Summary: | ASTERISK-25222: Crash in recurring cancel callback called from ast_dns_resolve_cancel on junk pointer | ||
Reporter: | Matt Jordan (mjordan) | Labels: | |
Date Opened: | 2015-07-01 11:37:01 | Date Closed: | 2015-07-02 09:44:14 |
Priority: | Major | Regression? | |
Status: | Closed/Complete | Components: | Core/General |
Versions: | Frequency of Occurrence | ||
Related Issues: | |||
Environment: | Attachments: | ( 0) consoleText | |
Description: | This crash was caught by the Jenkins unit test runs on master. Note that {{rdata}} is clearly junk when it is passed to the recurring cancel callback:
{code} [Thread debugging using libthread_db enabled] Core was generated by `asterisk -gn'. Program terminated with signal 11, Segmentation fault. #0 0x0000003b74e09220 in pthread_mutex_lock () from /lib64/libpthread.so.0 #0 0x0000003b74e09220 in pthread_mutex_lock () from /lib64/libpthread.so.0 No symbol table info available. #1 0x0000000000610b64 in __ast_pthread_mutex_lock (filename=0x7f25c3da943d "test_dns_recurring.c", lineno=177, func=0x7f25c3daa1a0 "recurring_cancel", mutex_name=0x7f25c3da9430 "&rdata->lock", t=0x100000020) at lock.c:313 res = 32550 #2 0x00007f25c3da610f in recurring_cancel (query=0x7f26000fc6d8) at test_dns_recurring.c:177 recurring = 0x7f26000b3e70 rdata = 0x100000000 __PRETTY_FUNCTION__ = "recurring_cancel" #3 0x00000000005a4513 in ast_dns_resolve_cancel (active=0x7f260003f0c8) at dns_core.c:274 No locals. #4 0x00000000005aa5f9 in ast_dns_resolve_recurring_cancel (recurring=0x7f2600077eb0) at dns_recurring.c:142 res = 0 __PRETTY_FUNCTION__ = "ast_dns_resolve_recurring_cancel" #5 0x00007f25c3da73de in recurring_query_cancel_between (info=0x1893200, cmd=TEST_EXECUTE, test=0x1893200) at test_dns_recurring.c:498 recurring_query = 0x7f2600077eb0 rdata = 0x7f26000b3e70 res = AST_TEST_PASS timeout = {tv_sec = 139800176399744, tv_nsec = 7755535} __PRETTY_FUNCTION__ = "recurring_query_cancel_between" #6 0x000000000074c49c in test_execute (test=0x1893200) at test.c:253 begin = {tv_sec = 1435690048, tv_usec = 654954} result = AST_TEST_NOT_RUN #7 0x000000000074cfbb in test_execute_multiple (name=0x0, category=0x0, cli=0x7f2618ce22d0) at test.c:371 result_buf = "PASS", '\000' <repeats 27 times> test = 0x1893200 mode = TEST_ALL execute = 1 res = 0 __PRETTY_FUNCTION__ = "test_execute_multiple" #8 0x000000000074fa31 in test_cli_execute_registered (e=0xb0f3a8, cmd=-4, a=0x7f2618ce22d0) at test.c:833 option1 = {0x87abdd "all", 0x87b5d6 "category", 0x0} option2 = {0x87abe1 "name", 0x0} __PRETTY_FUNCTION__ = "test_cli_execute_registered" #9 0x000000000055e533 in ast_cli_command_full (uid=1021, gid=100, fd=12, s=0x7f2618ce25e0 "test execute all") at cli.c:2715 args = {0xb0f3a8 "\260<K\001", 0x7f26000011b0 "test", 0x7f26000011b5 "execute", 0x7f26000011bd "all", 0x0 <repeats 33 times>, 0x3b742092a6 "\205\300uNH\211\330H\213l$ H\213\\$\030L\213d$(L\213l$0H\203\304\070\303f.\017\037\204", 0x3230343032000000 <Address 0x3230343032000000 out of bounds>, 0x7f2618ce2530 "\210\021Bt;", 0x0, 0x7f2618ce2530 "\210\021Bt;", 0x23 <Address 0x23 out of bounds>, 0x1717a40 "\220J\224\001", 0x3000000018 <Address 0x3000000018 out of bounds>, 0x7f2618ce2810 "", 0x7f2618ce2750 "", 0x1ddb513 "m_alloc", 0x28 <Address 0x28 out of bounds>, 0x3b74a02870 "\350DmwK\217}\365", 0x0, 0x7f2618ce26b0 "\003", 0x3b74a03c48 "", 0x3b74a09048 "\216*", 0x0, 0x42a2d5 "e_object_via_lookup_nolock", 0x10 <Address 0x10 out of bounds>, 0x3b74e00b28 "P\265\250\020\003\v\202\260\344\236", 0x0, 0x7f2618ce26f0 "", 0x3b74421188 "", 0x0, 0x7f261a6a57c8 "A\306B", 0x7f261a6a94d0 "", 0x41b302 "getsockopt"} e = 0xb0f3a8 x = 3 duplicate = 0x7f26000011b0 "test" tmp = "test execute all\000ted", '\000' <repeats 44 times> retval = 0x2 <Address 0x2 out of bounds> a = {fd = 12, argc = 3, argv = 0x7f2618ce2358, line = 0x0, word = 0x0, pos = 0, n = 0} __PRETTY_FUNCTION__ = "ast_cli_command_full" {code} Full Jenkins test run attached. See the link for more information. | ||
Comments: | By: Asterisk Team (asteriskteam) 2015-07-01 11:37:02.455-0500 Thanks for creating a report! The issue has entered the triage process. That means the issue will wait in this status until a Bug Marshal has an opportunity to review the issue. Once the issue has been reviewed you will receive comments regarding the next steps towards resolution. A good first step is for you to review the [Asterisk Issue Guidelines|https://wiki.asterisk.org/wiki/display/AST/Asterisk+Issue+Guidelines] if you haven't already. The guidelines detail what is expected from an Asterisk issue report. Then, if you are submitting a patch, please review the [Patch Contribution Process|https://wiki.asterisk.org/wiki/display/AST/Patch+Contribution+Process]. |