[Home]

Summary:ASTERISK-14203: double free or corruption (!prev) in moh_files_generator
Reporter:Benny Amorsen (amorsen)Labels:
Date Opened:2009-05-26 08:46:50Date Closed:2009-09-08 13:29:23
Priority:BlockerRegression?No
Status:Closed/CompleteComponents:Resources/res_musiconhold
Versions:Frequency of
Occurrence
Related
Issues:
Environment:Attachments:
Description:#0  0x00007f049bf54f05 in raise (sig=<value optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1  0x00007f049bf56a73 in abort () at abort.c:88
#2  0x00007f049bf94438 in __libc_message (do_abort=2, fmt=0x7f049c05e428 "*** glibc detected *** %s: %s: 0x%s ***\n") at ../sysdeps/unix/sysv/linux/libc_fatal.c:170
#3  0x00007f049bf99ec8 in malloc_printerr (action=2, str=0x7f049c05e530 "double free or corruption (!prev)", ptr=<value optimized out>) at malloc.c:5994
#4  0x00007f049bf9c486 in __libc_free (mem=0x7f049c054880) at malloc.c:3625
ASTERISK-1  0x00007f049bf89f21 in _IO_new_fclose (fp=0x8dce60) at iofclose.c:88
ASTERISK-2  0x000000000046aa9d in filestream_destructor (arg=0x8c6d18) at file.c:321
ASTERISK-3  0x000000000042f9aa in ao2_ref (user_data=0x8c6d18, delta=5926) at astobj2.c:227
ASTERISK-4  0x0000000000470e05 in ast_frame_free (fr=0x1239, cache=1) at frame.c:349
ASTERISK-5  0x00007f0498a458ab in moh_files_generator (chan=0x97a7f0, data=<value optimized out>, len=<value optimized out>, samples=<value optimized out>) at res_musiconhold.c:302
ASTERISK-6 0x000000000043de6e in ast_read_generator_actions (chan=0x97a7f0, f=0x8b9ca0) at channel.c:2448
ASTERISK-7 0x0000000000441fe8 in __ast_read (chan=0x97a7f0, dropaudio=0) at channel.c:2900
ASTERISK-8 0x00000000004446f0 in ast_generic_bridge () at channel.c:4482
ASTERISK-9 ast_channel_bridge (c0=0x97a7f0, c1=0x8be2a0, config=0x7f0482ae3dd0, fo=0x7f0482ae31b0, rc=0x7f0482ae31a8) at channel.c:4850
ASTERISK-10 0x0000000000466894 in ast_bridge_call (chan=0x97a7f0, peer=0x8be2a0, config=0x7f0482ae3dd0) at features.c:2278
ASTERISK-11 0x00007f04857065a4 in dial_exec_full (chan=0x97a7f0, data=<value optimized out>, peerflags=0x7f0482ae4860, continue_exec=0x0) at app_dial.c:1911
ASTERISK-12 0x00007f0485708986 in dial_exec (chan=0x1239, data=0x1726) at app_dial.c:1967
ASTERISK-13 0x000000000049255f in pbx_exec (c=0x97a7f0, app=0x7f04940ce7e0, data=0x7f0482ae6d60) at pbx.c:942
ASTERISK-14 0x0000000000496876 in pbx_extension_helper (c=0x97a7f0, con=<value optimized out>, context=0x97aa48 "DialLine", exten=0x97aa98 "792-0013d18009f0-5", priority=19, label=0x0,
   callerid=0x7f04740b2fc0 "20126438", action=E_SPAWN, found=0x7f0482ae8ecc, combined_find_spawn=1) at pbx.c:3111
ASTERISK-15 0x0000000000496d30 in ast_spawn_extension (c=0x1239, context=<value optimized out>, exten=<value optimized out>, priority=<value optimized out>, callerid=<value optimized out>,
   found=<value optimized out>, combined_find_spawn=1) at pbx.c:3614
ASTERISK-16 0x000000000049771f in __ast_pbx_run (c=0x97a7f0, args=0x0) at pbx.c:3701
ASTERISK-17 0x00000000004987db in pbx_thread (data=0x1239) at pbx.c:3974
ASTERISK-18 0x00000000004ce37e in dummy_start (data=<value optimized out>) at utils.c:861
ASTERISK-19 0x00007f049b9053da in start_thread (arg=<value optimized out>) at pthread_create.c:297
ASTERISK-20 0x00007f049c0082bd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112


****** ADDITIONAL INFORMATION ******

It is not entirely clear what the call scenario is, but this is our best guess:

Queue gets called with a number of Local/whatever agents. Asterisk tries to dial one of those agents while playing music on hold. When Asterisk died, the last line it attempted to execute was:

exten => _X!,n,Dial(SIP/${EXTEN},,)

where ${EXTEN} is a SIP peer.

Comments:By: Leif Madsen (lmadsen) 2009-05-26 09:32:09

Can you please provide a backtrace with DONT_OPTIMIZE enabled in menuselect, then reinstall Asterisk? The values are optimized out of the backtrace currently, which makes it mostly useless.

Thanks!
By: Benny Amorsen (amorsen) 2009-05-26 15:01:40

Sorry, it is unlikely that I can reproduce it. I will make a note if it happens again.
By: Digium Subversion (svnbot) 2009-06-18 10:24:36

Repository: asterisk
Revision: 201600

U   branches/1.4/res/res_musiconhold.c

------------------------------------------------------------------------
r201600 | russell | 2009-06-18 10:24:31 -0500 (Thu, 18 Jun 2009) | 29 lines

Fix memory corruption and leakage related reloads of non files mode MoH classes.

For Music on Hold classes that are not files mode, meaning that we are executing
an application that will feed us audio data, we use a thread to monitor the
external application and read audio from it.  This thread also makes use of the
MoH class object.  In the MoH class destructor, we used pthread_cancel() to ask
the thread to exit.  Unfortunately, the code did not wait to ensure that the
thread actually went away.  What needed to be done is a pthread_join() to ensure
that the thread fully cleans up before we proceed.  By adding this one line, we
resolve two significant problems:

 1) Since the thread was never joined, it never fully goes away.  So, on every
    reload of non-files mode MoH, an unused thread was sticking around.

 2) There was a race condition here where the application monitoring thread
    could still try to access the MoH class, even though the thread executing
    the MoH reload has already destroyed it.

(issue ASTERISK-14129)
Reported by: jvandal

(issue ASTERISK-14141)
Reported by: axisinternet

(issue ASTERISK-14203)
Reported by: amorsen

(issue AST-208)

------------------------------------------------------------------------

http://svn.digium.com/view/asterisk?view=rev&revision=201600
By: Russell Bryant (russell) 2009-06-18 10:26:22

Please give that patch a try and let me know if it makes the crashes go away.
By: Digium Subversion (svnbot) 2009-06-18 10:27:15

Repository: asterisk
Revision: 201610

_U  trunk/
U   trunk/res/res_musiconhold.c

------------------------------------------------------------------------
r201610 | russell | 2009-06-18 10:27:10 -0500 (Thu, 18 Jun 2009) | 36 lines

Merged revisions 201600 via svnmerge from
https://origsvn.digium.com/svn/asterisk/branches/1.4

........
 r201600 | russell | 2009-06-18 10:24:31 -0500 (Thu, 18 Jun 2009) | 29 lines
 
 Fix memory corruption and leakage related reloads of non files mode MoH classes.
 
 For Music on Hold classes that are not files mode, meaning that we are executing
 an application that will feed us audio data, we use a thread to monitor the
 external application and read audio from it.  This thread also makes use of the
 MoH class object.  In the MoH class destructor, we used pthread_cancel() to ask
 the thread to exit.  Unfortunately, the code did not wait to ensure that the
 thread actually went away.  What needed to be done is a pthread_join() to ensure
 that the thread fully cleans up before we proceed.  By adding this one line, we
 resolve two significant problems:
 
   1) Since the thread was never joined, it never fully goes away.  So, on every
      reload of non-files mode MoH, an unused thread was sticking around.
 
   2) There was a race condition here where the application monitoring thread
      could still try to access the MoH class, even though the thread executing
      the MoH reload has already destroyed it.
 
 (issue ASTERISK-14129)
 Reported by: jvandal
 
 (issue ASTERISK-14141)
 Reported by: axisinternet
 
 (issue ASTERISK-14203)
 Reported by: amorsen
 
 (issue AST-208)
........

------------------------------------------------------------------------

http://svn.digium.com/view/asterisk?view=rev&revision=201610
By: Digium Subversion (svnbot) 2009-06-18 10:32:43

Repository: asterisk
Revision: 201612

_U  branches/1.6.0/
U   branches/1.6.0/res/res_musiconhold.c

------------------------------------------------------------------------
r201612 | russell | 2009-06-18 10:32:38 -0500 (Thu, 18 Jun 2009) | 43 lines

Merged revisions 201610 via svnmerge from
https://origsvn.digium.com/svn/asterisk/trunk

................
 r201610 | russell | 2009-06-18 10:27:10 -0500 (Thu, 18 Jun 2009) | 36 lines
 
 Merged revisions 201600 via svnmerge from
 https://origsvn.digium.com/svn/asterisk/branches/1.4
 
 ........
   r201600 | russell | 2009-06-18 10:24:31 -0500 (Thu, 18 Jun 2009) | 29 lines
   
   Fix memory corruption and leakage related reloads of non files mode MoH classes.
   
