[asterisk-bugs] [JIRA] (ASTERISK-25212) Segfault when triggering deadlock detection
Walter Doekes (JIRA)
noreply at issues.asterisk.org
Tue Jun 30 09:31:33 CDT 2015
Walter Doekes created ASTERISK-25212:
----------------------------------------
Summary: Segfault when triggering deadlock detection
Key: ASTERISK-25212
URL: https://issues.asterisk.org/jira/browse/ASTERISK-25212
Project: Asterisk
Issue Type: Bug
Security Level: None
Affects Versions: 11.19.0
Reporter: Walter Doekes
When attempting to reproduce a deadlock, I enabled DEBUG_THREADS and DETECT_DEADLOCKS.
Instead of detecting the deadlock, sometimes Asterisk crashes instead.
Recent crash contains this:
{noformat}
(gdb) bt
#0 pthread_cond_signal@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_signal.S:69
#1 0x0000000000509909 in __ast_cond_signal (filename=0x5c993b "autoservice.c", lineno=222, func=0x5c9a10 <__PRETTY_FUNCTION__.13263> "ast_autoservice_start", cond_name=0x5c9967 "&as_cond",
cond=0x885680 <as_cond>) at lock.c:508
#2 0x0000000000456ec8 in ast_autoservice_start (chan=0x3b31188) at autoservice.c:222
#3 0x00000000004573ba in ast_autoservice_chan_hangup_peer (chan=0x3b31188, peer=0x7eff1038ef68) at autoservice.c:317
#4 0x00007efed32345c7 in dial_exec_full (chan=0x3b31188, data=0x7efec6cc6b10 "SIP/bob", peerflags=0x7efec6cc64c0, continue_exec=0x0) at app_dial.c:3078
#5 0x00007efed323499a in dial_exec (chan=0x3b31188, data=0x7efec6cc6b10 "SIP/bob") at app_dial.c:3130
#6 0x0000000000533b49 in pbx_exec (c=0x3b31188, app=0x27c0440, data=0x7efec6cc6b10 "SIP/bob") at pbx.c:1677
#7 0x000000000053e7c8 in pbx_extension_helper (c=0x3b31188, con=0x0, context=0x3b31fd8 "default", exten=0x3b32028 "bob", priority=1, label=0x0, callerid=0x3df43b0 "alice", action=E_SPAWN,
found=0x7efec6ccabfc, combined_find_spawn=1) at pbx.c:4970
{noformat}
{noformat}
(gdb) disass
Dump of assembler code for function pthread_cond_signal@@GLIBC_2.3.2:
...
0x00007eff16ab3c4e <+62>: je 0x7eff16ab3c67 <pthread_cond_signal@@GLIBC_2.3.2+87>
0x00007eff16ab3c50 <+64>: mov 0x20(%r8),%rcx
=> 0x00007eff16ab3c54 <+68>: mov 0x10(%rcx),%r11d
0x00007eff16ab3c58 <+72>: and $0x30,%r11d
0x00007eff16ab3c5c <+76>: cmp $0x20,%r11d
...
(gdb) up
#1 0x0000000000509909 in __ast_cond_signal (filename=0x5c993b "autoservice.c", lineno=222, func=0x5c9a10 <__PRETTY_FUNCTION__.13263> "ast_autoservice_start", cond_name=0x5c9967 "&as_cond",
cond=0x885680 <as_cond>) at lock.c:508
508 return pthread_cond_signal(cond);
(gdb) print cond
$55 = (ast_cond_t *) 0x885680 <as_cond>
(gdb) print *cond
$56 = {__data = {__lock = 1, __futex = 1638, __total_seq = 8389759012580623496, __wakeup_seq = 7809628147932885606, __woken_seq = 6874024004411486821, __mutex = 0x7069700074696e69, __nwaiters = 101,
__broadcast_seq = 2063597568}, __size = "\001\000\000\000f\006\000\000\210\004\000\000_intfrnal_alertpipe_init\000pipe\000\000\000\000\000\000{", __align = 7035156430849}
(gdb) p *(char(*)[48])cond
$57 = "\001\000\000\000f\006\000\000\210\004\000\000_intfrnal_alertpipe_init\000pipe\000\000\000\000\000\000{"
{noformat}
That doesn't look like valid values in the cond struct.
{noformat}
(gdb) info registers
rax 0xca 202
rbx 0x10 16
rcx 0x7069700074696e69 8100128552057925225
rdx 0x1 1
rsi 0x5 5
rdi 0x885684 8935044
rbp 0x7efec6cc5520 0x7efec6cc5520
rsp 0x7efec6cc54f0 0x7efec6cc54f0
r8 0x885680 8935040
r9 0x843510 8664336
r10 0x7efec4456de0 139632679677408
r11 0x7efec6ccafc8 139632722096072
r12 0x3b32028 62070824
r13 0x1 1
r14 0x3caa942 63613250
r15 0x27c04a0 41682080
rip 0x509909 0x509909 <__ast_cond_signal+39>
eflags 0x10217 [ CF PF AF IF RF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
{noformat}
Cheers,
Walter Doekes
OSSO B.V.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list