Summary: | ASTERISK-13576: asterisk segfault in AST_LIST_TRAVERSE_SAFE_BEGIN | ||
Reporter: | yxbstorm (yxbstorm) | Labels: | |
Date Opened: | 2009-02-12 19:06:19.000-0600 | Date Closed: | 2009-04-13 13:38:15 |
Priority: | Critical | Regression? | No |
Status: | Closed/Complete | Components: | Core/General |
Versions: | Frequency of Occurrence | ||
Related Issues: | |||
Environment: | Attachments: | ( 0) core02.txt ( 1) core1.txt | |
Description: | Bt full attached. Core was generated by `/usr/sbin/asterisk -f -U asterisk -G asterisk -vvvg -c'. Program terminated with signal 11, Segmentation fault. #0 0x080f712f in ast_sched_del (con=0x9a02c00, id=1308395) at sched.c:267 267 AST_LIST_TRAVERSE_SAFE_BEGIN(&con->schedq, s, list) { (gdb) bt full #0 0x080f712f in ast_sched_del (con=0x9a02c00, id=1308395) at sched.c:267 __list_next = (struct sched *) 0x63746e75 __list_prev = (struct sched *) 0xb7e08ef0 __new_prev = (struct sched *) 0x63746e75 s = (struct sched *) 0x63746e75 __PRETTY_FUNCTION__ = "ast_sched_del" #1 0x00be3053 in parse_register_contact (pvt=0x9b50b90, peer=0x9a48c58, req=0xba0050) at chan_sip.c:8476 _count = 0 _sched_res = -1 contact = "<sip:82810\000172.172.172.122\0005060\000\000s?\000\000\000\000\000\000\000\000??\000\000\000\000f71a025ffa294d16f189f5d9b414269d", '\0' <repeats 224 times>, "f3d271eb24e11e40f72246fcfedc1f3b", '\0' <repeats 124 times>, "qS-\000\000\000\000\000\000\000\000\000ld-\000\000\000\000\000\000\000\000\000\001\000\000\000\000\000\000\000??000X\214?t??t?? data = "6b93", '\0' <repeats 224 times>, "REGISTER:sip:172.172.172.2", '\0' <repeats 257 times> expires = 0xba045d "60" expiry = 60 curi = 0xb9f9b9 "82810" n = 0xb9f9bf "172.172.172.122" pt = 0xb9f9cf "5060" port = 5060 useragent = 0x9a02c00 "\001" hp = (struct hostent *) 0xb9f394 ahp = {hp = {h_name = 0x0, h_aliases = 0x0, h_addrtype = 2, h_length = 0, h_addr_list = 0xb9f3a8}, buf = "??000??", '\0' <repeats 1015 times>} oldsin = {sin_family = 2, sin_port = 50195, sin_addr = {s_addr = 2058136748}, sin_zero = "\000\000\000\000\000\000\000"} testsin = {sin_family = 0, sin_port = 0, sin_addr = {s_addr = 2058136748}, sin_zero = "\000\000\000\000\000\000\000"} __PRETTY_FUNCTION__ = "parse_register_contact" #2 0x00be4f55 in register_verify (p=0x9b50b90, sin=0xba0040, req=0xba0050, uri=0xba0275 "sip:172.172.172.2") at chan_sip.c:8977 res = AUTH_SUCCESSFUL peer = (struct sip_peer *) 0x9a48c58 tmp = "<sip:82810\000172.172.172.2\000\000?000\000\000\000\000\004?\000\000\000\000\000\000\000\000\000?B\000\000\000\000\000\000\000\000\000m?\000,?\000\230\r?t\227\016?tL?\000?B\000,?\000\230\r?t\030?\000?2154\000,?\000\217/?000L?\000\230\r?t\000\000\000\000??000?\000\000\000\001\200?\230\r?t\230\r?t\230\r?t\230\r?t?r?t\227\016?t\230\r?t\227\016?t", '\0' <repeats 20 times>, "S\231?, '\0' <repeats 17 times>, "W\003?000`\003?000R\003?000R\003?000\000"... name = 0xb9fcb5 "82810" c = 0x0 t = 0xba0286 "" domain = 0xb9fcbb "172.172.172.2" __PRETTY_FUNCTION__ = "register_verify" #3 0x00c06dc9 in handle_request_register (p=0x9b50b90, req=0xba0050, sin=0xba0040, e=0xba0275 "sip:172.172.172.2") at chan_sip.c:15839 reason = 0xb9fe4c "u\002? res = 12726159 __PRETTY_FUNCTION__ = "handle_request_register" #4 0x00c07cce in handle_request (p=0x9b50b90, req=0xba0050, sin=0xba0040, recount=0xba0034, nounlock=0xba0038) at chan_sip.c:16068 cmd = 0xba026c "REGISTER" cseq = 0xba0352 "32220 REGISTER" useragent = 0xba044c "SIP UA" seqno = 32220 len = 5 | ||
Comments: | By: yxbstorm (yxbstorm) 2009-02-12 19:15:50.000-0600 (gdb) p *s Cannot access memory at address 0x63746e75 (gdb) p *__list_next Cannot access memory at address 0x63746e75 (gdb) p *__list_prev $1 = {list = {next = 0x63746e75}, id = 744842351, when = {tv_sec = 1902734965, tv_usec = 1684628853}, resched = 1702065452, variable = 1701406322, data = 0x662c646c, callback = 0x20296565} By: Mark Michelson (mmichelson) 2009-02-12 19:31:06.000-0600 First off, it appears that you are not actually using 1.4.23, since line 8476 of chan_sip.c is not a call to ast_sched_del or AST_SCHED_DEL. I'm assuming you are actually using an SVN checkout of the 1.4 branch. What revision are you using? Are any custom patches applied? In addition, this sort of problem is indicative of memory corruption. Could you reproduce this problem while running Asterisk under Valgrind? Please see doc/valgrind.txt for details. Thanks! By: jangjun21 (jangjun21) 2009-02-12 20:09:31.000-0600 my asterisk version is asterisk-1.4.23.1 By: Joshua C. Colp (jcolp) 2009-03-02 14:56:07.000-0600 Per mmichelson's last question can you please see if you can reproduce this under valgrind? By: Leif Madsen (lmadsen) 2009-04-13 13:38:15 Suspended due to lack of activity. Please request a bug marshal in #asterisk-bugs on the IRC network irc.freenode.net to reopen the issue should you have the additional information requested. Further information can be found at http://www.asterisk.org/developers/bug-guidelines |