ASTERISK-15396: chan_unistim randomly crashes

[Home]

Summary: ASTERISK-15396: chan_unistim randomly crashes

Reporter: Barry Flanagan (barryf) Labels:

Date Opened: 2010-01-05 03:51:23.000-0600 Date Closed: 2011-07-27 09:11:32

Priority: Critical Regression? No

Status: Closed/Complete Components: Channels/chan_unistim

Versions: Frequency of
Occurrence

Related
Issues:

Environment: Attachments:

Description: Having a problem with Asterisk segfaulting due to the chan_unistim driver. Appears to happen when calls are put on hold (atxfer), and one of the channels disappears.

Backtrace included below

****** ADDITIONAL INFORMATION ******

#0 0x00007f9260efec2d in local_ast_moh_stop (chan=0x0) at res_musiconhold.c:1405
#1 0x000000000045e5f4 in ast_moh_stop (chan=0x0) at channel.c:5465
#2 0x00007f9259f9ad3f in key_dial_page (pte=0xcd1680, keycode=92 '\\') at chan_unistim.c:2722
#3 0x00007f9259f9d135 in process_request (size=14, buf=0x820180 "", pte=0xcd1680) at chan_unistim.c:3390
#4 0x00007f9259f9de10 in parsing (size=14, buf=0x820180 "", pte=0xcd1680, addr_from=0x7f9259f8df90) at chan_unistim.c:3571
ASTERISK-1 0x00007f9259f9f10f in unistimsock_read (id=0x821480, fd=11, events=1, ignore=0x0) at chan_unistim.c:3893
ASTERISK-2 0x000000000049e348 in ast_io_wait (ioc=0x821190, howlong=1000) at io.c:288
ASTERISK-3 0x00007f9259fa14ef in do_monitor (data=0x0) at chan_unistim.c:4561
ASTERISK-4 0x0000000000512ad2 in dummy_start (data=0x8967f0) at utils.c:861
ASTERISK-5 0x00007f92656cb3ba in start_thread () from /lib/libpthread.so.0
ASTERISK-6 0x00007f9265bc9fcd in clone () from /lib/libc.so.6
ASTERISK-7 0x0000000000000000 in ?? ()
(gdb) bt full
#0 0x00007f9260efec2d in local_ast_moh_stop (chan=0x0) at res_musiconhold.c:1405
state = (struct moh_files_state *) 0x0
#1 0x000000000045e5f4 in ast_moh_stop (chan=0x0) at channel.c:5465
No locals.
#2 0x00007f9259f9ad3f in key_dial_page (pte=0xcd1680, keycode=92 '\\') at chan_unistim.c:2722
No locals.
#3 0x00007f9259f9d135 in process_request (size=14, buf=0x820180 "", pte=0xcd1680) at chan_unistim.c:3390
keycode = 92 '\\'
tmpbuf = "10.80.60\000\000\000\000\000\000\000\000####", '\0' <repeats 12 times>, "########?e\222\177\000\000\000\000\000\000\000\000\000\000\006\000\000\000\000\000\000\0000##Y\222\177\000\000\000\000\000\000\000\000\000\000W\000\000\000\000\000\000\000&/#####2\177\000\000#\026##000\000\000\000\000\220##Y\222\177\000\000\200\001\202\000\000\000\000\000W9\004\000\006\000\000\000\220##Y\222\177\000\000\020\000\000\000\000\000\000\000p##Y\222\177\000\000\001\000\000\000\000\000\000\000\220##Y\222\177\000\000 ", '\0' <repeats 11 times>, "\222\177\000\000\000\000\000\000\000\000\000\000\200\001\202\000\000\000\000\000\006\000\000"...
