[asterisk-bugs] [JIRA] (ASTERISK-28456) Asterisk crashed and core dumps when attempting to free a frame

Joshua C. Colp (JIRA) noreply at issues.asterisk.org
Thu Jun 20 05:46:47 CDT 2019


     [ https://issues.asterisk.org/jira/browse/ASTERISK-28456?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Joshua C. Colp updated ASTERISK-28456:
--------------------------------------

    Assignee: Vilius Adamkavicius
      Status: Waiting for Feedback  (was: Triage)

> Asterisk crashed and core dumps when attempting to free a frame
> ---------------------------------------------------------------
>
>                 Key: ASTERISK-28456
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-28456
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Core/Bridging
>    Affects Versions: 15.7.2
>         Environment: Linux mb-au-syd-ha2 2.6.32-754.14.2.el6.x86_64 #1 SMP Tue May 14 19:35:42 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
> Asterisk 15.7.2 built by root @ xxxxxxx on a x86_64 running Linux on 2019-06-20 02:21:07 UTC
>            Reporter: Vilius Adamkavicius
>            Assignee: Vilius Adamkavicius
>
> Each crash seems to correspond to hangup message received, majority hangup causes seems to 17 and 21
> [Jun 20 13:20:03] VERBOSE[18101][C-00000af6] sig_pri.c: Span 6: Channel 0/13 got hangup request, cause 21
> [Jun 20 13:20:09] Asterisk 15.7.2 built by root @ mb-au-syd-ha2 on a x86_64 running Linux on 2019-06-20 02:21:07 UTC
> [Jun 20 14:16:15] VERBOSE[16330][C-00000658] sig_pri.c: Span 1: Channel 0/14 got hangup request, cause 17
> [Jun 20 14:16:50] VERBOSE[23152][C-00000008] sig_pri.c: Span 1: Channel 0/18 got hangup request, cause 17
> [Jun 20 15:04:25] VERBOSE[23669][C-000018e2] sig_pri.c: Span 3: Channel 0/1 got hangup request, cause 21
> etc.
> All core dumps seems to be consistent.
> (gdb) bt
> #0  0x0000003d294324f5 in raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
> #1  0x0000003d29433cd5 in abort () at abort.c:92
> #2  0x0000003d29470417 in __libc_message (do_abort=2, fmt=0x3d29558c00 "*** glibc detected *** %s: %s: 0x%s ***\n") at ../sysdeps/unix/sysv/linux/libc_fatal.c:198
> #3  0x0000003d29475e5e in malloc_printerr (action=3, str=0x3d29558f70 "double free or corruption (out)", ptr=<value optimized out>, ar_ptr=<value optimized out>) at malloc.c:6360
> #4  0x0000003d29478cf0 in _int_free (av=0x3d2978e120, p=0x7f14880414f0, have_lock=0) at malloc.c:4846
> #5  0x000000000053441c in __frame_free (fr=0x7f1488041500, cache=1) at frame.c:160
> #6  0x000000000053445c in ast_frame_free (frame=0x7f1488041500, cache=1) at frame.c:173
> #7  0x00000000004878a7 in bridge_frame_free (frame=0x7f1488041500) at bridge_channel.c:1026
> #8  0x000000000048c12d in bridge_handle_trip (bridge_channel=0x7f144c01bca0) at bridge_channel.c:2628
> #9  0x000000000048c59c in bridge_channel_wait (bridge_channel=0x7f144c01bca0) at bridge_channel.c:2763
> #10 0x000000000048cd94 in bridge_channel_internal_join (bridge_channel=0x7f144c01bca0) at bridge_channel.c:2914
> #11 0x0000000000470b21 in ast_bridge_join (bridge=0x7f144c04b010, chan=0x7f144800fd60, swap=0x0, features=0x7f1410bd9130, tech_args=0x7f1410bd9158, flags=0) at bridge.c:1729
> #12 0x00007f1425565d1c in confbridge_exec (chan=0x7f144800fd60, data=0x7f1410bd9380 "3018,invadeconf_bridge,invadeconf_userq") at app_confbridge.c:2577
> #13 0x00000000005a15eb in pbx_exec (c=0x7f144800fd60, app=0x2700260, data=0x7f1410bd9380 "3018,invadeconf_bridge,invadeconf_userq") at pbx_app.c:492
