[asterisk-bugs] [Asterisk 0010923]: crash in ast_var_name on SIP hangup

noreply at bugs.digium.com noreply at bugs.digium.com
Thu Nov 8 08:42:52 CST 2007 

A NOTE has been added to this issue. 
====================================================================== 
http://bugs.digium.com/view.php?id=10923 
====================================================================== 
Reported By:                atis
Assigned To:                Corydon76
====================================================================== 
Project:                    Asterisk
Issue ID:                   10923
Category:                   Channels/chan_sip/General
Reproducibility:            N/A
Severity:                   crash
Priority:                   normal
Status:                     feedback
Asterisk Version:           1.4.12.1  
SVN Branch (only for SVN checkouts, not tarball releases): N/A  
SVN Revision (number only!):  
Disclaimer on File?:        N/A 
Request Review:              
====================================================================== 
Date Submitted:             10-09-2007 08:37 CDT
Last Modified:              11-08-2007 08:42 CST
====================================================================== 
Summary:                    crash in ast_var_name on SIP hangup
Description: 
I just upgraded to asterisk 1.4.12.1 (from 1.4.10), and within few hours i
got  crash.

It occurred on hangup of SIP channel, and it seems to be related to some
SIP data.
====================================================================== 

---------------------------------------------------------------------- 
 atis - 11-08-07 08:42  
---------------------------------------------------------------------- 
I tested today with patch, and seems that pbx_builtin_setvar_helper ->
ast_var_name crash is gone. However now i got two pbx_builtin_getvar_helper
-> ast_var_name (which i didn't get before). 

Here goes two backtraces:

http://bugs.digium.com/view.php?id=0  0x08090b86 in ast_var_name
(var=0x47331f58) at chanvars.c:69
69    if (name[0] == '_') {
http://bugs.digium.com/view.php?id=0  0x08090b86 in ast_var_name
(var=0x47331f58) at chanvars.c:69
http://bugs.digium.com/view.php?id=1  0x080d92b3 in pbx_builtin_getvar_helper
(chan=0x8544c10,
name=0xb5b0ddda "CHANLOCALSTATUS") at pbx.c:5770
http://bugs.digium.com/view.php?id=2  0xb5b048ca in agent_hangup (ast=0x86aea98)
at chan_agent.c:804
http://bugs.digium.com/view.php?id=3  0x08085d6d in ast_hangup (chan=0x86aea98)
at channel.c:1766
http://bugs.digium.com/view.php?id=4  0xb6ef745e in try_calling (qe=0xb54a6700,
options=0xb54a66b7 "",
announceoverride=0xb54a66b9 "", url=0xb54a66b8 "", tries=0xb54a68ac,
noption=0xb54a68a8, agi=0x0)
    at app_queue.c:2875
http://bugs.digium.com/view.php?id=5  0xb6efa17f in queue_exec (chan=0x85d76c8,
data=0xb54a6b40) at
app_queue.c:3636
http://bugs.digium.com/view.php?id=6  0x080ca8f6 in pbx_exec (c=0x85d76c8,
app=0x81fcc60, data=0xb54a6b40)
at pbx.c:532
http://bugs.digium.com/view.php?id=7  0xb6ea5836 in realtime_exec
(chan=0x85d76c8, context=0x85d7908
"db_ext_queues", exten=0x85d7958 "22901", priority=16, callerid=0x87098d0
"112233",
    data=0x84f6a99 "db_ext_queues") at pbx_realtime.c:216
http://bugs.digium.com/view.php?id=8  0x080ce5a7 in pbx_extension_helper
(c=0x85d76c8, con=0x0,
context=0x85d7908 "db_ext_queues", exten=0x85d7958 "22901", priority=16,
label=0x0, callerid=0x87098d0 "112233",
    action=E_SPAWN) at pbx.c:1849
http://bugs.digium.com/view.php?id=9  0x080cf8c4 in ast_spawn_extension
(c=0x85d76c8, context=0x85d7908
"db_ext_queues", exten=0x85d7958 "22901", priority=16, callerid=0x87098d0
"112233") at pbx.c:2293
http://bugs.digium.com/view.php?id=10 0x080cfde6 in __ast_pbx_run (c=0x85d76c8)
at pbx.c:2393
http://bugs.digium.com/view.php?id=11 0x080d0bbb in pbx_thread (data=0x85d76c8)
at pbx.c:2608
http://bugs.digium.com/view.php?id=12 0x081110bf in dummy_start (data=0x86ebbd8)
at utils.c:843
http://bugs.digium.com/view.php?id=13 0x4a8903db in start_thread () from
/lib/libpthread.so.0
http://bugs.digium.com/view.php?id=14 0x4a7ea06e in clone () from /lib/libc.so.6