__PRETTY_FUNCTION__ = "process_request"
#4 0x00007f9259f9de10 in parsing (size=14, buf=0x820180 "", pte=0xcd1680, addr_from=0x7f9259f8df90) at chan_unistim.c:3571
sbuf = (short unsigned int *) 0x820180
seq = 34
tmpbuf = "10.80.60.8\000e\222\177\000\000\000\000\000\000\000\000\000\000\v\000\000\000\000\000\000\000\200##Y\222\177", '\0' <repeats 18 times>, "&/#####2\177\000\000X\233##000\000\000\000\000H\233##000\000\000\000\000##236##000\000\000\000\000###Y\v\000\000\000H\233##000\000\000\000\000\020\000\000\000\222\177\000\000#######2\177\000\000\001\000\000\000\000\000\000\000###Y\222\177\000\000 ", '\0' <repeats 15 times>, "\031#\000\000\000\000\000\000##236##000\000\000\000\000\v\000\000\000\000\000\000\000####\222\177\000\000###Y\222\177\000\000\034", '\0' <repeats 15 times>, "0##Y\222\177", '\0' <repeats 18 times>...
__PRETTY_FUNCTION__ = "parsing"
ASTERISK-1 0x00007f9259f9f10f in unistimsock_read (id=0x821480, fd=11, events=1, ignore=0x0) at chan_unistim.c:3893
addr_from = {sin_family = 2, sin_port = 34835, sin_addr = {s_addr = 138170378}, sin_zero = "\000\000\000\000\000\000\000"}
cur = (struct unistimsession *) 0xcd1680
found = 1
tmp = 9
dw_num_bytes_rcvd = 14
__PRETTY_FUNCTION__ = "unistimsock_read"
ASTERISK-2 0x000000000049e348 in ast_io_wait (ioc=0x821190, howlong=1000) at io.c:288
res = 1
x = 0
origcnt = 1
ASTERISK-3 0x00007f9259fa14ef in do_monitor (data=0x0) at chan_unistim.c:4561
cur = (struct unistimsession *) 0x0
dw_timeout = 1220
tick = 4257677328
res = 1000
---Type <return> to continue, or q <return> to quit---
reloading = 0
ASTERISK-4 0x0000000000512ad2 in dummy_start (data=0x8967f0) at utils.c:861
__cancel_buf = {__cancel_jmp_buf = {{__cancel_jmp_buf = {0, 6491803952329878801, 0, 0, 140266759839808, 140735045479168,
6491803952304712977, -6542826326245806831}, __mask_was_saved = 0}}, __pad = {0x7f9259f8e1b0, 0x0, 0x0, 0x0}}
__cancel_routine = (void (*)(void *)) 0x433ac6 <ast_unregister_thread>
__cancel_arg = (void *) 0x7f9259f8e950
not_first_call = 0
ret = (void *) 0x0
a = {start_routine = 0x7f9259fa12c1 <do_monitor>, data = 0x0,
name = 0x896810 "do_monitor", ' ' <repeats 11 times>, "started at [ 4600] chan_unistim.c restart_monitor()"}
ASTERISK-5 0x00007f92656cb3ba in start_thread () from /lib/libpthread.so.0
No symbol table info available.
ASTERISK-6 0x00007f9265bc9fcd in clone () from /lib/libc.so.6
No symbol table info available.
ASTERISK-7 0x0000000000000000 in ?? ()
No symbol table info available.

