[SR-Users] rare crash , race condition between 183 and 408 ?
Dragos Oancea
droancea at yahoo.com
Tue Nov 4 18:18:50 CET 2014
Hi all & hi Daniel ,
We had a crash with version 4.0.5 today .
I looks like it happens due to a race condition between a provisional response (183) and the generation of a 408 .
We send the INVITE, get a `100 Trying` from upstream , then we get a `183 Session Progress` from upstream , then after exactly 1 minute , we get another `183 Session Progress` from upstream. At this moment kamailio crashed.
Some tm params we have :
modparam("tm", "fr_timer", 5000)
modparam("tm", "fr_inv_timer", 60000) <- our final reply timer is 1 minute .
modparam("tm", "restart_fr_on_each_reply", 1)
GDB output and logs here:
kamailio 4.0.5 crash - in fake_req() - race cond - Pastebin.com
kamailio 4.0.5 crash - in fake_req() - race cond - Paste...
(gdb) bt #0 0x00007f4d93129a32 in memcpy () from /lib64/libc.so.6
View on pastebin.com Preview by Yahoo
In fake_req() from t_reply.c , the pointer shmem_msg->new_uri.s which is passed to memcpy becomes invalid.
memcpy( faked_req->new_uri.s, shmem_msg->new_uri.s,faked_req->new_uri.len);
(gdb) p shmem_msg->new_uri
$3 = {s = 0x0, len = 0}
If this bug is not supposed to be fixed in 4.2.0 , we can help with debugging .
Regards,
Dragos
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20141104/80626042/attachment.html>
More information about the sr-users
mailing list