[asterisk-bugs] [Asterisk 0012359]: Asterisk crashes after timeout / redirect / hangup when directly parking a call via AMI interface

noreply at bugs.digium.com noreply at bugs.digium.com
Fri Apr 4 07:58:18 CDT 2008 

A NOTE has been added to this issue. 
====================================================================== 
http://bugs.digium.com/view.php?id=12359 
====================================================================== 
Reported By:                pguido
Assigned To:                
====================================================================== 
Project:                    Asterisk
Issue ID:                   12359
Category:                   Resources/res_features
Reproducibility:            always
Severity:                   major
Priority:                   normal
Status:                     feedback
Asterisk Version:           1.4.18 
SVN Branch (only for SVN checkouts, not tarball releases): N/A 
SVN Revision (number only!):  
Disclaimer on File?:        N/A 
Request Review:              
====================================================================== 
Date Submitted:             04-03-2008 02:51 CDT
Last Modified:              04-04-2008 07:58 CDT
====================================================================== 
Summary:                    Asterisk crashes after timeout / redirect / hangup
when directly parking a call via AMI interface
Description: 
A (external) calls B (internal)
B directly parks the call via AMI PARK Command
In these situation Asterisk crashes
- Parking times out
- A hangs up
- B sends hangup via AMI Interface
- B sends redirect via AMI Interface

The Park command uses
Channel: <channel of A>
Channel2: <channel of B>

It seems the datastores within the channel get's corrupted.

(gdb) p *ast_channel_datastore_find::chan->datastores->first
$9 = {uid = 0x0, data = 0x17e2a527, info = 0x0, inheritance = 772014104,
entry = {next = 0x3030002e}}

Redirect Case:

The corrupted datastore:

(gdb) p *ast_channel_datastore_find::chan->datastores->first
$9 = {uid = 0x0, data = 0x17e2a527, info = 0x0, inheritance = 772014104,
entry = {next = 0x3030002e}}

(gdb) p *ast_channel_datastore_find::chan->datastores->first->entry->next
Cannot access memory at address 0x3030002e

Backtrace:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1215976560 (LWP 1522)]
0x080865f7 in ast_channel_datastore_find (chan=0x969a0b0, info=0x81544e0,
uid=0x0) at channel.c:1356
1356            AST_LIST_TRAVERSE_SAFE_BEGIN(&chan->datastores, datastore,
entry) {
(gdb) backtrace
http://bugs.digium.com/view.php?id=0  0x080865f7 in ast_channel_datastore_find
(chan=0x969a0b0,
info=0x81544e0, uid=0x0) at channel.c:1356
http://bugs.digium.com/view.php?id=1  0x003b39c6 in dial_exec_full
(chan=0x969a0b0, data=0xb7852e48,
peerflags=0xb7850d14, continue_exec=0x0) at app_dial.c:1133
http://bugs.digium.com/view.php?id=2  0x003b74d2 in dial_exec (chan=0x969a0b0,
data=0xb7852e48) at
app_dial.c:1760
http://bugs.digium.com/view.php?id=3  0x080cd4da in pbx_exec (c=0x969a0b0,
app=0x9639f30, data=0xb7852e48)
at pbx.c:532
http://bugs.digium.com/view.php?id=4  0x080d11f6 in pbx_extension_helper
(c=0x969a0b0, con=0x0,
context=0x969a2f0 "macro-intern_dial_m", exten=0x969a340 "s", priority=3,
label=0x0, 
    callerid=0x9688788 "0061313279755", action=E_SPAWN) at pbx.c:1851
http://bugs.digium.com/view.php?id=5  0x080d253b in ast_spawn_extension
(c=0x969a0b0, context=0x969a2f0
"macro-intern_dial_m", exten=0x969a340 "s", priority=3, 
    callerid=0x9688788 "0061313279755") at pbx.c:2306
http://bugs.digium.com/view.php?id=6  0x00215f83 in _macro_exec (chan=0x969a0b0,
data=0xb7857f38,
exclusive=0) at app_macro.c:308
http://bugs.digium.com/view.php?id=7  0x00216ca2 in macro_exec (chan=0x969a0b0,
data=0xb7857f38) at
app_macro.c:486
http://bugs.digium.com/view.php?id=8  0x080cd4da in pbx_exec (c=0x969a0b0,
app=0x9631b10, data=0xb7857f38)
at pbx.c:532
http://bugs.digium.com/view.php?id=9  0x080d11f6 in pbx_extension_helper
(c=0x969a0b0, con=0x0,
context=0x969a2f0 "macro-intern_dial_m", exten=0x969a340 "s", priority=1,
label=0x0, 
    callerid=0x9688788 "0061313279755", action=E_SPAWN) at pbx.c:1851
http://bugs.digium.com/view.php?id=10
0x080d253b in ast_spawn_extension (c=0x969a0b0, context=0x969a2f0
"macro-intern_dial_m", exten=0x969a340 "s", priority=1, 
    callerid=0x9688788 "0061313279755") at pbx.c:2306
http://bugs.digium.com/view.php?id=11 0x080d2a67 in __ast_pbx_run (c=0x969a0b0)
at pbx.c:2408
http://bugs.digium.com/view.php?id=12 0x080d3883 in pbx_thread (data=0x969a0b0)
at pbx.c:2623
http://bugs.digium.com/view.php?id=13 0x08116085 in dummy_start (data=0x9688760)
at utils.c:852
http://bugs.digium.com/view.php?id=14 0x00a7045b in start_thread () from
/lib/libpthread.so.0
http://bugs.digium.com/view.php?id=15 0x009c824e in clone () from /lib/libc.so.6

Hangup case Backtrace:

http://bugs.digium.com/view.php?id=0  0x00392402 in __kernel_vsyscall ()
http://bugs.digium.com/view.php?id=1  0x00922ba0 in raise () from /lib/libc.so.6
http://bugs.digium.com/view.php?id=2  0x009244b1 in abort () from /lib/libc.so.6
http://bugs.digium.com/view.php?id=3  0x00958dfb in __libc_message () from
/lib/libc.so.6
http://bugs.digium.com/view.php?id=4  0x00960aa6 in _int_free () from
/lib/libc.so.6
http://bugs.digium.com/view.php?id=5  0x00963fc0 in free () from /lib/libc.so.6
http://bugs.digium.com/view.php?id=6  0x08081efb in ast_channel_free
(chan=0xa37120) at channel.c:1295
http://bugs.digium.com/view.php?id=7  0x0808473b in ast_hangup (chan=0xa052b70)
at channel.c:1496
http://bugs.digium.com/view.php?id=8  0x00348313 in do_parking_thread
(ignore=0x0) at res_features.c:1752
http://bugs.digium.com/view.php?id=9  0x080f97fb in dummy_start (data=0x9fc3620)
at utils.c:852 http://bugs.digium.com/view.php?id=10
0x00a7045b in start_thread () from /lib/libpthread.so.0
http://bugs.digium.com/view.php?id=11 0x009c824e in clone () from /lib/libc.so.6



====================================================================== 

---------------------------------------------------------------------- 
 nreinartz - 04-04-08 07:58  
---------------------------------------------------------------------- 
Created a patch to fix the software crash described above.
This patch has been tested with 1.4.18.1. It works but I don't know if
there are some negative effects.
Its more a dirty workaround as it doesn't fix the problem which is more
general.
How should data stores be handled if they are duplicated by masquerade of
a channel? 

Issue History 
Date Modified   Username       Field                    Change               
====================================================================== 
04-04-08 07:58  nreinartz      Note Added: 0085026                          
======================================================================

More information about the asterisk-bugs mailing list