Summary:	ASTERISK-10537: revision 85764 introduces crash
Reporter:	Dmitry Andrianov (dimas)	Labels:
Date Opened:	2007-10-15 19:33:52	Date Closed:	2007-10-16 08:16:15
Priority:	Critical	Regression?	No
Status:	Closed/Complete	Components:	Applications/app_queue
Versions:		Frequency of Occurrence
Related Issues:
Environment:		Attachments:
Description:	Rev 85687 works fine, 85764 crashes in app_queue. make clean/distclean does not help. See btfull + valgrind output below. ****** ADDITIONAL INFORMATION ****** (gdb) bt full #0  0x00167402 in __kernel_vsyscall () No symbol table info available. #1  0x41661c00 in raise () from /lib/libc.so.6 No symbol table info available. #2  0x41663451 in abort () from /lib/libc.so.6 No symbol table info available. #3  0x416971fb in __libc_message () from /lib/libc.so.6 No symbol table info available. #4  0x4169ef5d in _int_free () from /lib/libc.so.6 No symbol table info available. ASTERISK-1  0x416a25b0 in free () from /lib/libc.so.6 No symbol table info available. ASTERISK-2  0x00239eea in device_state_thread (data=0x0) at app_queue.c:660        sc = (struct statechange *) 0x97ce8c8 ASTERISK-3  0x080f9fde in dummy_start (data=0x97a5ec0) at utils.c:831        __cancel_buf = {__cancel_jmp_buf = {{__cancel_jmp_buf = {1098625012, 0, -1216058480, -1216060472, 1049792232,        -2129038810}, __mask_was_saved = 0}}, __pad = {0xb7846480, 0x0, 0x0, 0x0}}        __cancel_routine = (void (*)(void *)) 0x8068b9d <ast_unregister_thread>        __cancel_arg = (void *) 0xb7846b90        not_first_call = 0        ret = (void *) 0x0        a = {start_routine = 0x239dec <device_state_thread>, data = 0x0,  name = 0x97ad558 "device_state_thread  started at [ 4695] app_queue.c load_module()"} ASTERISK-4  0x417ac2db in start_thread () from /lib/libpthread.so.0 No symbol table info available. ASTERISK-5  0x4170612e in clone () from /lib/libc.so.6 No symbol table info available. Also, valgrind sees this: ==00:00:01:17.360 2680== Thread 23: ==00:00:01:17.360 2680== Invalid free() / delete / delete[] ==00:00:01:17.360 2680==    at 0x4004FDA: free (vg_replace_malloc.c:233) ==00:00:01:17.361 2680==    by 0x4C40EE9: ??? (app_queue.c:660) ==00:00:01:17.361 2680==    by 0x80F9FDD: dummy_start (utils.c:831) ==00:00:01:17.361 2680==    by 0x417AC2DA: start_thread (in /lib/libpthread-2.5.so) ==00:00:01:17.361 2680==    by 0x4170612D: clone (in /lib/libc-2.5.so) ==00:00:01:17.361 2680==  Address 0x519C860 is 0 bytes inside a block of size 17 free'd ==00:00:01:17.361 2680==    at 0x4004FDA: free (vg_replace_malloc.c:233) ==00:00:01:17.361 2680==    by 0x4C40A1E: ??? (app_queue.c:567) ==00:00:01:17.361 2680==    by 0x4C40EDE: ??? (app_queue.c:658) ==00:00:01:17.361 2680==    by 0x80F9FDD: dummy_start (utils.c:831) ==00:00:01:17.361 2680==    by 0x417AC2DA: start_thread (in /lib/libpthread-2.5.so) ==00:00:01:17.361 2680==    by 0x4170612D: clone (in /lib/libc-2.5.so)
Comments:	By: Andrew Lindh (andrew) 2007-10-15 19:43:15 I posted as bug ASTERISK-10536 too