   For Music on Hold classes that are not files mode, meaning that we are executing
   an application that will feed us audio data, we use a thread to monitor the
   external application and read audio from it.  This thread also makes use of the
   MoH class object.  In the MoH class destructor, we used pthread_cancel() to ask
   the thread to exit.  Unfortunately, the code did not wait to ensure that the
   thread actually went away.  What needed to be done is a pthread_join() to ensure
   that the thread fully cleans up before we proceed.  By adding this one line, we
   resolve two significant problems:
   
     1) Since the thread was never joined, it never fully goes away.  So, on every
        reload of non-files mode MoH, an unused thread was sticking around.
   
     2) There was a race condition here where the application monitoring thread
        could still try to access the MoH class, even though the thread executing
        the MoH reload has already destroyed it.
   
   (issue ASTERISK-14129)
   Reported by: jvandal
   
   (issue ASTERISK-14141)
   Reported by: axisinternet
   
   (issue ASTERISK-14203)
   Reported by: amorsen
   
   (issue AST-208)
 ........
................

------------------------------------------------------------------------

http://svn.digium.com/view/asterisk?view=rev&revision=201612
By: Digium Subversion (svnbot) 2009-06-18 10:36:16

Repository: asterisk
Revision: 201613

_U  branches/1.6.1/
U   branches/1.6.1/res/res_musiconhold.c

------------------------------------------------------------------------
r201613 | russell | 2009-06-18 10:36:11 -0500 (Thu, 18 Jun 2009) | 43 lines

Merged revisions 201610 via svnmerge from
https://origsvn.digium.com/svn/asterisk/trunk

................
 r201610 | russell | 2009-06-18 10:27:10 -0500 (Thu, 18 Jun 2009) | 36 lines
 
 Merged revisions 201600 via svnmerge from
 https://origsvn.digium.com/svn/asterisk/branches/1.4
 
 ........
   r201600 | russell | 2009-06-18 10:24:31 -0500 (Thu, 18 Jun 2009) | 29 lines
   
   Fix memory corruption and leakage related reloads of non files mode MoH classes.
   
   For Music on Hold classes that are not files mode, meaning that we are executing
   an application that will feed us audio data, we use a thread to monitor the
   external application and read audio from it.  This thread also makes use of the
   MoH class object.  In the MoH class destructor, we used pthread_cancel() to ask
   the thread to exit.  Unfortunately, the code did not wait to ensure that the
   thread actually went away.  What needed to be done is a pthread_join() to ensure
   that the thread fully cleans up before we proceed.  By adding this one line, we
   resolve two significant problems:
   
     1) Since the thread was never joined, it never fully goes away.  So, on every
        reload of non-files mode MoH, an unused thread was sticking around.
   
     2) There was a race condition here where the application monitoring thread
        could still try to access the MoH class, even though the thread executing
        the MoH reload has already destroyed it.
   
   (issue ASTERISK-14129)
   Reported by: jvandal
   
   (issue ASTERISK-14141)
   Reported by: axisinternet
   
   (issue ASTERISK-14203)
   Reported by: amorsen
   
   (issue AST-208)
 ........
................

------------------------------------------------------------------------

http://svn.digium.com/view/asterisk?view=rev&revision=201613
By: Digium Subversion (svnbot) 2009-06-18 10:40:22

Repository: asterisk
Revision: 201614

_U  branches/1.6.2/
U   branches/1.6.2/res/res_musiconhold.c

------------------------------------------------------------------------
r201614 | russell | 2009-06-18 10:40:16 -0500 (Thu, 18 Jun 2009) | 43 lines

Merged revisions 201610 via svnmerge from
https://origsvn.digium.com/svn/asterisk/trunk

................
 r201610 | russell | 2009-06-18 10:27:10 -0500 (Thu, 18 Jun 2009) | 36 lines
 
 Merged revisions 201600 via svnmerge from
 https://origsvn.digium.com/svn/asterisk/branches/1.4
 
 ........
   r201600 | russell | 2009-06-18 10:24:31 -0500 (Thu, 18 Jun 2009) | 29 lines
   
   Fix memory corruption and leakage related reloads of non files mode MoH classes.
   
   For Music on Hold classes that are not files mode, meaning that we are executing
   an application that will feed us audio data, we use a thread to monitor the
   external application and read audio from it.  This thread also makes use of the
   MoH class object.  In the MoH class destructor, we used pthread_cancel() to ask
   the thread to exit.  Unfortunately, the code did not wait to ensure that the
   thread actually went away.  What needed to be done is a pthread_join() to ensure
   that the thread fully cleans up before we proceed.  By adding this one line, we
   resolve two significant problems:
   
     1) Since the thread was never joined, it never fully goes away.  So, on every
        reload of non-files mode MoH, an unused thread was sticking around.
   
     2) There was a race condition here where the application monitoring thread
        could still try to access the MoH class, even though the thread executing
        the MoH reload has already destroyed it.
   
   (issue ASTERISK-14129)
   Reported by: jvandal
   
   (issue ASTERISK-14141)
   Reported by: axisinternet
   
   (issue ASTERISK-14203)
   Reported by: amorsen
   
   (issue AST-208)
 ........
................

------------------------------------------------------------------------

http://svn.digium.com/view/asterisk?view=rev&revision=201614
By: Benny Amorsen (amorsen) 2009-06-18 10:57:45

a) How do I get the patch? I can't find it attached to any of the bugs.
b) Does the fact that files mode was in use for music on hold imply that the patch won't help?

*CLI> moh show classes
Class: default
Mode: files
Directory: /usr/share/asterisk/moh
*CLI> moh show files
Class: default
File: /usr/share/asterisk/moh/fpm-sunshine
File: /usr/share/asterisk/moh/fpm-calm-river
File: /usr/share/asterisk/moh/fpm-world-mix
By: Russell Bryant (russell) 2009-06-18 11:52:51

a) You'll have to pull it from svn.

Either run the latest code:

$ svn co http://svn.digium.com/svn/asterisk/branches/1.6.0 asterisk-1.6.0-svn

or grab the patch:

$ svn diff -c 201612 http://svn.digium.com/svn/asterisk/branches/1.6.0 > diff.txt

b) Probably.  :-(  I could see MoH monitoring threads running in the debug output from the other 2 open bugs.  On this one, I couldn't tell.
By: Benny Amorsen (amorsen) 2009-06-19 02:46:45

It would be handy if Mantis would automatically put in "svn diff -c 201612 http://svn.digium.com/svn/asterisk/branches/1.6.0" instead of the rather useless links to the disabled ViewVC.

Anyway, I still have the core dump and the packages, so if you want me to do more analysis on the core dump, just tell me what to do.

I'm going to build new packages of 1.6.1.1 + the patch and put those in production. There hasn't been any related crashes of the unpatched servers since the original one though, so it will be hard to tell whether the patch helps.
By: Russell Bryant (russell) 2009-06-19 08:30:46

If you still have the core dump around, I suppose the output of "(gdb) thread apply all bt" could be useful.  I'd like to see what else was going on at the time of the crash in case I can find a hint in there.
By: Benny Amorsen (amorsen) 2009-06-19 10:36:00

(gdb) thread apply all bt

Thread 19 (process 4666):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:261
#1  0x000000000045ccd7 in ast_cond_wait () at /usr/src/debug/asterisk-1.6.0.9/include/asterisk/lock.h:802
#2  ast_event_dispatcher (unused=<value optimized out>) at event.c:762
#3  0x00000000004ce37e in dummy_start (data=<value optimized out>) at utils.c:861
#4  0x00007f049b9053da in start_thread (arg=<value optimized out>) at pthread_create.c:297
ASTERISK-1  0x00007f049c0082bd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112

Thread 18 (process 4667):
#0  0x00007f049bffe886 in __poll (fds=0x7f049ca19f60, nfds=1, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:87
#1  0x0000000000428445 in listener (unused=<value optimized out>) at asterisk.c:1062
#2  0x00000000004ce37e in dummy_start (data=<value optimized out>) at utils.c:861
#3  0x00007f049b9053da in start_thread (arg=<value optimized out>) at pthread_create.c:297
#4  0x00007f049c0082bd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
Current language:  auto; currently asm

Thread 17 (process 4668):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:261
#1  0x000000000047d8d9 in ast_cond_wait () at /usr/src/debug/asterisk-1.6.0.9/include/asterisk/lock.h:802
#2  logger_thread (data=<value optimized out>) at logger.c:888
#3  0x00000000004ce37e in dummy_start (data=<value optimized out>) at utils.c:861
#4  0x00007f049b9053da in start_thread (arg=<value optimized out>) at pthread_create.c:297
ASTERISK-1  0x00007f049c0082bd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
Current language:  auto; currently c

