[Asterisk-bugs] [Asterisk 0010219]: Segmentation fault at channel.c:3275

noreply at bugs.digium.com noreply at bugs.digium.com
Thu Jul 19 11:11:57 CDT 2007 

A NOTE has been added to this issue. 
====================================================================== 
http://bugs.digium.com/view.php?id=10219 
====================================================================== 
Reported By:                rajeshcr
Assigned To:                
====================================================================== 
Project:                    Asterisk
Issue ID:                   10219
Category:                   Core/Channels
Reproducibility:            random
Severity:                   crash
Priority:                   normal
Status:                     feedback
Asterisk Version:            1.2.14  
SVN Branch (only for SVN checkouts, not tarball releases): N/A  
SVN Revision (number only!):  
Disclaimer on File?:        No 
Request Review:              
====================================================================== 
Date Submitted:             07-17-2007 11:01 CDT
Last Modified:              07-19-2007 11:11 CDT
====================================================================== 
Summary:                    Segmentation fault at channel.c:3275
Description: 

Hello,

Sometimes asterisk while getting channel information from the cli results
in seg fault crash. So far it happened two times with a gap of nearly a
month.

Every minute i run the cli command "show channels" and fetch the total
number of active channels and calls for displaying purpose.

Occasionally asterisk crashes while getting this channel information. The
gdb output showed it happened at channel.c:3275

The function at this location of channel.c is ast_bridged_channel and the
line is,

        if (bridged && bridged->tech->bridged_channel)
                bridged = bridged->tech->bridged_channel(chan, bridged);

When i investigated the problem with gdb & asterisk's core dump during
first crash,

the bridged->tech was null (0x0) and while accessing
bridged->tech->bridged_channel got "Cannot access memory at address 0xb0"


In the second time crash (happened today),
bridged->tech was not null
(gdb) print bridged->tech
$15 = (const struct ast_channel_tech *) 0xa6b636174

But when tried to access bridged->tech->bridged_channel got similar error
message,
"Cannot access memory at address 0xa6b636224"


Can anyone help me in solving this problem?


Thanks in advance
-Rajesh.


====================================================================== 

---------------------------------------------------------------------- 
 rajeshcr - 07-19-07 11:11  
---------------------------------------------------------------------- 
Ok ... I tried with the latest version of asterisk 1.2.22. The same problem
happened again. Using asterisk in pure VoIP env with SIP.

Now i'm able to reproduce it ... Here are the steps,

Caller calls a Queue
Caller gets connected to an agent
Agent conferences in with some other number.

During the time of conferencing if u execute the cmd "show channels".
It'll crash.

Using MeetMe and create conferences dynamically.
Using AgentCallbackLogin for logging in agents into ACD.


Here all the gdb outputs,

Loaded symbols for /lib64/libgcc_s.so.1
http://bugs.digium.com/view.php?id=0  0x000000000041de84 in ast_bridged_channel
(chan=0x7ec0d0) at
channel.c:3299
3299            if (bridged && bridged->tech->bridged_channel) 
(gdb) 


(gdb) bt
http://bugs.digium.com/view.php?id=0  0x000000000041de84 in ast_bridged_channel
(chan=0x7ec0d0) at
channel.c:3299
http://bugs.digium.com/view.php?id=1  0x00000000004489d8 in handle_chanlist
(fd=34, argc=0, argv=0x7ecb30)
    at cli.c:447
http://bugs.digium.com/view.php?id=2  0x000000000044b0bc in ast_cli_command
(fd=34, 
    s=0x7ec0d0 "SIP/to-bandwidth-sec-007f4530") at cli.c:1364
http://bugs.digium.com/view.php?id=3  0x000000000046c96a in netconsole
(vconsole=0x7ec0d0) at
asterisk.c:561
http://bugs.digium.com/view.php?id=4  0x00000037a09060da in start_thread () from
/lib64/tls/libpthread.so.0
http://bugs.digium.com/view.php?id=5  0x00000037a00c54f3 in clone () from
/lib64/tls/libc.so.6
http://bugs.digium.com/view.php?id=6  0x0000000000000000 in ?? ()



