<p>I add some debug to t_msgbuilder.h:free_faked_req</p>
<p>inline static void free_faked_req(struct sip_msg *faked_req, struct cell *t)<br>
{<br>
LM_DBG("free_faked_req 1 faked_req->req_lump=%p, t->uas.request->reply_lump=%p\n",faked_req->reply_lump,t->uas.request->reply_lump);<br>
if (faked_req->new_uri.s) {<br>
pkg_free(faked_req->new_uri.s);<br>
faked_req->new_uri.s = NULL;<br>
}<br>
LM_DBG("free_faked_req 2 faked_req->req_lump=%p, t->uas.request->reply_lump=%p\n",faked_req->reply_lump,t->uas.request->reply_lump);<br>
if (faked_req->dst_uri.s) {<br>
pkg_free(faked_req->dst_uri.s);<br>
faked_req->dst_uri.s = NULL;<br>
}<br>
LM_DBG("free_faked_req 3 faked_req->req_lump=%p, t->uas.request->reply_lump=%p\n",faked_req->reply_lump,t->uas.request->reply_lump);<br>
if (faked_req->path_vec.s) {<br>
pkg_free(faked_req->path_vec.s);<br>
faked_req->path_vec.s = NULL;<br>
}<br>
LM_DBG("free_faked_req 4 faked_req->req_lump=%p, t->uas.request->reply_lump=%p\n",faked_req->reply_lump,t->uas.request->reply_lump);<br>
if (faked_req->set_global_address.s) {<br>
pkg_free(faked_req->set_global_address.s);<br>
faked_req->set_global_address.s = NULL;<br>
}<br>
LM_DBG("free_faked_req 5 faked_req->req_lump=%p, t->uas.request->reply_lump=%p\n",faked_req->reply_lump,t->uas.request->reply_lump);<br>
if (faked_req->set_global_port.s) {<br>
pkg_free(faked_req->set_global_port.s);<br>
faked_req->set_global_port.s = NULL;<br>
}<br>
LM_DBG("free_faked_req 6 faked_req->req_lump=%p, t->uas.request->reply_lump=%p\n",faked_req->reply_lump,t->uas.request->reply_lump);</p>
<pre><code> /* SDP in not cloned into SHM, so if we have one, it means the SDP
* was parsed in the fake environment, so we have to free it */
if (faked_req->sdp)
free_sdp(&(faked_req->sdp));
LM_DBG("free_faked_req 7 faked_req->req_lump=%p, t->uas.request->reply_lump=%p\n",faked_req->reply_lump,t->uas.request->reply_lump);
if (faked_req->multi) {
free_multi_body(faked_req->multi);
faked_req->multi = NULL;
}
LM_DBG("free_faked_req 8 faked_req->req_lump=%p, t->uas.request->reply_lump=%p\n",faked_req->reply_lump,t->uas.request->reply_lump);
if (faked_req->msg_cb) {
msg_callback_process(faked_req, MSG_DESTROY, NULL);
}
LM_DBG("free_faked_req 9 faked_req->req_lump=%p, t->uas.request->reply_lump=%p\n",faked_req->reply_lump,t->uas.request->reply_lump);
/* free all types of lump that were added in failure handlers */
del_notflaged_lumps( &(faked_req->add_rm), LUMPFLAG_SHMEM );
LM_DBG("free_faked_req 10 faked_req->req_lump=%p, t->uas.request->reply_lump=%p\n",faked_req->reply_lump,t->uas.request->reply_lump);
del_notflaged_lumps( &(faked_req->body_lumps), LUMPFLAG_SHMEM );
LM_DBG("free_faked_req 11 faked_req->req_lump=%p, t->uas.request->reply_lump=%p\n",faked_req->reply_lump,t->uas.request->reply_lump);
del_nonshm_lump_rpl( &(faked_req->reply_lump) );
LM_DBG("free_faked_req 12 faked_req->req_lump=%p, t->uas.request->reply_lump=%p\n",faked_req->reply_lump,t->uas.request->reply_lump);
if (faked_req->add_rm && faked_req->add_rm != t->uas.request->add_rm)
shm_free(faked_req->add_rm);
LM_DBG("free_faked_req 13 faked_req->req_lump=%p, t->uas.request->reply_lump=%p\n",faked_req->reply_lump,t->uas.request->reply_lump);
if (faked_req->body_lumps && faked_req->body_lumps != t->uas.request->body_lumps)
shm_free(faked_req->body_lumps);
