Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[CRASH] Accounting ctx free in dlg_timer_remove_from_db destroy_dlg context #3499

Open
vladpaiu opened this issue Oct 18, 2024 · 1 comment
Open

[CRASH] Accounting ctx free in dlg_timer_remove_from_db destroy_dlg context #3499

vladpaiu opened this issue Oct 18, 2024 · 1 comment
Labels
bug stale
Milestone
3.4.10

Comments

@vladpaiu
Copy link
Member

OpenSIPS version you are running

3.4.5

Crash Core Dump

#0  0x00007efc435bcde7 in dlg_ctx_get_ptr (dlg=0xd6f6d7271646464, pos=0) at dlg_ctx.c:65
#1  0x00007efc408ee4b3 in free_acc_ctx (ctx=0x7efc4498ad38) at acc_logic.c:175
#2  unref_acc_ctx (ctx=0x7efc4498ad38) at acc_logic.c:1219
#3  0x000055c522dee398 in context_destroy (ctxtype=ctxtype@entry=CONTEXT_DIALOG, ctx=ctx@entry=0x7efc449af938) at context.c:111
#4  0x00007efc435fa8ec in free_dlg_dlg (dlg=dlg@entry=0x7efc449af810) at dlg_hash.c:174
#5  0x00007efc435fe883 in destroy_dlg (dlg=dlg@entry=0x7efc449af810) at dlg_hash.c:271
#6  0x00007efc435bf315 in dlg_timer_remove_from_db (cell=0x7efc449af810) at dlg_db_handler.c:936
#7  0x00007efc435c6a2c in dialog_update_db (ticks=16080, do_lock=0x1) at dlg_db_handler.c:1774
#8  0x000055c522ef83a6 in handle_timer_job () at timer.c:1018
#9  0x000055c5230538cd in handle_io (fm=0x7efc464699d8, idx=3, event_type=1) at net/net_tcp_proc.c:204
#10 0x000055c523054d45 in io_wait_loop_epoll (h=<optimized out>, t=<optimized out>, repeat=<optimized out>) at net/../io_wait_loop.h:305
#11 tcp_worker_proc_loop () at net/net_tcp_proc.c:442
#12 0x000055c52304e3ce in tcp_start_processes (chd_rank=chd_rank@entry=0x55c5231b4ff8 <chd_rank>, startup_done=startup_done@entry=0x0) at net/net_tcp.c:2119
#13 0x000055c522dc5447 in main_loop () at main.c:243

(gdb) f 1
#1  0x00007efc408ee4b3 in free_acc_ctx (ctx=0x7efc4498ad38) at acc_logic.c:175
175	acc_logic.c: No such file or directory.
(gdb) p T
$1 = (struct cell *) 0x7efc449953f8
(gdb) p T->dialog_ctx
$2 = (void *) 0xd6f6d7271646464

Note that there exists a dangling T pointer ( probably pointing to an already de-allocated transaction ). Since we do not have a T context here, ACC should probably just rely on the dialog ctx ( either through the stack as params, or in the current processing ctx )

Describe the traffic that generated the bug
Unknown

To Reproduce
Unknown

Relevant System Logs
None

OS/environment information
Debian 11.10, installed from official OpenSIPS repo.

Additional context
OpenSIPS running without B2B, generating ACC ( cdrs | failed ) with dialog context , doing push notifications via manual notify_on_event and running local_route for various script processing. Dialogs destroyed on a per timer basis.
@vladpaiu vladpaiu added the bug label Oct 18, 2024
@vladpaiu vladpaiu added this to the 3.4.9 milestone Oct 18, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 2, 2024

Any updates here? No progress has been made in the last 15 days, marking as stale. Will close this issue if no further updates are made in the next 30 days.

@github-actions github-actions bot added the stale label Nov 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug stale
Projects
None yet
Milestone
3.4.10
Development

No branches or pull requests
1 participant
@vladpaiu