[OpenSIPS-Users] Memory leakage in Opensips 1.9.1

Ahsan Hasan ahsanhasanjaved at gmail.com
Wed Feb 12 06:22:39 CET 2014 

The Opensips version I am using is 1.9.1 compiled from src tar. The output
of opensips -V is below:

=======================
version: opensips 1.9.1-tls (x86_64/linux)
flags: STATS: Off, USE_IPV6, USE_TCP, USE_TLS, DISABLE_NAGLE, USE_MCAST,
SHM_MEM, SHM_MMAP, PKG_MALLOC, DBG_QM_MALLOC, FAST_LOCK-ADAPTIVE_WAIT
ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16,
MAX_URI_SIZE 1024, BUF_SIZE 65535
poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
svnrevision: unknown
@(#) $Id: main.c 9790 2013-02-15 10:14:34Z bogdan_iancu $
main.c compiled on 03:11:32 Feb  6 2014 with gcc 4.4.5
=======================


The backtrace from last 3 crashes are:

===================
#0  0x00007fc3d12fe1b5 in raise () from /lib/libc.so.6
(gdb) bt
#0  0x00007fc3d12fe1b5 in raise () from /lib/libc.so.6
#1  0x00007fc3d1300fc0 in abort () from /lib/libc.so.6
#2  0x00000000004e8b19 in qm_free (qm=0x7fc3b8e59000, p=0x7fc3b92d90c0,
file=0x596ed9 "parser/sdp/sdp.c", func=0x596da0 "free_cloned_sdp_stream",
line=874) at mem/q_malloc.c:450
#3  0x000000000051ab2d in free_cloned_sdp_stream (_stream=<value optimized
out>) at parser/sdp/sdp.c:874
#4  0x000000000051ada3 in free_cloned_sdp_session (_session=<value
optimized out>) at parser/sdp/sdp.c:894
#5  0x00007fc3cc380012 in destroy_qos (qos_sdp=0x7fc3b92aaba0) at
qos_ctx_helpers.c:73
#6  0x00007fc3cc383aeb in remove_sdp (qos_ctx=<value optimized out>, dir=1,
_m=0x7fc3d01ba410, role=<value optimized out>, other_role=1) at
qos_ctx_helpers.c:539
#7  0x00007fc3cc384220 in qos_dialog_response_CB (did=<value optimized
out>, type=<value optimized out>, params=<value optimized out>) at
qos_handlers.c:271
#8  0x00007fc3cd01a82e in run_dlg_callbacks (type=512, dlg=0x7fc3b9333ec8,
msg=<value optimized out>, dir=4294967295, dlg_data=0x0) at dlg_cb.c:253
#9  0x00007fc3cdedc9a5 in run_trans_callbacks (type=8,
trans=0x7fc3b9f94c18, req=0x7fc3ba5fa7c0, rpl=<value optimized out>,
code=<value optimized out>) at t_hooks.c:212
#10 0x00007fc3cdefa966 in relay_reply (t=0x7fc3b9f94c18,
p_msg=0x7fc3d01ba410, branch=0, msg_status=491, cancel_bitmap=<value
optimized out>) at t_reply.c:1218
#11 0x00007fc3cdefb579 in reply_received (p_msg=0x7fc3d01ba410) at
t_reply.c:1549
#12 0x000000000042fa45 in forward_reply (msg=0x7fc3d01ba410) at
forward.c:575
#13 0x000000000047c80d in receive_msg (
    buf=0x7e3620 "SIP/2.0 491 Another INVITE transaction in
progress\r\nVia: SIP/2.0/UDP
XXX.XXX.XXX.XXX:6000;received=77.66.2.136;branch=z9hG4bKc83b.cbf7d513.0\r\nVia:
SIP/2.0/UDP XXX.XXX.XXX.XXX:5090;rport=5090;received=77.66.2."..., len=517,
rcv_info=0x7fff1ecac640) at receive.c:207
#14 0x00000000004e03d1 in udp_rcv_loop () at udp_server.c:424
#15 0x0000000000438296 in main_loop (argc=<value optimized out>,
argv=<value optimized out>) at main.c:884
#16 main (argc=<value optimized out>, argv=<value optimized out>) at
main.c:1557
===================

