[Home]

Summary:ASTERISK-24707: Double free corruprion in PJSIP
Reporter:Badalian Vyacheslav (slavon)Labels:
Date Opened:2015-01-21 09:09:31.000-0600Date Closed:2015-03-10 16:19:45
Priority:MajorRegression?
Status:Closed/CompleteComponents:
Versions:11.15.0 Frequency of
Occurrence
Related
Issues:
Environment:Attachments:( 0) gdb_ast_abort.log
Description:{code}
Thread 187 (Thread 0x7fff98986700 (LWP 48837)):
#0  0x00000037c9e32625 in raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1  0x00000037c9e33e05 in abort () at abort.c:92
#2  0x00000037c9e70537 in __libc_message (do_abort=2, fmt=0x37c9f58900 "*** glibc detected *** %s: %s: 0x%s ***\n") at ../sysdeps/unix/sysv/linux/libc_fatal.c:198
#3  0x00000037c9e75e66 in malloc_printerr (action=3, str=0x37c9f58c70 "double free or corruption (out)", ptr=<value optimized out>) at malloc.c:6336
#4  0x00000037c9e789b3 in _int_free (av=0x37ca18fe80, p=0x7ffeda472650, have_lock=0) at malloc.c:4832
#5  0x00007fff9ac3d774 in default_block_free () from /usr/lib/asterisk/modules/res_rtp_asterisk.so
#6  0x00007fff9ac444b1 in pj_pool_destroy_int () from /usr/lib/asterisk/modules/res_rtp_asterisk.so
#7  0x00007fff9ac44cbb in cpool_release_pool () from /usr/lib/asterisk/modules/res_rtp_asterisk.so
#8  0x00007fff9ac43ea1 in pj_pool_release () from /usr/lib/asterisk/modules/res_rtp_asterisk.so
#9  0x00007fff9ac22b86 in destroy_tdata () from /usr/lib/asterisk/modules/res_rtp_asterisk.so
#10 0x00007fff9ac22ba9 in pj_stun_msg_destroy_tdata () from /usr/lib/asterisk/modules/res_rtp_asterisk.so
#11 0x00007fff9ac22c22 in on_cache_timeout () from /usr/lib/asterisk/modules/res_rtp_asterisk.so
#12 0x00007fff9ac49c22 in pj_timer_heap_poll () from /usr/lib/asterisk/modules/res_rtp_asterisk.so
#13 0x00007fff9ac081b9 in timer_worker_thread (data=0x0) at res_rtp_asterisk.c:1744
#14 0x00007fff9ac3b14f in thread_main () from /usr/lib/asterisk/modules/res_rtp_asterisk.so
#15 0x00000037ca2079d1 in start_thread (arg=0x7fff98986700) at pthread_create.c:301
#16 0x00000037c9ee89dd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115

{code}
Comments:By: Badalian Vyacheslav (slavon) 2015-01-21 09:19:40.384-0600

Full backtrace

By: Matt Jordan (mjordan) 2015-01-21 09:27:49.906-0600

Your backtrace appears to contain memory corruption and we require valgrind output in order to move this issue forward. Please see https://wiki.asterisk.org/wiki/display/AST/Valgrind for more information about how to produce debugging information. Thanks!



By: Badalian Vyacheslav (slavon) 2015-02-17 08:48:33.686-0600

Sorry for the long answer. Was on vacation.

We can't use Valgrind becouse its have poor perfomance. Switch to GCC ASAN. Patch to enable ASAN at ASTERISK-24718

By: Matt Jordan (mjordan) 2015-02-17 11:02:50.389-0600

[~slavon]: Even if I went and used your patch, that still doesn't mean I can reproduce your specific memory corruption.

If you'd like to use GCC ASAN to find the root cause of the corruption, that's fine. However, you'll need to provide that information, or else provide specific, step by step instructions, that allow someone other than you to analyze the problem.

By: Rusty Newton (rnewton) 2015-03-06 15:25:39.379-0600

[~slavon] it has been a few weeks on this issue since we had a response. Can you provide the information Matt requested?

{quote}
If you'd like to use GCC ASAN to find the root cause of the corruption, that's fine. However, you'll need to provide that information, or else provide specific, step by step instructions, that allow someone other than you to analyze the problem.
{quote}

Also, consider https://wiki.asterisk.org/wiki/display/AST/MALLOC_DEBUG+Compiler+Flag as that may help.

By: Badalian Vyacheslav (slavon) 2015-03-06 15:56:25.896-0600

Can't get this error again long time. Please close issue