[OpenSIPS-Devel] Some ways to crash OpenSIPS with current SVN

Thomas Gelf thomas at gelf.net
Wed Jul 15 00:47:31 CEST 2009 

I tried revision 5854, using both pkg_malloc and system malloc (if
compiled correctly, I'm not sure -> see other thread). Easiest way
to crash them: restart, start a new dialog, restart while calling,
maybe put on hold and pick up - works most of the times. Example
backtrace:

(gdb) bt
#0  destroy_dlg_callbacks_list (cb=0x2b4b306a11b0) at dlg_cb.c:77
#1  0x00002b4b2dd1d8ec in destroy_dlg_table () at dlg_hash.c:154
#2  0x00002b4b2dd1285b in mod_destroy () at dialog.c:649
#3  0x0000000000456aa2 in destroy_modules () at sr_module.c:381
#4  0x000000000041e773 in cleanup (show_status=1) at main.c:334
#5  0x000000000041efad in handle_sigs () at main.c:525
#6  0x00000000004216e5 in main (argc=<value optimized out>, argv=<value
optimized out>) at main.c:867

(gdb) bt
#0  run_dlg_callbacks (type=4, dlg=0x2b4b3069ebd0, msg=0x9fb4f0, dir=2,
dlg_data=0x0) at dlg_cb.c:250
#1  0x00002b4b2dd1cfab in dlg_onreply (t=0x2b4b3069f088, type=<value
optimized out>,
    param=<value optimized out>) at dlg_handlers.c:352
#2  0x00002b4b2a6ffa88 in run_trans_callbacks (type=128,
trans=0x2b4b3069f088, req=0x2b4b306a1280,
    rpl=0x9fb4f0, code=487) at t_hooks.c:208
#3  0x00002b4b2a71135c in relay_reply (t=0x2b4b3069f088, p_msg=0x9fb4f0,
branch=0, msg_status=487,
    cancel_bitmap=0x7fff8137b878) at t_reply.c:1226
#4  0x00002b4b2a711b3b in reply_received (p_msg=0x9fb4f0) at t_reply.c:1484
#5  0x000000000041c140 in forward_reply (msg=0x9fb4f0) at forward.c:507
#6  0x0000000000441a48 in receive_msg (
    buf=0x702c80 "SIP/2.0 487 Request Terminated\r\nVia: SI"...,
len=545, rcv_info=0x7fff8137b980) at receive.c:203
#7  0x000000000046e762 in udp_rcv_loop () at udp_server.c:449
#8  0x0000000000421914 in main (argc=<value optimized out>, argv=<value
optimized out>) at main.c:782

Another way to crash it seems to be restarting, start a new dialog,
call dlg_list_ctx through mi_xmlrpc. Here a backtrace, as sent to
Bogdan some hour ago (revision 5784):

(gdb) bt
#0  0x00002aae74eef72d in timer_urecord (_r=0x2aae7b4d37a8) at urecord.c:292
#1  0x00002aae74ee8694 in mem_timer_udomain (_d=0x2aae7b439358) at
udomain.c:677
#2  0x00002aae74ee2f69 in synchronize_all_udomains () at dlist.c:572
#3  0x00002aae74eedf76 in destroy () at ul_mod.c:365
#4  0x00000000004575c2 in destroy_modules () at sr_module.c:381
#5  0x000000000041f2c3 in cleanup (show_status=1) at main.c:332
#6  0x000000000041fc1b in handle_sigs () at main.c:527
#7  0x0000000000422577 in main (argc=<value optimized out>, argv=<value
optimized out>) at main.c:871

(gdb) bt
#0  0x00002aae74eef72d in timer_urecord (_r=0x2aae7b4d37a8) at urecord.c:292
#1  0x00002aae74ee8694 in mem_timer_udomain (_d=0x2aae7b439358) at
udomain.c:677
#2  0x00002aae74ee2f69 in synchronize_all_udomains () at dlist.c:572
#3  0x00002aae74eed818 in timer (ticks=2068658088, param=0x1e5) at
ul_mod.c:384
#4  0x0000000000469743 in start_timer_processes () at timer.c:266
#5  0x00000000004224fe in main (argc=<value optimized out>,
argv=0x7fff365521f8) at main.c:825

Here another crash, also shortly after a restart:

