Hello,

On 12/17/10 12:58 AM, Jijo wrote:
Hi Daniel..

This was due to an error in our config file.

We were doing t_release and then t_relay. So we removed the t_release from config, which basically fixed the issue.
thanks for further troubleshooting and reporting, I will check it and try to prevent the crash -- even it is a misusage should be nicer dealt with printing an error message.

Cheers,
Daniel


On Thu, Dec 16, 2010 at 2:16 PM, Jijo <realjijo@gmail.com> wrote:
Hi Daniel,

Thanks..Please find the logs

2010-12-17T10:29:04+00:00 [crit] sipserver: : <core> [mem/q_malloc.c:446]: BUG: qm_free: freeing already freed pointer, first free: tm: h_table.c: free_cell(141) - aborting
2010-12-17T10:29:04+00:00 [crit] sipserver: : <core> [pass_fd.c:293]: ERROR: receive_fd: EOF on 11
2010-12-17T10:29:04+00:00 [alert] sipserver: ALERT: <core> [main.c:741]: child process 14398 exited by a signal 6
2010-12-17T10:29:04+00:00 [alert] sipserver: ALERT: <core> [main.c:744]: core was generated
2010-12-17T10:29:04+00:00 [crit] sipserver: : <core> [mem/q_malloc.c:446]: BUG: qm_free: freeing already freed pointer, first free: tm: h_table.c: free_cell(141) - aborting


Jijo


On Thu, Dec 16, 2010 at 1:27 AM, Daniel-Constantin Mierla <miconda@gmail.com> wrote:
Hello,

look into syslog file (/var/log/syslog or /var/log/messages if you didn't set a custom one) and search for a message like "BUG: qm_free: freeing already freed pointer ...".. Send it here, seems to be a double free of same pointer.

Thanks,
Daniel


On 12/16/10 12:34 AM, Jijo wrote:
I'm observing a crash on qm_free, when we made two outgoing calls to the same number. One SIP phone receives ring back tone and the other busy tone. The back trace is shown below which shows that it is crashed in abort(). How can the condition   if (f->u.is_free){ could be true?
Please let me know if anybody observed this issue and let me know how to debug this isssue.

    f=(struct qm_frag*) ((char*)p-sizeof(struct qm_frag));
#ifdef DBG_QM_MALLOC
    qm_debug_frag(qm, f);
    if (f->u.is_free){
        LOG(L_CRIT, "BUG: qm_free: freeing already freed pointer,"
                " first free: %s: %s(%ld) - aborting\n",
                f->file, f->func, f->line);
        abort();

    }
    MDBG("qm_free: freeing frag. %p alloc'ed from %s: %s(%ld)\n",
            f, f->file, f->func, f->line);
#endif


