search

OpenSIPS / opensips

OpenSIPS is a GPL implementation of a multi-functionality SIP Server that targets to deliver a high-level technical solution (performance, security and quality) to be used in professional SIP server platforms.
https://opensips.org
Other
1.27k stars 578 forks source link

[CRASH] b2b_logic_notify - Cannot access memory at address. Crash on b2b REFER #3385

Open devoxy1 opened 5 months ago

devoxy1 commented 5 months ago

I'm testing scenario with b2b and REFER on opensips+rtpengine and there is crash happens when opensips receives REFER and tries to send INVITE. I see no errors in logs related to it. Opensips is configured with 2 interfaces and TCP protocol. A and B, C are in different subnets.

OpenSIPS version you are running

flags: STATS: On, DISABLE_NAGLE, USE_MCAST, SHM_MMAP, PKG_MALLOC, Q_MALLOC, F_MALLOC, HP_MALLOC, DBG_MALLOC, CC_O0, FAST_LOCK-ADAPTIVE_WAIT
ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16, MAX_URI_SIZE 1024, BUF_SIZE 65535
poll method support: poll, epoll, sigio_rt, select.
git revision: ca319630e
main.c compiled on 16:42:28 May  5 2024 with cc 9

Crash Core Dump Link to coredump bt full https://file.io/Pj4Yg7gERn4z

Describe the traffic that generated the bug A -INVITE--> Opensips -INVITE--> B A <-200OK-- Opensips <-200OK-- B ------ Opensips <-REFER-- B ------ Opensips --202 Accepted-> B ------ Opensips --NOTIFY(100 Trying)-> B ------ Opensips --NOTIFY(408 Timeout)-> B ------ Opensips --BYE-> B - CRASH

I don't see opensips sending new INVITE with sngrep.

To Reproduce

  1. Call from A to B via opensips
  2. B sends REFER to transfer the call to C
  3. Opensips accepts REFER, sends NOTIFY with 100 Trying
  4. Opensips sends BYE to B
  5. Opensips crashes

