Summary:	ASTERISK-11058: segfault in devicestate.c
Reporter:	Gregory Hinton Nietsky (irroot)	Labels:
Date Opened:	2007-12-16 11:48:12.000-0600	Date Closed:	2008-07-16 11:15:34
Priority:	Critical	Regression?	No
Status:	Closed/Complete	Components:	Channels/chan_misdn
Versions:		Frequency of Occurrence
Related Issues:
Environment:		Attachments:	( 0) devstate.patch
Description:	not sure what conditions caused it but it did happen and here is a quick fix to stop it happening again ****** ADDITIONAL INFORMATION ****** #1  0x0809bc59 in ast_device_state_changed_literal (dev=0x0) at devicestate.c:333        __old = 0x0        __len = 3013877216        __new = 0x824cbe8 ""        buf = 0xb31cd558 "¨Õ\034³h§\b\b" #2  0x0808a768 in ast_setstate (chan=0xb0969a70, state=AST_STATE_DOWN) at channel.c:3921        oldstate = 6
Comments:	By: Gregory Hinton Nietsky (irroot) 2007-12-16 11:55:27.000-0600 ast_device_state_changed_literal returns int but yet the return value does not seem to be used at all is it not more correct to use void ?? i set it to return -1 in the event of a null buf By: Igor Goncharovsky (igorg) 2007-12-16 21:17:22.000-0600 Also this patch must solve issue in ASTERISK-10496 By: Gregory Hinton Nietsky (irroot) 2007-12-17 05:42:24.000-0600 hi there igorg yip think it may be as the channel involved was mISDN i focused on the devicestate bit as that should be fault tolerant and been part of the core should be resiliant. we have many sites on mISDN mostly USB modems and this is the first time i seen this error. lets hope it gets killed. By: Joshua C. Colp (jcolp) 2007-12-17 07:52:48.000-0600 Instead of working around the issue we need to find out why the channel name was NULL in the first place. Can you please open the core dump and do the following and attach: frame 2 print *chan By: Gregory Hinton Nietsky (irroot) 2007-12-17 09:16:16.000-0600 #2  0x0808a768 in ast_setstate (chan=0xb0969a70, state=AST_STATE_DOWN) at channel.c:3921 3921    channel.c: No such file or directory.        in channel.c (gdb) print *chan $1 = {tech = 0xb0969958, tech_pvt = 0x0, __begin_field = 0xb0969a78, name = 0x0, language = 0x0, musicclass = 0xb0969991 "default",  accountcode = 0xb0969999 "0119746258", call_forward = 0x8162f3c "", uniqueid = 0xb0969970 "1197443835.1700", __end_field = 0xb0969a90, __field_mgr = {    pool = 0xb0969960, size = 128, space = 64, used = 64}, fds = {18, -1, -1, -1, -1, -1, 17, -1}, music_state = 0x0, generatordata = 0x0, generator = 0x0,  _bridge = 0x0, masq = 0x0, masqr = 0x0, cdrflags = 0, _softhangup = 17, whentohangup = 0, blocker = 2988231568, lock = {mutex = {__data = {__lock = 0,        __count = 0, __owner = 0, __kind = -1, __nusers = 0, {__spins = 0, __list = {__next = 0x0}}},      __size = '\0' <repeats 12 times>, "ÿÿÿÿ\000\000\000\000\000\000\000", __align = 0}, track = 1, file = {0x81464f3 "channel.c", 0x0, 0x0, 0x0, 0x0, 0x0,      0x0, 0x0, 0x0, 0x0}, lineno = {1241, 0, 0, 0, 0, 0, 0, 0, 0, 0}, reentrancy = 0, func = {0x81479b8 "ast_channel_free", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,      0x0, 0x0, 0x0}, thread = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0}, reentr_mutex = {__data = {__lock = 0, __count = 0, __owner = 0, __kind = -1, __nusers = 0, {          __spins = 0, __list = {__next = 0x0}}}, __size = '\0' <repeats 12 times>, "ÿÿÿÿ\000\000\000\000\000\000\000", __align = 0}},  blockproc = 0x81480e2 "ast_waitfor_nandfds", appl = 0x0, data = 0x0, fdno = 0, sched = 0x0, streamid = -1, stream = 0x0, vstreamid = 0, vstream = 0x0,  oldwriteformat = 0, timingfd = 17, timingfunc = 0, timingdata = 0x0, _state = AST_STATE_DOWN, rings = 1, cid = {cid_dnid = 0x0,    cid_num = 0x8293f00 "\220\201%\bpº?\b\020", cid_name = 0x8258198 "XÑ@\bø>)\b\020", cid_ani = 0xb0969f20 "@Ù´´746258", cid_rdnis = 0x0, cid_pres = 0,    cid_ani2 = 0, cid_ton = 0, cid_tns = 0}, dtmfq = '\0' <repeats 79 times>, dtmff = {frametype = AST_FRAME_DTMF_END, subclass = 102, datalen = 0,    samples = 0, mallocd = 0, mallocd_hdr_len = 0, offset = 0, src = 0x0, data = 0x0, delivery = {tv_sec = 0, tv_usec = 0}, frame_list = {next = 0x0},    has_timing_info = 0, ts = 0, len = 111, seqno = 0}, context = "fax\000attendant\000p", '\0' <repeats 64 times>,  exten = "8600\000n", '\0' <repeats 73 times>, priority = 28, macrocontext = "\000serout", '\0' <repeats 72 times>,  macroexten = "\000\00000", '\0' <repeats 75 times>, macropriority = 0, dialcontext = '\0' <repeats 79 times>, pbx = 0x0, amaflags = 3, cdr = 0x0,  adsicpe = AST_ADSI_UNKNOWN, zone = 0x0, monitor = 0x0, insmpl = 0, outsmpl = 0, fin = 4294, fout = 630, hangupcause = 16, varshead = {first = 0x0,    last = 0x0}, callgroup = 0, pickupgroup = 0, flags = 0, transfercapability = 16, readq = {first = 0x0, last = 0x0}, alertpipe = {-1, -1},  nativeformats = 8, readformat = 8, writeformat = 8, writetrans = 0x0, readtrans = 0x0, rawreadformat = 8, rawwriteformat = 8, spies = 0x0, whisper = 0x0,  chan_list = {next = 0x0}, jb = {conf = {flags = 0, max_size = 0, resync_threshold = 0, impl = '\0' <repeats 11 times>}, impl = 0x0, jbobj = 0x0,    timebase = {tv_sec = 0, tv_usec = 0}, next = 0, last_format = 0, logfile = 0x0, flags = 0}, emulate_dtmf_digit = 0 '\0', emulate_dtmf_duration = 0,  dtmf_tv = {tv_sec = 1197443837, tv_usec = 295645}, datastores = {first = 0x0, last = 0x4b0}} #0  0xb7e99f43 in strlen () from /lib/libc.so.6 #1  0x0809bc59 in ast_device_state_changed_literal (dev=0x0) at devicestate.c:333 #2  0x0808a768 in ast_setstate (chan=0xb0969a70, state=AST_STATE_DOWN) at channel.c:3921 #3  0xb3a04941 in release_chan (bc=0xb4b322e4) at chan_misdn.c:3636 #4  0xb3a07db3 in cb_events (event=EVENT_RELEASE_COMPLETE, bc=0xb4b322e4, user_data=0x0) at chan_misdn.c:4622 ASTERISK-1  0xb3a14e70 in handle_frm (msg=0x82468a0) at misdn/isdn_lib.c:2637 ASTERISK-2  0xb3a1775e in manager_isdn_handler (frm=0x82468d4, msg=0x82468a0) at misdn/isdn_lib.c:3611 ASTERISK-3  0xb3a15d8a in misdn_lib_isdn_event_catcher (arg=0xb4b04948) at misdn/isdn_lib.c:3018 ASTERISK-4  0xb7f970f0 in ?? () from /lib/libpthread.so.0 #1  0x0809bc59 in ast_device_state_changed_literal (dev=0x0) at devicestate.c:333        __old = 0x0        __len = 3013877216        __new = 0x824cbe8 ""        buf = 0xb31cd558 "¨Õ\034³h§\b\b" #2  0x0808a768 in ast_setstate (chan=0xb0969a70, state=AST_STATE_DOWN) at