[asterisk-bugs] [Asterisk 0015109]: Abort by memory allocator, possibly in moh_files_generator
Asterisk Bug Tracker
noreply at bugs.digium.com
Mon Jun 15 08:18:24 CDT 2009
A NOTE has been added to this issue.
======================================================================
https://issues.asterisk.org/view.php?id=15109
======================================================================
Reported By: jvandal
Assigned To:
======================================================================
Project: Asterisk
Issue ID: 15109
Category: Resources/res_musiconhold
Reproducibility: random
Severity: block
Priority: normal
Status: acknowledged
Target Version: 1.4.27
Asterisk Version: 1.4.24
Regression: No
SVN Branch (only for SVN checkouts, not tarball releases): N/A
SVN Revision (number only!):
Request Review:
======================================================================
Date Submitted: 2009-05-14 10:49 CDT
Last Modified: 2009-06-15 08:18 CDT
======================================================================
Summary: Abort by memory allocator, possibly in
moh_files_generator
Description:
I have a server running with Asterisk 1.4.24.1 where it randomly segfault
for "unknown" reason.
I'm not sure if this is related to moh_files_generator function or with
filestream_descructor.
Let me know what needed in order to fix this crash, if GDB traces aren't
enough.
Asterisk is compiled with DONT_OPTIMIZE and others flag needed for "gdb".
======================================================================
Relationships ID Summary
----------------------------------------------------------------------
related to 0014958 Segfault Asterisk 1.4.24.1
related to 0015123 out of bounds crash and core dump
has duplicate 0015195 double free or corruption (!prev) in mo...
======================================================================
----------------------------------------------------------------------
(0106395) aragon (reporter) - 2009-06-15 08:18
https://issues.asterisk.org/view.php?id=15109#c106395
----------------------------------------------------------------------
I have not heard anything back from tlesher at digium.com
I ran the lab test over the weekend and ran several reload commands to get
the lab system to crash under Valgrind.
No luck getting the system to crash, but this morning the entire system
was locked.
core show channels displayed nothing
core show locks displayed nothing
I could not attach to the asterisk/valgrind pid with gdb because of a
memory error. So I had to kill memcheck in order to restart my
experiment.
Therefore I could not get valgrind.txt.core file
However, malloc_debug.txt had one error that was different than before
WARNING: Freeing unused memory at (nil), in lock_info_destroy of utils.c,
line 536
valgrind.txt displayed some moh reload data that I hope will be useful.
==16435== at 0x4006998: strlen (mc_replace_strmem.c:242)
==16435== by 0x4050BCD: vfprintf (in /lib/libc-2.5.so)
==16435== by 0x40713B3: vsnprintf (in /lib/libc-2.5.so)
==16435== by 0x8121C21: ast_dynamic_str_thread_build_va (in
/usr/sbin/asterisk)
==16435== by 0x80C6416: ast_log (in /usr/sbin/asterisk)
==16435== by 0x4B26BA2: spawn_mp3 (res_musiconhold.c:433)
==16435== by 0x4B2703A: monmp3thread (res_musiconhold.c:530)
==16435== by 0x812049A: dummy_start (in /usr/sbin/asterisk)
