| Summary: | ASTERISK-10803: Asterisk crashed on reloading | ||
| Reporter: | Igor Goncharovsky (igorg) | Labels: | |
| Date Opened: | 2007-11-19 03:46:18.000-0600 | Date Closed: | 2007-11-21 18:14:07.000-0600 |
| Priority: | Critical | Regression? | No |
| Status: | Closed/Complete | Components: | PBX/General |
| Versions: | Frequency of Occurrence | ||
| Related Issues: | |||
| Environment: | Attachments: | ( 0) crash_reload_2.txt ( 1) crash_reload.txt ( 2) main.pbx.c.patch ( 3) main.pbx.c.v2.diff ( 4) pbx.pbx_config.c.diff | |
| Description: | On every reload asterisk crash. Back trace attached. I have following on console: WARNING: Realloc of unalloced memory at 0x834cc60, in ast_str_make_space of /usr/src/voip/asterisk-trunk/asterisk-89394.orig/include/asterisk/strings.h, line 403 Segmentation fault (core dumped) | ||
| Comments: | By: Yuri (ys) 2007-11-19 07:20:08.000-0600 This happen, if in context exist only one extension record. at function ast_context_remove_extension2() in main/pbx.c if previous_peer, peer->peer and peer->next are NULL. By: Yuri (ys) 2007-11-19 08:02:28.000-0600 Also. test case: *CLI> dialplan add extension 1,1,hangup(), into test Extension '1,1,hangup,' added into 'test' context -- *Added extension '1' priority 1 to test CLI> dialplan add extension 1,1,hangup(), into test asterisk in free(): error: modified (chunk-) pointer Abort trap (core dumped) By: Eliel Sardanons (eliel) 2007-11-19 11:44:17.000-0600 This is a duplicate of ASTERISK-10798 By: Yuri (ys) 2007-11-19 13:24:10.000-0600 this is not duplicate. But You patch not resolve ploblem with hash table insert/delete. By: Eliel Sardanons (eliel) 2007-11-19 13:36:36.000-0600 IgorG's reported bug and uploaded backtrace is a duplicate of issue ASTERISK-10798 already fixed by murf on svn trunk, if you have another crash while doing a 'dialplan add' open another bug report or read bug-guidelines to upload a backtrace to work with. By: Eliel Sardanons (eliel) 2007-11-19 13:46:13.000-0600 fixed in: http://svn.digium.com/view/asterisk/trunk/main/pbx.c?r1=89388&r2=89422 By: Eliel Sardanons (eliel) 2007-11-19 13:46:46.000-0600 ys: Your 'test' context is empty? or it has one extension configured? By: Igor Goncharovsky (igorg) 2007-11-19 21:41:24.000-0600 Ok, updated trunk. Now it crashed in other way. I need to make "reload" from 2 to 5 times to make it crashed. Bt attached. By: Yuri (ys) 2007-11-20 06:27:09.000-0600 eliel: yes, empty context. Try to test this sequence: dialplan add extension 1,1,hangup(), into test dialplan remove extension 1@test dialplan add extension 1,1,hangup(), into test This reproduce coredump posted by IgorG. By: Eliel Sardanons (eliel) 2007-11-20 07:52:06.000-0600 great, the problem is that we are leaving a pointer in limbo while removing the extension. I will review again the code. Thanks By: Eliel Sardanons (eliel) 2007-11-20 16:46:06.000-0600 Uff, I think I found the problem, try the uploaded patch (main.pbx.c.patch) By: Eliel Sardanons (eliel) 2007-11-20 17:03:38.000-0600 Ups... this will solve the problem but isn't the solution. don't try it, isn't the final patch. By: Yuri (ys) 2007-11-21 07:15:36.000-0600 I make tweak changes in pbx/pbx_config.c for elimination this problem: *CLI> dialplan add extension 1,1,hangup(), into test -- Added extension '1' priority 1 to test Extension '1,1,hangup,' added into 'test' context *CLI> dialplan remove extension 1@test asterisk in free(): error: modified (chunk-) pointer Abort trap (core dumped) see uploaded file: pbx.pbx_config.c.diff By: Yuri (ys) 2007-11-21 08:08:56.000-0600 I, found, if first extension added in context, created following hashtab entry in ast_add_extension2(): con->root_tree con->root->peer_tree con->root->peer_label_tree And, if we destroy last (or all) extensions from context, hastab con->root_tree are not destroyed. I upload main.pbx.c.v2.diff, that fix coredump problem in my workspace. By: Eliel Sardanons (eliel) 2007-11-21 08:47:51.000-0600 Also if priority != 0 you will need to + if (con->root_tree) { + ast_hashtab_destroy(con->root_tree, 0); + } IF con->root becomes NULL. By: Eliel Sardanons (eliel) 2007-11-21 08:49:25.000-0600 I come to the same 'workaround' but I think the problem is not there, con->root_tree should be freed in another place (when removing every extension and we remove the last extension con->root_tree should be freed) By: Digium Subversion (svnbot) 2007-11-21 14:35:39.000-0600 Repository: asterisk Revision: 89505 U trunk/main/pbx.c ------------------------------------------------------------------------ r89505 | murf | 2007-11-21 14:35:38 -0600 (Wed, 21 Nov 2007) | 1 line closes issue ASTERISK-10803; the proposed patch was a good guess, and would solve the bug to some extent, but was really masking the real issue, that there were bad entries in the table. This fix removes the condition that the hashtab updates be done on exten removal only when the pattern_tree was present, which is silly. The operations that apply to the pattern tree are instead made conditional. Also, threw back in routines that kpfleming deleted because of probs in the 64-bit world. Tested on both 32 and 64-bit machines (compile). Tested the reload problem with over 20 reloads, and no problems. If you find more problems, please reopen 11290. ------------------------------------------------------------------------ | ||