| Summary: | ASTERISK-09967: Crash on ast_openstream on disconnected (at that moment) channel | ||
| Reporter: | Anton Fedorov (datacompboy) | Labels: | |
| Date Opened: | 2007-07-26 23:52:17 | Date Closed: | 2007-10-29 14:56:19 |
| Priority: | Minor | Regression? | No |
| Status: | Closed/Complete | Components: | Core/General |
| Versions: | Frequency of Occurrence | ||
| Related Issues: | |||
| Environment: | Attachments: | ( 0) astcrash.log.bz2 | |
| Description: | (gdb) backtrace #0 0x000000000044bb0d in ast_closestream () #1 0x000000000044be75 in ast_stopstream () #2 0x000000000044dbb5 in ast_openstream_full () #3 0x00002aaac3a64c45 in basic_play_sound (member=0x8075b0, file=0x8242c0 "ps/default/client-leave", mute=0) at conference.c:2807 #4 0x00002aaac3a61b54 in remove_member (member=0x824580, conf=0x8063e0) at conference.c:985 ASTERISK-1 0x00002aaac3a6aa09 in member_process_spoken_frames (conf=0x8063e0, member=0x824580, spoken_frames=0x4086f038, time_diff=23, listener_count=0x4086f030, speaker_count=0x4086f034) at member.c:3249 ASTERISK-2 0x00002aaac3a606c4 in conference_exec (conf=0x8063e0) at conference.c:206 ASTERISK-3 0x000000000049221c in ?? () ASTERISK-4 0x00002b8300296317 in start_thread () from /lib/libpthread.so.0 ASTERISK-5 0x00002b8300c6faad in clone () from /lib/libc.so.6 | ||
| Comments: | By: Anton Fedorov (datacompboy) 2007-07-26 23:53:16 i can attach core if that will help. or see something if you say how By: Joshua C. Colp (jcolp) 2007-07-27 11:26:54 I'm closing this bug out since it appears to be an issue with app_conference. Please follow up using their bug tracker. By: Anton Fedorov (datacompboy) 2007-09-19 08:58:50 Sorry, but I still think that this issue relate to asterisk. Let me describe: #0 0x000000000044bb0d in ast_closestream (f=0x8557d0) at file.c:715 cmd = <value optimized out> size = <value optimized out> #1 0x000000000044d6bc in ast_filehelper (filename=0x4099ad80 "ps/default/client-leave", arg2=0x855730, fmt=0x0, action=ACTION_OPEN) at file.c:423 bfile = (FILE *) 0x86d850 s = (struct ast_filestream *) 0x8bd2e0 f = (struct ast_format *) 0x817b70 res = -1 __PRETTY_FUNCTION__ = "ast_filehelper" #2 0x000000000044dbf8 in ast_openstream_full (chan=0x855730, filename=0x842da0 "ps/default/client-leave", preflang=0x4ba54f "", asis=<value optimized out>) at file.c:569 fmts = <value optimized out> res = <value optimized out> buflen = <value optimized out> buf = 0x855790 "\032" __PRETTY_FUNCTION__ = "ast_openstream_full" was called ast_openstream_full when chan going to hangup. file.c:715 is in int ast_closestream(struct ast_filestream *f) (called with non-zero, correct ast_filestrem!) line 715 is if (f->fmt->format < AST_FORMAT_MAX_AUDIO) { so, we have situation when f->fmt are now zero, while we have tested only if (f->owner). I think, there should be or check for f->fmt nonzero, or << struct ast_format *fmt; /* need to write to the lock and usecnt */ >> but there no lock used, as i see. or i misunderstand something? this situation ONLY when call to ast_openstream_full on channel that just going to hangup (but I have not get info about it). I can provide core dumps (have 4 dumps). Attached output of gdb /usr/sbin/asterisk --se=/usr/lib/debug/usr/sbin/asterisk core.ps40-2007-09-19T08\:11\:08+0200 <<END >astcrash.log && bzip2 -9 astcrash.log && mv astcrash.log.bz2 /home/ps40 bt full info thread thread apply all bt full quit END By: Joshua C. Colp (jcolp) 2007-10-29 14:56:19 Like I said, this is an underlying issue in app_conference. It should not be calling ast_openstream on a channel like this without holding the channel lock (which would prevent the channel from going away while ast_openstream is being called on it). Simply checking for the presence of f->fmt is not the fix as it is not being protected. | ||