Hello,
I have a crash with the following scenario:
I try to route an INVITE to a remote host, it fails, I route to the second
suing the dispatcher module. It fails the second time and I stop the call.
It seems that I did not release the transaction in this case
93454 Feb 28 11:39:08 kamailio23 /usr/local/sbin/kamailio[20225]: WARNING:
tm [t_lookup.c:1536]: t_unref(): WARNING: script writer didn't release
transaction
And then, Kamailio receives BYE of other dialogs and it crashes
Here is core bt of 2 kamailio processes (4.1.1)
(gdb) bt full
#0 0x0000000000534e4e in timer_list_expire (t=1283469267,
h=0x7ff9219e99b8, slow_l=0x7ff9219e9c88, slow_mark=12) at timer.c:883
tl = 0x7ff921c6b8f0
ret = 32767
#1 0x00000000005351ba in timer_handler () at timer.c:959
saved_ticks = 1283469267
run_slow_timer = 0
i = 12
__FUNCTION__ = "timer_handler"
#2 0x0000000000535453 in timer_main () at timer.c:998
No locals.
#3 0x000000000046efa2 in main_loop () at main.c:1688
i = 8
pid = 0
si = 0x0
si_desc = "udp receiver child=7 sock=91.213.79.31:5060\000\001",
'\000' <repeats 19 times>,
"\020\000\000\000\000\000\000\000\243Mgf\000\000\000\000\260vA\000\000\000\000\000\020\201\351a\377\177",
'\000' <repeats 18 times>,
"P\177\351a\377\177\000\000\002\266K\000\000\000\000"
nrprocs = 8
__FUNCTION__ = "main_loop"
#4 0x0000000000471c38 in main (argc=5, argv=0x7fff61e98118) at main.c:2533
cfg_stream = 0x1970010
c = -1
r = 0
tmp = 0x7fff61e98148 "\211\236\351a\377\177"
tmp_len = 0
port = 5
proto = 0
options = 0x5de800
":f:cm:M:dVIhEeb:l:L:n:vKrRDTN:W:w:t:u:g:P:G:SQ:O:a:A:"
ret = -1
seed = 519948236
rfd = 4
debug_save = 0
debug_flag = 0
dont_fork_cnt = 0
n_lst = 0xbf
p = 0x416bd9 "H\203\304\b\303" <Address 0x416bde out of bounds>
__FUNCTION__ = "main"
(gdb) bt full
#0 0x00007ff92abf3475 in raise () from /lib/x86_64-linux-gnu/libc.so.6
No symbol table info available.
#1 0x00007ff92abf66f0 in abort () from /lib/x86_64-linux-gnu/libc.so.6
No symbol table info available.
#2 0x0000000000548253 in qm_free (qm=0x7ff921970000, p=0x7ff921c3b940,
file=0x7ff92925362d "tm: h_table.c", func=0x7ff9292537d8 "free_cell",
line=178) at mem/q_malloc.c:470
f = 0x7ff921c3b910
size = 5600
next = 0x7fff61e97ac0
prev = 0x7ff9291e571e
__FUNCTION__ = "qm_free"
#3 0x00007ff9291e64a9 in free_cell (dead_cell=0x7ff921c6b870) at
h_table.c:178
b = 0x0
i = 1
rpl = 0x0
tt = 0x0
foo = 0x5000548a29
cbs = 0x0
cbs_tmp = 0x7ff921c3b940
__FUNCTION__ = "free_cell"
#4 0x00007ff9291e7480 in free_hash_table () at h_table.c:441
p_cell = 0x7ff921c6b870
tmp_cell = 0x7ff921a159f0
i = 37066
__FUNCTION__ = "free_hash_table"
#5 0x00007ff9291fad35 in tm_shutdown () at t_funcs.c:122
__FUNCTION__ = "tm_shutdown"
#6 0x00000000004f8101 in destroy_modules () at sr_module.c:817
t = 0x7ff92a807d50
foo = 0x7ff92a807588
__FUNCTION__ = "destroy_modules"
#7 0x00000000004689b2 in cleanup (show_status=1) at main.c:560
memlog = 32761
__FUNCTION__ = "cleanup"
#8 0x0000000000469aab in shutdown_children (sig=15, show_status=1) at
main.c:702
__FUNCTION__ = "shutdown_children"
#9 0x000000000046b146 in handle_sigs () at main.c:793
chld = 0
chld_status = 139
memlog = 0
__FUNCTION__ = "handle_sigs"
#10 0x000000000046f549 in main_loop () at main.c:1746
i = 8
pid = 20250
si = 0x0
si_desc = "udp receiver child=7 sock=91.213.79.31:5060\000\001",
'\000' <repeats 19 times>,
"\020\000\000\000\000\000\000\000\243Mgf\000\000\000\000\260vA\000\000\000\000\000\020\201\351a\377\177",
'\000' <repeats 18 times>,
"P\177\351a\377\177\000\000\002\266K\000\000\000\000"
nrprocs = 8
__FUNCTION__ = "main_loop"
#11 0x0000000000471c38 in main (argc=5, argv=0x7fff61e98118) at main.c:2533
cfg_stream = 0x1970010
c = -1
r = 0
tmp = 0x7fff61e98148 "\211\236\351a\377\177"
tmp_len = 0
port = 5
proto = 0
options = 0x5de800
":f:cm:M:dVIhEeb:l:L:n:vKrRDTN:W:w:t:u:g:P:G:SQ:O:a:A:"
ret = -1
seed = 519948236
rfd = 4
debug_save = 0
debug_flag = 0
dont_fork_cnt = 0
n_lst = 0xbf
p = 0x416bd9 "H\203\304\b\303" <Address 0x416bde out of bounds>
__FUNCTION__ = "main"
Thank you for your help