http://bugs.digium.com/view.php?id=0  0x08090b86 in ast_var_name
(var=0x47332978) at chanvars.c:69
69    if (name[0] == '_') {
http://bugs.digium.com/view.php?id=0  0x08090b86 in ast_var_name
(var=0x47332978) at chanvars.c:69
http://bugs.digium.com/view.php?id=1  0x080d92b3 in pbx_builtin_getvar_helper
(chan=0x86486d8,
name=0xb5b54dda "CHANLOCALSTATUS") at pbx.c:5770
http://bugs.digium.com/view.php?id=2  0xb5b4b8ca in agent_hangup (ast=0x827e0c8)
at chan_agent.c:804
http://bugs.digium.com/view.php?id=3  0x08085d6d in ast_hangup (chan=0x827e0c8)
at channel.c:1766
http://bugs.digium.com/view.php?id=4  0xb6f3e45e in try_calling (qe=0xb4ac4700,
options=0xb4ac46b7 "",
announceoverride=0xb4ac46b9 "", url=0xb4ac46b8 "", tries=0xb4ac48ac,
noption=0xb4ac48a8, agi=0x0)
    at app_queue.c:2875
http://bugs.digium.com/view.php?id=5  0xb6f4117f in queue_exec (chan=0x88cad80,
data=0xb4ac4b40) at
app_queue.c:3636
http://bugs.digium.com/view.php?id=6  0x080ca8f6 in pbx_exec (c=0x88cad80,
app=0x81fb8d8, data=0xb4ac4b40)
at pbx.c:532
http://bugs.digium.com/view.php?id=7  0xb6eec836 in realtime_exec
(chan=0x88cad80, context=0x88cafc0
"db_ext_queues", exten=0x88cb010 "22901", priority=16, callerid=0x880f880
"112233",
    data=0x84f6b61 "db_ext_queues") at pbx_realtime.c:216
http://bugs.digium.com/view.php?id=8  0x080ce5a7 in pbx_extension_helper
(c=0x88cad80, con=0x0,
context=0x88cafc0 "db_ext_queues", exten=0x88cb010 "22901", priority=16,
label=0x0, callerid=0x880f880 "112233",
    action=E_SPAWN) at pbx.c:1849
http://bugs.digium.com/view.php?id=9  0x080cf8c4 in ast_spawn_extension
(c=0x88cad80, context=0x88cafc0
"db_ext_queues", exten=0x88cb010 "22901", priority=16, callerid=0x880f880
"112233") at pbx.c:2293
http://bugs.digium.com/view.php?id=10 0x080cfde6 in __ast_pbx_run (c=0x88cad80)
at pbx.c:2393
http://bugs.digium.com/view.php?id=11 0x080d0bbb in pbx_thread (data=0x88cad80)
at pbx.c:2608
http://bugs.digium.com/view.php?id=12 0x081110bf in dummy_start (data=0x872b0b0)
at utils.c:843
http://bugs.digium.com/view.php?id=13 0x4a8903db in start_thread () from
/lib/libpthread.so.0
http://bugs.digium.com/view.php?id=14 0x4a7ea06e in clone () from /lib/libc.so.6


Additionally, i started to pay attention to other crashes that i'm getting
- they contain ast_var_delete(). I never got them while i had 1.4.12 on
production, but i get them on testing server even more often than
ast_var_name crashes. 

