Hello,

 

I am using Kamailio 4.4, Kamailio is crashing inconsistently, I am not able find the root cause of the issue, Error  which i get for the process which crashed at multiple occations

 

kamailio[9137]: : <core> [mem/q_malloc.c:145]: qm_debug_frag(): BUG: qm_*: prev. fragm. tail overwritten(6363e160b12, abcdefed)[0x7f205db59070:0x7f205db590a8]! Memory allocator was called from tm: h_table.c:152. Fragment marked by tm: t_reply.c:1903.

 

kamailio[21724]: : <core> [mem/q_malloc.c:134]: qm_debug_frag(): BUG: qm_*: fragm. 0x7f1fe804a1e8 (address 0x7f1fe804a220) end overwritten (4ae8cfaec87c0a27, 192f1270797ac90b)! Memory allocator was called from tm: h_table.c:179. Fragment marked by core: msg_translator.c:2153.

 

kamailio[21950]: : <core> [mem/q_malloc.c:134]: qm_debug_frag(): BUG: qm_*: fragm. 0x7fe541a2cd68 (address 0x7fe541a2cda0) end overwritten (c0082c06, abcdefed)! Memory allocator was called from tm: h_table.c:179. Fragment marked by core: msg_translator.c:2153.

 

kamailio[23200]: : <core> [mem/q_malloc.c:134]: qm_debug_frag(): BUG: qm_*: fragm. 0x7f1fae7fa260 (address 0x7f1fae7fa298) end overwritten (3a46e86e1b362938, 7260f1875617e)! Memory allocator was called from tm: h_table.c:179. Fragment marked by core: msg_translator.c:2153.

 

 

There are 2 cores generated whenever it crashes, I have given the backtrace of the core generated,

 

(gdb) bt
#0  0x00007fe16aca4c37 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#1  0x00007fe16aca8028 in __GI_abort () at abort.c:89
#2  0x000000000066b4ac in qm_debug_frag (qm=0x7fe160bc2000, f=0x7fe160ec9108, file=0x7fe1684dc84e "tm: h_table.c", line=179) at mem/q_malloc.c:147
#3  0x000000000066e255 in qm_free (qmp=0x7fe160bc2000, p=0x7fe160ec9140, file=0x7fe1684dc84e "tm: h_table.c",
    func=0x7fe1684dcb00 <__FUNCTION__.10973> "free_cell_helper", line=179, mname=0x7fe1684dc250 "tm") at mem/q_malloc.c:480
#4  0x00007fe16840cab9 in free_cell_helper (dead_cell=0x7fe160f09e50, silent=0, fname=0x7fe1684eeb8c "timer.c", fline=648) at h_table.c:179
#5  0x00007fe1684584a7 in wait_handler (ti=1156027084, wait_tl=0x7fe160f09ed0, data=0x7fe160f09e50) at timer.c:648
#6  0x000000000063a329 in timer_list_expire (t=1156027084, h=0x7fe160c3faf0, slow_l=0x7fe160c42da8, slow_mark=776) at timer.c:874
#7  0x000000000063a79d in timer_handler () at timer.c:939
#8  0x000000000063ac3d in timer_main () at timer.c:978
#9  0x00000000004c2550 in main_loop () at main.c:1683
#10 0x00000000004c9211 in main (argc=13, argv=0x7ffe6bf7da98) at main.c:2627

 

(gdb) bt
#0  0x00007fe16aca4c37 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#1  0x00007fe16aca8028 in __GI_abort () at abort.c:89
#2  0x000000000066b02c in qm_debug_frag (qm=0x7fe160bc2000, f=0x7fe160ec8de0, file=0x7fe1684dc84e "tm: h_table.c", line=179) at mem/q_malloc.c:136
#3  0x000000000066e255 in qm_free (qmp=0x7fe160bc2000, p=0x7fe160ec8e18, file=0x7fe1684dc84e "tm: h_table.c",
    func=0x7fe1684dcb00 <__FUNCTION__.10973> "free_cell_helper", line=179, mname=0x7fe1684dc250 "tm") at mem/q_malloc.c:480
#4  0x00007fe16840cab9 in free_cell_helper (dead_cell=0x7fe160ed6a28, silent=1, fname=0x7fe1684dc9c1 "h_table.c", fline=449) at h_table.c:179
#5  0x00007fe16840e491 in free_hash_table () at h_table.c:449
#6  0x00007fe168436141 in tm_shutdown () at t_funcs.c:90
#7  0x00000000005c0a50 in destroy_modules () at sr_module.c:811
#8  0x00000000004b6449 in cleanup (show_status=1) at main.c:525
#9  0x00000000004b7ad6 in shutdown_children (sig=15, show_status=1) at main.c:667
#10 0x00000000004ba428 in handle_sigs () at main.c:759
#11 0x00000000004c343e in main_loop () at main.c:1744
#12 0x00000000004c9211 in main (argc=13, argv=0x7ffe6bf7da98) at main.c:2627

 

Thanks & Regards

Hemanth