[SR-Users] Crash after async_sleep().

Daniel-Constantin Mierla miconda at gmail.com
Fri Oct 24 15:01:05 CEST 2014 

Hello,

async_sleep() has some limitations internally (I think there are some
notes about in readme), as the next actions are executed in a different
process, thus the context is not the same as before the function. It
should not crash, so I look over it.

Can you try async_route() instead? Just move what is after async_sleep()
in a route block.

Cheers,
Daniel

On 24/10/14 11:54, Vitaliy Aleksandrov wrote:
> Hello list.
>
> root at proxy:/# kamcmd core.version
> kamailio 4.1.4 (i386/linux)
>
> I'm getting a crash when I'm trying to simulate a ringing UAS from
> kamailio config.
> To achieve this I've added the next config actions:
>
>> if (is_method("INVITE") && !has_totag() && $rU =~ "^999") {
>>     sl_send_reply("100", "Fake Trying");
>>     sl_send_reply("180", "Fake Ringing");
>>
>>     t_set_fr(120000, 120000);
>>     t_set_retr(65000, 65000);
>>     t_set_auto_inv_100(0);
>>
>>     async_sleep("60");
>>     send_reply("480", "Fake Temporary Unavailable");
>>
>>     t_release(); #<---
>>
>>     exit();
>> };
> I expect to receive 180 reply immediately and 480 after 60 seconds.
> The problem appears when a caller cancels a call after 60 seconds
> which is equal to async_sleep() wait time.
> I suppose there is a race condition happens between UDP worker that
> processes CANCEL request and timer process which calls t_continue()
> (tm's function). Calling t_newtran() explicitly doesn't change the
> situation. The only way I found to avoid crash is to remove
> t_release() call. In this case kamailio complains that "script write
> didn't release transaction" but continues to process new calls.
>
> With -DTIMER_DEBUG and -DDBG_QM_MALLOC I got next information:
> /usr/sbin/kamailio[11307]: : <core> [mem/q_malloc.c:468]: qm_free():
> BUG: qm_free: freeing already freed pointer (0xb1d8c520), called from
> tm: h_table.c: free_cell(178), first free tm: h_table.c:
> free_cell(157) - aborting
>
> Crash mostly happens because of broken circular list of timers
> (timer_ln->next == NULL), but one time I saw got abort() during CANCEL
> request processing when tm tried to call free_cell() for an already
> freed pointer.
>
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

-- 
Daniel-Constantin Mierla
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda

More information about the sr-users mailing list