Asterisk 1.8.2.1 random crash

enjoyjoy · January 17, 2013, 1:15am

Hey everyone,

we encounter random crash problem with the signal is 6 or 11.

backtrace as following, any idea on how to troubleshooting ?

=====================backtrace1 =====
#1 0x00138df0 in raise () from /lib/libc.so.6
No symbol table info available.
#2 0x0013a701 in abort () from /lib/libc.so.6
No symbol table info available.
#3 0x001713ab in __libc_message () from /lib/libc.so.6
No symbol table info available.
#4 0x001796c5 in _int_free () from /lib/libc.so.6
No symbol table info available.
#5 0x00179b09 in free () from /lib/libc.so.6
No symbol table info available.
#6 0x0810525a in ast_smoother_free (s=0x9ab04e8) at frame.c:292
No locals.
#7 0x00b53370 in ast_rtp_destroy (instance=0xb3e72970) at res_rtp_asterisk.c:504
rtp = 0xb3406ee0
PRETTY_FUNCTION = “ast_rtp_destroy”
#8 0x08155c9a in instance_destructor (obj=0xb3e72970) at rtp_engine.c:280
instance = 0xb3e72970
PRETTY_FUNCTION = “instance_destructor”
#9 0x08086686 in internal_ao2_ref (user_data=0xb3e72970, delta=-1) at astobj2.c:262
obj = 0xb3e72338
current_value = -1
ret = 0
PRETTY_FUNCTION = “internal_ao2_ref”
#10 0x080865b8 in __ao2_ref (user_data=0xb3e72970, delta=-1) at astobj2.c:232
obj = 0xb3e72338
#11 0x08155dda in ast_rtp_instance_destroy (instance=0xb3e72970) at rtp_engine.c:297
No locals.
#12 0x0648fe66 in __sip_destroy (p=0xb34782d8, lockowner=1, lockdialoglist=1) at chan_sip.c:5351
PRETTY_FUNCTION = “__sip_destroy”
#13 0x064907e9 in sip_destroy (p=0xb34782d8) at chan_sip.c:5605
PRETTY_FUNCTION = “sip_destroy”
#14 0x0649086d in sip_destroy_fn (p=0xb34782d8) at chan_sip.c:5594
No locals.
#15 0x08086686 in internal_ao2_ref (user_data=0xb34782d8, delta=-1) at astobj2.c:262
obj = 0xb3477ca0
current_value = -1
ret = 0
PRETTY_FUNCTION = “internal_ao2_ref”
#16 0x080865b8 in __ao2_ref (user_data=0xb34782d8, delta=-1) at astobj2.c:232
obj = 0xb3477ca0
#17 0x0646bd39 in dialog_unref_debug (p=0x0,
tag=0x6516b00 “Let’s unbump the count in the unlink so the poor pvt can disappear if it is time”, file=0x650cde0 “chan_sip.c”,
line=2773, func=0x651549d “dialog_unlink_all”) at chan_sip.c:2193
No locals.
#18 0x064751b4 in dialog_unlink_all (dialog=0xb34782d8, lockowner=1, lockdialoglist=0) at chan_sip.c:2773
cp = 0x653a840
PRETTY_FUNCTION = “dialog_unlink_all”
#19 0x06475c81 in dialog_needdestroy (dialogobj=0xb34782d8, arg=0xb7b86328, flags=7) at chan_sip.c:16009
PRETTY_FUNCTION = “dialog_needdestroy”
#20 0x08087082 in internal_ao2_callback (c=0xb7ee3ac8, flags=7, cb_fn=0x6475630, arg=0xb7b86328, data=0x0, type=DEFAULT, tag=0x0,
file=0x0, line=0, funcname=0x0) at astobj2.c:669
match = 3
__list_head = 0xb7ee4bdc
__list_next = 0xb491c1c8
__list_prev = 0x0
__new_prev = 0xb6e9c368
cur = 0xb6e9c368
i = 544
start = 0
last = 563
ret = 0x0
cb_default = 0x6475630 <dialog_needdestroy>
cb_withdata = 0
multi_container = 0x0
multi_iterator = 0x0
PRETTY_FUNCTION = “internal_ao2_callback”
#21 0x08087449 in __ao2_callback (c=0xb7ee3ac8, flags=7, cb_fn=0x6475630 <dialog_needdestroy>, arg=0xb7b86328) at astobj2.c:765
No locals.
#22 0x064d10c6 in do_monitor (data=0x0) at chan_sip.c:24504
res =
t = 1358319557
reloading = 0
PRETTY_FUNCTION = “do_monitor”
#23 0x081961da in dummy_start (data=0x8f16418) at utils.c:971
__cancel_buf = {__cancel_jmp_buf = {{__cancel_jmp_buf = {11558900, 0, -1212650608, -1212652616, -393889548, 1462025068},
__mask_was_saved = 0}}, __pad = {0xb7b86470, 0x0, 0x0, 0x0}}
__cancel_routine = 0x807b21a <ast_unregister_thread>
__cancel_arg = 0xb7b86b90
not_first_call = 0
ret = 0x0
a = {start_routine = 0x64d0e60 <do_monitor>, data = 0x0,
name = 0x8f1a8a8 “do_monitor”, ’ ’ <repeats 11 times>, “started at [24553] chan_sip.c restart_monitor()”}
lock_info = 0x8f201d8
mutex_attr = {__size = “\001\000\000”, __align = 1}
#24 0x00af5832 in start_thread () from /lib/libpthread.so.0
No symbol table info available.
#25 0x001e245e in clone () from /lib/libc.so.6
No symbol table info available.

