Summary:	ASTERISK-13576: asterisk segfault in AST_LIST_TRAVERSE_SAFE_BEGIN
Reporter:	yxbstorm (yxbstorm)	Labels:
Date Opened:	2009-02-12 19:06:19.000-0600	Date Closed:	2009-04-13 13:38:15
Priority:	Critical	Regression?	No
Status:	Closed/Complete	Components:	Core/General
Versions:		Frequency of Occurrence
Related Issues:
Environment:		Attachments:	( 0) core02.txt ( 1) core1.txt
Description:	Bt full attached. Core was generated by `/usr/sbin/asterisk -f -U asterisk -G asterisk -vvvg -c'. Program terminated with signal 11, Segmentation fault. #0  0x080f712f in ast_sched_del (con=0x9a02c00, id=1308395) at sched.c:267 267             AST_LIST_TRAVERSE_SAFE_BEGIN(&con->schedq, s, list) { (gdb) bt full #0  0x080f712f in ast_sched_del (con=0x9a02c00, id=1308395) at sched.c:267        __list_next = (struct sched *) 0x63746e75        __list_prev = (struct sched *) 0xb7e08ef0        __new_prev = (struct sched *) 0x63746e75        s = (struct sched *) 0x63746e75        __PRETTY_FUNCTION__ = "ast_sched_del" #1  0x00be3053 in parse_register_contact (pvt=0x9b50b90, peer=0x9a48c58, req=0xba0050) at chan_sip.c:8476        _count = 0        _sched_res = -1        contact = "<sip:82810\000172.172.172.122\0005060\000\000s?\000\000\000\000\000\000\000\000??\000\000\000\000f71a025ffa294d16f189f5d9b414269d", '\0' <repeats 224 times>, "f3d271eb24e11e40f72246fcfedc1f3b", '\0' <repeats 124 times>, "qS-\000\000\000\000\000\000\000\000\000ld-\000\000\000\000\000\000\000\000\000\001\000\000\000\000\000\000\000??000X\214?t??t??        data = "6b93", '\0' <repeats 224 times>, "REGISTER:sip:172.172.172.2", '\0' <repeats 257 times>        expires = 0xba045d "60"        expiry = 60        curi = 0xb9f9b9 "82810"        n = 0xb9f9bf "172.172.172.122"        pt = 0xb9f9cf "5060"        port = 5060        useragent = 0x9a02c00 "\001"        hp = (struct hostent *) 0xb9f394        ahp = {hp = {h_name = 0x0, h_aliases = 0x0, h_addrtype = 2, h_length = 0, h_addr_list = 0xb9f3a8},  buf = "??000??", '\0' <repeats 1015 times>}        oldsin = {sin_family = 2, sin_port = 50195, sin_addr = {s_addr = 2058136748}, sin_zero = "\000\000\000\000\000\000\000"}        testsin = {sin_family = 0, sin_port = 0, sin_addr = {s_addr = 2058136748}, sin_zero = "\000\000\000\000\000\000\000"}        __PRETTY_FUNCTION__ = "parse_register_contact" #2  0x00be4f55 in register_verify (p=0x9b50b90, sin=0xba0040, req=0xba0050, uri=0xba0275 "sip:172.172.172.2") at chan_sip.c:8977        res = AUTH_SUCCESSFUL        peer = (struct sip_peer *) 0x9a48c58        tmp = "<sip:82810\000172.172.172.2\000\000?000\000\000\000\000\004?\000\000\000\000\000\000\000\000\000?B\000\000\000\000\000\000\000\000\000m?\000,?\000\230\r?t\227\016?tL?\000?B\000,?\000\230\r?t\030?\000?2154\000,?\000\217/?000L?\000\230\r?t\000\000\000\000??000?\000\000\000\001\200?\230\r?t\230\r?t\230\r?t\230\r?t?r?t\227\016?t\230\r?t\227\016?t", '\0' <repeats 20 times>, "S\231?, '\0' <repeats 17 times>, "W\003?000`\003?000R\003?000R\003?000\000"...        name = 0xb9fcb5 "82810"        c = 0x0        t = 0xba0286 ""        domain = 0xb9fcbb "172.172.172.2"        __PRETTY_FUNCTION__ = "register_verify" #3  0x00c06dc9 in handle_request_register (p=0x9b50b90, req=0xba0050, sin=0xba0040, e=0xba0275 "sip:172.172.172.2") at chan_sip.c:15839        reason = 0xb9fe4c "u\002?        res = 12726159        __PRETTY_FUNCTION__ = "handle_request_register" #4  0x00c07cce in handle_request (p=0x9b50b90, req=0xba0050, sin=0xba0040, recount=0xba0034, nounlock=0xba0038) at chan_sip.c:16068        cmd = 0xba026c "REGISTER"        cseq = 0xba0352 "32220 REGISTER"        useragent = 0xba044c "SIP UA"        seqno = 32220        len = 5
Comments:	By: yxbstorm (yxbstorm) 2009-02-12 19:15:50.000-0600 (gdb) p *s Cannot access memory at address 0x63746e75 (gdb) p *__list_next Cannot access memory at address 0x63746e75 (gdb) p *__list_prev $1 = {list = {next = 0x63746e75}, id = 744842351, when = {tv_sec = 1902734965, tv_usec = 1684628853}, resched = 1702065452,  variable = 1701406322, data = 0x662c646c, callback = 0x20296565} By: Mark Michelson (mmichelson) 2009-02-12 19:31:06.000-0600 First off, it appears that you are not actually using 1.4.23, since line 8476 of chan_sip.c is not a call to ast_sched_del or AST_SCHED_DEL. I'm assuming you are actually using an SVN checkout of the 1.4 branch. What revision are you using? Are any custom patches applied? In addition, this sort of problem is indicative of memory corruption. Could you reproduce this problem while running Asterisk under Valgrind? Please see doc/valgrind.txt for details. Thanks! By: jangjun21 (jangjun21) 2009-02-12 20:09:31.000-0600 my asterisk version is asterisk-1.4.23.1 By: Joshua C. Colp (jcolp) 2009-03-02 14:56:07.000-0600 Per mmichelson's last question can you please see if you can reproduce this under valgrind? By: Leif Madsen (lmadsen) 2009-04-13 13:38:15 Suspended due to lack of activity. Please request a bug marshal in #asterisk-bugs on the IRC network irc.freenode.net to reopen the issue should you have the additional information requested. Further information can be found at http://www.asterisk.org/developers/bug-guidelines