[sr-dev] crash (segfault) on Kamailio master branch

Daniel-Constantin Mierla miconda at gmail.com
Mon Oct 5 15:54:03 CEST 2015 

It could be some other reason, I will investigate as well. Using any
modules on top of tcp (like tcpops, tls or websocket)?

Cheers,
Daniel

On 05/10/15 15:47, Jason Penton wrote:
> Hey Daniel,
>
> Got it once so far... I'll take a look at that commit and see what it
> did - but very strange indeed.
>
> Cheers
> Jason
>
> On Mon, 5 Oct 2015 at 15:42 Daniel-Constantin Mierla
> <miconda at gmail.com <mailto:miconda at gmail.com>> wrote:
>
>     Hello,
>
>     the only recent change in the tcp core was resetting a flag to
>     avoid infinite log messages (until connection was closed) via
>     commit d36734d658cd0bcfc8357c7e85ca32da0612aaee .
>
>     Does it happen often, or you got it just once so far?
>
>     Cheers,
>     Daniel
>
>
>     On 05/10/15 08:29, Jason Penton wrote:
>>     Hey guys, 
>>
>>     Not sure if there have been any changes but I have an interesting
>>     problem here when using TCP:
>>
>>     *The BT is as follows:*
>>
>>     #0  local_timer_list_expire (h=0xa0f128
>>     <tcp_reader_ltimer+178664>, t=723807134, l=0x9e3740
>>     <tcp_reader_ltimer>) at local_timer.c:198
>>     #1  local_timer_expire (t=723807134, h=<optimized out>) at
>>     local_timer.c:227
>>     #2  local_timer_run (lt=lt at entry=0x9e3740 <tcp_reader_ltimer>,
>>     saved_ticks=723807150) at local_timer.c:250
>>     #3  0x00000000005d8417 in tcp_reader_timer_run () at tcp_read.c:1682
>>     #4  tcp_receive_loop (unix_sock=<optimized out>) at tcp_read.c:1734
>>     #5  0x00000000005c81c8 in tcp_init_children () at tcp_main.c:4788
>>     #6  0x00000000004a9da3 in main_loop () at main.c:1664
>>     #7  0x000000000042411e in main (argc=<optimized out>,
>>     argv=<optimized out>) at main.c:2566
>>
>>     This seems to be related to clearing timers for TCP connections.
>>     The crash is related to the following code:
>>
>>     *_timer_rm_list(tl)*
>>
>>     where it does a null pointer deref on tl->next and tl->prev,
>>     which, according to the bt, are null (see below).
>>
>>     *(gdb) print *tl*
>>     $14 = {next = 0x0, prev = 0x0, expire = 723807134,
>>     initial_timeout = 32, data = 0x7fbbb05aa628, f = 0x5d02f0
>>     <tcpconn_read_timeout>, flags = 512, slow_idx = 0}
>>
>>     Any ideas?
>>
>>     Cheers
>>     Jason
>>      
>>
>>
>>
>>
>>
>>     _______________________________________________
>>     sr-dev mailing list
>>     sr-dev at lists.sip-router.org <mailto:sr-dev at lists.sip-router.org>
>>     http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
>
>     -- 
>     Daniel-Constantin Mierla
>     http://twitter.com/#!/miconda <http://twitter.com/#%21/miconda> - http://www.linkedin.com/in/miconda
>     Book: SIP Routing With Kamailio - http://www.asipto.com
>     Kamailio Advanced Training, Sep 28-30, 2015, in Berlin - http://asipto.com/u/kat
>
>     _______________________________________________
>     sr-dev mailing list
>     sr-dev at lists.sip-router.org <mailto:sr-dev at lists.sip-router.org>
>     http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
>

-- 
Daniel-Constantin Mierla
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Book: SIP Routing With Kamailio - http://www.asipto.com
Kamailio Advanced Training, Sep 28-30, 2015, in Berlin - http://asipto.com/u/kat

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-dev/attachments/20151005/6002a9f0/attachment.html>

More information about the sr-dev mailing list