ASTERISK-15632: seg fault in _ast

[Home]

Summary: ASTERISK-15632: seg fault in _ast_calloc at utils.h:462

Reporter: Jens von Bülow (jensvb) Labels:

Date Opened: 2010-02-16 07:22:03.000-0600 Date Closed: 2010-03-08 13:10:18.000-0600

Priority: Critical Regression? No

Status: Closed/Complete Components: Channels/chan_sip/General

Versions: Frequency of
Occurrence

Related
Issues:

Environment: Attachments: ( 0) core.23862.zip

Description: Hi All,

I experienced another crash today.

Regards
Jens

<snip>
#3 0x0000000000525654 in _ast_calloc (num=1, len=7968, file=0x559b74 "astobj2.c", lineno=256, func=0x559f10 "ao2_alloc") at /root/_ast160/asterisk-1.6.0.22/include/asterisk/utils.h:462
p = (void *) 0x420ed012
__PRETTY_FUNCTION__ = "_ast_calloc"
</snip>

****** ADDITIONAL INFORMATION ******

<snip>
Thread 1 (process 23862):
#0 0x0000003dd1e703cb in malloc_consolidate () from /lib64/libc.so.6
No symbol table info available.
#1 0x0000003dd1e72a1a in _int_malloc () from /lib64/libc.so.6
No symbol table info available.
#2 0x0000003dd1e7486d in calloc () from /lib64/libc.so.6
No symbol table info available.
#3 0x0000000000525654 in _ast_calloc (num=1, len=7968, file=0x559b74 "astobj2.c", lineno=256, func=0x559f10 "ao2_alloc") at /root/_ast160/asterisk-1.6.0.22/include/asterisk/utils.h:462
p = (void *) 0x420ed012
__PRETTY_FUNCTION__ = "_ast_calloc"
#4 0x000000000043d0a6 in ao2_alloc (data_size=7560, destructor_fn=0x2aaab5f51b90 <sip_destroy_fn>) at astobj2.c:256
obj = (struct astobj2 *) 0x2aaab5f9112c
__PRETTY_FUNCTION__ = "ao2_alloc"
ASTERISK-1 0x00002aaab5f5711f in sip_alloc (callid=0x420ed06d "660e787d63a1baec07a4d6d2076d7160@192.168.192.20", sin=0x420ecb20, useglobal_nat=1, intended_method=5, req=0x420ecb30) at chan_sip.c:6264
p = (struct sip_pvt *) 0x2aaab61cab00
__PRETTY_FUNCTION__ = "sip_alloc"
ASTERISK-2 0x00002aaab5f59109 in find_call (req=0x420ecb30, sin=0x420ecb20, intended_method=5) at chan_sip.c:6504
p = (struct sip_pvt *) 0x0
tag = 0x2aaab5fb2865 ""
totag = "\200?\016B\001\000\000\000PFf\037", '\0' <repeats 12 times>, "?XR\000\000\000\000\000\t\000\000\000\000\000\000\000PFf\037\000\000\000\000H\016\000\000\000\000\000\000??{\000\000\000\000\000?\034??*\000\000PFf\037\000\000\000\000??\016B\000\000\000\000xnR\000\000\000\000\000?\033?*\000\000?\034??*\000\000PFf\037\000\000\000\000PFf\037\000\000\000"
fromtag = "@?\016B\000\000\000\000?XR\000\000\000\000\0000?\016B\000\000\000\000PFf\037\000\000\000\000H\016\000\000\000\000\000\000??{\000\000\000\000\000@?\016B\000\000\000\000PFf\037\000\000\000\000g?\016B\000\000\000\000g?\016B\000\000\000\000@?\016B\000\000\000\000\211?\016B\000\000\000\000p?\016B\000\000\000\000IL?*\000\000\000\000\000\000\000\000\000\000?XR\000\000\000\000"
callid = 0x420ed06d "660e787d63a1baec07a4d6d2076d7160@192.168.192.20"
from = 0x420ecfdb "\"Kitchen 1\" <sip:nha-jhb@192.168.192.20>;tag=as5c155f36"
to = 0x420ed018 "<sip:0711985707@dana.jhb.dot.local>"
cseq = 0x420ed0a4 "102 INVITE"
__PRETTY_FUNCTION__ = "find_call"
ASTERISK-3 0x00002aaab5f9d444 in handle_request_do (req=0x420ecb30, sin=0x420ecb20) at chan_sip.c:19788
p = (struct sip_pvt *) 0x0
recount = 0
nounlock = 0
lockretry = 10
__PRETTY_FUNCTION__ = "handle_request_do"
ASTERISK-4 0x00002aaab5f9d267 in sipsock_read (id=0x1f64e970, fd=12, events=1, ignore=0x0) at chan_sip.c:19748
req = {
rlPart1 = 0x420ecf60 "INVITE",
rlPart2 = 0x420ecf67 "sip:0711985707@dana.jhb.dot.local",
len = 992,
headers = 15,
method = 5,
lines = 16,
sdp_start = 0,
sdp_count = 0,
debug = 0 '\0',
has_to_tag = 0 '\0',
ignore = 0 '\0',