channel.c:3921        oldstate = 6 #3  0xb3a04941 in release_chan (bc=0xb4b322e4) at chan_misdn.c:3636        ch = (struct chan_list *) 0xb097d898        ast = (struct ast_channel *) 0xb0969a70        __PRETTY_FUNCTION__ = "release_chan" #4  0xb3a07db3 in cb_events (event=EVENT_RELEASE_COMPLETE, bc=0xb4b322e4, user_data=0x0) at chan_misdn.c:4622        msn_valid = 12        ch = (struct chan_list *) 0xb097d898        __PRETTY_FUNCTION__ = "cb_events" ASTERISK-1  0xb3a14e70 in handle_frm (msg=0x82468a0) at misdn/isdn_lib.c:2637        ret = 0        event = EVENT_RELEASE_COMPLETE        response = RESPONSE_OK        dummybc = {send_lock = 0x0, dummy = -1281109767, nt = -1208655884, pri = -1, port = -1289953552, b_stid = -1208657632, layer_id = 0,  layer = -1289953844, need_disconnect = -1281109796, need_release = -1289952484, need_release_complete = -1289953684, dec = 1022, l3_id = -72515583,  pid = -1289953552, ces = -1208657152, restart_channel = 0, channel = -1289953552, channel_preselected = -1208655884, in_use = -1281316934, cw = 8195840,  addr = -1289953784, bframe = 0xb7e74c37 "\213]üÉÃ\220\220\220\220U\211åS\203ì\004è", bframe_len = -1289953736, time_usec = -1281211053,  astbuf = 0xb3a3f208, misdnbuf = 0xb3a0a7ba, te_choose_channel = 8195840, early_bconnect = -1289952680, dtmf = -1281316752, send_dtmf = -1289953728,  need_more_infos = 1023, sending_complete = -1281111212, nodsp = -1289952660, nojitter = 0, dnumplan = NUMPLAN_UNKNOWN, rnumplan = NUMPLAN_UNKNOWN,  onumplan = NUMPLAN_UNKNOWN, cpnnumplan = NUMPLAN_UNKNOWN, progress_coding = -1, progress_location = 857758544, progress_indicator = 8285, fac_in = {    Function = 1095254850, u = {Listen = {NotificationMask = 1646279246}, Suspend = {CallIdentity = "N: bchan ACT Con"}, Resume = {        CallIdentity = "N: bchan ACT Con"}, CFActivate = {Handle = 1646279246, Procedure = 26723, BasicService = 28257,        ServedUserNumber = " ACT Confirm pid", ForwardedToNumber = ":685\n\000õ·\000\000\000\0000554",        ForwardedToSubaddress = "378 \n\000 \n\000ÿÿÿ\000\000\000"}, CFDeactivate = {Handle = 1646279246, Procedure = 26723, BasicService = 28257,        ServedUserNumber = " ACT Confirm pid"}, CFInterrogateParameters = {Handle = 1646279246, Procedure = 26723, BasicService = 28257,        ServedUserNumber = " ACT Confirm pid"}, CFInterrogateNumbers = {Handle = 1646279246}, CDeflection = {PresentationAllowed = 14926,        DeflectedToNumber = " bchan ACT Confi", DeflectedToSubaddress = "rm pid:685\n\000õ·\000"}, AOCDchu = {chargeNotAvailable = 14926,        freeOfCharge = 25120, recordedUnits = 1851877475, typeOfChargingInfo = 1413693728, billingId = 1852785440}, AOCDcur = {chargeNotAvailable = 14926,        freeOfCharge = 25120, currency = "chan ACT Co", currencyAmount = 1836214630, multiplier = 1684631584, typeOfChargingInfo = 892876346,        billingId = -1208680438}}}, fac_out = {Function = Fac_GetSupportedServices, u = {Listen = {NotificationMask = 0}, Suspend = {        CallIdentity = "\000\000\000\000\000[õ·\000\000\000\000\000\000\000"}, Resume = {        CallIdentity = "\000\000\000\000\000[õ·\000\000\000\000\000\000\000"}, CFActivate = {Handle = 0, Procedure = 23296, BasicService = 47093,        ServedUserNumber = "\000\000\000\000\000\000\000\000ô_õ·\000\000\000", ForwardedToNumber = "\000\017}\000¸Þ\034³7Lç·èÞ\034³",        ForwardedToSubaddress = "SE¢³\bò£³\000\000\000\000\000\017}"}, CFDeactivate = {Handle = 0, Procedure = 23296, BasicService = 47093,        ServedUserNumber = "\000\000\000\000\000\000\000\000ô_õ·\000\000\000"}, CFInterrogateParameters = {Handle = 0, Procedure = 23296,        BasicService = 47093, ServedUserNumber = "\000\000\000\000\000\000\000\000ô_õ·\000\000\000"}, CFInterrogateNumbers = {Handle = 0}, CDeflection = {        PresentationAllowed = 0, DeflectedToNumber = "\000\000\000[õ·\000\000\000\000\000\000\000\000ô_",        DeflectedToSubaddress = "õ·\000\000\000\000\000\017}\000¸Þ\034³7L"}, AOCDchu = {chargeNotAvailable = 0, freeOfCharge = 0,        recordedUnits = -1208657152, typeOfChargingInfo = 0, billingId = 0}, AOCDcur = {chargeNotAvailable = 0, freeOfCharge = 0,        currency = "\000[õ·\000\000\000\000\000\000", currencyAmount = -1208655884, multiplier = 0, typeOfChargingInfo = 8195840,        billingId = -1289953608}}}, AOCDtype = 3005014792, AOCD = {currency = {chargeNotAvailable = 43120, freeOfCharge = 45984,      currency = "ðÞ\034³ÿ\003\000\000ÜУ", currencyAmount = -1289952484, multiplier = -1208655884, typeOfChargingInfo = 0, billingId = 8195840},    chargingUnit = {chargeNotAvailable = 43120, freeOfCharge = 45984, recordedUnits = -1289953552, typeOfChargingInfo = 1023, billingId = -1281109796}},  evq = 3005013752, crypt = -1209578441, curprx = -1289953496, curptx = 857758544,  crypt_key = "] \000·MGMT: SSTATUS: L2_ESTABLISH \n\00001\n\000\034³bïû·\230&ý", '\0' <repeats 13 times>, "P[ 0\212¾ù·\220ë\034³¨\002\000\000\036\222ù·\220À\020\b\000\000\000\000Û\016\000\000ä¤ù·\212¾ù·\001\000\000\000èË$\b\036\222ù·\220ë\034³¨\002\000\000¤ë³´\230ß\034³\204Ù\020\bôÏ$\b(\004\000\000ä¤ù·\220ë\034³\001\000\000\000¤ë³´\230ß\034³\220ë\034³¨\002\000\000¤ë³´èß\034³ñà\a\bÈWh\b@p\024\b¸ß\034³\vÞ\a\b\210Xh\bèË$"..., crypt_state = 134796936, active = 135554291,  upset = 4912, generate_tone = 135567293, tone_cnt = 135559807, bc_state = 141055944, next_bc_state = 4946, conf_id = 135567580, holded = 135559807,  stack_holder = 141055944, pres = 0, screen = -1289953144, capability = -1289953168, law = -1209458726, rate = -1208655884, mode = -1289953144,  user1 = -1289953196, urate = -1209454323, hdlc = -1289953144,  display = "@wõ·\000\000\000\000\000\000\000\000±wõ·ô_õ·\210à\034³@wõ·tá\034³¨á\034³ßÉó·ô_õ·\210à\034³@wõ·tá\034³øÔè·\210à\034³ÀÉó·Àá\034³(á\034³q\000\000\000\001\200­û", msn = "@wõ·@wõ·@wõ·@wõ·Ywõ·±wõ·@wõ·±wõ·", oad = "2007", '\0' <repeats 16 times>, "Pm\237³\000\000\000\000\000\000\000",  rad = "\000\000\000\000\000\000\000\000ô_õ·8á\034³\004á\034³\r1é·\000\000\000\000@wõ·",  dad = "\000\000\000\000ÿÿÿÿ±wõ·ô_õ·\000\000\000\000Ú\037é·ô_õ·há\034³", cad = "4á\034³\r1é·há\034³@wõ·\000\000\000\000\000\000\000\000±wõ·ô_õ·",  orig_dad = "há\034³@wõ·Tâ\034³\210â\034³ßÉó·ô_õ·há\034³@wõ·", keypad = "Tâ\034³øÔè·há\034³ÀÉó· â\034³\bâ\034³q\000\000\000\001\200­û",  info_dad = "@wõ·@wõ·@wõ·@wõ·Ywõ·±wõ·@wõ·±wõ·", '\0' <repeats 20 times>, "r\000\000\000\000\000\000\000è\224ó·",  infos_pending = "\000\000\000·\000\000\000\000\t\000\000\000\022\000\000\000\027\000\000\000×\a\000\000\000\000\000\000r\000\000\000\027\000\000\000ÿÿÿÿ\t\000\000\000\036\222ù·\bò£³\000\000\000\000Û\016\000\000ä¤ù·",  uu = "÷\210\235³\001\000\000\000\n\000\000\000\000\000\000\000 Yõ·\000\000\000\000\030ªó·\000\000\000\000\023\217TZô_õ·\000\000\000\0006Éê·\234¾\031\bð\202\031\bð\202\031\b\000\000\000\000ô_õ·\001\000\000\000\000\223õ·\036\222ù·U×ê·\234¾\031\bÛ\016\000\000ä¤ù·Hã\034³\001\000\000\000Hã\034³\000\000\002\000\000\000\000\000\000\000\000\000$ã\034³Hã\034³«ê¡¶ÐI°´ Z°´\200\000\000\000\000\000\000\000\234â\034³\203Þ\033C\200\000\000\000\000\000\000\000\f\000\000\000\t\000\000\000\022\000\000\000\t\000\000\000\000#\017\000\000 ", '\0' <repeats 69 times>, uulen = 0, cause = -1281287617, out_cause = -1263331696, ec_enable = 0,  ec_deftaps = -1281279466, channel_found = -1281287617, orig = -1263331696, txgain = -1289952440, rxgain = -1281273357, next = 0x42000203}        bc = (struct misdn_bchannel *) 0xb4b322e4        ret = 0        frm = (iframe_t *) 0x82468d4        stack = (struct misdn_stack *) 0xb4b31690 ASTERISK-2  0xb3a1775e in manager_isdn_handler (frm=0x82468d4, msg=0x82468a0) at misdn/isdn_lib.c:3611 No locals. ASTERISK-3  0xb3a15d8a in misdn_lib_isdn_event_catcher (arg=0xb4b04948) at misdn/isdn_lib.c:3018        msg = (msg_t *) 0x82468a0        frm = (iframe_t *) 0x82468d4        mgr = (struct misdn_lib *) 0xb4b04948        zero_frm = 0        fff_frm = 0        midev = 13        port = 0 By: Gregory Hinton Nietsky (irroot) 2007-12-17 09:21:43.000-0600 here we go again ... some more (gdb) frame 3 #3  0xb3a04941 in release_chan (bc=0xb4b322e4) at chan_misdn.c:3636 3636    in chan_misdn.c (gdb) print *ast $4 = {tech = 0xb0969958, tech_pvt = 0x0, __begin_field = 0xb0969a78, name = 0x0, language = 0x0, musicclass = 0xb0969991 "default",  accountcode = 0xb0969999 "0119746258", call_forward = 0x8162f3c "", uniqueid = 0xb0969970 "1197443835.1700", __end_field = 0xb0969a90, __field_mgr = {    pool = 0xb0969960, size = 128, space = 64, used = 64}, fds = {18, -1, -1, -1, -1, -1, 17, -1}, music_state = 0x0, generatordata = 0x0, generator = 0x0,  _bridge = 0x0, masq = 0x0, masqr = 0x0, cdrflags = 0, _softhangup = 17, whentohangup = 0, blocker = 2988231568, lock = {mutex = {__data = {__lock = 0,        __count = 0, __owner = 0, __kind = -1, __nusers = 0, {__spins = 0, __list = {__next = 0x0}}},      __size = '\0' <repeats 12 times>, "ÿÿÿÿ\000\000\000\000\000\000\000", __align = 0}, track = 1, file = {0x81464f3 "channel.c", 0x0, 0x0, 0x0, 0x0, 0x0,      0x0, 0x0, 0x0, 0x0}, lineno = {1241, 0, 0, 0, 0, 0, 0, 0, 0, 0}, reentrancy = 0, func = {0x81479b8 "ast_channel_free", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,      0x0, 0x0, 0x0}, thread = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0}, reentr_mutex = {__data = {__lock = 0, __count = 0, __owner = 0, __kind = -1, __nusers = 0, {          __spins = 0, __list = {__next = 0x0}}}, __size = '\0' <repeats 12 times>, "ÿÿÿÿ\000\000\000\000\000\000\000", __align = 0}},  blockproc = 0x81480e2 "ast_waitfor_nandfds", appl = 0x0, data = 0x0, fdno = 0, sched = 0x0, streamid = -1, stream = 0x0, vstreamid = 0, vstream = 0x0,  oldwriteformat = 0, timingfd = 17, timingfunc = 0, timingdata = 0x0, _state = AST_STATE_DOWN, rings = 1, cid = {cid_dnid = 0x0,    cid_num = 0x8293f00 "\220\201%\bpº?