[asterisk-bugs] [Asterisk 0017588]: [patch] crash if 'dahdi destroy channel' destroys a channel in a call
Asterisk Bug Tracker
noreply at bugs.digium.com
Wed Jul 7 14:12:10 CDT 2010
A NOTE has been added to this issue.
======================================================================
https://issues.asterisk.org/view.php?id=17588
======================================================================
Reported By: tzafrir
Assigned To:
======================================================================
Project: Asterisk
Issue ID: 17588
Category: Channels/chan_dahdi
Reproducibility: always
Severity: minor
Priority: normal
Status: ready for testing
Asterisk Version: SVN
JIRA: SWP-1820
Regression: No
Reviewboard Link:
SVN Branch (only for SVN checkouts, not tarball releases): trunk
SVN Revision (number only!): 273830
Request Review:
======================================================================
Date Submitted: 2010-07-06 05:16 CDT
Last Modified: 2010-07-07 14:12 CDT
======================================================================
Summary: [patch] crash if 'dahdi destroy channel' destroys a
channel in a call
Description:
Using 'dahdi destroy channel' to destroy a channel in which there is an
active call causes Asterisk to crash. A symptom-fixing patch included.
======================================================================
----------------------------------------------------------------------
(0124316) tzafrir (manager) - 2010-07-07 14:12
https://issues.asterisk.org/view.php?id=17588#c124316
----------------------------------------------------------------------
That specific fix is still not good enough. Here's another crahs scenario I
have:
I have a quad-BRI device with spans 1-8 . I have a loop from span 1
(net_bri_ptmp) to span 3 (cpe_bri_ptmp). I start a call from Echo in one to
Echo in the other:
*CLI> originate DAHDI/1/600 application Echo
*CLI> core show channels
Channel Location State Application(Data)
DAHDI/i1/600-1 s at from-pstn:1 Up Echo()
DAHDI/i3/-1 600 at from-pstn:1 Up Playback(demo-echotest)
2 active channels
1 active call
1 call processed
*CLI> dahdi destroy channel 1
*CLI> core show channels
Channel Location State Application(Data)
DAHDI/i3/-1 600 at from-pstn:2 Up Echo()
1 active channel
1 active call
1 call processed
Command 'module unload chan_dahdi.so ' failed.
*CLI> [Jul 7 21:52:57] WARNING[14542]: loader.c:505 ast_unload_resource:
Soft unload failed, 'chan_dahdi.so' has use count 1
*CLI> dahdi destroy channel 2
*CLI> module unload chan_dahdi.so
Unloaded chan_dahdi.so
(After a second or so)
*CLI> /usr/src/git/asterisk/contrib/scripts/live_ast: line 185: 14542
Segmentation fault (core dumped) $AST_BIN -C $AST_CONF "$@"
In the core I see:
https://issues.asterisk.org/view.php?id=0 0x080bb7be in ast_hangup
(chan=0xb1d02320) at channel.c:2378
2378 if (chan->tech->hangup)
(gdb) bt
https://issues.asterisk.org/view.php?id=0 0x080bb7be in ast_hangup
(chan=0xb1d02320) at channel.c:2378
https://issues.asterisk.org/view.php?id=1 0x0814755d in __ast_pbx_run
(c=0xb1d02320, args=0x0) at pbx.c:4850
https://issues.asterisk.org/view.php?id=2 0x08148750 in pbx_thread
(data=0xb1d02320) at pbx.c:4942
https://issues.asterisk.org/view.php?id=3 0x08188fcb in dummy_start
(data=0xb1d05db0) at utils.c:971
https://issues.asterisk.org/view.php?id=4 0xb7c944c0 in start_thread () from
/lib/i686/cmov/libpthread.so.0
https://issues.asterisk.org/view.php?id=5 0xb6eb384e in clone () from
/lib/i686/cmov/libc.so.6
(gdb) print chan
$1 = (struct ast_channel *) 0xb1d02320
(gdb) print chan->tech
$2 = (const struct ast_channel_tech *) 0xb5ce1080
(gdb) print *chan->tech
Cannot access memory at address 0xb5ce1080
(gdb) print *chan
$3 = {tech = 0xb5ce1080, tech_pvt = 0x0, music_state = 0x0,
generatordata = 0x0, generator = 0x0, _bridge = 0x0, masq = 0x0,
masqr = 0x0, blockproc = 0x81c1506 "ast_waitfor_nandfds", appl = 0x0,
data = 0x0, sched = 0x0, stream = 0x0, vstream = 0x0, timingfunc = 0,
timingdata = 0x0, pbx = 0x0, writetrans = 0x0, readtrans = 0x0,
audiohooks = 0x0, cdr = 0xb1d04068, zone = 0x0, monitor = 0x0,
__field_mgr_pool = 0xb1d03e90, name = 0xb1d03ec0 "DAHDI/i3/-1",
language = 0xb1d03ece "en", musicclass = 0x82300a6 "",
