #1187, so if accepted then this issue can be closed.