[asterisk-dev] Asterisk 11 crashing on Hangup()

Pavel Troller patrol at sinus.cz
Wed Dec 19 07:42:12 CST 2012 

i!
  On a highly loaded system, I see occasional crashes. gdb shows:
(gdb) bt
#0  0x000000000048a451 in ast_bridged_channel (chan=0x3ba74d8) at channel.c:7403
#1  0x000000000047b6b5 in ast_set_hangupsource (chan=0x3ba74d8, source=0x5f3fd3 "dialplan/builtin", force=0) at channel.c:2721
#2  0x000000000054ff3d in pbx_builtin_hangup (chan=0x3ba74d8, data=0x4498f040 "16") at pbx.c:10624
#3  0x000000000052fa05 in pbx_exec (c=0x3ba74d8, app=0x1c682f0, data=0x4498f040 "16") at pbx.c:1594
#4  0x000000000053a674 in pbx_extension_helper (c=0x3ba74d8, con=0x0, context=0x3ba8328 "macro-incept", exten=0x3ba8378 "s", priority=43, label=0x0, callerid=0x7f3f6d0c3450 "00919820014701", action=E_SPAWN, found=0x4499169c,
    combined_find_spawn=1) at pbx.c:4447
#5  0x000000000053dc70 in ast_spawn_extension (c=0x3ba74d8, context=0x3ba8328 "macro-incept", exten=0x3ba8378 "s", priority=43, callerid=0x7f3f6d0c3450 "00919820014701", found=0x4499169c, combined_find_spawn=1) at pbx.c:5563
#6  0x00007f3f773e31e2 in _macro_exec (chan=0x3ba74d8, data=0x449943c0 "incept,,", exclusive=0) at app_macro.c:412
#7  0x00007f3f773e438f in macro_exec (chan=0x3ba74d8, data=0x449943c0 "incept,,") at app_macro.c:585
#8  0x000000000052fa05 in pbx_exec (c=0x3ba74d8, app=0x1df5820, data=0x449943c0 "incept,,") at pbx.c:1594
#9  0x000000000053a674 in pbx_extension_helper (c=0x3ba74d8, con=0x0, context=0x3ba8328 "macro-incept", exten=0x3ba8378 "s", priority=129, label=0x0, callerid=0x7f3f6d0c3450 "00919820014701", action=E_SPAWN, found=0x44996a3c,
    combined_find_spawn=1) at pbx.c:4447
#10 0x000000000053dc70 in ast_spawn_extension (c=0x3ba74d8, context=0x3ba8328 "macro-incept", exten=0x3ba8378 "s", priority=129, callerid=0x7f3f6d0c3450 "00919820014701", found=0x44996a3c, combined_find_spawn=1) at pbx.c:5563
#11 0x00007f3f773e31e2 in _macro_exec (chan=0x3ba74d8, data=0x44999760 "stddest,.*,y,DAHDI/g2,,3,8,20,0,,0,,EF", exclusive=0) at app_macro.c:412
#12 0x00007f3f773e438f in macro_exec (chan=0x3ba74d8, data=0x44999760 "stddest,.*,y,DAHDI/g2,,3,8,20,0,,0,,EF") at app_macro.c:585
#13 0x000000000052fa05 in pbx_exec (c=0x3ba74d8, app=0x1df5820, data=0x44999760 "stddest,.*,y,DAHDI/g2,,3,8,20,0,,0,,EF") at pbx.c:1594
#14 0x000000000053a674 in pbx_extension_helper (c=0x3ba74d8, con=0x0, context=0x3ba8328 "macro-incept", exten=0x3ba8378 "s", priority=4, label=0x0, callerid=0x4e13d50 "m\225\003", action=E_SPAWN, found=0x4499bed0, combined_find_spawn=1)
    at pbx.c:4447
#15 0x000000000053dc70 in ast_spawn_extension (c=0x3ba74d8, context=0x3ba8328 "macro-incept", exten=0x3ba8378 "s", priority=4, callerid=0x4e13d50 "m\225\003", found=0x4499bed0, combined_find_spawn=1) at pbx.c:5563
#16 0x000000000053f467 in __ast_pbx_run (c=0x3ba74d8, args=0x0) at pbx.c:6038
#17 0x0000000000541095 in pbx_thread (data=0x3ba74d8) at pbx.c:6368
#18 0x000000000059d8c8 in dummy_start (data=0x230c280) at utils.c:1028
#19 0x00007f3f9564d427 in start_thread () from /lib64/libpthread.so.0
#20 0x00007f3f9685ba0d in clone () from /lib64/libc.so.6
(gdb) frame 0
#0  0x000000000048a451 in ast_bridged_channel (chan=0x3ba74d8) at channel.c:7403
7403            if (bridged && ast_channel_tech(bridged)->bridged_channel)
(gdb) print *bridged
$1 = {tech = 0x0, tech_pvt = 0x0, music_state = 0x0, generatordata = 0x0, generator = 0x0, bridged_channel = 0x3ba74d8, ....

  As you can see, bridged->tech is 0, which causes the second term in the condition to segfault.
  I don't know, why it's zero, but I've done this:

Index: channel.c
===================================================================
--- channel.c	(revision 376616)
+++ channel.c	(working copy)
@@ -7400,7 +7400,7 @@
 {
 	struct ast_channel *bridged;
 	bridged = ast_channel_internal_bridged_channel(chan);
-	if (bridged && ast_channel_tech(bridged)->bridged_channel)
+	if (bridged && ast_channel_tech(bridged) && ast_channel_tech(bridged)->bridged_channel)
 		bridged = ast_channel_tech(bridged)->bridged_channel(chan, bridged);
 	return bridged;
 }

  The crashes are not frequent (coming for about every 30000th call), so we must
wait a while to see, whether it helped or another crash will happen somewhere
for the same reason.

What do you think about this problem ?

With regards,
  Pavel

More information about the asterisk-dev mailing list