<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Hello,<br>
<br>
it is still related to tm and the other related crashes. This one
can be avoided via setting:<br>
<br>
mem_safety=1<br>
<br>
in kamailio.cfg<br>
<br>
I saw that other developers will start soon to investigate, I will
look over the reports soon as well, currently being out of office.<br>
<br>
Cheers,<br>
Daniel<br>
<br>
<div class="moz-cite-prefix">On 28/02/14 13:31, Tuan Viet Nguyen
wrote:<br>
</div>
<blockquote
cite="mid:CACkmdBNLhVT9v_m0Hhg5hLg=CTx1840dH_p5PQvmwYKYc2Qi5g@mail.gmail.com"
type="cite">
<div dir="ltr">
<div>
<div>
<div>
<div>Hello,<br>
<br>
</div>
I have another kamailio crash with 4.1.1. The scenario is
simple:<br>
</div>
+ call a number, fail<br>
</div>
+ retry on another peer, fails<br>
<br>
</div>
In this case, I use t_reply("404", "Not found") then exit. It
seems that we have a double qm_free.<br>
<div>
<div><br>
Log file<br>
Feb 28 13:15:56 kamailio23 /usr/local/sbin/kamailio[29595]:
WARNING: tm [t_lookup.c:1536]: t_unref(): WARNING: script
writer didn't release transaction<br>
Feb 28 13:15:56 kamailio23 /usr/local/sbin/kamailio[29583]:
: <core> [mem/q_malloc.c:468]: qm_free(): BUG:
qm_free: freeing already freed pointer (0x7f9dedb3e110),
called from tm: h_table.c: free_cell(157), first free tm:
h_table.c: free_cell(157) - aborting<br>
Feb 28 13:15:56 kamailio23 /usr/local/sbin/kamailio[29627]:
: <core> [pass_fd.c:293]: receive_fd(): ERROR:
receive_fd: EOF on 19 <br>
Feb 28 13:15:56 kamailio23 /usr/local/sbin/kamailio[29576]:
ALERT: <core> [main.c:775]: handle_sigs(): child
process 29583 exited by a signal 6<br>
Feb 28 13:15:56 kamailio23 /usr/local/sbin/kamailio[29576]:
ALERT: <core> [main.c:778]: handle_sigs(): core was
generated<br>
<br>
<span style="color:rgb(255,0,0)">core.kamailio.29583</span><br>
</div>
<div><span style="color:rgb(255,0,0)">(gdb) bt full</span> <br>
#0 0x00007f9df6afb475 in raise () from
/lib/x86_64-linux-gnu/libc.so.6<br>
No symbol table info available.<br>
#1 0x00007f9df6afe6f0 in abort () from
/lib/x86_64-linux-gnu/libc.so.6<br>
No symbol table info available.<br>
#2 0x0000000000548253 in qm_free (qm=0x7f9ded878000,
p=0x7f9dedb3e110, file=0x7f9df515b62d "tm: h_table.c",
func=0x7f9df515b7d8 "free_cell", line=157) at
mem/q_malloc.c:470<br>
f = 0x7f9dedb3e0e0<br>
size = 140316274568736<br>
next = 0x0<br>
prev = 0x0<br>
__FUNCTION__ = "qm_free"<br>
#3 0x00007f9df50ee2b3 in free_cell
(dead_cell=0x7f9dedb39490) at h_table.c:157<br>
b = 0x0<br>
i = 2<br>
rpl = 0x0<br>
tt = 0x177dd596e30<br>
foo = 0x7fffdd597400<br>
cbs = 0x7f9dedb39490<br>
cbs_tmp = 0x7fffdd596f10<br>
__FUNCTION__ = "free_cell"<br>
#4 0x00007f9df511c662 in t_unref (p_msg=0x7f9df68bfdb0) at
t_lookup.c:1546<br>
kr = 12<br>
__FUNCTION__ = "t_unref"<br>
#5 0x00007f9df5146f4d in w_t_unref (foo=0x7f9df68bfdb0,
flags=2147483649, bar=0x0) at tm.c:765<br>
No locals.<br>
#6 0x00000000004d6f27 in exec_post_script_cb
(msg=0x7f9df68bfdb0, type=REQUEST_CB_TYPE) at
script_cb.c:195<br>
cb = 0x7f9df68a97d0<br>
flags = 2147483649<br>
#7 0x00000000004a6e24 in receive_msg (buf=0x921620 "ACK <a
moz-do-not-send="true"
href="mailto:sip%3A0123456789@10.100.8.7" target="_blank">sip:0123456789@10.100.8.7</a>
SIP/2.0\r\nVia: SIP/2.0/UDP
10.100.8.94;branch=z9hG4bKbcd8.9b0d4b2682a07fefaa22406761659624.0\r\nMax-Forwards:
15\r\nFrom: \"via_test\" <<a moz-do-not-send="true"
href="mailto:sip%3A0310193301@10.100.8.12" target="_blank">sip:0310193301@10.100.8.12</a>>;tag=as4d03043"...,
