| Summary: | ASTERISK-05256: segfault during atxfer | ||
| Reporter: | Wallace Wadge (wwadge) | Labels: | |
| Date Opened: | 2005-10-06 04:23:55 | Date Closed: | 2008-01-15 15:50:41.000-0600 |
| Priority: | Critical | Regression? | No |
| Status: | Closed/Complete | Components: | Core/General |
| Versions: | Frequency of Occurrence | ||
| Related Issues: | |||
| Environment: | Attachments: | ||
| Description: | During attended transfer I sometimes get a segfault. I press "1" (my predefined code), hear "transfer", dial the extension and it all comes down. core dump trace: #0 0x00a5039a in agent_read (ast=0xb7034530) at chan_agent.c:447 447 if (!p->ackcall && !p->acknowledged && p->chan->_state == AST_STATE_UP) (gdb) bt #0 0x00a5039a in agent_read (ast=0xb7034530) at chan_agent.c:447 #1 0x08060c5d in ast_read (chan=0xb7034530) at channel.c:1570 #2 0x080670a2 in ast_generic_bridge (playitagain=0xb717dbf8, playit=0xb717dbfc, c0=0xb70454c8, c1=0xb7034530, config=0xb717dec0, fo=0xb717dca8, rc=0xb717dcac) at channel.c:2958 #3 0x080645c2 in ast_channel_bridge (c0=0xb70454c8, c1=0xb7034530, config=0xb717dec0, fo=0xb717dca8, rc=0xb717dcac) at channel.c:3213 #4 0x00a86c79 in ast_bridge_call (chan=0xb70454c8, peer=0xb7034530, config=0xb717dec0) at res_features.c:1285 ASTERISK-1 0x00bb2d29 in try_calling (qe=0xb717e180, options=0xb717e180 "@Y\204\bdefault", announceoverride=0xb717e300 "", url=0xb717e2ff "", go_on=0xb7034530) at app_queue.c:2189 ASTERISK-2 0x00bae200 in queue_exec (chan=0xb70454c8, data=0xb717e2fc) at app_queue.c:2891 ASTERISK-3 0x0808b3ff in pbx_extension_helper (c=0xb70454c8, con=0x0, context=0xb7045618 "call_center", exten=0xb704570c "s", priority=6, label=0x0, callerid=0x8844930 "Queue", action=0) at pbx.c:553 ASTERISK-4 0x0808c004 in __ast_pbx_run (c=0xb70454c8) at pbx.c:2151 ASTERISK-5 0x0808cc29 in pbx_thread (data=0xb70454c8) at pbx.c:2438 ASTERISK-6 0x0084edec in start_thread () from /lib/tls/libpthread.so.0 ASTERISK-7 0x00221a2a in clone () from /lib/tls/libc.so.6 (gdb) p p $1 = (struct agent_pvt *) 0x87f2498 (gdb) p p->chan $2 = (struct ast_channel *) 0x0 so we're trying to deref a null pointer here. full stack trace: #0 0x00a5039a in agent_read (ast=0xb7034530) at chan_agent.c:447 p = (struct agent_pvt *) 0x87f2498 f = (struct ast_frame *) 0xa5a720 null_frame = {frametype = 5, subclass = 0, datalen = 0, samples = 0, mallocd = 0, offset = 0, src = 0x0, data = 0x0, delivery = {tv_sec = 0, tv_usec = 0}, prev = 0x0, next = 0x0} answer_frame = {frametype = 4, subclass = 4, datalen = 0, samples = 0, mallocd = 0, offset = 0, src = 0x0, data = 0x0, delivery = {tv_sec = 0, tv_usec = 0}, prev = 0x0, next = 0x0} t = {tv_sec = 0, tv_usec = 0} #1 0x08060c5d in ast_read (chan=0xb7034530) at channel.c:1570 f = (struct ast_frame *) 0x0 blah = 0 prestate = 6 func = (int (*)(void *)) 0 data = (void *) 0x0 res = 0 null_frame = {frametype = 5, subclass = 0, datalen = 0, samples = 0, mallocd = 0, offset = 0, src = 0x0, data = 0x0, delivery = {tv_sec = 0, tv_usec = 0}, prev = 0x0, next = 0x0} #2 0x080670a2 in ast_generic_bridge (playitagain=0xb717dbf8, playit=0xb717dbfc, c0=0xb70454c8, c1=0xb7034530, config=0xb717dec0, fo=0xb717dca8, rc=0xb717dcac) at channel.c:2958 cs = {0xb70454c8, 0xb7034530, 