Describe the bug
We are experiencing recurring segmentation faults (segfaults) on our production FreeSWITCH server. The crashes occur multiple times per day.
Originally, we were running FreeSWITCH 1.10.7 on Debian 10. To resolve the issue, we upgraded to Debian 12 and FreeSWITCH 1.10.12, but the segfaults persist.
To Reproduce
The crash appears to be related to production load rather than a specific manual action. It happens randomly several times a day. We are currently using SIP trunking with standard configurations.
Expected behavior
FreeSWITCH should be stable and handle calls without crashing
Package version or git hash
- Version 1.10.12
- OS: Debian 12 (Bookworm)
Trace logs
Apr 2 10:17:23 fr-trunkfsc1-1 kernel: [652984.764375] freeswitch[620579]: segfault at 0 ip 00007f5d25e297cb sp 00007f5d232b12f0 error 4 in libtcmalloc.so.4.5.10[7f5d25e15000+26000] likely on CPU 8 (core 3, socket 1)
Apr 2 10:17:23 fr-trunkfsc1-1 kernel: [652984.764399] Code: ce 66 0f 1f 44 00 00 41 8b 75 08 4d 8b 45 00 4c 89 c2 41 83 fe 01 7e 12 b8 01 00 00 00 66 90 83 c0 01 48 8b 12 41 39 c6 75 f5 <48> 8b 02 49 89 45 00 48 c7 02 00 00 00 00 89 f0 44 29 f0 41 89 45
Apr 2 10:17:26 fr-trunkfsc1-1 systemd[1]: freeswitch.service: Main process exited, code=dumped, status=11/SEGV
Apr 2 10:17:26 fr-trunkfsc1-1 systemd[1]: freeswitch.service: Failed with result 'core-dump'.
Apr 2 10:17:26 fr-trunkfsc1-1 systemd[1]: freeswitch.service: Consumed 2h 11min 25.081s CPU time.
backtrace from core file
We installed mandatory package to read the coredump.
backtrace_02042026.log
(gdb) set pagination off
(gdb) set logging file /tmp/backtrace.log
(gdb) set logging on
Copying output to /tmp/backtrace.log.
(gdb) bt
#0 0x00007f5d25e297cb in tcmalloc::ThreadCache::ReleaseToCentralCache(tcmalloc::ThreadCache::FreeList*, unsigned int, int) () from /usr/lib/x86_64-linux-gnu/libtcmalloc.so.4
#1 0x00007f5d25e29b5c in tcmalloc::ThreadCache::ListTooLong(tcmalloc::ThreadCache::FreeList*, unsigned int) () from /usr/lib/x86_64-linux-gnu/libtcmalloc.so.4
#2 0x00007f5d23622925 in our_sofia_event_callback (event=<optimized out>, status=<optimized out>, phrase=<optimized out>, nua=<optimized out>, profile=<optimized out>, nh=0x0, sofia_private=<optimized out>, sip=0x0, de=0x55ea43034460, tags=0x55ea4a494f90)
at sofia.c:2180
#3 0x00007f5d236258e7 in sofia_process_dispatch_event (dep=0x7f5d232b1b18) at sofia.c:2253
#4 0x00007f5d23625ab4 in sofia_msg_thread_run (thread=<optimized out>, obj=0x55ea16c5dac8) at sofia.c:2302
#5 0x00007f5d256a71f5 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
#6 0x00007f5d257278dc in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
(gdb) bt full
#0 0x00007f5d25e297cb in tcmalloc::ThreadCache::ReleaseToCentralCache(tcmalloc::ThreadCache::FreeList*, unsigned int, int) () from /usr/lib/x86_64-linux-gnu/libtcmalloc.so.4
No symbol table info available.
#1 0x00007f5d25e29b5c in tcmalloc::ThreadCache::ListTooLong(tcmalloc::ThreadCache::FreeList*, unsigned int) () from /usr/lib/x86_64-linux-gnu/libtcmalloc.so.4
No symbol table info available.
