[OpenSIPS-Devel] [ opensips-Bugs-3390207 ] Segfault while freeing dialog

SourceForge.net noreply at sourceforge.net
Thu Aug 11 21:25:47 CEST 2011


Bugs item #3390207, was opened at 2011-08-12 00:25
Message generated for change (Tracker Item Submitted) made by shari_786pk
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=1086410&aid=3390207&group_id=232389

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: modules
Group: trunk
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Muhammad Shahzad (shari_786pk)
Assigned to: Nobody/Anonymous (nobody)
Summary: Segfault while freeing dialog

Initial Comment:
Hi,

OpenSIPs crashes randomly while processing Bye reply, when destroying / freeing the associated dialog. So far, this has happened 4 times in last 2 days on one of my production servers. There are two core dumps generated upon each crash,

BT on first core dump gives following,

Core was generated by `/usr/local/sbin/opensips -P /var/run/opensips.pid -m 512 -u root -g root'.
Program terminated with signal 11, Segmentation fault.
#0  0x97761500 in ?? ()
(gdb) bt
#0  0x97761500 in ?? ()
#1  0xb723abd3 in free_dlg_dlg (dlg=<value optimized out>) at dlg_hash.c:163
#2  0xb7243f5f in destroy_dlg (dlg=0x979d04a0, cnt=1) at dlg_hash.c:225
#3  unref_dlg (dlg=0x979d04a0, cnt=1) at dlg_hash.c:742
#4  0xb7247a42 in dual_bye_event (dlg=0x979d04a0, req=<value optimized out>, extra_unref=1) at dlg_req_within.c:274
#5  0xb72491c0 in bye_reply_cb (t=0x976af43c, type=256, ps=0xbfddce54) at dlg_req_within.c:294
#6  0xb728e657 in run_trans_callbacks (type=256, trans=0x976af43c, req=0x0, rpl=0x82d241c, code=200) at t_hooks.c:212
#7  0xb72a6d93 in local_reply (t=0x976af43c, p_msg=0x82d241c, branch=0, msg_status=200, cancel_bitmap=0xbfddcf88) at t_reply.c:1358
#8  0xb72a82c2 in reply_received (p_msg=0x82d241c) at t_reply.c:1503
#9  0x0806c913 in forward_reply (msg=0x82d241c) at forward.c:568
#10 0x080a4d32 in receive_msg (
    buf=0x81d7480 "SIP/2.0 200 OK\r\nVia: SIP/2.0/UDP 77.66.2.136;branch=z9hG4bK2aa.63be8597.0;received=77.66.2.136\r\nFrom: <sip:+642102908458 at 77.66.2.136>;tag=as2bde889d\r\nTo: <sip:01100165022863605 at 77.66.2.136:5060;user=p"..., len=428, rcv_info=<value optimized out>) at receive.c:203
#11 0x080fbd5e in udp_rcv_loop () at udp_server.c:419
#12 0x08074d28 in main_loop (argc=9, argv=0xbfddd2f4) at main.c:879
#13 main (argc=9, argv=0xbfddd2f4) at main.c:1497


BT on second core dump gives following,

Core was generated by `/usr/local/sbin/opensips -P /var/run/opensips.pid -m 512 -u root -g root'.
Program terminated with signal 6, Aborted.
#0  0xb78ab424 in __kernel_vsyscall ()
(gdb) bt
#0  0xb78ab424 in __kernel_vsyscall ()
#1  0xb75c3751 in raise () from /lib/i686/cmov/libc.so.6
#2  0xb75c6b82 in abort () from /lib/i686/cmov/libc.so.6
#3  0x08070d64 in sig_alarm_abort (signo=14) at main.c:435
#4  <signal handler called>
#5  get_lock (ticks=0, param=0x0) at ../../evi/../fastlock.h:178
#6  dialog_update_db (ticks=0, param=0x0) at dlg_db_handler.c:972
#7  0xb72249e1 in mod_destroy () at dialog.c:755
#8  0x080ce108 in destroy_modules () at sr_module.c:371
#9  0x08070858 in cleanup (show_status=1) at main.c:344
#10 0x080714a9 in handle_sigs () at main.c:545
#11 0x08075245 in main_loop (argc=9, argv=0xbfddd2f4) at main.c:990
#12 main (argc=9, argv=0xbfddd2f4) at main.c:1497

The most disturbing part of these crashes for me is that it causes all running calls to hang up. Previously in case of OpenSIPs crash running calls use to remain unaffected.

I am using SVN trunk revision 8215, and have create_dialog("BPp") on very first INVITE in my dial plan. 

Feel free to ask for more info as needed.

Thank you.


----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=1086410&aid=3390207&group_id=232389



More information about the Devel mailing list