| Summary: | ASTERISK-14906: QUEUE_MEMBER and QUEUE_MEMBER_COUNT tries to destroy queue, leading to segmentation fault | ||
| Reporter: | Atis Lezdins (atis) | Labels: | |
| Date Opened: | 2009-09-29 10:12:03 | Date Closed: | 2009-11-24 14:43:02.000-0600 |
| Priority: | Critical | Regression? | No |
| Status: | Closed/Complete | Components: | Applications/app_queue |
| Versions: | Frequency of Occurrence | ||
| Related Issues: | |||
| Environment: | Attachments: | ( 0) bt.asterisk-dev-mc-2009-09-29T07:21:19-0700.12836.txt | |
| Description: | Loops for queue_function_qac and queue_function_qac_dep are identical, so both those functions should be affected. Backtrace shows that queue_unref is calling destroy_queue, which however calls queue_unref again, thus leading to recursion, limited by queue member count. Backtrace attached ****** ADDITIONAL INFORMATION ****** # 112 0x00002aaabc8331a3 in remove_from_interfaces (interface=0x2aaac400e120 "SIP/22243", lock_queue_container=1) at app_queue.c:1019 # 113 0x00002aaabc836783 in free_members (q=0x2aaaad9abcd0, all=1) at app_queue.c:1415 # 114 0x00002aaabc8367e0 in destroy_queue (obj=0x2aaaad9abcd0) at app_queue.c:1428 # 115 0x00000000004417cb in __ao2_ref (user_data=0x2aaaad9abcd0, delta=-1) at astobj2.c:278 # 116 0x000000000044170f in _ao2_ref (user_data=0x2aaaad9abcd0, delta=-1) at astobj2.c:251 # 117 0x00002aaabc830cfa in queue_unref (q=0x2aaaad9abcd0) at app_queue.c:612 # 118 0x00002aaabc833168 in interface_exists_global (interface=0x9a6e50 "SIP/22242", lock_queue_container=1) at app_queue.c:1009 # 119 0x00002aaabc8331a3 in remove_from_interfaces (interface=0x9a6e50 "SIP/22242", lock_queue_container=1) at app_queue.c:1019 # 120 0x00002aaabc836783 in free_members (q=0x2aaaad9abcd0, all=1) at app_queue.c:1415 # 121 0x00002aaabc8367e0 in destroy_queue (obj=0x2aaaad9abcd0) at app_queue.c:1428 # 122 0x00000000004417cb in __ao2_ref (user_data=0x2aaaad9abcd0, delta=-1) at astobj2.c:278 # 123 0x000000000044170f in _ao2_ref (user_data=0x2aaaad9abcd0, delta=-1) at astobj2.c:251 # 124 0x00002aaabc830cfa in queue_unref (q=0x2aaaad9abcd0) at app_queue.c:612 # 125 0x00002aaabc846cc3 in queue_function_qac_dep (chan=0x9b9188, cmd=0x40e03f00 "QUEUE_MEMBER_COUNT", data=0x40e03f13 "22902", buf=0x40e04000 "", len=4096) at app_queue.c:5225 | ||
| Comments: | By: Atis Lezdins (atis) 2009-09-29 16:20:49 It might be significant, that this crash occured just the same second, safe_asterisk started this instance (after different crash), and there were some testing calls already knocking at the door. However I tried just killing asterisk multiple times, and this couldn't be reproduced that easy. I also noticed that I have something in mmlog matching the time of this core dump. 1254234079 - New session (2009-09-29 07:21:19) WARNING: Freeing unused memory at 0x2aaaad9ac0b8, in __ao2_ref of astobj2.c, line 290 WARNING: Freeing unused memory at 0x9d4dd8, in logger_thread of logger.c, line 988 WARNING: Freeing unused memory at 0x2aaaad9abb38, in __ao2_ref of astobj2.c, line 290 WARNING: Freeing unused memory at 0x9d4dd8, in logger_thread of logger.c, line 988 WARNING: Freeing unused memory at 0x2aaaad9ac0b8, in __ao2_ref of astobj2.c, line 290 WARNING: Freeing unused memory at 0x2aaaad9abb38, in __ao2_ref of astobj2.c, line 290 WARNING: Freeing unused memory at 0x9d4dd8, in destroy_queue of app_queue.c, line 1432 WARNING: Freeing unused memory at 0x2aaaad9ac0b8, in __ao2_ref of astobj2.c, line 290 WARNING: Freeing unused memory at 0x2aaaad9abb38, in __ao2_ref of astobj2.c, line 290 WARNING: Low fence violation at 0x2aaaad9abd18, in ..Z of logger.c, line 5950484 1254234098 - New session (2009-09-29 07:21:38) By: Tilghman Lesher (tilghman) 2009-11-05 15:22:42.000-0600 I believe the fix for this and the fix for ASTERISK-14904 may be identical. By: Digium Subversion (svnbot) 2009-11-24 14:38:29.000-0600 Repository: asterisk Revision: 231134 U trunk/apps/app_queue.c ------------------------------------------------------------------------ r231134 | tilghman | 2009-11-24 14:38:27 -0600 (Tue, 24 Nov 2009) | 7 lines Found a few places where queue refcounts were counted incorrectly. Also add debug statements. (closes issue ASTERISK-14904, closes issue ASTERISK-14906) Reported by: atis Patches: 20091111__issue15982.diff.txt uploaded by tilghman (license 14) Tested by: atis ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=231134 By: Digium Subversion (svnbot) 2009-11-24 14:42:03.000-0600 Repository: asterisk Revision: 231135 _U branches/1.6.1/ U branches/1.6.1/apps/app_queue.c ------------------------------------------------------------------------ r231135 | tilghman | 2009-11-24 14:42:01 -0600 (Tue, 24 Nov 2009) | 14 lines Merged revisions 231134 via svnmerge from https://origsvn.digium.com/svn/asterisk/trunk ........ r231134 | tilghman | 2009-11-24 14:31:28 -0600 (Tue, 24 Nov 2009) | 7 lines Found a few places where queue refcounts were counted incorrectly. Also add debug statements. (closes issue ASTERISK-14904, closes issue ASTERISK-14906) Reported by: atis Patches: 20091111__issue15982.diff.txt uploaded by tilghman (license 14) Tested by: atis ........ ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=231135 By: Digium Subversion (svnbot) 2009-11-24 14:43:01.000-0600 Repository: asterisk Revision: 231136 _U branches/1.6.2/ U branches/1.6.2/apps/app_queue.c ------------------------------------------------------------------------ r231136 | tilghman | 2009-11-24 14:43:00 -0600 (Tue, 24 Nov 2009) | 14 lines Merged revisions 231134 via svnmerge from https://origsvn.digium.com/svn/asterisk/trunk ........ r231134 | tilghman | 2009-11-24 14:31:28 -0600 (Tue, 24 Nov 2009) | 7 lines Found a few places where queue refcounts were counted incorrectly. Also add debug statements. (closes issue ASTERISK-14904, closes issue ASTERISK-14906) Reported by: atis Patches: 20091111__issue15982.diff.txt uploaded by tilghman (license 14) Tested by: atis ........ ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=231136 | ||