[CRASH] CRITICAL:core:qm_free_dbg: freeing already freed pointer, first free: dlg_hash.c: free_dlg_dlg(184) #3749
Description
OpenSIPS version you are running
version: opensips 3.4.15 (x86_64/linux)
flags: STATS: On, DISABLE_NAGLE, USE_MCAST, SHM_MMAP, PKG_MALLOC, Q_MALLOC, F_MALLOC, HP_MALLOC, DBG_MALLOC, FAST_LOCK-ADAPTIVE_WAIT
ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16, MAX_URI_SIZE 1024, BUF_SIZE 65535
poll method support: poll, epoll, sigio_rt, select.
git revision: c7d3a7b02
main.c compiled on 00:00:00 Oct 22 2025 with gcc 11
Crash Core Dump
https://drive.google.com/file/d/1QAg7JWlgkjWw8af4G4p5R-rZBelrmw86/view?usp=sharing
Describe the traffic that generated the bug
Server is almost idle. OpenSIPS receives only about 15~ cps, 300-400 concurrent calls.
Obviously dialog module is in use. Dialogs are replicated to standby opensips
modparam("dialog", "dlg_match_mode", 1)
modparam("dialog", "delete_delay", 5)
modparam("dialog", "default_timeout", 7200)
modparam("dialog", "db_mode", 0)
modparam("dialog", "dialog_replication_cluster", ..)
modparam("dialog", "profile_replication_cluster", ..)
modparam("dialog", "cluster_auto_sync", 1)
To Reproduce
Random
Relevant System Logs
These are logs during crash.
CRTITICAL message appears after receiving reply.
Then utimer warnings begin to appear, then OpenSIPS crashes.
https://drive.google.com/file/d/1a0lWzPZSaitxDiOuZA0vmiqMFemPQNbT/view?usp=sharing
OS/environment information
- Operating System: Almalinux 9.6
- OpenSIPS installation: opensips-3.4.15-1.el9.x86_64.rpm
- other relevant information: