[OpenSIPS-Devel] [ opensips-Bugs-2937441 ] opensips crashes on reply recieved to b2bua

SourceForge.net noreply at sourceforge.net
Fri Jan 29 11:29:09 CET 2010


Bugs item #2937441, was opened at 2010-01-22 22:06
Message generated for change (Settings changed) made by anca_vamanu
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=1086410&aid=2937441&group_id=232389

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: modules
Group: 1.6.x
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Richard Revels (rrevels)
>Assigned to: Anca Vamanu (anca_vamanu)
Summary: opensips crashes on reply recieved to b2bua

Initial Comment:
using opensips 1.6 revision 6526

Here are a couple of backtraces from two core files.  I am seeing this on every call using top hiding in b2bua.  If is simply route the calls without b2bua opensips doesn't crash.

Crash with two processing threads.  Using media proxy on outbound leg.

[New process 29632]
#0  __dialog_confirmed (dlg=0x2af97535b6b0, type=<value optimized out>, _params=0x2af9709346a0) at nat_traversal.c:968
968	    snprintf(uri, 64, "sip:%s:%d", ip_addr2a(&msg->rcv.src_ip), msg->rcv.src_port);
(gdb) bt
#0  __dialog_confirmed (dlg=0x2af97535b6b0, type=<value optimized out>, _params=0x2af9709346a0) at nat_traversal.c:968
#1  0x00002af970708e44 in run_dlg_callbacks (type=8, dlg=0x2af97535b6b0, msg=<value optimized out>, dir=1966453448, dlg_data=0x0) at dlg_cb.c:253
#2  0x00002af97071683a in dlg_onreply (t=0x2af97535bc78, type=<value optimized out>, param=<value optimized out>) at dlg_handlers.c:407
#3  0x00002af96e3ea02b in run_trans_callbacks (type=128, trans=0x2af97535bc78, req=0x2af97535d628, rpl=0xffffffffffffffff, code=<value optimized out>) at t_hooks.c:208
#4  0x00002af96e40333b in _reply_light (trans=0x2af97535bc78, 
    buf=0x862bf8 "SIP/2.0 200 OK\r\nVia: SIP/2.0/UDP 10.1.71.226:53239;rport=4609;branch=z9hG4bKPjufub93nobQZJjltsV8VEofSrwBOh3qDb;received=192.168.230.200\r\nFrom: \"Richard Revels\" <sip:+19195551212 at 59.229.150.203.sta.inet.co.th>;t"..., len=824, code=200, to_tag=<value optimized out>, to_tag_len=<value optimized out>, lock=1, bm=0x7fff7ccec800) at t_reply.c:384
#5  0x00002af96e4035a3 in t_reply_with_body (trans=0x2af97535bc78, code=200, text=0x860e70, body=<value optimized out>, new_header=<value optimized out>, to_tag=0x2af9753611d0) at t_reply.c:1607
#6  0x00002af97471369e in b2b_send_reply (et=<value optimized out>, b2b_key=0x2af9753611d0, code=200, text=0x860e70, body=0x7fff7ccecb00, extra_headers=0x7fff7ccecaf0) at dlg.c:803
#7  0x00002af974926803 in b2b_logic_notify (src=1, msg=0x860e40, key=0x2af97535f4e8, type=1, param=<value optimized out>) at logic.c:444
#8  0x00002af9747150e0 in b2b_tm_cback (htable=0x2af97533e928, ps=<value optimized out>) at dlg.c:1515
#9  0x00002af96e3ea02b in run_trans_callbacks (type=512, trans=0x2af97535f528, req=0x0, rpl=0x860e40, code=<value optimized out>) at t_hooks.c:208
#10 0x00002af96e4026e9 in local_reply (t=0x2af97535f528, p_msg=0x2af96e626d38, branch=<value optimized out>, msg_status=<value optimized out>, cancel_bitmap=0x2af975311f48) at t_reply.c:1339
#11 0x00002af96e405009 in reply_received (p_msg=0x860e40) at t_reply.c:1484
#12 0x00000000004213f8 in forward_reply (msg=0x860e40) at forward.c:559
#13 0x0000000000456202 in receive_msg (
    buf=0x754f40 "SIP/2.0 200 OK\r\nVia: SIP/2.0/UDP 203.150.229.59;branch=z9hG4bK25c3.26e79485.0\r\nRecord-Route: <sip:192.168.225.202;lr;ftag=5e133d1dcbcfa06f788b415da1ea9e73-f19a>,<sip:203.150.229.59;lr;ftag=5e133d1dcbcfa06f788b"..., len=1007, rcv_info=0x7fff7cced080) at receive.c:200
#14 0x000000000049a2d4 in udp_rcv_loop () at udp_server.c:492
#15 0x0000000000429bbd in main (argc=9, argv=<value optimized out>) at main.c:818