> #14 0x000000000058c143 in pbx_extension_helper (c=0x7f144800fd60, con=0x0, context=0x7f1448010720 "InVADEDialler", exten=0x7f1448010770 "3018", priority=2, label=0x0, callerid=0x7f1448022880 "0293044380",
>     action=E_SPAWN, found=0x7f1410bdba60, combined_find_spawn=1) at pbx.c:2926
> #15 0x00000000005900dd in ast_spawn_extension (c=0x7f144800fd60, context=0x7f1448010720 "InVADEDialler", exten=0x7f1448010770 "3018", priority=2, callerid=0x7f1448022880 "0293044380", found=0x7f1410bdba60,
>     combined_find_spawn=1) at pbx.c:4157
> #16 0x0000000000590eb5 in __ast_pbx_run (c=0x7f144800fd60, args=0x0) at pbx.c:4331
> #17 0x0000000000592aa0 in ast_pbx_run_args (c=0x7f144800fd60, args=0x0) at pbx.c:4701
> #18 0x0000000000592aca in ast_pbx_run (c=0x7f144800fd60) at pbx.c:4710
> #19 0x000000000059b35c in pbx_outgoing_exec (data=0x7f1448001af0) at pbx.c:7612
> #20 0x0000000000626eb7 in dummy_start (data=0x7f1448031190) at utils.c:1258
> #21 0x0000003d29807aa1 in start_thread (arg=0x7f1410bdc700) at pthread_create.c:301
> #22 0x0000003d294e8c4d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115
> (gdb) bt
> #0  0x0000003d294324f5 in raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
> #1  0x0000003d29433cd5 in abort () at abort.c:92
> #2  0x0000003d29470417 in __libc_message (do_abort=2, fmt=0x3d29558c00 "*** glibc detected *** %s: %s: 0x%s ***\n") at ../sysdeps/unix/sysv/linux/libc_fatal.c:198
> #3  0x0000003d29475e5e in malloc_printerr (action=3, str=0x3d29558f70 "double free or corruption (out)", ptr=<value optimized out>, ar_ptr=<value optimized out>) at malloc.c:6360
> #4  0x0000003d29478cf0 in _int_free (av=0x3d2978e120, p=0x7fe32c007910, have_lock=0) at malloc.c:4846
> #5  0x000000000053441c in __frame_free (fr=0x7fe32c007920, cache=1) at frame.c:160
> #6  0x000000000053445c in ast_frame_free (frame=0x7fe32c007920, cache=1) at frame.c:173
> #7  0x00000000004878a7 in bridge_frame_free (frame=0x7fe32c007920) at bridge_channel.c:1026
> #8  0x000000000048c12d in bridge_handle_trip (bridge_channel=0x7fe344087a20) at bridge_channel.c:2628
> #9  0x000000000048c59c in bridge_channel_wait (bridge_channel=0x7fe344087a20) at bridge_channel.c:2763
> #10 0x000000000048cd94 in bridge_channel_internal_join (bridge_channel=0x7fe344087a20) at bridge_channel.c:2914
> #11 0x0000000000470b21 in ast_bridge_join (bridge=0x7fe3440061b0, chan=0x7fe348047490, swap=0x0, features=0x7fe2f7f9a130, tech_args=0x7fe2f7f9a158, flags=0) at bridge.c:1729
> #12 0x00007fe30c546d1c in confbridge_exec (chan=0x7fe348047490, data=0x7fe2f7f9a380 "3027,invadeconf_bridge,invadeconf_userq") at app_confbridge.c:2577
> #13 0x00000000005a15eb in pbx_exec (c=0x7fe348047490, app=0x3adb420, data=0x7fe2f7f9a380 "3027,invadeconf_bridge,invadeconf_userq") at pbx_app.c:492
> #14 0x000000000058c143 in pbx_extension_helper (c=0x7fe348047490, con=0x0, context=0x7fe348047e50 "InVADEDialler", exten=0x7fe348047ea0 "3027", priority=2, label=0x0, callerid=0x7fe348001fc0 "0293044380",
>     action=E_SPAWN, found=0x7fe2f7f9ca60, combined_find_spawn=1) at pbx.c:2926
> #15 0x00000000005900dd in ast_spawn_extension (c=0x7fe348047490, context=0x7fe348047e50 "InVADEDialler", exten=0x7fe348047ea0 "3027", priority=2, callerid=0x7fe348001fc0 "0293044380", found=0x7fe2f7f9ca60,
>     combined_find_spawn=1) at pbx.c:4157