0x0} to = -1 f = (struct ast_frame *) 0x48 who = (struct ast_channel *) 0xb7034530 pvt0 = (void *) 0x0 pvt1 = (void *) 0x0 res = AST_BRIDGE_COMPLETE o0nativeformats = 72 o1nativeformats = 8 elapsed_ms = 72 time_left_ms = 0 watch_c0_dtmf = 1 watch_c1_dtmf = 2 #3 0x080645c2 in ast_channel_bridge (c0=0xb70454c8, c1=0xb7034530, config=0xb717dec0, fo=0xb717dca8, rc=0xb717dcac) at channel.c:3213 res = -1223173124 nativefailed = 0 firstpass = -1223172416 o0nativeformats = 72 o1nativeformats = 8 elapsed_ms = -1223172416 time_left_ms = -1223173124 playit = 0 playitagain = 1 first_time = 1 caller_warning = 0 '\0' callee_warning = 0 '\0' #4 0x00a86c79 in ast_bridge_call (chan=0xb70454c8, peer=0xb7034530, config=0xb717dec0) at res_features.c:1285 tmp = "\230\230'\000\020\000�MJ\000E\003�\027�t\205\0008�027s\026J\000E\003+J\000\000\000\000+J\000d4J\0000E\003\000\000\000\000\000\000\000\000\b�027�t\205\000�027Mr\005\b�\020\bef\016\bj\003\000\000Oa\017\b@�020\b\r\036\000�000\000\000!\000\000\000�000\000\000U\003\027�COct 5 15:07:35\000\030`\033\000\020\000\000\000\000\000\000\000\000\000\000I�"\000\220�027?!\000<\000\000\000?\v\033\000\004\000\000\000\000\020Z<\000\000\000\t\000\000\000i\000\000\000"... ---Type <return> to continue, or q <return> to quit--- f = (struct ast_frame *) 0x0 who = (struct ast_channel *) 0xb7034530 chan_featurecode = '\0' <repeats 11 times> peer_featurecode = '\0' <repeats 11 times> res = -1224522448 hasfeatures = 0 hadfeatures = 0 aoh = (struct ast_option_header *) 0x0 start = {tv_sec = 0, tv_usec = 0} backup_config = {features_caller = {flags = 0}, features_callee = {flags = 0}, start_time = {tv_sec = 0, tv_usec = 0}, feature_timer = 0, timelimit = 0, play_warning = 0, warning_freq = 0, warning_sound = 0x0, end_sound = 0x0, start_sound = 0x0, firstpass = 0, flags = 0} monitor_exec = 0x0 ASTERISK-1 0x00bb2d29 in try_calling (qe=0xb717e180, options=0xb717e180 "@Y\204\bdefault", announceoverride=0xb717e300 "", url=0xb717e2ff "", go_on=0xb7034530) at app_queue.c:2189 res2 = -1224452920 cur = (struct member *) 0x0 outgoing = (struct localuser *) 0x0 tmp = (struct localuser *) 0xb7034530 to = 13338 restofit = '\0' <repeats 16 times>, "�027\230\230'\000\224\022)\000\224\022)\0000�\b\204�027�\004\223�\000�\004\210\020)\0000�\bc\005\bLe\020\bX|\b\f\020)\000\024" oldexten = "s", '\0' <repeats 78 times> oldcontext = "call_center", '\0' <repeats 68 times> queuename = "call_center", '\0' <repeats 244 times> newnum = 0xb70454c8 "Zap/1-1" monitorfilename = 0xb70454c8 "Zap/1-1" peer = (struct ast_channel *) 0xb7034530 which = (struct ast_channel *) 0xb717e180 lpeer = (struct localuser *) 0xb7034530 member = (struct member *) 0xb6e0d318 res = 0 bridge = -1224522448 numbusies = 5 x = 11 announce = 0x0 digit = 0 '\0' callstart = 1128517655 now = 1128517652 bridge_config = {features_caller = {flags = 2}, features_callee = {flags = 2}, start_time = {tv_sec = 1128517655, tv_usec = 197978}, feature_timer = 0, timelimit = 0, play_warning = 0, warning_freq = 0, warning_sound = 0x0, end_sound = 0x0, start_sound = 0x0, firstpass = 0, flags = 3} nondataquality = 1 '\001' ASTERISK-2 0x00bae200 in queue_exec (chan=0xb70454c8, data=0xb717e2fc) at app_queue.c:2891 makeannouncement = 1 res = -1223171332 