[asterisk-bugs] [Asterisk 0015109]: Abort by memory allocator, possibly in moh_files_generator

Asterisk Bug Tracker noreply at bugs.digium.com
Fri Aug 14 13:06:22 CDT 2009 

A NOTE has been added to this issue. 
====================================================================== 
https://issues.asterisk.org/view.php?id=15109 
====================================================================== 
Reported By:                jvandal
Assigned To:                
====================================================================== 
Project:                    Asterisk
Issue ID:                   15109
Category:                   Resources/res_musiconhold
Reproducibility:            random
Severity:                   block
Priority:                   normal
Status:                     feedback
Target Version:             1.4.27
Asterisk Version:           1.4.24 
Regression:                 No 
SVN Branch (only for SVN checkouts, not tarball releases): N/A 
SVN Revision (number only!):  
Request Review:              
====================================================================== 
Date Submitted:             2009-05-14 10:49 CDT
Last Modified:              2009-08-14 13:06 CDT
====================================================================== 
Summary:                    Abort by memory allocator, possibly in
moh_files_generator
Description: 
I have a server running with Asterisk 1.4.24.1 where it randomly segfault
for "unknown" reason.

I'm not sure if this is related to moh_files_generator function or with
filestream_descructor.

Let me know what needed in order to fix this crash, if GDB traces aren't
enough. 

Asterisk is compiled with DONT_OPTIMIZE and others flag needed for "gdb".

======================================================================
Relationships       ID      Summary
----------------------------------------------------------------------
related to          0014958 Segfault Asterisk 1.4.24.1
related to          0015123 out of bounds crash and core dump
related to          0015506 Asterisk 1.4.26rc5 (revision 202945 ) d...
parent of           0015396 app_queue segfault in revision 202945
has duplicate       0015195 double free or corruption (!prev) in mo...
====================================================================== 

---------------------------------------------------------------------- 
 (0109059) marhbere (reporter) - 2009-08-14 13:06
 https://issues.asterisk.org/view.php?id=15109#c109059 
---------------------------------------------------------------------- 
I'll try to add me experience.

We run 1.6.0 SVN now r209896, and we are having this same issue: 
Always ocurr when the member on the queue does a tranfer and then crash:

https://issues.asterisk.org/view.php?id=0  0x00633416 in __kernel_vsyscall ()
https://issues.asterisk.org/view.php?id=1  0x00348460 in raise (sig=6) at
../nptl/sysdeps/unix/sysv/linux/raise.c:64
https://issues.asterisk.org/view.php?id=2  0x00349e28 in abort () at abort.c:88
https://issues.asterisk.org/view.php?id=3  0x00385fed in __libc_message
(do_abort=2, fmt=0x460e68 "*** glibc
detected *** %s: %s: 0x%s ***\n")
    at ../sysdeps/unix/sysv/linux/libc_fatal.c:170
https://issues.asterisk.org/view.php?id=4  0x0038c3a4 in malloc_printerr
(action=2, str=0x460f40 "double free or
corruption (out)", ptr=0xb72fb600) at malloc.c:5994
https://issues.asterisk.org/view.php?id=5  0x0038e356 in __libc_free
(mem=0xb72fb600) at malloc.c:3625
https://issues.asterisk.org/view.php?id=6  0x0037bda4 in _IO_new_fclose
(fp=0xb72fb600) at iofclose.c:88
https://issues.asterisk.org/view.php?id=7  0x080d5aa5 in filestream_destructor
(arg=0xb74e93d8) at file.c:329
https://issues.asterisk.org/view.php?id=8  0x08080640 in ao2_ref
(user_data=0xb74e93d8, delta=-1) at
astobj2.c:227
https://issues.asterisk.org/view.php?id=9  0x080d873b in
ast_filestream_frame_freed (fr=0xb74e9408) at
file.c:1309
https://issues.asterisk.org/view.php?id=10 0x080d9bd0 in __frame_free
(fr=0xb74e9408, cache=1) at frame.c:338
https://issues.asterisk.org/view.php?id=11 0x080d9d2e in ast_frame_free
(frame=0xb74e9408, cache=1) at
frame.c:380
https://issues.asterisk.org/view.php?id=12 0x01acf6e5 in moh_files_generator
(chan=0xb4425cd8, data=0xb74e6130,
len=0, samples=160) at res_musiconhold.c:302
https://issues.asterisk.org/view.php?id=13 0x08096f95 in generator_force
(data=0xb4425cd8) at channel.c:1930
https://issues.asterisk.org/view.php?id=14 0x080987bf in __ast_read
(chan=0xb4425cd8, dropaudio=0) at
channel.c:2647
https://issues.asterisk.org/view.php?id=15 0x0809a1e5 in ast_read
(chan=0xb4425cd8) at channel.c:3021
https://issues.asterisk.org/view.php?id=16 0x080a03af in ast_generic_bridge
(c0=0xb4425cd8, c1=0xb465d818,
config=0xb5943540, fo=0xb5941a5c, rc=0xb5941a58, bridge_end=
      {tv_sec = 0, tv_usec = 0}) at channel.c:4749
https://issues.asterisk.org/view.php?id=17 0x080a1de3 in ast_channel_bridge
(c0=0xb4425cd8, c1=0xb465d818,
config=0xb5943540, fo=0xb5941a5c, rc=0xb5941a58)
    at channel.c:5120
https://issues.asterisk.org/view.php?id=18 0x080cd3ac in ast_bridge_call
(chan=0xb4425cd8, peer=0xb465d818,
config=0xb5943540) at features.c:2330
https://issues.asterisk.org/view.php?id=19 0x00ada40b in try_calling
(qe=0xb5943a70, options=0xb59439be "",
announceoverride=0xb59439c0 "", url=0xb59439bf "", 
    tries=0xb5943c34, noption=0xb5943c30, agi=0x0, macro=0x0, gosub=0x0,
ringing=0) at app_queue.c:3956
https://issues.asterisk.org/view.php?id=20 0x00ade233 in queue_exec
(chan=0xb4425cd8, data=0xb5945e38) at
app_queue.c:4879
https://issues.asterisk.org/view.php?id=21 0x080ff85c in pbx_exec (c=0xb4425cd8,
app=0xb7df9058, data=0xb5945e38)
at pbx.c:951
https://issues.asterisk.org/view.php?id=22 0x08106afe in pbx_extension_helper
(c=0xb4425cd8, con=0x0,
context=0xb4425f2c "FunctionRouteQueue", exten=0xb4425f7c "s", 
    priority=6, label=0x0, callerid=0xb7407b08 "13475735805",
action=E_SPAWN, found=0xb594827c, combined_find_spawn=1)
    at pbx.c:3120
https://issues.asterisk.org/view.php?id=23 0x081085d4 in ast_spawn_extension
(c=0xb4425cd8, context=0xb4425f2c
"FunctionRouteQueue", exten=0xb4425f7c "s", priority=6, 
    callerid=0xb7407b08 "13475735805", found=0xb594827c,
combined_find_spawn=1) at pbx.c:3584
https://issues.asterisk.org/view.php?id=24 0x08108c86 in __ast_pbx_run
(c=0xb4425cd8, args=0x0) at pbx.c:3671
https://issues.asterisk.org/view.php?id=25 0x08109e9d in pbx_thread
(data=0xb4425cd8) at pbx.c:3944
https://issues.asterisk.org/view.php?id=26 0x0815ac0c in dummy_start
(data=0xb46a0cb0) at utils.c:861
https://issues.asterisk.org/view.php?id=27 0x004cb51f in start_thread
(arg=0xb5948b90) at pthread_create.c:297
https://issues.asterisk.org/view.php?id=28 0x0040104e in clone () at
../sysdeps/unix/sysv/linux/i386/clone.S:130

Before I really understand that happend, I had made a report:
https://issues.asterisk.org/view.php?id=15460

Aragon, for resolve "No symbol table info available." you can try apply:
debuginfo-install coreutils. We have FC9

Sorry for my intrusion and for my bad language. 

Issue History 
Date Modified    Username       Field                    Change               
====================================================================== 
2009-08-14 13:06 marhbere       Note Added: 0109059                          
======================================================================

More information about the asterisk-bugs mailing list