Thread 16 (process 4670):
#0  0x00007f049bffe886 in __poll (fds=0x7f049c9a1f80, nfds=1, timeout=5000) at ../sysdeps/unix/sysv/linux/poll.c:87
#1  0x00000000004cfcb5 in ast_wait_for_input (fd=<value optimized out>, ms=<value optimized out>) at utils.c:950
#2  0x00000000004c4eec in ast_tcptls_server_root (data=0x72f180) at tcptls.c:134
#3  0x00000000004ce37e in dummy_start (data=<value optimized out>) at utils.c:861
#4  0x00007f049b9053da in start_thread (arg=<value optimized out>) at pthread_create.c:297
ASTERISK-1  0x00007f049c0082bd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
Current language:  auto; currently asm

Thread 15 (process 4671):
#0  pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:217
#1  0x000000000043731d in ast_cond_timedwait () at /usr/src/debug/asterisk-1.6.0.9/include/asterisk/lock.h:807
#2  do_cdr (data=<value optimized out>) at cdr.c:1270
#3  0x00000000004ce37e in dummy_start (data=<value optimized out>) at utils.c:861
#4  0x00007f049b9053da in start_thread (arg=<value optimized out>) at pthread_create.c:297
ASTERISK-1  0x00007f049c0082bd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
Current language:  auto; currently c

Thread 14 (process 4672):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:261
#1  0x0000000000453fff in ast_cond_wait () at /usr/src/debug/asterisk-1.6.0.9/include/asterisk/lock.h:802
#2  do_devstate_changes (data=<value optimized out>) at devicestate.c:509
#3  0x00000000004ce37e in dummy_start (data=<value optimized out>) at utils.c:861
#4  0x00007f049b9053da in start_thread (arg=<value optimized out>) at pthread_create.c:297
ASTERISK-1  0x00007f049c0082bd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
Current language:  auto; currently asm

Thread 13 (process 4673):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:261
#1  0x000000000048cebf in ast_cond_wait () at /usr/src/debug/asterisk-1.6.0.9/include/asterisk/lock.h:802
#2  device_state_thread (data=<value optimized out>) at pbx.c:3344
#3  0x00000000004ce37e in dummy_start (data=<value optimized out>) at utils.c:861
#4  0x00007f049b9053da in start_thread (arg=<value optimized out>) at pthread_create.c:297
ASTERISK-1  0x00007f049c0082bd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112

Thread 12 (process 4674):
#0  0x00007f049c000aa2 in select () from /lib64/libc.so.6
#1  0x0000000000464ad0 in ast_select () at /usr/src/debug/asterisk-1.6.0.9/include/asterisk/channel.h:1644
#2  do_parking_thread (ignore=<value optimized out>) at features.c:2856
#3  0x00000000004ce37e in dummy_start (data=<value optimized out>) at utils.c:861
#4  0x00007f049b9053da in start_thread (arg=<value optimized out>) at pthread_create.c:297
ASTERISK-1  0x00007f049c0082bd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112

Thread 11 (process 4675):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:261
#1  0x00007f048a6b34c2 in ast_cond_wait () at /usr/src/debug/asterisk-1.6.0.9/include/asterisk/lock.h:802
#2  device_state_thread (data=<value optimized out>) at app_queue.c:801
#3  0x00000000004ce37e in dummy_start (data=<value optimized out>) at utils.c:861
#4  0x00007f049b9053da in start_thread (arg=<value optimized out>) at pthread_create.c:297
ASTERISK-1  0x00007f049c0082bd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
Current language:  auto; currently c

Thread 10 (process 4676):
#0  0x00007f049bffe886 in __poll (fds=0x75bf00, nfds=1, timeout=199) at ../sysdeps/unix/sysv/linux/poll.c:87
#1  0x00000000004776f0 in ast_io_wait (ioc=0x75bed0, howlong=-516) at io.c:275
#2  0x00007f048a03eb30 in do_monitor (data=<value optimized out>) at chan_sip.c:19446
#3  0x00000000004ce37e in dummy_start (data=<value optimized out>) at utils.c:861
#4  0x00007f049b9053da in start_thread (arg=<value optimized out>) at pthread_create.c:297
ASTERISK-1  0x00007f049c0082bd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
Current language:  auto; currently asm

Thread 9 (process 4677):
#0  0x00007f049bfc9f81 in nanosleep () from /lib64/libc.so.6
#1  0x00007f0487d7e5cc in scan_thread (unused=<value optimized out>) at pbx_spool.c:453
#2  0x00000000004ce37e in dummy_start (data=<value optimized out>) at utils.c:861
#3  0x00007f049b9053da in start_thread (arg=<value optimized out>) at pthread_create.c:297
#4  0x00007f049c0082bd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
Current language:  auto; currently c

Thread 8 (process 4678):
#0  0x00007f049c000aa2 in select () from /lib64/libc.so.6
#1  0x00007f04832bb0c5 in ast_select () at /usr/src/debug/asterisk-1.6.0.9/include/asterisk/channel.h:1644
#2  do_monitor (data=<value optimized out>) at chan_phone.c:1076
#3  0x00000000004ce37e in dummy_start (data=<value optimized out>) at utils.c:861
#4  0x00007f049b9053da in start_thread (arg=<value optimized out>) at pthread_create.c:297
ASTERISK-1  0x00007f049c0082bd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112

Thread 7 (process 4712):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:261
#1  0x0000000000432704 in ast_cond_wait () at /usr/src/debug/asterisk-1.6.0.9/include/asterisk/lock.h:802
#2  autoservice_run (ign=<value optimized out>) at autoservice.c:91
#3  0x00000000004ce37e in dummy_start (data=<value optimized out>) at utils.c:861
#4  0x00007f049b9053da in start_thread (arg=<value optimized out>) at pthread_create.c:297
ASTERISK-1  0x00007f049c0082bd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112

Thread 6 (process 5369):
#0  0x00007f049bffe886 in __poll (fds=0x7f0482b60db0, nfds=2, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:87
#1  0x0000000000429a4b in netconsole (vconsole=0x74bc40) at asterisk.c:1015
#2  0x00000000004ce37e in dummy_start (data=<value optimized out>) at utils.c:861
#3  0x00007f049b9053da in start_thread (arg=<value optimized out>) at pthread_create.c:297
#4  0x00007f049c0082bd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
Current language:  auto; currently asm

Thread 5 (process 5924):
#0  0x00007f049bffe886 in __poll (fds=0x7f0482b957b0, nfds=4, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:87
#1  0x00000000004430a6 in ast_waitfor_nandfds (c=0x7f0482b959f0, n=2, fds=0x0, nfds=0, exception=0x0, outfd=0x0, ms=0x7f0482b95a7c) at channel.c:2019
#2  0x0000000000443ea7 in ast_waitfor_n (c=0x7f0482b957b0, n=4, ms=<value optimized out>) at channel.c:2281
#3  0x00000000004446d8 in ast_generic_bridge () at channel.c:4467
#4  ast_channel_bridge (c0=0x8e3fa0, c1=0x890be0, config=0x7f0482b96800, fo=0x7f0482b95c00, rc=0x7f0482b95bf8) at channel.c:4850
ASTERISK-1  0x0000000000466894 in ast_bridge_call (chan=0x8e3fa0, peer=0x890be0, config=0x7f0482b96800) at features.c:2278
ASTERISK-2  0x00007f048a6b8166 in try_calling (qe=0x7f0482b98670, options=<value optimized out>, announceoverride=<value optimized out>, url=0x7f0482b985b9 "", tries=<value optimized out>, noption=<value optimized out>, agi=0x0, macro=0x0, gosub=0x0, ringing=1) at app_queue.c:3907
ASTERISK-3  0x00007f048a6bca5c in queue_exec (chan=0x8e3fa0, data=<value optimized out>) at app_queue.c:4827
ASTERISK-4  0x000000000049255f in pbx_exec (c=0x8e3fa0, app=0x759cd0, data=0x7f0482b9ad60) at pbx.c:942
ASTERISK-5  0x0000000000496876 in pbx_extension_helper (c=0x8e3fa0, con=<value optimized out>, context=0x8e41f8 "HassogbergIntern", exten=0x8e4248 "s", priority=2, label=0x0, callerid=0x97dd80 "+4520126438", action=E_SPAWN, found=0x7f0482b9cecc, combined_find_spawn=1) at pbx.c:3111
ASTERISK-6 0x0000000000496d30 in ast_spawn_extension (c=0x7f0482b957b0, context=<value optimized out>, exten=<value optimized out>, priority=<value optimized out>, callerid=<value optimized out>, found=<value optimized out>, combined_find_spawn=1) at pbx.c:3614
ASTERISK-7 0x000000000049771f in __ast_pbx_run (c=0x8e3fa0, args=0x0) at pbx.c:3701
ASTERISK-8 0x00000000004987db in pbx_thread (data=0x7f0482b957b0) at pbx.c:3974
ASTERISK-9 0x00000000004ce37e in dummy_start (data=<value optimized out>) at utils.c:861
ASTERISK-10 0x00007f049b9053da in start_thread (arg=<value optimized out>) at pthread_create.c:297
ASTERISK-11 0x00007f049c0082bd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
Current language:  auto; currently c

Thread 4 (process 4665):
#0  0x00007f049bffe886 in __poll (fds=0x7fffa4a640c0, nfds=1, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:87
#1  0x0000000000429c27 in monitor_sig_flags (unused=<value optimized out>) at asterisk.c:2846
#2  0x000000000042e45f in main (argc=<value optimized out>, argv=0x1) at asterisk.c:3515

