Summary: | ASTERISK-14203: double free or corruption (!prev) in moh_files_generator | ||
Reporter: | Benny Amorsen (amorsen) | Labels: | |
Date Opened: | 2009-05-26 08:46:50 | Date Closed: | 2009-09-08 13:29:23 |
Priority: | Blocker | Regression? | No |
Status: | Closed/Complete | Components: | Resources/res_musiconhold |
Versions: | Frequency of Occurrence | ||
Related Issues: | |||
Environment: | Attachments: | ||
Description: | #0 0x00007f049bf54f05 in raise (sig=<value optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64 #1 0x00007f049bf56a73 in abort () at abort.c:88 #2 0x00007f049bf94438 in __libc_message (do_abort=2, fmt=0x7f049c05e428 "*** glibc detected *** %s: %s: 0x%s ***\n") at ../sysdeps/unix/sysv/linux/libc_fatal.c:170 #3 0x00007f049bf99ec8 in malloc_printerr (action=2, str=0x7f049c05e530 "double free or corruption (!prev)", ptr=<value optimized out>) at malloc.c:5994 #4 0x00007f049bf9c486 in __libc_free (mem=0x7f049c054880) at malloc.c:3625 ASTERISK-1 0x00007f049bf89f21 in _IO_new_fclose (fp=0x8dce60) at iofclose.c:88 ASTERISK-2 0x000000000046aa9d in filestream_destructor (arg=0x8c6d18) at file.c:321 ASTERISK-3 0x000000000042f9aa in ao2_ref (user_data=0x8c6d18, delta=5926) at astobj2.c:227 ASTERISK-4 0x0000000000470e05 in ast_frame_free (fr=0x1239, cache=1) at frame.c:349 ASTERISK-5 0x00007f0498a458ab in moh_files_generator (chan=0x97a7f0, data=<value optimized out>, len=<value optimized out>, samples=<value optimized out>) at res_musiconhold.c:302 ASTERISK-6 0x000000000043de6e in ast_read_generator_actions (chan=0x97a7f0, f=0x8b9ca0) at channel.c:2448 ASTERISK-7 0x0000000000441fe8 in __ast_read (chan=0x97a7f0, dropaudio=0) at channel.c:2900 ASTERISK-8 0x00000000004446f0 in ast_generic_bridge () at channel.c:4482 ASTERISK-9 ast_channel_bridge (c0=0x97a7f0, c1=0x8be2a0, config=0x7f0482ae3dd0, fo=0x7f0482ae31b0, rc=0x7f0482ae31a8) at channel.c:4850 ASTERISK-10 0x0000000000466894 in ast_bridge_call (chan=0x97a7f0, peer=0x8be2a0, config=0x7f0482ae3dd0) at features.c:2278 ASTERISK-11 0x00007f04857065a4 in dial_exec_full (chan=0x97a7f0, data=<value optimized out>, peerflags=0x7f0482ae4860, continue_exec=0x0) at app_dial.c:1911 ASTERISK-12 0x00007f0485708986 in dial_exec (chan=0x1239, data=0x1726) at app_dial.c:1967 ASTERISK-13 0x000000000049255f in pbx_exec (c=0x97a7f0, app=0x7f04940ce7e0, data=0x7f0482ae6d60) at pbx.c:942 ASTERISK-14 0x0000000000496876 in pbx_extension_helper (c=0x97a7f0, con=<value optimized out>, context=0x97aa48 "DialLine", exten=0x97aa98 "792-0013d18009f0-5", priority=19, label=0x0, callerid=0x7f04740b2fc0 "20126438", action=E_SPAWN, found=0x7f0482ae8ecc, combined_find_spawn=1) at pbx.c:3111 ASTERISK-15 0x0000000000496d30 in ast_spawn_extension (c=0x1239, context=<value optimized out>, exten=<value optimized out>, priority=<value optimized out>, callerid=<value optimized out>, found=<value optimized out>, combined_find_spawn=1) at pbx.c:3614 ASTERISK-16 0x000000000049771f in __ast_pbx_run (c=0x97a7f0, args=0x0) at pbx.c:3701 ASTERISK-17 0x00000000004987db in pbx_thread (data=0x1239) at pbx.c:3974 ASTERISK-18 0x00000000004ce37e in dummy_start (data=<value optimized out>) at utils.c:861 ASTERISK-19 0x00007f049b9053da in start_thread (arg=<value optimized out>) at pthread_create.c:297 ASTERISK-20 0x00007f049c0082bd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112 ****** ADDITIONAL INFORMATION ****** It is not entirely clear what the call scenario is, but this is our best guess: Queue gets called with a number of Local/whatever agents. Asterisk tries to dial one of those agents while playing music on hold. When Asterisk died, the last line it attempted to execute was: exten => _X!,n,Dial(SIP/${EXTEN},,) where ${EXTEN} is a SIP peer. | ||
Comments: | By: Leif Madsen (lmadsen) 2009-05-26 09:32:09 Can you please provide a backtrace with DONT_OPTIMIZE enabled in menuselect, then reinstall Asterisk? The values are optimized out of the backtrace currently, which makes it mostly useless. Thanks! By: Benny Amorsen (amorsen) 2009-05-26 15:01:40 Sorry, it is unlikely that I can reproduce it. I will make a note if it happens again. By: Digium Subversion (svnbot) 2009-06-18 10:24:36 Repository: asterisk Revision: 201600 U branches/1.4/res/res_musiconhold.c ------------------------------------------------------------------------ r201600 | russell | 2009-06-18 10:24:31 -0500 (Thu, 18 Jun 2009) | 29 lines Fix memory corruption and leakage related reloads of non files mode MoH classes. For Music on Hold classes that are not files mode, meaning that we are executing an application that will feed us audio data, we use a thread to monitor the external application and read audio from it. This thread also makes use of the MoH class object. In the MoH class destructor, we used pthread_cancel() to ask the thread to exit. Unfortunately, the code did not wait to ensure that the thread actually went away. What needed to be done is a pthread_join() to ensure that the thread fully cleans up before we proceed. By adding this one line, we resolve two significant problems: 1) Since the thread was never joined, it never fully goes away. So, on every reload of non-files mode MoH, an unused thread was sticking around. 2) There was a race condition here where the application monitoring thread could still try to access the MoH class, even though the thread executing the MoH reload has already destroyed it. (issue ASTERISK-14129) Reported by: jvandal (issue ASTERISK-14141) Reported by: axisinternet (issue ASTERISK-14203) Reported by: amorsen (issue AST-208) ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=201600 By: Russell Bryant (russell) 2009-06-18 10:26:22 Please give that patch a try and let me know if it makes the crashes go away. By: Digium Subversion (svnbot) 2009-06-18 10:27:15 Repository: asterisk Revision: 201610 _U trunk/ U trunk/res/res_musiconhold.c ------------------------------------------------------------------------ r201610 | russell | 2009-06-18 10:27:10 -0500 (Thu, 18 Jun 2009) | 36 lines Merged revisions 201600 via svnmerge from https://origsvn.digium.com/svn/asterisk/branches/1.4 ........ r201600 | russell | 2009-06-18 10:24:31 -0500 (Thu, 18 Jun 2009) | 29 lines Fix memory corruption and leakage related reloads of non files mode MoH classes. For Music on Hold classes that are not files mode, meaning that we are executing an application that will feed us audio data, we use a thread to monitor the external application and read audio from it. This thread also makes use of the MoH class object. In the MoH class destructor, we used pthread_cancel() to ask the thread to exit. Unfortunately, the code did not wait to ensure that the thread actually went away. What needed to be done is a pthread_join() to ensure that the thread fully cleans up before we proceed. By adding this one line, we resolve two significant problems: 1) Since the thread was never joined, it never fully goes away. So, on every reload of non-files mode MoH, an unused thread was sticking around. 