[asterisk-bugs] [JIRA] (ASTERISK-25274) A11 SIGSEGV 'Double free or corruption' in backtrace from pj_pool_release (sip_destroy -> pj_ice_sess_destroy)

Dade Brandon (JIRA) noreply at issues.asterisk.org
Wed Jul 22 12:48:32 CDT 2015


     [ https://issues.asterisk.org/jira/browse/ASTERISK-25274?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Dade Brandon updated ASTERISK-25274:
------------------------------------

    Attachment: Narvi debug log_jul_22_917.p.txt.gz

Gzip of the debug log --- this is the last five minutes before the crash (identified by asterisk starting back up on the last line)   -- the spam of "No remote address on RTP instance '....' so dropping frame" is unique to this issue, noting that the call IDs and RTP instances are different - we occasionally see this on one RTP instance, but lately we've been getting this across multiple RTP instances right before a crash. 

> A11 SIGSEGV 'Double free or corruption' in backtrace from pj_pool_release (sip_destroy -> pj_ice_sess_destroy)
> --------------------------------------------------------------------------------------------------------------
>
>                 Key: ASTERISK-25274
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-25274
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>    Affects Versions: 11.18.0
>         Environment: Ubuntu 14.04.2; Linux 3.13.0-24-generic SMP; Intel E3-1231
> Openssl 1.0.1f-1ubuntu2.15 (Jun 11 2015; most recent available)
> libsrtp0 / libsrtp0-dev 1.4.5~20130609~dfsg-1
>            Reporter: Dade Brandon
>         Attachments: narvi-backtrace-july 22 2015.txt, Narvi debug log_jul_22_917.p.txt.gz
>
>
> We have the patch from ASTERISK-25103 added to trunk 11 with a few custom patches (mostly just debug messages).  The following crash occurs infrequently (1-5 times per week, usually batched together and on the same server(s); based on the pattern I imagine that there is a remote factor in whether or not the crash occurs, such as a slow peer )
> The full backtrace with some added print *var's attached, as well as debug log will be attached in a sec after I create this issue, below is the top chunk from the backtrace to assist with reviewing this issue.
> {noformat}
> Program terminated with signal SIGABRT, Aborted.
> #0  __GI_raise (sig=sig at entry=6)
> #1  __GI_abort ()
> #2  __libc_message (do_abort=do_abort at entry=1, fmt=fmt at entry=0x7f548a7b6b28 "*** Error in `%s': %s: 0x%s ***\n")
> #3  malloc_printerr (ptr=<optimized out>, str=0x7f548a7b6c58 "double free or corruption (out)", action=1)
> #4  _int_free (av=<optimized out>, p=<optimized out>, have_lock=0)
> #5  default_block_free () 
> #6  pj_pool_destroy_int ()
> #7  cpool_release_pool ()
> #8  pj_pool_release ()
> #9  destroy_tdata ()
> #10 pj_stun_session_destroy ()
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.2#6252)



More information about the asterisk-bugs mailing list