Thread 3 (process 5928):
#0  __lll_lock_wait_private () at ../nptl/sysdeps/unix/sysv/linux/x86_64/lowlevellock.S:91
#1  0x00007f049bfa0235 in _L_lock_4781 () from /lib64/libc.so.6
#2  0x00007f049bf9c47b in __libc_free (mem=0x7f049c28fa00) at malloc.c:3623
#3  0x0000000000444623 in ast_generic_bridge () at channel.c:4550
#4  ast_channel_bridge (c0=0x8ec1e0, c1=0x982bf0, config=0x7f0482d77dd0, fo=0x7f0482d771b0, rc=0x7f0482d771a8) at channel.c:4850
ASTERISK-1  0x0000000000466894 in ast_bridge_call (chan=0x8ec1e0, peer=0x982bf0, config=0x7f0482d77dd0) at features.c:2278
ASTERISK-2  0x00007f04857065a4 in dial_exec_full (chan=0x8ec1e0, data=<value optimized out>, peerflags=0x7f0482d78860, continue_exec=0x0) at app_dial.c:1911
ASTERISK-3  0x00007f0485708986 in dial_exec (chan=0x7f049c28fa00, data=0x80) at app_dial.c:1967
ASTERISK-4  0x000000000049255f in pbx_exec (c=0x8ec1e0, app=0x7f04940ce7e0, data=0x7f0482d7ad60) at pbx.c:942
ASTERISK-5  0x0000000000496876 in pbx_extension_helper (c=0x8ec1e0, con=<value optimized out>, context=0x8ec438 "HassogbergDirect", exten=0x8ec488 "s", priority=4, label=0x0, callerid=0x80e060 "792", action=E_SPAWN, found=0x7f0482d7cecc, combined_find_spawn=1) at pbx.c:3111
ASTERISK-6 0x0000000000496d30 in ast_spawn_extension (c=0x7f049c28fa00, context=<value optimized out>, exten=<value optimized out>, priority=<value optimized out>, callerid=<value optimized out>, found=<value optimized out>, combined_find_spawn=1) at pbx.c:3614
ASTERISK-7 0x000000000049771f in __ast_pbx_run (c=0x8ec1e0, args=0x0) at pbx.c:3701
ASTERISK-8 0x00000000004987db in pbx_thread (data=0x7f049c28fa00) at pbx.c:3974
ASTERISK-9 0x00000000004ce37e in dummy_start (data=<value optimized out>) at utils.c:861
ASTERISK-10 0x00007f049b9053da in start_thread (arg=<value optimized out>) at pthread_create.c:297
ASTERISK-11 0x00007f049c0082bd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112

Thread 2 (process 5931):
#0  __lll_lock_wait_private () at ../nptl/sysdeps/unix/sysv/linux/x86_64/lowlevellock.S:91
#1  0x00007f049bfa0235 in _L_lock_4781 () from /lib64/libc.so.6
#2  0x00007f049bf9c47b in __libc_free (mem=0x7f049c28fa00) at malloc.c:3623
#3  0x0000000000444623 in ast_generic_bridge () at channel.c:4550
#4  ast_channel_bridge (c0=0x7f04740bd680, c1=0x7f047c024560, config=0x7f0482b1fdd0, fo=0x7f0482b1f1b0, rc=0x7f0482b1f1a8) at channel.c:4850
ASTERISK-1  0x0000000000466894 in ast_bridge_call (chan=0x7f04740bd680, peer=0x7f047c024560, config=0x7f0482b1fdd0) at features.c:2278
ASTERISK-2  0x00007f04857065a4 in dial_exec_full (chan=0x7f04740bd680, data=<value optimized out>, peerflags=0x7f0482b20860, continue_exec=0x0) at app_dial.c:1911
ASTERISK-3  0x00007f0485708986 in dial_exec (chan=0x7f049c28fa00, data=0x80) at app_dial.c:1967
ASTERISK-4  0x000000000049255f in pbx_exec (c=0x7f04740bd680, app=0x7f04940ce7e0, data=0x7f0482b22d60) at pbx.c:942
ASTERISK-5  0x0000000000496876 in pbx_extension_helper (c=0x7f04740bd680, con=<value optimized out>, context=0x7f04740bd8d8 "DialLine", exten=0x7f04740bd928 "815-001d7ed025f4-1", priority=19, label=0x0, callerid=0x7f047403f670 "792", action=E_SPAWN, found=0x7f0482b24ecc, combined_find_spawn=1) at pbx.c:3111
ASTERISK-6 0x0000000000496d30 in ast_spawn_extension (c=0x7f049c28fa00, context=<value optimized out>, exten=<value optimized out>, priority=<value optimized out>, callerid=<value optimized out>, found=<value optimized out>, combined_find_spawn=1) at pbx.c:3614
ASTERISK-7 0x000000000049771f in __ast_pbx_run (c=0x7f04740bd680, args=0x0) at pbx.c:3701
ASTERISK-8 0x00000000004987db in pbx_thread (data=0x7f049c28fa00) at pbx.c:3974
ASTERISK-9 0x00000000004ce37e in dummy_start (data=<value optimized out>) at utils.c:861
ASTERISK-10 0x00007f049b9053da in start_thread (arg=<value optimized out>) at pthread_create.c:297
ASTERISK-11 0x00007f049c0082bd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
Current language:  auto; currently asm

Thread 1 (process 5926):
#0  0x00007f049bf54f05 in raise (sig=<value optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1  0x00007f049bf56a73 in abort () at abort.c:88
#2  0x00007f049bf94438 in __libc_message (do_abort=2, fmt=0x7f049c05e428 "*** glibc detected *** %s: %s: 0x%s ***\n") at ../sysdeps/unix/sysv/linux/libc_fatal.c:170
#3  0x00007f049bf99ec8 in malloc_printerr (action=2, str=0x7f049c05e530 "double free or corruption (!prev)", ptr=<value optimized out>) at malloc.c:5994
#4  0x00007f049bf9c486 in __libc_free (mem=0x7f049c054880) at malloc.c:3625
ASTERISK-1  0x00007f049bf89f21 in _IO_new_fclose (fp=0x8dce60) at iofclose.c:88
ASTERISK-2  0x000000000046aa9d in filestream_destructor (arg=0x8c6d18) at file.c:321
ASTERISK-3  0x000000000042f9aa in ao2_ref (user_data=0x8c6d18, delta=5926) at astobj2.c:227
ASTERISK-4  0x0000000000470e05 in ast_frame_free (fr=0x1239, cache=1) at frame.c:349
ASTERISK-5  0x00007f0498a458ab in moh_files_generator (chan=0x97a7f0, data=<value optimized out>, len=<value optimized out>, samples=<value optimized out>) at res_musiconhold.c:302
ASTERISK-6 0x000000000043de6e in ast_read_generator_actions (chan=0x97a7f0, f=0x8b9ca0) at channel.c:2448
ASTERISK-7 0x0000000000441fe8 in __ast_read (chan=0x97a7f0, dropaudio=0) at channel.c:2900
ASTERISK-8 0x00000000004446f0 in ast_generic_bridge () at channel.c:4482
ASTERISK-9 ast_channel_bridge (c0=0x97a7f0, c1=0x8be2a0, config=0x7f0482ae3dd0, fo=0x7f0482ae31b0, rc=0x7f0482ae31a8) at channel.c:4850
ASTERISK-10 0x0000000000466894 in ast_bridge_call (chan=0x97a7f0, peer=0x8be2a0, config=0x7f0482ae3dd0) at features.c:2278
ASTERISK-11 0x00007f04857065a4 in dial_exec_full (chan=0x97a7f0, data=<value optimized out>, peerflags=0x7f0482ae4860, continue_exec=0x0) at app_dial.c:1911
ASTERISK-12 0x00007f0485708986 in dial_exec (chan=0x1239, data=0x1726) at app_dial.c:1967
ASTERISK-13 0x000000000049255f in pbx_exec (c=0x97a7f0, app=0x7f04940ce7e0, data=0x7f0482ae6d60) at pbx.c:942
ASTERISK-14 0x0000000000496876 in pbx_extension_helper (c=0x97a7f0, con=<value optimized out>, context=0x97aa48 "DialLine", exten=0x97aa98 "792-0013d18009f0-5", priority=19, label=0x0, callerid=0x7f04740b2fc0 "20126438", action=E_SPAWN, found=0x7f0482ae8ecc, combined_find_spawn=1) at pbx.c:3111
ASTERISK-15 0x0000000000496d30 in ast_spawn_extension (c=0x1239, context=<value optimized out>, exten=<value optimized out>, priority=<value optimized out>, callerid=<value optimized out>, found=<value optimized out>, combined_find_spawn=1) at pbx.c:3614
ASTERISK-16 0x000000000049771f in __ast_pbx_run (c=0x97a7f0, args=0x0) at pbx.c:3701
ASTERISK-17 0x00000000004987db in pbx_thread (data=0x1239) at pbx.c:3974
ASTERISK-18 0x00000000004ce37e in dummy_start (data=<value optimized out>) at utils.c:861
ASTERISK-19 0x00007f049b9053da in start_thread (arg=<value optimized out>) at pthread_create.c:297
ASTERISK-20 0x00007f049c0082bd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
Current language:  auto; currently c
By: David Brillert (aragon) 2009-07-21 12:48:54