===============backtrace2=================
#0 0x00849f9f in _ast_odbc_request_obj2 (name=0xb038243c “asterisk”, flags=…, file=0xce8fd4 “res_config_odbc.c”,
function=0xce91d1 “realtime_multi_odbc”, lineno=346) at res_odbc.c:1357
1357 if (time(NULL) > class->last_negative_connect.tv_sec + class->negative_connection_cache.tv_sec) {
#0 0x00849f9f in _ast_odbc_request_obj2 (name=0xb038243c “asterisk”, flags=…, file=0xce8fd4 “res_config_odbc.c”,
function=0xce91d1 “realtime_multi_odbc”, lineno=346) at res_odbc.c:1357
obj = 0xb7d749f0
class = 0x0
nativeerror = 0
numfields = 0
diagbytes = 0
i = 0
state = "\000\001\000\000ԏ\316\000S\001"
diagnostic = “\006\240\065\000nection due to administratorG\000\000\000mand\000\000\000\000\000\000\000\000@qD\000\b\210\374\t \000\000\000\240A\000\001\000\000\000\364_D\000@qD\000P&8\260\070\204\374\t\327\315\065\000\070\204\374\t\000\000\000\000\324\003\000\000@qD\000\060\223\034\n\320\003\000\000\320\f\002\000H\261\316\000\241\333\tP&8\260\270\020\070\260\264>\031\b\001\000\000\000\320\003\000\000\270\020\070\260\244O\204\000\001\000\000\000\320\003\000\000\324\247\037\b\357\005\000\000\004\260\037\b\000\000\000\000\330\020\070\260H\261\316\000\310\003\000\000\070\204\374\t\350\020\070\260\034t\031\b\001\000\000\000\320\003\000\000\324\247\037\b\357\005\000\000\004\260\037\b”, ‘\000’ <repeats 12 times>, “8\204\374\t\320\003\000\000(\021\070\260\347t\031\b\234\025\070\260\230\021\070\260"
PRETTY_FUNCTION = “_ast_odbc_request_obj2”
#1 0x00ce5813 in realtime_multi_odbc (database=0xb038243c “asterisk”, table=0xb038233c “extensions”,
ap=0xb0382554 “c”, <incomplete sequence \372\224>) at res_config_odbc.c:346
obj = 0x950110
stmt = 0x9dba160
sql = “\345\235\t8\037\070\260\n\223?\000X\342.\000(\000\000\000H\037\070\260\000\340.\000\000\000\000\000\060\001\325\000(\037\070\260\254!8\260\200\000\000\000\354", '\000' <repeats 11 times>, "(\037\070\260L[\325\000\254!8\260@\"8\260^[\325\000#\361\324\000\000\000\000\000\374\377\377\377\201\206C\000\201\206C\000\\\037\070\260\225\245?\000\245\306?\000\000\000\000\000\034\371\037\b\000\000\000\000\374\377\377\377\001\000\000\000\364_D\000\024\371\037\b\003\000\000\000\320\037\070\260/\254?\000\003\000\000\000\000\000\000\000 \371\037\b\300\037\070\260M\t\000\000J\000\000\000\000\000\000\221\360\021\b\364\200\004\b\001\000\000\000\000\000\000\000K\t\000\000\350\213C\000\260\375A\000\221\360\021\b \371\037\b\000\000\000\000\000\230\201\276\244Z\325\000’|\257\000\000\000\000\000\252$.\000%\001\000\000\n\000\000\000p\371\037\bp\346.\000p\346.\000\070 8\260\n\223?\000X\342.\000”…
