#376 opensips crashes on push_reply_in_dialog ()

[Anonymous]

When I use sipP do load test for Opensips, Opensips occurs core dump in push_reply_in_dialog();

Here is a backtrace:

(gdb) bt full
#0 0x00165920 in push_reply_in_dialog (t=0xb729867c, type=16, param=0x7d0d14) at dlg_handlers.c:285
tag = {
s = 0x81986c5 "as5ac16d3c\r\nCall-ID: 455295-21137@192.168.21.28\r\nCSeq: 1 INVITE\r\nServer: Asterisk PBX 1.6.2.10\r\nAllow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO\r\nSupported: replaces, timer\r\nCo"..., len = 10}
contact = {s = 0x16 <Address 0x16 out of bounds>, len = 0}
rr_set = {s = 0x40 <Address 0x40 out of bounds>, len = 135890428}
leg = 1
skip_rrs = <value optimized out>
__FUNCTION__ = "push_reply_in_dialog"
#1 dlg_onreply (t=0xb729867c, type=16, param=0x7d0d14) at dlg_handlers.c:342
rpl = 0x81f493c
dlg = <value optimized out>
new_state = <value optimized out>
old_state = <value optimized out>
unref = <value optimized out>
event = <value optimized out>
__FUNCTION__ = "dlg_onreply"
#2 0x007a74c2 in run_trans_callbacks (type=16, trans=0xb729867c, req=0xb7dce7b0, rpl=0x81f493c, code=200) at t_hooks.c:208
cbp = 0xb76e8dcc
backup = 0x81a85c4
trans_backup = 0xb729867c
__FUNCTION__ = "run_trans_callbacks"
#3 0x007c3284 in relay_reply (t=0xb729867c, p_msg=0x81f493c, branch=<value optimized out>, msg_status=200,
cancel_bitmap=0xbfe93340) at t_reply.c:1146
relay = 0
save_clone = 0
buf = <value optimized out>
res_len = 0
relayed_code = 200
relayed_msg = <value optimized out>
bm = {to_tag_val = {s = 0x0, len = 0}}
totag_retr = <value optimized out>
reply_status = RPS_PUSHED_AFTER_COMPLETION
uas_rb = 0xb7298710
cb_s = {
s = 0x81f648c "SIP/2.0 200 OK\r\nVia: SIP/2.0/UDP 192.168.21.28:6083;branch=z9hG4bK-21137-455732-0\r\nFrom: 1532 <sip:1532@192.168.21.28:6083>;tag=455732\r\nTo: 5059180532 <sip:5059180532@192.168.20.17:55060>;tag=as1bcf4a"..., len = 730}
text = {s = 0x81f493c "_:&", len = 136271832}
__FUNCTION__ = "relay_reply"
#4 0x007c3adf in reply_received (p_msg=0x81f493c) at t_reply.c:1493
msg_status = 200
branch = 0
reply_status = <value optimized out>
timer = <value optimized out>
cancel_bitmap = 0
uac = 0xb7298794
t = 0xb729867c
backup_list = 0x0
__FUNCTION__ = "reply_received"
#5 0x08067b0c in forward_reply (msg=0x81f493c) at forward.c:559
new_buf = <value optimized out>
to = <value optimized out>
new_len = <value optimized out>
mod = 0x81be858
proto = <value optimized out>
id = <value optimized out>
send_sock = <value optimized out>
len = <value optimized out>
__FUNCTION__ = "forward_reply"
#6 0x0809da9f in receive_msg (
buf=0x81985c0 "SIP/2.0 200 OK\r\nVia: SIP/2.0/UDP 192.168.20.17:55060;branch=z9hG4bK60d4.9cabb236.0\r\nVia: SIP/2.0/UDP 192.168.21.28:6083;branch=z9hG4bK-21137-455295-0\r\nFrom: 1095 <sip:1095@192.168.20.17:55060>;tag=455"..., len=799, rcv_info=0xbfe93464)
at receive.c:200
msg = <value optimized out>
__FUNCTION__ = "receive_msg"
#7 0x080e4f16 in udp_rcv_loop () at udp_server.c:492
len = 799
tmp = <value optimized out>
from = <value optimized out>
tmp = <value optimized out>
from = <value optimized out>
fromlen = 16
ri = {src_ip = {af = 2, len = 4, u = {addrl = {253012160, 135584470, 3219731592, 10143590}, addr32 = {253012160,
135584470, 3219731592, 10143590}, addr16 = {43200, 3860, 56022, 2068, 13448, 49129, 51046, 154},
addr = "\300\250\024\017\326\332\024\b\210\064\351\277f菤"}}, dst_ip = {af = 2, len = 4, u = {addrl = {286566592, 0,
0, 0}, addr32 = {286566592, 0, 0, 0}, addr16 = {43200, 4372, 0, 0, 0, 0, 0, 0},
addr = "\300\250\024\021", '\000' <repeats 11 times>}}, src_port = 35060, dst_port = 55060, proto = 1,
proto_reserved1 = 0, proto_reserved2 = 0, src_su = {s = {sa_family = 2,
sa_data = "\210\364\300\250\024\017\000\000\000\000\000\000\000"}, sin = {sin_family = 2, sin_port = 62600,
sin_addr = {s_addr = 253012160}, sin_zero = "\000\000\000\000\000\000\000"}, sin6 = {sin6_family = 2,
sin6_port = 62600, sin6_flowinfo = 253012160, sin6_addr = {in6_u = {u6_addr8 = '\000' <repeats 15 times>,
u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}, bind_address = 0x81be480}
---Type <return> to continue, or q <return> to quit---
p = <value optimized out>
buf = "SIP/2.0 200 OK\r\nVia: SIP/2.0/UDP 192.168.20.17:55060;branch=z9hG4bK60d4.9cabb236.0\r\nVia: SIP/2.0/UDP 192.168.21.28:6083;branch=z9hG4bK-21137-455295-0\r\nFrom: 1095 <sip:1095@192.168.20.17:55060>;tag=455"...
__FUNCTION__ = "udp_rcv_loop"
#8 0x08070620 in main_loop (argc=5, argv=0xbfe93664) at main.c:818
i = 0
pid = <value optimized out>
si = <value optimized out>
startup_done = 0x0
chd_rank = 1
__FUNCTION__ = "main_loop"
#9 main (argc=5, argv=0xbfe93664) at main.c:1388
cfg_log_stderr = 0
cfg_stream = 0x9af0008
c = <value optimized out>
r = <value optimized out>
tmp = 0xbfe94aeb ""
tmp_len = <value optimized out>
port = 10141221
proto = <value optimized out>
ret = <value optimized out>
seed = 1222626522
rfd = 4
__FUNCTION__ = "main"

My opensips version is as below:

opensips -V
version: opensips 1.6.2-notls (i386/linux)
flags: STATS: Off, USE_IPV6, USE_TCP, DISABLE_NAGLE, USE_MCAST, SHM_MEM, SHM_MMAP, PKG_MALLOC, F_MALLOC, FAST_LOCK-ADAPTIVE_WAIT
ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16, MAX_URI_SIZE 1024, BUF_SIZE 65535
poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
svnrevision: unknown
@(#) $Id: main.c 6169 2009-09-22 12:48:37Z bogdan_iancu $
main.c compiled on 10:20:45 Apr 8 2011 with gcc 4.1.2

[Bogdan-Andrei Iancu]

as you are running an old release, please update to 1.6.4 version (latest stable) and if this crash still occurs, open a new report for 1.6.4

Thanks and regards,
Bogdan