<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>Thanks for following up! I backported the commit to branch 5.0.</p>
<p>Cheers,<br>
Daniel<br>
</p>
<br>
<div class="moz-cite-prefix">On 07.09.17 11:00, Vitaliy Aleksandrov
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CANz6d4+tuTR46PoR+ZGftRnS5fBdBzYkOk_nxqX9gPZ=NJ26zQ@mail.gmail.com">
<div dir="ltr">Everything is OK so far. Haven't found any issues
with the patch.<br>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Wed, Sep 6, 2017 at 4:01 PM,
Daniel-Constantin Mierla <span dir="ltr"><<a
href="mailto:miconda@gmail.com" target="_blank"
moz-do-not-send="true">miconda@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<p>OK, I will wait a bit and then backport.</p>
<p>Thanks for testing and assisting with troubleshooting.</p>
<span class="HOEnZb"><font color="#888888">
<p>Daniel<br>
</p>
</font></span>
<div>
<div class="h5"> <br>
<div class="m_6457988815724214797moz-cite-prefix">On
06.09.17 14:29, Vitaliy Aleksandrov wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Thanks for the quick fix.
<div><br>
</div>
<div>Installed the latest 5.0 branch with the
mentioned patch and had no crashes so far.
<div>Will do an additional testing and inform if
find any issues.</div>
</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Wed, Sep 6, 2017 at
12:25 PM, Daniel-Constantin Mierla <span
dir="ltr"><<a
href="mailto:miconda@gmail.com"
target="_blank" moz-do-not-send="true">miconda@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0
0 0 .8ex;border-left:1px #ccc
solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<p>I think I caught the issue and fixed with
commit b672d8ef63715cf816390a05ce7a44<wbr>1377c3e468
in master branch.</p>
<p>It was caused by not resetting the
T_ASYNC_CONTINUE flag after t_continue(),
which caused other parts of code to not
reset the reply field of any branch. The
reply field could have been set by another
process, so at the time of destroying the
transaction, the pointer could have been
to memory zone of another process, so
access it caused the crash.</p>
<p>Along with this fix, I added few other
safety checks in my way to investigate the
issue.</p>
<p>Can you cherry pick this commit and test
in branch 5.0? I want to be sure there is
no obvious side effect before porting it.</p>
<p>Cheers,<br>
Daniel<br>
</p>
<div>
<div class="m_6457988815724214797h5"> <br>
<div
class="m_6457988815724214797m_4057521748387470043moz-cite-prefix">On
05.09.17 11:02, Daniel-Constantin
Mierla wrote:<br>
</div>
<blockquote type="cite">
<p>Hello,</p>
<p>does it happen to have the pcap (or
ngrep) with the sip traffic for the
call? It will be useful to see the
flow with
requests/replies/retransmissio<wbr>ns
and their timestamps...<br>
</p>
<p>Is this version the snapshot of
5.0.2 release or a build from branch
5.0?</p>
<p>Cheers,<br>
Daniel<br>
</p>
<br>
<div
class="m_6457988815724214797m_4057521748387470043moz-cite-prefix">On
05.09.17 10:01, Vitaliy Aleksandrov
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Hello kamailio list,
<div><br>
</div>
<div>Recently found a problem in
my configuration that uses
async_route() functionality.</div>
<div>It crashes after several
calls when wait_timer fires.</div>
<div><br>
</div>
<div>
<div>#0 0xb74a8556 in raise ()
from /lib/libc.so.6</div>
<div>#1 0xb74a9d78 in abort ()
from /lib/libc.so.6</div>
<div>#2 0x08293ae2 in qm_free
(qmp=0xad65d000, p=0x3d64692d,
file=0xb6216a16 "tm:
h_table.c", func=0xb621663c
<__FUNCTION__.18751>
"free_cell_helper", line=187,
mname=0xb621664d "tm") at
core/mem/q_malloc.c:471</div>
<div>#3 0xb613f103 in
free_cell_helper
(dead_cell=0xae2cd210,
silent=0, fname=0xb6239ea5
"timer.c", fline=655) at
h_table.c:187</div>
<div>#4 0xb61e7758 in
wait_handler (ti=557858937,
wait_tl=0xae2cd258,
data=0xae2cd210) at
timer.c:655</div>
<div>#5 0x0826a2cc in
timer_list_expire
(t=557858937, h=0xad6b9668,
slow_l=0xad6ba144,
slow_mark=312) at
core/timer.c:874</div>
<div>#6 0x08267cb1 in
timer_handler () at
core/timer.c:939</div>
<div>#7 0x0826a4d3 in
timer_main () at
core/timer.c:978</div>
<div>#8 0x08069575 in main_loop
() at main.c:1721</div>
<div>#9 0x080707ca in main
(argc=11, argv=0xbf85f044) at
main.c:2723</div>
<div><br>
</div>
<div>When crash happens,
kamailio prints the following
message:</div>
<div>Sep 4 16:15:38 [18938]: :
<core>
[core/mem/q_malloc.c:469]:
qm_free(): BUG: qm_free: bad
pointer 0x70707553 (out of
memory block!) called from tm:
h_table.c:
free_cell_helper(187) -
aborting</div>
</div>
<div><br>
</div>
<div>Also had a few crashes in
retransmission_handler():<br>
</div>
<div>
<div><br>
</div>
<div>#0 0xb750b556 in raise ()
from /lib/libc.so.6</div>
<div>#1 0xb750cd78 in abort ()
from /lib/libc.so.6</div>
<div>#2 0xb6249b5a in
retransmission_handler
(r_buf=0xae036674) at
timer.c:367</div>
<div>#3 0xb6247558 in
retr_buf_handler
(ticks=1234464444,