coltitle = “$#8\260\177\320\062\000\374\377\377\377\301\071\325\000\301\071\325\000\f\036\070\260\225\245?\000\245\306?\000\000\000\000\000\364C\325\000\030$8\260\374\377\377\377\001\000\000\000\364_D\000\244\065\325\000\v\000\000\000\200\036\070\260\212\255?\000\v\000\000\000\000\000\000\000\370C\325\000l\036\070\260\374\377\377\377\301\071\325\000\301\071\325\000\\036\070\260\225\245?\000\245\306?\000\000\000\000\000\364C\325\000\350C\325\000\374\377\377\377\001\000\000\000\364_D\000\244\065\325\000\v\000\000\000\320\036\070\260\212\255?\000\v\000\000\000\000\000\000\000\370C\325\000\274\036\070\260T\000\000\000\230\002\000\000\345\235\t\344\006\325\000\224\240\324\000\001\000\000\000\000\000\000\000S\000\000\000\350C\325\000H8\325\000\344\006\325\000\260\065\325\000\\!8\260\200\000\000\000\354\000\000\000'|\257\000\000\000\000\000\252$.\000\325\000\000\000\201\000\000\000\270\071\325\000\345\235\t"
rowdata = “\244Z\325\000\344\323 \b\310:\036\b(\026\070\260\312\365\324\000\221\360\021\bp\027\070\260\300\000\000\000\\026\070\260\064\355\324\000\000\000\000\000\000\230\201\276\244Z\325\000\364_D\000\344\323 \b\270\027\070\260(\026\070\260\242e=\000\034\027\070\260\005\000\000\000\364_D\000\344\323 \b\310:\036\b\250\027\070\260P\a\325\000\034\027\070\260\270\027\070\260\000\000\000\000\034\027\070\260\\026\070\260\270\027\070\260\060e=\000\005\000\000\000\344\006\325\000\224\240\324\000\001”, ‘\000’ <repeats 75 times>”\374, \377\377\377\301\071\325\000\301\071\325\000\334\026\070\260\225\245?\000\245\306?\000\000\000\000\000\364C\325\000\000\000\000\000\374\377\377\377\001\000\000\000\364_D\000\244\065\325\000\v\000\000\000P\027\070\260\212\255?\000\v\000\000\000\000\000\000\000\370C\325\000<\027\070\260T\000\000\000\230\002\000\000\000\000\000\000\344\006\325\000\224\240\324\000\001\000\000\000\000\000\000\000S\000\000\000\350C\325\000H8\325\000\344\006\325\000\260\065\325\000\000\000\000\000\314\027\070\260\000\000\000\000’”…
initfield = 0x0
op = 0xb0382318 "H%8\260\346\022\r\b<$8\260<#8\260T%8\260"
newparam = 0x80d0c45 “\203}”, <incomplete sequence \374>
newval = 0x81d5014 "config.c"
stringp = 0x0
chunk = 0x7f9 <Address 0x7f9 out of bounds>
collen = 0
res = 136141478
x = 136140882
var = 0x0
cfg = 0x0
cat = 0x0
connected_flag = {flags = 4}
colsize = 0
colcount = 0
datatype = -3951
decimaldigits = -20424
nullable = 5560
indicator = 4172240
cps = {sql = 0xb0381ecc "\345\235\t8\037\070\260\n\223?", extra = 0x0, __field_mgr_pool = 0x9fc8438, encoding = { 0x824a9c6 "" <repeats 256 times>}, __field_mgr = {last_alloc = 0x0, embedded_pool = 0x0}, ap = 0xb0382554 "c", <incomplete sequence \372\224>, skip = 0} aq = 0xb0382554 "c", <incomplete sequence \372\224> __PRETTY_FUNCTION__ = "realtime_multi_odbc" #2 0x080d12e6 in ast_load_realtime_multientry (family=0xb0382658 "extensions") at config.c:2253 eng = 0xceb2e0 db = "asterisk\000%8\260\374%8\260\374%8\260\376%8\260\017&8\260\374%8\260\017&8\260", '\000' <repeats 20 times>, "(\t\000\000\000\000\000\000\311\207\021\b\000\000\000\261\000\000\000\000\350$8\260\t\000\000\000\307:\036\b\354o\034\b\000\000\000\000\\q\034\b>q\034\b\377\377\377\377D\264*\261\000\000\000\000d%8\260eR\366Px\271\n\000\035\000\000\000\t\000\000\000\307:\036\b\354o\034\b\000\000\000\000@YD\000\000\000\000\000\000\000\000\000\020\001\225\000\241\333\tP&8\260\030%8\260\230c\b\b\354o\034\b\345\002\000\000\q\034\b\000\000\000\000\000\000\000\000\002\000\000\000H%8\260\345\017\r\bX&8\260T%8\260\330%8\260\364_D\000\241\333\tP&8\260H%8\260T%8\260", '\000' <repeats 