===================
#0  0x00007f32f24fd1b5 in raise () from /lib/libc.so.6
(gdb) bt
#0  0x00007f32f24fd1b5 in raise () from /lib/libc.so.6
#1  0x00007f32f24fffc0 in abort () from /lib/libc.so.6
#2  0x00000000004e8b19 in qm_free (qm=0x7f32da058000, p=0x7f32da46f370,
file=0x596ed9 "parser/sdp/sdp.c", func=0x596da0 "free_cloned_sdp_stream",
line=874) at mem/q_malloc.c:450
#3  0x000000000051ab2d in free_cloned_sdp_stream (_stream=<value optimized
out>) at parser/sdp/sdp.c:874
#4  0x000000000051ada3 in free_cloned_sdp_session (_session=<value
optimized out>) at parser/sdp/sdp.c:894
#5  0x00007f32ed57f012 in destroy_qos (qos_sdp=0x7f32da48efe0) at
qos_ctx_helpers.c:73
#6  0x00007f32ed582aeb in remove_sdp (qos_ctx=<value optimized out>, dir=1,
_m=0x7f32f13b8de0, role=<value optimized out>, other_role=1) at
qos_ctx_helpers.c:539
#7  0x00007f32ed583220 in qos_dialog_response_CB (did=<value optimized
out>, type=<value optimized out>, params=<value optimized out>) at
qos_handlers.c:271
#8  0x00007f32ee21982e in run_dlg_callbacks (type=512, dlg=0x7f32da472ef0,
msg=<value optimized out>, dir=4294967295, dlg_data=0x0) at dlg_cb.c:253
#9  0x00007f32ef0db9a5 in run_trans_callbacks (type=8,
trans=0x7f32da4ba1f0, req=0x7f32da4d99a8, rpl=<value optimized out>,
code=<value optimized out>) at t_hooks.c:212
#10 0x00007f32ef0f9966 in relay_reply (t=0x7f32da4ba1f0,
p_msg=0x7f32f13b8de0, branch=0, msg_status=491, cancel_bitmap=<value
optimized out>) at t_reply.c:1218
#11 0x00007f32ef0fa579 in reply_received (p_msg=0x7f32f13b8de0) at
t_reply.c:1549
#12 0x000000000042fa45 in forward_reply (msg=0x7f32f13b8de0) at
forward.c:575
#13 0x000000000047c80d in receive_msg (
    buf=0x7e3620 "SIP/2.0 491 Another INVITE transaction in
progress\r\nVia: SIP/2.0/UDP
XXX.XXX.XXX.XXX:6000;received=77.66.2.136;branch=z9hG4bK4d4d.6b9c34d6.0\r\nVia:
SIP/2.0/UDP XXX.XXX.XXX.XXX:5090;rport=5090;received=77.66.2."..., len=517,
rcv_info=0x7fffd3e54750) at receive.c:207
#14 0x00000000004e03d1 in udp_rcv_loop () at udp_server.c:424
#15 0x0000000000438296 in main_loop (argc=<value optimized out>,
argv=<value optimized out>) at main.c:884
#16 main (argc=<value optimized out>, argv=<value optimized out>) at
main.c:1557
===================

