[asterisk-bugs] [JIRA] (ASTERISK-29846) channels: bad ao2 ref causes crash

N A (JIRA) noreply at issues.asterisk.org
Tue Feb 1 17:12:07 CST 2022 

    [ https://issues.asterisk.org/jira/browse/ASTERISK-29846?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=257936#comment-257936 ] 

N A commented on ASTERISK-29846:
--------------------------------

Finally, *finally* I have prevailed! Only the 2nd backtrace I've gotten, and the first one I haven't accidentally deleted.

Asterisk crashed this morning, and at the time, I cd'd to /var/crash and then ran asterisk -g. It appears running as root and starting asterisk in the /var/crash directory finally allowed a core to dump successfully. Autorestarting via the cron job does the same thing but for some reason doesn't seem to work. Luckily, it took only a few hours for Asterisk to crash again (never thought I'd say that) and this time it did core dump.

Anyways, here is the backtrace: https://code.phreaknet.org/asterisk/backtrace.txt

Looks like an invalid free in the logger thread, which would explain why the issue seems to be random, looking at a debug level.

Thread 1 (Thread 0x7f3caf94a700 (LWP 19812)):
#0  0x00007f3cb1e387bb in __GI_raise (sig=sig at entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
        set = {__val = {134238211, 139898675710720, 5, 0, 0, 139898665703576, 139898620517696, 139898675737786, 94527391385472, 94527390831189, 94527391347888, 94527391347888, 94527391385472, 94527390831175, 94527391385472, 0}}
        pid = <optimized out>
        tid = <optimized out>
#1  0x00007f3cb1e23535 in __GI_abort () at abort.c:79
        save_stage = 1
        act = {__sigaction_handler = {sa_handler = 0x25205d6435255b20, sa_sigaction = 0x25205d6435255b20}, sa_mask = {__val = {45253707243635, 0 <repeats 13 times>, 139898620517328, 139898620517584}}, sa_flags = -1349215280, sa_restorer = 0x1000}
        sigs = {__val = {32, 0 <repeats 15 times>}}
#2  0x00007f3cb1e7a508 in __libc_message (action=action at entry=do_abort, fmt=fmt at entry=0x7f3cb1f8528d "%sn") at ../sysdeps/posix/libc_fatal.c:181
        ap = {{gp_offset = 24, fp_offset = 0, overflow_arg_area = 0x7f3caf949ce0, reg_save_area = 0x7f3caf949c70}}
        fd = 2
        list = <optimized out>
        nlist = <optimized out>
        cp = <optimized out>
        written = <optimized out>
#3  0x00007f3cb1e80c1a in malloc_printerr (str=str at entry=0x7f3cb1f870a0 "free(): corrupted unsorted chunks") at malloc.c:5341
#4  0x00007f3cb1e828a2 in _int_free (av=0x7f3ca8000020, p=0x7f3ca8281150, have_lock=<optimized out>) at malloc.c:4348
        size = 992
        fb = <optimized out>
        nextchunk = 0x7f3ca8281530
        nextsize = 48
        nextinuse = <optimized out>
        prevsize = <optimized out>
        bck = 0x7f3ca8000080
        fwd = <optimized out>
        __PRETTY_FUNCTION__ = "_int_free"
#5  0x000055f8df6786fa in __ast_free (ptr=0x7f3ca8281160, file=0x55f8df8d4141 "logger.c", lineno=187, func=0x55f8df8d57b8 <__PRETTY_FUNCTION__.16325> "logmsg_free") at astmm.c:1556
#6  0x000055f8df84e5e3 in logmsg_free (msg=0x7f3ca8281160) at logger.c:187
        __PRETTY_FUNCTION__ = "logmsg_free"
#7  0x000055f8df853c3b in logger_thread (data=0x0) at logger.c:1885
        next = 0x7f3ca84322e0
        msg = 0x7f3ca8281160
        __PRETTY_FUNCTION__ = "logger_thread"
#8  0x000055f8df7fea21 in dummy_start (data=0x55f8e0b63290) at utils.c:1572

> channels: bad ao2 ref causes crash
> ----------------------------------
>
>                 Key: ASTERISK-29846
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-29846
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: General
>    Affects Versions: 18.9.0
>         Environment: Debian 10
>            Reporter: N A
>            Assignee: N A
>
> Currently, Asterisk crashes randomly every few days, not seemingly linked to anything going on at the moment. In fact, prior to this crash, the system was completely idle (no calls) for the previous 34 minutes.
> Here is a backtrace from right before the last crash, useful as it has line numbers:
> 01:35:03 ERROR[13076] : Got 10 backtrace records
> # 0: [0x55ca492928cc] asterisk utils.c:2727 __ast_assert_failed()
> # 1: [0x55ca49109db3] asterisk astobj2.c:212 log_bad_ao2()
> # 2: [0x55ca4910a73a] asterisk astobj2.c:501 __ao2_ref()
> # 3: [0x55ca4917269a] asterisk cli.c:1218 handle_chanlist()
> # 4: [0x55ca4917859f] asterisk cli.c:3020 ast_cli_command_full()
> # 5: [0x55ca49178734] asterisk cli.c:3048 ast_cli_command_multiple_full()
> # 6: [0x55ca49101e0c] asterisk asterisk.c:1424 netconsole()
> # 7: [0x55ca4928fb57] asterisk utils.c:1572 dummy_start()
> # 8: [0x7f257c305fa3] libpthread.so.0 pthread_create.c:487 start_thread()
> # 9: [0x7f257bd994cf] libc.so.6 clone.S:97 clone()



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list