ASTERISK-29984: Crash in stasis_message_dtor on ast_json

[Home]

Summary: ASTERISK-29984: Crash in stasis_message_dtor on ast_json_free

Reporter: Kevin Harwell (kharwell) Labels:

Date Opened: 2022-03-24 11:56:51 Date Closed:

Priority: Minor Regression? No

Status: Open/New Components: Core/Stasis

Versions: GIT Frequency of
Occurrence Occasional

Related
Issues:
is related to ASTERISK-25382 segfault in ast_json_free (p=0x77f9d88555b8) at json.c:190

is related to ASTERISK-26590 Inconsistent crashes in ast_json_free at json.c

Environment: Attachments: ( 0) archive.zip

Description: Jenkins caught a crash:
{noformat}
Running tests/channels/pjsip/basic_calls/two_parties/nominal/two_servers ... [Mar 24 15:55:06] WARNING[11463]: asterisk.asterisk:246 errReceived: Asterisk 127.0.0.1 received error: WARNING: Memory corrupted after free of 0x2aee140 allocated at stasis.c publish_msg() line 1453 Core dumps detected; test was already failed
{noformat}
Thread 1:
{noformat}
Thread 1 (Thread 0x7f079d1f98c0 (LWP 11474)):
#0 0x00007f0799db9337 in raise () at /lib64/libc.so.6
#1 0x00007f0799dbaa28 in abort () at /lib64/libc.so.6
#2 0x00000000005ebbf3 in ast_do_crash () at utils.c:2703
#3 0x0000000000463cb5 in my_do_crash () at astmm.c:230
#4 0x000000000046402d in region_data_check (reg=0x2aee0b0) at astmm.c:320
#5 0x00000000004641cd in region_free (freed=0xa4c460 <whales>, reg=0x2ae0160) at astmm.c:374
#6 0x00000000004645b7 in __ast_free (ptr=0x2ae01f0, file=0x742c84 "json.c", lineno=54, func=0x743070 <__PRETTY_FUNCTION__.13663> "ast_json_free") at astmm.c:478
#7 0x000000000051769a in ast_json_free (p=0x2ae01f0) at json.c:54
#8 0x0000000000665b33 in jsonp_free (ptr=0x2ae01f0) at memory.c:34
#9 0x0000000000663066 in hashtable_close (hashtable=0x2ba5af0) at hashtable.c:195
#10 0x0000000000669120 in json_delete_object (object=0x2ba5ae0) at value.c:85
#11 0x000000000066b1b0 in json_delete (json=0x2ba5ae0) at value.c:1000
#12 0x0000000000517648 in json_decref (json=0x2ba5ae0) at /srv/jenkins/workspace/Asterisk_Gates_master/third-party/jansson/dest/include/jansson.h:133
#13 0x000000000051770c in ast_json_unref (json=0x2ba5ae0) at json.c:75
#14 0x0000000000518c56 in json_payload_destructor (obj=0x2b413e0) at json.c:732
#15 0x00000000004682ca in __ao2_ref (user_data=0x2b413e0, delta=-1, tag=0x0, file=0x763fb0 "stasis_message.c", line=137, func=0x764030 <__PRETTY_FUNCTION__.9550> "stasis_message_dtor") at astobj2.c:615
#16 0x00000000004685d4 in __ao2_cleanup_debug (obj=0x2b413e0, tag=0x0, file=0x763fb0 "stasis_message.c", line=137, function=0x764030 <__PRETTY_FUNCTION__.9550> "stasis_message_dtor") at astobj2.c:673
#17 0x00000000005bba86 in stasis_message_dtor (obj=0x2b414a8) at stasis_message.c:137
#18 0x00000000004682ca in __ao2_ref (user_data=0x2b414a8, delta=-1, tag=0x0, file=0x73f878 "file.c", line=95, func=0x7401f3 <__PRETTY_FUNCTION__.17039> "_dtor_msg") at astobj2.c:615
#19 0x00000000004685d4 in __ao2_cleanup_debug (obj=0x2b414a8, tag=0x0, file=0x73f878 "file.c", line=95, function=0x7401f3 <__PRETTY_FUNCTION__.17039> "_dtor_msg") at astobj2.c:673
#20 0x00000000004fdac7 in _dtor_msg (v=0x7fffa3d128c8) at file.c:95
#21 0x00000000004fdbd6 in publish_format_update (f=0x7f0724297238 <f_def+344>, type=0x1c102f8) at file.c:95
#22 0x00000000004fde6d in __ast_format_def_register (f=0x7f0724297238 <f_def+344>, mod=0x1396a40) at file.c:157
#23 0x00007f0724095571 in load_module () at format_g726.c:275
#24 0x000000000051d930 in start_resource (mod=0x1396a40) at loader.c:1713
#25 0x000000000051e304 in start_resource_attempt (mod=0x1396a40, count=0x7fffa3d12ccc) at loader.c:1889
#26 0x000000000051ecaa in start_resource_list (resources=0x7fffa3d12cd0, mod_count=0x7fffa3d12ccc) at loader.c:1986
#27 0x000000000051fa35 in load_resource_list (load_order=0x7fffa3d12e90, mod_count=0x7fffa3d12e8c) at loader.c:2168
#28 0x00000000005203f9 in load_modules () at loader.c:2391
#29 0x00000000004635bf in asterisk_daemon (isroot=1, runuser=0x0, rungroup=0x0) at asterisk.c:4193
#30 0x0000000000462b80 in main (argc=8, argv=0x7fffa3d153d8) at asterisk.c:3960
{noformat}

Comments: By: Kevin Harwell (kharwell) 2022-03-24 11:59:37.602-0500

Looks a bit similar to the crashes also in ASTERISK-25382 and ASTERISK-26590