Segfault 2.2 load_balancer.so on lb_data.c:738

[JimDeVito]

First bug report so please let me know if any other info is needed. Thanks!!

Opensips from CentOS release repo version 2.2.0-1.el7 64bit.

SefFault Error: opensips[6198]: segfault at 0 ip 00007f4230330b15 sp 00007ffe1ad7cdd0 error 6 in load_balancer.so[7f423031f000+1b000]

Code $avp(group_id) evaluates to 2 Also tried it by calling lb_start_or_next()

if (!load_balance("$avp(group_id)","call"))
        {    
            sl_send_reply("500","Service full");
            exit;
        }

Program terminated with signal 11, Segmentation fault.

#0  0x00007f4230330b15 in lb_route (req=0x7f42b3b09590, group=group@entry=2, rl=rl@entry=0x7f42b3aaed80, flags=flags@entry=0, data=0x7f4233d19580, reuse=reuse@entry=0) at lb_data.c:738
738                                                             dsts[dsts_size_cur++] = it_d;

(gdb) bt
#0  0x00007f4230330b15 in lb_route (req=0x7f42b3b09590, group=group@entry=2, rl=rl@entry=0x7f42b3aaed80, flags=flags@entry=0, data=0x7f4233d19580, reuse=reuse@entry=0) at lb_data.c:738
#1  0x00007f4230331898 in do_lb_start (req=<optimized out>, group=group@entry=2, rl=rl@entry=0x7f42b3aaed80, flags=flags@entry=0, data=<optimized out>) at lb_data.c:880
#2  0x00007f4230327a25 in w_lb_start (req=<optimized out>, grp=<optimized out>, rl=0x7f42b3aaecc0 "\001", fl=<optimized out>) at load_balancer.c:620
#3  0x00000000004266b1 in do_action (a=a@entry=0x7f42b3a95058, msg=msg@entry=0x7f42b3b09590) at action.c:1845
#4  0x000000000042c5f0 in run_action_list (a=<optimized out>, msg=msg@entry=0x7f42b3b09590) at action.c:172
#5  0x000000000045bac4 in eval_elem (e=0x7f42b3a95138, msg=0x7f42b3b09590, val=0x0) at route.c:1617
#6  0x000000000045b33d in eval_expr (e=0x7f42b3a95138, msg=0x7f42b3b09590, val=0x0) at route.c:1967
#7  0x000000000045b359 in eval_expr (e=0x7f42b3a95188, msg=0x7f42b3b09590, val=0x0) at route.c:1983
#8  0x000000000045b329 in eval_expr (e=0x7f42b3a951d8, msg=msg@entry=0x7f42b3b09590, val=val@entry=0x0) at route.c:1988
#9  0x00000000004266d2 in do_action (a=a@entry=0x7f42b3a95648, msg=msg@entry=0x7f42b3b09590) at action.c:1090
#10 0x000000000042c5f0 in run_action_list (a=<optimized out>, msg=0x7f42b3b09590) at action.c:172
#11 0x000000000042c6d6 in run_actions (a=<optimized out>, msg=<optimized out>) at action.c:137
#12 0x0000000000428ea9 in do_action (a=a@entry=0x7f42b3a91528, msg=msg@entry=0x7f42b3b09590) at action.c:745
#13 0x000000000042c5f0 in run_action_list (a=<optimized out>, msg=0x7f42b3b09590) at action.c:172
#14 0x000000000042c6d6 in run_actions (a=<optimized out>, msg=<optimized out>) at action.c:137
#15 0x0000000000428ea9 in do_action (a=a@entry=0x7f42b3a80df0, msg=msg@entry=0x7f42b3b09590) at action.c:745
#16 0x000000000042c5f0 in run_action_list (a=<optimized out>, msg=msg@entry=0x7f42b3b09590) at action.c:172
#17 0x0000000000429d04 in do_action (a=a@entry=0x7f42b3a80fb0, msg=msg@entry=0x7f42b3b09590) at action.c:1108
#18 0x000000000042c5f0 in run_action_list (a=<optimized out>, msg=msg@entry=0x7f42b3b09590) at action.c:172
#19 0x0000000000429d04 in do_action (a=a@entry=0x7f42b3a84e10, msg=msg@entry=0x7f42b3b09590) at action.c:1108
#20 0x000000000042c5f0 in run_action_list (a=a@entry=0x7f42b3a79ac8, msg=msg@entry=0x7f42b3b09590) at action.c:172
#21 0x000000000042c950 in run_actions (msg=0x7f42b3b09590, a=0x7f42b3a79ac8) at action.c:137
#22 run_top_route (a=0x7f42b3a79ac8, msg=msg@entry=0x7f42b3b09590) at action.c:204
#23 0x0000000000433a42 in receive_msg (
    buf=0x7c20a0 <buf.8890> "INVITE sip:+14408354801@207.166.204.4:5060 SIP/2.0\r\nVia: SIP/2.0/UDP 67.231.13.113:5060;branch=z9hG4bK00B07314d7700244e35\r\nFrom: <sip:+12166192000@67.231.13.113>;tag=gK0056f88b\r\nTo: <sip:+14408354801@"..., len=<optimized out>, rcv_info=rcv_info@entry=0x7ffe1ad80160, existing_context=existing_context@entry=0x0) at receive.c:208
#24 0x000000000052561d in udp_read_req (si=<optimized out>, bytes_read=<optimized out>) at net/proto_udp/proto_udp.c:192
#25 0x000000000051425f in handle_io (idx=<optimized out>, event_type=<optimized out>, fm=<optimized out>) at net/net_udp.c:259
#26 io_wait_loop_epoll (h=<optimized out>, t=<optimized out>, repeat=<optimized out>) at ./io_wait_loop.h:225
#27 udp_rcv_loop (si=si@entry=0x7f42b3a73b40) at net/net_udp.c:308
#28 0x0000000000514caf in udp_start_processes (chd_rank=chd_rank@entry=0x7aee4c <chd_rank.11725>, startup_done=startup_done@entry=0x0) at net/net_udp.c:372
#29 0x0000000000419a65 in main_loop () at main.c:671
#30 main (argc=<optimized out>, argv=<optimized out>) at main.c:1258

[JimDeVito]

I actually think this may have been fixed in lb_data.c on line 738 when you changed dsts[dsts_size_cur++] = it_d; to dsts_cur[dsts_size_cur++] = it_d; Perhaps I am not understanding how I get the fix in the repo with out running a nightly release? Thanks!!

[bogdan-iancu]

@JimDeVito , I suppose you mean 4081fa3 ?

[JimDeVito]

@bogdan-iancu correct.

[bogdan-iancu]

The fix is available on 2.2 too, see 29995e4