Crash with two processing threads and stun on client - no media proxy.

[New process 30101]
#0  b2b_send_reply (et=<value optimized out>, b2b_key=0x2ad29f4fa058, code=183, text=0x860938, body=0x7fffe9fc4fd0, extra_headers=0x7fffe9fc4fc0) at dlg.c:762
762		to_tag = &get_to(msg)->tag_value;
(gdb) bt
#0  b2b_send_reply (et=<value optimized out>, b2b_key=0x2ad29f4fa058, code=183, text=0x860938, body=0x7fffe9fc4fd0, extra_headers=0x7fffe9fc4fc0) at dlg.c:762
#1  0x00002ad29eabf803 in b2b_logic_notify (src=1, msg=0x860908, key=0x2ad29f4f8368, type=1, param=<value optimized out>) at logic.c:444
#2  0x00002ad29e8ae0e0 in b2b_tm_cback (htable=0x2ad29f4d7928, ps=<value optimized out>) at dlg.c:1515
#3  0x00002ad29858302b in run_trans_callbacks (type=1024, trans=0x2ad29f4f83a8, req=0x0, rpl=0x860908, code=<value optimized out>) at t_hooks.c:208
#4  0x00002ad29859b4ee in local_reply (t=0x2ad29f4f83a8, p_msg=0x860908, branch=<value optimized out>, msg_status=<value optimized out>, cancel_bitmap=0x7fffe9fc5468)
    at t_reply.c:1333
#5  0x00002ad29859e009 in reply_received (p_msg=0x860908) at t_reply.c:1484
#6  0x00000000004213f8 in forward_reply (msg=0x860908) at forward.c:559
#7  0x0000000000456202 in receive_msg (
    buf=0x754f40 "SIP/2.0 183 Session Progress\r\nVia: SIP/2.0/UDP 203.150.229.59;branch=z9hG4bK58dc.5578968.0\r\nRecord-Route: <sip:192.168.225.202;lr;ftag=5e133d1dcbcfa06f788b415da1ea9e73-fe8b>,<sip:203.150.229.59;lr;ftag=5e133d1"..., len=921, rcv_info=0x7fffe9fc5550) at receive.c:200
#8  0x000000000049a2d4 in udp_rcv_loop () at udp_server.c:492
#9  0x0000000000429bbd in main (argc=9, argv=<value optimized out>) at main.c:818


----------------------------------------------------------------------

>Comment By: Anca Vamanu (anca_vamanu)
Date: 2010-01-29 12:29

Message:
Hi Richard,

I can not realize from the trace that you sent the exact problem for the
crash. If you still have the core file can you please run 'print *msg' in
frame 1 and print here the output?
I have analyzed the code, and found a possible cause for the crash, but I
am not sure it is the right one. I have committed a fix for it, so you can
update and try with the new version.

Regards,
Anca

----------------------------------------------------------------------

Comment By: elitas (elitas)
Date: 2010-01-26 13:05

Message:
Opensips: 1.6.1-notls

Same problem for me. 
It goes into top hiding scenario then opensips seems to hang, crashes
after a few seconds and a coredump is created. I thought this was a problem
of misconfiguration but it seems to be an issue with opensips --> although
i am wondering why most people dont seem to experience this problem?

#0  fm_status (qm=0xa7809000) at mem/f_malloc.c:606
#1  0x0806a602 in cleanup (show_status=1) at main.c:367
#2  0x0806b061 in handle_sigs () at main.c:533
#3  0x0806e05e in main (argc=9, argv=0xbfbc2ed4) at main.c:913


----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=1086410&aid=2937441&group_id=232389



More information about the Devel mailing list