<br>
len=375, rcv_info=0x7fffdd5970d0) at receive.c:228<br>
msg = 0x7f9df68bfdb0<br>
ctx = {rec_lev = -581341280, run_flags = 32767,
last_retcode = 5, jmp_env = {{__jmpbuf = {8857080, 0, 0, 0,
0, 140316433164786, 17179869189, 0}, __mask_was_saved =
8856992, __saved_mask = {__val = {1, 140316271892032,
1656210553, 3713626240, 1024, 8008593472, <br>
140316271892032, 140736907014208, 5472467,
1577608202, 140316271892032, 50195, 140316271892032,
140316426284544, 8282899704, 140736907014272}}}}}<br>
ret = 0<br>
inb = {s = 0x921620 "ACK <a moz-do-not-send="true"
href="mailto:sip%3A0123456789@10.100.8.7" target="_blank">sip:0123456789@10.100.8.7</a>
SIP/2.0\r\nVia: SIP/2.0/UDP
10.100.8.94;branch=z9hG4bKbcd8.9b0d4b2682a07fefaa22406761659624.0\r\nMax-Forwards:
15\r\nFrom: \"via_test\" <<a moz-do-not-send="true"
href="mailto:sip%3A0310193301@10.100.8.12" target="_blank">sip:0310193301@10.100.8.12</a>>;tag=as4d03043"...,
len = 375}<br>
__FUNCTION__ = "receive_msg"<br>
#8 0x000000000053c0d8 in udp_rcv_loop () at
udp_server.c:536<br>
len = 375<br>
buf = "ACK <a moz-do-not-send="true"
href="mailto:sip%3A0123456789@10.100.8.7" target="_blank">sip:0123456789@10.100.8.7</a>
SIP/2.0\r\nVia: SIP/2.0/UDP
10.100.8.94;branch=z9hG4bKbcd8.9b0d4b2682a07fefaa22406761659624.0\r\nMax-Forwards:
15\r\nFrom: \"via_test\" <<a moz-do-not-send="true"
href="mailto:sip%3A0310193301@10.100.8.12" target="_blank">sip:0310193301@10.100.8.12</a>>;tag=as4d03043"...<br>
tmp = 0x13e0751a0eb8aa4f <Address
0x13e0751a0eb8aa4f out of bounds><br>
from = 0x7f9df68a5408<br>
fromlen = 16<br>
ri = {src_ip = {af = 2, len = 4, u = {addrl =
{1577608202, 4290224}, addr32 = {1577608202, 0, 4290224, 0},
addr16 = {25610, 24072, 0, 0, 30384, 65, 0, 0}, addr =
"\nd\b^\000\000\000\000\260vA\000\000\000\000"}}, dst_ip =
{af = 2, len = 4, u = {addrl = {<br>
117990410, 0}, addr32 = {117990410, 0, 0,
0}, addr16 = {25610, 1800, 0, 0, 0, 0, 0, 0}, addr =
"\nd\b\a", '\000' <repeats 11 times>}}, src_port =
5060, dst_port = 5060, proto_reserved1 = 0, proto_reserved2
= 0, src_su = {s = {sa_family = 2, <br>
sa_data =
"\023\304\nd\b^\000\000\000\000\000\000\000"}, sin =
{sin_family = 2, sin_port = 50195, sin_addr = {s_addr =
1577608202}, sin_zero = "\000\000\000\000\000\000\000"},
sin6 = {sin6_family = 2, sin6_port = 50195, sin6_flowinfo =
1577608202, <br>
sin6_addr = {__in6_u = {__u6_addr8 = '\000'
<repeats 15 times>, __u6_addr16 = {0, 0, 0, 0, 0, 0,
0, 0}, __u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}},
bind_address = 0x7f9df6704da8, proto = 1 '\001'}<br>
__FUNCTION__ = "udp_rcv_loop"<br>
#9 0x000000000046ec98 in main_loop () at main.c:1617<br>
i = 5<br>
pid = 0<br>
si = 0x7f9df6704da8<br>
si_desc = "udp receiver child=5 sock=<a
moz-do-not-send="true" href="http://10.100.8.7:5060"
target="_blank">10.100.8.7:5060</a>\000\000\000\001",
'\000' <repeats 19 times>,
"\020\000\000\000\000\000\000\000y\304\267b\000\000\000\000\260vA\000\000\000\000\000\000tY\335\377\177",
'\000' <repeats 18 times>,
"@rY\335\377\177\000\000\002\266K\000\000\000\000"<br>
nrprocs = 8<br>
__FUNCTION__ = "main_loop"<br>
#10 0x0000000000471c38 in main (argc=5, argv=0x7fffdd597408)
at main.c:2533<br>
cfg_stream = 0x164c010<br>
c = -1<br>
r = 0<br>
tmp = 0x7fffdd597438 "\211~Y\335\377\177"<br>
tmp_len = 0<br>
port = 5<br>
proto = 0<br>
options = 0x5de800
":f:cm:M:dVIhEeb:l:L:n:vKrRDTN:W:w:t:u:g:P:G:SQ:O:a:A:"<br>
ret = -1<br>
seed = 4192398120<br>
rfd = 4<br>
debug_save = 0<br>
debug_flag = 0<br>
dont_fork_cnt = 0<br>