header = {0x420ecf60 "INVITE", 0x420ecf92 "Via: SIP/2.0/UDP 192.168.192.20:5060;branch=z9hG4bK38d647b1;rport", 0x420ecfd5 "From: \"Kitchen 1\" <sip:nha-jhb@192.168.192.20>;tag=as5c155f36", 0x420ed014 "To: <sip:0711985707@dana.jhb.dot.local>", 0x420ed03d "Contact: <sip:nha-jhb@192.168.192.20>", 0x420ed064 "Call-ID: 660e787d63a1baec07a4d6d2076d7160@192.168.192.20", 0x420ed09e "CSeq: 102 INVITE", 0x420ed0b0 "User-Agent: Asterisk PBX", 0x420ed0ca "Max-Forwards: 70", 0x420ed0dc "Remote-Party-ID: \"Kitchen 1\" <sip:116212173@192.168.192.20>;privacy=off;screen=no", 0x420ed12f "Date: Tue, 16 Feb 2010 12:32:51 GMT", 0x420ed154 "Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO", 0x420ed19e "Supported: replaces", 0x420ed1b3 "Content-Type: application/sdp", 0x420ed1d2 "Content-Length: 343", 0x420ed1e7 "", 0x0 <repeats 48 times>},
line = {0x420ed1e9 "v=0", 0x420ed1ee "o=root 23056 23056 IN IP4 192.168.192.20", 0x420ed218 "s=session", 0x420ed223 "c=IN IP4 192.168.192.20", 0x420ed23c "t=0 0", 0x420ed243 "m=audio 11990 RTP/AVP 8 18 110 3 101", 0x420ed269 "a=rtpmap:8 PCMA/8000", 0x420ed27f "a=rtpmap:18 G729/8000", 0x420ed296 "a=fmtp:18 annexb=no", 0x420ed2ab "a=rtpmap:110 speex/8000", 0x420ed2c4 "a=rtpmap:3 GSM/8000", 0x420ed2d9 "a=rtpmap:101 telephone-event/8000", 0x420ed2fc "a=fmtp:101 0-16", 0x420ed30d "a=silenceSupp:off - - - -", 0x420ed328 "a=ptime:20", 0x420ed334 "a=sendrecv", 0x420ed340 "", 0x0 <repeats 47 times>},
data = "INVITE\000sip:0711985707@dana.jhb.dot.local\000SIP/2.0\000\000Via: SIP/2.0/UDP 192.168.192.20:5060;branch=z9hG4bK38d647b1;rport\000\000From: \"Kitchen 1\" <sip:nha-jhb@192.168.192.20>;tag=as5c155f36\000\000To: <sip:0711985707@"...,
socket = {
type = SIP_TRANSPORT_UDP,
fd = -1,
port = 50195,
tcptls_session = 0x0
},
next = {
next = 0x0
}
}
sin = {
sin_family = 2,
sin_port = 50195,
sin_addr = {
s_addr = 348170432
},
sin_zero = "\000\000\000\000\000\000\000"
}
res = 992
len = 16
__PRETTY_FUNCTION__ = "sipsock_read"
ASTERISK-5 0x00000000004ab19d in ast_io_wait (ioc=0x1f663e10, howlong=272) at io.c:288
res = 1
x = 0
origcnt = 1
ASTERISK-6 0x00002aaab5f9ec96 in do_monitor (data=0x0) at chan_sip.c:20243
res = 272
dialog = (struct sip_pvt *) 0x0
t = 1266323571
reloading = 0
__PRETTY_FUNCTION__ = "do_monitor"
ASTERISK-7 0x0000000000527aa7 in dummy_start (data=0x2aaaac022930) at utils.c:861
__cancel_buf = {
__cancel_jmp_buf = {{
__cancel_jmp_buf = {0, 354520592819571016, 0, 1108275200, 0, 4096, 354520592819570808, 354520591783350736},
__mask_was_saved = 0
}},
__pad = {0x420ee1a0, 0x0, 0x0, 0x0}
}
__cancel_routine = (void (*)(void *)) 0x43144b <ast_unregister_thread>
__cancel_arg = (void *) 0x420ee940
not_first_call = 0
ret = (void *) 0x0
a = {
start_routine = 0x2aaab5f9e99c <do_monitor>,
data = 0x0,
name = 0x2aaaac022990 "do_monitor", ' ' <repeats 11 times>, "started at [20276] chan_sip.c restart_monitor()"
}
lock_info = (struct thr_lock_info *) 0x1f664650
mutex_attr = {
__size = "\001\000\000",
__align = 1
}
ASTERISK-8 0x0000003dd2606617 in start_thread () from /lib64/libpthread.so.0
No symbol table info available.
ASTERISK-9 0x0000003dd1ed3c2d in clone () from /lib64/libc.so.6
No symbol table info available.
--------------------------------------------------------------------------------
[root@dana ~]#
</snip>

Comments: By: Leif Madsen (lmadsen) 2010-02-17 14:07:05.000-0600

Please put large blocks of text as an attachment to an issue, and not inline.
By: David Vossel (dvossel) 2010-02-26 11:18:11.000-0600

Was this just a random crash, or are you able to consistently reproduce it?
By: Jens von Bülow (jensvb) 2010-03-01 01:30:13.000-0600

Hi, I would not use the words "just a random crash" - but yes, it was a random crash that I have not seen again.
By: Russell Bryant (russell) 2010-03-04 09:09:13.000-0600

This is the type of bug that we would need valgrind test results to debug (see doc/valgrind.txt). However, if you're unable to reproduce it, there probably isn't anything we can do.
By: Jens von Bülow (jensvb) 2010-03-04 09:19:55.000-0600

i can't run under valgrind... when I do my server comes to a grinding halt.

Please close the ticket
By: Leif Madsen (lmadsen) 2010-03-08 13:10:17.000-0600

Please feel free to reopen this issue if you're able to reproduce this on a development with valgrind output. Thanks!