Testing SVN revision 206273 and the moh files based segfaults are gone.
Can anyone else test 206273 SVN and confirm?
By: Raimund Sacherer (hatrix) 2009-08-10 16:22:40

Is bug ASTERISK-1549689 related? I have a backtrace similar, but we do not use "non files mode" all our moh is file based (wav files).

best
By: Raimund Sacherer (hatrix) 2009-08-11 01:36:16

Aragon, can you eventually help me (hope your holiday is over :-). I am setting up a testszenario and have scripts to logon/off agents in queues and make calls, but I can not really reproduce this bug in our lab, can you tell me how you manage to reproduce it, or, if possible, provide me with some hints or scripts on how to make a better test-bed?

thanks,
By: Benny Amorsen (amorsen) 2009-08-20 10:12:22

It happened again in 1.6.0.13

(gdb) thread apply all bt

Thread 18 (Thread 27251):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:261
#1  0x000000000045c91f in ast_cond_wait (t=<value optimized out>, cond=<value optimized out>) at /usr/src/debug/asterisk-1.6.0.13/include/asterisk/lock.h:802
#2  ast_event_dispatcher (t=<value optimized out>, cond=<value optimized out>) at event.c:762
#3  0x00000000004ccfe8 in dummy_start (data=<value optimized out>) at utils.c:861
#4  0x00007fabb70cc86a in start_thread (arg=<value optimized out>) at pthread_create.c:297
ASTERISK-1  0x00007fabb77c839d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
ASTERISK-2  0x0000000000000000 in ?? ()

Thread 17 (Thread 27252):
#0  0x00007fabb77bf0b3 in *__GI___poll (fds=<value optimized out>, nfds=<value optimized out>, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:87
#1  0x00000000004280ab in listener (unused=<value optimized out>) at asterisk.c:1062
#2  0x00000000004ccfe8 in dummy_start (data=<value optimized out>) at utils.c:861
#3  0x00007fabb70cc86a in start_thread (arg=<value optimized out>) at pthread_create.c:297
#4  0x00007fabb77c839d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
ASTERISK-1  0x0000000000000000 in ?? ()

Thread 16 (Thread 27253):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:261
#1  0x000000000047caa9 in ast_cond_wait (t=<value optimized out>, cond=<value optimized out>) at /usr/src/debug/asterisk-1.6.0.13/include/asterisk/lock.h:802
#2  logger_thread (t=<value optimized out>, cond=<value optimized out>) at logger.c:888
#3  0x00000000004ccfe8 in dummy_start (data=<value optimized out>) at utils.c:861
#4  0x00007fabb70cc86a in start_thread (arg=<value optimized out>) at pthread_create.c:297
ASTERISK-1  0x00007fabb77c839d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
ASTERISK-2  0x0000000000000000 in ?? ()

Thread 15 (Thread 27255):
#0  0x00007fabb77bf0b3 in *__GI___poll (fds=<value optimized out>, nfds=<value optimized out>, timeout=5000) at ../sysdeps/unix/sysv/linux/poll.c:87
#1  0x00000000004ce887 in ast_wait_for_input (fd=-516, ms=5000) at utils.c:950
#2  0x00000000004c3d1c in ast_tcptls_server_root (data=0x72e180) at tcptls.c:134
#3  0x00000000004ccfe8 in dummy_start (data=<value optimized out>) at utils.c:861
#4  0x00007fabb70cc86a in start_thread (arg=<value optimized out>) at pthread_create.c:297
ASTERISK-1  0x00007fabb77c839d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
ASTERISK-2  0x0000000000000000 in ?? ()

Thread 14 (Thread 27256):
#0  pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:220
#1  0x000000000043963f in ast_cond_timedwait (abstime=<value optimized out>, t=<value optimized out>, cond=<value optimized out>)
   at /usr/src/debug/asterisk-1.6.0.13/include/asterisk/lock.h:807
#2  do_cdr (abstime=<value optimized out>, t=<value optimized out>, cond=<value optimized out>) at cdr.c:1270
#3  0x00000000004ccfe8 in dummy_start (data=<value optimized out>) at utils.c:861
#4  0x00007fabb70cc86a in start_thread (arg=<value optimized out>) at pthread_create.c:297
ASTERISK-1  0x00007fabb77c839d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
ASTERISK-2  0x0000000000000000 in ?? ()

---Type <return> to continue, or q <return> to quit---
Thread 13 (Thread 27257):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:261
#1  0x0000000000453347 in ast_cond_wait (t=<value optimized out>, cond=<value optimized out>) at /usr/src/debug/asterisk-1.6.0.13/include/asterisk/lock.h:802
#2  do_devstate_changes (t=<value optimized out>, cond=<value optimized out>) at devicestate.c:509
#3  0x00000000004ccfe8 in dummy_start (data=<value optimized out>) at utils.c:861
#4  0x00007fabb70cc86a in start_thread (arg=<value optimized out>) at pthread_create.c:297
ASTERISK-1  0x00007fabb77c839d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
ASTERISK-2  0x0000000000000000 in ?? ()

Thread 12 (Thread 27258):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:261
#1  0x000000000048db87 in ast_cond_wait (t=<value optimized out>, cond=<value optimized out>) at /usr/src/debug/asterisk-1.6.0.13/include/asterisk/lock.h:802
#2  device_state_thread (t=<value optimized out>, cond=<value optimized out>) at pbx.c:3344
#3  0x00000000004ccfe8 in dummy_start (data=<value optimized out>) at utils.c:861
#4  0x00007fabb70cc86a in start_thread (arg=<value optimized out>) at pthread_create.c:297
ASTERISK-1  0x00007fabb77c839d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
ASTERISK-2  0x0000000000000000 in ?? ()

Thread 11 (Thread 27259):
#0  0x00007fabb77c10e2 in select () from /lib64/libc.so.6
#1  0x00000000004620fb in ast_select (tvp=<value optimized out>, efds=<value optimized out>, wfds=<value optimized out>, rfds=<value optimized out>, nfds=<value optimized out>)
   at /usr/src/debug/asterisk-1.6.0.13/include/asterisk/channel.h:1644
#2  do_parking_thread (tvp=<value optimized out>, efds=<value optimized out>, wfds=<value optimized out>, rfds=<value optimized out>, nfds=<value optimized out>) at features.c:2856
#3  0x00000000004ccfe8 in dummy_start (data=<value optimized out>) at utils.c:861
#4  0x00007fabb70cc86a in start_thread (arg=<value optimized out>) at pthread_create.c:297
ASTERISK-1  0x00007fabb77c839d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
ASTERISK-2  0x0000000000000000 in ?? ()

Thread 10 (Thread 27260):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:261
#1  0x00007fab89926a24 in ast_cond_wait (t=<value optimized out>, cond=<value optimized out>) at /usr/src/debug/asterisk-1.6.0.13/include/asterisk/lock.h:802
#2  device_state_thread (t=<value optimized out>, cond=<value optimized out>) at app_queue.c:801
#3  0x00000000004ccfe8 in dummy_start (data=<value optimized out>) at utils.c:861
#4  0x00007fabb70cc86a in start_thread (arg=<value optimized out>) at pthread_create.c:297
ASTERISK-1  0x00007fabb77c839d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
ASTERISK-2  0x0000000000000000 in ?? ()

Thread 9 (Thread 27261):
#0  0x00007fabb77bf0b3 in *__GI___poll (fds=<value optimized out>, nfds=<value optimized out>, timeout=199) at ../sysdeps/unix/sysv/linux/poll.c:87
#1  0x000000000047699e in ast_io_wait (ioc=0x7af020, howlong=199) at io.c:275
#2  0x00007fab892da834 in do_monitor (data=<value optimized out>) at chan_sip.c:19446
#3  0x00000000004ccfe8 in dummy_start (data=<value optimized out>) at utils.c:861
#4  0x00007fabb70cc86a in start_thread (arg=<value optimized out>) at pthread_create.c:297
ASTERISK-1  0x00007fabb77c839d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
ASTERISK-2  0x0000000000000000 in ?? ()

---Type <return> to continue, or q <return> to quit---
Thread 8 (Thread 27262):
#0  0x00007fabb778dfa1 in nanosleep () from /lib64/libc.so.6
#1  0x00007fab82fe35bc in scan_thread (unused=<value optimized out>) at pbx_spool.c:453
#2  0x00000000004ccfe8 in dummy_start (data=<value optimized out>) at utils.c:861
#3  0x00007fabb70cc86a in start_thread (arg=<value optimized out>) at pthread_create.c:297
#4  0x00007fabb77c839d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
ASTERISK-1  0x0000000000000000 in ?? ()

