| Summary: | ASTERISK-11260: Asterisk Crashes while trying to destroy something | ||
| Reporter: | Frank Waller (explidous) | Labels: | |
| Date Opened: | 2008-01-18 08:48:46.000-0600 | Date Closed: | 2008-01-18 15:35:37.000-0600 |
| Priority: | Minor | Regression? | No |
| Status: | Closed/Complete | Components: | |
| Versions: | Frequency of Occurrence | ||
| Related Issues: | |||
| Environment: | Attachments: | ( 0) back_trace | |
| Description: | After about two minutes Asterisk is crashing in the destroy function. Destroy is being called by ast_translate_frame_freed so most likely this is when trying to free a frame. I am running Vicidial (a predictive dialer) on this server with twenty agents and dialing at a ratio of four to one. This means that there are twenty channels waiting in twenty meetmes and the server is dialing 80 numbers via IAX to another XEN server on the same box. When a number connects they get placed into one of the meetmes. ****** STEPS TO REPRODUCE ****** I am able to reproduce this by simply Asterisk under moderately high load. | ||
| Comments: | By: Digium Subversion (svnbot) 2008-01-18 15:19:56.000-0600 Repository: asterisk Revision: 99079 U branches/1.4/include/asterisk/translate.h ------------------------------------------------------------------------ r99079 | russell | 2008-01-18 15:19:52 -0600 (Fri, 18 Jan 2008) | 4 lines Since we're relying on the offset between the frame and the beginning of the translator pvt struct, set the packed attribute to make sure we get to the right place. (potential fix for issue ASTERISK-11260) ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=99079 By: Digium Subversion (svnbot) 2008-01-18 15:21:36.000-0600 Repository: asterisk Revision: 99080 _U trunk/ U trunk/include/asterisk/translate.h ------------------------------------------------------------------------ r99080 | russell | 2008-01-18 15:21:35 -0600 (Fri, 18 Jan 2008) | 12 lines Merged revisions 99079 via svnmerge from https://origsvn.digium.com/svn/asterisk/branches/1.4 ........ r99079 | russell | 2008-01-18 15:22:21 -0600 (Fri, 18 Jan 2008) | 4 lines Since we're relying on the offset between the frame and the beginning of the translator pvt struct, set the packed attribute to make sure we get to the right place. (potential fix for issue ASTERISK-11260) ........ ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=99080 By: Russell Bryant (russell) 2008-01-18 15:28:21.000-0600 You can give that last change a try, but I'm not actually that confident that it is going to help ... Can you run these gdb commands? (gdb) frame 2 (gdb) p fr->src By: Digium Subversion (svnbot) 2008-01-18 15:34:52.000-0600 Repository: asterisk Revision: 99081 U branches/1.4/include/asterisk/translate.h U branches/1.4/main/frame.c ------------------------------------------------------------------------ r99081 | russell | 2008-01-18 15:34:51 -0600 (Fri, 18 Jan 2008) | 9 lines Revert adding the packed attribute, as it really doesn't make sense why that would do any good. Fix the real bug, which is to do the check to see if the frame came from a translator at the beginning of ast_frame_free(), instead of at the end. This ensures that it always gets checked, even if none of the parts of the frame are malloc'd, and also ensures that we aren't looking at free'd memory in the case that it is a malloc'd frame. (closes issue ASTERISK-11260, reported by explidous, patched by me) ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=99081 By: Digium Subversion (svnbot) 2008-01-18 15:35:37.000-0600 Repository: asterisk Revision: 99082 _U trunk/ U trunk/include/asterisk/translate.h U trunk/main/frame.c ------------------------------------------------------------------------ r99082 | russell | 2008-01-18 15:35:33 -0600 (Fri, 18 Jan 2008) | 17 lines Merged revisions 99081 via svnmerge from https://origsvn.digium.com/svn/asterisk/branches/1.4 ........ r99081 | russell | 2008-01-18 15:37:21 -0600 (Fri, 18 Jan 2008) | 9 lines Revert adding the packed attribute, as it really doesn't make sense why that would do any good. Fix the real bug, which is to do the check to see if the frame came from a translator at the beginning of ast_frame_free(), instead of at the end. This ensures that it always gets checked, even if none of the parts of the frame are malloc'd, and also ensures that we aren't looking at free'd memory in the case that it is a malloc'd frame. (closes issue ASTERISK-11260, reported by explidous, patched by me) ........ ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=99082 | ||