ASTERISK-14187: Segmentation fault. Strange sound generate in channal when onhook(without segmentation fault).

[Home]

Summary: ASTERISK-14187: Segmentation fault. Strange sound generate in channal when onhook(without segmentation fault).

Reporter: krisv (krisv) Labels:

Date Opened: 2009-05-22 04:58:55 Date Closed: 2011-06-07 14:00:55

Priority: Major Regression? No

Status: Closed/Complete Components: Channels/chan_dahdi

Versions: Frequency of
Occurrence

Related
Issues:

Environment: Attachments:

Description: (gdb) bt
#0 0x080884d6 in ?? ()
#1 0xb6aa0cc0 in mwi_send_thread (data=0x9f08900) at chan_dahdi.c:7905
#2 0x08158a58 in dummy_start (data=0x9f5ba30) at utils.c:968
#3 0xb7d8d4ff in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#4 0xb7e8849e in clone () from /lib/tls/i686/cmov/libc.so.6
Current language: auto; currently asm
(gdb) bt full
#0 0x080884d6 in ?? ()
No locals.
#1 0xb6aa0cc0 in mwi_send_thread (data=0x9f08900) at chan_dahdi.c:7905
mtd = (struct mwi_thread_data *) 0x9f08900
timeout_basis = {tv_sec = 1242920546, tv_usec = 610781}
suspend = {tv_sec = -1241939128, tv_usec = 134705180}
now = {tv_sec = 136050376, tv_usec = -1210462220}
x = 3000
i = 167098928
res = 0
num_read = 350
mwi_send_state = MWI_SEND_SPILL
__PRETTY_FUNCTION__ = "mwi_send_thread"
#2 0x08158a58 in dummy_start (data=0x9f5ba30) at utils.c:968
__cancel_buf = {__cancel_jmp_buf = {{__cancel_jmp_buf = {-1210462220, 0, 0, -1241939016, -1503518733, 2121330312}, __mask_was_saved = 0}}, __pad = {0xb5f98480, 0x0,
0x9f58fd0, 0xb7e1552e}}
__cancel_routine = (void (*)(void *)) 0x807701e <ast_unregister_thread>
__cancel_arg = (void *) 0xb5f98b90
not_first_call = 0
ret = (void *) 0xb7d8d2e0
a = {start_routine = 0xb6aa0af9 <mwi_send_thread>, data = 0x9f08900, name = 0x9f59070 "mwi_send_thread started at [ 8389] chan_dahdi.c do_monitor()"}
#3 0xb7d8d4ff in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
No symbol table info available.
#4 0xb7e8849e in clone () from /lib/tls/i686/cmov/libc.so.6
No symbol table info available.
(gdb) thread apply all bt

Thread 36 (process 25598):
#0 0xb7e88488 in clone () from /lib/tls/i686/cmov/libc.so.6
#1 0x00000000 in ?? ()

Thread 35 (process 25573):
#0 0xb80b5430 in __kernel_vsyscall ()
#1 0xb7d910e5 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/tls/i686/cmov/libpthread.so.0
#2 0xb7e972ed in pthread_cond_wait () from /lib/tls/i686/cmov/libc.so.6
#3 0x080e7c2b in ast_cond_wait (cond=0x81d18a0, t=0x81ba368) at /home/kris/workspace/asterisk/asterisk-1.6.1.0/include/asterisk/lock.h:1713
#4 0x080e7b74 in logger_thread (data=0x0) at logger.c:976
ASTERISK-1 0x08158a58 in dummy_start (data=0x9e878b0) at utils.c:968
ASTERISK-2 0xb7d8d4ff in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
ASTERISK-3 0xb7e8849e in clone () from /lib/tls/i686/cmov/libc.so.6

Thread 34 (process 25571):
#0 0xb80b5430 in __kernel_vsyscall ()
#1 0xb7d910e5 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/tls/i686/cmov/libpthread.so.0
#2 0xb7e972ed in pthread_cond_wait () from /lib/tls/i686/cmov/libc.so.6
#3 0x0814b587 in ast_cond_wait (cond=0x9e82f74, t=0x9e82fa8) at /home/kris/workspace/asterisk/asterisk-1.6.1.0/include/asterisk/lock.h:1713
#4 0x0814b40f in tps_processing_function (data=0x9e82f70) at taskprocessor.c:293
ASTERISK-1 0x08158a58 in dummy_start (data=0x9e83010) at utils.c:968
ASTERISK-2 0xb7d8d4ff in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
ASTERISK-3 0xb7e8849e in clone () from /lib/tls/i686/cmov/libc.so.6

Thread 33 (process 25570):
#0 0xb80b5430 in __kernel_vsyscall ()
#1 0xb7e77e2b in read () from /lib/tls/i686/cmov/libc.so.6
#2 0x081631c1 in read_char (el=0x9e7a658, cp=0xbffd2ccb "?") at /usr/include/bits/unistd.h:45
#3 0x0815df77 in ?? ()
#4 0x0815e1a1 in ?? ()
ASTERISK-1 0x080812b8 in ?? ()
ASTERISK-2 0xb7dba775 in __libc_start_main () from /lib/tls/i686/cmov/libc.so.6
ASTERISK-3 0x0805f331 in ?? () at ../sysdeps/i386/elf/start.S:119

Thread 32 (process 25596):
#0 0xb80b5430 in __kernel_vsyscall ()
#1 0xb7e7dae7 in poll () from /lib/tls/i686/cmov/libc.so.6
#2 0x080e0df5 in ast_io_wait (ioc=0x9eea918, howlong=1000) at io.c:275
#3 0xb6dee65d in do_monitor (data=0x0) at chan_mgcp.c:3484
#4 0x08158a58 in dummy_start (data=0x9eebdc8) at utils.c:968
ASTERISK-1 0xb7d8d4ff in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
ASTERISK-2 0xb7e8849e in clone () from /lib/tls/i686/cmov/libc.so.6

---Type <return> to continue, or q <return> to quit---

Quit
(gdb) q
root@kris-desktop:~# asterisk -v
Asterisk 1.6.1.0, Copyright (C) 1999 - 2008 Digium, Inc. and others.
Created by Mark Spencer <markster@digium.com>
Asterisk comes with ABSOLUTELY NO WARRANTY; type 'core show warranty' for details.
This is free software, with components licensed under the GNU General Public
License version 2 and other licenses; you are welcome to redistribute it under
certain conditions. Type 'core show license' for details.
=========================================================================
root@kris-desktop:~# uname -a
Linux kris-desktop 2.6.27.18-custom ASTERISK-2 SMP Mon Apr 27 16:22:40 MSD 2009 i686 GNU/Linux

****** ADDITIONAL INFORMATION ******

Maybe i found possible errors:

in static void *do_monitor(void *data)

Line 8368: 1) Maybe (!last->mwisendactive && (last->sig & __DAHDI_SIG_FXO)) instead of (!last->mwisendactive && last->sig & __DAHDI_SIG_FXO)
Line 8370: 2) If case of "last->msgstae = - 1 /*Unknown*/ and res = 0 /*No messages*/" we initiate a thread to send an MWI message.
Line 8391: 3) 'mtd' freed (ast_free(mtd)), but it could be still used in mwi_send_thread.

Comments: By: Tilghman Lesher (tilghman) 2009-08-27 18:00:14

There have been recent changes to chan_dahdi that may fix this crash. I'd like to see if you can reproduce this crash using SVN branch 1.6.1, revision 212433 or later.
By: Leif Madsen (lmadsen) 2009-09-22 08:43:26

Closed per Tilghman's note. Please retest, and reopen this issue if necessary. Thanks!