[OpenSIPS-Users] Segmentation fault when TM and DIALOG timer routines are not executed sequentially

Mickael Marrache mickaelmarrache at gmail.com
Thu Jul 2 15:52:32 CEST 2015 

Hi,

I'm running version 1.11.2.

Mickael

On Thu, Jul 2, 2015 at 4:49 PM, Bogdan-Andrei Iancu <bogdan at opensips.org>
wrote:

>  Hi Mickael,
>
> What OpenSIPS version are you using ?
>
> Best Regards,
>
> Bogdan-Andrei Iancu
> OpenSIPS Founder and Developerhttp://www.opensips-solutions.com
>
> On 02.07.2015 13:25, Mickael Marrache wrote:
>
> Hi,
>
>  We currently have OpenSIPS crashes that look to be caused by
> synchronization issues between the TM and DIALOG modules.
>
>  We started to get these crashes after setting the following modparam:
>
>  modparam("tm", "own_timer_proc", 2)
>
>  Note that we don't set the own_timer_proc parameter for the DIALOG
> module, therefore it uses the global timer process.
>
>  Do you have an idea what may cause the issue?
>
>  The backtrace extracted from the core file:
>
>  #0  0x00002b69aa157a28 in next_state_dlg (dlg=0x2b69b1271408, event=1,
> dir=2, old_state=0x7fff7e830358, new_state=0x7fff7e83035c,
> unref=0x7fff7e830354, is_replicated=0 '\0') at dlg_hash.c:777
> #1  0x00002b69aa14aafc in dlg_onreply (t=0x0, type=<value optimized out>,
> param=<value optimized out>) at dlg_handlers.c:457
> #2  0x00002b69aa14bc67 in unreference_dialog_create
> (dialog=0x2b69b1271408) at dlg_handlers.c:744
> #3  0x00002b69a7fe2b59 in empty_tmcb_list (head=0x2b69b837c948) at
> t_hooks.c:56
> #4  0x00002b69a7fd057e in free_cell (dead_cell=0x2b69b837c8d8) at
> h_table.c:140
> #5  0x00002b69a7fe5e78 in delete_cell (p_cell=0x2b69b837c8d8, unlock=1) at
> timer.c:240
> #6  0x00002b69a7fe69ac in timer_routine (ticks=<value optimized out>,
> set=<value optimized out>) at timer.c:416
> #7  0x00000000004babe2 in start_timer_processes () at timer.c:384
> #8  0x0000000000434711 in main_loop () at main.c:1016
> #9  0x00000000004386f5 in main (argc=<value optimized out>,
> argv=0x7fff7e830838) at main.c:1634
>
>  The seg fault happens in the next_state_dlg function (line 777 - when
> trying to lock the dialog entry):
>
>  (gdb) list
> 772             struct dlg_entry * d_entry;
> 773
> 774             d_entry = &(d_table->entries[dlg->h_entry]);
> 775             *unref = 0;
> 776
> 777             dlg_lock(d_table, d_entry);
> 778
> 779             *old_state = dlg->state;
> 780
> 781             switch (event) {
>
>  Thanks,
> Mickael
>
>
> _______________________________________________
> Users mailing listUsers at lists.opensips.orghttp://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20150702/5944e9ba/attachment.htm>

More information about the Users mailing list