11 times> table = "extensions", '\000' <repeats 60 times>, "70", '\000' <repeats 68 times>, "l$8\260\000\000\000\000x$8\260p$8\260t$8\260|$8\260Te5\000\000\000\000\000\000\000\000\000\364_D\000\000\000\000\000\000\000\000\000\375w5\000asterisk\000&8\260\\%8\260\364_D\000<$8\260\374%8\260(%8\260\024\025\065\000<$8\260\372\224\000\%8\260\374%8\260\000\000\000\000\334$8\260\023\000\000"
res = 0x0
ap = 0xb0382554 “c”, <incomplete sequence \372\224>
i = 1
#3 0x0094e44f in realtime_switch_common (table=0xb0382658 “extensions”, context=0xb0382650 “default”, exten=0xb0168d84 “7310”,
priority=70, mode=0, flags=…) at pbx_realtime.c:188
var = 0x0
cfg = 0x8
pri = "70\000\000\000\000\000\000\000\000\000\000(&8\260eu\b\b"
ematch = 0x94fa79 "exten"
rexten = “7310”, ‘\000’ <repeats 95 times>
match = -1338497360
#4 0x0094e83c in realtime_common (context=0xb0168d34 “default”, exten=0xb0168d84 “7310”, priority=70,
data=0x9dba14d “default@extensions”, mode=0) at pbx_realtime.c:249
opts = 0x0
ctx = 0xb0382650 "default"
table = 0xb0382658 "extensions"
var = 0x0
flags = {flags = 0}
ce = 0x0
cache_search = {ce = {when = {tv_sec = 0, tv_usec = 0}, var = 0x0, priority = 70, context = 0xb0168d34 “default”,
exten = “\000”}, exten = “7310”, ‘\000’ <repeats 75 times>}
buf = 0xb0382650 “default”
#5 0x0094eacf in realtime_exec (chan=0xb01689c8, context=0xb0168d34 “default”, exten=0xb0168d84 “7310”, priority=70,
callerid=0xaffcec38 “8401”, data=0x9dba14d “default@extensions”) at pbx_realtime.c:301
res = -1
var = 0x0
PRETTY_FUNCTION = “realtime_exec”
#6 0x0813fe6d in pbx_extension_helper (c=0xb01689c8, con=0x0, context=0xb0168d34 “default”, exten=0xb0168d84 “7310”, priority=70,
label=0x0, callerid=0xaffcec38 “8401”, action=E_SPAWN, found=0xb038724c, combined_find_spawn=1) at pbx.c:4099
e = 0x0
app = 0xb0386f8c
res = 1
q = {incstack = {0x0 <repeats 128 times>}, stacklen = 0, status = 2, swo = 0x950200,
data = 0x9dba14d “default@extensions”, foundcontext = 0xb0168d34 “default”}
passdata = “Te5\000\000\000\000\000\000\000\000\000\364_D\000\000\000\000\000\263f5\000\375w5\000\234M8\260\263f5\000\000\000\000\000\235.A\000\000\000\000\000\323Z8\260\364_D\000\001\000\000\000\000T8\260\300M8\260;\252\064\000\000T8\260\263f5\000\001\000\000\000\234.A\000\001\000\000\000\336~4\000PS8\260\000\000\000\000\334W8\260\364_D\000V\251\037\b\000\000\000\000\344S8\260\221\323\062\000\000T8\260V\251\037\b\000\000\000\000\000\000\000\000\263f5\000\035d8\260\274W8\260 \000\000\000\336~4\000\270\244p\002\000\000\000\000>d8\260\364_D\000\272\244p\002\000\000\000\000(T8\260\221\323\062\000LT8\260\272\244p\002\000\000\000\000\000\000\000\000\003\062\370\257\332\306\n\n0\000\000\000\071\000\000\000\033\031p\002\000T8\260f2\370\257\364_D\000\224S8\260\177\320\062\000hT8\260\221\323\062\000\214”…