LM_DBG("free_faked_req 14 faked_req->req_lump=%p, t->uas.request->reply_lump=%p\n",faked_req->reply_lump,t->uas.request->reply_lump);
if (faked_req->reply_lump && faked_req->reply_lump != t->uas.request->reply_lump)
shm_free(faked_req->reply_lump);
clean_msg_clone( faked_req, t->uas.request, t->uas.end_request);
</code></pre>
<p>}</p>
<p>And I get in log this:</p>
<p>May 7 14:05:46 [29045] DBG<img class="emoji" title=":tm:" alt=":tm:" src="https://assets-cdn.github.com/images/icons/emoji/unicode/2122.png" height="20" width="20" align="absmiddle">free_faked_req: free_faked_req 1 faked_req->req_lump=(nil), t->uas.request->reply_lump=(nil)<br>
params(0x7f359e3a8010, 0x7f359e47da48), called from t_msgbuilder.h: free_faked_req(217)<br>
freeing frag. 0x7f359e47da18 alloc'ed from t_msgbuilder.h: fake_req(148)<br>
May 7 14:05:46 [29045] DBG<img class="emoji" title=":tm:" alt=":tm:" src="https://assets-cdn.github.com/images/icons/emoji/unicode/2122.png" height="20" width="20" align="absmiddle">free_faked_req: free_faked_req 2 faked_req->req_lump=(nil), t->uas.request->reply_lump=(nil)<br>
May 7 14:05:46 [29045] DBG<img class="emoji" title=":tm:" alt=":tm:" src="https://assets-cdn.github.com/images/icons/emoji/unicode/2122.png" height="20" width="20" align="absmiddle">free_faked_req: free_faked_req 3 faked_req->req_lump=(nil), t->uas.request->reply_lump=(nil)<br>
params(0x7f359e3a8010, 0x7f35969a77d0), called from t_msgbuilder.h: free_faked_req(227)<br>
May 7 14:05:46 [29045] CRITICAL:core:qm_free: bad pointer 0x7f35969a77d0 (out of memory block!) - aborting<br>
Aborted (core dumped)</p>
<p>#0 0x00007f359e5db625 in raise () from /lib64/libc.so.6<br>
Missing separate debuginfos, use: debuginfo-install glibc-2.12-1.149.el6_6.5.x86_64 keyutils-libs-1.4-5.el6.x86_64 krb5-libs-1.10.3-33.el6.x86_64 libcom_err-1.41.12-21.el6.x86_64 libselinux-2.0.94-5.8.el6.x86_64 mysql-libs-5.1.73-3.el6_5.x86_64 nss-softokn-freebl-3.14.3-22.el6_6.x86_64 openssl-1.0.1e-30.el6_6.7.x86_64 zlib-1.2.3-29.el6.x86_64<br>
(gdb) bt<br>
#0 0x00007f359e5db625 in raise () from /lib64/libc.so.6<br>
<a href="https://github.com/OpenSIPS/opensips/issues/1" class="issue-link" title="Dummy ticket">#1</a> 0x00007f359e5dce05 in abort () from /lib64/libc.so.6<br>
<a href="https://github.com/OpenSIPS/opensips/issues/2" class="issue-link" title="Dummy issue">#2</a> 0x00000000004e875b in qm_free (qm=, p=0x7f35969a77d0, file=0x7f359a222304 "t_msgbuilder.h", func=, line=) at mem/q_malloc.c:459<br>
<a href="https://github.com/OpenSIPS/opensips/pull/3" class="issue-link" title="Compilation problem under CentOS 6">#3</a> 0x00007f359a215524 in free_faked_req (faked_req=0x7f359a4345c0, t=0x7f35969a41a8) at t_msgbuilder.h:227<br>
<a href="https://github.com/OpenSIPS/opensips/pull/4" class="issue-link" title="Compilation problem under CentOS 6">#4</a> 0x00007f359a21a08c in run_failure_handlers (Trans=0x7f35969a41a8, new_code=, branch=, should_store=0x7fff227582f8, should_relay=0x7fff227582fc, cancel_bitmap=,<br>
reply=0x7f359e47ec18) at t_reply.c:587<br>
<a href="https://github.com/OpenSIPS/opensips/pull/5" class="issue-link" title="spec file update to CentOS 6">#5</a> t_should_relay_response (Trans=0x7f35969a41a8, new_code=, branch=, should_store=0x7fff227582f8, should_relay=0x7fff227582fc, cancel_bitmap=, reply=0x7f359e47ec18)<br>
