Hello Alex,
while analyzing the code of dialog module to allow setting the timeout even before the dialog is answered, I noticed that dlg_set_timeout_by_profile() is using update_dlg_timeout(), the later doing a dlg_release() inside it.
However, dlg_set_timeout_by_profile() does another dlg_release() after update_dlg_timeout(), which seems wrong at first sight, resulting in two dereferences of the counter.
Looking at git blame, dlg_release in both dlg_set_timeout_by_profile() and update_dlg_timeout() were added (or least last changed) by you.
I would move the dlg_release() out of update_dlg_timeout(), because it is rather not intuitive to expect being done there, instead of where the dlg was referenced.
Can you analyze and see if that is safe for your dlg_set_timeout_by_profile(), or another dlg_release() should be done inside it (as it gets removed from update_dlg_timeout() )?
Cheers, Daniel