ringing = 0 u = (struct localuser *) 0x894b4a0 info = "call_center\000tT\000\000\0001080\000\033\000\001\000\000\000\000 ZI\000\000\000\000�000�230\230'\000|'\000I\000\000\000H�027�\032\000|'\000\000 ZI\000\000\000\233\032\000\230\230'\000I\000\000\000|'\000`�027v\032\000|'\000\000 ZI\000\000\000`y'\000\200�027�001\033\000|'\000\000 ZI\000\000\000\230\230'\000`y'\000\210�020\b�027`\f\033\000|'\000A", '\0' <repeats 11 times>, "\001\000\000\000Z\002\033\000\230\2---Type <return> to continue,or q <return> to quit--- 30'\000|'\000`y'\000�\027\230\230'\000"... info_ptr = 0xb717e301 "1080" user_priority = 0xb717e16c "" prio = 0 reason = QUEUE_UNKNOWN go_on = 0 qe = {parent = 0x8845940, moh = "default", '\0' <repeats 72 times>, announce = '\0' <repeats 79 times>, context = "queue_exit_record", '\0' <repeats 62 times>, digits = '\0' <repeats 79 times>, pos = 1, prio = 0, last_pos_said = 0, last_periodic_announce_time = 1128517652, last_pos = 0, opos = 1, handled = 1, start = 1128517652, expire = 1128518732, chan = 0xb70454c8, next = 0x0} ASTERISK-3 0x0808b3ff in pbx_extension_helper (c=0xb70454c8, con=0x0, context=0xb7045618 "call_center", exten=0xb704570c "s", priority=6, label=0x0, callerid=0x8844930 "Queue", action=0) at pbx.c:553 e = (struct ast_exten *) 0x0 sw = (struct ast_switch *) 0x0 data = 0x0 foundcontext = 0xb7045618 "call_center" newstack = 1 res = 0 status = 5 incstack = {0xb6e03238 "default", 0xb6e034e8 "outgoing", 0xb6e0eb58 "office", 0xb6e124e8 "fax", 0xb6e03178 "modem", 0xb6e0aaf0 "international", 0x1 <Address 0x1 out of bounds>, 0xb7184734 "\001", 0x855f02 "R", 0x855f50 "\030", 0x3 <Address 0x3 out of bounds>, 0x8105144 ",\nD", 0x0, 0x1 <Address 0x1 out of bounds>, 0x80480f4 <Address 0x80480f4 out of bounds>, 0x0, 0x0, 0x0, 0x22 <Address 0x22 out of bounds>, 0x0, 0xfffffffc <Address 0xfffffffc out of bounds>, 0x1 <Address 0x1 out of bounds>, 0x4 <Address 0x4 out of bounds>, 0x8105164 "\024", 0x2778a0 "", 0x0, 0x0, 0x0, 0x87d0b08 "", 0x0, 0x18 <Address 0x18 out of bounds>, 0x279898 "G\023", 0x3fc020 "\020�", 0xb718476c "G\030�%", 0x8509f0 "]�215\001�.", 0xb71847b0 "�026", 0x2545db "\213E�203�[^_]�215v", 0x3fc048 "", 0x10 <Address 0x10 out of bounds>, 0xb71847c0 "�\030T�026", 0x1 <Address 0x1 out of bounds>, 0x2545f0 "U\211�203�b\211]�_�\201�232R\002", 0x0, 0x0, 0x0, 0x0, 0x3fa0d3 "", 0x8048034 <Address 0x8048034 out of bounds>, 0x279898 "G\023", 0x1 <Address 0x1 out of bounds>, 0xb7184ac4 "\\{\205", 0xb71847c0 "�\030T�026", 0x16cbb1 "�", '\220' <repeats 13 times>, "U\211�VS�022�\201��020", 0xb7184ac4 "\\{\205", 0xfffff7c0 <Address 0xfffff7c0 out of bounds>, 0x279898 "G\023", 0xb71847e0 "\fH\030\\6\205", 0x16cb54 '\220' <repeats 12 times>, "\213L$\004\213D$\b\213Q\024\213Y", 0xb7184ac4 "\\{\205", 0x1 <Address 0x1 out of bounds>, 0x0, 0x857b5c "X�, 0x1 <Address 0x1 out of bounds>, 0xb7184ac4 "\\{\205", 0xb718480c "\fI\030\221\225L", 0x85365c "\215t&", 0xb7184ac4 "\\{\205", 0x1 <Address 0x1 out of bounds>, 0x4c8c9c "\203�020\205�211�017\204�, 0x808cc5b "\215t&", 0xb7185000 <Address 0xb7185000 out of bounds>, 0x1 <Address 0x1 out of bounds>, 0x857b5c "X�, 0x5 <Address 0x5 out of bounds>, 0xb7184934 "\030J\030", 0xb718490c "\fW\004\006", 0x4c9591 "\203�\205:\002", 0x1 <Address 0x1 