[Home]

Summary:ASTERISK-25222: Crash in recurring cancel callback called from ast_dns_resolve_cancel on junk pointer
Reporter:Matt Jordan (mjordan)Labels:
Date Opened:2015-07-01 11:37:01Date Closed:2015-07-02 09:44:14
Priority:MajorRegression?
Status:Closed/CompleteComponents:Core/General
Versions:Frequency of
Occurrence
Related
Issues:
Environment:Attachments:( 0) consoleText
Description:This crash was caught by the Jenkins unit test runs on master. Note that {{rdata}} is clearly junk when it is passed to the recurring cancel callback:

{code}
[Thread debugging using libthread_db enabled]
Core was generated by `asterisk -gn'.
Program terminated with signal 11, Segmentation fault.
#0  0x0000003b74e09220 in pthread_mutex_lock () from /lib64/libpthread.so.0
#0  0x0000003b74e09220 in pthread_mutex_lock () from /lib64/libpthread.so.0
No symbol table info available.
#1  0x0000000000610b64 in __ast_pthread_mutex_lock (filename=0x7f25c3da943d "test_dns_recurring.c", lineno=177, func=0x7f25c3daa1a0 "recurring_cancel", mutex_name=0x7f25c3da9430 "&rdata->lock", t=0x100000020) at lock.c:313
       res = 32550
#2  0x00007f25c3da610f in recurring_cancel (query=0x7f26000fc6d8) at test_dns_recurring.c:177
       recurring = 0x7f26000b3e70
       rdata = 0x100000000
       __PRETTY_FUNCTION__ = "recurring_cancel"
#3  0x00000000005a4513 in ast_dns_resolve_cancel (active=0x7f260003f0c8) at dns_core.c:274
No locals.
#4  0x00000000005aa5f9 in ast_dns_resolve_recurring_cancel (recurring=0x7f2600077eb0) at dns_recurring.c:142
       res = 0
       __PRETTY_FUNCTION__ = "ast_dns_resolve_recurring_cancel"
#5  0x00007f25c3da73de in recurring_query_cancel_between (info=0x1893200, cmd=TEST_EXECUTE, test=0x1893200) at test_dns_recurring.c:498
       recurring_query = 0x7f2600077eb0
       rdata = 0x7f26000b3e70
       res = AST_TEST_PASS
       timeout = {tv_sec = 139800176399744, tv_nsec = 7755535}
       __PRETTY_FUNCTION__ = "recurring_query_cancel_between"
#6  0x000000000074c49c in test_execute (test=0x1893200) at test.c:253
       begin = {tv_sec = 1435690048, tv_usec = 654954}
       result = AST_TEST_NOT_RUN
#7  0x000000000074cfbb in test_execute_multiple (name=0x0, category=0x0, cli=0x7f2618ce22d0) at test.c:371
       result_buf = "PASS", '\000' <repeats 27 times>
       test = 0x1893200
       mode = TEST_ALL
       execute = 1
       res = 0
       __PRETTY_FUNCTION__ = "test_execute_multiple"
#8  0x000000000074fa31 in test_cli_execute_registered (e=0xb0f3a8, cmd=-4, a=0x7f2618ce22d0) at test.c:833
       option1 = {0x87abdd "all", 0x87b5d6 "category", 0x0}
       option2 = {0x87abe1 "name", 0x0}
       __PRETTY_FUNCTION__ = "test_cli_execute_registered"
#9  0x000000000055e533 in ast_cli_command_full (uid=1021, gid=100, fd=12, s=0x7f2618ce25e0 "test execute all") at cli.c:2715
       args = {0xb0f3a8 "\260<K\001", 0x7f26000011b0 "test", 0x7f26000011b5 "execute", 0x7f26000011bd "all", 0x0 <repeats 33 times>, 0x3b742092a6 "\205\300uNH\211\330H\213l$ H\213\\$\030L\213d$(L\213l$0H\203\304\070\303f.\017\037\204", 0x3230343032000000 <Address 0x3230343032000000 out of bounds>, 0x7f2618ce2530 "\210\021Bt;", 0x0, 0x7f2618ce2530 "\210\021Bt;", 0x23 <Address 0x23 out of bounds>, 0x1717a40 "\220J\224\001", 0x3000000018 <Address 0x3000000018 out of bounds>, 0x7f2618ce2810 "", 0x7f2618ce2750 "", 0x1ddb513 "m_alloc", 0x28 <Address 0x28 out of bounds>, 0x3b74a02870 "\350DmwK\217}\365", 0x0, 0x7f2618ce26b0 "\003", 0x3b74a03c48 "", 0x3b74a09048 "\216*", 0x0, 0x42a2d5 "e_object_via_lookup_nolock", 0x10 <Address 0x10 out of bounds>, 0x3b74e00b28 "P\265\250\020\003\v\202\260\344\236", 0x0, 0x7f2618ce26f0 "", 0x3b74421188 "", 0x0, 0x7f261a6a57c8 "A\306B", 0x7f261a6a94d0 "", 0x41b302 "getsockopt"}
       e = 0xb0f3a8
       x = 3
       duplicate = 0x7f26000011b0 "test"
       tmp = "test execute all\000ted", '\000' <repeats 44 times>
       retval = 0x2 <Address 0x2 out of bounds>
       a = {fd = 12, argc = 3, argv = 0x7f2618ce2358, line = 0x0, word = 0x0, pos = 0, n = 0}
       __PRETTY_FUNCTION__ = "ast_cli_command_full"
{code}

Full Jenkins test run attached. See the link for more information.
Comments:By: Asterisk Team (asteriskteam) 2015-07-01 11:37:02.455-0500

Thanks for creating a report! The issue has entered the triage process. That means the issue will wait in this status until a Bug Marshal has an opportunity to review the issue. Once the issue has been reviewed you will receive comments regarding the next steps towards resolution.

A good first step is for you to review the [Asterisk Issue Guidelines|https://wiki.asterisk.org/wiki/display/AST/Asterisk+Issue+Guidelines] if you haven't already. The guidelines detail what is expected from an Asterisk issue report.

Then, if you are submitting a patch, please review the [Patch Contribution Process|https://wiki.asterisk.org/wiki/display/AST/Patch+Contribution+Process].