==16435== by 0x8B249A: start_thread (in /lib/libpthread-2.5.so)
==16435== by 0x40E242D: clone (in /lib/libc-2.5.so)
==16435== Address 0x9b48460 is 416 bytes inside a block of size 1,068
free'd
==16435== at 0x400562C: free (vg_replace_malloc.c:323)
==16435== by 0x8072790: __ast_free_region (in /usr/sbin/asterisk)
==16435== by 0x8073182: __ast_free (in /usr/sbin/asterisk)
==16435== by 0x80749ED: ao2_ref (in /usr/sbin/asterisk)
==16435== by 0x8075578: ao2_callback (in /usr/sbin/asterisk)
==16435== by 0x4B29C2E: load_moh_classes (res_musiconhold.c:1309)
==16435== by 0x4B2A2AE: reload (res_musiconhold.c:1447)
==16435== by 0x80C272A: ast_module_reload (in /usr/sbin/asterisk)
==16435== by 0x809567D: handle_reload_deprecated (in
/usr/sbin/asterisk)
==16435== by 0x809BDEF: ast_cli_command (in /usr/sbin/asterisk)
==16435== by 0x806CD1D: consolehandler (in /usr/sbin/asterisk)
==16435== by 0x80723F7: main (in /usr/sbin/asterisk)
==16435==
==16435== Invalid read of size 1
==16435== at 0x40069A3: strlen (mc_replace_strmem.c:242)
==16435== by 0x4050BCD: vfprintf (in /lib/libc-2.5.so)
==16435== by 0x40713B3: vsnprintf (in /lib/libc-2.5.so)
==16435== by 0x8121C21: ast_dynamic_str_thread_build_va (in
/usr/sbin/asterisk)
==16435== by 0x80C6416: ast_log (in /usr/sbin/asterisk)
==16435== by 0x4B26BA2: spawn_mp3 (res_musiconhold.c:433)
==16435== by 0x4B2703A: monmp3thread (res_musiconhold.c:530)
==16435== by 0x812049A: dummy_start (in /usr/sbin/asterisk)
==16435== by 0x8B249A: start_thread (in /lib/libpthread-2.5.so)
==16435== by 0x40E242D: clone (in /lib/libc-2.5.so)
==16435== Address 0x9b48461 is 417 bytes inside a block of size 1,068
free'd
==16435== at 0x400562C: free (vg_replace_malloc.c:323)
==16435== by 0x8072790: __ast_free_region (in /usr/sbin/asterisk)
==16435== by 0x8073182: __ast_free (in /usr/sbin/asterisk)
==16435== by 0x80749ED: ao2_ref (in /usr/sbin/asterisk)
==16435== by 0x8075578: ao2_callback (in /usr/sbin/asterisk)
==16435== by 0x4B29C2E: load_moh_classes (res_musiconhold.c:1309)
==16435== by 0x4B2A2AE: reload (res_musiconhold.c:1447)
==16435== by 0x80C272A: ast_module_reload (in /usr/sbin/asterisk)
==16435== by 0x809567D: handle_reload_deprecated (in
/usr/sbin/asterisk)
==16435== by 0x809BDEF: ast_cli_command (in /usr/sbin/asterisk)
==16435== by 0x806CD1D: consolehandler (in /usr/sbin/asterisk)
==16435== by 0x80723F7: main (in /usr/sbin/asterisk)
==16435==
==16435== Invalid read of size 1
==16435== at 0x4007521: mempcpy (mc_replace_strmem.c:677)
==16435== by 0x4076634: _IO_default_xsputn (in /lib/libc-2.5.so)
==16435== by 0x40506F5: vfprintf (in /lib/libc-2.5.so)
==16435== by 0x40713B3: vsnprintf (in /lib/libc-2.5.so)
==16435== by 0x8121C21: ast_dynamic_str_thread_build_va (in
/usr/sbin/asterisk)
==16435== by 0x80C6416: ast_log (in /usr/sbin/asterisk)
==16435== by 0x4B26BA2: spawn_mp3 (res_musiconhold.c:433)
==16435== by 0x4B2703A: monmp3thread (res_musiconhold.c:530)
==16435== by 0x812049A: dummy_start (in /usr/sbin/asterisk)
==16435== by 0x8B249A: start_thread (in /lib/libpthread-2.5.so)
==16435== by 0x40E242D: clone (in /lib/libc-2.5.so)
==16435== Address 0x9b48460 is 416 bytes inside a block of size 1,068
free'd
==16435== at 0x400562C: free (vg_replace_malloc.c:323)
==16435== by 0x8072790: __ast_free_region (in /usr/sbin/asterisk)
