| Summary: | ASTERISK-05400: Crash in ASTERISK_LIST_INSERT_TAIL | ||
| Reporter: | Olle Johansson (oej) | Labels: | |
| Date Opened: | 2005-10-30 05:25:19.000-0600 | Date Closed: | 2008-01-15 15:52:53.000-0600 |
| Priority: | Critical | Regression? | No |
| Status: | Closed/Complete | Components: | Core/General |
| Versions: | Frequency of Occurrence | ||
| Related Issues: | |||
| Environment: | Attachments: | ||
| Description: | #0 0x0805ff9a in ast_channel_inherit_variables (parent=0x88b78a0, child=0x8439c00) at channel.c:2773 2773 AST_LIST_INSERT_TAIL(&child->varshead, newvar, entries); Something is wrong with the new function AST_LIST_INSERT_TAIL... ****** ADDITIONAL INFORMATION ****** On FreeBSD 4.11. #0 0x0805ff9a in ast_channel_inherit_variables (parent=0x88b78a0, child=0x8439c00) at channel.c:2773 current = (struct ast_var_t *) 0x8703a40 newvar = (struct ast_var_t *) 0x88b78a0 varname = 0x88b7880 "\2008v\b\231x\213\bDIALEDPEERNUMBER" __PRETTY_FUNCTION__ = "ast_channel_inherit_variables" #1 0x286de0c0 in dial_exec_full (chan=0x838e400, data=0x8721c70, peerflags=0x89001bc) at app_dial.c:1156 | ||
| Comments: | By: wjchan (wjchan) 2005-10-30 10:36:00.000-0600 On Linux 2.6.13-1.1532_FC4 using yeterday's CVS HEAD: #0 0x0805fd24 in ast_channel_inherit_variables (parent=0x989da58, child=0x98b4ec8) at channel.c:2555 2555 AST_LIST_INSERT_TAIL(&child->varshead, newvar, entries); (gdb) where #0 0x0805fd24 in ast_channel_inherit_variables (parent=0x989da58, child=0x98b4ec8) at channel.c:2555 #1 0x0025ed68 in dial_exec_full (chan=0x989da58, data=Variable "data" is not available. ) at app_dial.c:1156 #2 0x00263d4c in dial_exec (chan=0x0, data=0x9883e40) at app_dial.c:1690 #3 0x0808b7f1 in pbx_extension_helper (c=0x989da58, con=Variable "con" is not available. ) at pbx.c:564 #4 0x0808cda4 in __ast_pbx_run (c=0x989da58) at pbx.c:2235 ASTERISK-1 0x0808d99c in pbx_thread (data=0x0) at pbx.c:2522 ASTERISK-2 0x006dfb80 in start_thread () from /lib/libpthread.so.0 ASTERISK-3 0x006379ce in clone () from /lib/libc.so.6 By: Olle Johansson (oej) 2005-10-30 14:20:55.000-0600 Crash on two operating systems is a real crash. Upgrading to severity "crash". By: Andrew Kohlsmith (akohlsmith) 2005-10-30 20:50:32.000-0600 Are you sure it's in that function? bug 5551's coredump was after that function, but it looked like the crash was occuring because the 'parent' channel structure was corrupted. By: Clod Patry (junky) 2005-10-30 22:19:15.000-0600 tzanger: Both crashed at app_dial.c:1156 which is ast_channel_inherit_variables(chan, tmp->chan); oej & wjchan: could you let me know how you reproduce it exactly (dialplan, etc) By: wjchan (wjchan) 2005-10-30 22:55:35.000-0600 A Zap call to this extension triggered the crash (I haven't tried SIP-to-SIP): [home-incoming] exten => s,1,Wait(1) exten => s,2,GotoIf($["${CALLERIDNUM}" = ""]?7) exten => s,3,LDAPget(CIDNAME=cidname/${CALLERIDNUM},${CALLERIDNUM}) exten => s,4,GotoIf($["${CIDNAME}" = ""]?6) exten => s,5,Set(CALLERID(name)=${CIDNAME}) exten => s,6,Set(CALLERID(number)=91${CALLERIDNUM}) exten => s,7,Dial(Local/1@two-rings&Local/2@two-rings) exten => s,8,Voicemail,u0@default exten => s,9,Hangup exten => s,108,Voicemail,b0@default exten => s,109,Hangup [two-rings] exten => 1,1,Dial(SIP/wilson-polycom&SIP/scott-polycom&SIP/kitchen-polycom&IAX2/wilson-diax,20,t) exten => 1,2,Hangup exten => 2,1,Set(_ALERT_INFO="Visual") exten => 2,2,Dial(SIP/theater-polycom,20,tT) exten => 2,3,Hangup The LDAP lookup went fine. IAX2/wilson-diax is offline. SIP phones are Polycom 600 with firmware v1.6.2. By: Lorenz Barth (bartpbx) 2005-10-31 03:20:27.000-0600 the crash only appears if you are using the set( ) function. If you remove those the call is going throught By: Andrew Kohlsmith (akohlsmith) 2005-10-31 06:09:00.000-0600 Yes I realize that the crash occurs *in* ast_channel_inherit_variables() but as I said in 5551, using gdb and walking the variable list showed that the parent channel structure seemed to be corrupt. The child structure was okay, but the parent showed an empty variable list. At the time of the crash the function was trying to copy the __CALLED variable. Was there something incorrect about how I had come to this conclusion or was the parent structure corrupted AFTER it tried to copy the vars? The insert_tail macro isn't exactly rocket science which is why I'm not really looking at it, although it looks like the obvious culprit. By: Kevin P. Fleming (kpfleming) 2005-10-31 10:42:42.000-0600 Fixed in CVS HEAD. There was code directly messing with the fields inside the varshead structure, instead of using the appropriate macro to do the initialization... By: Digium Subversion (svnbot) 2008-01-15 15:52:53.000-0600 Repository: asterisk Revision: 6900 U trunk/channel.c U trunk/include/asterisk/cdr.h U trunk/include/asterisk/chanvars.h U trunk/include/asterisk/linkedlists.h U trunk/pbx/pbx_dundi.c U trunk/pbx/pbx_loopback.c U trunk/pbx.c ------------------------------------------------------------------------ r6900 | kpfleming | 2008-01-15 15:52:52 -0600 (Tue, 15 Jan 2008) | 3 lines fix various bugs related to list handling of channel variables (issue ASTERISK-5400) use nolock lists for channel variables, since no locks are needed (these lists are either temporary or protected by the channel's own lock) ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=6900 | ||