[asterisk-bugs] [JIRA] (ASTERISK-22875) CLONE - Segfault in __ao2_find ()
Matt Jordan (JIRA)
noreply at issues.asterisk.org
Sat Dec 7 20:35:03 CST 2013
[ https://issues.asterisk.org/jira/browse/ASTERISK-22875?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=212690#comment-212690 ]
Matt Jordan commented on ASTERISK-22875:
----------------------------------------
So, backtrace3.txt does contain a crash that occurred due to something being off in a packet 2 packet bridge. I'm assuming this is what Jeremy Laine attached.
This is quite strange. From this, codecs->payloads - which should be an ao2 container allocated on the codecs object when the instance object is created - is NULL while the codecs object has a valid address.
{noformat}
#0 0x0000000000452bb8 in __ao2_find (c=0x0, arg=0x7f3e5cd068d4, flags=96) at astobj2.c:1237
#1 0x0000000000552581 in ast_rtp_codecs_find_payload_code (codecs=0x24f1430, code=0) at rtp_engine.c:771
#2 0x00007f3e6bfaf04c in bridge_p2p_rtp_write (len=172, rtpheader=0x2026e38, instance=0x215ea58, hdrlen=<optimized out>) at res_rtp_asterisk.c:3413
{noformat}
As an aside, getting a {{bt full}} is quite helpful here, as it would show more of these values. Right now we have the backtrace from the seg faulting thread, but not the values in the stack trace or all of the values of the other threads. The wiki has more information on correctly obtaining a backtrace - see https://wiki.asterisk.org/wiki/display/AST/Getting+a+Backtrace
The really odd part is {{codecs->payloads}} should never be NULL. This object should be set so long as the {{ast_codecs}} object is valid. Even if {{codecs}} was already freed, I'd expect this to be pointing to invalid memory, not NULL - which makes me wonder what is going on here.
Note that this is also a completely different issue from what David reported, which occurred when adding a hint:
{noformat}
#0 0x08089bb0 in __ao2_find ()
#0 0x08089bb0 in __ao2_find ()
No symbol table info available.
#1 0x08157df0 in ast_add_hint ()
No symbol table info available.
#2 0x08161165 in ast_add_extension2_lockopt ()
No symbol table info available.
#3 0x003d9a33 in pbx_load_config () at pbx_config.c:1644
__PRETTY_FUNCTION__ = "pbx_load_config"
#4 pbx_load_module () at pbx_config.c:1848
con = <value optimized out>
__PRETTY_FUNCTION__ = "pbx_load_module"
{noformat}
In neither case, however, am I sure how the system got in this state, or how to reproduce these errors.
I think that in both cases, you (either of you :-) ) will need to provide some information on what led up to the crash and a method to reproduce the errors. These are substantially strange enough that just looking at the somewhat incomplete backtraces isn't sufficient for someone to reproduce or assist on these problems.
> CLONE - Segfault in __ao2_find ()
> ---------------------------------
>
> Key: ASTERISK-22875
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-22875
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: Channels/chan_sip/General
> Affects Versions: 11.6.0
> Environment: centos 5.9 64bit
> Reporter: David Brillert
> Assignee: David Brillert
> Severity: Critical
> Attachments: backtrace3.txt, backtrace.txt, gdb thread apply all.txt, gdb trace.txt
>
>
> Segfault. Backtrace attached.
> Asterisk was compiled with DONT_OPTIMIZE and BETTER_BACKTRACES
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.asterisk.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the asterisk-bugs
mailing list