[OpenSIPS-Users] Bug in STUN module? And something about version 1.6.1

Alexander goal81 at gmail.com
Mon Dec 28 07:44:12 CET 2009 

  No, it still crashes without STUN :( I'll try mem debug later.

Core was generated by `./opensips -u opensips'.
Program terminated with signal 11, Segmentation fault.
[New process 17406]
#0  0x080ec3d9 in fm_malloc (qm=0x81b3c00, size=<value optimized out>) at
mem/f_malloc.c:172
172             *pf=n->u.nxt_free;
(gdb) where
#0  0x080ec3d9 in fm_malloc (qm=0x81b3c00, size=<value optimized out>) at
mem/f_malloc.c:172
#1  0x00f20d04 in build_rr (_l=0x81d52e8, _l2=0x81d5a38, user=0xbff01190,
tag=0x81d79d0, params=0x0, _inbound=1) at record.c:163
#2  0x00f2171f in record_route (_m=0x81d1bec, params=0x0) at record.c:320
#3  0x00f23031 in w_record_route (msg=0x81d1bec, key=0x0, bar=0x0) at
rr_mod.c:272
#4  0x080545dd in do_action (a=0x81bdb2c, msg=0x81d1bec) at action.c:967
#5  0x08057308 in run_action_list (a=0x81bdb2c, msg=0x81d1bec) at
action.c:139
#6  0x080554dd in do_action (a=0x81bdb98, msg=0x81d1bec) at action.c:706
#7  0x08057308 in run_action_list (a=0x81bd578, msg=0x81d1bec) at
action.c:139
#8  0x080576a3 in run_top_route (a=0x81bd578, msg=0x81d1bec) at action.c:119
#9  0x0809ddf2 in receive_msg (
    buf=0x8192380 "OPTIONS sip:Sip.comtube.ru SIP/2.0\r\nVia: SIP/2.0/UDP
93.185.192.234:5060;branch=z9hG4bK30bf0ee2;rport\r\nFrom: \"Unknown\" <
sip:Unknown at 93.185.192.234
<sip%3AUnknown at 93.185.192.234>>;tag=as16669a6b\r\nTo:
<sip:Sip.comtube.ru>\r\nContact: <"..., len=495, rcv_info=0xbff01894) at
receive.c:162
#10 0x080e5056 in udp_rcv_loop () at udp_server.c:492
#11 0x08070adf in main (argc=5, argv=0xbff01aa4) at main.c:821

