[asterisk-bugs] [Zaptel 0010593]: Zaptel crashes kernel - zt_init_tone_state

[noreply at bugs.digium.com]

A NOTE has been added to this issue. 
====================================================================== 
http://bugs.digium.com/view.php?id=10593 
====================================================================== 
Reported By:                jmhunter
Assigned To:                mattf
====================================================================== 
Project:                    Zaptel
Issue ID:                   10593
Category:                   zaptel (the module)
Reproducibility:            sometimes
Severity:                   crash
Priority:                   normal
Status:                     assigned
Zaptel Version:             1.4.5.1  
SVN Branch (only for SVN checkouts, not tarball releases): N/A  
SVN Revision (number only!):  
Disclaimer on File?:        N/A 
Request Review:              
====================================================================== 
Date Submitted:             08-29-2007 13:02 CDT
Last Modified:              10-11-2007 19:17 CDT
====================================================================== 
Summary:                    Zaptel crashes kernel - zt_init_tone_state
Description: 
When zaptel is compiled and installed on my system, any use of my TDM400P
card will eventually lead to a kernel crash - see attached trace.

The problem is reproducible by simply picking up a Zap channel handset. It
won't always crash straight away, though. Sometimes it takes longer to
crash, sometimes it's quicker - and I also get some really strange
"dialtones" varying from complete silence, through loud single tones, right
up to weird multiple tones similar to a fax or modem.

I don't believe this to be a hardware issue, as this system has been rock
solid under an older version of zaptel. The older zaptel versions no longer
compile cleanly under current kernels, however, so it's time for me to bite
the bullet and try to track down the cause of the crash.

Any suggestions gratefully received - where do I start?!
====================================================================== 

---------------------------------------------------------------------- 
 sim - 10-11-07 19:17  
---------------------------------------------------------------------- 
Howdy... We just saw a similar crash (zt_init_tone_state+0x6) in our
production environment on a system with a TE410P and three active full
PRIs, nearly at saturation.

The stack backtrace seems mostly corrupted and the crash resulted from the
right hand side dereference of the second line in zt_init_tone_state.  EDX
was the pointer register being dereferenced as pointing to struct zt_tone,
but EDX was 0x7d797574, which sounds like a corrupted offset.  I will
attach the rest of the Oops, but it appears quite mangled.

This is from Zaptel release 1.4.3, Asterisk 1.4.11.

I see there are no comments since "patch5" -- has this fixed the problem
for the original reporter?  We will likely need to set up a test lab and
try to reproduce this here, so if more testing is needed, we can test this
patch. 

Issue History 
Date Modified   Username       Field                    Change               
====================================================================== 
10-11-07 19:17  sim            Note Added: 0071855                          
======================================================================