[sr-dev] [tracker] Comment added: Crash in TCP Read on Kamailio 4.0.1
sip-router
bugtracker at sip-router.org
Fri Nov 29 10:28:16 CET 2013
THIS IS AN AUTOMATED MESSAGE, DO NOT REPLY.
The following task has a new comment added:
FS#364 - Crash in TCP Read on Kamailio 4.0.1
User who did this - Vitaliy Aleksandrov (Vitaliy)
----------
With MEMDBG=1 i've got the next crash:
<code>
(gdb) bt
#0 0x00007f75cd79e425 in raise () from /lib/x86_64-linux-gnu/libc.so.6
#1 0x00007f75cd7a1b8b in abort () from /lib/x86_64-linux-gnu/libc.so.6
#2 0x000000000058c13f in qm_free (qm=<optimized out>, p=0x7f75bc2b20d8, file=<optimized out>, func=<optimized out>, line=<optimized out>) at mem/q_malloc.c:468
#3 0x00007f75c5d4267e in _wsconn_rm (wsc=<optimized out>) at ws_conn.c:140
#4 wsconn_rm (wsc=<optimized out>, run_event_route=<optimized out>) at ws_conn.c:311
#5 0x00007f75c5d448ce in encode_and_send_ws_frame (frame=<optimized out>, conn_close=<optimized out>) at ws_frame.c:298
#6 0x00007f75c5d45499 in close_connection (wsc=0x7f75bc2b20d8, type=REMOTE_CLOSE, status=<optimized out>, reason=...) at ws_frame.c:346
#7 0x00007f75c5d4749f in handle_close (frame=0x7fff99ac6320) at ws_frame.c:567
#8 ws_frame_receive (data=<optimized out>) at ws_frame.c:656
#9 0x00000000004179cc in ws_process_msg (tcpbuf=0x7f75bc939e20 "\210\202\350w\253K", <incomplete sequence \351>, len=8, rcv_info=0x7f75bc939b50, con=0x7f75bc939b38) at tcp_read.c:1146
#10 0x0000000000565092 in tcp_read_req (con=0x7f75bc939b38, bytes_read=0x7fff99ac65a0, read_flags=0x7fff99ac65b0) at tcp_read.c:1387
#11 0x0000000000566676 in handle_io (fm=<optimized out>, events=<optimized out>, idx=<optimized out>) at tcp_read.c:1559
#12 0x0000000000569914 in io_wait_loop_epoll (repeat=<optimized out>, h=<optimized out>, t=<optimized out>) at io_wait.h:1092
#13 tcp_receive_loop (unix_sock=<optimized out>) at tcp_read.c:1728
#14 0x00000000005608bc in tcp_init_children () at tcp_main.c:4959
#15 0x0000000000489855 in main_loop () at main.c:1702
#16 0x000000000041cca0 in main (argc=<optimized out>, argv=<optimized out>) at main.c:2533
</code>
Last line before crash in the kamailio.log:
<code>
Nov 28 16:51:22 localhost kamailio[2957]: INFO: <script>: [HTTP] WebSocket connection closed [x.x.x.x:64834]. [x.x.x.x] => [-1]
Nov 28 16:51:22 localhost kamailio[2957]: INFO: <core> [mem/q_malloc.c:437]: qm_free(): qm_free(0x7f75bb9a2000, 0x7f75bc2b20d8), called from websocket: ws_conn.c: _wsconn_rm(140)
<code>Nov 28 16:51:22 localhost kamailio[2957]: : <core> [mem/q_malloc.c:466]: qm_free(): BUG: qm_free: freeing already freed pointer (0x7f75bc2b20d8), called from websocket: ws_conn.c: _wsconn_rm(140), first free websocket: ws_conn.c: _wsconn_rm(140) - aborting
</code>
Connection close message is printed from event_route[websocket:closed]. Before crash it was called two times for the same connection (counter for ip:port that i have in htable showed "-1" and shm_free() called again for the same websocket connection structure).
Looks like a problem in websocket module.
----------
More information can be found at the following URL:
http://sip-router.org/tracker/index.php?do=details&task_id=364#comment1183
You are receiving this message because you have requested it from the Flyspray bugtracking system. If you did not expect this message or don't want to receive mails in future, you can change your notification settings at the URL shown above.
More information about the sr-dev
mailing list