[asterisk-bugs] [Asterisk 0012271]: segfault when using DETECT_DEADLOCKS flag

noreply at bugs.digium.com noreply at bugs.digium.com
Fri Mar 21 10:16:18 CDT 2008


A NOTE has been added to this issue. 
====================================================================== 
http://bugs.digium.com/view.php?id=12271 
====================================================================== 
Reported By:                junky
Assigned To:                
====================================================================== 
Project:                    Asterisk
Issue ID:                   12271
Category:                   Core-General
Reproducibility:            sometimes
Severity:                   crash
Priority:                   normal
Status:                     feedback
Asterisk Version:           SVN 
SVN Branch (only for SVN checkouts, not tarball releases):  1.4  
SVN Revision (number only!): 105409 
Disclaimer on File?:        N/A 
Request Review:              
====================================================================== 
Date Submitted:             03-21-2008 09:09 CDT
Last Modified:              03-21-2008 10:16 CDT
====================================================================== 
Summary:                    segfault when using DETECT_DEADLOCKS flag
Description: 
I've got that random crash:

(gdb) bt
http://bugs.digium.com/view.php?id=0  0x00000000004dcac5 in
ast_mark_lock_acquired (lock_addr=0x2a98c68470)
at utils.c:644
http://bugs.digium.com/view.php?id=1  0x0000002a98b5a860 in
__ast_pthread_mutex_lock (filename=0x2a98b63d8b
"chan_agent.c", lineno=2579, func=0x2a98b666e0 "agent_devicestate",
mutex_name=0x2a98b652a3 "&(&agents)->lock", t=0x2a98c68470)
    at /usr/src/ah_ast_1.4/include/asterisk/lock.h:374
http://bugs.digium.com/view.php?id=2  0x0000002a98b633f9 in agent_devicestate
(data=0x40076fe6) at
chan_agent.c:2579
http://bugs.digium.com/view.php?id=3  0x000000000045efd7 in ast_device_state
(device=0x2389958 "Agent/1029")
at devicestate.c:170
http://bugs.digium.com/view.php?id=4  0x000000000045fa7d in do_state_change
(device=0x2389958 "Agent/1029")
at devicestate.c:285
http://bugs.digium.com/view.php?id=5  0x000000000045ff2e in do_devstate_changes
(data=0x0) at
devicestate.c:369
http://bugs.digium.com/view.php?id=6  0x00000000004dd397 in dummy_start
(data=0x69c840) at utils.c:865
http://bugs.digium.com/view.php?id=7  0x0000003085e06137 in start_thread () from
/lib64/tls/libpthread.so.0
http://bugs.digium.com/view.php?id=8  0x00000030857c7543 in clone () from
/lib64/tls/libc.so.6
(gdb) bt full
http://bugs.digium.com/view.php?id=0  0x00000000004dcac5 in
ast_mark_lock_acquired (lock_addr=0x2a98c68470)
at utils.c:644
        lock_info = (struct thr_lock_info *) 0x6cada0
http://bugs.digium.com/view.php?id=1  0x0000002a98b5a860 in
__ast_pthread_mutex_lock (filename=0x2a98b63d8b
"chan_agent.c", lineno=2579, func=0x2a98b666e0 "agent_devicestate",
mutex_name=0x2a98b652a3 "&(&agents)->lock", t=0x2a98c68470)
    at /usr/src/ah_ast_1.4/include/asterisk/lock.h:374
        res = 0
        canlog = 1
        __PRETTY_FUNCTION__ = "__ast_pthread_mutex_lock"
http://bugs.digium.com/view.php?id=2  0x0000002a98b633f9 in agent_devicestate
(data=0x40076fe6) at
chan_agent.c:2579
        p = (struct agent_pvt *) 0x8f14b0
        s = 0x40076fe6 "1029"
        groupmatch = 0
        groupoff = 0
        waitforagent = 0
        res = 4
        __PRETTY_FUNCTION__ = "agent_devicestate"
http://bugs.digium.com/view.php?id=3  0x000000000045efd7 in ast_device_state
(device=0x2389958 "Agent/1029")
at devicestate.c:170
        buf = 0x40076fe6 "1029"
        number = 0x40076fe6 "1029"
        chan_tech = (const struct ast_channel_tech *) 0x2a98c67720
        res = 0
        tech = 0x40076fe0 "Agent"
        provider = 0x0
        __PRETTY_FUNCTION__ = "ast_device_state"
http://bugs.digium.com/view.php?id=4  0x000000000045fa7d in do_state_change
(device=0x2389958 "Agent/1029")
at devicestate.c:285
        state = 0
        devcb = (struct devstate_cb *) 0x51b633
        __PRETTY_FUNCTION__ = "do_state_change"
http://bugs.digium.com/view.php?id=5  0x000000000045ff2e in do_devstate_changes
(data=0x0) at
devicestate.c:369
        cur = (struct state_change *) 0x2389950
        __PRETTY_FUNCTION__ = "do_devstate_changes"
http://bugs.digium.com/view.php?id=6  0x00000000004dd397 in dummy_start
(data=0x69c840) at utils.c:865
        _buffer = {__routine = 0x428a68 <ast_unregister_thread>, __arg =
0x40077960, __canceltype = 0, __prev = 0x0}
        ret = (void *) 0x0
        a = {start_routine = 0x45fe79 <do_devstate_changes>, data = 0x0,
name = 0x69c880 "do_devstate_changes  started at [  386] devicestate.c
ast_device_state_engine_init()"}
        lock_info = (struct thr_lock_info *) 0x6cada0
        mutex_attr = {__mutexkind = 1}
http://bugs.digium.com/view.php?id=7  0x0000003085e06137 in start_thread () from
/lib64/tls/libpthread.so.0
No symbol table info available.
http://bugs.digium.com/view.php?id=8  0x00000030857c7543 in clone () from
/lib64/tls/libc.so.6
No symbol table info available.

====================================================================== 

---------------------------------------------------------------------- 
 putnopvut - 03-21-08 10:16  
---------------------------------------------------------------------- 
So if lock_info->num_lcoks is 0, then it makes sense that there would be a
crash since out-of-bounds memory is referenced. The thing is, it should be
impossible to call ast_mark_lock_acquired with lock_info->num_locks < 1. 

Issue History 
Date Modified   Username       Field                    Change               
====================================================================== 
03-21-08 10:16  putnopvut      Note Added: 0084399                          
======================================================================




More information about the asterisk-bugs mailing list