| Summary: | ASTERISK-14359: [patch] Crash in do_monitor() in chan_dahdi.c | ||
| Reporter: | Samy Kamkar (samyk) | Labels: | |
| Date Opened: | 2009-06-22 12:54:28 | Date Closed: | 2009-09-15 11:01:23 |
| Priority: | Critical | Regression? | No |
| Status: | Closed/Complete | Components: | Channels/chan_dahdi |
| Versions: | Frequency of Occurrence | ||
| Related Issues: | |||
| Environment: | Attachments: | ( 0) 1063cr1.txt ( 1) 20090828__issue15378.diff.txt | |
| Description: | I'm unable to reproduce but have a core file of Asterisk 1.6.0.10 of a crash in chan_dahdi.c. It looks like `iflist` may have been modified somewhere else without a lock though I'm not positive (see Additional Information or attached file). I have MALLOC_DEBUG, DONT_OPTIMIZE, DEBUG_THREADS and DEBUG_CHANNEL_LOCKS enabled. I'm running Asterisk 1.6.0.10 on linux: [root ~]# cat /etc/redhat-release Fedora Core release 3 (Heidelberg) [root ~]# uname -a Linux pbxtra1063 2.6.9-1.667 #1 Tue Nov 2 14:41:25 EST 2004 i686 i686 i386 GNU/Linux I've attached a full backtrace. Please let me know if there is any more info I can provide. ****** ADDITIONAL INFORMATION ****** Note the "Cannot access memory": (gdb) f 0 #0 0xf5b83570 in do_monitor (data=0x0) at chan_dahdi.c:8269 8269 if (!last->cidspill && !last->owner && !ast_strlen_zero(last->mailbox) && (thispass - last->onhooktime > 3) && (gdb) p last $1 = (struct dahdi_pvt *) 0x4f0a3020 (gdb) p *last Cannot access memory at address 0x4f0a3020 | ||
| Comments: | By: Digium Subversion (svnbot) 2009-09-14 16:48:46 Repository: asterisk Revision: 218401 U branches/1.4/channels/chan_dahdi.c ------------------------------------------------------------------------ r218401 | jpeeler | 2009-09-14 16:48:45 -0500 (Mon, 14 Sep 2009) | 11 lines Fix handling of DAHDI_EVENT_REMOVED event to prevent crash in do_monitor. After talking to rmudgett about some of his recent iflist locking changes, it was determined that the only place that would destroy a channel without being explicitly to do so was in handle_init_event. The loop to walk the interface list has been modified to wait to destroy the channel until the dahdi_pvt of the channel to be destroyed is no longer needed. (closes issue ASTERISK-14359) Reported by: samy ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=218401 By: Digium Subversion (svnbot) 2009-09-14 17:39:59 Repository: asterisk Revision: 218430 _U trunk/ U trunk/channels/chan_dahdi.c U trunk/channels/sig_analog.c U trunk/channels/sig_analog.h ------------------------------------------------------------------------ r218430 | jpeeler | 2009-09-14 17:39:59 -0500 (Mon, 14 Sep 2009) | 18 lines Merged revisions 218401 via svnmerge from https://origsvn.digium.com/svn/asterisk/branches/1.4 ........ r218401 | jpeeler | 2009-09-14 16:47:11 -0500 (Mon, 14 Sep 2009) | 11 lines Fix handling of DAHDI_EVENT_REMOVED event to prevent crash in do_monitor. After talking to rmudgett about some of his recent iflist locking changes, it was determined that the only place that would destroy a channel without being explicitly to do so was in handle_init_event. The loop to walk the interface list has been modified to wait to destroy the channel until the dahdi_pvt of the channel to be destroyed is no longer needed. (closes issue ASTERISK-14359) Reported by: samy ........ ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=218430 By: Digium Subversion (svnbot) 2009-09-14 17:50:59 Repository: asterisk Revision: 218431 U branches/1.6.0/channels/chan_dahdi.c ------------------------------------------------------------------------ r218431 | jpeeler | 2009-09-14 17:50:59 -0500 (Mon, 14 Sep 2009) | 25 lines Merged revisions 218430 via svnmerge from https://origsvn.digium.com/svn/asterisk/trunk ................ r218430 | jpeeler | 2009-09-14 17:38:25 -0500 (Mon, 14 Sep 2009) | 18 lines Merged revisions 218401 via svnmerge from https://origsvn.digium.com/svn/asterisk/branches/1.4 ........ r218401 | jpeeler | 2009-09-14 16:47:11 -0500 (Mon, 14 Sep 2009) | 11 lines Fix handling of DAHDI_EVENT_REMOVED event to prevent crash in do_monitor. After talking to rmudgett about some of his recent iflist locking changes, it was determined that the only place that would destroy a channel without being explicitly to do so was in handle_init_event. The loop to walk the interface list has been modified to wait to destroy the channel until the dahdi_pvt of the channel to be destroyed is no longer needed. (closes issue ASTERISK-14359) Reported by: samy ........ ................ ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=218431 By: Digium Subversion (svnbot) 2009-09-15 10:42:47 Repository: asterisk Revision: 218569 U branches/1.6.1/channels/chan_dahdi.c ------------------------------------------------------------------------ r218569 | jpeeler | 2009-09-15 10:42:46 -0500 (Tue, 15 Sep 2009) | 25 lines Merged revisions 218430 via svnmerge from https://origsvn.digium.com/svn/asterisk/trunk ................ r218430 | jpeeler | 2009-09-14 17:38:25 -0500 (Mon, 14 Sep 2009) | 18 lines Merged revisions 218401 via svnmerge from https://origsvn.digium.com/svn/asterisk/branches/1.4 ........ r218401 | jpeeler | 2009-09-14 16:47:11 -0500 (Mon, 14 Sep 2009) | 11 lines Fix handling of DAHDI_EVENT_REMOVED event to prevent crash in do_monitor. After talking to rmudgett about some of his recent iflist locking changes, it was determined that the only place that would destroy a channel without being explicitly to do so was in handle_init_event. The loop to walk the interface list has been modified to wait to destroy the channel until the dahdi_pvt of the channel to be destroyed is no longer needed. (closes issue ASTERISK-14359) Reported by: samy ........ ................ ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=218569 By: Digium Subversion (svnbot) 2009-09-15 11:01:22 Repository: asterisk Revision: 218576 _U branches/1.6.2/ U branches/1.6.2/channels/chan_dahdi.c ------------------------------------------------------------------------ r218576 | jpeeler | 2009-09-15 11:01:22 -0500 (Tue, 15 Sep 2009) | 25 lines Merged revisions 218430 via svnmerge from https://origsvn.digium.com/svn/asterisk/trunk ................ r218430 | jpeeler | 2009-09-14 17:38:25 -0500 (Mon, 14 Sep 2009) | 18 lines Merged revisions 218401 via svnmerge from https://origsvn.digium.com/svn/asterisk/branches/1.4 ........ r218401 | jpeeler | 2009-09-14 16:47:11 -0500 (Mon, 14 Sep 2009) | 11 lines Fix handling of DAHDI_EVENT_REMOVED event to prevent crash in do_monitor. After talking to rmudgett about some of his recent iflist locking changes, it was determined that the only place that would destroy a channel without being explicitly to do so was in handle_init_event. The loop to walk the interface list has been modified to wait to destroy the channel until the dahdi_pvt of the channel to be destroyed is no longer needed. (closes issue ASTERISK-14359) Reported by: samy ........ ................ ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=218576 | ||