Thread 7 (Thread 27263):
#0  0x00007fabb77c10e2 in select () from /lib64/libc.so.6
#1  0x00007fab763cbef3 in ast_select (tvp=<value optimized out>, efds=<value optimized out>, wfds=<value optimized out>, rfds=<value optimized out>, nfds=<value optimized out>)
   at /usr/src/debug/asterisk-1.6.0.13/include/asterisk/channel.h:1644
#2  do_monitor (tvp=<value optimized out>, efds=<value optimized out>, wfds=<value optimized out>, rfds=<value optimized out>, nfds=<value optimized out>) at chan_phone.c:1076
#3  0x00000000004ccfe8 in dummy_start (data=<value optimized out>) at utils.c:861
#4  0x00007fabb70cc86a in start_thread (arg=<value optimized out>) at pthread_create.c:297
ASTERISK-1  0x00007fabb77c839d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
ASTERISK-2  0x0000000000000000 in ?? ()

Thread 6 (Thread 28115):
#0  0x00007fabb77bf0b3 in *__GI___poll (fds=<value optimized out>, nfds=<value optimized out>, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:87
#1  0x0000000000441190 in ast_waitfor_nandfds (c=<value optimized out>, n=<value optimized out>, fds=<value optimized out>, nfds=<value optimized out>, exception=0x0,
   outfd=<value optimized out>, ms=0x7fab75fb3abc) at channel.c:2019
#2  0x0000000000441567 in ast_waitfor_n (c=0x7fab75fb3800, n=4, ms=<value optimized out>) at channel.c:2281
#3  0x000000000044546c in ast_generic_bridge (bridge_end=<value optimized out>, rc=<value optimized out>, fo=<value optimized out>, config=<value optimized out>,
   c1=<value optimized out>, c0=<value optimized out>) at channel.c:4467
#4  ast_channel_bridge (bridge_end=<value optimized out>, rc=<value optimized out>, fo=<value optimized out>, config=<value optimized out>, c1=<value optimized out>,
   c0=<value optimized out>) at channel.c:4850
ASTERISK-1  0x0000000000465d30 in ast_bridge_call (chan=0x7fab7c007350, peer=<value optimized out>, config=0x7fab75fb47e0) at features.c:2278
ASTERISK-2  0x00007fab8992ec21 in try_calling (qe=0x7fab75fb6660, options=<value optimized out>, announceoverride=<value optimized out>, url=<value optimized out>,
   tries=<value optimized out>, noption=<value optimized out>, agi=0x0, macro=0x0, gosub=0x0, ringing=1) at app_queue.c:3907
ASTERISK-3  0x00007fab89932a3b in queue_exec (chan=0x7fab7c007350, data=<value optimized out>) at app_queue.c:4827
ASTERISK-4  0x000000000048be10 in pbx_exec (c=0x7fab7c007350, app=0x7af2a0, data=0x7fab75fb8d50) at pbx.c:942
ASTERISK-5  0x0000000000491eac in pbx_extension_helper (c=0x7fab7c007350, con=<value optimized out>, context=0x7fab7c0075a8 "HassogbergIntern", exten=0x7fab7c0075f8 "s",
   priority=<value optimized out>, label=<value optimized out>, callerid=0x7fab7c008190 "+4532642929", action=E_SPAWN, found=0x7fab75fbaecc, combined_find_spawn=1) at pbx.c:3111
ASTERISK-6 0x0000000000492370 in ast_spawn_extension (c=0x7fab75fb3800, context=<value optimized out>, exten=<value optimized out>, priority=<value optimized out>,
   callerid=<value optimized out>, found=<value optimized out>, combined_find_spawn=1) at pbx.c:3614
ASTERISK-7 0x00000000004964ef in __ast_pbx_run (c=0x7fab7c007350, args=<value optimized out>) at pbx.c:3701
ASTERISK-8 0x000000000049754b in pbx_thread (data=0x7fab75fb3800) at pbx.c:3974
ASTERISK-9 0x00000000004ccfe8 in dummy_start (data=<value optimized out>) at utils.c:861
ASTERISK-10 0x00007fabb70cc86a in start_thread (arg=<value optimized out>) at pthread_create.c:297
ASTERISK-11 0x00007fabb77c839d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
ASTERISK-12 0x0000000000000000 in ?? ()

Thread 5 (Thread 28117):
#0  0x00007fabb63b2957 in _Unwind_IteratePhdrCallback (info=<value optimized out>, size=<value optimized out>, ptr=<value optimized out>) at ../../../gcc/unwind-dw2-fde-glibc.c:346
#1  0x00007fabb7804d0e in *__GI___dl_iterate_phdr (callback=0x7fabb63b2470 <_Unwind_IteratePhdrCallback>, data=0x7fab800d2fc0) at dl-iteratephdr.c:76
---Type <return> to continue, or q <return> to quit---
#2  0x00007fabb63b4a99 in _Unwind_Find_FDE (pc=0x7fabb77ddd5d, bases=0x7fab800d32a8) at ../../../gcc/unwind-dw2-fde-glibc.c:417
#3  0x00007fabb63af7d3 in uw_frame_state_for (context=0x7fab800d3200, fs=<value optimized out>) at ../../../gcc/unwind-dw2.c:1128
#4  0x00007fabb63b02eb in _Unwind_Backtrace (trace=0x7fabb77ddc40 <backtrace_helper>, trace_argument=0x7fab800d3340) from /lib64/libgcc_s.so.1
ASTERISK-1  0x00007fabb77ddd5e in *__GI___backtrace (array=<value optimized out>, size=64) at ../sysdeps/ia64/backtrace.c:85
ASTERISK-2  0x00007fabb775a071 in __libc_message (do_abort=2, fmt=0x7fabb781fe70 "*** glibc detected *** %s: %s: 0x%s ***\n") at ../sysdeps/unix/sysv/linux/libc_fatal.c:150
ASTERISK-3  0x00007fabb775fa96 in malloc_printerr (action=3, str=0x7fabb7820018 "double free or corruption (out)", ptr=<value optimized out>) at malloc.c:6217
ASTERISK-4  0x00007fabb77500dd in _IO_new_fclose (fp=0x7fab6c00d7c0) at iofclose.c:88
ASTERISK-5  0x0000000000469afb in filestream_destructor (arg=0x7fab6c00da48) at file.c:321
ASTERISK-6 0x000000000042f904 in ao2_ref (user_data=0x7fab6c00da48, delta=3169) at astobj2.c:227
ASTERISK-7 0x000000000046f385 in ast_frame_free (fr=0x7fabb77ddd5d, cache=1) at frame.c:349
ASTERISK-8 0x00007fab97dfc778 in moh_files_generator (chan=0x7fab4c00a060, data=<value optimized out>, len=<value optimized out>, samples=<value optimized out>) at res_musiconhold.c:302
ASTERISK-9 0x000000000043f46c in ast_read_generator_actions (chan=0x7fab4c00a060, f=0x7fab6c00dcd0) at channel.c:2448
ASTERISK-10 0x00000000004420f4 in __ast_read (chan=0x7fab4c00a060, dropaudio=0) at channel.c:2900
ASTERISK-11 0x0000000000445484 in ast_generic_bridge (bridge_end=<value optimized out>, rc=<value optimized out>, fo=<value optimized out>, config=<value optimized out>,
   c1=<value optimized out>, c0=<value optimized out>) at channel.c:4482
ASTERISK-12 ast_channel_bridge (bridge_end=<value optimized out>, rc=<value optimized out>, fo=<value optimized out>, config=<value optimized out>, c1=<value optimized out>,
   c0=<value optimized out>) at channel.c:4850
ASTERISK-13 0x0000000000465d30 in ast_bridge_call (chan=0x7fab4c00a060, peer=<value optimized out>, config=0x7fab800d4dc0) at features.c:2278
ASTERISK-14 0x00007fab809a7357 in dial_exec_full (chan=0x7fab4c00a060, data=<value optimized out>, peerflags=<value optimized out>, continue_exec=<value optimized out>) at app_dial.c:1911
ASTERISK-15 0x00007fab809a9636 in dial_exec (chan=0x7fabb77ddd5d, data=0xc61) at app_dial.c:1967
ASTERISK-16 0x000000000048be10 in pbx_exec (c=0x7fab4c00a060, app=0x7fc240, data=0x7fab800d7d50) at pbx.c:942
ASTERISK-17 0x0000000000491eac in pbx_extension_helper (c=0x7fab4c00a060, con=<value optimized out>, context=0x7fab4c00a2b8 "DialLine", exten=0x7fab4c00a308 "792-0013d18009f0-5",
   priority=<value optimized out>, label=<value optimized out>, callerid=0x7fab6c002840 "32642929", action=E_SPAWN, found=0x7fab800d9ecc, combined_find_spawn=1) at pbx.c:3111
ASTERISK-18 0x0000000000492370 in ast_spawn_extension (c=0x7fabb77ddd5d, context=<value optimized out>, exten=<value optimized out>, priority=<value optimized out>,
   callerid=<value optimized out>, found=<value optimized out>, combined_find_spawn=1) at pbx.c:3614
ASTERISK-19 0x00000000004964ef in __ast_pbx_run (c=0x7fab4c00a060, args=<value optimized out>) at pbx.c:3701
ASTERISK-20 0x000000000049754b in pbx_thread (data=0x7fabb77ddd5d) at pbx.c:3974
ASTERISK-21 0x00000000004ccfe8 in dummy_start (data=<value optimized out>) at utils.c:861
ASTERISK-22 0x00007fabb70cc86a in start_thread (arg=<value optimized out>) at pthread_create.c:297
ASTERISK-23 0x00007fabb77c839d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
ASTERISK-24 0x0000000000000000 in ?? ()