BACKTRACE
-------------------


Program received signal SIGABRT, Aborted.
0xb76fd7a5 in raise () from /lib/libc.so.6
(gdb) bt full
#0  0xb76fd7a5 in raise () from /lib/libc.so.6
No symbol table info available.
#1  0xb76ff070 in abort () from /lib/libc.so.6
No symbol table info available.
#2  0x081824d5 in qm_free (qm=0xaf7ee000, p=0xaf9ed758, file=0xb7659aed "tm: h_table.c", func=0xb7659c9c "free_cell", line=141) at mem/q_malloc.c:447
        f = <value optimized out>
        prev = <value optimized out>
        next = <value optimized out>
        size = <value optimized out>
#3  0xb75ff6b9 in free_cell (dead_cell=0xaf9e7054) at h_table.c:141
        b = <value optimized out>
        i = <value optimized out>
        rpl = <value optimized out>
        tt = <value optimized out>
        foo = <value optimized out>
        cbs = <value optimized out>
        cbs_tmp = <value optimized out>
        __FUNCTION__ = "free_cell"
#4  0xb7625eb0 in t_unref (p_msg=0x847bb10) at t_lookup.c:1553
        kr = <value optimized out>
#5  0xb764b3ad in w_t_unref (foo=0x847bb10, flags=2147483649, bar=0x0) at tm.c:707
No locals.
#6  0x0811543a in exec_post_script_cb (msg=0x847bb10, type=REQUEST_CB_TYPE) at script_cb.c:195
        cb = 0x8867874
        flags = 2147483649
#7  0x080e5a4e in receive_msg (
    buf=0x82a89e0 "ACK sip:0845@10.80.13.54:5060;transport=udp SIP/2.0\r\nVia: SIP/2.0/UDP 10.200.3.39:5060;branch=z9hG4bK0a992e8d3052e85e5\r\nRoute: <sip:0845@10.200.0.31:5060;lr;transport=udp>\r\nMax-Forwards: 69\r\nFrom: 554"..., len=<value optimized out>, rcv_info=0xbf95b7fc) at receive.c:221
        msg = 0x847bb10
        ctx = {rec_lev = 137434160, run_flags = 0, last_retcode = -1080707352, jmp_env = {{__jmpbuf = {-1224488143, 137089696, 137434092, 0, -1080707248,
                -1080707304}, __mask_was_saved = 0, __saved_mask = {__val = {3079133424, 134556827, 3079002384, 0, 3214260024, 3070479287, 137089696,
                  137434160, 3070572886, 3070573396, 228, 137347864, 3214260056, 3077419768, 3079002384, 137089664, 4294967295, 3079131124, 134556827,
                  134535424, 1, 3079058382, 3079133864, 3079003192, 1, 1, 0, 134555968, 0, 136548964, 3077419768, 142823652}}}}}
        ret = <value optimized out>
        inb = {
          s = 0x82a89e0 "ACK sip:0845@10.80.13.54:5060;transport=udp SIP/2.0\r\nVia: SIP/2.0/UDP 10.200.3.39:5060;branch=z9hG4bK0a992e8d3052e85e5\r\nRoute: <sip:0845@10.200.0.31:5060;lr;transport=udp>\r\nMax-Forwards: 69\r\nFrom: 554"..., len = 457}
        __FUNCTION__ = "receive_msg"
#8  0x08175cb6 in udp_rcv_loop () at udp_server.c:532
        len = <value optimized out>
        buf = "ACK sip:0845@10.80.13.54:5060;transport=udp SIP/2.0\r\nVia: SIP/2.0/UDP 10.200.3.39:5060;branch=z9hG4bK0a992e8d3052e85e5\r\nRoute: <sip:0845@10.200.0.31:5060;lr;transport=udp>\r\nMax-Forwards: 69\r\nFrom: 554"...
        from = 0x88350e4
        fromlen = 16
        ri = {src_ip = {af = 2, len = 4, u = {addrl = {654559242, 0, 3214260312, 3079002384}, addr32 = {654559242, 0, 3214260312, 3079002384}, addr16 = {
                51210, 9987, 0, 0, 47192, 49045, 55568, 46981}, addr = "\n\310\003'\000\000\000\000X\270\225\277\020Ù
\267"}}, dst_ip = {af = 2, len = 4,
            u = {addrl = {520144906, 0, 0, 0}, addr32 = {520144906, 0, 0, 0}, addr16 = {51210, 7936, 0, 0, 0, 0, 0, 0},
              addr = "\n\310\000\037", '\000' <repeats 11 times>}}, src_port = 5060, dst_port = 5060, proto_reserved1 = 0, proto_reserved2 = 0, src_su = {
            s = {sa_family = 2, sa_data = "\023\304\n\310\003'\000\000\000\000\000\000\000"}, sin = {sin_family = 2, sin_port = 50195, sin_addr = {
                s_addr = 654559242}, sin_zero = "\000\000\000\000\000\000\000"}, sin6 = {sin6_family = 2, sin6_port = 50195, sin6_flowinfo = 654559242,
              sin6_addr = {__in6_u = {__u6_addr8 = '\000' <repeats 15 times>, __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {0, 0, 0, 0}}},
              sin6_scope_id = 0}}, bind_address = 0x82f4140, proto = 1 '\001'}
        __FUNCTION__ = "udp_rcv_loop"
#9  0x080ac1d4 in main_loop () at main.c:1554
        i = <value optimized out>
---Type <return> to continue, or q <return> to quit---
        pid = <value optimized out>
        si = <value optimized out>
        si_desc = "udp receiver child=0 sock=10.200.0.31:5060\000\b A\206\b\002\000\000\000\004\000\000\000\n\310\000\037L \225\257H\271\225\277@\030\207\267\020i\203\b\006\000\000\000\000\340~\257\001\000\000\000\001\000\000\000\000\000\000\000\000\340~\257\004\000\000\000?)\037\b\001\000\000\000\a\000\000\000\000\000\000\000H\271\225\277\350\353\017\b"
#10 0x080af2ec in main (argc=9, argv=0xbf95ba84) at main.c:2398
        cfg_stream = 0x8cbe008
        c = <value optimized out>
        r = <value optimized out>
        tmp = 0xbf95cdc0 ""
        tmp_len = -1217394389
        port = <value optimized out>
        proto = <value optimized out>
        options = 0x81ef340 ":f:cm:dVhEb:l:L:n:vrRDTN:W:w:t:u:g:P:G:SQ:O:a:A:"
        ret = -1
        seed = 3337198521
        rfd = <value optimized out>
        debug_save = <value optimized out>
        debug_flag = <value optimized out>
        dont_fork_cnt = 0
        p = <value optimized out>

Thanks
Jijo

_______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

-- 
Daniel-Constantin Mierla
Kamailio (OpenSER) Advanced Training
Jan 24-26, 2011, Irvine, CA, USA
http://www.asipto.com


_______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

-- 
Daniel-Constantin Mierla
Kamailio (OpenSER) Advanced Training
Jan 24-26, 2011, Irvine, CA, USA
http://www.asipto.com