A system crash caused by malloc: "corrupted double-linked list"

[burne-muz]

Debian 10, Freeswitch v1.10.4, Install from source compilation
The crash occurs when the freeswitch is about to send the SWITCH_EVENT_RECORD_START event

[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `fs -nonat'.
Program terminated with signal SIGABRT, Aborted.
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
50 ../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
[Current thread is 1 (Thread 0x7fb30778c700 (LWP 7474))]
(gdb) bt
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1 0x00007fb36d3f4535 in __GI_abort () at abort.c:79
#2 0x00007fb36d44b508 in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7fb36d55628d "%s\n") at ../sysdeps/posix/libc_fatal.c:181
#3 0x00007fb36d451c1a in malloc_printerr (str=str@entry=0x7fb36d554393 "corrupted double-linked list") at malloc.c:5341
#4 0x00007fb36d455231 in _int_malloc (av=av@entry=0x7fb36d58dc40 <main_arena>, bytes=bytes@entry=16) at malloc.c:3931
#5 0x00007fb36d45656a in __GI___libc_malloc (bytes=bytes@entry=16) at malloc.c:3057
#6 0x00007fb36dc6766a in my_dup (s=0x7fb36df685bb "FreeSWITCH-IPv4") at src/switch_event.c:116
#7 0x00007fb36dc676d8 in new_header (header_name=0x7fb36df685bb "FreeSWITCH-IPv4") at src/switch_event.c:941
#8 0x00007fb36dc68662 in switch_event_base_add_header (event=0x5584ac755b70, stack=SWITCH_STACK_BOTTOM, header_name=0x7fb36df685bb "FreeSWITCH-IPv4", data=)
at src/switch_event.c:1085
#9 0x00007fb36dc6a115 in switch_event_prep_for_delivery_detailed (file=file@entry=0x7fb36df6f5a8 "src/switch_ivr_async.c",
func=func@entry=0x7fb36df70b50 <func.30643> "record_callback", line=line@entry=1336, event=0x5584ac755b70) at src/switch_event.c:1984
#10 0x00007fb36dc6a2df in switch_event_create_subclass_detailed (subclass_name=0x0, event_id=SWITCH_EVENT_RECORD_START, event=0x7fb3077896d0, line=1336,
func=0x7fb36df70b50 <func.30643> "record_callback", file=0x7fb36df6f5a8 "src/switch_ivr_async.c") at src/switch_event.c:774
#11 switch_event_create_subclass_detailed (file=file@entry=0x7fb36df6f5a8 "src/switch_ivr_async.c", func=func@entry=0x7fb36df70b50 <func.30643> "record_callback",
line=line@entry=1336, event=event@entry=0x7fb3077896d0, event_id=event_id@entry=SWITCH_EVENT_RECORD_START, subclass_name=subclass_name@entry=0x0) at src/switch_event.c:743
#12 0x00007fb36dca19f6 in record_callback (bug=0x5584ae9d63c8, user_data=0x7fb2d00264c0, type=) at src/switch_ivr_async.c:1336
#13 0x00007fb36dbf0735 in switch_core_media_bug_add (session=session@entry=0x7fb2cc0088b8, function=function@entry=0x7fb36df6fde8 "session_record",
target=target@entry=0x5584ac755ef1 "/mnt/rec_test/20201204172530268564006731.wav", callback=callback@entry=0x7fb36dca0af0 <record_callback>, user_data=user_data@entry=0x7fb2d00264c0,
stop_time=stop_time@entry=0, flags=19, new_bug=0x7fb30778b7b8) at src/switch_core_media_bug.c:950
#14 0x00007fb36dca6ae6 in switch_ivr_record_session_event (session=session@entry=0x7fb2cc0088b8, file=file@entry=0x5584ac755ef1 "/mnt/rec_test/20201204172530268564006731.wav", limit=0,
fh=, fh@entry=0x0, vars=0x0) at src/switch_ivr_async.c:2988
#15 0x00007fb3681831ff in session_record_function (cmd=, session=, stream=0x7fb30778ba50) at mod_commands.c:4713
#16 0x00007fb36dc5f285 in switch_api_execute (cmd=, arg=, session=session@entry=0x0, stream=stream@entry=0x7fb30778ba50) at src/switch_loadable_module.c:3010
#17 0x00007fb36910bfc6 in api_exec (thread=, obj=0x7fb30010daf8) at mod_event_socket.c:1555
#18 0x00007fb36df3dc0c in dummy_worker (opaque=0x7fb30010def8) at threadproc/unix/thread.c:151
#19 0x00007fb36d915fa3 in start_thread (arg=) at pthread_create.c:486
#20 0x00007fb36d4cb4cf in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

It seems like a bug to crash a system simply because it failed to allocate memory

[andywolk]

Please try latest master and reopen if the issue is there still.