\b\020", cid_name = 0x8258198 "XÑ@\bø>)\b\020", cid_ani = 0xb0969f20 "@Ù´´746258", cid_rdnis = 0x0, cid_pres = 0,    cid_ani2 = 0, cid_ton = 0, cid_tns = 0}, dtmfq = '\0' <repeats 79 times>, dtmff = {frametype = AST_FRAME_DTMF_END, subclass = 102, datalen = 0,    samples = 0, mallocd = 0, mallocd_hdr_len = 0, offset = 0, src = 0x0, data = 0x0, delivery = {tv_sec = 0, tv_usec = 0}, frame_list = {next = 0x0},    has_timing_info = 0, ts = 0, len = 111, seqno = 0}, context = "fax\000attendant\000p", '\0' <repeats 64 times>,  exten = "8600\000n", '\0' <repeats 73 times>, priority = 28, macrocontext = "\000serout", '\0' <repeats 72 times>,  macroexten = "\000\00000", '\0' <repeats 75 times>, macropriority = 0, dialcontext = '\0' <repeats 79 times>, pbx = 0x0, amaflags = 3, cdr = 0x0,  adsicpe = AST_ADSI_UNKNOWN, zone = 0x0, monitor = 0x0, insmpl = 0, outsmpl = 0, fin = 4294, fout = 630, hangupcause = 16, varshead = {first = 0x0,    last = 0x0}, callgroup = 0, pickupgroup = 0, flags = 0, transfercapability = 16, readq = {first = 0x0, last = 0x0}, alertpipe = {-1, -1},  nativeformats = 8, readformat = 8, writeformat = 8, writetrans = 0x0, readtrans = 0x0, rawreadformat = 8, rawwriteformat = 8, spies = 0x0, whisper = 0x0,  chan_list = {next = 0x0}, jb = {conf = {flags = 0, max_size = 0, resync_threshold = 0, impl = '\0' <repeats 11 times>}, impl = 0x0, jbobj = 0x0,    timebase = {tv_sec = 0, tv_usec = 0}, next = 0, last_format = 0, logfile = 0x0, flags = 0}, emulate_dtmf_digit = 0 '\0', emulate_dtmf_duration = 0,  dtmf_tv = {tv_sec = 1197443837, tv_usec = 295645}, datastores = {first = 0x0, last = 0x4b0}} By: Gregory Hinton Nietsky (irroot) 2007-12-17 09:41:21.000-0600 ok this happens in a EVENT_RELEASE_COMPLETE in chan_misdn the name has not been set yet why ?? update_name is the function called when there is ... EVENT_NEW_CHANNEL the following only when there is a bchannel EVENT_SETUP_ACKNOWLEDGE EVENT_PROCEEDING EVENT_PROGRESS EVENT_ALERTING By: crich (crich) 2007-12-17 09:49:39.000-0600 The name is set when the channel is created, it gets only updated with the NEW_CHANNEL event in case we hadn't had a bchannel before. It seems to me there is some sort of hangup race-condition here. What about the misdn trace? By: Gregory Hinton Nietsky (irroot) 2007-12-17 09:50:04.000-0600 knowing the customer the call was from +27119746258 to DDI 8600 and appears to be a fax (context in channel) directed from the auto attendant ... perhaps the fact it was a fax holds the key ... this is one for critch ... besides all this we need to "protect against this" perhaps my patch with a big bold LOG_ERROR ?? By: Gregory Hinton Nietsky (irroot) 2007-12-17 09:53:01.000-0600 Christian greetings sorry this happend on 12 dec on a live untraced un debuged site all i have is the core dump. my money is on a hangup/fax