| Summary: | ASTERISK-08429: Stringfield pool corruption, segmentation fault during free. | ||
| Reporter: | dlu (dlu) | Labels: | |
| Date Opened: | 2006-12-25 11:16:04.000-0600 | Date Closed: | 2007-02-21 15:02:31.000-0600 |
| Priority: | Minor | Regression? | No |
| Status: | Closed/Complete | Components: | Core/General |
| Versions: | Frequency of Occurrence | ||
| Related Issues: | |||
| Environment: | Attachments: | ( 0) gdbinfo.28829 | |
| Description: | Random crash in the core. I attached a backtrace and a show config. I use 1.4.0. Global Settings: ---------------- SIP Port: 5060 Bindaddress: 0.0.0.0 Videosupport: Yes AutoCreatePeer: No Allow unknown access: Yes Allow subscriptions: Yes Allow overlap dialing: Yes Promsic. redir: Yes SIP domain support: No Call to non-local dom.: Yes URI user is phone no: No Our auth realm realm.org Realm. auth: No Always auth rejects: Yes Call limit peers only: No User Agent: Asterisk PBX MWI checking interval: 30 secs Reg. context: (not set) Caller ID: Anonymous From: Domain: xxxxx.xxx Record SIP history: On Call Events: Off IP ToS SIP: CS3 IP ToS RTP audio: EF IP ToS RTP video: AF41 T38 fax pt UDPTL: No RFC2833 Compensation: No SIP realtime: Enabled Global Signalling Settings: --------------------------- Codecs: alaw:20,ulaw:20 T1 minimum: 100 Relax DTMF: Yes Compact SIP headers: No RTP Keepalive: 0 (Disabled) RTP Timeout: 60 RTP Hold Timeout: 300 MWI NOTIFY mime type: application/simple-message-summary DNS SRV lookup: Yes Pedantic SIP support: Yes Reg. min duration 60 secs Reg. max duration: 3600 secs Reg. default duration: 60 secs Outbound reg. timeout: 60 secs Outbound reg. attempts: 5 Notify ringing state: Yes Notify hold state: No SIP Transfer mode: open Max Call Bitrate: 384 kbps Auto-Framing: No Default Settings: ----------------- Context: incoming Nat: RFC3581 DTMF: auto Qualify: 0 Use ClientCode: Yes Progress inband: Yes Language: de MOH Interpret: default MOH Suggest: Voice Mail Extension: vmail Realtime SIP Settings: ---------------------- Realtime Peers: Yes Realtime Users: Yes Cache Friends: Yes Update: No Ignore Reg. Expire: No Save sys. name: No Auto Clear: 120 (gdb) bt full #0 0xb7238744 in __sip_destroy (p=0x8782ed0, lockowner=1) at chan_sip.c:2950 this = (struct ast_string_field_pool *) 0x14ae0400 prev = <value optimized out> cur = <value optimized out> cp = (struct sip_pkt *) 0x0 __PRETTY_FUNCTION__ = "__sip_destroy" #1 0xb7249988 in __sip_autodestruct (data=0x8782ed0) at chan_sip.c:3081 p = (struct sip_pvt *) 0x14ae0400 __PRETTY_FUNCTION__ = "__sip_autodestruct" #2 0x080e1011 in ast_sched_runq (con=0x81bebf8) at sched.c:358 numevents = 0 res = <value optimized out> #3 0xb7251562 in do_monitor (data=0x0) at chan_sip.c:14863 prev = <value optimized out> res = 0 sip = <value optimized out> t = 1167051329 fastrestart = 0 lastpeernum = -1 curpeernum = 5300 reloading = <value optimized out> __PRETTY_FUNCTION__ = "do_monitor" #4 0x080ebdeb in dummy_start (data=0x81c1ef8) at utils.c:545 __cancel_buf = {__cancel_jmp_buf = {{__cancel_jmp_buf = {136060680, 0, 0, -1222507416, -425608198, 1502413374}, __mask_was_saved = 0}}, __pad = {0xb72204a0, 0x0, 0x0, 0x0}} __cancel_arg = (void *) 0xb7220ba0 not_first_call = <value optimized out> ret = <value optimized out> ASTERISK-1 0xb7f8d34b in start_thread () from /lib/libpthread.so.0 No symbol table info available. ASTERISK-2 0xb7dba65e in clone () from /lib/libc.so.6 No symbol table info available. We have 4-5 crashes in 6 hours. Many thanks | ||
| Comments: | By: Joshua C. Colp (jcolp) 2006-12-25 21:53:07.000-0600 Would it be possible to get access to the box where the core file is? I need to examine the data structure for the stringfield pool. Thanks! By: dlu (dlu) 2006-12-27 09:53:02.000-0600 sorry i cant obtain access but if you tell me what i must do i provide you the requested data. By: Corne Cornelius (nobbie) 2007-01-24 14:04:55.000-0600 I seem to have encountered the same problem. Files attached: gdbinfo.28829 (backtrace info) core.28829.bz (core file) i used the asterisk-1.4.0.tar.gz file for compilation. Seems to be new SVN r48906 Unfortunately the DONT_OPTIMIZE and THREAD_DEBUG weren't enabled, i read about them too late. my asterisk log file was truncated so no log output. #0 0x00e849f7 in __sip_destroy (p=0x96a2f30, lockowner=1) at chan_sip.c:2950 2950 ast_string_field_free_pools(p); (gdb) bt #0 0x00e849f7 in __sip_destroy (p=0x96a2f30, lockowner=1) at chan_sip.c:2950 #1 0x00e9ee96 in __sip_autodestruct (data=0x96a2f30) at chan_sip.c:3081 #2 0x080e5cba in ast_sched_runq (con=0x9634ba8) at sched.c:358 #3 0x00ecbd5b in do_monitor (data=0x0) at chan_sip.c:14863 #4 0x080f1995 in dummy_start (data=0x96a2f30) at utils.c:545 ASTERISK-1 0x00d3d3ae in start_thread () from /lib/tls/libpthread.so.0 ASTERISK-2 0x00c96aee in clone () from /lib/tls/libc.so.6 By: Corne Cornelius (nobbie) 2007-01-24 14:16:21.000-0600 mmm, the core upload failed and would probably have been useless on it's own. anything else i can do ? By: Olle Johansson (oej) 2007-01-25 11:35:38.000-0600 Can you please check with the latest 1.4 from svn, not the 1.4.0 release? Thanks. By: dlu (dlu) 2007-01-31 19:22:26.000-0600 hi olle. we will do it for a few hours in our productivity environment. please tell me what compilersettings for possible cores you need i switch on. By: Serge Vecher (serge-v) 2007-02-05 10:39:00.000-0600 dlu, we need DONT_OPTIMIZE to be enabled -- this doesn't should be safe for production environments; not sure about THREAD_DEBUG. By: Serge Vecher (serge-v) 2007-02-21 15:02:30.000-0600 no response for two weeks; please reopen if this is still an issue with the latest 1.4 svn branch. | ||