2) There was a race condition here where the application monitoring thread could still try to access the MoH class, even though the thread executing the MoH reload has already destroyed it. (issue ASTERISK-14129) Reported by: jvandal (issue ASTERISK-14141) Reported by: axisinternet (issue ASTERISK-14203) Reported by: amorsen (issue AST-208) ........ ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=201610 By: Digium Subversion (svnbot) 2009-06-18 10:32:43 Repository: asterisk Revision: 201612 _U branches/1.6.0/ U branches/1.6.0/res/res_musiconhold.c ------------------------------------------------------------------------ r201612 | russell | 2009-06-18 10:32:38 -0500 (Thu, 18 Jun 2009) | 43 lines Merged revisions 201610 via svnmerge from https://origsvn.digium.com/svn/asterisk/trunk ................ r201610 | russell | 2009-06-18 10:27:10 -0500 (Thu, 18 Jun 2009) | 36 lines Merged revisions 201600 via svnmerge from https://origsvn.digium.com/svn/asterisk/branches/1.4 ........ r201600 | russell | 2009-06-18 10:24:31 -0500 (Thu, 18 Jun 2009) | 29 lines Fix memory corruption and leakage related reloads of non files mode MoH classes. For Music on Hold classes that are not files mode, meaning that we are executing an application that will feed us audio data, we use a thread to monitor the external application and read audio from it. This thread also makes use of the MoH class object. In the MoH class destructor, we used pthread_cancel() to ask the thread to exit. Unfortunately, the code did not wait to ensure that the thread actually went away. What needed to be done is a pthread_join() to ensure that the thread fully cleans up before we proceed. By adding this one line, we resolve two significant problems: 1) Since the thread was never joined, it never fully goes away. So, on every reload of non-files mode MoH, an unused thread was sticking around. 2) There was a race condition here where the application monitoring thread could still try to access the MoH class, even though the thread executing the MoH reload has already destroyed it. (issue ASTERISK-14129) Reported by: jvandal (issue ASTERISK-14141) Reported by: axisinternet (issue ASTERISK-14203) Reported by: amorsen (issue AST-208) ........ ................ ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=201612 By: Digium Subversion (svnbot) 2009-06-18 10:36:16 Repository: asterisk Revision: 201613 _U branches/1.6.1/ U branches/1.6.1/res/res_musiconhold.c ------------------------------------------------------------------------ r201613 | russell | 2009-06-18 10:36:11 -0500 (Thu, 18 Jun 2009) | 43 lines Merged revisions 201610 via svnmerge from https://origsvn.digium.com/svn/asterisk/trunk ................ r201610 | russell | 2009-06-18 10:27:10 -0500 (Thu, 18 Jun 2009) | 36 lines Merged revisions 201600 via svnmerge from https://origsvn.digium.com/svn/asterisk/branches/1.4 ........ r201600 | russell | 2009-06-18 10:24:31 -0500 (Thu, 18 Jun 2009) | 29 lines Fix memory corruption and leakage related reloads of non files mode MoH classes. For Music on Hold classes that are not files mode, meaning that we are executing an application that will feed us audio data, we use a thread to monitor the external application and read audio from it. This thread also makes use of the MoH class object. In the MoH class destructor, we used pthread_cancel() to ask the thread to exit. Unfortunately, the code did not wait to ensure that the thread actually went away. What needed to be done is a pthread_join() to ensure that the thread fully cleans up before we proceed. By adding this one line, we resolve two significant problems: 1) Since the thread was never joined, it never fully goes away. So, on every reload of non-files mode MoH, an unused thread was sticking around. 2) There was a race condition here where the application monitoring thread could still try to access the MoH class, even though the thread executing the MoH reload has already destroyed it. (issue ASTERISK-14129) Reported by: jvandal (issue ASTERISK-14141) Reported by: axisinternet (issue ASTERISK-14203) Reported by: amorsen (issue AST-208) ........ ................ ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=201613 By: Digium Subversion (svnbot) 2009-06-18 10:40:22 Repository: asterisk Revision: 201614 _U branches/1.6.2/ U branches/1.6.2/res/res_musiconhold.c ------------------------------------------------------------------------ r201614 | russell | 2009-06-18 10:40:16 -0500 (Thu, 18 Jun 2009) | 43 lines Merged revisions 201610 via svnmerge from https://origsvn.digium.com/svn/asterisk/trunk ................ r201610 | russell | 2009-06-18 10:27:10 -0500 (Thu, 18 Jun 2009) | 36 lines Merged revisions 201600 via svnmerge from https://origsvn.digium.com/svn/asterisk/branches/1.4 ........ r201600 | russell | 2009-06-18 10:24:31 -0500 (Thu, 18 Jun 2009) | 29 lines Fix memory corruption and leakage related reloads of non files mode MoH classes. For Music on Hold classes that are not files mode, meaning that we are executing an application that will feed us audio data, we use a thread to monitor the external application and read audio from it. This thread also makes use of the MoH class object. In the MoH class destructor, we used pthread_cancel() to ask the thread to exit. Unfortunately, the code did not wait to ensure that the thread actually went away. What needed to be done is a pthread_join() to ensure that the thread fully cleans up before we proceed. By adding this one line, we resolve two significant problems: 1) Since the thread was never joined, it never fully goes away. So, on every reload of non-files mode MoH, an unused thread was sticking around. 2) There was a race condition here where the application monitoring thread could still try to access the MoH class, even though the thread executing the MoH reload has already destroyed it. (issue ASTERISK-14129) Reported by: jvandal (issue ASTERISK-14141) Reported by: axisinternet (issue ASTERISK-14203) Reported by: amorsen (issue AST-208) ........ ................ ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=201614 By: Benny Amorsen (amorsen) 2009-06-18 10:57:45 a) How do I get the patch? I can't find it attached to any of the bugs. b) Does the fact that files mode was in use for music on hold imply that the patch won't help? *CLI> moh show classes Class: default Mode: files Directory: /usr/share/asterisk/moh *CLI> moh show files Class: default File: /usr/share/asterisk/moh/fpm-sunshine File: /usr/share/asterisk/moh/fpm-calm-river File: /usr/share/asterisk/moh/fpm-world-mix By: Russell Bryant (russell) 2009-06-18 11:52:51 a) You'll have to pull it from svn. Either run the latest code: $ svn co http://svn.digium.com/svn/asterisk/branches/1.6.0 asterisk-1.6.0-svn or grab the patch: $ svn diff -c 201612 http://svn.digium.com/svn/asterisk/branches/1.6.0 > diff.txt b) Probably. :-( I could see MoH monitoring threads running in the debug output from the other 2 open bugs. On this one, I couldn't tell. By: Benny Amorsen (amorsen) 2009-06-19 02:46:45 It would be handy if Mantis would automatically put in "svn diff -c 201612 http://svn.digium.com/svn/asterisk/branches/1.6.0" instead of the rather useless links to the disabled ViewVC. Anyway, I still have the core dump and the packages, so if you want me to do more analysis on the core dump, just tell me what to do. I'm going to build new packages of 1.6.1.1 + the patch and put those in production. There hasn't been any related crashes of the unpatched servers since the original one though, so it will be hard to tell whether the patch helps. By: Russell Bryant (russell) 2009-06-19 08:30:46 If you still have the core dump around, I suppose the output of "(gdb) thread apply all bt" could be useful. I'd like to see what else was going on at the time of the crash in case I can find a hint in there. By: Benny Amorsen (amorsen) 2009-06-19 10:36:00 (gdb) thread apply all bt Thread 19 (process 4666): #0 pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:261 #1 0x000000000045ccd7 in ast_cond_wait () at /usr/src/debug/asterisk-1.6.0.9/include/asterisk/lock.h:802 #2 ast_event_dispatcher (unused=<value optimized out>) at event.c:762 #3 0x00000000004ce37e in dummy_start (data=<value optimized out>) at utils.c:861 #4 0x00007f049b9053da in start_thread (arg=<value optimized out>) at pthread_create.c:297 ASTERISK-1 0x00007f049c0082bd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112 Thread 18 (process 4667): #0 0x00007f049bffe886 in __poll (fds=0x7f049ca19f60, nfds=1, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:87 #1 0x0000000000428445 in listener (unused=<value optimized out>) at asterisk.c:1062 #2 0x00000000004ce37e in dummy_start (data=<value optimized out>) at utils.c:861 #3 0x00007f049b9053da in start_thread (arg=<value optimized out>) at pthread_create.c:297 #4 0x00007f049c0082bd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112 Current language: auto; currently asm Thread 17 (process 4668): #0 pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:261 #1 0x000000000047d8d9 in ast_cond_wait () at /usr/src/debug/asterisk-1.6.0.9/include/asterisk/lock.h:802 #2 logger_thread (data=<value optimized out>) at logger.c:888 #3 0x00000000004ce37e in dummy_start (data=<value optimized out>) at utils.c:861 #4 0x00007f049b9053da in start_thread (arg=<value optimized out>) at pthread_create.c:297 ASTERISK-1 0x00007f049c0082bd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112 Current language: auto; currently c Thread 16 (process 4670): #0 0x00007f049bffe886 in __poll (fds=0x7f049c9a1f80, nfds=1, timeout=5000) at ../sysdeps/unix/sysv/linux/poll.c:87 #1 0x00000000004cfcb5 in ast_wait_for_input (fd=<value optimized out>, ms=<value optimized out>) at utils.c:950 #2 0x00000000004c4eec in ast_tcptls_server_root (data=0x72f180) at tcptls.c:134 #3 0x00000000004ce37e in dummy_start (data=<value optimized out>) at utils.c:861 #4 0x00007f049b9053da in start_thread (arg=<value optimized out>) at pthread_create.c:297 ASTERISK-1 0x00007f049c0082bd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112 Current language: auto; currently asm Thread 15 (process 4671): #0 pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:217 #1 0x000000000043731d in ast_cond_timedwait () at /usr/src/debug/asterisk-1.6.0.9/include/asterisk/lock.h:807 #2 do_cdr (data=<value optimized out>) at cdr.c:1270 #3 0x00000000004ce37e in dummy_start (data=<value optimized out>) at utils.c:861 #4 0x00007f049b9053da in start_thread (arg=<value optimized out>) at pthread_create.c:297 ASTERISK-1 0x00007f049c0082bd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112 Current language: auto; currently c Thread 14 (process 4672): #0 pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:261 #1 0x0000000000453fff in ast_cond_wait () at /usr/src/debug/asterisk-1.6.0.9/include/asterisk/lock.h:802 #2 do_devstate_changes (data=<value optimized out>) at devicestate.c:509 #3 0x00000000004ce37e in dummy_start (data=<value optimized out>) at utils.c:861 #4 0x00007f049b9053da in start_thread (arg=<value optimized out>) at pthread_create.c:297 ASTERISK-1 0x00007f049c0082bd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112 Current language: auto; currently asm Thread 13 (process 4673): #0 pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:261 #1 0x000000000048cebf in ast_cond_wait () at /usr/src/debug/asterisk-1.6.0.9/include/asterisk/lock.h:802 #2 device_state_thread (data=<value optimized out>) at pbx.c:3344 #3 0x00000000004ce37e in dummy_start (data=<value optimized out>) at utils.c:861 #4 0x00007f049b9053da in start_thread (arg=<value optimized out>) at pthread_create.c:297 ASTERISK-1 0x00007f049c0082bd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112 Thread 12 (process 4674): #0 0x00007f049c000aa2 in select () from /lib64/libc.so.6 #1 0x0000000000464ad0 in ast_select () at /usr/src/debug/asterisk-1.6.0.9/include/asterisk/channel.h:1644 #2 do_parking_thread (ignore=<value optimized out>) at features.c:2856 #3 0x00000000004ce37e in dummy_start (data=<value optimized out>) at utils.c:861 #4 0x00007f049b9053da in start_thread (arg=<value optimized out>) at pthread_create.c:297 ASTERISK-1 0x00007f049c0082bd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112 Thread 11 (process 4675): #0 pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:261 #1 0x00007f048a6b34c2 in ast_cond_wait () at /usr/src/debug/asterisk-1.6.0.9/include/asterisk/lock.h:802 #2 device_state_thread (data=<value optimized out>) at app_queue.c:801 #3 0x00000000004ce37e in dummy_start (data=<value optimized out>) at utils.c:861 #4 0x00007f049b9053da in start_thread (arg=<value optimized out>) at pthread_create.c:297 ASTERISK-1 0x00007f049c0082bd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112 