out of bounds>, 0x1a <Address 0x1a out of bounds>, 0xb7184ac4 "\\{\205", 0x0, 0xb7184dd0 "�\030", 0xb7184934 "\030J\030", 0xb7184ac4 "\\{\205", 0x2 <Address 0x2 out of bounds>, 0xffffffe4 <Address 0xffffffe4 out of bounds>, 0xb7184844 "", 0xb7184ac4 "\\{\205", 0x853540 "U\211�203�e\b", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb7184ac4 "\\{\205", 0x809c24c "\205�017\204^\002", 0xb7184891 "1639145", 0x0, 0x4f <Address 0x4f out of bounds>, 0x0, 0x0, 0x0, 0x0, 0x0, 0x33363132 <Address 0x33363132 out of bounds>, 0x35343139 <Address 0x35343139 out of bounds>, 0x0 <repeats 13 times>, 0x809bde5 "\213T$\030\213L$\034\211\223\200\002", 0xb71848e8 "\021�CPI\030�\004\030V\004\006", 0x0, 0x0, 0x0} passdata = "call_center|tT|||1080", '\0' <repeats 8170 times> stacklen = 0 tmp = "Queue\000ck\000imeout\000in", '\0' <repeats 61 times> tmp2 = "Zap/1-1\000950f\000l_center-b3cb,2", '\0' <repeats 51 times> tmp3 = "call_center|tT|||1080\000welcome\0001005-150729\000|\000>-20051005-145510", '\0' <repeats 159 times>, "\2344!\000\230\230'\000�"\033\000s\n\033\000\000\020\000\000\230\230'\000�000\222\b�a\030E\032\000�000\222\b\000 \020\0000\020\001\000\000\000\000\000\000\000\000\t\000\000\000\000\000\000\000\000\000\000~\003\000\201\000\000\002", '\0' <repeats 23 times>, "0\000\000\000\000\000\000\000\000\020\000\000\b\000\000\000\000\000\000\000\234�C\000\000\000\000�022\223B\000\000\000\000�022"... atmp = '\0' <repeats 79 times> atmp2 = '\0' <repeats 8291 times> ASTERISK-4 0x0808c004 in __ast_pbx_run (c=0xb70454c8) at pbx.c:2151 ---Type <return> to continue, or q <return> to quit--- digit = 0 exten = '\0' <repeats 255 times> pos = 0 waittime = -1223145136 res = 0 ASTERISK-5 0x0808cc29 in pbx_thread (data=0xb70454c8) at pbx.c:2438 No locals. ASTERISK-6 0x0084edec in start_thread () from /lib/tls/libpthread.so.0 No symbol table info available. ASTERISK-7 0x00221a2a in clone () from /lib/tls/libc.so.6 No symbol table info available. | ||
| Comments: | By: Olle Johansson (oej) 2005-10-06 04:34:12 Please add such extensive information as an attachment to the bug report, thank you. Can you please try with latest cvs head? By: Wallace Wadge (wwadge) 2005-10-07 04:38:40 Ok trying it out - might take a couple of days for the bug to show up again. It won't harm to add a test to this line in chan_agent.c (it's where it was segfaulting): from: if (!p->ackcall && !p->acknowledged && p->chan->_state == AST_STATE_UP) to if (!p->ackcall && !p->acknowledged && p->chan && p->chan->_state == AST_STATE_UP) By: Mark Spencer (markster) 2005-10-11 18:36:03 Any luck with it? By: Wallace Wadge (wwadge) 2005-10-13 04:43:44 Ok so far we've had no further crashes regarding this bug. I did have another crash (+ stacktrace) but that seems to have disappeared too with the cvs update. By: Mark Spencer (markster) 2005-10-13 12:35:25 Fixed in CVS head, thanks! By: Digium Subversion (svnbot) 2008-01-15 15:50:41.000-0600 Repository: asterisk Revision: 6757 U trunk/channels/chan_agent.c ------------------------------------------------------------------------ r6757 | markster | 2008-01-15 15:50:41 -0600 (Tue, 15 Jan 2008) | 2 lines Fix seg in chan_agent (bug ASTERISK-5256) ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=6757 | ||