| Summary: | ASTERISK-11462: Asterisk crashes on dial_exec_full | ||
| Reporter: | Abhay Gupta (agupta) | Labels: | |
| Date Opened: | 2008-02-18 08:41:01.000-0600 | Date Closed: | 2008-03-13 12:45:42 |
| Priority: | Critical | Regression? | No |
| Status: | Closed/Complete | Components: | Core/General |
| Versions: | Frequency of Occurrence | ||
| Related Issues: | |||
| Environment: | Attachments: | ( 0) asterisk_reloading.txt ( 1) btfull.txt ( 2) core07mar.txt ( 3) reloadbtfull.txt | |
| Description: | Asterisk Crashes intermittently after 2-3 hours of calling . There is corruption on some variables and opt_args is out of bounds . 0x00710c49 in dial_exec_full (chan=0x99e3b90, data=0xb760cf48, peerflags=0xb760ae14, continue_exec=0x0) at app_dial.c:1334 res = 0 u = (struct ast_module_user *) 0x9a02b90 rest = 0x0 cur = 0x0 outgoing = (struct dial_localuser *) 0x9a6e9f0 peer = (struct ast_channel *) 0x813bcd6 to = -1 numbusy = 0 numcongestion = 0 numnochan = 0 cause = 0 numsubst = "g1/9873225386\000`·|¬`·ô¯[\000\\«`·D`·H¬`·dÏM\000\\«`·W\213\024\b\224¬`·D`·\000\000\000\000ü«`·O\000\000\000\001\200ûD`·D`·D`·D`·_`·\223`·D`·\223`·", '\0' <repeats 20 times>, "À´[\000\000\000\000\000/øM\000\000\000\000ÿ\000\000\000\000\036\001N\000À´[\000\000 û4:\000\000\000\000\000\000\000ô¯[\000\000\000\0004ÿÿÿÿ\004¬`·\034÷M\000À´[\000ÿÿÿÿ\037\000\000\000\037\000\000\000\033 û·\001\000\000\000(¬"... cidname = '\0' <repeats 79 times> privdb_val = 0 calldurationlimit = 0 timelimit = 0 play_warning = 0 warning_freq = 0 warning_sound = 0x0 end_sound = 0x0 start_sound = 0x0 dtmfcalled = 0x0 dtmfcalling = 0x0 status = "NOANSWER\000GS", '\0' <repeats 244 times> play_to_caller = 0 play_to_callee = 0 sentringing = 1 moh = 0 outbound_group = 0x0 result = 0 start_time = 1203336508 privintro = "m\213\024\bW\213\024\b\006\000\000\000\n", '\0' <repeats 15 times>, "\n\000\000\000¢ª`·", '\0' <repeats 12 times>, "\003!N", '\0' <repeats 13 times>, "\001\000\000\000ؼ\023\b\000\000\000\000'O§\tô¯[\000L¬`·ä]\022\b(¬`·ï§K\000L¬`·Ö¼\023\b\002\000\000\000\001\000\000\000\003\f\024\b\000\000\000\000%O§\tô¯[\000\001\f\024\b\002\000\000\000\000¬`·²¯K\000|¬`·\001\f\024\b\002", '\0' <repeats 15 times>, " ¬`·Ç«K\000²Î`·´«`·0¬`·à¬`·m\213\024\bÄ«`·\020Ï`·\000\000\000\000k\213\024"... privcid = "ô¯[\000\000\000\000\000ÿÿÿÿ\033\000\000\000m\213\024\bW\213\024\b\006\000\000\000\n", '\0' <repeats 15 times>, "\n\000\000\000²©`·", '\0' <repeats 12 times>, "\003!N", '\0' <repeats 17 times>, "m\213\024\b\000\000\000\000_`·ô¯[\000l\213\024\b\001\000\000\0008«`·²¯K\000\\«`·l\213\024\b\001\000\000\000\000\000\000\000¡)\024\b\002\000\000\000X«`·Ç«K\000|«`·¡)\024\b\020«`·\000\000\000\000\224\n\023\b¤ª`·\n\000\000\000Ç«K\000\000\000\000\000\000\000\000\0000«`·Ø«`·\000\000\000\000(\000\000\000\000\000\000\000ð«`·", '\0' <repeats 16 times>... parse = 0xb760a020 "Zap" opermode = 0 args = {argc = 3, argv = 0xb760a4a8, peers = 0xb760a020 "Zap", timeout = 0xb760a032 "", options = 0xb760a033 "o", url = 0x0} opts = {flags = 16384} opt_args = {0x0, 0x0, 0x0, 0x0, 0x0, 0x28 <Address 0x28 out of bounds>, 0x0, 0xb760ab00 "", 0x0} datastore = (struct ast_datastore *) 0x9a57210 fulldial = 0 num_dialed = 1 __PRETTY_FUNCTION__ = "dial_exec_full" ****** ADDITIONAL INFORMATION ****** All bt , bt full and threads apply all bt full is attached . | ||
