[Home]

Summary:ASTERISK-07286: coredump on ast_context_remove_extension when compiled with MALLOC_DEBUG
Reporter:Kaloyan Kovachev (knk)Labels:
Date Opened:2006-07-05 06:23:09Date Closed:2006-07-26 21:00:37
Priority:CriticalRegression?No
Status:Closed/CompleteComponents:Core/General
Versions:Frequency of
Occurrence
Related
Issues:
Environment:Attachments:( 0) coredump.txt
( 1) tracelog_full.txt
Description:when the registration expires and priority 1 extension is removed from sipregistrations context, asterisk crashes.

****** ADDITIONAL INFORMATION ******

*CLI> *** glibc detected *** free(): invalid pointer: 0x00000000006b6b9c ***
Aborted (core dumped)

#gdb asterisk core.23419
This GDB was configured as "x86_64-slackware-linux"...Using host libthread_db library "/lib64/tls/libthread_db.so.1".

Core was generated by `asterisk -vvvvvvgc'.
Program terminated with signal 6, Aborted.
Loaded symbols for ... (skipped)
#0  0x00002acd1c9c90d9 in raise () from /lib64/tls/libc.so.6
(gdb)
(gdb) bt
#0  0x00002acd1c9c90d9 in raise () from /lib64/tls/libc.so.6
#1  0x00002acd1c9ca7ce in abort () from /lib64/tls/libc.so.6
#2  0x00002acd1c9fdb61 in __libc_message () from /lib64/tls/libc.so.6
#3  0x00002acd1ca08660 in malloc_printerr () from /lib64/tls/libc.so.6
#4  0x00002acd1ca04e86 in free () from /lib64/tls/libc.so.6
ASTERISK-1  0x000000000044783d in ast_context_remove_extension2 (con=0x728b6c, extension=0x72d17c "??r", priority=1,
   registrar=0x0) at pbx.c:2435
ASTERISK-2  0x0000000000447bd2 in ast_context_remove_extension (context=0x2aaaadaf7940 "sipregistrations",
   extension=0x40143f30 "1070", priority=1, registrar=0x0) at pbx.c:2640
ASTERISK-3  0x00002aaaad9809bb in register_peer_exten (peer=0x79155c, onoff=0) at chan_sip.c:2249
ASTERISK-4  0x00002aaaad994ac4 in expire_register (data=0x5b7b) at chan_sip.c:7190
ASTERISK-5  0x0000000000414340 in ast_sched_runq (con=0x7029bc) at sched.c:361
ASTERISK-6 0x00002aaaad9df153 in do_monitor (data=0x5b7b) at chan_sip.c:14390
ASTERISK-7 0x00000000004b3a2d in dummy_start (data=0x5b7b) at utils.c:536
ASTERISK-8 0x00002acd1c4e9b8a in start_thread () from /lib64/tls/libpthread.so.0
ASTERISK-9 0x00002acd1ca5cb73 in clone () from /lib64/tls/libc.so.6

the registration from 1070, in this case was made during the previous run/version, but reproduced again without even restarting asterisk, just left the device to expire.
asterisk compiled with "MENUSELECT_CFLAGS=DEBUG_CHANNEL_LOCKS DEBUG_THREADS DETECT_DEADLOCKS MALLOC_DEBUG"
Comments:By: Kaloyan Kovachev (knk) 2006-07-05 08:52:41

some more dubuging shows that this is happening when there is also hint priority in the same context:
[ Context 'sipregistrations' created by 'pbx_config' ]                                                          
 '1070' =>         hint: SIP/1070                                [pbx_config]
                   1. Noop(1070)                                 [SIP]
causes a crash even on extensions reload, while the next one works fine:
[ Context 'sipregistrations' created by 'pbx_config' ]                                                          
 '1070' =>         hint: SIP/1070                                [pbx_config]
[ Context 'sipregistrations' created by 'SIP' ]                                                          
 '1070' =>         1. Noop(1070)                                 [SIP]

as a workaround i have renamed my hints context to siphints and it works fine now.
By: Serge Vecher (serge-v) 2006-07-05 12:29:44

KNK: DONT-OPTIMIZE also needs to be selected.
By: Kaloyan Kovachev (knk) 2006-07-06 03:11:02

I guess it is better to attach it file instead of paste as note,
The first file (coredump.log) is in KWord format, so i have uploaded it again as plain text, sorry.
There are two coredumps generated: on extensions reload and on registration expire.
My guess is that it is caused from the diferent registrars of the context and extension. To confirm tried to move the sipregistranions to default context and other existing contexts and asterisk crashed again and this time on sip reload too.


By: Serge Vecher (serge-v) 2006-07-06 08:50:41

ok, can you please upload the output of 'bt full' as well? And yes, attaching logs as files are a better option ;) Thanks.
By: Kaloyan Kovachev (knk) 2006-07-07 11:53:04

sorry, i am not common with C and debuging, thus don't know how to proceed. Thanks for the patience.
By: Serge Vecher (serge-v) 2006-07-07 12:58:17

read here http://www.voip-info.org/tiki-index.php?page=Asterisk%20debugging
By: Kaloyan Kovachev (knk) 2006-07-26 05:22:01

removing MALLOC_DEBUG as compiler flag have fixed the problem.
The same worked for 7595 too.
Not sure if they both can be closed or combined as a single one about astmm.c on x86_64 machines
By: Serge Vecher (serge-v) 2006-07-26 09:06:07

I'll mark them related for now.
By: Serge Vecher (serge-v) 2006-07-26 09:11:07

KNK: will reverting to r38041 also "fix" the issue as in 7595?
By: Kaloyan Kovachev (knk) 2006-07-26 09:23:40

This bug is from r36979 - long before r38041. I think that 38041 have generated a coredump just because it uses thread keys or something else which is causing the problem when memory allocations are replaced from astmm.c
will try to find a common function used in both situations
By: Russell Bryant (russell) 2006-07-26 21:00:37

This should be fixed in 1.2 in rev 38288, and in the trunk in rev 38291.  If you are still having problems, please reopen this bug.  Thanks!