Thread 4 (Thread 28150):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:261
#1  0x0000000000432231 in ast_cond_wait (t=<value optimized out>, cond=<value optimized out>) at /usr/src/debug/asterisk-1.6.0.13/include/asterisk/lock.h:802
#2  autoservice_run (t=<value optimized out>, cond=<value optimized out>) at autoservice.c:91
#3  0x00000000004ccfe8 in dummy_start (data=<value optimized out>) at utils.c:861
#4  0x00007fabb70cc86a in start_thread (arg=<value optimized out>) at pthread_create.c:297
ASTERISK-1  0x00007fabb77c839d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
ASTERISK-2  0x0000000000000000 in ?? ()

Thread 3 (Thread 27250):
#0  0x00007fabb77bf0b3 in *__GI___poll (fds=<value optimized out>, nfds=<value optimized out>, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:87
#1  0x000000000042b010 in monitor_sig_flags (unused=<value optimized out>) at asterisk.c:2846
#2  0x000000000042cfa0 in main (argc=<value optimized out>, argv=<value optimized out>) at asterisk.c:3515

---Type <return> to continue, or q <return> to quit---
Thread 2 (Thread 28156):
#0  0x00007fabb77bf0b3 in *__GI___poll (fds=<value optimized out>, nfds=<value optimized out>, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:87
#1  0x0000000000441190 in ast_waitfor_nandfds (c=<value optimized out>, n=<value optimized out>, fds=<value optimized out>, nfds=<value optimized out>, exception=0x0,
   outfd=<value optimized out>, ms=0x7fab801880ac) at channel.c:2019
#2  0x0000000000441567 in ast_waitfor_n (c=0x7fab80187df0, n=4, ms=<value optimized out>) at channel.c:2281
#3  0x000000000044546c in ast_generic_bridge (bridge_end=<value optimized out>, rc=<value optimized out>, fo=<value optimized out>, config=<value optimized out>,
   c1=<value optimized out>, c0=<value optimized out>) at channel.c:4467
#4  ast_channel_bridge (bridge_end=<value optimized out>, rc=<value optimized out>, fo=<value optimized out>, config=<value optimized out>, c1=<value optimized out>,
   c0=<value optimized out>) at channel.c:4850
ASTERISK-1  0x0000000000465d30 in ast_bridge_call (chan=0x7fab640075c0, peer=<value optimized out>, config=0x7fab80188dc0) at features.c:2278
ASTERISK-2  0x00007fab809a7357 in dial_exec_full (chan=0x7fab640075c0, data=<value optimized out>, peerflags=<value optimized out>, continue_exec=<value optimized out>) at app_dial.c:1911
ASTERISK-3  0x00007fab809a9636 in dial_exec (chan=0x7fab80187df0, data=0x4) at app_dial.c:1967
ASTERISK-4  0x000000000048be10 in pbx_exec (c=0x7fab640075c0, app=0x7fc240, data=0x7fab8018bd50) at pbx.c:942
ASTERISK-5  0x0000000000491eac in pbx_extension_helper (c=0x7fab640075c0, con=<value optimized out>, context=0x7fab64007818 "DialLine", exten=0x7fab64007868 "789-0013d18009f0-2",
   priority=<value optimized out>, label=<value optimized out>, callerid=0x7fab680008c0 "792", action=E_SPAWN, found=0x7fab8018decc, combined_find_spawn=1) at pbx.c:3111
ASTERISK-6 0x0000000000492370 in ast_spawn_extension (c=0x7fab80187df0, context=<value optimized out>, exten=<value optimized out>, priority=<value optimized out>,
   callerid=<value optimized out>, found=<value optimized out>, combined_find_spawn=1) at pbx.c:3614
ASTERISK-7 0x00000000004964ef in __ast_pbx_run (c=0x7fab640075c0, args=<value optimized out>) at pbx.c:3701
ASTERISK-8 0x000000000049754b in pbx_thread (data=0x7fab80187df0) at pbx.c:3974
ASTERISK-9 0x00000000004ccfe8 in dummy_start (data=<value optimized out>) at utils.c:861
ASTERISK-10 0x00007fabb70cc86a in start_thread (arg=<value optimized out>) at pthread_create.c:297
ASTERISK-11 0x00007fabb77c839d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
ASTERISK-12 0x0000000000000000 in ?? ()

Thread 1 (Thread 28153):
#0  0x00007fabb77612ca in _int_free (av=0x7fab6c000020, p=0x7fab6c00b700, have_lock=<value optimized out>) at malloc.c:4912
#1  0x00000000004c706d in destroy (pvt=0x7fab6c00b710) at translate.c:150
#2  0x00000000004c70ef in ast_translator_free_path (p=0x0) at translate.c:258
#3  0x000000000043b905 in free_translation (clone=0x7fab4c00a060) at channel.c:1583
#4  0x000000000043ffc3 in ast_do_masquerade (original=0x7fab7c006bd0) at channel.c:4057
ASTERISK-1  0x0000000000440f88 in ast_waitfor_nandfds (c=<value optimized out>, n=2, fds=<value optimized out>, nfds=<value optimized out>, exception=<value optimized out>,
   outfd=<value optimized out>, ms=0x7fab75f790ac) at channel.c:1963
ASTERISK-2  0x0000000000441567 in ast_waitfor_n (c=0x0, n=0, ms=<value optimized out>) at channel.c:2281
ASTERISK-3  0x000000000044546c in ast_generic_bridge (bridge_end=<value optimized out>, rc=<value optimized out>, fo=<value optimized out>, config=<value optimized out>,
   c1=<value optimized out>, c0=<value optimized out>) at channel.c:4467
ASTERISK-4  ast_channel_bridge (bridge_end=<value optimized out>, rc=<value optimized out>, fo=<value optimized out>, config=<value optimized out>, c1=<value optimized out>,
   c0=<value optimized out>) at channel.c:4850
ASTERISK-5  0x0000000000465d30 in ast_bridge_call (chan=0x7fab7c006bd0, peer=<value optimized out>, config=0x7fab75f79dc0) at features.c:2278
ASTERISK-6 0x00007fab809a7357 in dial_exec_full (chan=0x7fab7c006bd0, data=<value optimized out>, peerflags=<value optimized out>, continue_exec=<value optimized out>) at app_dial.c:1911
ASTERISK-7 0x00007fab809a9636 in dial_exec (chan=0x0, data=0x0) at app_dial.c:1967
ASTERISK-8 0x000000000048be10 in pbx_exec (c=0x7fab7c006bd0, app=0x7fc240, data=0x7fab75f7cd50) at pbx.c:942
ASTERISK-9 0x0000000000491eac in pbx_extension_helper (c=0x7fab7c006bd0, con=<value optimized out>, context=0x7fab7c006e28 "HassogbergDirect", exten=0x7fab7c006e78 "s",
   priority=<value optimized out>, label=<value optimized out>, callerid=0x7fab7c004a10 "792", action=E_SPAWN, found=0x7fab75f7eecc, combined_find_spawn=1) at pbx.c:3111
ASTERISK-10 0x0000000000492370 in ast_spawn_extension (c=0x0, context=<value optimized out>, exten=<value optimized out>, priority=<value optimized out>, callerid=<value optimized out>,
   found=<value optimized out>, combined_find_spawn=1) at pbx.c:3614
ASTERISK-11 0x00000000004964ef in __ast_pbx_run (c=0x7fab7c006bd0, args=<value optimized out>) at pbx.c:3701
---Type <return> to continue, or q <return> to quit---
ASTERISK-12 0x000000000049754b in pbx_thread (data=0x0) at pbx.c:3974
ASTERISK-13 0x00000000004ccfe8 in dummy_start (data=<value optimized out>) at utils.c:861
ASTERISK-14 0x00007fabb70cc86a in start_thread (arg=<value optimized out>) at pthread_create.c:297
ASTERISK-15 0x00007fabb77c839d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
ASTERISK-16 0x0000000000000000 in ?? ()
By: David Brillert (aragon) 2009-08-20 10:18:48

amorsen

Your Asterisk install is still compiled without DONT_OPTIMIZE enabled so your bt values are optimized out.  There is a minimal performance hit enabling DONT_OPTIMIZE so that you won't notice any degradation.

Secondly this is a memory abort and the only way the developers can see what is really going on is with a valgrind trace or you can try compiling and using Tilghman's malloc_hold checkout https://reviewboard.asterisk.org/r/309/

I captured a crash in Valgrind yesterday related to this issue and it is posted to ticket 15109 Here is a link to the valgrind trace.
https://issues.asterisk.org/file_download.php?file_id=23566&type=bug
By: Russell Bryant (russell) 2009-08-25 14:51:35

I have posted a patch on issue 15109 which should address this issue.  Please give it a try!

https://issues.asterisk.org/view.php?id=15109
By: Digium Subversion (svnbot) 2009-09-01 15:40:39

Repository: asterisk-addons
Revision: 1024

U   branches/1.6.0/formats/format_mp3.c

------------------------------------------------------------------------
r1024 | russell | 2009-09-01 15:40:16 -0500 (Tue, 01 Sep 2009) | 45 lines

Fix memory corruption caused by format_mp3.

format_mp3 claimed that it provided AST_FRIENDLY_OFFSET in frames returned by
read().  However, it lied.  This means that other parts of the code that
attempted to make use of the offset buffer would end up corrupting the fields
in the ast_filestream structure.  This resulted in quite a few crashes due to
unexpected values for fields in ast_filestream.