Comments: By: Barry Flanagan (barryf) 2010-01-19 09:35:07.000-0600

I am still getting this exact crash. Any one any ideas for a fix?

Thanks.
By: Barry Flanagan (barryf) 2010-02-12 09:18:19.000-0600

Happened again today:

#0 0x00007f924017de44 in local_ast_moh_stop (chan=0x0) at res_musiconhold.c:1431
1431 struct moh_files_state *state = chan->music_state;
(gdb) bt full
#0 0x00007f924017de44 in local_ast_moh_stop (chan=0x0) at res_musiconhold.c:1431
state = (struct moh_files_state *) 0x0
#1 0x000000000045e38f in ast_moh_stop (chan=0x0) at channel.c:5462
No locals.
#2 0x00007f923837fd3f in key_dial_page (pte=0xf54f30, keycode=92 '\\') at chan_unistim.c:2722
No locals.
#3 0x00007f9238382135 in process_request (size=14, buf=0x8860f0 "", pte=0xf54f30) at chan_unistim.c:3390
keycode = 92 '\\'
tmpbuf = "10.80.60.4 Unknown request packet\n\000???????aC\222\177\000\000\000\000\000\000\000\000\000\000\006\000\000\000\000\000\000\0000-78\222\177\000\000\000\000\000\000\000\000\000\000?D\a,\222\177\000\000&\17778\222\177\000\000hO?\000\000\000\000\000\220/78\222\177\000\000?`\210\000\000\000\000\000?\"\t\000\006\000\000\000\220/78\222\177\000\000\020\000\000\000\000\000\000\000p-78\222\177\000\000\001\000\000\000\000\000\000\000\220-78\222\177\000\000 ", '\0' <repeats 11 times>, "\222\177\000\000\000\000\000\000\000\000\000\000?`\210\000\000\000\000\000\006"...
__PRETTY_FUNCTION__ = "process_request"
#4 0x00007f9238382e10 in parsing (size=14, buf=0x8860f0 "", pte=0xf54f30, addr_from=0x7f9238372f90) at chan_unistim.c:3571
sbuf = (short unsigned int *) 0x8860f0
seq = 409
tmpbuf = "10.80.60.23\00098\000\000\000\000\000\000\000\000\000\000\v\000\000\000\000\000\000\000\200.78\222\177", '\0' <repeats 18 times>, "&\17778\222\177\000\000x??\000\000\000\000\000h??\000\000\000\000\000???\000\000\000\000\000?/78\v\000\000\000h??\000\000\000\000\000\020\000\000\000\222\177\000\000?.78\222\177\000\000\001\000\000\000\000\000\000\000?.78\222\177\000\000 ", '\0' <repeats 16 times>, "?\000\000\000\000\000\000???\000\000\000\000\000\v\000\000\000\000\000\000\000?.78\222\177\000\000?.78\222\177\000\000\034", '\0' <repeats 15 times>, "0/78\222\177", '\0' <repeats 18 times>...
__PRETTY_FUNCTION__ = "parsing"
ASTERISK-1 0x00007f923838410f in unistimsock_read (id=0x889630, fd=11, events=1, ignore=0x0) at chan_unistim.c:3893
addr_from = {sin_family = 2, sin_port = 34835, sin_addr = {s_addr = 389828618}, sin_zero = "\000\000\000\000\000\000\000"}
cur = (struct unistimsession *) 0xf54f30
found = 1
tmp = 4
dw_num_bytes_rcvd = 14
__PRETTY_FUNCTION__ = "unistimsock_read"
ASTERISK-2 0x000000000049dfa4 in ast_io_wait (ioc=0x887100, howlong=1000) at io.c:288
res = 1
x = 0
origcnt = 1
ASTERISK-3 0x00007f92383864ef in do_monitor (data=0x0) at chan_unistim.c:4561
cur = (struct unistimsession *) 0x0
dw_timeout = 1569
tick = 3266685229
res = 1000
reloading = 0
ASTERISK-4 0x0000000000512617 in dummy_start (data=0x88a1c0) at utils.c:861
__cancel_buf = {__cancel_jmp_buf = {{__cancel_jmp_buf = {0, 3322408761729821053, 0, 0, 140266183454784, 140734469092656,
3322408761754986877, -3368725616947811971}, __mask_was_saved = 0}}, __pad = {0x7f92383731b0, 0x0, 0x0, 0x0}}
__cancel_routine = (void (*)(void *)) 0x4338a6 <ast_unregister_thread>
__cancel_arg = (void *) 0x7f9238373950
not_first_call = 0
ret = (void *) 0x0
a = {start_routine = 0x7f92383862c1 <do_monitor>, data = 0x0,
name = 0x88a1e0 "do_monitor", ' ' <repeats 11 times>, "started at [ 4600] chan_unistim.c restart_monitor()"}
---Type <return> to continue, or q <return> to quit---
ASTERISK-5 0x00007f924311c3ba in start_thread () from /lib/libpthread.so.0
No symbol table info available.
ASTERISK-6 0x00007f924361afcd in clone () from /lib/libc.so.6
No symbol table info available.
ASTERISK-7 0x0000000000000000 in ?? ()
No symbol table info available.
By: Barry Flanagan (barryf) 2010-02-24 07:40:13.000-0600

In desperation I have commented out the case stanza associated with the following:

#2 0x00007f923837fd3f in key_dial_page (pte=0xf54f30, keycode=92 '\\') at chan_unistim.c:2722

.. and replaced it with a log notice, as this appears to be where the crash occurs. So far, no more crashes and my users get by using the hook to hang up.

I am not even sure under what circumstances this routine would be run. It does not get used that often from what I can see.
By: Russell Bryant (russell) 2011-07-27 09:11:25.415-0500

Per the Asterisk maintenance timeline page at http://www.asterisk.org/asterisk-versions maintenance (bug) support for the 1.4 and 1.6.x branches has ended. For continued maintenance support please move to the 1.8 branch which is a long term support (LTS) branch. For more information about branch support, please see https://wiki.asterisk.org/wiki/display/AST/Asterisk+Versions

If this is still an issue, please open a new issue so it can be re-triaged appropriately. Thanks!