[asterisk-bugs] [Asterisk 0012063]: Two Asterisk crashes

noreply at bugs.digium.com noreply at bugs.digium.com
Mon Feb 25 16:45:34 CST 2008


A NOTE has been added to this issue. 
====================================================================== 
http://bugs.digium.com/view.php?id=12063 
====================================================================== 
Reported By:                norman
Assigned To:                
====================================================================== 
Project:                    Asterisk
Issue ID:                   12063
Category:                   Channels/chan_sip/General
Reproducibility:            random
Severity:                   crash
Priority:                   normal
Status:                     new
Asterisk Version:           1.4.18 
SVN Branch (only for SVN checkouts, not tarball releases): N/A 
SVN Revision (number only!):  
Disclaimer on File?:        N/A 
Request Review:              
====================================================================== 
Date Submitted:             02-25-2008 10:43 CST
Last Modified:              02-25-2008 16:45 CST
====================================================================== 
Summary:                    Two Asterisk crashes
Description: 
I had two Asterisk crashes or lockups within 2 hours today. However, it ran
all weekend without a problem. I was running under Valgrind, but the first
crash apparently Valgrind can't track down. I had another like this one
last week. Basically, Valgrind runs out of thread slots and one is
corrupt:

Thread 18: status = VgTs_WaitSys
==20183==    at 0x4000792: (within /lib/ld-2.3.6.so)
==20183==    by 0x28ADD17: ???

(I believe this is while trying to lock a mutex.) I have compiled with
MALLOC_DEBUG and those files are zero length. I have the verbose 3 output
for these, but the first is 500 MB. I do have some previous (in the
valgrind log) that I reported with http://bugs.digium.com/view.php?id=11960 that
were not fixed. Those deal
with ast_log accessing free'd memory in chan_sip.

The second log is more interesting. Lots of errors like this:

==7874== Thread 7:
==7874== Invalid read of size 4
==7874==    at 0x59D0671: ??? (chan_sip.c:4564)
==7874==    by 0x5A03A9A: ??? (chan_sip.c:15366)
==7874==    by 0x80AD830: ast_io_wait (io.c:279)
==7874==    by 0x5A0477C: ??? (chan_sip.c:15613)
==7874==    by 0x810003C: dummy_start (utils.c:852)
==7874==    by 0x403123F: start_thread (in
/lib/tls/i686/cmov/libpthread-2.3.6.so)
==7874==    by 0x4FAF49D: clone (in /lib/tls/i686/cmov/libc-2.3.6.so)
==7874==  Address 0x719d4d0 is 136 bytes inside a block of size 5,620
free'd
==7874==    at 0x401D40C: free (vg_replace_malloc.c:323)
==7874==    by 0x8072362: __ast_free_region (astmm.c:174)
==7874==    by 0x80726EE: __ast_free (astmm.c:208)
==7874==    by 0x8081D5F: ast_channel_free (channel.c:1202)
==7874==    by 0x8082A22: ast_hangup (channel.c:1496)
==7874==    by 0x697BD42: ??? (app_dial.c:1726)
==7874==    by 0x697BF6D: ??? (app_dial.c:1760)
==7874==    by 0x80BE5EE: pbx_exec (pbx.c:532)
==7874==    by 0x80C19E7: pbx_extension_helper (pbx.c:1851)
==7874==    by 0x80C2AE1: ast_spawn_extension (pbx.c:2306)
==7874==    by 0x80C2FFD: __ast_pbx_run (pbx.c:2408)
==7874==    by 0x80C3DB2: pbx_thread (pbx.c:2623)

and

==7874== Invalid read of size 4
==7874==    at 0x4033197: pthread_mutex_trylock (in
/lib/tls/i686/cmov/libpthread-2.3.6.so)
==7874==    by 0x59C4937: ??? (lock.h:706)
==7874==    by 0x5A04394: ??? (chan_sip.c:15540)
==7874==    by 0x810003C: dummy_start (utils.c:852)
==7874==    by 0x403123F: start_thread (in
/lib/tls/i686/cmov/libpthread-2.3.6.so)
==7874==    by 0x4FAF49D: clone (in /lib/tls/i686/cmov/libc-2.3.6.so)
==7874==  Address 0x719d4bc is 116 bytes inside a block of size 5,620
free'd
==7874==    at 0x401D40C: free (vg_replace_malloc.c:323)
==7874==    by 0x8072362: __ast_free_region (astmm.c:174)
==7874==    by 0x80726EE: __ast_free (astmm.c:208)
==7874==    by 0x8081D5F: ast_channel_free (channel.c:1202)
==7874==    by 0x8082A22: ast_hangup (channel.c:1496)
==7874==    by 0x697BD42: ??? (app_dial.c:1726)
==7874==    by 0x697BF6D: ??? (app_dial.c:1760)
==7874==    by 0x80BE5EE: pbx_exec (pbx.c:532)
==7874==    by 0x80C19E7: pbx_extension_helper (pbx.c:1851)
==7874==    by 0x80C2AE1: ast_spawn_extension (pbx.c:2306)
==7874==    by 0x80C2FFD: __ast_pbx_run (pbx.c:2408)
==7874==    by 0x80C3DB2: pbx_thread (pbx.c:2623)

I'll upload these files.
====================================================================== 

---------------------------------------------------------------------- 
 norman - 02-25-08 16:45  
---------------------------------------------------------------------- 
That first crash has only happened once in 3 weeks, so reproducing it is
going to be nearly impossible.

How about the second one? Lots of chan_sip using memory after free'd
issues. 

Issue History 
Date Modified   Username       Field                    Change               
====================================================================== 
02-25-08 16:45  norman         Note Added: 0082906                          
======================================================================




More information about the asterisk-bugs mailing list