[OpenSIPS-Devel] [ opensips-Bugs-3300229 ] opensips crashes on push_reply_in_dialog ()

SourceForge.net noreply at sourceforge.net
Wed May 11 04:34:15 CEST 2011 

Bugs item #3300229, was opened at 2011-05-11 02:34
Message generated for change (Tracker Item Submitted) made by nobody
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=1086410&aid=3300229&group_id=232389

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: None
Group: None
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Nobody/Anonymous (nobody)
Assigned to: Nobody/Anonymous (nobody)
Summary: opensips crashes on push_reply_in_dialog ()

Initial Comment:
When I use sipP do load test for Opensips, Opensips occurs core dump in push_reply_in_dialog();

Here is a backtrace:

(gdb) bt full
#0  0x00165920 in push_reply_in_dialog (t=0xb729867c, type=16, param=0x7d0d14) at dlg_handlers.c:285
        tag = {
          s = 0x81986c5 "as5ac16d3c\r\nCall-ID: 455295-21137 at 192.168.21.28\r\nCSeq: 1 INVITE\r\nServer: Asterisk PBX 1.6.2.10\r\nAllow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO\r\nSupported: replaces, timer\r\nCo"..., len = 10}
        contact = {s = 0x16 <Address 0x16 out of bounds>, len = 0}
        rr_set = {s = 0x40 <Address 0x40 out of bounds>, len = 135890428}
        leg = 1
        skip_rrs = <value optimized out>
        __FUNCTION__ = "push_reply_in_dialog"
#1  dlg_onreply (t=0xb729867c, type=16, param=0x7d0d14) at dlg_handlers.c:342
        rpl = 0x81f493c
        dlg = <value optimized out>
        new_state = <value optimized out>
        old_state = <value optimized out>
        unref = <value optimized out>
        event = <value optimized out>
        __FUNCTION__ = "dlg_onreply"
#2  0x007a74c2 in run_trans_callbacks (type=16, trans=0xb729867c, req=0xb7dce7b0, rpl=0x81f493c, code=200) at t_hooks.c:208
        cbp = 0xb76e8dcc
        backup = 0x81a85c4
        trans_backup = 0xb729867c
        __FUNCTION__ = "run_trans_callbacks"
#3  0x007c3284 in relay_reply (t=0xb729867c, p_msg=0x81f493c, branch=<value optimized out>, msg_status=200, 
    cancel_bitmap=0xbfe93340) at t_reply.c:1146
        relay = 0
        save_clone = 0
        buf = <value optimized out>
        res_len = 0
        relayed_code = 200
        relayed_msg = <value optimized out>
        bm = {to_tag_val = {s = 0x0, len = 0}}
        totag_retr = <value optimized out>
        reply_status = RPS_PUSHED_AFTER_COMPLETION
        uas_rb = 0xb7298710
        cb_s = {
          s = 0x81f648c "SIP/2.0 200 OK\r\nVia: SIP/2.0/UDP 192.168.21.28:6083;branch=z9hG4bK-21137-455732-0\r\nFrom: 1532 <sip:1532 at 192.168.21.28:6083>;tag=455732\r\nTo: 5059180532 <sip:5059180532 at 192.168.20.17:55060>;tag=as1bcf4a"..., len = 730}
        text = {s = 0x81f493c "_:&", len = 136271832}
        __FUNCTION__ = "relay_reply"
#4  0x007c3adf in reply_received (p_msg=0x81f493c) at t_reply.c:1493
        msg_status = 200
        branch = 0
        reply_status = <value optimized out>
        timer = <value optimized out>
        cancel_bitmap = 0
        uac = 0xb7298794
        t = 0xb729867c
        backup_list = 0x0
        __FUNCTION__ = "reply_received"
#5  0x08067b0c in forward_reply (msg=0x81f493c) at forward.c:559
        new_buf = <value optimized out>
        to = <value optimized out>
        new_len = <value optimized out>
        mod = 0x81be858
        proto = <value optimized out>
        id = <value optimized out>
        send_sock = <value optimized out>