| Comments: | By: Russell Bryant (russell) 2008-02-18 14:50:05.000-0600 Try valgrind. There are some instructions in doc/valgrind.txt By: Abhay Gupta (agupta) 2008-02-19 04:02:56.000-0600 Server gets held up with load more than 100 in top with valgrind .Please suggest some other way to diagnose. By: Abhay Gupta (agupta) 2008-02-23 02:21:30.000-0600 I am seeing these issues by lot of people and seems bug marshals are more interested in closing those issues rather than solving . Like http://bugs.digium.com/view.php?id=12035 by slavon which is closed in two days when all of us are having the same issue on loaded servers . I would suggest this ticket to be used to share the information and lets try to come to a solution to fix these segmentation faults . By: Abhay Gupta (agupta) 2008-02-23 02:36:11.000-0600 There is another segmentation fault which came while issuing the reload command . The CLI output and bt , bt full is attached . Again this is only this time that this error has come , otherwise reload works well . This if you see is again address out of bounds . By: Abhay Gupta (agupta) 2008-02-25 07:49:47.000-0600 (gdb) bt full #0 0x0808172e in ast_queue_frame (chan=0x92f6e70, fin=0x924059c) at channel.c:907 f = (struct ast_frame *) 0xb5e6d920 cur = (struct ast_frame *) 0x48 blah = 1 qlen = 1 __PRETTY_FUNCTION__ = "ast_queue_frame" Can anyone guide me and tell is this pointer address of cur as 0*48 a valid address . If it is corrupted than how can this happen . By: Abhay Gupta (agupta) 2008-02-26 02:33:38.000-0600 Again a core dump . And again i think the same ast_queue_frame and same pointer cur seems corrupt . Program terminated with signal 11, Segmentation fault. #0 0x080816da in ast_queue_frame (chan=0x929eee8, fin=0x9374a94) at channel.c:900 900 if ((cur = AST_LIST_LAST(&chan->readq)) && (cur->frametype == AS T_FRAME_CONTROL) && (cur->subclass == AST_CONTROL_HANGUP)) { (gdb) bt full #0 0x080816da in ast_queue_frame (chan=0x929eee8, fin=0x9374a94) at channel.c:900 f = (struct ast_frame *) 0xb6a22d40 cur = (struct ast_frame *) 0x63 blah = 1 qlen = 0 __PRETTY_FUNCTION__ = "ast_queue_frame" By: Abhay Gupta (agupta) 2008-03-01 00:06:15.000-0600 upgrading the server with all the patches till today for autoservice.c and will check if it resolves these crashes By: Abhay Gupta (agupta) 2008-03-07 02:32:39.000-0600 new core dump attached . Even after svn upgrade the problem remains . By: Abhay Gupta (agupta) 2008-03-13 12:07:15 This bug is resolved in the latest SVN . so please close this . By: Donny Kavanagh (donnyk) 2008-03-13 12:45:41 Bug reporter has reported the issue fixed in latest SVN. Closed. | ||