(gdb) bt
#0  0x00000000004461e1 in comp_s2s (op=<value optimized out>,
s1=0x7fff80d84270, s2=0x9c99e0) at route.c:878
#1  0x000000000044c842 in eval_elem (e=0x752360, msg=<value optimized
out>, val=0x0) at route.c:1068
#2  0x000000000044cf45 in eval_expr (e=0x9c99e0, msg=0x9fb4f0, val=0x0)
at route.c:1486
#3  0x000000000044cf19 in eval_expr (e=0x7523a0, msg=0x9fb4f0, val=0x0)
at route.c:1507
#4  0x000000000040ed32 in do_action (a=0x7529b0, msg=0x9fb4f0) at
action.c:689
#5  0x000000000040d87b in run_action_list (a=<value optimized out>,
msg=0x9fb4f0) at action.c:139
#6  0x0000000000410454 in do_action (a=0x7530c0, msg=0x9fb4f0) at
action.c:706
#7  0x000000000040d87b in run_action_list (a=<value optimized out>,
msg=0x9fb4f0) at action.c:139
#8  0x000000000040ff75 in do_action (a=0x74e080, msg=0x9fb4f0) at
action.c:119
#9  0x000000000040d87b in run_action_list (a=<value optimized out>,
msg=0x9fb4f0) at action.c:139
#10 0x0000000000410454 in do_action (a=0x74e150, msg=0x9fb4f0) at
action.c:706
#11 0x000000000040d87b in run_action_list (a=<value optimized out>,
msg=0x9fb4f0) at action.c:139
#12 0x00000000004112f0 in run_top_route (a=0x74a740, msg=0x9fb4f0) at
action.c:119
#13 0x0000000000441875 in receive_msg (
    buf=0x702c80 "REGISTER sip:"..., len=509, rcv_info=0x7fff80d85390)
at receive.c:165
#14 0x000000000046e762 in udp_rcv_loop () at udp_server.c:449
#15 0x0000000000421914 in main (argc=<value optimized out>, argv=<value
optimized out>) at main.c:782

(gdb) bt
#0  0x00000000004461e1 in comp_s2s (op=<value optimized out>,
s1=0x7fff80d84270, s2=0x9c99e0) at route.c:878
#1  0x000000000044c842 in eval_elem (e=0x752360, msg=<value optimized
out>, val=0x0) at route.c:1068
#2  0x000000000044cf45 in eval_expr (e=0x9c99e0, msg=0x9fbeb0, val=0x0)
at route.c:1486
#3  0x000000000044cf19 in eval_expr (e=0x7523a0, msg=0x9fbeb0, val=0x0)
at route.c:1507
#4  0x000000000040ed32 in do_action (a=0x7529b0, msg=0x9fbeb0) at
action.c:689
#5  0x000000000040d87b in run_action_list (a=<value optimized out>,
msg=0x9fbeb0) at action.c:139
#6  0x0000000000410454 in do_action (a=0x7530c0, msg=0x9fbeb0) at
action.c:706
#7  0x000000000040d87b in run_action_list (a=<value optimized out>,
msg=0x9fbeb0) at action.c:139
#8  0x000000000040ff75 in do_action (a=0x74e080, msg=0x9fbeb0) at
action.c:119
#9  0x000000000040d87b in run_action_list (a=<value optimized out>,
msg=0x9fbeb0) at action.c:139
#10 0x0000000000410454 in do_action (a=0x74e150, msg=0x9fbeb0) at
action.c:706
#11 0x000000000040d87b in run_action_list (a=<value optimized out>,
msg=0x9fbeb0) at action.c:139
#12 0x00000000004112f0 in run_top_route (a=0x74a740, msg=0x9fbeb0) at
action.c:119
#13 0x0000000000441875 in receive_msg (
    buf=0x702c80 "REGISTER sip:"..., len=509, rcv_info=0x7fff80d85390)
at receive.c:165
#14 0x000000000046e762 in udp_rcv_loop () at udp_server.c:449
#15 0x0000000000421914 in main (argc=<value optimized out>, argv=<value
optimized out>) at main.c:782

I hope I did not confuse versions and backtraces - if you need more
details please let me know. From day to day I start to like this
software more and more ;-)

Best regards,
Thomas Gelf

More information about the Devel mailing list