at t_reply.c:912<br>
<a href="https://github.com/OpenSIPS/opensips/issues/6" class="issue-link" title="Wrong password column used for authentication">#6</a> 0x00007f359a21b15c in relay_reply (t=0x7f35969a41a8, p_msg=0x7f359e47ec18, branch=0, msg_status=487, cancel_bitmap=0x7fff227583d8) at t_reply.c:1126<br>
<a href="https://github.com/OpenSIPS/opensips/pull/7" class="issue-link" title="b2bua: Add AVP-based authentication">#7</a> 0x00007f359a21c6c0 in reply_received (p_msg=0x7f359e47ec18) at t_reply.c:1506<br>
<a href="https://github.com/OpenSIPS/opensips/issues/8" class="issue-link" title="Flag to set string to lower for RURI/From/To/Contact">#8</a> 0x0000000000430adc in forward_reply (msg=0x7f359e47ec18) at forward.c:516<br>
<a href="https://github.com/OpenSIPS/opensips/issues/9" class="issue-link" title="segfault on fm_malloc">#9</a> 0x000000000047f646 in receive_msg (<br>
buf=0x82e680 "SIP/2.0 487 Request Terminated\r\nVia: SIP/2.0/UDP 192.168.254.93:5060;received=192.168.254.93;rport=5060;branch=z9hG4bK161b.ba138443.0\r\nVia: SIP/2.0/UDP 192.168.254.92:5060;rport=5060;received=192.168."...,<br>
len=, rcv_info=) at receive.c:243<br>
<a href="https://github.com/OpenSIPS/opensips/issues/10" class="issue-link" title="Set exchange and routing-key for event_rabbitmq module">#10</a> 0x000000000056c74a in udp_read_req (si=, bytes_read=) at net/proto_udp/proto_udp.c:189<br>
<a href="https://github.com/OpenSIPS/opensips/issues/11" class="issue-link" title="Set exchange and routing-key for the event_rabbitmq module">#11</a> 0x000000000056222c in handle_io (si=) at net/net_udp.c:253<br>
<a href="https://github.com/OpenSIPS/opensips/pull/12" class="issue-link" title="Install Notes">#12</a> io_wait_loop_epoll (si=) at net/../io_wait_loop.h:186<br>
<a href="https://github.com/OpenSIPS/opensips/pull/13" class="issue-link" title="1.8">#13</a> udp_rcv_loop (si=) at net/net_udp.c:301<br>
<a href="https://github.com/OpenSIPS/opensips/pull/14" class="issue-link" title="Added presence federation algorithm.">#14</a> 0x00000000005632ce in udp_start_nofork () at net/net_udp.c:367<br>
<a href="https://github.com/OpenSIPS/opensips/pull/15" class="issue-link" title="Ds better pua dialoginfo">#15</a> 0x00000000004397ea in main_loop (argc=, argv=) at main.c:665<br>
<a href="https://github.com/OpenSIPS/opensips/pull/16" class="issue-link" title="Fix PUA module so that it sends a final PUBLISH on expiration.">#16</a> main (argc=, argv=) at main.c:1248</p>
<p>Now it is crashed on pkg_free(faked_req->path_vec.s)</p>
<p>Vlad, I send you log with memory debug.</p>
<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">—<br>Reply to this email directly or <a href="https://github.com/OpenSIPS/opensips/issues/484#issuecomment-99820861">view it on GitHub</a>.<img alt="" height="1" src="https://github.com/notifications/beacon/AFOciZeZU8hXNV4TiSdYo0fPetSVWkXCks5oG0MJgaJpZM4ELmBx.gif" width="1" /></p>
<div itemscope itemtype="http://schema.org/EmailMessage">
<div itemprop="action" itemscope itemtype="http://schema.org/ViewAction">
<link itemprop="url" href="https://github.com/OpenSIPS/opensips/issues/484#issuecomment-99820861"></link>
<meta itemprop="name" content="View Issue"></meta>
</div>
<meta itemprop="description" content="View this Issue on GitHub"></meta>
</div>