[asterisk-bugs] [JIRA] (ASTERISK-25274) A11 SIGSEGV 'Double free or corruption' in backtrace from pj_pool_release (sip_destroy -> pj_ice_sess_destroy)
Mark Michelson (JIRA)
noreply at issues.asterisk.org
Fri Jul 24 09:57:33 CDT 2015
[ https://issues.asterisk.org/jira/browse/ASTERISK-25274?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=227034#comment-227034 ]
Mark Michelson commented on ASTERISK-25274:
-------------------------------------------
I'm going to jump in here and say that MALLOC_DEBUG is not going to help here since the malloc error is down inside PJLib. MALLOC_DEBUG does not intercept those allocations.
> A11 SIGSEGV 'Double free or corruption' in backtrace from pj_pool_release (sip_destroy -> pj_ice_sess_destroy)
> --------------------------------------------------------------------------------------------------------------
>
> Key: ASTERISK-25274
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-25274
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Affects Versions: 11.18.0
> Environment: Ubuntu 14.04.2; Linux 3.13.0-24-generic SMP; Intel E3-1231
> Openssl 1.0.1f-1ubuntu2.15 (Jun 11 2015; most recent available)
> libsrtp0 / libsrtp0-dev 1.4.5~20130609~dfsg-1
> Reporter: Dade Brandon
> Attachments: fenrir-debug-july23.txt.gz, fenrir-fullbt-jul23.txt, narvi-backtrace-july 22 2015.txt, Narvi debug log_jul_22_917.p.txt.gz
>
>
> We have the patch from ASTERISK-25103 added to trunk 11 with a few custom patches (mostly just debug messages). The following crash occurs infrequently (1-5 times per week, usually batched together and on the same server(s); based on the pattern I imagine that there is a remote factor in whether or not the crash occurs, such as a slow peer )
> The full backtrace with some added print *var's attached, as well as debug log will be attached in a sec after I create this issue, below is the top chunk from the backtrace to assist with reviewing this issue.
> {noformat}
> Program terminated with signal SIGABRT, Aborted.
> #0 __GI_raise (sig=sig at entry=6)
> #1 __GI_abort ()
> #2 __libc_message (do_abort=do_abort at entry=1, fmt=fmt at entry=0x7f548a7b6b28 "*** Error in `%s': %s: 0x%s ***\n")
> #3 malloc_printerr (ptr=<optimized out>, str=0x7f548a7b6c58 "double free or corruption (out)", action=1)
> #4 _int_free (av=<optimized out>, p=<optimized out>, have_lock=0)
> #5 default_block_free ()
> #6 pj_pool_destroy_int ()
> #7 cpool_release_pool ()
> #8 pj_pool_release ()
> #9 destroy_tdata ()
> #10 pj_stun_session_destroy ()
> {noformat}
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list