| Summary: | ASTERISK-18915: Crash on duplicate free in chan_iax2 scheduler | ||
| Reporter: | Dan Collins (dcollins0) | Labels: | |
| Date Opened: | 2011-11-23 11:03:40.000-0600 | Date Closed: | 2011-11-29 13:42:13.000-0600 |
| Priority: | Major | Regression? | |
| Status: | Closed/Complete | Components: | Channels/chan_iax2 |
| Versions: | 1.4.40 | Frequency of Occurrence | Occasional |
| Related Issues: | |||
| Environment: | Attachments: | ( 0) iax2_crash_backtrace.txt | |
| Description: | We're seeing periodic crashes in production related to duplicate frees of frames in the iax2 scheduler thread (__attempt_transmit). It seems like the scheduler thread is marking retries as negative on a packet for a hungup call. Then network thread is waking up and, seeing that retries is negative, removing and freeing the frame from the queue. When the scheduler is able to obtain the queue lock it frees the frame again, causing a crash. | ||
| Comments: | By: Dan Collins (dcollins0) 2011-11-23 11:04:56.461-0600 non-optimized backtrace from core By: Leif Madsen (lmadsen) 2011-11-29 13:41:57.125-0600 Per the Asterisk maintenance timeline page at http://www.asterisk.org/asterisk-versions maintenance (bug) support for the 1.4 and 1.6.x branches has ended. For continued maintenance support please move to the 1.8 branch which is a long term support (LTS) branch. For more information about branch support, please see https://wiki.asterisk.org/wiki/display/AST/Asterisk+Versions. After testing with Asterisk 1.8, if you find this problem has not been resolved, please open a new issue against Asterisk 1.8. | ||