[SR-Users] Crash Kamailio 4.1 (qm_debug_frag(): BUG: qm_*: prev. fragm. tail overwritten)

Andrés Souto andres.souto at quobis.com
Thu May 29 12:18:21 CEST 2014 

Hello,

Kamailio crashes with this message:
May 29 12:03:45 kamfree-manager kamailio[8705]: : <core>
[mem/q_malloc.c:159]: qm_debug_frag(): BUG: qm_*: prev. fragm. tail
overwritten(c0c0c000, abcdefed)[0x7ff5a5031a98:0x7ff5a5031ac8]!
May 29 12:03:45 kamfree-manager kamailio[8697]: ALERT: <core> [main.c:775]:
handle_sigs(): child process 8705 exited by a signal 6
May 29 12:03:45 kamfree-manager kamailio[8697]: ALERT: <core> [main.c:778]:
handle_sigs(): core was generated

The problem is produced in this line of the script:
$rU = $dbr(ra=>[0,0]);

I'm using last commit in 4.1 branch
(ad5235229f59ba5d1f4216e144291e110fee0211) on Debian wheezy.

The backtrace:
#0  0x00007ff5a538b475 in raise () from /lib/x86_64-linux-gnu/libc.so.6
#1  0x00007ff5a538e6f0 in abort () from /lib/x86_64-linux-gnu/libc.so.6
#2  0x0000000000546a00 in qm_debug_frag (qm=0x7ff5a4f58010,
f=0x7ff5a5031a98) at mem/q_malloc.c:161
#3  0x000000000054796d in qm_malloc (qm=0x7ff5a4f58010, size=1024,
file=0x5c9ec1 "<core>: action.c", func=0x5cb1d8 "do_action", line=832) at
mem/q_malloc.c:386
#4  0x000000000041affa in do_action (h=0x7fff810cd2b0, a=0x7fff810cd390,
msg=0x7ff5a502ed28) at action.c:832
#5  0x00007ff5a2295d88 in pv_set_ruri_user (msg=0x7ff5a502ed28,
param=0x7ff5a4fb3750, op=254, val=0x7fff810cd4e0) at pv_core.c:2073
#6  0x0000000000467bbf in lval_pvar_assign (h=0x7fff810d0200,
msg=0x7ff5a502ed28, lv=0x7ff5a501ea00, rv=0x7ff5a501f110) at lvalue.c:362
#7  0x00000000004680a5 in lval_assign (h=0x7fff810d0200,
msg=0x7ff5a502ed28, lv=0x7ff5a501ea00, rve=0x7ff5a501f108) at lvalue.c:410
#8  0x0000000000423fec in do_action (h=0x7fff810d0200, a=0x7ff5a501eb68,
msg=0x7ff5a502ed28) at action.c:1478
#9  0x0000000000424d70 in run_actions (h=0x7fff810d0200, a=0x7ff5a5013ee0,
msg=0x7ff5a502ed28) at action.c:1599
#10 0x000000000041c18d in do_action (h=0x7fff810d0200, a=0x7ff5a5020a10,
msg=0x7ff5a502ed28) at action.c:1090
#11 0x0000000000424d70 in run_actions (h=0x7fff810d0200, a=0x7ff5a5020a10,
msg=0x7ff5a502ed28) at action.c:1599
#12 0x000000000041c18d in do_action (h=0x7fff810d0200, a=0x7ff5a5020e50,
msg=0x7ff5a502ed28) at action.c:1090
#13 0x0000000000424d70 in run_actions (h=0x7fff810d0200, a=0x7ff5a50119b0,
msg=0x7ff5a502ed28) at action.c:1599
#14 0x000000000041a2b7 in do_action (h=0x7fff810d0200, a=0x7ff5a4fd3fc0,
msg=0x7ff5a502ed28) at action.c:715
#15 0x0000000000424d70 in run_actions (h=0x7fff810d0200, a=0x7ff5a4fd2800,
msg=0x7ff5a502ed28) at action.c:1599
#16 0x0000000000422c70 in do_action (h=0x7fff810d0200, a=0x7ff5a4fd7af0,
msg=0x7ff5a502ed28) at action.c:1235
#17 0x0000000000424d70 in run_actions (h=0x7fff810d0200, a=0x7ff5a4fd1ed8,
msg=0x7ff5a502ed28) at action.c:1599
#18 0x000000000041c18d in do_action (h=0x7fff810d0200, a=0x7ff5a4fd7d10,
msg=0x7ff5a502ed28) at action.c:1090
#19 0x0000000000424d70 in run_actions (h=0x7fff810d0200, a=0x7ff5a4fcf1d8,
msg=0x7ff5a502ed28) at action.c:1599
#20 0x000000000041a2b7 in do_action (h=0x7fff810d0200, a=0x7ff5a4fb7d88,
msg=0x7ff5a502ed28) at action.c:715
#21 0x0000000000424d70 in run_actions (h=0x7fff810d0200, a=0x7ff5a4fb6b68,
msg=0x7ff5a502ed28) at action.c:1599
#22 0x000000000041c18d in do_action (h=0x7fff810d0200, a=0x7ff5a4fb9838,
msg=0x7ff5a502ed28) at action.c:1090
#23 0x0000000000424d70 in run_actions (h=0x7fff810d0200, a=0x7ff5a4faf5a0,
msg=0x7ff5a502ed28) at action.c:1599
#24 0x0000000000425524 in run_top_route (a=0x7ff5a4faf5a0,
msg=0x7ff5a502ed28, c=0x0) at action.c:1685
#25 0x00000000004a6fdb in receive_msg (
    buf=0x921920 "INVITE sip:2000 at vpbx2.ur SIP/2.0\r\nVia: SIP/2.0/UDP
192.168.0.101;rport;branch=z9hG4bK14cFrXZ0N53jS\r\nMax-Forwards:
67\r\nFrom: \"1000\" <sip:1000 at vpbx1.ur>;tag=FjmFN79ZrXH0e\r\nTo:
<sip:2000 at vpbx2.ur>\r\nCall-"..., len=1061, rcv_info=0x7fff810d04b0) at
receive.c:212
#26 0x000000000053c544 in udp_rcv_loop () at udp_server.c:536
---Type <return> to continue, or q <return> to quit---
#27 0x000000000046ee54 in main_loop () at main.c:1617
#28 0x0000000000471df4 in main (argc=3, argv=0x7fff810d07e8) at main.c:2533

Complete log: http://pastebin.com/YZirUkfe

Thanks.

Regards,

-- 
*Andrés Souto*
VoIP Engineer @ Quobis <http://www.quobis.com/> | e: andres.souto at quobis.com |
t: +34902999465
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20140529/10669bd4/attachment.html>

More information about the sr-users mailing list