Re: [SR-Users] rare crash , race condition between 183 and 408 ?

Hi all & hi Daniel , We had a crash with version 4.0.5 today . I looks like it happens due to a race condition between a provisional response (183) and the generation of a 408 . We send the INVITE, get a `100 Trying` from upstream , then we get a `183 Session Progress` from upstream , then after exactly 1 minute , we get another `183 Session Progress` from upstream. At this moment kamailio crashed. Some tm params we have : modparam("tm", "fr_timer", 5000) modparam("tm", "fr_inv_timer", 60000) <- our final reply timer is 1 minute . modparam("tm", "restart_fr_on_each_reply", 1) GDB output and logs here: kamailio 4.0.5 crash - in fake_req() - race cond - Pastebin.com <http://pastebin.com/GXJm7QyG> image <http://pastebin.com/GXJm7QyG> kamailio 4.0.5 crash - in fake_req() - race cond - Paste... <http://pastebin.com/GXJm7QyG> (gdb) bt #0 0x00007f4d93129a32 in memcpy () from /lib64/libc.so.6 View on pastebin.com <http://pastebin.com/GXJm7QyG> Preview by Yahoo In fake_req() from t_reply.c , the pointer shmem_msg->new_uri.s which is passed to memcpy becomes invalid. memcpy( faked_req->new_uri.s, shmem_msg->new_uri.s,faked_req->new_uri.len); (gdb) p shmem_msg->new_uri $3 = {s = 0x0, len = 0} If this bug is not supposed to be fixed in 4.2.0 , we can help with debugging . Regards, Dragos _______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users(a)lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users