[asterisk-bugs] [Asterisk 0017692]: [patch] subchannel remains half-open after call transfer
Asterisk Bug Tracker
noreply at bugs.digium.com
Tue Jul 27 16:53:43 CDT 2010
A NOTE has been added to this issue.
======================================================================
https://issues.asterisk.org/view.php?id=17692
======================================================================
Reported By: jmhunter
Assigned To:
======================================================================
Project: Asterisk
Issue ID: 17692
Category: Channels/chan_skinny
Reproducibility: always
Severity: minor
Priority: normal
Status: ready for testing
Asterisk Version: SVN
JIRA: SWP-1960
Regression: No
Reviewboard Link:
SVN Branch (only for SVN checkouts, not tarball releases): trunk
SVN Revision (number only!): 278578
Request Review:
======================================================================
Date Submitted: 2010-07-23 18:02 CDT
Last Modified: 2010-07-27 16:53 CDT
======================================================================
Summary: [patch] subchannel remains half-open after call
transfer
Description:
Call transfers don't seem to work properly using chan_skinny.
To reproduce:
[ jmhtest1 is a Skinny phone (Cisco 7905G) ]
[ 5022 is a DAHDI-connected analogue handset ]
1. jmhtest1 picks up handset and calls 6001 (music on hold)
2. jmhtest1 presses 'Transfer'
3. jmhtest1 dials 5022
4. 5022 picks up
5. jmhtest1 presses 'Transfer'
6. jmhtest1 replaces handset in cradle
At this point, jmhtest1 still shows "Connected" on its display, and now
won't give out a dialtone when handset is picked up. Pressing the 'EndCall'
softkey leads to messages such as:
[Jul 23 23:26:21] WARNING[19173]: chan_skinny.c:1673
find_subchannel_by_instance_reference: Could not find subchannel with
reference '1' on 'jmhtest1'
Received Softkey Event: End Call(1/1)
[Jul 23 23:26:22] WARNING[19173]: chan_skinny.c:1673
find_subchannel_by_instance_reference: Could not find subchannel with
reference '1' on 'jmhtest1'
Received Softkey Event: End Call(1/1)
Hanging up 5022 (the recipient of the call transfer) does not make any
difference, jmhtest1 still does not work and I have to reboot the phone.
Trying a blind transfer (missing out step 5 above) seems to be a bit hit
and miss - this either works fine, or places the call on hold. It's done
both for me at various times, I think it's to do with whether Asterisk has
crashed recently (see https://issues.asterisk.org/view.php?id=17680).
In addition, at step 3 above, I can hear the audio from the original call
to 6001, as well as the audio from 5022 (where I am transferring to). That
surely shouldn't happen - jmhtest1 should talk to 5022 and only 5022 at
that point, right?
======================================================================
----------------------------------------------------------------------
(0125151) jmhunter (reporter) - 2010-07-27 16:53
https://issues.asterisk.org/view.php?id=17692#c125151
----------------------------------------------------------------------
Thanks! The patch applies OK, with the addition of a ",NULL)" to the
skinny_new call.
I have just tried again, using another DAHDI handset instead of music on
hold, but I can't see a measurable difference :-(
In fact, I have since then managed to trigger a double free error, and a
coredump. The double free happened when the transfer 'target' (5022,
DAHDI/7-1) hung up before the original call recipient (DAHDI/1-1):
-- Stopped music on hold on DAHDI/1-1
-- Native bridging DAHDI/7-1 and DAHDI/1-1
[Jul 27 22:39:37] WARNING[31737]: chan_dahdi.c:4630 dahdi_enable_ec:
Unable to enable echo cancellation on channel 7 (No such device)
[Jul 27 22:39:37] WARNING[31737]: chan_dahdi.c:4630 dahdi_enable_ec:
Unable to enable echo cancellation on channel 1 (No such device)
[Jul 27 22:39:37] ERROR[31737]: astobj2.c:258 internal_ao2_ref: refcount
-1 on object 0xd60d890
gmpbx*CLI> *** glibc detected *** /usr/sbin/asterisk: double free or
corruption (!prev): 0x0d60d258 ***
======= Backtrace: =========
/lib/libc.so.6[0x2f4a96]
/lib/libc.so.6(cfree+0x90)[0x2f7fb0]
/usr/sbin/asterisk[0x8085e40]
/usr/sbin/asterisk(__ao2_ref+0x35)[0x8085d2c]
/usr/sbin/asterisk(ast_channel_release+0x2e)[0x80ab839]
/usr/lib/asterisk/modules/cdr_custom.so[0x525252]
/usr/sbin/asterisk[0x80a25ea]
/usr/sbin/asterisk(ast_cdr_detach+0xcd)[0x80a2f06]
/usr/sbin/asterisk(ast_bridge_call+0x1f88)[0x80f40b0]
/usr/lib/asterisk/modules/app_dial.so[0xb4d38a]
/usr/lib/asterisk/modules/app_dial.so[0xb4dd34]
/usr/sbin/asterisk(pbx_exec+0x1ea)[0x8130372]
/usr/sbin/asterisk[0x8139632]
/usr/sbin/asterisk(ast_spawn_extension+0x53)[0x813ae84]
/usr/sbin/asterisk[0x813b80c]
/usr/sbin/asterisk(ast_pbx_run_args+0x37)[0x813d3f5]
/usr/sbin/asterisk(ast_pbx_run+0x19)[0x813d421]
/usr/lib/asterisk/modules/chan_skinny.so[0x66a1a2]
/usr/lib/asterisk/modules/chan_skinny.so[0x66a6d8]
/usr/sbin/asterisk[0x818d56e]
/lib/libpthread.so.0[0x41945b]
/lib/libc.so.6(clone+0x5e)[0x35c23e]
The core dump happened when trying to replicate this.
Possibly related info: The core dump was generated after rebooting the
skinny handset (I couldn't initiate another call, because the subchannel
had been left hanging around).. Perhaps Asterisk had got itself confused?
Issue History
Date Modified Username Field Change
======================================================================
2010-07-27 16:53 jmhunter Note Added: 0125151
======================================================================
More information about the asterisk-bugs
mailing list