Generally they are like this:

http://bugs.digium.com/view.php?id=0  0xb7f47410 in __kernel_vsyscall ()
http://bugs.digium.com/view.php?id=0  0xb7f47410 in __kernel_vsyscall ()
http://bugs.digium.com/view.php?id=1  0x4a745d40 in raise () from /lib/libc.so.6
http://bugs.digium.com/view.php?id=2  0x4a747591 in abort () from /lib/libc.so.6
http://bugs.digium.com/view.php?id=3  0x4a77b18b in __libc_message () from
/lib/libc.so.6
http://bugs.digium.com/view.php?id=4  0x4a782dbe in _int_free () from
/lib/libc.so.6
http://bugs.digium.com/view.php?id=5  0x4a786550 in free () from /lib/libc.so.6
http://bugs.digium.com/view.php?id=6  0x08072a04 in __ast_free_region
(ptr=0x8565488, file=0x814b47f
"chanvars.c", lineno=59, func=0x814b4e2 "ast_var_delete") at astmm.c:174
http://bugs.digium.com/view.php?id=7  0x08073365 in __ast_free (ptr=0x8565488,
file=0x814b47f "chanvars.c",
lineno=59, func=0x814b4e2 "ast_var_delete") at astmm.c:208
http://bugs.digium.com/view.php?id=8  0x08090b5c in ast_var_delete
(var=0x8565488) at chanvars.c:59
http://bugs.digium.com/view.php?id=9  0x08083877 in ast_channel_free
(chan=0x86f9c88) at channel.c:1261
http://bugs.digium.com/view.php?id=10 0x08085e3c in ast_hangup (chan=0x86f9c88)
at channel.c:1783
http://bugs.digium.com/view.php?id=11 0x080d0969 in __ast_pbx_run (c=0x86f9c88)
at pbx.c:2548
http://bugs.digium.com/view.php?id=12 0x080d0bbb in pbx_thread (data=0x86f9c88)
at pbx.c:2608
http://bugs.digium.com/view.php?id=13 0x081110bf in dummy_start (data=0x87c9f50)
at utils.c:843
http://bugs.digium.com/view.php?id=14 0x4a8903db in start_thread () from
/lib/libpthread.so.0
http://bugs.digium.com/view.php?id=15 0x4a7ea06e in clone () from /lib/libc.so.6

and like this (less often):
http://bugs.digium.com/view.php?id=0  0x08072867 in __ast_free_region
(ptr=0x87b1af8, file=0x814b47f
"chanvars.c", lineno=59, func=0x814b4e2 "ast_var_delete") at astmm.c:152
152   for (reg = regions[hash]; reg; reg = reg->next) {
http://bugs.digium.com/view.php?id=0  0x08072867 in __ast_free_region
(ptr=0x87b1af8, file=0x814b47f
"chanvars.c", lineno=59, func=0x814b4e2 "ast_var_delete") at astmm.c:152
http://bugs.digium.com/view.php?id=1  0x08073365 in __ast_free (ptr=0x87b1af8,
file=0x814b47f "chanvars.c",
lineno=59, func=0x814b4e2 "ast_var_delete") at astmm.c:208
http://bugs.digium.com/view.php?id=2  0x08090b5c in ast_var_delete
(var=0x87b1af8) at chanvars.c:59
http://bugs.digium.com/view.php?id=3  0x08083877 in ast_channel_free
(chan=0x868e700) at channel.c:1261
http://bugs.digium.com/view.php?id=4  0x08085e3c in ast_hangup (chan=0x868e700)
at channel.c:1783
http://bugs.digium.com/view.php?id=5  0x080d0969 in __ast_pbx_run (c=0x868e700)
at pbx.c:2548
http://bugs.digium.com/view.php?id=6  0x080d0bbb in pbx_thread (data=0x868e700)
at pbx.c:2608
http://bugs.digium.com/view.php?id=7  0x081110bf in dummy_start (data=0x868f4a8)
at utils.c:843
http://bugs.digium.com/view.php?id=8  0x4a8903db in start_thread () from
/lib/libpthread.so.0
http://bugs.digium.com/view.php?id=9  0x4a7ea06e in clone () from /lib/libc.so.6


