[Home]

Summary:ASTERISK-16319: [patch] crash if 'dahdi destroy channel' destroys a channel in a call
Reporter:Tzafrir Cohen (tzafrir)Labels:patch
Date Opened:2010-07-06 05:16:59Date Closed:
Priority:MinorRegression?No
Status:Open/NewComponents:Channels/chan_dahdi
Versions:Frequency of
Occurrence
Related
Issues:
Environment:Attachments:( 0) 17588_simplefix.diff
Description:Using 'dahdi destroy channel' to destroy a channel in which there is an active call causes Asterisk to crash. A symptom-fixing patch included.
Comments:By: Tzafrir Cohen (tzafrir) 2010-07-07 14:12:10

That specific fix is still not good enough. Here's another crahs scenario I have:

I have a quad-BRI device with spans 1-8 . I have a loop from span 1 (net_bri_ptmp) to span 3 (cpe_bri_ptmp). I start a call from Echo in one to Echo in the other:

*CLI> originate DAHDI/1/600 application Echo

*CLI> core show channels
Channel              Location             State   Application(Data)            
DAHDI/i1/600-1       s@from-pstn:1        Up      Echo()                        
DAHDI/i3/-1          600@from-pstn:1      Up      Playback(demo-echotest)      
2 active channels
1 active call
1 call processed

*CLI> dahdi destroy channel 1

*CLI> core show channels
Channel              Location             State   Application(Data)            
DAHDI/i3/-1          600@from-pstn:2      Up      Echo()                        
1 active channel
1 active call
1 call processed

Command 'module unload chan_dahdi.so ' failed.
*CLI> [Jul  7 21:52:57] WARNING[14542]: loader.c:505 ast_unload_resource: Soft unload failed, 'chan_dahdi.so' has use count 1

*CLI> dahdi destroy channel 2
*CLI> module unload chan_dahdi.so
Unloaded chan_dahdi.so

(After a second or so)

*CLI> /usr/src/git/asterisk/contrib/scripts/live_ast: line 185: 14542 Segmentation fault      (core dumped) $AST_BIN -C $AST_CONF "$@"



In the core I see:

#0  0x080bb7be in ast_hangup (chan=0xb1d02320) at channel.c:2378
2378                    if (chan->tech->hangup)
(gdb) bt
#0  0x080bb7be in ast_hangup (chan=0xb1d02320) at channel.c:2378
#1  0x0814755d in __ast_pbx_run (c=0xb1d02320, args=0x0) at pbx.c:4850
#2  0x08148750 in pbx_thread (data=0xb1d02320) at pbx.c:4942
#3  0x08188fcb in dummy_start (data=0xb1d05db0) at utils.c:971
#4  0xb7c944c0 in start_thread () from /lib/i686/cmov/libpthread.so.0
ASTERISK-1  0xb6eb384e in clone () from /lib/i686/cmov/libc.so.6

(gdb) print chan
$1 = (struct ast_channel *) 0xb1d02320
(gdb) print chan->tech
$2 = (const struct ast_channel_tech *) 0xb5ce1080
(gdb) print *chan->tech
Cannot access memory at address 0xb5ce1080