Current language: auto; currently c Thread 10 (process 4676): #0 0x00007f049bffe886 in __poll (fds=0x75bf00, nfds=1, timeout=199) at ../sysdeps/unix/sysv/linux/poll.c:87 #1 0x00000000004776f0 in ast_io_wait (ioc=0x75bed0, howlong=-516) at io.c:275 #2 0x00007f048a03eb30 in do_monitor (data=<value optimized out>) at chan_sip.c:19446 #3 0x00000000004ce37e in dummy_start (data=<value optimized out>) at utils.c:861 #4 0x00007f049b9053da in start_thread (arg=<value optimized out>) at pthread_create.c:297 ASTERISK-1 0x00007f049c0082bd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112 Current language: auto; currently asm Thread 9 (process 4677): #0 0x00007f049bfc9f81 in nanosleep () from /lib64/libc.so.6 #1 0x00007f0487d7e5cc in scan_thread (unused=<value optimized out>) at pbx_spool.c:453 #2 0x00000000004ce37e in dummy_start (data=<value optimized out>) at utils.c:861 #3 0x00007f049b9053da in start_thread (arg=<value optimized out>) at pthread_create.c:297 #4 0x00007f049c0082bd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112 Current language: auto; currently c Thread 8 (process 4678): #0 0x00007f049c000aa2 in select () from /lib64/libc.so.6 #1 0x00007f04832bb0c5 in ast_select () at /usr/src/debug/asterisk-1.6.0.9/include/asterisk/channel.h:1644 #2 do_monitor (data=<value optimized out>) at chan_phone.c:1076 #3 0x00000000004ce37e in dummy_start (data=<value optimized out>) at utils.c:861 #4 0x00007f049b9053da in start_thread (arg=<value optimized out>) at pthread_create.c:297 ASTERISK-1 0x00007f049c0082bd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112 Thread 7 (process 4712): #0 pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:261 #1 0x0000000000432704 in ast_cond_wait () at /usr/src/debug/asterisk-1.6.0.9/include/asterisk/lock.h:802 #2 autoservice_run (ign=<value optimized out>) at autoservice.c:91 #3 0x00000000004ce37e in dummy_start (data=<value optimized out>) at utils.c:861 #4 0x00007f049b9053da in start_thread (arg=<value optimized out>) at pthread_create.c:297 ASTERISK-1 0x00007f049c0082bd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112 Thread 6 (process 5369): #0 0x00007f049bffe886 in __poll (fds=0x7f0482b60db0, nfds=2, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:87 #1 0x0000000000429a4b in netconsole (vconsole=0x74bc40) at asterisk.c:1015 #2 0x00000000004ce37e in dummy_start (data=<value optimized out>) at utils.c:861 #3 0x00007f049b9053da in start_thread (arg=<value optimized out>) at pthread_create.c:297 #4 0x00007f049c0082bd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112 Current language: auto; currently asm Thread 5 (process 5924): #0 0x00007f049bffe886 in __poll (fds=0x7f0482b957b0, nfds=4, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:87 #1 0x00000000004430a6 in ast_waitfor_nandfds (c=0x7f0482b959f0, n=2, fds=0x0, nfds=0, exception=0x0, outfd=0x0, ms=0x7f0482b95a7c) at channel.c:2019 #2 0x0000000000443ea7 in ast_waitfor_n (c=0x7f0482b957b0, n=4, ms=<value optimized out>) at channel.c:2281 #3 0x00000000004446d8 in ast_generic_bridge () at channel.c:4467 #4 ast_channel_bridge (c0=0x8e3fa0, c1=0x890be0, config=0x7f0482b96800, fo=0x7f0482b95c00, rc=0x7f0482b95bf8) at channel.c:4850 ASTERISK-1 0x0000000000466894 in ast_bridge_call (chan=0x8e3fa0, peer=0x890be0, config=0x7f0482b96800) at features.c:2278 ASTERISK-2 0x00007f048a6b8166 in try_calling (qe=0x7f0482b98670, options=<value optimized out>, announceoverride=<value optimized out>, url=0x7f0482b985b9 "", tries=<value optimized out>, noption=<value optimized out>, agi=0x0, macro=0x0, gosub=0x0, ringing=1) at app_queue.c:3907 ASTERISK-3 0x00007f048a6bca5c in queue_exec (chan=0x8e3fa0, data=<value optimized out>) at app_queue.c:4827 ASTERISK-4 0x000000000049255f in pbx_exec (c=0x8e3fa0, app=0x759cd0, data=0x7f0482b9ad60) at pbx.c:942 ASTERISK-5 0x0000000000496876 in pbx_extension_helper (c=0x8e3fa0, con=<value optimized out>, context=0x8e41f8 "HassogbergIntern", exten=0x8e4248 "s", priority=2, label=0x0, callerid=0x97dd80 "+4520126438", action=E_SPAWN, found=0x7f0482b9cecc, combined_find_spawn=1) at pbx.c:3111 ASTERISK-6 0x0000000000496d30 in ast_spawn_extension (c=0x7f0482b957b0, context=<value optimized out>, exten=<value optimized out>, priority=<value optimized out>, callerid=<value optimized out>, found=<value optimized out>, combined_find_spawn=1) at pbx.c:3614 ASTERISK-7 0x000000000049771f in __ast_pbx_run (c=0x8e3fa0, args=0x0) at pbx.c:3701 ASTERISK-8 0x00000000004987db in pbx_thread (data=0x7f0482b957b0) at pbx.c:3974 ASTERISK-9 0x00000000004ce37e in dummy_start (data=<value optimized out>) at utils.c:861 ASTERISK-10 0x00007f049b9053da in start_thread (arg=<value optimized out>) at pthread_create.c:297 ASTERISK-11 0x00007f049c0082bd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112 Current language: auto; currently c Thread 4 (process 4665): #0 0x00007f049bffe886 in __poll (fds=0x7fffa4a640c0, nfds=1, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:87 #1 0x0000000000429c27 in monitor_sig_flags (unused=<value optimized out>) at asterisk.c:2846 #2 0x000000000042e45f in main (argc=<value optimized out>, argv=0x1) at asterisk.c:3515 Thread 3 (process 5928): #0 __lll_lock_wait_private () at ../nptl/sysdeps/unix/sysv/linux/x86_64/lowlevellock.S:91 #1 0x00007f049bfa0235 in _L_lock_4781 () from /lib64/libc.so.6 #2 0x00007f049bf9c47b in __libc_free (mem=0x7f049c28fa00) at malloc.c:3623 #3 0x0000000000444623 in ast_generic_bridge () at channel.c:4550 #4 ast_channel_bridge (c0=0x8ec1e0, c1=0x982bf0, config=0x7f0482d77dd0, fo=0x7f0482d771b0, rc=0x7f0482d771a8) at channel.c:4850 ASTERISK-1 0x0000000000466894 in ast_bridge_call (chan=0x8ec1e0, peer=0x982bf0, config=0x7f0482d77dd0) at features.c:2278 ASTERISK-2 0x00007f04857065a4 in dial_exec_full (chan=0x8ec1e0, data=<value optimized out>, peerflags=0x7f0482d78860, continue_exec=0x0) at app_dial.c:1911 ASTERISK-3 0x00007f0485708986 in dial_exec (chan=0x7f049c28fa00, data=0x80) at app_dial.c:1967 ASTERISK-4 0x000000000049255f in pbx_exec (c=0x8ec1e0, app=0x7f04940ce7e0, data=0x7f0482d7ad60) at pbx.c:942 ASTERISK-5 0x0000000000496876 in pbx_extension_helper (c=0x8ec1e0, con=<value optimized out>, context=0x8ec438 "HassogbergDirect", exten=0x8ec488 "s", priority=4, label=0x0, callerid=0x80e060 "792", action=E_SPAWN, found=0x7f0482d7cecc, combined_find_spawn=1) at pbx.c:3111 ASTERISK-6 0x0000000000496d30 in ast_spawn_extension (c=0x7f049c28fa00, context=<value optimized out>, exten=<value optimized out>, priority=<value optimized out>, callerid=<value optimized out>, found=<value optimized out>, combined_find_spawn=1) at