2009/12/27 Bogdan-Andrei Iancu <bogdan at voice-system.ro>

> Hi Alexander,
>
> I fixed the second one :). Before trying the mem debugger, try running
> 1.6.1 without the stun module - maybe the crashes you see are side effects
> of the bug in the stun module.
>
> Regards,
> Bogdan
>
> Alexander wrote:
>
>>  Hello.
>>
>>  Regarding  STUN  -  it  seems  that  there is the same bug on line 870.
>> Again,
>> iterator b2 is created before memory allocation.
>>
>>  I'll  try  memory debug, but don't know, when - our OpenSIPS works under
>> load,
>> people make calls and so on :) I use version 1.6.0 for now, it seems to be
>> quite
>> stable.
>>
>>
>>
>>
>>> Hi Alexander,
>>>
>>>
>>
>>
>>
>>> Indeed, the stun issue looks like a silly bug - I fixed it on SVN  -
>>> Thanks a lot for the report and fix.
>>>
>>>
>>
>>
>>
>>> Regarding the other bugs you reported, could you please compile in the
>>> memory debug support (http://www.opensips.org/Resources/DocsTsMem) and
>>> set
>>>    memlog=8
>>>    memdump=2
>>>
>>>
>>
>>
>>
>>> maybe the debugger will be able to get out more info.
>>>
>>>
>>
>>
>>
>>> Regards,
>>> Bogdan
>>>
>>>
>>
>>
>>
>>> Alexander wrote:
>>>
>>>
>>>>  I've encountered a problem - sometimes OpenSIPS 1.6.0 crashes. GDB says
>>>> that crash was in stun.c, line 836. Going to this line, we see:
>>>>
>>>> case UNKNOWN_ATTRIBUTES:
>>>>                /* iterator */
>>>>                b2 = (T16 *) msg->unknownAttributes->buffer;
>>>>                /* allocate unknownAttributes buffer */
>>>>                msg->unknownAttributes = (Buffer*)
>>>> pkg_malloc(sizeof(Buffer));
>>>>                if(!msg->unknownAttributes){
>>>>                    LM_DBG("out of mem\n");
>>>>                    return -1;
>>>>                }
>>>>                memset(msg->unknownAttributes, 0, sizeof(Buffer));
>>>>
>>>> Is it OK, that we create iterator, and then allocate buffer?
>>>> uknownAttributes is not allocated when iterator is created. I've changed it
>>>> to:
>>>>
>>>> case UNKNOWN_ATTRIBUTES:
>>>>                /* allocate unknownAttributes buffer */
>>>>                msg->unknownAttributes = (Buffer*)
>>>> pkg_malloc(sizeof(Buffer));
>>>>                if(!msg->unknownAttributes){
>>>>                    LM_DBG("out of mem\n");
>>>>                    return -1;
>>>>                }
>>>>                memset(msg->unknownAttributes, 0, sizeof(Buffer));
>>>>
>>>>                /* iterator */
>>>>                b2 = (T16 *) msg->unknownAttributes->buffer;
>>>>
>>>>  Now it seems to work properly.
>>>>
>>>>  By the way, version 1.6.1 contains the same bug in STUN module.
>>>> Unfortunately, 1.6.1 is unusable for me - crashes too often :( I wrote one
>>>> report about crash on NOTIFY (with backtrace), and today I've encountered
>>>> another crash:
>>>>
>>>> Program terminated with signal 11, Segmentation fault.
>>>> [New process 19330]
>>>> #0  0x080ec3d9 in fm_malloc (qm=0x81b3c00, size=<value optimized out>)
>>>> at mem/f_malloc.c:172
>>>> 172             *pf=n->u.nxt_free;
>>>> (gdb) where
>>>> #0  0x080ec3d9 in fm_malloc (qm=0x81b3c00, size=<value optimized out>)
>>>> at mem/f_malloc.c:172
>>>> #1  0x00603d04 in build_rr (_l=0x81e07d8, _l2=0x81e1d1c,
>>>> user=0xbff381d0, tag=0x81d1fc0, params=0x0, _inbound=1) at record.c:163
>>>> #2  0x0060471f in record_route (_m=0x81d1bec, params=0x0) at
>>>> record.c:320
>>>> #3  0x00606031 in w_record_route (msg=0x81d1bec, key=0x0, bar=0x0) at
>>>> rr_mod.c:272
>>>> #4  0x080545dd in do_action (a=0x81bdb2c, msg=0x81d1bec) at action.c:967
>>>> #5  0x08057308 in run_action_list (a=0x81bdb2c, msg=0x81d1bec) at
>>>> action.c:139
>>>> #6  0x080554dd in do_action (a=0x81bdb98, msg=0x81d1bec) at action.c:706
>>>> #7  0x08057308 in run_action_list (a=0x81bd578, msg=0x81d1bec) at
>>>> action.c:139
>>>> #8  0x080576a3 in run_top_route (a=0x81bd578, msg=0x81d1bec) at
>>>> action.c:119
>>>> #9  0x0809ddf2 in receive_msg (
>>>>    buf=0x8192380 "OPTIONS sip:sip.comtube.ru <http://sip.comtube.ru>
>>>> SIP/2.0\r\nVia: SIP/2.0/UDP 85.21.245.172:5060;branch=z9hG4bK57769584;rport\r\nMax-Forwards:
>>>> 69\r\nFrom: \"asterisk\" <sip:asterisk at 85.21.245.172<sip%3Aasterisk at 85.21.245.172><mailto:
>>>> sip%3Aasterisk at 85.21.245.172 <sip%253Aasterisk at 85.21.245.172>>>;tag=as58d6d6b9\r\nTo:
>>>> <sip:sip.comtu"..., len=511, rcv_info=0xbff388d4) at receive.c:162
>>>> #10 0x080e5056 in udp_rcv_loop () at udp_server.c:492
>>>> #11 0x08070adf in main (argc=5, argv=0xbff38ae4) at main.c:821
>>>> ------------------------------------------------------------------------
>>>>
>>>> _______________________________________________
>>>> Users mailing list
>>>> Users at lists.opensips.org
>>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>>>
>>>>
>>>
>>
>>
>>
>>
>>
>>
>
>
> --
> Bogdan-Andrei Iancu
> www.voice-system.ro
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.opensips.org/pipermail/users/attachments/20091228/3dceac71/attachment.htm

More information about the Users mailing list