detector race condition By: Igor Goncharovsky (igorg) 2007-12-17 22:47:21.000-0600 I have this issue in ASTERISK-1088944 (could anyone add relationship?) and only make calls to cellphone. I have switch on misdn trace waiting for crash... By: Digium Subversion (svnbot) 2008-02-29 17:30:56.000-0600 Repository: asterisk Revision: 105409 U   branches/1.4/main/autoservice.c ------------------------------------------------------------------------ r105409 | russell | 2008-02-29 17:30:48 -0600 (Fri, 29 Feb 2008) | 23 lines Fix a major bug in autoservice.  There was a race condition in the handling of the list of channels in autoservice.  The problem was that it was possible for a channel to get removed from autoservice and destroyed, while the autoservice was still messing with the channel.  This led to memory corruption, and caused crashes.  This explains multiple backtraces I have seen that have references to autoservice, but do to the nature of the issue (memory corruption), could cause crashes in a number of areas. (fixes the crash in BE-386) (closes issue ASTERISK-11165) (closes issue ASTERISK-11391) The following issues could be related.  If you are the reporter of one of these, please update to include this fix and try again. (potentially fixes issue ASTERISK-10713) (potentially fixes issue ASTERISK-11545) (potentially fixes issue ASTERISK-11058) (potentially fixes issue ASTERISK-11453) (potentially fixes issue ASTERISK-10713) (potentially fixes issue ASTERISK-11437) (potentially fixes issue ASTERISK-11259) ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=105409 By: Digium Subversion (svnbot) 2008-02-29 17:33:02.000-0600 Repository: asterisk Revision: 105410 _U  trunk/ U   trunk/main/autoservice.c ------------------------------------------------------------------------ r105410 | russell | 2008-02-29 17:33:00 -0600 (Fri, 29 Feb 2008) | 31 lines Merged revisions 105409 via svnmerge from https://origsvn.digium.com/svn/asterisk/branches/1.4 ........ r105409 | russell | 2008-02-29 17:34:32 -0600 (Fri, 29 Feb 2008) | 23 lines Fix a major bug in autoservice.  There was a race condition in the handling of the list of channels in autoservice.  The problem was that it was possible for a channel to get removed from autoservice and destroyed, while the autoservice was still messing with the channel.  This led to memory corruption, and caused crashes.  This explains multiple backtraces I have seen that have references to autoservice, but do to the nature of the issue (memory corruption), could cause crashes in a number of areas. (fixes the crash in BE-386) (closes issue ASTERISK-11165) (closes issue ASTERISK-11391) The following issues could be related.  If you are the reporter of one of these, please update to include this fix and try again. (potentially fixes issue ASTERISK-10713) (potentially fixes issue ASTERISK-11545) (potentially fixes issue ASTERISK-11058) (potentially fixes issue ASTERISK-11453) (potentially fixes issue ASTERISK-10713) (potentially fixes issue ASTERISK-11437) (potentially fixes issue ASTERISK-11259) ........ ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=105410 By: Digium Subversion (svnbot) 2008-02-29 17:57:03.000-0600 Repository: asterisk Revision: 105409 U   branches/1.4/main/autoservice.c ------------------------------------------------------------------------ r105409 | russell | 2008-02-29 17:34:32 -0600 (Fri, 29 Feb 2008) | 23 lines Fix a major bug in autoservice.  There was a race condition in the handling of the list of channels in autoservice.  The problem was that it was possible for a channel to get removed from autoservice and destroyed, while the autoservice thread was still messing with the channel.  This led to memory corruption, and caused crashes.  This explains multiple backtraces I have seen that have references to autoservice, but do to the nature of the issue (memory corruption), could cause crashes in a number of areas. (fixes the crash in BE-386) (closes issue ASTERISK-11165) (closes issue ASTERISK-11391) The following issues could be related.  If you are the reporter of one of these, please update to include this fix and try again. (potentially fixes issue ASTERISK-10713) (potentially fixes issue ASTERISK-11545) (potentially fixes issue ASTERISK-11058) (potentially fixes issue ASTERISK-11453) (potentially fixes issue ASTERISK-10713) (potentially fixes issue ASTERISK-11437) (potentially fixes issue ASTERISK-11259) ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=105409 By: Digium Subversion (svnbot) 2008-02-29 17:57:35.000-0600 Repository: asterisk Revision: 105410 _U  trunk/ U   trunk/main/autoservice.c ------------------------------------------------------------------------ r105410 | russell | 2008-02-29 17:36:46 -0600 (Fri, 29 Feb 2008) | 31 lines Merged revisions 105409 via svnmerge from https://origsvn.digium.com/svn/asterisk/branches/1.4 ........ r105409 | russell | 2008-02-29 17:34:32 -0600 (Fri, 29 Feb 2008) | 23 lines Fix a major bug in autoservice.  There was a race condition in the handling of the list of channels in autoservice.  The problem was that it was possible for a channel to get removed from autoservice and destroyed, while the autoservice thread was still messing with the channel.  This led to memory corruption, and caused crashes.  This explains multiple backtraces I have seen that have references to autoservice, but do to the nature of the issue (memory corruption), could cause crashes in a number of areas. (fixes the crash in BE-386) (closes issue ASTERISK-11165) (closes issue ASTERISK-11391) The following issues could be related.  If you are the reporter of one of these, please update to include this fix and try again. (potentially fixes issue ASTERISK-10713) (potentially fixes issue ASTERISK-11545) (potentially fixes issue ASTERISK-11058) (potentially fixes issue ASTERISK-11453) (potentially fixes issue ASTERISK-10713) (potentially fixes issue ASTERISK-11437) (potentially fixes issue ASTERISK-11259) ........ ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=105410 By: Jason Parker (jparker) 2008-05-06 15:58:30 Has anybody been able to reproduce this since Russell's commit in Feb? By: Tilghman Lesher (tilghman) 2008-07-16 11:15:33 Closing, due to lack of response.  I have to assume this was fixed by Russell's patch.