pbx.c:3614 ASTERISK-7 0x000000000049771f in __ast_pbx_run (c=0x8ec1e0, args=0x0) at pbx.c:3701 ASTERISK-8 0x00000000004987db in pbx_thread (data=0x7f049c28fa00) at pbx.c:3974 ASTERISK-9 0x00000000004ce37e in dummy_start (data=<value optimized out>) at utils.c:861 ASTERISK-10 0x00007f049b9053da in start_thread (arg=<value optimized out>) at pthread_create.c:297 ASTERISK-11 0x00007f049c0082bd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112 Thread 2 (process 5931): #0 __lll_lock_wait_private () at ../nptl/sysdeps/unix/sysv/linux/x86_64/lowlevellock.S:91 #1 0x00007f049bfa0235 in _L_lock_4781 () from /lib64/libc.so.6 #2 0x00007f049bf9c47b in __libc_free (mem=0x7f049c28fa00) at malloc.c:3623 #3 0x0000000000444623 in ast_generic_bridge () at channel.c:4550 #4 ast_channel_bridge (c0=0x7f04740bd680, c1=0x7f047c024560, config=0x7f0482b1fdd0, fo=0x7f0482b1f1b0, rc=0x7f0482b1f1a8) at channel.c:4850 ASTERISK-1 0x0000000000466894 in ast_bridge_call (chan=0x7f04740bd680, peer=0x7f047c024560, config=0x7f0482b1fdd0) at features.c:2278 ASTERISK-2 0x00007f04857065a4 in dial_exec_full (chan=0x7f04740bd680, data=<value optimized out>, peerflags=0x7f0482b20860, continue_exec=0x0) at app_dial.c:1911 ASTERISK-3 0x00007f0485708986 in dial_exec (chan=0x7f049c28fa00, data=0x80) at app_dial.c:1967 ASTERISK-4 0x000000000049255f in pbx_exec (c=0x7f04740bd680, app=0x7f04940ce7e0, data=0x7f0482b22d60) at pbx.c:942 ASTERISK-5 0x0000000000496876 in pbx_extension_helper (c=0x7f04740bd680, con=<value optimized out>, context=0x7f04740bd8d8 "DialLine", exten=0x7f04740bd928 "815-001d7ed025f4-1", priority=19, label=0x0, callerid=0x7f047403f670 "792", action=E_SPAWN, found=0x7f0482b24ecc, combined_find_spawn=1) at pbx.c:3111 ASTERISK-6 0x0000000000496d30 in ast_spawn_extension (c=0x7f049c28fa00, context=<value optimized out>, exten=<value optimized out>, priority=<value optimized out>, callerid=<value optimized out>, found=<value optimized out>, combined_find_spawn=1) at pbx.c:3614 ASTERISK-7 0x000000000049771f in __ast_pbx_run (c=0x7f04740bd680, args=0x0) at pbx.c:3701 ASTERISK-8 0x00000000004987db in pbx_thread (data=0x7f049c28fa00) at pbx.c:3974 ASTERISK-9 0x00000000004ce37e in dummy_start (data=<value optimized out>) at utils.c:861 ASTERISK-10 0x00007f049b9053da in start_thread (arg=<value optimized out>) at pthread_create.c:297 ASTERISK-11 0x00007f049c0082bd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112 Current language: auto; currently asm Thread 1 (process 5926): #0 0x00007f049bf54f05 in raise (sig=<value optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64 #1 0x00007f049bf56a73 in abort () at abort.c:88 #2 0x00007f049bf94438 in __libc_message (do_abort=2, fmt=0x7f049c05e428 "*** glibc detected *** %s: %s: 0x%s ***\n") at ../sysdeps/unix/sysv/linux/libc_fatal.c:170 #3 0x00007f049bf99ec8 in malloc_printerr (action=2, str=0x7f049c05e530 "double free or corruption (!prev)", ptr=<value optimized out>) at malloc.c:5994 #4 0x00007f049bf9c486 in __libc_free (mem=0x7f049c054880) at malloc.c:3625 ASTERISK-1 0x00007f049bf89f21 in _IO_new_fclose (fp=0x8dce60) at iofclose.c:88 ASTERISK-2 0x000000000046aa9d in filestream_destructor (arg=0x8c6d18) at file.c:321 ASTERISK-3 0x000000000042f9aa in ao2_ref (user_data=0x8c6d18, delta=5926) at astobj2.c:227 ASTERISK-4 0x0000000000470e05 in ast_frame_free (fr=0x1239, cache=1) at frame.c:349 ASTERISK-5 0x00007f0498a458ab in moh_files_generator (chan=0x97a7f0, data=<value optimized out>, len=<value optimized out>, samples=<value optimized out>) at res_musiconhold.c:302 ASTERISK-6 0x000000000043de6e in ast_read_generator_actions (chan=0x97a7f0, f=0x8b9ca0) at channel.c:2448 ASTERISK-7 0x0000000000441fe8 in __ast_read (chan=0x97a7f0, dropaudio=0) at channel.c:2900 ASTERISK-8 0x00000000004446f0 in ast_generic_bridge () at channel.c:4482 ASTERISK-9 ast_channel_bridge (c0=0x97a7f0, c1=0x8be2a0, config=0x7f0482ae3dd0, fo=0x7f0482ae31b0, rc=0x7f0482ae31a8) at channel.c:4850 ASTERISK-10 0x0000000000466894 in ast_bridge_call (chan=0x97a7f0, peer=0x8be2a0, config=0x7f0482ae3dd0) at features.c:2278 ASTERISK-11 0x00007f04857065a4 in dial_exec_full (chan=0x97a7f0, data=<value optimized out>, peerflags=0x7f0482ae4860, continue_exec=0x0) at app_dial.c:1911 ASTERISK-12 0x00007f0485708986 in dial_exec (chan=0x1239, data=0x1726) at app_dial.c:1967 ASTERISK-13 0x000000000049255f in pbx_exec (c=0x97a7f0, app=0x7f04940ce7e0, data=0x7f0482ae6d60) at pbx.c:942 ASTERISK-14 0x0000000000496876 in pbx_extension_helper (c=0x97a7f0, con=<value optimized out>, context=0x97aa48 "DialLine", exten=0x97aa98 "792-0013d18009f0-5", priority=19, label=0x0, callerid=0x7f04740b2fc0 "20126438", action=E_SPAWN, found=0x7f0482ae8ecc, combined_find_spawn=1) at pbx.c:3111 ASTERISK-15 0x0000000000496d30 in ast_spawn_extension (c=0x1239, context=<value optimized out>, exten=<value optimized out>, priority=<value optimized out>, callerid=<value optimized out>, found=<value optimized out>, combined_find_spawn=1) at pbx.c:3614 ASTERISK-16 0x000000000049771f in __ast_pbx_run (c=0x97a7f0, args=0x0) at pbx.c:3701 ASTERISK-17 0x00000000004987db in pbx_thread (data=0x1239) at pbx.c:3974 ASTERISK-18 0x00000000004ce37e in dummy_start (data=<value optimized out>) at utils.c:861 ASTERISK-19 0x00007f049b9053da in start_thread (arg=<value optimized out>) at pthread_create.c:297 ASTERISK-20 0x00007f049c0082bd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112 Current language: auto; currently c By: David Brillert (aragon) 2009-07-21 12:48:54 Testing SVN revision 206273 and the moh files based segfaults are gone. Can anyone else test 206273 SVN and confirm? By: Raimund Sacherer (hatrix) 2009-08-10 16:22:40 Is bug ASTERISK-1549689 related? I have a backtrace similar, but we do not use "non files mode" all our moh is file based (wav files). best By: Raimund Sacherer (hatrix) 2009-08-11 01:36:16 Aragon, can you eventually help me (hope your holiday is over :-). I am setting up a testszenario and have scripts to logon/off agents in queues and make calls, but I can not really reproduce this bug in our lab, can you tell me how you manage to reproduce it, or, if possible, provide me with some hints or scripts on how to make a better test-bed? thanks, By: Benny Amorsen (amorsen) 2009-08-20 10:12:22 It happened again in 1.6.0.13 (gdb) thread apply all bt Thread 18 (Thread 27251): #0 pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:261 #1 0x000000000045c91f in ast_cond_wait (t=<value optimized out>, cond=<value optimized out>) at /usr/src/debug/asterisk-1.6.0.13/include/asterisk/lock.h:802 #2 ast_event_dispatcher (t=<value optimized out>, cond=<value optimized out>) at event.c:762 #3 0x00000000004ccfe8 in dummy_start (data=<value optimized out>) at utils.c:861 #4 0x00007fabb70cc86a in start_thread (arg=<value optimized out>) at pthread_create.c:297 ASTERISK-1 0x00007fabb77c839d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112 ASTERISK-2 0x0000000000000000 in ?? () Thread 17 (Thread 27252): #0 0x00007fabb77bf0b3 in *__GI___poll (fds=<value optimized out>, nfds=<value optimized out>, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:87 #1 0x00000000004280ab in listener (unused=<value optimized out>) at asterisk.c:1062 #2 0x00000000004ccfe8 in dummy_start (data=<value optimized out>) at utils.c:861 #3 0x00007fabb70cc86a in start_thread (arg=<value optimized out>) at pthread_create.c:297 #4 0x00007fabb77c839d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112 ASTERISK-1 0x0000000000000000 in ?? () Thread 16 (Thread 27253): #0 pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:261 #1 0x000000000047caa9 in ast_cond_wait (t=<value optimized out>, cond=<value optimized out>) at /usr/src/debug/asterisk-1.6.0.13/include/asterisk/lock.h:802 #2 logger_thread (t=<value optimized out>, cond=<value optimized out>) at logger.c:888 #3 0x00000000004ccfe8 in dummy_start (data=<value optimized out>) at utils.c:861 #4 0x00007fabb70cc86a in start_thread (arg=<value optimized out>) at pthread_create.c:297 ASTERISK-1 0x00007fabb77c839d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112 ASTERISK-2 0x0000000000000000 in ?? () Thread 15 (Thread 27255): #0 0x00007fabb77bf0b3 in *__GI___poll (fds=<value optimized out>, nfds=<value optimized out>, timeout=5000) at ../sysdeps/unix/sysv/linux/poll.c:87 #1 0x00000000004ce887 in ast_wait_for_input (fd=-516, ms=5000) at utils.c:950 #2 0x00000000004c3d1c in ast_tcptls_server_root (data=0x72e180) at tcptls.c:134 #3 0x00000000004ccfe8 in dummy_start (data=<value optimized out>) at utils.c:861 #4 0x00007fabb70cc86a in start_thread (arg=<value optimized out>) at pthread_create.c:297 ASTERISK-1 0x00007fabb77c839d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112 ASTERISK-2 0x0000000000000000 in ?? () Thread 14 (Thread 27256): #0 pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:220 #1 0x000000000043963f in ast_cond_timedwait (abstime=<value optimized out>, t=<value optimized out>, cond=<value optimized out>) at /usr/src/debug/asterisk-1.6.0.13/include/asterisk/lock.h:807 #2 do_cdr (abstime=<value optimized out>, t=<value optimized out>, cond=<value optimized out>) at cdr.c:1270 #3 0x00000000004ccfe8 in dummy_start (data=<value optimized out>) at utils.c:861 #4 0x00007fabb70cc86a in start_thread (arg=<value optimized out>) at pthread_create.c:297 ASTERISK-1 0x00007fabb77c839d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112 ASTERISK-2 0x0000000000000000 in ?? () ---Type <return> to continue, or q <return> to quit--- Thread 13 (Thread 27257): #0 pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:261 #1 0x0000000000453347 in ast_cond_wait (t=<value optimized out>, cond=<value optimized out>) at /usr/src/debug/asterisk-1.6.0.13/include/asterisk/lock.h:802 #2 do_devstate_changes (t=<value optimized out>, cond=<value optimized out>) at devicestate.c:509 #3 0x00000000004ccfe8 in dummy_start (data=<value optimized out>) at utils.c:861 #4 0x00007fabb70cc86a in start_thread (arg=<value optimized out>) at pthread_create.c:297 ASTERISK-1 0x00007fabb77c839d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112 ASTERISK-2 0x0000000000000000 in ?? () Thread 12 (Thread 27258): #0 pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:261 #1 0x000000000048db87 in ast_cond_wait (t=<value optimized out>, cond=<value optimized out>) at /usr/src/debug/asterisk-1.6.0.13/include/asterisk/lock.h:802 #2 device_state_thread (t=<value optimized out>, cond=<value optimized out>) at pbx.c:3344 #3 0x00000000004ccfe8 in dummy_start (data=<value optimized out>) at utils.c:861 #4 0x00007fabb70cc86a in start_thread (arg=<value optimized out>) at pthread_create.c:297 ASTERISK-1 0x00007fabb77c839d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112 ASTERISK-2 0x0000000000000000 in ?? () Thread 11 (Thread 27259): #0 0x00007fabb77c10e2 in select () from /lib64/libc.so.6 #1 0x00000000004620fb in ast_select (tvp=<value optimized out>, efds=<value optimized out>, wfds=<value optimized out>, rfds=<value optimized out>, nfds=<value optimized out>) at /usr/src/debug/asterisk-1.6.0.13/include/asterisk/channel.h:1644 #2 do_parking_thread (tvp=<value optimized out>, efds=<value optimized out>, wfds=<value optimized out>, rfds=<value optimized out>, nfds=<value optimized out>) at features.c:2856 #3 0x00000000004ccfe8 in dummy_start (data=<value optimized out>) at utils.c:861 #4 0x00007fabb70cc86a in start_thread (arg=<value optimized out>) at pthread_create.c:297 ASTERISK-1 0x00007fabb77c839d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112 ASTERISK-2 0x0000000000000000 in ?? () Thread 10 (Thread 27260): #0 pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:261 #1 0x00007fab89926a24 in ast_cond_wait (t=<value optimized out>, cond=<value optimized out>) at /usr/src/debug/asterisk-1.6.0.13/include/asterisk/lock.h:802 #2 device_state_thread (t=<value optimized out>, cond=<value optimized out>) at app_queue.c:801 #3 0x00000000004ccfe8 in dummy_start (data=<value optimized out>) at utils.c:861 #4 0x00007fabb70cc86a in start_thread (arg=<value optimized out>) at pthread_create.c:297 ASTERISK-1 0x00007fabb77c839d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112 ASTERISK-2 0x0000000000000000 in ?? () Thread 9 (Thread 27261): #0 0x00007fabb77bf0b3 in *__GI___poll (fds=<value optimized out>, nfds=<value optimized out>, timeout=199) at ../sysdeps/unix/sysv/linux/poll.c:87 #1 0x000000000047699e in ast_io_wait (ioc=0x7af020, howlong=199) at io.c:275 #2 0x00007fab892da834 in do_monitor (data=<value optimized out>) at chan_sip.c:19446 #3 0x00000000004ccfe8 in dummy_start (data=<value optimized out>) at utils.c:861 #4 0x00007fabb70cc86a in start_thread (arg=<value optimized out>) at pthread_create.c:297 ASTERISK-1 0x00007fabb77c839d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112 ASTERISK-2 0x0000000000000000 in ?? () ---Type <return> to continue, or q <return> to quit--- Thread 8 (Thread 27262): #0 0x00007fabb778dfa1 in nanosleep () from /lib64/libc.so.6 #1 0x00007fab82fe35bc in scan_thread (unused=<value optimized out>) at pbx_spool.c:453 #2 0x00000000004ccfe8 in dummy_start (data=<value optimized out>) at utils.c:861 #3 0x00007fabb70cc86a in start_thread (arg=<value