> #16 0x0000000000590eb5 in __ast_pbx_run (c=0x7fe348047490, args=0x0) at pbx.c:4331
> #17 0x0000000000592aa0 in ast_pbx_run_args (c=0x7fe348047490, args=0x0) at pbx.c:4701
> #18 0x0000000000592aca in ast_pbx_run (c=0x7fe348047490) at pbx.c:4710
> #19 0x000000000059b35c in pbx_outgoing_exec (data=0x7fe348050700) at pbx.c:7612
> #20 0x0000000000626eb7 in dummy_start (data=0x7fe34802a440) at utils.c:1258
> #21 0x0000003d29807aa1 in start_thread (arg=0x7fe2f7f9d700) at pthread_create.c:301
> #22 0x0000003d294e8c4d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115
> (gdb) bt
> #0  0x0000003d294324f5 in raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
> #1  0x0000003d29433cd5 in abort () at abort.c:92
> #2  0x0000003d29470417 in __libc_message (do_abort=2, fmt=0x3d29558c00 "*** glibc detected *** %s: %s: 0x%s ***\n") at ../sysdeps/unix/sysv/linux/libc_fatal.c:198
> #3  0x0000003d29475e5e in malloc_printerr (action=3, str=0x3d29558f70 "double free or corruption (out)", ptr=<value optimized out>, ar_ptr=<value optimized out>) at malloc.c:6360
> #4  0x0000003d29478cf0 in _int_free (av=0x3d2978e120, p=0x7febfc02afb0, have_lock=0) at malloc.c:4846
> #5  0x000000000053441c in __frame_free (fr=0x7febfc02afc0, cache=1) at frame.c:160
> #6  0x000000000053445c in ast_frame_free (frame=0x7febfc02afc0, cache=1) at frame.c:173
> #7  0x00000000004878a7 in bridge_frame_free (frame=0x7febfc02afc0) at bridge_channel.c:1026
> #8  0x000000000048c12d in bridge_handle_trip (bridge_channel=0x7fec480126a0) at bridge_channel.c:2628
> #9  0x000000000048c59c in bridge_channel_wait (bridge_channel=0x7fec480126a0) at bridge_channel.c:2763
> #10 0x000000000048cd94 in bridge_channel_internal_join (bridge_channel=0x7fec480126a0) at bridge_channel.c:2914
> #11 0x0000000000470b21 in ast_bridge_join (bridge=0x7fec54006580, chan=0x7fec4c031240, swap=0x0, features=0x7febcee86130, tech_args=0x7febcee86158, flags=0) at bridge.c:1729
> #12 0x00007febe298ad1c in confbridge_exec (chan=0x7fec4c031240, data=0x7febcee86380 "3000,invadeconf_bridge,invadeconf_userq") at app_confbridge.c:2577
> #13 0x00000000005a15eb in pbx_exec (c=0x7fec4c031240, app=0x31bc6c0, data=0x7febcee86380 "3000,invadeconf_bridge,invadeconf_userq") at pbx_app.c:492
> #14 0x000000000058c143 in pbx_extension_helper (c=0x7fec4c031240, con=0x0, context=0x7fec4c031c00 "InVADEDialler", exten=0x7fec4c031c50 "3000", priority=2, label=0x0, callerid=0x7fec4c030fc0 "0293044380",
>     action=E_SPAWN, found=0x7febcee88a60, combined_find_spawn=1) at pbx.c:2926
> #15 0x00000000005900dd in ast_spawn_extension (c=0x7fec4c031240, context=0x7fec4c031c00 "InVADEDialler", exten=0x7fec4c031c50 "3000", priority=2, callerid=0x7fec4c030fc0 "0293044380", found=0x7febcee88a60,
>     combined_find_spawn=1) at pbx.c:4157
> #16 0x0000000000590eb5 in __ast_pbx_run (c=0x7fec4c031240, args=0x0) at pbx.c:4331
> #17 0x0000000000592aa0 in ast_pbx_run_args (c=0x7fec4c031240, args=0x0) at pbx.c:4701
> #18 0x0000000000592aca in ast_pbx_run (c=0x7fec4c031240) at pbx.c:4710
> #19 0x000000000059b35c in pbx_outgoing_exec (data=0x7fec4c006c50) at pbx.c:7612
> #20 0x0000000000626eb7 in dummy_start (data=0x7fec4c011fc0) at utils.c:1258
> #21 0x0000003d29807aa1 in start_thread (arg=0x7febcee89700) at pthread_create.c:301
> #22 0x0000003d294e8c4d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115



--
This message was sent by Atlassian JIRA
(v6.2#6252)



More information about the asterisk-bugs mailing list