[sr-dev] crash (segfault) on Kamailio master branch

Mon Oct 5 15:56:48 CEST 2015

Hey Daniel

Using TLS only. not using tcpops nor websocket

On Mon, 5 Oct 2015 at 15:54 Daniel-Constantin Mierla <miconda at gmail.com>
wrote:

> It could be some other reason, I will investigate as well. Using any
> modules on top of tcp (like tcpops, tls or websocket)?
>
> Cheers,
> Daniel
>
>
> On 05/10/15 15:47, Jason Penton wrote:
>
> Hey Daniel,
>
> Got it once so far... I'll take a look at that commit and see what it did
> - but very strange indeed.
>
> Cheers
> Jason
>
> On Mon, 5 Oct 2015 at 15:42 Daniel-Constantin Mierla <miconda at gmail.com>
> wrote:
>
>> Hello,
>>
>> the only recent change in the tcp core was resetting a flag to avoid
>> infinite log messages (until connection was closed) via commit
>> d36734d658cd0bcfc8357c7e85ca32da0612aaee .
>>
>> Does it happen often, or you got it just once so far?
>>
>> Cheers,
>> Daniel
>>
>>
>> On 05/10/15 08:29, Jason Penton wrote:
>>
>> Hey guys,
>>
>> Not sure if there have been any changes but I have an interesting problem
>> here when using TCP:
>>
>> *The BT is as follows:*
>>
>> #0  local_timer_list_expire (h=0xa0f128 <tcp_reader_ltimer+178664>,
>> t=723807134, l=0x9e3740 <tcp_reader_ltimer>) at local_timer.c:198
>> #1  local_timer_expire (t=723807134, h=<optimized out>) at
>> local_timer.c:227
>> #2  local_timer_run (lt=lt at entry=0x9e3740 <tcp_reader_ltimer>,
>> saved_ticks=723807150) at local_timer.c:250
>> #3  0x00000000005d8417 in tcp_reader_timer_run () at tcp_read.c:1682
>> #4  tcp_receive_loop (unix_sock=<optimized out>) at tcp_read.c:1734
>> #5  0x00000000005c81c8 in tcp_init_children () at tcp_main.c:4788
>> #6  0x00000000004a9da3 in main_loop () at main.c:1664
>> #7  0x000000000042411e in main (argc=<optimized out>, argv=<optimized
>> out>) at main.c:2566
>>
>> This seems to be related to clearing timers for TCP connections. The
>> crash is related to the following code:
>>
>> *_timer_rm_list(tl)*
>>
>> where it does a null pointer deref on tl->next and tl->prev, which,
>> according to the bt, are null (see below).
>>
>> *(gdb) print *tl*
>> $14 = {next = 0x0, prev = 0x0, expire = 723807134, initial_timeout = 32,
>> data = 0x7fbbb05aa628, f = 0x5d02f0 <tcpconn_read_timeout>, flags = 512,
>> slow_idx = 0}
>>
>> Any ideas?
>>
>> Cheers
>> Jason
>>
>>
>>
>>
>>
>>
>> _______________________________________________
>> sr-dev mailing listsr-dev at lists.sip-router.orghttp://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
>>
>>
>> --
>> Daniel-Constantin Mierlahttp://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
>> Book: SIP Routing With Kamailio - http://www.asipto.com
>> Kamailio Advanced Training, Sep 28-30, 2015, in Berlin - http://asipto.com/u/kat
>>
>> _______________________________________________
>> sr-dev mailing list
>> sr-dev at lists.sip-router.org
>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
>>
>
> --
> Daniel-Constantin Mierlahttp://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
> Book: SIP Routing With Kamailio - http://www.asipto.com
> Kamailio Advanced Training, Sep 28-30, 2015, in Berlin - http://asipto.com/u/kat
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-dev/attachments/20151005/5d096c53/attachment-0001.html>