| Summary: | ASTERISK-24444: PBX: Crash when generating extension for pattern matching hint | ||||||
| Reporter: | Leandro Dardini (ldardini) | Labels: | |||||
| Date Opened: | 2014-10-22 10:23:18 | Date Closed: | 2014-11-12 10:13:22.000-0600 | ||||
| Priority: | Major | Regression? | |||||
| Status: | Closed/Complete | Components: | Core/PBX | ||||
| Versions: | 11.13.1 12.6.1 | Frequency of Occurrence | Frequent | ||||
| Related Issues: |
| ||||||
| Environment: | Linux CentOS 6.5 Kernel 2.6.32-431.11.2.el6.x86_64 | Attachments: | ( 0) backtrace.txt ( 1) backtrace11.txt | ||||
| Description: | Asterisk crashes in the middle of the normal daily calls from clients. The crash has been noticed on both 12.6.1 and 11.13.1 | ||||||
| Comments: | By: Leandro Dardini (ldardini) 2014-10-22 10:24:58.784-0500 Backtrace created using gdb -se "asterisk" -ex "bt full" -ex "thread apply all bt" --batch -c core > /tmp/backtrace.txt By: Leandro Dardini (ldardini) 2014-10-22 10:39:43.796-0500 In case it is needed, this is my extensions.conf, used only for hint processing. {quote} {noformat} # cat /etc/asterisk/extensions.conf {noformat} {noformat} [globals] [authenticated] exten => _.,hint,Custom:$\{EXTEN\} {noformat} {quote} extensions.ael is the one used for the call logic and this is its start: {quote} {noformat} _X. => { NoOp(Received a call from peer $\{CHANNEL(peername)\} with CID $\{CALLERID(num)\} $\{CALLERID(name)\} to number $\{EXTEN\} for accountcode $\{CDR(accountcode)\} with SIP CALL ID $\{SIPCALLID\} requesting for a max duration of $\{SETTIMEOUT\} SETPEERNAME=$\{SETPEERNAME\}); NoOp(Transfer: $\{BLINDTRANSFER\} - $\{TRANSFERED_BY\} - $\{TRANSFER_CONTEXT\} - $\{CALLERID(RDNIS)\}); Set(TTL=$\{MAXTTL\}); Set(TENANTID=$\{ODBC_TENANTID_FROM_ACCOUNTCODE($\{CDR\(accountcode)\})\}); ... {noformat} {quote} By: Leandro Dardini (ldardini) 2014-10-24 16:18:54.457-0500 Backtrace from asterisk 11.13.1 By: Matt Jordan (mjordan) 2014-10-28 11:30:07.526-0500 In a core file generated from the crash, can you print out the following using {{gdb}}: {noformat} # frame 6 # print *m2 # print *e1 # print *m2->exten # print m2->exten->exten {noformat} By: Leandro Dardini (ldardini) 2014-10-28 11:59:19.981-0500 I am not really sure to have made the required steps. I run on asterisk 11 server: {noformat} gdb -se "asterisk" -c core {noformat} and then: {noformat} (gdb) frame 6 #6 0x000000000052f82a in create_match_char_tree (con=0x100000000) at pbx.c:2431 2431 while ((e1 = ast_hashtab_next(t1))) { (gdb) print *m2 No symbol "m2" in current context. (gdb) print *e1 $1 = {exten = 0x7f1a52750560 "100-autolabcoldwater ", matchcid = 0, cidmatch = 0x0, priority = 0, label = 0x0, parent = 0x0, app = 0x0, cached_app = 0x0, data = 0x0, datad = 0, peer = 0x0, peer_table = 0x0, peer_label_table = 0x0, registrar = 0x0, next = 0x0, stuff = 0x7f1a52750960 "`\005uR\032\177"} (gdb) print *m2->exten No symbol "m2" in current context. (gdb) print *m2->exten->exten No symbol "m2" in current context. {noformat} On asterisk 12: {noformat} (gdb) frame 6 #6 0x00000000005643c2 in add_exten_to_pattern_tree (con=0x2768fd0, e1=0x7fedf428f5d0, findonly=0) at pbx.c:2402 2402 ast_log(LOG_WARNING, "Found duplicate exten. Had %s found %s\n", (gdb) print *m2 $1 = {is_pattern = 0, deleted = 0, specificity = 1, alt_char = 0x0, next_char = 0x0, exten = 0x7fedf416c680, x = "6"} (gdb) print *e1 $2 = {exten = 0x7fedf428f648 "(613)235-0056", matchcid = 0, cidmatch = 0x7fedf428f656 "", priority = -1, label = 0x0, parent = 0x2768fd0, app = 0x7fedf428f657 "Custom:(613) 235-0056", cached_app = 0x0, data = 0x7fedf4419670, datad = 0x42f2b0 <free@plt>, peer = 0x0, peer_table = 0x0, peer_label_table = 0x0, registrar = 0x7fee50fbf820 "pbx_config", next = 0x0, stuff = 0x7fedf428f5d0 "H\366(\364\355\177"} (gdb) print *m2->exten $3 = {exten = 0x1 <Address 0x1 out of bounds>, matchcid = 4571731, cidmatch = 0xe8 <Address 0xe8 out of bounds>, priority = 2, label = 0x690b20 "\370\331E", parent = 0x0, app = 0x515f8d "UH\211\345H\203\354@H\211}\330H\211uЉU\314H\213E\320H\211E\350H\213E\330H\211E\360H\213U\360H\213E\350H\211\326H\211\307\350\335\304\377\377\211E\374\203}", <incomplete sequence \374>, cached_app = 0x0, data = 0x0, datad = 0x515fe0 <hash_cb>, peer = 0xb, peer_table = 0x0, peer_label_table = 0x0, registrar = 0x0, next = 0x0, stuff = 0x7fedf416c680 "\001"} (gdb) print *m2->exten->exten Cannot access memory at address 0x1 {noformat} Unfortunately I had to put a dirty patch on the server because it was a production server. I instructed my client to fix its phone by removing the spaces in the BLF monitoring extension and I commented out the ast_log(LOG_WARNING, "Found duplicate exten. Had %s found %s\n" instructions in the code. Since then, I had no other core dumps. By: Joshua C. Colp (jcolp) 2014-11-10 08:02:52.485-0600 A patch which resolves this crash is now available at https://reviewboard.asterisk.org/r/4162/ | ||||||