[asterisk-bugs] [JIRA] (ASTERISK-26759) Double free, ast_taskprocessor_execute->tps_task_free

Stuart Henderson (JIRA) noreply at issues.asterisk.org
Thu Feb 2 06:02:10 CST 2017 

    [ https://issues.asterisk.org/jira/browse/ASTERISK-26759?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=234997#comment-234997 ] 

Stuart Henderson commented on ASTERISK-26759:
---------------------------------------------

Hit another double free, same logs prior to the crash, different backtrace.

{noformat}
[Feb  2 10:46:53] WARNING[-1]: http.c:1948 httpd_helper_thread: Failed to set TCP_NODELAY on HTTP connection, getprotobyname("tcp") failed
[Feb  2 10:46:53] WARNING[-1]: http.c:1949 httpd_helper_thread: Some HTTP requests may be slow to respond.
[Feb  2 10:46:53] WARNING[-1]: http.c:1944 httpd_helper_thread: Failed to set TCP_NODELAY on HTTP connection: Invalid argument
pbx7*CLI>
Disconnected from Asterisk server
{noformat}

{noformat}
#0  0x00001aef15cb51ca in thrkill () at <stdin>:2
#1  0x00001aef15c9b499 in *_libc_abort () at /usr/src/lib/libc/stdlib/abort.c:52
#2  0x00001aef15cdf969 in wrterror (d=0x1aef4f1d43d0,
    msg=0x1aef15df680d "chunk is already free", p=0x1aeefa33bb00)
    at /usr/src/lib/libc/stdlib/malloc.c:295
#3  0x00001aef15cdfb3e in find_chunknum (d=0x1aef4f1d43d0, r=<optimized out>,
    ptr=0x1aeefa33bb00) at /usr/src/lib/libc/stdlib/malloc.c:1054
#4  0x00001aef15ce09b8 in free_bytes (ptr=<optimized out>, r=<optimized out>,
    d=<optimized out>) at /usr/src/lib/libc/stdlib/malloc.c:1072
#5  ofree (pool=0x1aef4f1d43d0, p=0x1aeefa33bb00)
    at /usr/src/lib/libc/stdlib/malloc.c:1337
#6  0x00001aef15ce0e3b in free (ptr=0x1aeece3e0b80)
    at /usr/src/lib/libc/stdlib/malloc.c:1364
#7  0x00001aec6a5a49f7 in __ast_string_field_free_memory ()
#8  0x00001aec6a519e56 in logmsg_free ()
#9  0x00001aec6a51f3b8 in logger_thread ()
#10 0x00001aec6a5b97c5 in dummy_start ()
#11 0x00001aef6194131e in _rthread_start (v=0x0)
    at /usr/src/lib/librthread/rthread.c:115
#12 0x00001aef15c6875b in __tfork_thread ()
    at /usr/src/lib/libc/arch/amd64/sys/tfork_thread.S:75
#13 0x0000000000000000 in ?? ()
{noformat}

"thread apply all bt full" at https://junkpile.org/ast13.13.1-20170202.txt

> Double free, ast_taskprocessor_execute->tps_task_free
> -----------------------------------------------------
>
>                 Key: ASTERISK-26759
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-26759
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Core/General
>    Affects Versions: 13.13.1
>         Environment: OpenBSD 6.0, amd64. Using chan_sip, odbc realtime, http manager.
>            Reporter: Stuart Henderson
>
> Asterisk had been up and operating normally for a week then exited with a malloc(3) detected "chunk is already free" error (OpenBSD malloc has double-free detection enabled all the time). I get the following backtrace - short bt inline, output from "thread apply all bt full" is at https://junkpile.org/ast13.13.1-20170130.txt.
> {noformat}
> (gdb) bt
> #0  0x00001f1890b581ca in thrkill () at <stdin>:2
> #1  0x00001f1890b3e499 in *_libc_abort () at /usr/src/lib/libc/stdlib/abort.c:52
> #2  0x00001f1890b82969 in wrterror (d=0x1f18437474d0, 
>     msg=0x1f1890c9980d "chunk is already free", p=0x1f181121f990)
>     at /usr/src/lib/libc/stdlib/malloc.c:295
> #3  0x00001f1890b82b3e in find_chunknum (d=0x1f18437474d0, r=<optimized out>, 
>     ptr=0x1f181121f990) at /usr/src/lib/libc/stdlib/malloc.c:1054
> #4  0x00001f1890b839b8 in free_bytes (ptr=<optimized out>, r=<optimized out>, 
>     d=<optimized out>) at /usr/src/lib/libc/stdlib/malloc.c:1072
> #5  ofree (pool=0x1f18437474d0, p=0x1f181121f990)
>     at /usr/src/lib/libc/stdlib/malloc.c:1337
> #6  0x00001f1890b83e3b in free (ptr=0x1f1862aae680)
>     at /usr/src/lib/libc/stdlib/malloc.c:1364
> #7  0x00001f15964a7209 in tps_task_free ()
> #8  0x00001f15964a72eb in ast_taskprocessor_execute ()
> #9  0x00001f15964af641 in worker_start ()
> #10 0x00001f15964b97c5 in dummy_start ()
> #11 0x00001f180e05e31e in _rthread_start (v=0x0)
>     at /usr/src/lib/librthread/rthread.c:115
> #12 0x00001f1890b0b75b in __tfork_thread ()
>     at /usr/src/lib/libc/arch/amd64/sys/tfork_thread.S:75
> #13 0x0000000000000000 in ?? ()
> {noformat}
> The following lines were logged 2 seconds before the timestamp of the core, however they have been seen on one previous occasion not associated with a crash.
> {noformat}
> Jan 30 09:41:50 pbx7 asterisk[39270]: WARNING[-1]: http.c:1948 in httpd_helper_thread: Failed to set TCP_NODELAY on HTTP connection, getprotobyname("tcp") failed
> Jan 30 09:41:50 pbx7 asterisk[39270]: WARNING[-1]: http.c:1949 in httpd_helper_thread: Some HTTP requests may be slow to respond.
> {noformat}
> What other information would be useful? Is there anything I should capture in case it happens again? I have the core in case there's something you'd like me to poke at with gdb. Thanks.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list