[asterisk-bugs] [Asterisk 0012271]: segfault when using DETECT_DEADLOCKS flag
noreply at bugs.digium.com
noreply at bugs.digium.com
Fri Mar 21 10:16:18 CDT 2008
A NOTE has been added to this issue.
======================================================================
http://bugs.digium.com/view.php?id=12271
======================================================================
Reported By: junky
Assigned To:
======================================================================
Project: Asterisk
Issue ID: 12271
Category: Core-General
Reproducibility: sometimes
Severity: crash
Priority: normal
Status: feedback
Asterisk Version: SVN
SVN Branch (only for SVN checkouts, not tarball releases): 1.4
SVN Revision (number only!): 105409
Disclaimer on File?: N/A
Request Review:
======================================================================
Date Submitted: 03-21-2008 09:09 CDT
Last Modified: 03-21-2008 10:16 CDT
======================================================================
Summary: segfault when using DETECT_DEADLOCKS flag
Description:
I've got that random crash:
(gdb) bt
http://bugs.digium.com/view.php?id=0 0x00000000004dcac5 in
ast_mark_lock_acquired (lock_addr=0x2a98c68470)
at utils.c:644
http://bugs.digium.com/view.php?id=1 0x0000002a98b5a860 in
__ast_pthread_mutex_lock (filename=0x2a98b63d8b
"chan_agent.c", lineno=2579, func=0x2a98b666e0 "agent_devicestate",
mutex_name=0x2a98b652a3 "&(&agents)->lock", t=0x2a98c68470)
at /usr/src/ah_ast_1.4/include/asterisk/lock.h:374
http://bugs.digium.com/view.php?id=2 0x0000002a98b633f9 in agent_devicestate
(data=0x40076fe6) at
chan_agent.c:2579
http://bugs.digium.com/view.php?id=3 0x000000000045efd7 in ast_device_state
(device=0x2389958 "Agent/1029")
at devicestate.c:170
http://bugs.digium.com/view.php?id=4 0x000000000045fa7d in do_state_change
(device=0x2389958 "Agent/1029")
at devicestate.c:285
http://bugs.digium.com/view.php?id=5 0x000000000045ff2e in do_devstate_changes
(data=0x0) at
devicestate.c:369
http://bugs.digium.com/view.php?id=6 0x00000000004dd397 in dummy_start
(data=0x69c840) at utils.c:865
http://bugs.digium.com/view.php?id=7 0x0000003085e06137 in start_thread () from
/lib64/tls/libpthread.so.0
http://bugs.digium.com/view.php?id=8 0x00000030857c7543 in clone () from
/lib64/tls/libc.so.6
(gdb) bt full
http://bugs.digium.com/view.php?id=0 0x00000000004dcac5 in
ast_mark_lock_acquired (lock_addr=0x2a98c68470)
at utils.c:644
lock_info = (struct thr_lock_info *) 0x6cada0
http://bugs.digium.com/view.php?id=1 0x0000002a98b5a860 in
__ast_pthread_mutex_lock (filename=0x2a98b63d8b
"chan_agent.c", lineno=2579, func=0x2a98b666e0 "agent_devicestate",
mutex_name=0x2a98b652a3 "&(&agents)->lock", t=0x2a98c68470)
at /usr/src/ah_ast_1.4/include/asterisk/lock.h:374
res = 0
canlog = 1
__PRETTY_FUNCTION__ = "__ast_pthread_mutex_lock"
http://bugs.digium.com/view.php?id=2 0x0000002a98b633f9 in agent_devicestate
(data=0x40076fe6) at
chan_agent.c:2579
p = (struct agent_pvt *) 0x8f14b0
s = 0x40076fe6 "1029"
groupmatch = 0
groupoff = 0
waitforagent = 0
res = 4
__PRETTY_FUNCTION__ = "agent_devicestate"
http://bugs.digium.com/view.php?id=3 0x000000000045efd7 in ast_device_state
(device=0x2389958 "Agent/1029")
at devicestate.c:170
buf = 0x40076fe6 "1029"
number = 0x40076fe6 "1029"
chan_tech = (const struct ast_channel_tech *) 0x2a98c67720
res = 0
tech = 0x40076fe0 "Agent"
provider = 0x0
__PRETTY_FUNCTION__ = "ast_device_state"
http://bugs.digium.com/view.php?id=4 0x000000000045fa7d in do_state_change
(device=0x2389958 "Agent/1029")
at devicestate.c:285
state = 0
devcb = (struct devstate_cb *) 0x51b633
__PRETTY_FUNCTION__ = "do_state_change"
http://bugs.digium.com/view.php?id=5 0x000000000045ff2e in do_devstate_changes
(data=0x0) at
devicestate.c:369
cur = (struct state_change *) 0x2389950
__PRETTY_FUNCTION__ = "do_devstate_changes"
http://bugs.digium.com/view.php?id=6 0x00000000004dd397 in dummy_start
(data=0x69c840) at utils.c:865
_buffer = {__routine = 0x428a68 <ast_unregister_thread>, __arg =
0x40077960, __canceltype = 0, __prev = 0x0}
ret = (void *) 0x0
a = {start_routine = 0x45fe79 <do_devstate_changes>, data = 0x0,
name = 0x69c880 "do_devstate_changes started at [ 386] devicestate.c
ast_device_state_engine_init()"}
lock_info = (struct thr_lock_info *) 0x6cada0
mutex_attr = {__mutexkind = 1}
http://bugs.digium.com/view.php?id=7 0x0000003085e06137 in start_thread () from
/lib64/tls/libpthread.so.0
No symbol table info available.
http://bugs.digium.com/view.php?id=8 0x00000030857c7543 in clone () from
/lib64/tls/libc.so.6
No symbol table info available.
======================================================================
----------------------------------------------------------------------
putnopvut - 03-21-08 10:16
----------------------------------------------------------------------
So if lock_info->num_lcoks is 0, then it makes sense that there would be a
crash since out-of-bounds memory is referenced. The thing is, it should be
impossible to call ast_mark_lock_acquired with lock_info->num_locks < 1.
Issue History
Date Modified Username Field Change
======================================================================
03-21-08 10:16 putnopvut Note Added: 0084399
======================================================================
More information about the asterisk-bugs
mailing list