There's one that includes pbx_builtin_setvar_helper, but no ast_var_name
anymore:

http://bugs.digium.com/view.php?id=0  0xb7ff6410 in __kernel_vsyscall ()
http://bugs.digium.com/view.php?id=0  0xb7ff6410 in __kernel_vsyscall ()
http://bugs.digium.com/view.php?id=1  0x4a745d40 in raise () from /lib/libc.so.6
http://bugs.digium.com/view.php?id=2  0x4a747591 in abort () from /lib/libc.so.6
http://bugs.digium.com/view.php?id=3  0x4a77b18b in __libc_message () from
/lib/libc.so.6
http://bugs.digium.com/view.php?id=4  0x4a782dbe in _int_free () from
/lib/libc.so.6
http://bugs.digium.com/view.php?id=5  0x4a786550 in free () from /lib/libc.so.6
http://bugs.digium.com/view.php?id=6  0x08072a04 in __ast_free_region
(ptr=0x85175d0, file=0x814b47f
"chanvars.c", lineno=59, func=0x814b4e2 "ast_var_delete") at astmm.c:174
http://bugs.digium.com/view.php?id=7  0x08073365 in __ast_free (ptr=0x85175d0,
file=0x814b47f "chanvars.c",
lineno=59, func=0x814b4e2 "ast_var_delete") at astmm.c:208
http://bugs.digium.com/view.php?id=8  0x08090b5c in ast_var_delete
(var=0x85175d0) at chanvars.c:59
http://bugs.digium.com/view.php?id=9  0x080d975b in pbx_builtin_setvar_helper
(chan=0x864c1c8,
name=0xb50796f0 "__target_num_id", value=0xb5079700 "84") at pbx.c:5853
http://bugs.digium.com/view.php?id=10 0x080d9a81 in pbx_builtin_setvar
(chan=0x864c1c8, data=0xb507d9b0) at
pbx.c:5903
http://bugs.digium.com/view.php?id=11 0x080ca8f6 in pbx_exec (c=0x864c1c8,
app=0x81ae5c8, data=0xb507d9b0)
at pbx.c:532
http://bugs.digium.com/view.php?id=12 0x080ce4b0 in pbx_extension_helper
(c=0x864c1c8, con=0x0,
context=0x864c408 "macro-init_vars", exten=0x864c458 "s", priority=54,
label=0x0, callerid=0x855b638 "112233",
    action=E_SPAWN) at pbx.c:1838
http://bugs.digium.com/view.php?id=13 0x080cf8c4 in ast_spawn_extension
(c=0x864c1c8, context=0x864c408
"macro-init_vars", exten=0x864c458 "s", priority=54, callerid=0x855b638
"112233") at pbx.c:2293
http://bugs.digium.com/view.php?id=14 0xb5bba2d1 in _macro_exec (chan=0x864c1c8,
data=0xb5084f40,
exclusive=0) at app_macro.c:308
http://bugs.digium.com/view.php?id=15 0xb5bbb103 in macro_exec (chan=0x864c1c8,
data=0xb5084f40) at
app_macro.c:486
http://bugs.digium.com/view.php?id=16 0x080ca8f6 in pbx_exec (c=0x864c1c8,
app=0x82421a0, data=0xb5084f40)
at pbx.c:532
http://bugs.digium.com/view.php?id=17 0x080ce4b0 in pbx_extension_helper
(c=0x864c1c8, con=0x0,
context=0x864c408 "macro-init_vars", exten=0x864c458 "s", priority=7,
label=0x0, callerid=0x855b638 "112233",
    action=E_SPAWN) at pbx.c:1838
http://bugs.digium.com/view.php?id=18 0x080cf8c4 in ast_spawn_extension
(c=0x864c1c8, context=0x864c408
"macro-init_vars", exten=0x864c458 "s", priority=7, callerid=0x855b638
"112233") at pbx.c:2293
http://bugs.digium.com/view.php?id=19 0x080cfde6 in __ast_pbx_run (c=0x864c1c8)
at pbx.c:2393
http://bugs.digium.com/view.php?id=20 0x080d0bbb in pbx_thread (data=0x864c1c8)
at pbx.c:2608
http://bugs.digium.com/view.php?id=21 0x081110bf in dummy_start (data=0x8547df8)
at utils.c:843
http://bugs.digium.com/view.php?id=22 0x4a8903db in start_thread () from
/lib/libpthread.so.0
http://bugs.digium.com/view.php?id=23 0x4a7ea06e in clone () from /lib/libc.so.6