optimized out>) at pthread_create.c:297 #4 0x00007fabb77c839d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112 ASTERISK-1 0x0000000000000000 in ?? () Thread 7 (Thread 27263): #0 0x00007fabb77c10e2 in select () from /lib64/libc.so.6 #1 0x00007fab763cbef3 in ast_select (tvp=<value optimized out>, efds=<value optimized out>, wfds=<value optimized out>, rfds=<value optimized out>, nfds=<value optimized out>) at /usr/src/debug/asterisk-1.6.0.13/include/asterisk/channel.h:1644 #2 do_monitor (tvp=<value optimized out>, efds=<value optimized out>, wfds=<value optimized out>, rfds=<value optimized out>, nfds=<value optimized out>) at chan_phone.c:1076 #3 0x00000000004ccfe8 in dummy_start (data=<value optimized out>) at utils.c:861 #4 0x00007fabb70cc86a in start_thread (arg=<value optimized out>) at pthread_create.c:297 ASTERISK-1 0x00007fabb77c839d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112 ASTERISK-2 0x0000000000000000 in ?? () Thread 6 (Thread 28115): #0 0x00007fabb77bf0b3 in *__GI___poll (fds=<value optimized out>, nfds=<value optimized out>, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:87 #1 0x0000000000441190 in ast_waitfor_nandfds (c=<value optimized out>, n=<value optimized out>, fds=<value optimized out>, nfds=<value optimized out>, exception=0x0, outfd=<value optimized out>, ms=0x7fab75fb3abc) at channel.c:2019 #2 0x0000000000441567 in ast_waitfor_n (c=0x7fab75fb3800, n=4, ms=<value optimized out>) at channel.c:2281 #3 0x000000000044546c in ast_generic_bridge (bridge_end=<value optimized out>, rc=<value optimized out>, fo=<value optimized out>, config=<value optimized out>, c1=<value optimized out>, c0=<value optimized out>) at channel.c:4467 #4 ast_channel_bridge (bridge_end=<value optimized out>, rc=<value optimized out>, fo=<value optimized out>, config=<value optimized out>, c1=<value optimized out>, c0=<value optimized out>) at channel.c:4850 ASTERISK-1 0x0000000000465d30 in ast_bridge_call (chan=0x7fab7c007350, peer=<value optimized out>, config=0x7fab75fb47e0) at features.c:2278 ASTERISK-2 0x00007fab8992ec21 in try_calling (qe=0x7fab75fb6660, options=<value optimized out>, announceoverride=<value optimized out>, url=<value optimized out>, tries=<value optimized out>, noption=<value optimized out>, agi=0x0, macro=0x0, gosub=0x0, ringing=1) at app_queue.c:3907 ASTERISK-3 0x00007fab89932a3b in queue_exec (chan=0x7fab7c007350, data=<value optimized out>) at app_queue.c:4827 ASTERISK-4 0x000000000048be10 in pbx_exec (c=0x7fab7c007350, app=0x7af2a0, data=0x7fab75fb8d50) at pbx.c:942 ASTERISK-5 0x0000000000491eac in pbx_extension_helper (c=0x7fab7c007350, con=<value optimized out>, context=0x7fab7c0075a8 "HassogbergIntern", exten=0x7fab7c0075f8 "s", priority=<value optimized out>, label=<value optimized out>, callerid=0x7fab7c008190 "+4532642929", action=E_SPAWN, found=0x7fab75fbaecc, combined_find_spawn=1) at pbx.c:3111 ASTERISK-6 0x0000000000492370 in ast_spawn_extension (c=0x7fab75fb3800, context=<value optimized out>, exten=<value optimized out>, priority=<value optimized out>, callerid=<value optimized out>, found=<value optimized out>, combined_find_spawn=1) at pbx.c:3614 ASTERISK-7 0x00000000004964ef in __ast_pbx_run (c=0x7fab7c007350, args=<value optimized out>) at pbx.c:3701 ASTERISK-8 0x000000000049754b in pbx_thread (data=0x7fab75fb3800) at pbx.c:3974 ASTERISK-9 0x00000000004ccfe8 in dummy_start (data=<value optimized out>) at utils.c:861 ASTERISK-10 0x00007fabb70cc86a in start_thread (arg=<value optimized out>) at pthread_create.c:297 ASTERISK-11 0x00007fabb77c839d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112 ASTERISK-12 0x0000000000000000 in ?? () Thread 5 (Thread 28117): #0 0x00007fabb63b2957 in _Unwind_IteratePhdrCallback (info=<value optimized out>, size=<value optimized out>, ptr=<value optimized out>) at ../../../gcc/unwind-dw2-fde-glibc.c:346 #1 0x00007fabb7804d0e in *__GI___dl_iterate_phdr (callback=0x7fabb63b2470 <_Unwind_IteratePhdrCallback>, data=0x7fab800d2fc0) at dl-iteratephdr.c:76 ---Type <return> to continue, or q <return> to quit--- #2 0x00007fabb63b4a99 in _Unwind_Find_FDE (pc=0x7fabb77ddd5d, bases=0x7fab800d32a8) at ../../../gcc/unwind-dw2-fde-glibc.c:417 #3 0x00007fabb63af7d3 in uw_frame_state_for (context=0x7fab800d3200, fs=<value optimized out>) at ../../../gcc/unwind-dw2.c:1128 #4 0x00007fabb63b02eb in _Unwind_Backtrace (trace=0x7fabb77ddc40 <backtrace_helper>, trace_argument=0x7fab800d3340) from /lib64/libgcc_s.so.1 ASTERISK-1 0x00007fabb77ddd5e in *__GI___backtrace (array=<value optimized out>, size=64) at ../sysdeps/ia64/backtrace.c:85 ASTERISK-2 0x00007fabb775a071 in __libc_message (do_abort=2, fmt=0x7fabb781fe70 "*** glibc detected *** %s: %s: 0x%s ***\n") at ../sysdeps/unix/sysv/linux/libc_fatal.c:150 ASTERISK-3 0x00007fabb775fa96 in malloc_printerr (action=3, str=0x7fabb7820018 "double free or corruption (out)", ptr=<value optimized out>) at malloc.c:6217 ASTERISK-4 0x00007fabb77500dd in _IO_new_fclose (fp=0x7fab6c00d7c0) at iofclose.c:88 ASTERISK-5 0x0000000000469afb in filestream_destructor (arg=0x7fab6c00da48) at file.c:321 ASTERISK-6 0x000000000042f904 in ao2_ref (user_data=0x7fab6c00da48, delta=3169) at astobj2.c:227 ASTERISK-7 0x000000000046f385 in ast_frame_free (fr=0x7fabb77ddd5d, cache=1) at frame.c:349 ASTERISK-8 0x00007fab97dfc778 in moh_files_generator (chan=0x7fab4c00a060, data=<value optimized out>, len=<value optimized out>, samples=<value optimized out>) at res_musiconhold.c:302 ASTERISK-9 0x000000000043f46c in ast_read_generator_actions (chan=0x7fab4c00a060, f=0x7fab6c00dcd0) at channel.c:2448 ASTERISK-10 0x00000000004420f4 in __ast_read (chan=0x7fab4c00a060, dropaudio=0) at channel.c:2900 ASTERISK-11 0x0000000000445484 in ast_generic_bridge (bridge_end=<value optimized out>, rc=<value optimized out>, fo=<value optimized out>, config=<value optimized out>, c1=<value optimized out>, c0=<value optimized out>) at channel.c:4482 ASTERISK-12 ast_channel_bridge (bridge_end=<value optimized out>, rc=<value optimized out>, fo=<value optimized out>, config=<value optimized out>, c1=<value optimized out>, c0=<value optimized out>) at channel.c:4850 ASTERISK-13 0x0000000000465d30 in ast_bridge_call (chan=0x7fab4c00a060, peer=<value optimized out>, config=0x7fab800d4dc0) at features.c:2278 ASTERISK-14 0x00007fab809a7357 in dial_exec_full (chan=0x7fab4c00a060, data=<value optimized out>, peerflags=<value optimized out>, continue_exec=<value optimized out>) at app_dial.c:1911 ASTERISK-15 0x00007fab809a9636 in dial_exec (chan=0x7fabb77ddd5d, data=0xc61) at app_dial.c:1967 ASTERISK-16 0x000000000048be10 