This patch closes out quite a few bugs.  However, some of these bugs have been
open for a while and have been an area where more than one bug has been
discussed.  So with that said, anyone that is following one of the issues
closed here, if you still have a problem, please open a new bug report for the
specific problem you are still having.  If you do, please ensure that the bug
report is based on the newest version of Asterisk, and that this patch is
applied if format_mp3 is in use.  Thanks!

(closes issue ASTERISK-14129)
Reported by: jvandal
Tested by: aragon, russell, zerohalo, marhbere, rgj

(closes issue ASTERISK-14007)
Reported by: aragon

(closes issue ASTERISK-14141)
Reported by: axisinternet

(closes issue ASTERISK-14074)
Reported by: maxnuv

(closes issue ASTERISK-14374)
Reported by: aragon

(closes issue ASTERISK-14203)
Reported by: amorsen
Tested by: amorsen

(closes issue ASTERISK-14718)
Reported by: jensvb

(closes issue ASTERISK-14673)
Reported by: thom4fun

(closes issue ASTERISK-14428)
Reported by: marhbere

------------------------------------------------------------------------

http://svn.digium.com/view/asterisk-addons?view=rev&revision=1024
By: Digium Subversion (svnbot) 2009-09-01 15:42:42

Repository: asterisk-addons
Revision: 1025

U   branches/1.6.1/formats/format_mp3.c

------------------------------------------------------------------------
r1025 | russell | 2009-09-01 15:42:24 -0500 (Tue, 01 Sep 2009) | 45 lines

Fix memory corruption caused by format_mp3.

format_mp3 claimed that it provided AST_FRIENDLY_OFFSET in frames returned by
read().  However, it lied.  This means that other parts of the code that
attempted to make use of the offset buffer would end up corrupting the fields
in the ast_filestream structure.  This resulted in quite a few crashes due to
unexpected values for fields in ast_filestream.

This patch closes out quite a few bugs.  However, some of these bugs have been
open for a while and have been an area where more than one bug has been
discussed.  So with that said, anyone that is following one of the issues
closed here, if you still have a problem, please open a new bug report for the
specific problem you are still having.  If you do, please ensure that the bug
report is based on the newest version of Asterisk, and that this patch is
applied if format_mp3 is in use.  Thanks!

(closes issue ASTERISK-14129)
Reported by: jvandal
Tested by: aragon, russell, zerohalo, marhbere, rgj

(closes issue ASTERISK-14007)
Reported by: aragon

(closes issue ASTERISK-14141)
Reported by: axisinternet

(closes issue ASTERISK-14074)
Reported by: maxnuv

(closes issue ASTERISK-14374)
Reported by: aragon

(closes issue ASTERISK-14203)
Reported by: amorsen
Tested by: amorsen

(closes issue ASTERISK-14718)
Reported by: jensvb

(closes issue ASTERISK-14673)
Reported by: thom4fun

(closes issue ASTERISK-14428)
Reported by: marhbere

------------------------------------------------------------------------

http://svn.digium.com/view/asterisk-addons?view=rev&revision=1025
By: Digium Subversion (svnbot) 2009-09-01 15:43:32

Repository: asterisk-addons
Revision: 1026

U   branches/1.6.2/formats/format_mp3.c

------------------------------------------------------------------------
r1026 | russell | 2009-09-01 15:43:13 -0500 (Tue, 01 Sep 2009) | 45 lines

Fix memory corruption caused by format_mp3.

format_mp3 claimed that it provided AST_FRIENDLY_OFFSET in frames returned by
read().  However, it lied.  This means that other parts of the code that
attempted to make use of the offset buffer would end up corrupting the fields
in the ast_filestream structure.  This resulted in quite a few crashes due to
unexpected values for fields in ast_filestream.

This patch closes out quite a few bugs.  However, some of these bugs have been
open for a while and have been an area where more than one bug has been
discussed.  So with that said, anyone that is following one of the issues
closed here, if you still have a problem, please open a new bug report for the
specific problem you are still having.  If you do, please ensure that the bug
report is based on the newest version of Asterisk, and that this patch is
applied if format_mp3 is in use.  Thanks!

(closes issue ASTERISK-14129)
Reported by: jvandal
Tested by: aragon, russell, zerohalo, marhbere, rgj

(closes issue ASTERISK-14007)
Reported by: aragon

(closes issue ASTERISK-14141)
Reported by: axisinternet

(closes issue ASTERISK-14074)
Reported by: maxnuv

(closes issue ASTERISK-14374)
Reported by: aragon

(closes issue ASTERISK-14203)
Reported by: amorsen
Tested by: amorsen

(closes issue ASTERISK-14718)
Reported by: jensvb

(closes issue ASTERISK-14673)
Reported by: thom4fun

(closes issue ASTERISK-14428)
Reported by: marhbere

------------------------------------------------------------------------

http://svn.digium.com/view/asterisk-addons?view=rev&revision=1026
By: Digium Subversion (svnbot) 2009-09-01 15:45:15

Repository: asterisk
Revision: 215212

U   trunk/addons/format_mp3.c

------------------------------------------------------------------------
r215212 | russell | 2009-09-01 15:44:57 -0500 (Tue, 01 Sep 2009) | 45 lines

Fix memory corruption caused by format_mp3.

format_mp3 claimed that it provided AST_FRIENDLY_OFFSET in frames returned by
read().  However, it lied.  This means that other parts of the code that
attempted to make use of the offset buffer would end up corrupting the fields
in the ast_filestream structure.  This resulted in quite a few crashes due to
unexpected values for fields in ast_filestream.

This patch closes out quite a few bugs.  However, some of these bugs have been
open for a while and have been an area where more than one bug has been
discussed.  So with that said, anyone that is following one of the issues
closed here, if you still have a problem, please open a new bug report for the
specific problem you are still having.  If you do, please ensure that the bug
report is based on the newest version of Asterisk, and that this patch is
applied if format_mp3 is in use.  Thanks!

(closes issue ASTERISK-14129)
Reported by: jvandal
Tested by: aragon, russell, zerohalo, marhbere, rgj

(closes issue ASTERISK-14007)
Reported by: aragon

(closes issue ASTERISK-14141)
Reported by: axisinternet

(closes issue ASTERISK-14074)
Reported by: maxnuv

(closes issue ASTERISK-14374)
Reported by: aragon

(closes issue ASTERISK-14203)
Reported by: amorsen
Tested by: amorsen

(closes issue ASTERISK-14718)
Reported by: jensvb

(closes issue ASTERISK-14673)
Reported by: thom4fun

(closes issue ASTERISK-14428)
Reported by: marhbere

------------------------------------------------------------------------

http://svn.digium.com/view/asterisk?view=rev&revision=215212
By: Digium Subversion (svnbot) 2009-09-01 15:45:47

Repository: asterisk
Revision: 215213

_U  branches/1.6.2/

------------------------------------------------------------------------
r215213 | russell | 2009-09-01 15:45:26 -0500 (Tue, 01 Sep 2009) | 51 lines

Blocked revisions 215212 via svnmerge

........
 r215212 | russell | 2009-09-01 15:44:13 -0500 (Tue, 01 Sep 2009) | 45 lines
 
 Fix memory corruption caused by format_mp3.
 
 format_mp3 claimed that it provided AST_FRIENDLY_OFFSET in frames returned by
 read().  However, it lied.  This means that other parts of the code that
 attempted to make use of the offset buffer would end up corrupting the fields
 in the ast_filestream structure.  This resulted in quite a few crashes due to
 unexpected values for fields in ast_filestream.
 
 This patch closes out quite a few bugs.  However, some of these bugs have been
 open for a while and have been an area where more than one bug has been
 discussed.  So with that said, anyone that is following one of the issues
 closed here, if you still have a problem, please open a new bug report for the
 specific problem you are still having.  If you do, please ensure that the bug
 report is based on the newest version of Asterisk, and that this patch is
 applied if format_mp3 is in use.  Thanks!
 
 (closes issue ASTERISK-14129)
 Reported by: jvandal
 Tested by: aragon, russell, zerohalo, marhbere, rgj
 
 (closes issue ASTERISK-14007)
 Reported by: aragon
 
 (closes issue ASTERISK-14141)
 Reported by: axisinternet
 
 (closes issue ASTERISK-14074)
 Reported by: maxnuv
 
 (closes issue ASTERISK-14374)
 Reported by: aragon
 
 (closes issue ASTERISK-14203)
 Reported by: amorsen
 Tested by: amorsen
 
 (closes issue ASTERISK-14718)
 Reported by: jensvb
 
 (closes issue ASTERISK-14673)
 Reported by: thom4fun
 
 (closes issue ASTERISK-14428)
 Reported by: marhbere
........

------------------------------------------------------------------------

http://svn.digium.com/view/asterisk?view=rev&revision=215213