tl=0xae036688, p=0x1f40) at
timer.c:594</div>
<div>#4 0x0826a2cc in
timer_list_expire
(t=1234464444, h=0xad71c668,
slow_l=0xad71cd44,
slow_mark=2232) at
core/timer.c:874</div>
<div>#5 0x08267cb1 in
timer_handler () at
core/timer.c:939</div>
<div>#6 0x0826a4d3 in
timer_main () at
core/timer.c:978</div>
<div>#7 0x08069575 in main_loop
() at main.c:1721</div>
<div>#8 0x080707ca in main
(argc=11, argv=0xbff64134) at
main.c:2723</div>
<div><br>
</div>
<div>ERROR: tm [timer.c:366]:
retransmission_handler():
transaction 0xae0365e0
scheduled for deletion and
called from RETR timer (flags
6d)</div>
</div>
<div><br>
</div>
<div>Both timers fired for an
INVITE transaction that was
previously suspended by
async_route(), then resumed,
sent out and received a 4xx
reply (407).</div>
<div><br>
</div>
<div>This configuration worked
fine with kamailio 4.2.x and
problem appeared after upgrading
to 5.0.2.</div>
<div><br>
</div>
<div>Trying to figure out how to
narrow down the problem. Any
input is appreciated.</div>
</div>
<br>
<fieldset
class="m_6457988815724214797m_4057521748387470043mimeAttachmentHeader"></fieldset>
<br>
<pre>______________________________<wbr>_________________
Kamailio (SER) - Users Mailing List
<a class="m_6457988815724214797m_4057521748387470043moz-txt-link-abbreviated" href="mailto:sr-users@lists.kamailio.org" target="_blank" moz-do-not-send="true">sr-users@lists.kamailio.org</a>
<a class="m_6457988815724214797m_4057521748387470043moz-txt-link-freetext" href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users" target="_blank" moz-do-not-send="true">https://lists.kamailio.org/cgi<wbr>-bin/mailman/listinfo/sr-users</a>
</pre>
</blockquote>
<br>
<pre class="m_6457988815724214797m_4057521748387470043moz-signature" cols="72">--
Daniel-Constantin Mierla
<a class="m_6457988815724214797m_4057521748387470043moz-txt-link-abbreviated" href="http://www.twitter.com/miconda" target="_blank" moz-do-not-send="true">www.twitter.com/miconda</a> -- <a class="m_6457988815724214797m_4057521748387470043moz-txt-link-abbreviated" href="http://www.linkedin.com/in/miconda" target="_blank" moz-do-not-send="true">www.linkedin.com/in/miconda</a>
Kamailio Advanced Training - <a class="m_6457988815724214797m_4057521748387470043moz-txt-link-abbreviated" href="http://www.asipto.com" target="_blank" moz-do-not-send="true">www.asipto.com</a>
Kamailio World Conference - <a class="m_6457988815724214797m_4057521748387470043moz-txt-link-abbreviated" href="http://www.kamailioworld.com" target="_blank" moz-do-not-send="true">www.kamailioworld.com</a></pre>
</blockquote>
<br>
<pre class="m_6457988815724214797m_4057521748387470043moz-signature" cols="72">--
Daniel-Constantin Mierla
<a class="m_6457988815724214797m_4057521748387470043moz-txt-link-abbreviated" href="http://www.twitter.com/miconda" target="_blank" moz-do-not-send="true">www.twitter.com/miconda</a> -- <a class="m_6457988815724214797m_4057521748387470043moz-txt-link-abbreviated" href="http://www.linkedin.com/in/miconda" target="_blank" moz-do-not-send="true">www.linkedin.com/in/miconda</a>
Kamailio Advanced Training - <a class="m_6457988815724214797m_4057521748387470043moz-txt-link-abbreviated" href="http://www.asipto.com" target="_blank" moz-do-not-send="true">www.asipto.com</a>
Kamailio World Conference - <a class="m_6457988815724214797m_4057521748387470043moz-txt-link-abbreviated" href="http://www.kamailioworld.com" target="_blank" moz-do-not-send="true">www.kamailioworld.com</a></pre>
</div>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
<pre class="m_6457988815724214797moz-signature" cols="72">--
Daniel-Constantin Mierla
<a class="m_6457988815724214797moz-txt-link-abbreviated" href="http://www.twitter.com/miconda" target="_blank" moz-do-not-send="true">www.twitter.com/miconda</a> -- <a class="m_6457988815724214797moz-txt-link-abbreviated" href="http://www.linkedin.com/in/miconda" target="_blank" moz-do-not-send="true">www.linkedin.com/in/miconda</a>
Kamailio Advanced Training - <a class="m_6457988815724214797moz-txt-link-abbreviated" href="http://www.asipto.com" target="_blank" moz-do-not-send="true">www.asipto.com</a>
Kamailio World Conference - <a class="m_6457988815724214797moz-txt-link-abbreviated" href="http://www.kamailioworld.com" target="_blank" moz-do-not-send="true">www.kamailioworld.com</a></pre>
</div>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Daniel-Constantin Mierla
<a class="moz-txt-link-abbreviated" href="http://www.twitter.com/miconda">www.twitter.com/miconda</a> -- <a class="moz-txt-link-abbreviated" href="http://www.linkedin.com/in/miconda">www.linkedin.com/in/miconda</a>
Kamailio Advanced Training - <a class="moz-txt-link-abbreviated" href="http://www.asipto.com">www.asipto.com</a>
Kamailio World Conference - <a class="moz-txt-link-abbreviated" href="http://www.kamailioworld.com">www.kamailioworld.com</a></pre>
</body>
</html>