matching_action = 0
PRETTY_FUNCTION = “pbx_extension_helper”
#7 0x08141745 in ast_spawn_extension (c=0xb01689c8, context=0xb0168d34 “default”, exten=0xb0168d84 “7310”, priority=70,
callerid=0xaffcec38 “8401”, found=0xb038724c, combined_find_spawn=1) at pbx.c:4605
No locals.
#8 0x081420ec in __ast_pbx_run (c=0xb01689c8, args=0x0) at pbx.c:4703
digit = 0
invalid = 0
timeout = 0
dst_exten = “\312\365\324\000\221\360\021\b0r8\260\300\000\000\000\034q8\260\064\355\324\000\000\000\000\000\000\230\201\276\244Z\325\000ŁA\000\314W \bŁA\000@qD\000Q\000\000\000dqD\000dqD\000\000\000\000\000pqD\000\030\000\000\000hr8\260P\a\325\000\334q8\260xr8\260\v\211\065\000\364_D\000@qD\000\310:\036\b\330q8\260\067\256\065”, ‘\000’ <repeats 29 times>, “pqD\000\250\205\357\t@\t\000\000\303q8\260\000\000\000\000\000\000\000\000pqD\000\000\000\000\000@qD\000(\t\000\000@qD\000$\000\000\000\004”, ‘\000’ <repeats 15 times>, “1\t\000\000pqD\000\000\000\000\000\000\000\000\000v\001”, ‘\000’ <repeats 29 times>
pos = 0
found = 1
res = 0
autoloopflag = 0
error = 0
PRETTY_FUNCTION = “__ast_pbx_run”
#9 0x08143bb4 in pbx_thread (data=0xb01689c8) at pbx.c:5014
c = 0xb01689c8
#10 0x081961da in dummy_start (data=0xb01927b8) at utils.c:971
__cancel_buf = {__cancel_jmp_buf = {{__cancel_jmp_buf = {11558900, 0, -1338475632, -1338477640, -1968591696, 847822632},
__mask_was_saved = 0}}, __pad = {0xb0387470, 0x0, 0xa0e4db8, 0xa1573e8}}
__cancel_routine = 0x807b21a <ast_unregister_thread>
__cancel_arg = 0xb0387b90
not_first_call = 0
ret = 0xaf4bdc
a = {start_routine = 0x8143b95 <pbx_thread>, data = 0xb01689c8,
name = 0xaff93d18 “pbx_thread”, ’ ’ <repeats 11 times>, “started at [ 5035] pbx.c ast_pbx_start()”}
lock_info = 0x9e980c8
mutex_attr = {__size = “\001\000\000”, __align = 1}
#11 0x00af5832 in start_thread () from /lib/libpthread.so.0
No symbol table info available.
#12 0x003c345e in clone () from /lib/libc.so.6
No symbol table info available.

david55 · January 17, 2013, 8:50am

abort called from free indicates memory corruption, which can be difficult to debug, because the primary fault can be some time earlier. Segmentation violations can alos result from corruption, and are, again, delayed relative to the original fault.

However, as 1.8.2.1 is so old, there is no point in trying to debug it. Replace it with 1.8.20.0. If that still crashes, it becomes worth trying to debug.

Note debugging memory corruption requires options that have significant performance impact, or debugging techniques which have extreme performance impacts. In the latter case, it is unlikely that you wil be able to debug a production server.

malcolmd · January 17, 2013, 2:34pm

Why 1.8.9.3 and not 1.8.20.0?

david55 · January 17, 2013, 2:47pm

Because it sorts higher in the output from svn.digium.com/svn/asterisk/tags/ .