[SR-Users] Kamailio 1.5.4 crash

gwillingham at comcast.net gwillingham at comcast.net
Mon Aug 30 17:33:02 CEST 2010 



Kamailio 1.5.4 crashes with the following backtrace. 



(gdb) bt 
#0  free_to_params (tb=0x79ffc0) at parser/parse_to.c:79 
#1  free_to (tb=0x79ffc0) at parser/parse_to.c:88 
#2  0x000000000047fe82 in clean_hdr_field (hf=0x2b32776ec6a0) at parser/hf.c:187 
#3  0x00002b327492f525 in clean_msg_clone (type=<value optimized out>, trans=<value optimized out>, req=0x2b32776eb510, rpl=0x79f220, code=<value optimized out>) at sip_msg.h:54 
#4  run_trans_callbacks (type=<value optimized out>, trans=<value optimized out>, req=0x2b32776eb510, rpl=0x79f220, code=<value optimized out>) at t_hooks.c:245 
#5  0x00002b3274949a1d in relay_reply (t=0x2b32776ed130, p_msg=0x79f220, branch=<value optimized out>, msg_status=200, cancel_bitmap=0x7fff5438ecf8) at t_reply.c:1163 
#6  0x00002b327494a123 in reply_received (p_msg=0x79f220) at t_reply.c:1511 
#7  0x000000000041f08b in forward_reply (msg=0x79f220) at forward.c:576 
#8  0x0000000000445453 in receive_msg ( 
    buf=0x719200 "SIP/2.0 200 OK\r\nVia: SIP/2.0/UDP xxx.xxx.xxx.114;branch=z9hG4bKb415.46c549d2.0\r\nVia: SIP/2.0/UDP xx.xxx.xx.xxx:5060;received=xxx.xxx.xx.xxx;branch=z9hG4bK6cd2ebfb;rport=5060\r\nRecord-Route: <sip:xxx.xxx.xxx.x"..., len=1106, rcv_info=0x7fff5438ede0) at receive.c:212 
#9  0x00000000004795ee in udp_rcv_loop () at udp_server.c:449 
#10 0x000000000042774e in main_loop (argc=3, argv=0x7fff5438eff8) at main.c:774 
#11 main (argc=3, argv=0x7fff5438eff8) at main.c:1321 





This is occuring on a centos box, 2.6.18-164.11.1.el5 #1 SMP Wed Jan 20 07:32:21 EST 2010 x86_64 x86_64 x86_64 GNU/Linux 





The really strange thing is the source of the problem appears to be in clean_hdr_field (hf=0x2b32776ec6a0) at parser/hf.c:187 



void clean_hdr_field(struct hdr_field* hf) 
{                       
        if (hf->parsed){ 
                switch(hf->type){ 

... 

                case HDR_RPID_T: 
                        free_to(hf->parsed); 
                        break; 

... 



output from gdb shows hf->parsed to be NULL, however the call to free_to(hf->parsed) is being called, from there bad things happen. 



Thanks in advance. 

Gene 



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20100830/c1ca68a5/attachment.htm>

More information about the sr-users mailing list