And here's one that i never got before:

http://bugs.digium.com/view.php?id=0  0x08072a8f in get_unaligned_uint32
(p=0x4f87a06e) at
/usr/dist/asterisk-1.4-svn-2007-11-07/include/asterisk/unaligned.h:36
36    return pp->d;
http://bugs.digium.com/view.php?id=0  0x08072a8f in get_unaligned_uint32
(p=0x4f87a06e) at
/usr/dist/asterisk-1.4-svn-2007-11-07/include/asterisk/unaligned.h:36
http://bugs.digium.com/view.php?id=1  0x0807295e in __ast_free_region
(ptr=0x8547110, file=0x8147eb3
"channel.c", lineno=1180, func=0x81494d4 "free_cid") at astmm.c:170
http://bugs.digium.com/view.php?id=2  0x08073365 in __ast_free (ptr=0x8547110,
file=0x8147eb3 "channel.c",
lineno=1180, func=0x81494d4 "free_cid") at astmm.c:208
http://bugs.digium.com/view.php?id=3  0x08083307 in free_cid (cid=0x855db8c) at
channel.c:1180
http://bugs.digium.com/view.php?id=4  0x080836bd in ast_channel_free
(chan=0x855da00) at channel.c:1239
http://bugs.digium.com/view.php?id=5  0x08085e3c in ast_hangup (chan=0x855da00)
at channel.c:1783
http://bugs.digium.com/view.php?id=6  0xb6f1845e in try_calling (qe=0xb557e700,
options=0xb557e6b7 "",
announceoverride=0xb557e6b9 "", url=0xb557e6b8 "", tries=0xb557e8ac,
noption=0xb557e8a8, agi=0x0)
    at app_queue.c:2875
http://bugs.digium.com/view.php?id=7  0xb6f1b17f in queue_exec (chan=0x8534c18,
data=0xb557eb40) at
app_queue.c:3636
http://bugs.digium.com/view.php?id=8  0x080ca8f6 in pbx_exec (c=0x8534c18,
app=0x81fd108, data=0xb557eb40)
at pbx.c:532
http://bugs.digium.com/view.php?id=9  0xb6ec6836 in realtime_exec
(chan=0x8534c18, context=0x8534e58
"db_ext_queues", exten=0x8534ea8 "22901", priority=16, callerid=0x8715e90
"112233",
    data=0x84f7499 "db_ext_queues") at pbx_realtime.c:216
http://bugs.digium.com/view.php?id=10 0x080ce5a7 in pbx_extension_helper
(c=0x8534c18, con=0x0,
context=0x8534e58 "db_ext_queues", exten=0x8534ea8 "22901", priority=16,
label=0x0, callerid=0x8715e90 "112233",
    action=E_SPAWN) at pbx.c:1849
http://bugs.digium.com/view.php?id=11 0x080cf8c4 in ast_spawn_extension
(c=0x8534c18, context=0x8534e58
"db_ext_queues", exten=0x8534ea8 "22901", priority=16, callerid=0x8715e90
"112233") at pbx.c:2293
http://bugs.digium.com/view.php?id=12 0x080cfde6 in __ast_pbx_run (c=0x8534c18)
at pbx.c:2393
http://bugs.digium.com/view.php?id=13 0x080d0bbb in pbx_thread (data=0x8534c18)
at pbx.c:2608
http://bugs.digium.com/view.php?id=14 0x081110bf in dummy_start (data=0x855c9d0)
at utils.c:843
http://bugs.digium.com/view.php?id=15 0x4a8903db in start_thread () from
/lib/libpthread.so.0
http://bugs.digium.com/view.php?id=16 0x4a7ea06e in clone () from /lib/libc.so.6


Issue History 
Date Modified   Username       Field                    Change               
====================================================================== 
11-08-07 08:42  atis           Note Added: 0073379                          
======================================================================

More information about the asterisk-bugs mailing list