Relevant System Logs This is log output befre crash

 opensips[709910]: INFO:[4c9f44c814aef16e17001aa0] [BYE] [B2B_ENTITIES_REPLY] [200, OK]  Reply from sip:2003@2.2.2.2;user=phone, entity: caller
 opensips[709910]: INFO:[4c9f44c814aef16e17001aa0] [BYE] [B2B_ENTITIES_REPLY] SOCKET_IN: tcp:1.1.1.1:5060
 opensips[709910]: INFO:[4c9f44c814aef16e17001aa0] [BYE] [B2B_ENTITIES_REPLY] SOCKET_OUT: tcp:1.1.1.1:5060
 opensips[709910]: INFO:[4c9f44c814aef16e17001aa0] [BYE] [B2B_LOGIC_REPLY] SOCKET_IN: tcp:1.1.1.1:5060
 opensips[709910]: INFO:[4c9f44c814aef16e17001aa0] [BYE] [B2B_LOGIC_REPLY] SOCKET_OUT: tcp:1.1.1.1:5060
 opensips[709910]: INFO:[4c9f44c814aef16e17001aa0] [BYE] [B2B_LOGIC_REPLY] [200, OK] Incoming B2B reply from sip:2003@2.2.2.2;user=phone, entity: caller
 opensips[709910]: CRITICAL:core:sig_usr: segfault in process pid: 709910, id: 13
opensips[709897]: INFO:core:handle_sigs: child process 709910 exited by a signal 11
opensips[709897]: INFO:core:handle_sigs: core was generated
opensips[709897]: INFO:core:handle_sigs: terminating due to SIGCHLD
opensips[709898]: INFO:core:sig_usr: signal 15 received
opensips[709901]: INFO:core:sig_usr: signal 15 received
opensips[709900]: INFO:core:sig_usr: signal 15 received
opensips[709897]: INFO:core:shutdown_opensips: process 1(709898) [event_stream Sender] terminated, still waiting for 20 more
opensips[709897]: INFO:core:shutdown_opensips: process 2(709899) [MI FIFO] terminated, still waiting for 19 more
opensips[709897]: INFO:core:shutdown_opensips: process 3(709900) [time_keeper] terminated, still waiting for 18 more
opensips[709897]: INFO:core:shutdown_opensips: process 4(709901) [timer] terminated, still waiting for 17 more
opensips[709897]: INFO:core:shutdown_opensips: process 5(709902) [SIP receiver udp:10.232.65.19:5060] terminated, still waiting for 16 more
opensips[709897]: INFO:core:shutdown_opensips: process 6(709903) [SIP receiver udp:10.232.65.19:5060] terminated, still waiting for 15 more
opensips[709897]: INFO:core:shutdown_opensips: process 9(709906) [SIP receiver udp:10.232.65.19:5060] terminated, still waiting for 14 more
opensips[709897]: INFO:core:shutdown_opensips: process 10(709907) [SIP receiver udp:10.232.65.19:5060] terminated, still waiting for 13 more
opensips[709897]: INFO:core:shutdown_opensips: process 11(709908) [SIP receiver udp:10.232.65.19:5060] terminated, still waiting for 12 more
opensips[709897]: INFO:core:shutdown_opensips: process 7(709904) [SIP receiver udp:10.232.65.19:5060] terminated, still waiting for 11 more
opensips[709897]: INFO:core:shutdown_opensips: process 8(709905) [SIP receiver udp:10.232.65.19:5060] terminated, still waiting for 10 more
opensips[709897]: INFO:core:shutdown_opensips: process 12(709909) [SIP receiver udp:10.232.65.19:5060] terminated, still waiting for 9 more
opensips[709897]: INFO:core:shutdown_opensips: process 14(709911) [TCP receiver] terminated, still waiting for 8 more
opensips[709897]: INFO:core:shutdown_opensips: process 15(709912) [TCP receiver] terminated, still waiting for 7 more
opensips[709897]: INFO:core:shutdown_opensips: process 16(709913) [TCP receiver] terminated, still waiting for 6 more
opensips[709897]: INFO:core:shutdown_opensips: process 17(709914) [TCP receiver] terminated, still waiting for 5 more
opensips[709897]: INFO:core:shutdown_opensips: process 18(709915) [TCP receiver] terminated, still waiting for 4 more
opensips[709897]: INFO:core:shutdown_opensips: process 19(709916) [TCP receiver] terminated, still waiting for 3 more
opensips[709897]: INFO:core:shutdown_opensips: process 20(709917) [TCP receiver] terminated, still waiting for 2 more
opensips[709897]: INFO:core:shutdown_opensips: process 21(709918) [Timer handler] terminated, still waiting for 1 more
opensips[709897]: INFO:core:shutdown_opensips: process 22(709919) [TCP main] terminated, still waiting for 0 more
opensips[709897]: INFO:core:cleanup: cleanup
opensips[709897]: NOTICE:presence:destroy: destroy module ...

OS/environment information Operating System: Ubuntu 20.04.5 LTS OpenSIPS installation: git other relevant information:

Additional context There might be some correlation with this report: https://github.com/OpenSIPS/opensips/issues/3220

github-actions[bot] commented 4 months ago

Any updates here? No progress has been made in the last 15 days, marking as stale. Will close this issue if no further updates are made in the next 30 days.

devoxy1 commented 4 months ago

Up

devoxy1 commented 4 months ago

I've collected opensips trap without any optimizations, hope this can clear this up 2 files from different calls can be access here https://file.io/XG0fm5z8YiVb

github-actions[bot] commented 3 months ago

Any updates here? No progress has been made in the last 15 days, marking as stale. Will close this issue if no further updates are made in the next 30 days.

andingv commented 3 months ago

we see something similar I assume. @devoxy1 your file is not available for public

devoxy1 commented 3 months ago

@andingv are you able to access them like this? gdb_opensips_20240528_110856.txt gdb_opensips_20240528_112245.txt memory_dump.txt

github-actions[bot] commented 3 months ago

Any updates here? No progress has been made in the last 15 days, marking as stale. Will close this issue if no further updates are made in the next 30 days.

devoxy1 commented 2 months ago

Up

github-actions[bot] commented 2 months ago

Any updates here? No progress has been made in the last 15 days, marking as stale. Will close this issue if no further updates are made in the next 30 days.

devoxy1 commented 2 months ago

UP

github-actions[bot] commented 1 month ago

Any updates here? No progress has been made in the last 15 days, marking as stale. Will close this issue if no further updates are made in the next 30 days.

devoxy1 commented 1 month ago

UP

github-actions[bot] commented 1 month ago

Any updates here? No progress has been made in the last 15 days, marking as stale. Will close this issue if no further updates are made in the next 30 days.

devoxy1 commented 1 week ago

up