(gdb) bt full
http://bugs.digium.com/view.php?id=0  0x000000000041de84 in ast_bridged_channel
(chan=0x7ec0d0) at
channel.c:3299
        bridged = (struct ast_channel *) 0x7ecb30
http://bugs.digium.com/view.php?id=1  0x00000000004489d8 in handle_chanlist
(fd=34, argc=0, argv=0x7ecb30)
    at cli.c:447
        c = (struct ast_channel *) 0x7ec0d0
        bc = (struct ast_channel *) 0x0
        durbuf = "\000\000\000\000\000\000\000\000\000"
        locbuf = "2471527118:smily at agent-conference:6\000\000\000\000"
        appdata = "MeetMe(2471527118|dq)\000\000\000\200?<@", '\0'
<repeats 11 times>
        duration = 8306896
        durh = 0
        numchans = 4
        concise = 0
http://bugs.digium.com/view.php?id=2  0x000000000044b0bc in ast_cli_command
(fd=34, 
    s=0x7ec0d0 "SIP/to-bandwidth-sec-007f4530") at cli.c:1364
        argv = {0x6612f0 "show", 0x6612f5 "channels", 0x0, 0x403cdf9a
"ion\n", 
  0x403ce17f "eacxls0008", 0x403cdf80 "show channels", 
  0x403ce17f "eacxls0008", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
  0x78756e694c <Address 0x78756e694c out of bounds>, 0x0, 0x0, 
  0xffffffff <Address 0xffffffff out of bounds>, 0x0, 0x0, 0x0, 0x0, 
  0x3030736c78636100 <Address 0x3030736c78636100 out of bounds>, 
  0x37a022c5c0 "", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
---Type <return> to continue, or q <return> to quit---
  0x2d392e362e320000 <Address 0x2d392e362e320000 out of bounds>, 
  0x706d734c452e3131 <Address 0x706d734c452e3131 out of bounds>, 0x0, 0x0,

  0x403ce180 "acxls0008", 0x5fa838 "\"", 0x403cdf80 "show channels", 
  0x40040100 "", 0x0, 0x37a0048031 "H\201??", 
  0x3000000030 <Address 0x3000000030 out of bounds>, 0x403cdf70 "\"", 
  0x403cdeb0 "", 0x0, 0x0, 0x0, 
  0x5f36387800000000 <Address 0x5f36387800000000 out of bounds>, 
  0x403ce180 "acxls0008", 0x265d <Address 0x265d out of bounds>, 
  0x4bf785 "1.2.22", 0x0, 0x0, 0x0, 0x0, 
  0x6f6e280000000000 <Address 0x6f6e280000000000 out of bounds>, 
  0x29656e <Address 0x29656e out of bounds>, 0x0, 0x0, 0x0, 0x0, 0x0, 
  0x37a090b0ad "H\213D$\bH\203?(H=\001???s\001?H\213\r?N\020"}
        e = (struct ast_cli_entry *) 0x5e6c80
        x = 2
        dup = 0x6612f0 "show"
        tws = 0
        __PRETTY_FUNCTION__ = "ast_cli_command"
http://bugs.digium.com/view.php?id=3  0x000000000046c96a in netconsole
(vconsole=0x7ec0d0) at
asterisk.c:561
        con = (struct console *) 0x5fa838
        hostname = "acxls0008", '\0' <repeats 54 times>
        tmp = "show channels\000\000NIX
connection\n\000\000\000\000\000\000\000\000\000\000`?<@", '\0' <repeats 12
times>, "p?<@", '\0' <repeats 12 times>, "\200?<@", '\0' <repeats 92
times>, " \000?\232*\000\000\000??<@\000\000\000\000??<---Type <return> to
continue, or q <return> to quit---
@\000\000\000\000`?<@\000\000\000\000
\000?\232*\000\000\000??<@\000\000\000\000??<@\000\000\000\000\200?<@\000\000\000\000\204\t?\232*\000\000\000\200\t?\232*\000\000\000?\211\006?7\000\000\000\002\000\000\000\000\000\000\000Ye[\232*\000\000\000\204?<@\000\000\000\000\002\000\000\000*\000"...
        res = 926037297
        fds = {{fd = 34, events = 1, revents = 1}, {fd = 35, events = 1, 
    revents = 0}}
        __PRETTY_FUNCTION__ = "netconsole"
http://bugs.digium.com/view.php?id=4  0x00000037a09060da in start_thread () from
/lib64/tls/libpthread.so.0
No symbol table info available.
http://bugs.digium.com/view.php?id=5  0x00000037a00c54f3 in clone () from
/lib64/tls/libc.so.6
No symbol table info available.
http://bugs.digium.com/view.php?id=6  0x0000000000000000 in ?? ()
No symbol table info available. 

Issue History 
Date Modified   Username       Field                    Change               
====================================================================== 
07-19-07 11:11  rajeshcr       Note Added: 0067597                          
======================================================================

More information about the asterisk-bugs mailing list