<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>Hello,</p>
<p>I analyzed the code and couldn't find a reason for that pointer
to be out of range. It could be some memory corruption,
independent of the software, given that's one bit shifted one
position in 'parsed', all other bits are the same as for
buf/start/pos, which should be the good value.</p>
<p>But first to dig into it a bit more ...<br>
</p>
- from frame 0, let's see if there is something in the read
buffer, get:<br>
<br>
p r->buf[0]<br>
p r->buf[1]<br>
p r->buf[2]<br>
p r->buf[3]<br>
<br>
- from frame 3, get:<br>
<br>
info locals<br>
p *h<br>
p *fm<br>
<br>
Cheers,<br>
Daniel<br>
<br>
<div class="moz-cite-prefix">On 05.06.17 16:58, Armen Babikyan
wrote:<br>
</div>
<blockquote
cite="mid:CAGDtNKBg01tZ7obD+AqvDOm1QPAy-=7m9vfbFrBGC96JzyFQaA@mail.gmail.com"
type="cite">
<div dir="ltr">Hi Daniel,
<div><br>
</div>
<div>The server is running other protocols as well, yes, but
those requests are handled on other ports (e.g. WSS on
443/tcp, TLS on 5061/tcp).</div>
<div><br>
</div>
<div>Regarding the locals, I have updated the pastebin.</div>
<div><br>
</div>
<div>Many thanks!</div>
<div><br>
</div>
<div>Armen</div>
<div><br>
</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Mon, Jun 5, 2017 at 1:23 AM,
Daniel-Constantin Mierla <span dir="ltr"><<a
moz-do-not-send="true" href="mailto:miconda@gmail.com"
target="_blank">miconda@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<p>Hello,</p>
<p>I see port is 5060, is it a possibility that you have
multiplexing of websocket or other protocol (http, msrp)
there?</p>
<p>Can you also give the locals?</p>
<p>frame 0</p>
<p>info locals</p>
<p>Cheers,<br>
Daniel<br>
</p>
<div>
<div class="h5"> <br>
<div class="m_5554352996579583506moz-cite-prefix">On
05.06.17 05:19, Armen Babikyan wrote:<br>
</div>
</div>
</div>
<blockquote type="cite">
<div>
<div class="h5">
<div dir="ltr">Hello,
<div><br>
</div>
<div>Over the past few months, I've seen a
smattering of kamailio crashes on various
systems with identical backtraces: SIGSEGV in
tcp_read_headers(), at tcp_read.c line 628.
Example here:</div>
<div><br>
</div>
<div><a moz-do-not-send="true"
href="https://pastebin.com/qJ3ypnVz"
target="_blank">https://pastebin.com/qJ3ypnVz</a><br>
</div>
<div><br>
</div>
<div>Note that in frame 0, print *c shows that
req->parsed is pointing to an address exactly
8GB lower than req->buf. That req->parsed
is pointing to an invalid memory location,
crashing kamailio when the location is
dereferenced. In other coredumps, I see that
req->parsed is pointing to an address exactly
4GB lower than req->buf.</div>
<div><br>
</div>
<div>Other info: This is Kamailio 4.4.4 on
x86_64. I've not had success trying to
reproduce this yet. Also worth noting that the
crashes seem to be consistently associated with
processing traffic from a UA connected over
SIP/TCP; I've seen no other transport associated
with this crash.</div>
<div><br>
</div>
<div>Thoughts are welcome. Thanks!</div>
<div><br>
</div>
<div>Armen</div>
<div><br>
</div>
</div>
<br>
<fieldset
class="m_5554352996579583506mimeAttachmentHeader"></fieldset>
<br>
</div>
</div>
<pre>______________________________<wbr>_________________
Kamailio (SER) - Users Mailing List
<a moz-do-not-send="true" class="m_5554352996579583506moz-txt-link-abbreviated" href="mailto:sr-users@lists.kamailio.org" target="_blank">sr-users@lists.kamailio.org</a>
<a moz-do-not-send="true" class="m_5554352996579583506moz-txt-link-freetext" href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users" target="_blank">https://lists.kamailio.org/<wbr>cgi-bin/mailman/listinfo/sr-<wbr>users</a><span class="HOEnZb"><font color="#888888">
</font></span></pre><span class="HOEnZb"><font color="#888888">
</font></span></blockquote><span class="HOEnZb"><font color="#888888">
<pre class="m_5554352996579583506moz-signature" cols="72">--
Daniel-Constantin Mierla
<a moz-do-not-send="true" class="m_5554352996579583506moz-txt-link-abbreviated" href="http://www.twitter.com/miconda" target="_blank">www.twitter.com/miconda</a> -- <a moz-do-not-send="true" class="m_5554352996579583506moz-txt-link-abbreviated" href="http://www.linkedin.com/in/miconda" target="_blank">www.linkedin.com/in/miconda</a>
Kamailio Advanced Training - <a moz-do-not-send="true" class="m_5554352996579583506moz-txt-link-abbreviated" href="http://www.asipto.com" target="_blank">www.asipto.com</a>
Kamailio World Conference - <a moz-do-not-send="true" class="m_5554352996579583506moz-txt-link-abbreviated" href="http://www.kamailioworld.com" target="_blank">www.kamailioworld.com</a></pre>
</font></span></div>
______________________________<wbr>_________________
Kamailio (SER) - Users Mailing List
<a moz-do-not-send="true" href="mailto:sr-users@lists.kamailio.org">sr-users@lists.kamailio.org</a>
<a moz-do-not-send="true" href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users" rel="noreferrer" target="_blank">https://lists.kamailio.org/<wbr>cgi-bin/mailman/listinfo/sr-<wbr>users</a>
</blockquote></div>
</div>
</blockquote>
<pre class="moz-signature" cols="72">--
Daniel-Constantin Mierla
<a class="moz-txt-link-abbreviated" href="http://www.twitter.com/miconda">www.twitter.com/miconda</a> -- <a class="moz-txt-link-abbreviated" href="http://www.linkedin.com/in/miconda">www.linkedin.com/in/miconda</a>
Kamailio Advanced Training - <a class="moz-txt-link-abbreviated" href="http://www.asipto.com">www.asipto.com</a>
Kamailio World Conference - <a class="moz-txt-link-abbreviated" href="http://www.kamailioworld.com">www.kamailioworld.com</a></pre></body></html>