pjproject: crash when all ipv6 are deprecated
Scenario
- On a router giving temporary ipv6 addresses, some seems to give a new ipv6 address several minutes after expiration of the previous one.
- So, during 10 minutes, no ipv6 can be negotiated.
- During this time, generating a call gives:
0x00007fffe8b21181 in on_stun_request_complete ()
from /home/sblin/Projects/jami/daemon/src/.libs/libring.so.0
(gdb) bt
#0 0x00007fffe8b21181 in on_stun_request_complete ()
at /home/sblin/Projects/jami/daemon/src/.libs/libring.so.0
#1 0x00007fffe8b2ef40 in stun_tsx_on_complete ()
at /home/sblin/Projects/jami/daemon/src/.libs/libring.so.0
#2 0x00007fffe8b3327d in pj_stun_client_tsx_on_rx_msg ()
at /home/sblin/Projects/jami/daemon/src/.libs/libring.so.0
#3 0x00007fffe8b2f8d1 in pj_stun_session_on_rx_pkt ()
at /home/sblin/Projects/jami/daemon/src/.libs/libring.so.0
#4 0x00007fffe8b22e6c in pj_ice_sess_on_rx_pkt ()
at /home/sblin/Projects/jami/daemon/src/.libs/libring.so.0
#5 0x00007fffe8b23093 in stun_on_rx_data ()
at /home/sblin/Projects/jami/daemon/src/.libs/libring.so.0
#6 0x00007fffe8b2ff47 in parse_rx_packet ()
at /home/sblin/Projects/jami/daemon/src/.libs/libring.so.0
#7 0x00007fffe8b4bfed in ioqueue_on_read_complete ()
at /home/sblin/Projects/jami/daemon/src/.libs/libring.so.0
#8 0x00007fffe8b46fdc in ioqueue_dispatch_read_event ()
at /home/sblin/Projects/jami/daemon/src/.libs/libring.so.0
#9 0x00007fffe8b48abb in pj_ioqueue_poll ()
at /home/sblin/Projects/jami/daemon/src/.libs/libring.so.0
#10 0x00007fffe85c547e in jami::IceTransport::Impl::handleEvents(unsigned int)
(this=0x7ffe8c80e3a0, max_msec=500) at ice_transport.cpp:597
#11 0x00007fffe85c43fe in jami::IceTransport::Impl::<lambda()>::operator()(void) const
(__closure=0x7ffe8c7f2128) at ice_transport.cpp:532
#12 0x00007fffe85ce626 in std::__invoke_impl<void, jami::IceTransport::Impl::initIceInstance(const jami::IceTransportOptions&)::<lambda()> >(std::__invoke_other, jami::IceTransport::Impl::<lambda()> &&) (__f=...) at /usr/include/c++/9/bits/invoke.h:60
#13 0x00007fffe85ce5db in std::__invoke<jami::IceTransport::Impl::initIceInstance(const jami::IceTransportOptions&)::<lambda()> >(jami::IceTransport::Impl::<lambda()> &&) (__fn=...)
at /usr/include/c++/9/bits/invoke.h:95
#14 0x00007fffe85ce588 in std::thread::_Invoker<std::tuple<jami::IceTransport::Impl::initIceInstance(const jami::IceTransportOptions&)::<lambda()> > >::_M_invoke<0>(std::_Index_tuple<0>) (this=0x7ffe8c7f2128) at /usr/include/c++/9/thread:244
#15 0x00007fffe85ce550 in std::thread::_Invoker<std::tuple<jami::IceTransport::Impl::initIceInstance(const jami::IceTransportOptions&)::<lambda()> > >::operator()(void)
(this=0x7ffe8c7f2128) at /usr/include/c++/9/thread:251
#16 0x00007fffe85ce4f2 in std::thread::_State_impl<std::thread::_Invoker<std::tuple<jami::IceTransport::Impl::initIceInstance(const jami::IceTransportOptions&)::<lambda()> > > >::_M_run(void) (this=0x7ffe8c7f2120) at /usr/include/c++/9/thread:195
#17 0x00007fffea512de4 in () at /usr/lib/x86_64-linux-gnu/libstdc++.so.6
#18 0x00007fffea2b5609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#19 0x00007fffea1da163 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
It crashes on line: new_check->prio = CALC_CHECK_PRIO(ice, lcand, check->rcand);
(new_check is not nullptr, but maybe lcand/rcand is)
Observations
During the period with the crashes, I have:
3: wlp4s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether e4:70:b8:42:38:cb brd ff:ff:ff:ff:ff:ff
inet 192.168.1.52/24 brd 192.168.1.255 scope global dynamic noprefixroute wlp4s0
valid_lft 80238sec preferred_lft 80238sec
inet6 fde4:fb5d:99a0:1500:4dde:1a10:b872:3a29/64 scope global temporary deprecated dynamic
valid_lft 1038sec preferred_lft 0sec
inet6 fde4:fb5d:99a0:1500:e670:b8ff:fe42:38cb/64 scope global deprecated dynamic mngtmpaddr noprefixroute
valid_lft 1038sec preferred_lft 0sec
inet6 2a06:4282:12:9463:4dde:1a10:b872:3a29/64 scope global temporary deprecated dynamic
valid_lft 1037sec preferred_lft 0sec
inet6 2a06:4282:12:9463:e670:b8ff:fe42:38cb/64 scope global deprecated dynamic mngtmpaddr noprefixroute
valid_lft 1037sec preferred_lft 0sec
inet6 fde4:fb5d:99a0:1500:752a:82b4:195c:98b7/64 scope global temporary deprecated dynamic
valid_lft 1037sec preferred_lft 0sec
inet6 2a06:4282:12:9463:752a:82b4:195c:98b7/64 scope global temporary deprecated dynamic
valid_lft 1037sec preferred_lft 0sec
inet6 fe80::e670:b8ff:fe42:38cb/64 scope link noprefixroute
valid_lft forever preferred_lft forever
So no valid IPv6 (all deprecated). But as soon a new IPv6 (non deprecated appears), it's ok.
Location
The add_cand before doesn't fail, but no candidate is added. This should be detected and we should fail the call.
Edited by Sébastien Blin