| Summary: | ASTERISK-04545: chan_skinny crashes asterisk when the skinny phone recieved a call. | ||
| Reporter: | Daniel Hausman (dhausman) | Labels: | |
| Date Opened: | 2005-07-10 07:21:47 | Date Closed: | 2011-06-07 14:01:02 |
| Priority: | Critical | Regression? | No |
| Status: | Closed/Complete | Components: | Channels/chan_skinny |
| Versions: | Frequency of Occurrence | ||
| Related Issues: | |||
| Environment: | Attachments: | ( 0) 4566PatchFromCvs.txt ( 1) bt_full.txt ( 2) gdb_asterisk_core.8965.txt ( 3) skinny_debug.txt ( 4) thread_apply_all_bt.txt | |
| Description: | chan_skinny versions newer than 1.81 crash asterisk. I am using a Cisco 30VIP phone. I can reproduce this every time. I have tired it on 2 asterisk boxes and 2 different cisco phones. Here is what I see when the phone rings: -- Executing NoOp("SIP/02072-a184", "") in new stack -- Executing Dial("SIP/02072-a184", "Skinny/100@vip02073|60|r") in new stack Found device: vip02073 -- skinny_request(100@vip02073) -- Skinny cw: 0, dnd: 0, so: 0, sno: 0 chan_skinny: skinny_new: tmp->nativeformats=4 fmt=4 -- skinny_call(Skinny/100@vip02073-2) media*CLI> Disconnected from Asterisk server /usr/sbin/safe_asterisk: line 41: 857 Segmentation fault (core dumped) asterisk ${CLIARGS} ${ASTARGS} >&/dev/${TTY} </dev/${TTY} Asterisk ended with exit status 139 Asterisk exited on signal 11. Automatically restarting Asterisk. | ||
| Comments: | By: Roy Sigurd Karlsbakk (rkarlsba) 2005-07-10 07:25:53 please create a backtrace with gdb asterisk core.xxx (the name of the core file created) then at the (gdb) prompt, type bt By: Daniel Hausman (dhausman) 2005-07-10 10:02:04 gdb asterisk core.857 GNU gdb Red Hat Linux (6.1post-1.20040607.43rh) Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-redhat-linux-gnu"...asterisk: No such file or directory. Core was generated by `asterisk -vvvg -c'. Program terminated with signal 11, Segmentation fault. #0 0x003ec4fd in ?? () (gdb) bt #0 0x003ec4fd in ?? () #1 0xb7b52f0c in ?? () #2 0x00008000 in ?? () #3 0xffffffff in ?? () #4 0x00000000 in ?? () By: Michael Jerris (mikej) 2005-07-20 23:57:10 we need a backtrace built from a non optimized build of asterisk (make valgrind) in order for it to be at all useful. Can you produce a backtrack from that please. By: Russell Bryant (russell) 2005-07-21 00:28:51 so 1.81 is the *working* version? By: Daniel Hausman (dhausman) 2005-07-21 06:56:04 (gdb) bt #0 0x004a0402 in __kernel_vsyscall () #1 0x001391f8 in raise () from /lib/libc.so.6 #2 0x0013a948 in abort () from /lib/libc.so.6 #3 0x0016e52a in __libc_message () from /lib/libc.so.6 #4 0x00174424 in _int_free () from /lib/libc.so.6 ASTERISK-1 0x0017495f in free () from /lib/libc.so.6 ASTERISK-2 0x080614a8 in ast_channel_free (chan=0xa05c8a8) at channel.c:774 ASTERISK-3 0x0806436f in ast_hangup (chan=0xa05c8a8) at channel.c:1032 ASTERISK-4 0x0808a961 in ast_pbx_run (c=0xa05c8a8) at pbx.c:2386 ASTERISK-5 0x0808b2ef in pbx_thread (data=0x0) at pbx.c:2398 ASTERISK-6 0x006f9b80 in start_thread () from /lib/libpthread.so.0 ASTERISK-7 0x001dbdee in clone () from /lib/libc.so.6 (gdb) By: Daniel Hausman (dhausman) 2005-07-21 07:02:48 I downloaded the latest head and recompiled today. Now it crahes on hangup. That was from fedora core4 on a pentium 3. 1.81 was the last working skinny version for me. By: Michael Jerris (mikej) 2005-07-21 08:11:47 can you do bt full, also for the new segfault? By: Russell Bryant (russell) 2005-07-25 19:03:16 Is this built with "make valgrind" or "make dont-optimize" ? By: Daniel Hausman (dhausman) 2005-07-26 06:35:09 make valgrind By: Daniel Hausman (dhausman) 2005-07-27 06:30:05 So what happens now? By: Michael Jerris (mikej) 2005-08-17 08:48:51 ok, so can we get a new test with an update to current head on this, along with a full verbose and (is there debug of skinny) of the call. When it crashes, from the core I would like to see a bt full and thread apply all bt (as an attached file). Also, if you can verify at which version of the chan_skinny this became broken for sure by stepping through, if so, can you upload a diff of the patch that caused this problem. Thanks. By: Michael Jerris (mikej) 2005-08-24 01:05:01 we can not move forward with this bug without the requested information. If you would like to see this fixed, please reply with the requested information. By: Daniel Hausman (dhausman) 2005-08-24 09:02:53 I am on it, I am getting the latest cvs head and I should have it ready in a bit. Oops, I tried compiling it twice on two different machines but both core dumped asterisk as it was starting up. I am going to try a day or 2 back to see it taht will work. The good news is I got it to compile today... So I will be recompiling with make valgrind, and I will do the debug stuff today. By: Daniel Hausman (dhausman) 2005-08-25 09:28:57 I think that is everything. chan_skinny works at version 1.81 but anything after that does not work. Let me know if there is anything else. By: Michael Jerris (mikej) 2005-08-25 10:03:45 attached the diff from 1.81 to 1.82, the cause is somewhere in there. Interestingly enough, that patch was supposed to fix another crash. By: opsys (opsys) 2005-12-30 17:57:19.000-0600 HOUSEKEEPING: Stalled? By: Matt O'Gorman (mogorman) 2006-01-18 14:44:20.000-0600 dhausman if this is still a bug please reopen | ||