===================
#0  0x00007fe13b0e31b5 in raise () from /lib/libc.so.6
(gdb) bt
#0  0x00007fe13b0e31b5 in raise () from /lib/libc.so.6
#1  0x00007fe13b0e5fc0 in abort () from /lib/libc.so.6
#2  0x00000000004e8b19 in qm_free (qm=0x7fe122c3e000, p=0x7fe1230a02a0,
file=0x596ed9 "parser/sdp/sdp.c", func=0x596da0 "free_cloned_sdp_stream",
line=874) at mem/q_malloc.c:450
#3  0x000000000051ab2d in free_cloned_sdp_stream (_stream=<value optimized
out>) at parser/sdp/sdp.c:874
#4  0x000000000051ada3 in free_cloned_sdp_session (_session=<value
optimized out>) at parser/sdp/sdp.c:894
#5  0x00007fe136165012 in destroy_qos (qos_sdp=0x7fe1230a7ff8) at
qos_ctx_helpers.c:73
#6  0x00007fe136168aeb in remove_sdp (qos_ctx=<value optimized out>, dir=1,
_m=0x7fe139f9ede0, role=<value optimized out>, other_role=1) at
qos_ctx_helpers.c:539
#7  0x00007fe136169220 in qos_dialog_response_CB (did=<value optimized
out>, type=<value optimized out>, params=<value optimized out>) at
qos_handlers.c:271
#8  0x00007fe136dff82e in run_dlg_callbacks (type=512, dlg=0x7fe1235c3fa0,
msg=<value optimized out>, dir=4294967295, dlg_data=0x0) at dlg_cb.c:253
#9  0x00007fe137cc19a5 in run_trans_callbacks (type=8,
trans=0x7fe1233c9160, req=0x7fe12338bba8, rpl=<value optimized out>,
code=<value optimized out>) at t_hooks.c:212
#10 0x00007fe137cdf966 in relay_reply (t=0x7fe1233c9160,
p_msg=0x7fe139f9ede0, branch=0, msg_status=408, cancel_bitmap=<value
optimized out>) at t_reply.c:1218
#11 0x00007fe137ce0579 in reply_received (p_msg=0x7fe139f9ede0) at
t_reply.c:1549
#12 0x000000000042fa45 in forward_reply (msg=0x7fe139f9ede0) at
forward.c:575
#13 0x000000000047c80d in receive_msg (
    buf=0x7e3620 "SIP/2.0 408 Request Timeout\r\nFrom:
sip:00919565895272 at XXX.XXX.XXX.XXX;tag=as2bf8b554\r\nTo: \"123\"
<sip:919820345554 at XXX.XXX.XXX.XXX>;tag=qmDrTd0epsE0CDM4mGbp2Ha29xKut3S.\r\nCall-ID:
4A6Vi2Hsyx4gmi3H3N0A"..., len=471, rcv_info=0x7fff7a5f25c0) at receive.c:207
#14 0x00000000004e03d1 in udp_rcv_loop () at udp_server.c:424
#15 0x0000000000438296 in main_loop (argc=<value optimized out>,
argv=<value optimized out>) at main.c:884
#16 main (argc=<value optimized out>, argv=<value optimized out>) at
main.c:1557
===================


On Tue, Feb 11, 2014 at 8:31 PM, Bogdan-Andrei Iancu <bogdan at opensips.org>wrote:

>  Hello,
>
> Two things:
>
> 1) be sure you have the latest 1.9.1 code (GIT or tar balls)
>
> 2) post the actual backtrace  (from the core file), please
>
> Thanks and regards,
>
> Bogdan-Andrei Iancu
> OpenSIPS Founder and Developerhttp://www.opensips-solutions.com
>
> On 11.02.2014 06:25, Ahsan Hasan wrote:
>
> So it crashed again today. Here is the log
>
> Feb 10 18:26:24 RTSIP rtsip-service[10443]: CRITICAL:core:qm_free: freeing
> already freed pointer, first free: parser/sdp/sdp.c:
> free_cloned_sdp_stream(874) - aborting
> Feb 10 18:26:25 RTSIP rtsip-service[10464]: CRITICAL:core:receive_fd: EOF
> on 25
>
>
>
>
> On Mon, Feb 10, 2014 at 2:45 PM, Ahsan Hasan <ahsanhasanjaved at gmail.com>wrote:
>
>> My opensips has crashed again. Here is the core dump.
>>
>> ================= core dump =========================
>> Reading symbols from /lib/libnss_compat.so.2...(no debugging symbols
>> found)...done.
>> Loaded symbols for /lib/libnss_compat.so.2
>> Reading symbols from /lib/libnss_nis.so.2...(no debugging symbols
>> found)...done.
>> Loaded symbols for /lib/libnss_nis.so.2
>> Reading symbols from /lib/libnss_files.so.2...(no debugging symbols
>> found)...done.
>> Loaded symbols for /lib/libnss_files.so.2
>> Core was generated by `/usr/local/sbin/opensips -P
>> /var/run/opensips/opensips.pid -m 256 -M 16 -u root'.
>> Program terminated with signal 6, Aborted.
>> #0  0x00007fe13b0e31b5 in raise () from /lib/libc.so.6
>>
>> ===================================================
>>
>>  The memlogs are also attached.
>>
>>  --
>> Ahsan Hasan
>>
>>
>>
>> On Thu, Jan 9, 2014 at 3:14 PM, Ahsan Hasan <ahsanhasanjaved at gmail.com>wrote:
>>
>>>  Hi Razvan,
>>>
>>>  Let me enable it and wait for the next crash.
>>>
>>>
>>>  Regards,
>>> --
>>> Ahsan Hasan
>>>
>>>
>>>
>>> On Thu, Jan 9, 2014 at 12:44 PM, Răzvan Crainea <razvan at opensips.org>wrote:
>>>
>>>> Hi, Ahsan!
>>>>
>>>> Can you please enable the the memory debugging (DBG_QM_MALLOC flag in
>>>> menuconfig)? You can follow this tutorial[1].
>>>>
>>>> [1] http://www.opensips.org/Documentation/TroubleShooting-OutOfMem
>>>>
>>>> Best regards,
>>>>
>>>> Razvan Crainea
>>>> OpenSIPS Core Developer
>>>> http://www.opensips-solutions.com
>>>>
>>>>
>>>> On 01/09/2014 07:54 AM, Ahsan Hasan wrote:
>>>>
>>>>>
>>>>> We are using opensips-1.9.1 and it is crashing randomly every other
>>>>> week, the core dumps generated are always related to memory leakage.
>>>>> The
>>>>> last four core dumps are
>>>>>
>>>>> Program terminated with signal 11, Segmentation fault.
>>>>> #0  0x00007f4c12e20c77 in write_dialog_profiles (links=0x7f4bff03d7f0)
>>>>> at dlg_db_handler.c:1085
>>>>> 1085            l += link->profile->name.len + 1 + link->value.len + 1;
>>>>>
>>>>> Program terminated with signal 11, Segmentation fault.
>>>>> #0  0x00000000004e5da2 in fm_remove_free (qm=0x7f4bfec5a000, size=112)
>>>>> at mem/f_malloc.c:172
>>>>> 172        *pf=n->u.nxt_free;
>>>>>
>>>>> Program terminated with signal 11, Segmentation fault.
>>>>> #0  free_cloned_sdp_session (_session=0x362e373740333532) at
>>>>> parser/sdp/sdp.c:893
>>>>> 893            session = l_session->next;
>>>>>
>>>>> Program terminated with signal 11, Segmentation fault.
>>>>> #0  0x00000000004e5da2 in fm_remove_free (qm=0x7f71a9524000, size=96)
>>>>> at
>>>>> mem/f_malloc.c:172
>>>>> 172        *pf=n->u.nxt_free;
>>>>>
>>>>> What can be the cause?
>>>>>
>>>>> --
>>>>> Ahsan Hasan
>>>>>
>>>>>
>>>>>
>>>>>  _______________________________________________
>>>>> Users mailing list
>>>>> Users at lists.opensips.org
>>>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>>>>
>>>>>
>>>> _______________________________________________
>>>> Users mailing list
>>>> Users at lists.opensips.org
>>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>
>>
>>
>>
>
>
> --
> Ahsan Hasan
> +92.333.438.2041
>
>
> _______________________________________________
> Users mailing listUsers at lists.opensips.orghttp://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
>


-- 
Ahsan Hasan
+92.333.438.2041
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20140212/c963033b/attachment-0001.htm>

More information about the Users mailing list