| Summary: | ASTERISK-12523: [patch] Execute Playtones(Busy) from AGI and Asterisk crash | ||
| Reporter: | Joel Vandal (jvandal) | Labels: | |
| Date Opened: | 2008-08-05 11:11:43 | Date Closed: | 2008-09-15 16:19:52 |
| Priority: | Critical | Regression? | No |
| Status: | Closed/Complete | Components: | Core/Channels |
| Versions: | Frequency of Occurrence | ||
| Related Issues: | |||
| Environment: | Attachments: | ( 0) 20080813__bug13240.diff.txt ( 1) bt13240.txt | |
| Description: | I have an AGi that execute the Playtones(busy) application and when I dial this exten from IAX phone (Zoiper), asterisk crash. If I dial from a SIP phone, all work as expected. ****** ADDITIONAL INFORMATION ****** -- AGI Script Executing Application: (Playtones) Options: (busy) [Aug 5 12:14:28] WARNING[30838]: translate.c:86 powerof: No bits set? 0 drummondville*CLI> Disconnected from Asterisk server | ||
| Comments: | By: Mark Michelson (mmichelson) 2008-08-05 19:47:54 Just using your backtrace, it appears as though the voice frame passed to ast_slinfactory_feed has a subclass of 0. This mean that the frame has no format associated with it. This causes ast_translator_build_path to attempt to access a negative array index, thus causing a crash. The question, then, is why there is no format associated with the voice frame. The frame is generated in ast_prod(), where a voice frame with format equal to the channel's "rawwriteformat" is written. I would guess, then, that the rawwriteformat of the channel is 0, which seems as though it should not be possible. The first thing that would be helpful would be to confirm that this is the case. For some reason, symbol table info isn't available for functions near the top of the stack in your backtrace, and frame 10 appears to be the closest frame to the top that has information. Please open the core dump in gdb, and issue the following two commands: f 10 p chan->rawwriteformat If what I've said is correct, then gdb should display "0" for the value of chan->rawwriteformat. Also, what type of channel is the AGI being executed on? *EDIT* I see you mentioned in the report that the failure occurs on an IAX channel. *EDIT* By: Tilghman Lesher (tilghman) 2008-08-05 22:14:49 I'm thinking memory corruption, possibly related to running out of C stack space. Both Macro and AGI are rather hungry for stack, relative to other apps. We can fix the direct cause of the crash, but there's less we can do about the memory corruption without running Asterisk under valgrind and finding the root cause of that. If the C stack is the culprit, we might look into giving you the opportunity to use more stack per thread, or reducing the stack footprint of AGI and/or Macro. By: Digium Subversion (svnbot) 2008-08-05 22:16:28 Repository: asterisk Revision: 135915 U branches/1.4/main/translate.c ------------------------------------------------------------------------ r135915 | tilghman | 2008-08-05 22:16:27 -0500 (Tue, 05 Aug 2008) | 4 lines Since powerof() can return an error condition, it's foolhardy not to detect and deal with that condition. (Related to issue ASTERISK-12523) ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=135915 By: Joel Vandal (jvandal) 2008-08-06 07:19:35 putnopvut, exact, the return value is 0 #0 0x080fe28f in newpvt () (gdb) f 10 ASTERISK-6 0xb7c4d72e in handle_playtones (chan=0xa19baf8, data=0xb64556df) at res_indications.c:208 208 res_indications.c: No such file or directory. in res_indications.c (gdb) p chan->rawwriteformat $1 = 0 I have test the new patch and now I heard the busy tone on IAX phone (Zoiper) and no crash. This issue is fixed. Aug 6 08:26:40] WARNING[10351]: translate.c:86 powerof: No bits set? 0 [Aug 6 08:26:40] WARNING[10351]: translate.c:278 ast_translator_build_path: No translator path: (starting codec is not valid) [Aug 6 08:26:40] WARNING[10351]: slinfactory.c:70 ast_slinfactory_feed: Cannot build a path from unknown to slin By: Mark Michelson (mmichelson) 2008-08-06 09:46:34 The error handling certainly does prevent a crash, but what seems more important is figuring out why the codec to be translated had an invalid value in the first place. Corydon76 brings up a good point about potential memory corruption, but what bothers me is the fact that this crash did not occur when using a SIP phone. The backtrace does not indicate any channel-specific functions on the stack, leading me to believe that if stack space were the issue, the crash would occur with either a SIP or an IAX device. Going back to my original idea about the rawwriteformat being invalid, I did a grep of the source and found that most channel drivers set the channel's rawwriteformat when a new channel is created. chan_iax2 does not do this and, in fact, never sets the rawwriteformat for a created channel. This may actually be the source of the issue here. I will run some tests locally since this should be easy to reproduce if this is the case. By: Joel Vandal (jvandal) 2008-08-12 08:36:45 I confirm that the commited patch fix crash problem and this ticket can be closed. By: Tilghman Lesher (tilghman) 2008-08-12 10:03:00 I am purposefully leaving this issue open, so we can look into the root cause of this problem. putnopvut is on vacation this week, so it's next week at the earliest that this can be closed. By: Tilghman Lesher (tilghman) 2008-08-13 12:44:30 This should fix everything, getting rid of that error message I introduced when building this patch. By: Digium Subversion (svnbot) 2008-09-15 16:19:49 Repository: asterisk Revision: 143140 U branches/1.4/channels/chan_iax2.c ------------------------------------------------------------------------ r143140 | tilghman | 2008-09-15 16:19:49 -0500 (Mon, 15 Sep 2008) | 6 lines Set the raw formats at the same time as the other formats. (closes issue ASTERISK-12523) Reported by: jvandal Patches: 20080813__bug13240.diff.txt uploaded by Corydon76 (license 14) ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=143140 | ||