(gdb) print *chan
$3 = {tech = 0xb5ce1080, tech_pvt = 0x0, music_state = 0x0,
 generatordata = 0x0, generator = 0x0, _bridge = 0x0, masq = 0x0,
 masqr = 0x0, blockproc = 0x81c1506 "ast_waitfor_nandfds", appl = 0x0,
 data = 0x0, sched = 0x0, stream = 0x0, vstream = 0x0, timingfunc = 0,
 timingdata = 0x0, pbx = 0x0, writetrans = 0x0, readtrans = 0x0,
 audiohooks = 0x0, cdr = 0xb1d04068, zone = 0x0, monitor = 0x0,
 __field_mgr_pool = 0xb1d03e90, name = 0xb1d03ec0 "DAHDI/i3/-1",
 language = 0xb1d03ece "en", musicclass = 0x82300a6 "",
 accountcode = 0x82300a6 "", peeraccount = 0x82300a6 "",
 userfield = 0x82300a6 "", call_forward = 0x82300a6 "",
 uniqueid = 0xb1d03ea2 "1278528740.1", linkedid = 0xb1d03eb1 "1278528740.1",
 parkinglot = 0x82300a6 "", hangupsource = 0x82300a6 "",
 dialcontext = 0x82300a6 "", __field_mgr = {last_alloc = 0xb1d03ece "en",
   embedded_pool = 0x0}, whentohangup = {tv_sec = 0, tv_usec = 0},
 blocker = 2964937616, cid = {cid_dnid = 0xb1d01cb8 "600",
   cid_num = 0xb1d004a0 "", cid_name = 0xb1d00468 "",
   cid_ani = 0xb1d01cc8 "", cid_pres = 64, cid_ani2 = 0, cid_ton = 1,
   cid_tns = 0, cid_tag = 0xb1d01cd8 "", subaddress = {str = 0x0, type = 0,
     odd_even_indicator = 0 '\0', valid = 0 '\0'}, dialed_subaddress = {
     str = 0x0, type = 0, odd_even_indicator = 0 '\0', valid = 0 '\0'}},
 connected = {id = {number = 0x0, name = 0x0, tag = 0x0, subaddress = {
       str = 0x0, type = 0, odd_even_indicator = 0 '\0', valid = 0 '\0'},
     number_type = 0, number_presentation = 0}, ani = 0x0, ani2 = 0,
   source = 0}, redirecting = {from = {number = 0x0, name = 0x0, tag = 0x0,
     subaddress = {str = 0x0, type = 0, odd_even_indicator = 0 '\0',
       valid = 0 '\0'}, number_type = 0, number_presentation = 0}, to = {
     number = 0x0, name = 0x0, tag = 0x0, subaddress = {str = 0x0, type = 0,
       odd_even_indicator = 0 '\0', valid = 0 '\0'}, number_type = 0,
     number_presentation = 0}, count = 0, reason = 0}, dtmff = {
   frametype = 0, subclass = {integer = 0, codec = 0}, datalen = 0,
   samples = 0, mallocd = 0, mallocd_hdr_len = 0, offset = 0, src = 0x0,
   data = {ptr = 0x0, uint32 = 0, pad = "\000\000\000\000\000\000\000"},
   delivery = {tv_sec = 0, tv_usec = 0}, frame_list = {next = 0x0},
   flags = 0, ts = 0, len = 0, seqno = 0}, varshead = {first = 0xb97b018,
   last = 0xb1d05ab0}, callgroup = 0, pickupgroup = 0, readq = {
   first = 0xbb6b3e0, last = 0xbb601e0}, jb = {conf = {flags = 0,
     max_size = -1, resync_threshold = -1, impl = '\0' <repeats 11 times>,
     target_extra = -1}, impl = 0x0, jbobj = 0x0, timebase = {tv_sec = 0,
     tv_usec = 0}, next = 0, last_format = 0, logfile = 0x0, flags = 0},
 dtmf_tv = {tv_sec = 0, tv_usec = 0}, datastores = {first = 0xb1d047f8,
   last = 0xb1d047f8}, autochans = {first = 0x0, last = 0x0}, insmpl = 0,
 outsmpl = 0, fds = {23, -1, -1, -1, -1, -1, -1, -1, 106, -1},
 _softhangup = 16, fdno = 8, streamid = -1, vstreamid = 0,
 oldwriteformat = 8, timingfd = 106, _state = AST_STATE_UP, rings = 1,
 priority = 2, macropriority = 0, amaflags = 3,
 adsicpe = AST_ADSI_UNAVAILABLE, fin = 3025, fout = 3020, hangupcause = 0,
   delivery = {tv_sec = 0, tv_usec = 0}, frame_list = {next = 0x0},
   flags = 0, ts = 0, len = 0, seqno = 0}, varshead = {first = 0xb97b018,
   last = 0xb1d05ab0}, callgroup = 0, pickupgroup = 0, readq = {
   first = 0xbb6b3e0, last = 0xbb601e0}, jb = {conf = {flags = 0,
     max_size = -1, resync_threshold = -1, impl = '\0' <repeats 11 times>,
     target_extra = -1}, impl = 0x0, jbobj = 0x0, timebase = {tv_sec = 0,
     tv_usec = 0}, next = 0, last_format = 0, logfile = 0x0, flags = 0},
 dtmf_tv = {tv_sec = 0, tv_usec = 0}, datastores = {first = 0xb1d047f8,
   last = 0xb1d047f8}, autochans = {first = 0x0, last = 0x0}, insmpl = 0,
 outsmpl = 0, fds = {23, -1, -1, -1, -1, -1, -1, -1, 106, -1},
 _softhangup = 16, fdno = 8, streamid = -1, vstreamid = 0,
 oldwriteformat = 8, timingfd = 106, _state = AST_STATE_UP, rings = 1,
 priority = 2, macropriority = 0, amaflags = 3,
 adsicpe = AST_ADSI_UNAVAILABLE, fin = 3025, fout = 3020, hangupcause = 0,
 flags = 32, alertpipe = {-1, -1}, nativeformats = 8, readformat = 8,
 writeformat = 8, rawreadformat = 8, rawwriteformat = 8,
 emulate_dtmf_duration = 0, visible_indication = 0, transfercapability = 0,
 bridge = 0x0, timer = 0xb1d004b0,
 context = "from-pstn", '\0' <repeats 70 times>,
 exten = "600", '\0' <repeats 76 times>,
 macrocontext = '\0' <repeats 79 times>,
 macroexten = '\0' <repeats 79 times>, emulate_dtmf_digit = 0 '\0'}