Hi Henning,
Henning Westerholt schrieb:
Can you configure the kamailio server that it
generates a core file?
Then take a look to the backtrace where the invalid memory access was
done, to verify if its really crashed in the core function, or perhaps
some other parts has a problem here. Further informations:
http://www.kamailio.org/dokuwiki/doku.php/troubleshooting:corefiles
We generated a core file, the output of the backtrace is:
(gdb) bt
#0 0x00b237a2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2
#1 0x00b64825 in raise () from /lib/tls/libc.so.6
#2 0x00b66289 in abort () from /lib/tls/libc.so.6
#3 0x080c4436 in qm_free (qm=0x81677e0, p=0x0, file=0x811728e
"proxy.c", func=0x811724e "hostent_cpy", line=187) at
mem/q_malloc.c:444
#4 0x0807e329 in hostent_cpy (dst=0x8266e28, src=0x8146134) at proxy.c:187
#5 0x0807ea16 in mk_proxy (name=0xbfe8f380, port=0, proto=0, is_sips=0)
at proxy.c:305
#6 0x0023cf81 in add_uac (t=0xb61d6128, request=0x81bb218,
uri=0xbfe8f538, next_hop=0xbfe8f540, path=0x81bb538, proxy=0x0) at ut.h:67
#7 0x0023e74c in t_forward_nonack (t=0xb61d6128, p_msg=0x81bb218,
proxy=0x0) at t_fwd.c:630
#8 0x0023a501 in t_relay_to (p_msg=0x81bb218, proxy=0x0, flags=Variable
"flags" is not available.
) at t_funcs.c:264
#9 0x0024eb9f in w_t_relay (p_msg=0x81bb218, proxy=0x0, flags=0x0) at
tm.c:1002
#10 0x080531ed in do_action (a=0x81a966c, msg=0x81bb218) at action.c:874
#11 0x08055406 in run_action_list (a=0x81a966c, msg=0x81bb218) at
action.c:145
#12 0x08094fb0 in eval_expr (e=0x81a96fc, msg=0x81bb218, val=0x0) at
route.c:1171
#13 0x08095214 in eval_expr (e=0x81a974c, msg=0x81bb218, val=0x0) at
route.c:1488
#14 0x08094b6f in eval_expr (e=0x81a979c, msg=0x81bb218, val=0x0) at
route.c:1493
#15 0x080526d8 in do_action (a=0x81a9d7c, msg=0x81bb218) at action.c:729
#16 0x08055406 in run_action_list (a=0x81a952c, msg=0x81bb218) at
action.c:145
#17 0x08053ed9 in do_action (a=0x81a7efc, msg=0x81bb218) at action.c:120
#18 0x08055406 in run_action_list (a=0x81a7efc, msg=0x81bb218) at
action.c:145
#19 0x08054f85 in do_action (a=0x81a86ac, msg=0x81bb218) at action.c:746
#20 0x08055406 in run_action_list (a=0x81a86ac, msg=0x81bb218) at
action.c:145
#21 0x08054fbc in do_action (a=0x81a873c, msg=0x81bb218) at action.c:752
#22 0x08055406 in run_action_list (a=0x81a246c, msg=0x81bb218) at
action.c:145
#23 0x0805570e in run_top_route (a=0x81a246c, msg=0x81bb218) at action.c:120
#24 0x08087994 in receive_msg (
buf=0x8146ba0 "CANCEL sip:1001@212.59.42.187
SIP/2.0\r\nRecord-Route:
<sip:212.59.42.187;lr=on;ftag=ACU-6afbe8bb-f11cd9dc>\r\nRecord-Route:
<sip:212.59.42.187;lr=on;ftag=ACU-6afbe8bb-f11cd9dc>\r\nRecord-Route:
<sip:212.59"..., len=1499, rcv_info=0xbfe91240) at receive.c:175
#25 0x080be606 in udp_rcv_loop () at udp_server.c:449
#26 0x0806b361 in main (argc=3, argv=0xbfe914b4) at main.c:774
This core file obviuosly only occurs, because there is no more pkg
memory. proxy.c:
dst->h_addr_list=(char**)pkg_malloc(sizeof(char*)*(len+1));
if (dst->h_addr_list==0){
ser_error=ret=E_OUT_OF_MEM;
pkg_free(dst->h_name);
for(r=0; dst->h_aliases[r]; r++)
pkg_free(dst->h_aliases[r]);
pkg_free(dst->h_aliases[r]); <-- THIS IS LINE 187,
WHERE THE CORE FILE IS GENERATED
pkg_free(dst->h_aliases);
goto error;
}
So, there may be an error in proxy.c, but perhaps the reason for our
problem is in modules/htable/ht_var.c in pv_parse_ht_name(), where the
variable hpv is not freed?
Any comments on pv_parse_ht_name() are greatly appreciated. We could try
to fix this, but we're not sure about the sideeffects.
Regards,
Christian