Hi Daniel,
With your patch applied (setting param list head to NULL), it now crashes in a different place:
Program terminated with signal 11, Segmentation fault. #0 0x000000000055e602 in free_to_params (tb=0x7f31fee421a0) at parser/parse_to.c:827 827 foo = tp->next; Missing separate debuginfos, use: debuginfo-install cyrus-sasl-lib-2.1.23-13.el6_3.1.x86_64 glibc-2.12-1.107.el6.x86_64 keyutils-libs-1.4-4.el6.x86_64 krb5-libs-1.10.3-10.el6_4.2.x86_64 libcom_err-1.41.12-14.el6.x86_64 libselinux-2.0.94-5.3.el6_4.1.x86_64 nspr-4.9.2-1.el6.x86_64 nss-3.14.0.0-12.el6.x86_64 nss-softokn-freebl-3.12.9-11.el6.x86_64 nss-util-3.14.0.0-2.el6.x86_64 openldap-2.4.23-32.el6_4.1.x86_64 openssl-1.0.0-27.el6_4.2.x86_64 postgresql92-libs-9.2.4-1PGDG.rhel6.x86_64 zlib-1.2.3-29.el6.x86_64 (gdb) where #0 0x000000000055e602 in free_to_params (tb=0x7f31fee421a0) at parser/parse_to.c:827 #1 0x000000000055e658 in free_to (tb=0x7f31fee421a0) at parser/parse_to.c:838 #2 0x000000000053e2a9 in clean_hdr_field (hf=0x7f31fee23bc0) at parser/hf.c:113 #3 0x000000000053e51d in free_hdr_field_lst (hf=0x7f31fee20a60) at parser/hf.c:223 #4 0x0000000000542d04 in free_sip_msg (msg=0x7f31fee40df0) at parser/msg_parser.c:729 #5 0x000000000049e39d in receive_msg ( buf=0x9065c0 "SIP/2.0 480 Temporarily Unavailable\r\nVia: SIP/2.0/UDP 55.177.31.199;branch=z9hG4bKbe3a.dab6345.0\r\nVia: SIP/2.0/UDP 192.13.219.87:5060;branch=z9hG4bK-1a97-521d9f57-331967d3-3174bfdc\r\nRecord-Route: <sip"..., len=866, rcv_info=0x7fff34138bd0) at receive.c:296 #6 0x000000000052ffa1 in udp_rcv_loop () at udp_server.c:557 #7 0x0000000000467de2 in main_loop () at main.c:1638 #8 0x000000000046ad8b in main (argc=13, argv=0x7fff34138f08) at main.c:2566
-- Alex
On 08/27/2013 08:49 AM, Alex Balashov wrote:
Hi Daniel,
On 08/27/2013 08:47 AM, Daniel-Constantin Mierla wrote:
Hello,
can you try this patch?
http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=14835f89...
One reason for such crash could be double-free, which could eventually happen because the pointer to params was not reset after freeing the list.
I will certainly try it, thank you.
However, it is curious that this crash occurs only in this exact situation, only when calling this PBX, only when it has two registrants to fork among, only when I use this combination of request routes/subroutines.