        len = <value optimized out>
        __FUNCTION__ = "forward_reply"
#6  0x0809da9f in receive_msg (
    buf=0x81985c0 "SIP/2.0 200 OK\r\nVia: SIP/2.0/UDP 192.168.20.17:55060;branch=z9hG4bK60d4.9cabb236.0\r\nVia: SIP/2.0/UDP 192.168.21.28:6083;branch=z9hG4bK-21137-455295-0\r\nFrom: 1095 <sip:1095 at 192.168.20.17:55060>;tag=455"..., len=799, rcv_info=0xbfe93464)
    at receive.c:200
        msg = <value optimized out>
        __FUNCTION__ = "receive_msg"
#7  0x080e4f16 in udp_rcv_loop () at udp_server.c:492
        len = 799
        tmp = <value optimized out>
        from = <value optimized out>
        tmp = <value optimized out>
        from = <value optimized out>
        fromlen = 16
        ri = {src_ip = {af = 2, len = 4, u = {addrl = {253012160, 135584470, 3219731592, 10143590}, addr32 = {253012160, 
                135584470, 3219731592, 10143590}, addr16 = {43200, 3860, 56022, 2068, 13448, 49129, 51046, 154}, 
              addr = "\300\250\024\017\326\332\024\b\210\064\351\277f菤"}}, dst_ip = {af = 2, len = 4, u = {addrl = {286566592, 0, 
                0, 0}, addr32 = {286566592, 0, 0, 0}, addr16 = {43200, 4372, 0, 0, 0, 0, 0, 0}, 
              addr = "\300\250\024\021", '\000' <repeats 11 times>}}, src_port = 35060, dst_port = 55060, proto = 1, 
          proto_reserved1 = 0, proto_reserved2 = 0, src_su = {s = {sa_family = 2, 
              sa_data = "\210\364\300\250\024\017\000\000\000\000\000\000\000"}, sin = {sin_family = 2, sin_port = 62600, 
              sin_addr = {s_addr = 253012160}, sin_zero = "\000\000\000\000\000\000\000"}, sin6 = {sin6_family = 2, 
              sin6_port = 62600, sin6_flowinfo = 253012160, sin6_addr = {in6_u = {u6_addr8 = '\000' <repeats 15 times>, 
                  u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}, bind_address = 0x81be480}
---Type <return> to continue, or q <return> to quit---
        p = <value optimized out>
        buf = "SIP/2.0 200 OK\r\nVia: SIP/2.0/UDP 192.168.20.17:55060;branch=z9hG4bK60d4.9cabb236.0\r\nVia: SIP/2.0/UDP 192.168.21.28:6083;branch=z9hG4bK-21137-455295-0\r\nFrom: 1095 <sip:1095 at 192.168.20.17:55060>;tag=455"...
        __FUNCTION__ = "udp_rcv_loop"
#8  0x08070620 in main_loop (argc=5, argv=0xbfe93664) at main.c:818
        i = 0
        pid = <value optimized out>
        si = <value optimized out>
        startup_done = 0x0
        chd_rank = 1
        __FUNCTION__ = "main_loop"
#9  main (argc=5, argv=0xbfe93664) at main.c:1388
        cfg_log_stderr = 0
        cfg_stream = 0x9af0008
        c = <value optimized out>
        r = <value optimized out>
        tmp = 0xbfe94aeb ""
        tmp_len = <value optimized out>
        port = 10141221
        proto = <value optimized out>
        ret = <value optimized out>
        seed = 1222626522
        rfd = 4
        __FUNCTION__ = "main"


My opensips version is as below:

opensips -V
version: opensips 1.6.2-notls (i386/linux)
flags: STATS: Off, USE_IPV6, USE_TCP, DISABLE_NAGLE, USE_MCAST, SHM_MEM, SHM_MMAP, PKG_MALLOC, F_MALLOC, FAST_LOCK-ADAPTIVE_WAIT
ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16, MAX_URI_SIZE 1024, BUF_SIZE 65535
poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
svnrevision: unknown
@(#) $Id: main.c 6169 2009-09-22 12:48:37Z bogdan_iancu $
main.c compiled on 10:20:45 Apr  8 2011 with gcc 4.1.2



----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=1086410&aid=3300229&group_id=232389

More information about the Devel mailing list