#2 0x00007f5d23622925 in our_sofia_event_callback (event=<optimized out>, status=<optimized out>, phrase=<optimized out>, nua=<optimized out>, profile=<optimized out>, nh=0x0, sofia_private=<optimized out>, sip=0x0, de=0x55ea43034460, tags=0x55ea4a494f90)
at sofia.c:2180
tech_pvt = <optimized out>
auth_res = <optimized out>
session = <optimized out>
channel = <optimized out>
gateway = <optimized out>
locked = <optimized out>
check_destroy = <optimized out>
__func__ = "our_sofia_event_callback"
__PRETTY_FUNCTION__ = "our_sofia_event_callback"
#3 0x00007f5d236258e7 in sofia_process_dispatch_event (dep=0x7f5d232b1b18) at sofia.c:2253
de = 0x55ea43034460
nh = 0x55ea4aa9a6c0
nua = 0x55ea1796de00
profile = 0x55ea18732100
sofia_private = <optimized out>
#4 0x00007f5d23625ab4 in sofia_msg_thread_run (thread=<optimized out>, obj=0x55ea16c5dac8) at sofia.c:2302
de = 0x0
pop = 0x55ea43034460
q = 0x55ea16c5dac8
my_id = <optimized out>
__func__ = "sofia_msg_thread_run"
#5 0x00007f5d256a71f5 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
ret = <optimized out>
pd = <optimized out>
out = <optimized out>
unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140037998716608, -1802656367749379475, -320, 2, 140038001735024, 140037998469120, 1747937356015716973, 1747932397884787309}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0,
cleanup = 0x0, canceltype = 0}}}
not_first_call = <optimized out>
#6 0x00007f5d257278dc in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
No locals.
(gdb)
To avoid cluttering the ticket with the commands below, I'll let you read the content in the attached document.
(gdb) info threads
(gdb) thread apply all bt
(gdb) thread apply all bt full
(gdb) set logging off
Done logging to /tmp/backtrace.log.
(gdb) quit
Describe the bug
We are experiencing recurring segmentation faults (segfaults) on our production FreeSWITCH server. The crashes occur multiple times per day.
Originally, we were running FreeSWITCH 1.10.7 on Debian 10. To resolve the issue, we upgraded to Debian 12 and FreeSWITCH 1.10.12, but the segfaults persist.
To Reproduce
The crash appears to be related to production load rather than a specific manual action. It happens randomly several times a day. We are currently using SIP trunking with standard configurations.
Expected behavior
FreeSWITCH should be stable and handle calls without crashing
Package version or git hash
Trace logs
Apr 2 10:17:23 fr-trunkfsc1-1 kernel: [652984.764375] freeswitch[620579]: segfault at 0 ip 00007f5d25e297cb sp 00007f5d232b12f0 error 4 in libtcmalloc.so.4.5.10[7f5d25e15000+26000] likely on CPU 8 (core 3, socket 1)
Apr 2 10:17:23 fr-trunkfsc1-1 kernel: [652984.764399] Code: ce 66 0f 1f 44 00 00 41 8b 75 08 4d 8b 45 00 4c 89 c2 41 83 fe 01 7e 12 b8 01 00 00 00 66 90 83 c0 01 48 8b 12 41 39 c6 75 f5 <48> 8b 02 49 89 45 00 48 c7 02 00 00 00 00 89 f0 44 29 f0 41 89 45
Apr 2 10:17:26 fr-trunkfsc1-1 systemd[1]: freeswitch.service: Main process exited, code=dumped, status=11/SEGV
Apr 2 10:17:26 fr-trunkfsc1-1 systemd[1]: freeswitch.service: Failed with result 'core-dump'.
Apr 2 10:17:26 fr-trunkfsc1-1 systemd[1]: freeswitch.service: Consumed 2h 11min 25.081s CPU time.
backtrace from core file
We installed mandatory package to read the coredump.
backtrace_02042026.log