Summary: | ASTERISK-09842: Manhattan MII-794 class 2 usb/bluetooth adapter: asterisk crashes when call is bridged. | ||
Reporter: | Steve Murphy (murf) | Labels: | |
Date Opened: | 2007-07-09 17:03:22 | Date Closed: | 2007-09-28 19:42:13 |
Priority: | Critical | Regression? | No |
Status: | Closed/Complete | Components: | Addons/chan_mobile |
Versions: | Frequency of Occurrence | ||
Related Issues: | |||
Environment: | Attachments: | ||
Description: | (gdb) where #0 0x08081186 in __ast_read (chan=0x8259d30, dropaudio=0) at channel.c:2201 #1 0x080824cd in ast_read (chan=0x8259d30) at channel.c:2457 #2 0x08086e03 in ast_generic_bridge (c0=0x82588e8, c1=0x8259d30, config=0xb5675574, fo=0xb5674ad0, rc=0xb5674acc, bridge_end={tv_sec = 0, tv_usec = 0}) at channel.c:3883 #3 0x080881c6 in ast_channel_bridge (c0=0x82588e8, c1=0x8259d30, config=0xb5675574, fo=0xb5674ad0, rc=0xb5674acc) at channel.c:4195 #4 0xb771b7fe in ast_bridge_call (chan=0x82588e8, peer=0x8259d30, config=0xb5675574) at res_features.c:1679 ASTERISK-1 0xb6c195e3 in dial_exec_full (chan=0x82588e8, data=0xb5677a28, peerflags=0xb5675884, continue_exec=0x0) at app_dial.c:1779 ASTERISK-2 0xb6c19877 in dial_exec (chan=0x82588e8, data=0xb5677a28) at app_dial.c:1825 ASTERISK-3 0x080bd13c in pbx_exec (c=0x82588e8, app=0x823f9f8, data=0xb5677a28) at pbx.c:565 ASTERISK-4 0x080c01ce in pbx_extension_helper (c=0x82588e8, con=0x0, context=0x8258a70 "extension", exten=0x8258ac0 "844", priority=1, label=0x0, callerid=0x82554f8 "152", action=E_SPAWN) at pbx.c:1788 ASTERISK-5 0x080c1462 in ast_spawn_extension (c=0x82588e8, context=0x8258a70 "extension", exten=0x8258ac0 "844", priority=1, callerid=0x82554f8 "152") at pbx.c:2279 ASTERISK-6 0x080c194d in __ast_pbx_run (c=0x82588e8) at pbx.c:2379 ASTERISK-7 0x080c2874 in ast_pbx_run (c=0x82588e8) at pbx.c:2643 ASTERISK-8 0xb6e650df in ss_thread (data=0x82588e8) at chan_zap.c:6133 ASTERISK-9 0x080ffd02 in dummy_start (data=0x81904f0) at utils.c:546 ASTERISK-10 0xb7de3341 in start_thread () from /lib/tls/i686/cmov/libpthread.so.0 ASTERISK-11 0xb7c224ee in clone () from /lib/tls/i686/cmov/libc.so.6 ****** STEPS TO REPRODUCE ****** Crashes for both incoming and outgoing calls. The channel frame pointer appears to be corrupted. chan->readq looks like this: readq = { first = 0x6d6f6379, last = 0x6d6f6379 }, | ||
Comments: | By: Steve Murphy (murf) 2007-07-11 14:37:39 Hmmm. Tried it again, because 9694 looks very familiar. If I try to call out thru the cell phone from a SIP phone, I get a segfault: 0x08081042 in __ast_read (chan=0x825b520, dropaudio=0) at channel.c:2201 2201 f = AST_LIST_REMOVE_HEAD(&chan->readq, frame_list); (gdb) where #0 0x08081042 in __ast_read (chan=0x825b520, dropaudio=0) at channel.c:2201 #1 0x08082389 in ast_read (chan=0x825b520) at channel.c:2457 #2 0x08086cbf in ast_generic_bridge (c0=0x825d118, c1=0x825b520, config=0xb5688b44, fo=0xb5688090, rc=0xb568808c, bridge_end={tv_sec = 0, tv_usec = 0}) at channel.c:3883 #3 0x08088082 in ast_channel_bridge (c0=0x825d118, c1=0x825b520, config=0xb5688b44, fo=0xb5688090, rc=0xb568808c) at channel.c:4195 #4 0xb7711811 in ast_bridge_call (chan=0x825d118, peer=0x825b520, config=0xb5688b44) at res_features.c:1673 ASTERISK-1 0xb6c59647 in dial_exec_full (chan=0x825d118, data=0xb568aff8, peerflags=0xb5688e54, continue_exec=0x0) at app_dial.c:1787 ASTERISK-2 0xb6c598e3 in dial_exec (chan=0x825d118, data=0xb568aff8) at app_dial.c:1833 ASTERISK-3 0x080bd024 in pbx_exec (c=0x825d118, app=0x82390c8, data=0xb568aff8) at pbx.c:565 ASTERISK-4 0x080c00b6 in pbx_extension_helper (c=0x825d118, con=0x0, context=0x825d2a0 "extension", exten=0x825d2f0 "844", priority=1, label=0x0, callerid=0x8257ca0 "snom360", action=E_SPAWN) at pbx.c:1788 ASTERISK-5 0x080c134a in ast_spawn_extension (c=0x825d118, context=0x825d2a0 "extension", exten=0x825d2f0 "844", priority=1, callerid=0x8257ca0 "snom360") at pbx.c:2279 ASTERISK-6 0x080c1835 in __ast_pbx_run (c=0x825d118) at pbx.c:2379 ASTERISK-7 0x080c262d in pbx_thread (data=0x825d118) at pbx.c:2607 ASTERISK-8 0x080ffbea in dummy_start (data=0x8257b78) at utils.c:546 ASTERISK-9 0xb7e36341 in start_thread () from /lib/tls/i686/cmov/libpthread.so.0 ASTERISK-10 0xb7c754ee in clone () from /lib/tls/i686/cmov/libc.so.6 (gdb) p chan.readq $1 = {first = 0x433a3127, last = 0x433a3127} (gdb) p *chan.readq.first Cannot access memory at address 0x433a3127 (gdb) 0x433a3127, BTW, equates to the ascii string C:1' However, if I tried calling out thru the cellphone via a Zap phone line, I had one success. It got out, and I heard the whole movie lineup spiel... But all the zap phones are locked up after that, and I have to take down asterisk, rmmod the zaptel drivers, reload them with modprobe/ztcfg, and rerun asterisk to get them back! By: spblinux (spblinux) 2007-07-12 06:10:03 Have seen this invalid memory address in readq.first as well. Does anybody know if it is correct to set chan->readq.first=NULL after the channel has been allocated witch ast_channel_alloc? (in chan_cellphone/mobile line 659). Ugly workaround for a given machine is to patch channel.c and check the absolute size of the memory address stored in readq.first (which is what I did on an embedded mipsel system, http://spblinux.de/fbox/openwrt/chan_cellphone/channel.c.bug/). spblinux By: Steve Murphy (murf) 2007-07-23 17:34:00 AFAIK, it's standard procedure to start with NULLs in the readq. By: Dave Bowerman (dbowerman) 2007-09-07 20:34:59 should be resolved by trunk rev 441. needs retesting. By: Dave Bowerman (dbowerman) 2007-09-28 19:42:03 fixed in trunk |