==16435== by 0x8073182: __ast_free (in /usr/sbin/asterisk)
==16435== by 0x80749ED: ao2_ref (in /usr/sbin/asterisk)
==16435== by 0x8075578: ao2_callback (in /usr/sbin/asterisk)
==16435== by 0x4B29C2E: load_moh_classes (res_musiconhold.c:1309)
==16435== by 0x4B2A2AE: reload (res_musiconhold.c:1447)
==16435== by 0x80C272A: ast_module_reload (in /usr/sbin/asterisk)
==16435== by 0x809567D: handle_reload_deprecated (in
/usr/sbin/asterisk)
==16435== by 0x809BDEF: ast_cli_command (in /usr/sbin/asterisk)
==16435== by 0x806CD1D: consolehandler (in /usr/sbin/asterisk)
==16435== by 0x80723F7: main (in /usr/sbin/asterisk)
==16435==
==16435== Invalid read of size 1
==16435== at 0x400752D: mempcpy (mc_replace_strmem.c:677)
==16435== by 0x4076634: _IO_default_xsputn (in /lib/libc-2.5.so)
==16435== by 0x40506F5: vfprintf (in /lib/libc-2.5.so)
==16435== by 0x40713B3: vsnprintf (in /lib/libc-2.5.so)
==16435== by 0x8121C21: ast_dynamic_str_thread_build_va (in
/usr/sbin/asterisk)
==16435== by 0x80C6416: ast_log (in /usr/sbin/asterisk)
==16435== by 0x4B26BA2: spawn_mp3 (res_musiconhold.c:433)
==16435== by 0x4B2703A: monmp3thread (res_musiconhold.c:530)
==16435== by 0x812049A: dummy_start (in /usr/sbin/asterisk)
==16435== by 0x8B249A: start_thread (in /lib/libpthread-2.5.so)
==16435== by 0x40E242D: clone (in /lib/libc-2.5.so)
==16435== Address 0x9b48462 is 418 bytes inside a block of size 1,068
free'd
==16435== at 0x400562C: free (vg_replace_malloc.c:323)
==16435== by 0x8072790: __ast_free_region (in /usr/sbin/asterisk)
==16435== by 0x8073182: __ast_free (in /usr/sbin/asterisk)
==16435== by 0x80749ED: ao2_ref (in /usr/sbin/asterisk)
==16435== by 0x8075578: ao2_callback (in /usr/sbin/asterisk)
==16435== by 0x4B29C2E: load_moh_classes (res_musiconhold.c:1309)
==16435== by 0x4B2A2AE: reload (res_musiconhold.c:1447)
==16435== by 0x80C272A: ast_module_reload (in /usr/sbin/asterisk)
==16435== by 0x809567D: handle_reload_deprecated (in
/usr/sbin/asterisk)
==16435== by 0x809BDEF: ast_cli_command (in /usr/sbin/asterisk)
==16435== by 0x806CD1D: consolehandler (in /usr/sbin/asterisk)
==16435== by 0x80723F7: main (in /usr/sbin/asterisk)
The basis of my tests is to load 4 PRI interfaces and pass multiple calls
to an ACD queue to logged agents. As a result some calls are answered and
some are held with MOH. A percentage of ACD calls answered by agents are
transferred to other extensions. A reload command is issued every ten
minutes.
Without running Asterisk under valgrind this is sufficient to crash
Asterisk consistently about twice per hour.
With valgrind I was able to produce two crashes and I sent two
valgrind.txt.core files to tlesher for analysis (one per crash under
valgrind).
It is likely that at least one of those valgrind.txt.core files is not
directly related to the crash reported in 15109. The second
valgrind.txt.core file looked more related to the original bug report.
I'll keep trying to produce additional valgrind dumps, however I am
finding it extremely difficult to reproduce the crash under valgrind.
Issue History
Date Modified Username Field Change
======================================================================
2009-06-15 08:18 aragon Note Added: 0106395
======================================================================
More information about the asterisk-bugs
mailing list