accountcode = 0x82300a6 "", peeraccount = 0x82300a6 "",
userfield = 0x82300a6 "", call_forward = 0x82300a6 "",
uniqueid = 0xb1d03ea2 "1278528740.1", linkedid = 0xb1d03eb1
"1278528740.1",
parkinglot = 0x82300a6 "", hangupsource = 0x82300a6 "",
dialcontext = 0x82300a6 "", __field_mgr = {last_alloc = 0xb1d03ece
"en",
embedded_pool = 0x0}, whentohangup = {tv_sec = 0, tv_usec = 0},
blocker = 2964937616, cid = {cid_dnid = 0xb1d01cb8 "600",
cid_num = 0xb1d004a0 "", cid_name = 0xb1d00468 "",
cid_ani = 0xb1d01cc8 "", cid_pres = 64, cid_ani2 = 0, cid_ton = 1,
cid_tns = 0, cid_tag = 0xb1d01cd8 "", subaddress = {str = 0x0, type =
0,
odd_even_indicator = 0 '\0', valid = 0 '\0'}, dialed_subaddress = {
str = 0x0, type = 0, odd_even_indicator = 0 '\0', valid = 0 '\0'}},
connected = {id = {number = 0x0, name = 0x0, tag = 0x0, subaddress = {
str = 0x0, type = 0, odd_even_indicator = 0 '\0', valid = 0
'\0'},
number_type = 0, number_presentation = 0}, ani = 0x0, ani2 = 0,
source = 0}, redirecting = {from = {number = 0x0, name = 0x0, tag =
0x0,
subaddress = {str = 0x0, type = 0, odd_even_indicator = 0 '\0',
valid = 0 '\0'}, number_type = 0, number_presentation = 0}, to =
{
number = 0x0, name = 0x0, tag = 0x0, subaddress = {str = 0x0, type =
0,
odd_even_indicator = 0 '\0', valid = 0 '\0'}, number_type = 0,
number_presentation = 0}, count = 0, reason = 0}, dtmff = {
frametype = 0, subclass = {integer = 0, codec = 0}, datalen = 0,
samples = 0, mallocd = 0, mallocd_hdr_len = 0, offset = 0, src = 0x0,
data = {ptr = 0x0, uint32 = 0, pad = "\000\000\000\000\000\000\000"},
delivery = {tv_sec = 0, tv_usec = 0}, frame_list = {next = 0x0},
flags = 0, ts = 0, len = 0, seqno = 0}, varshead = {first =
0xb97b018,
last = 0xb1d05ab0}, callgroup = 0, pickupgroup = 0, readq = {
first = 0xbb6b3e0, last = 0xbb601e0}, jb = {conf = {flags = 0,
max_size = -1, resync_threshold = -1, impl = '\0' <repeats 11
times>,
target_extra = -1}, impl = 0x0, jbobj = 0x0, timebase = {tv_sec =
0,
tv_usec = 0}, next = 0, last_format = 0, logfile = 0x0, flags = 0},
dtmf_tv = {tv_sec = 0, tv_usec = 0}, datastores = {first = 0xb1d047f8,
last = 0xb1d047f8}, autochans = {first = 0x0, last = 0x0}, insmpl =
0,
outsmpl = 0, fds = {23, -1, -1, -1, -1, -1, -1, -1, 106, -1},
_softhangup = 16, fdno = 8, streamid = -1, vstreamid = 0,
oldwriteformat = 8, timingfd = 106, _state = AST_STATE_UP, rings = 1,
priority = 2, macropriority = 0, amaflags = 3,
adsicpe = AST_ADSI_UNAVAILABLE, fin = 3025, fout = 3020, hangupcause =
0,
delivery = {tv_sec = 0, tv_usec = 0}, frame_list = {next = 0x0},
flags = 0, ts = 0, len = 0, seqno = 0}, varshead = {first =
0xb97b018,
last = 0xb1d05ab0}, callgroup = 0, pickupgroup = 0, readq = {
first = 0xbb6b3e0, last = 0xbb601e0}, jb = {conf = {flags = 0,
max_size = -1, resync_threshold = -1, impl = '\0' <repeats 11
times>,
target_extra = -1}, impl = 0x0, jbobj = 0x0, timebase = {tv_sec =
0,
tv_usec = 0}, next = 0, last_format = 0, logfile = 0x0, flags = 0},
dtmf_tv = {tv_sec = 0, tv_usec = 0}, datastores = {first = 0xb1d047f8,
last = 0xb1d047f8}, autochans = {first = 0x0, last = 0x0}, insmpl =
0,
outsmpl = 0, fds = {23, -1, -1, -1, -1, -1, -1, -1, 106, -1},
_softhangup = 16, fdno = 8, streamid = -1, vstreamid = 0,
oldwriteformat = 8, timingfd = 106, _state = AST_STATE_UP, rings = 1,
priority = 2, macropriority = 0, amaflags = 3,
adsicpe = AST_ADSI_UNAVAILABLE, fin = 3025, fout = 3020, hangupcause =
0,
flags = 32, alertpipe = {-1, -1}, nativeformats = 8, readformat = 8,
writeformat = 8, rawreadformat = 8, rawwriteformat = 8,
emulate_dtmf_duration = 0, visible_indication = 0, transfercapability =
0,
bridge = 0x0, timer = 0xb1d004b0,
context = "from-pstn", '\0' <repeats 70 times>,
exten = "600", '\0' <repeats 76 times>,
macrocontext = '\0' <repeats 79 times>,
macroexten = '\0' <repeats 79 times>, emulate_dtmf_digit = 0 '\0'}
Issue History
Date Modified Username Field Change
======================================================================
2010-07-07 14:12 tzafrir Note Added: 0124316
======================================================================
More information about the asterisk-bugs
mailing list