Hello list.
root@proxy:/# kamcmd core.version kamailio 4.1.4 (i386/linux)
I'm getting a crash when I'm trying to simulate a ringing UAS from kamailio config. To achieve this I've added the next config actions:
if (is_method("INVITE") && !has_totag() && $rU =~ "^999") { sl_send_reply("100", "Fake Trying"); sl_send_reply("180", "Fake Ringing");
t_set_fr(120000, 120000); t_set_retr(65000, 65000); t_set_auto_inv_100(0); async_sleep("60"); send_reply("480", "Fake Temporary Unavailable"); t_release(); #<--- exit();};
I expect to receive 180 reply immediately and 480 after 60 seconds. The problem appears when a caller cancels a call after 60 seconds which is equal to async_sleep() wait time. I suppose there is a race condition happens between UDP worker that processes CANCEL request and timer process which calls t_continue() (tm's function). Calling t_newtran() explicitly doesn't change the situation. The only way I found to avoid crash is to remove t_release() call. In this case kamailio complains that "script write didn't release transaction" but continues to process new calls.
With -DTIMER_DEBUG and -DDBG_QM_MALLOC I got next information: /usr/sbin/kamailio[11307]: : <core> [mem/q_malloc.c:468]: qm_free(): BUG: qm_free: freeing already freed pointer (0xb1d8c520), called from tm: h_table.c: free_cell(178), first free tm: h_table.c: free_cell(157) - aborting
Crash mostly happens because of broken circular list of timers (timer_ln->next == NULL), but one time I saw got abort() during CANCEL request processing when tm tried to call free_cell() for an already freed pointer.
Hello,
async_sleep() has some limitations internally (I think there are some notes about in readme), as the next actions are executed in a different process, thus the context is not the same as before the function. It should not crash, so I look over it.
Can you try async_route() instead? Just move what is after async_sleep() in a route block.
Cheers, Daniel
On 24/10/14 11:54, Vitaliy Aleksandrov wrote:
Hello list.
root@proxy:/# kamcmd core.version kamailio 4.1.4 (i386/linux)
I'm getting a crash when I'm trying to simulate a ringing UAS from kamailio config. To achieve this I've added the next config actions:
if (is_method("INVITE") && !has_totag() && $rU =~ "^999") { sl_send_reply("100", "Fake Trying"); sl_send_reply("180", "Fake Ringing");
t_set_fr(120000, 120000); t_set_retr(65000, 65000); t_set_auto_inv_100(0); async_sleep("60"); send_reply("480", "Fake Temporary Unavailable"); t_release(); #<--- exit();};
I expect to receive 180 reply immediately and 480 after 60 seconds. The problem appears when a caller cancels a call after 60 seconds which is equal to async_sleep() wait time. I suppose there is a race condition happens between UDP worker that processes CANCEL request and timer process which calls t_continue() (tm's function). Calling t_newtran() explicitly doesn't change the situation. The only way I found to avoid crash is to remove t_release() call. In this case kamailio complains that "script write didn't release transaction" but continues to process new calls.
With -DTIMER_DEBUG and -DDBG_QM_MALLOC I got next information: /usr/sbin/kamailio[11307]: : <core> [mem/q_malloc.c:468]: qm_free(): BUG: qm_free: freeing already freed pointer (0xb1d8c520), called from tm: h_table.c: free_cell(178), first free tm: h_table.c: free_cell(157) - aborting
Crash mostly happens because of broken circular list of timers (timer_ln->next == NULL), but one time I saw got abort() during CANCEL request processing when tm tried to call free_cell() for an already freed pointer.
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
-
Daniel-Constantin Mierla -
Vitaliy Aleksandrov