n_lst = 0xbf<br>
p = 0x416bd9 "H\203\304\b\303" <Address 0x416bde
out of bounds><br>
__FUNCTION__ = "main"<br>
<br>
<br>
<span style="color:rgb(255,0,0)">core.kamailio.29576</span><br>
(gdb) bt full<br>
#0 0x00007f9df6afb475 in raise () from
/lib/x86_64-linux-gnu/libc.so.6<br>
No symbol table info available.<br>
#1 0x00007f9df6afe6f0 in abort () from
/lib/x86_64-linux-gnu/libc.so.6<br>
No symbol table info available.<br>
#2 0x0000000000548253 in qm_free (qm=0x7f9ded878000,
p=0x7f9dedb3e110, file=0x7f9df515b62d "tm: h_table.c",
func=0x7f9df515b7d8 "free_cell", line=157) at
mem/q_malloc.c:470<br>
f = 0x7f9dedb3e0e0<br>
size = 140316274568736<br>
next = 0x0<br>
prev = 0x0<br>
__FUNCTION__ = "qm_free"<br>
#3 0x00007f9df50ee2b3 in free_cell
(dead_cell=0x7f9dedb39490) at h_table.c:157<br>
b = 0x7f9df464b480 "dialog: dlg_cb.c"<br>
i = 0<br>
rpl = 0x7f9df464b8e0<br>
tt = 0x7f9df4a8cc75<br>
foo = 0x5000548a29<br>
cbs = 0xd000000001<br>
cbs_tmp = 0x1edb086c8<br>
__FUNCTION__ = "free_cell"<br>
#4 0x00007f9df50ef480 in free_hash_table () at
h_table.c:441<br>
p_cell = 0x7f9dedb39490<br>
tmp_cell = 0x7f9deda23d90<br>
i = 36299<br>
__FUNCTION__ = "free_hash_table"<br>
#5 0x00007f9df5102d35 in tm_shutdown () at t_funcs.c:122<br>
__FUNCTION__ = "tm_shutdown"<br>
#6 0x00000000004f8101 in destroy_modules () at
sr_module.c:817<br>
t = 0x7f9df670fd50<br>
foo = 0x7f9df670f588<br>
__FUNCTION__ = "destroy_modules"<br>
#7 0x00000000004689b2 in cleanup (show_status=1) at
main.c:560<br>
memlog = 32669<br>
__FUNCTION__ = "cleanup"<br>
#8 0x0000000000469aab in shutdown_children (sig=15,
show_status=1) at main.c:702<br>
__FUNCTION__ = "shutdown_children"<br>
#9 0x000000000046b146 in handle_sigs () at main.c:793<br>
chld = 0<br>
chld_status = 134<br>
memlog = 0<br>
__FUNCTION__ = "handle_sigs"<br>
#10 0x000000000046f549 in main_loop () at main.c:1746<br>
i = 8<br>
pid = 29627<br>
si = 0x0<br>
si_desc = "udp receiver child=7 sock=<a
moz-do-not-send="true" href="http://91.213.79.31:5060"
target="_blank">91.213.79.31:5060</a>\000\001", '\000'
<repeats 19 times>,
"\020\000\000\000\000\000\000\000y\304\267b\000\000\000\000\260vA\000\000\000\000\000\000tY\335\377\177",
'\000' <repeats 18 times>,
"@rY\335\377\177\000\000\002\266K\000\000\000\000"<br>
nrprocs = 8<br>
__FUNCTION__ = "main_loop"<br>
#11 0x0000000000471c38 in main (argc=5, argv=0x7fffdd597408)
at main.c:2533<br>
cfg_stream = 0x164c010<br>
c = -1<br>
r = 0<br>
tmp = 0x7fffdd597438 "\211~Y\335\377\177"<br>
tmp_len = 0<br>
port = 5<br>
proto = 0<br>
options = 0x5de800
":f:cm:M:dVIhEeb:l:L:n:vKrRDTN:W:w:t:u:g:P:G:SQ:O:a:A:"<br>
ret = -1<br>
seed = 4192398120<br>
rfd = 4<br>
debug_save = 0<br>
debug_flag = 0<br>
dont_fork_cnt = 0<br>
n_lst = 0xbf<br>
p = 0x416bd9 "H\203\304\b\303" <Address 0x416bde
out of bounds><br>
__FUNCTION__ = "main"<br>
<br>
<br>
</div>
<div>Thanks for your help<br>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:sr-users@lists.sip-router.org">sr-users@lists.sip-router.org</a>
<a class="moz-txt-link-freetext" href="http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users">http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Daniel-Constantin Mierla - <a class="moz-txt-link-freetext" href="http://www.asipto.com">http://www.asipto.com</a>
<a class="moz-txt-link-freetext" href="http://twitter.com/#!/miconda">http://twitter.com/#!/miconda</a> - <a class="moz-txt-link-freetext" href="http://www.linkedin.com/in/miconda">http://www.linkedin.com/in/miconda</a></pre>
</body>
</html>