in pbx_exec (c=0x7fab4c00a060, app=0x7fc240, data=0x7fab800d7d50) at pbx.c:942 ASTERISK-17 0x0000000000491eac in pbx_extension_helper (c=0x7fab4c00a060, con=<value optimized out>, context=0x7fab4c00a2b8 "DialLine", exten=0x7fab4c00a308 "792-0013d18009f0-5", priority=<value optimized out>, label=<value optimized out>, callerid=0x7fab6c002840 "32642929", action=E_SPAWN, found=0x7fab800d9ecc, combined_find_spawn=1) at pbx.c:3111 ASTERISK-18 0x0000000000492370 in ast_spawn_extension (c=0x7fabb77ddd5d, context=<value optimized out>, exten=<value optimized out>, priority=<value optimized out>, callerid=<value optimized out>, found=<value optimized out>, combined_find_spawn=1) at pbx.c:3614 ASTERISK-19 0x00000000004964ef in __ast_pbx_run (c=0x7fab4c00a060, args=<value optimized out>) at pbx.c:3701 ASTERISK-20 0x000000000049754b in pbx_thread (data=0x7fabb77ddd5d) at pbx.c:3974 ASTERISK-21 0x00000000004ccfe8 in dummy_start (data=<value optimized out>) at utils.c:861 ASTERISK-22 0x00007fabb70cc86a in start_thread (arg=<value optimized out>) at pthread_create.c:297 ASTERISK-23 0x00007fabb77c839d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112 ASTERISK-24 0x0000000000000000 in ?? () Thread 4 (Thread 28150): #0 pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:261 #1 0x0000000000432231 in ast_cond_wait (t=<value optimized out>, cond=<value optimized out>) at /usr/src/debug/asterisk-1.6.0.13/include/asterisk/lock.h:802 #2 autoservice_run (t=<value optimized out>, cond=<value optimized out>) at autoservice.c:91 #3 0x00000000004ccfe8 in dummy_start (data=<value optimized out>) at utils.c:861 #4 0x00007fabb70cc86a in start_thread (arg=<value optimized out>) at pthread_create.c:297 ASTERISK-1 0x00007fabb77c839d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112 ASTERISK-2 0x0000000000000000 in ?? () Thread 3 (Thread 27250): #0 0x00007fabb77bf0b3 in *__GI___poll (fds=<value optimized out>, nfds=<value optimized out>, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:87 #1 0x000000000042b010 in monitor_sig_flags (unused=<value optimized out>) at asterisk.c:2846 #2 0x000000000042cfa0 in main (argc=<value optimized out>, argv=<value optimized out>) at asterisk.c:3515 ---Type <return> to continue, or q <return> to quit--- Thread 2 (Thread 28156): #0 0x00007fabb77bf0b3 in *__GI___poll (fds=<value optimized out>, nfds=<value optimized out>, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:87 #1 0x0000000000441190 in ast_waitfor_nandfds (c=<value optimized out>, n=<value optimized out>, fds=<value optimized out>, nfds=<value optimized out>, exception=0x0, outfd=<value optimized out>, ms=0x7fab801880ac) at channel.c:2019 #2 0x0000000000441567 in ast_waitfor_n (c=0x7fab80187df0, n=4, ms=<value optimized out>) at channel.c:2281 #3 0x000000000044546c in ast_generic_bridge (bridge_end=<value optimized out>, rc=<value optimized out>, fo=<value optimized out>, config=<value optimized out>, c1=<value optimized out>, c0=<value optimized out>) at channel.c:4467 #4 ast_channel_bridge (bridge_end=<value optimized out>, rc=<value optimized out>, fo=<value optimized out>, config=<value optimized out>, c1=<value optimized out>, c0=<value optimized out>) at channel.c:4850 ASTERISK-1 0x0000000000465d30 in ast_bridge_call (chan=0x7fab640075c0, peer=<value optimized out>, config=0x7fab80188dc0) at features.c:2278 ASTERISK-2 0x00007fab809a7357 in dial_exec_full (chan=0x7fab640075c0, data=<value optimized out>, peerflags=<value optimized out>, continue_exec=<value optimized out>) at app_dial.c:1911 ASTERISK-3 0x00007fab809a9636 in dial_exec (chan=0x7fab80187df0, data=0x4) at app_dial.c:1967 ASTERISK-4 0x000000000048be10 in pbx_exec (c=0x7fab640075c0, app=0x7fc240, data=0x7fab8018bd50) at pbx.c:942 ASTERISK-5 0x0000000000491eac in pbx_extension_helper (c=0x7fab640075c0, con=<value optimized out>, context=0x7fab64007818 "DialLine", exten=0x7fab64007868 "789-0013d18009f0-2", priority=<value optimized out>, label=<value optimized out>, callerid=0x7fab680008c0 "792", action=E_SPAWN, found=0x7fab8018decc, combined_find_spawn=1) at pbx.c:3111 ASTERISK-6 0x0000000000492370 in ast_spawn_extension (c=0x7fab80187df0, context=<value optimized out>, exten=<value optimized out>, priority=<value optimized out>, callerid=<value optimized out>, found=<value optimized out>, combined_find_spawn=1) at pbx.c:3614 ASTERISK-7 0x00000000004964ef in __ast_pbx_run (c=0x7fab640075c0, args=<value optimized out>) at pbx.c:3701 ASTERISK-8 0x000000000049754b in pbx_thread (data=0x7fab80187df0) at pbx.c:3974 ASTERISK-9 0x00000000004ccfe8 in dummy_start (data=<value optimized out>) at utils.c:861 ASTERISK-10 0x00007fabb70cc86a in start_thread (arg=<value optimized out>) at pthread_create.c:297 ASTERISK-11 0x00007fabb77c839d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112 ASTERISK-12 0x0000000000000000 in ?? () Thread 1 (Thread 28153): #0 0x00007fabb77612ca in _int_free (av=0x7fab6c000020, p=0x7fab6c00b700, have_lock=<value optimized out>) at malloc.c:4912 #1 0x00000000004c706d in destroy (pvt=0x7fab6c00b710) at translate.c:150 #2 0x00000000004c70ef in ast_translator_free_path (p=0x0) at translate.c:258 #3 0x000000000043b905 in free_translation (clone=0x7fab4c00a060) at channel.c:1583 #4 0x000000000043ffc3 in ast_do_masquerade (original=0x7fab7c006bd0) at channel.c:4057 ASTERISK-1 0x0000000000440f88 in ast_waitfor_nandfds (c=<value optimized out>, n=2, fds=<value optimized out>, nfds=<value optimized out>, exception=<value optimized out>, outfd=<value optimized out>, ms=0x7fab75f790ac) at channel.c:1963 ASTERISK-2 0x0000000000441567 in ast_waitfor_n (c=0x0, n=0, ms=<value optimized out>) at channel.c:2281 ASTERISK-3 0x000000000044546c in ast_generic_bridge (bridge_end=<value optimized out>, rc=<value optimized out>, fo=<value optimized out>, config=<value optimized out>, c1=<value optimized out>, c0=<value optimized out>) at channel.c:4467 ASTERISK-4 ast_channel_bridge (bridge_end=<value optimized out>, rc=<value optimized out>, fo=<value optimized out>, config=<value optimized out>, c1=<value optimized out>, c0=<value optimized out>) at channel.c:4850 ASTERISK-5 0x0000000000465d30 in ast_bridge_call (chan=0x7fab7c006bd0, peer=<value optimized out>, config=0x7fab75f79dc0) at features.c:2278 ASTERISK-6 0x00007fab809a7357 in dial_exec_full (chan=0x7fab7c006bd0, data=<value optimized out>, peerflags=<value optimized out>, continue_exec=<value optimized out>) at app_dial.c:1911 ASTERISK-7 0x00007fab809a9636 in dial_exec (chan=0x0, data=0x0) at app_dial.c:1967 ASTERISK-8 0x000000000048be10 in pbx_exec (c=0x7fab7c006bd0, app=0x7fc240, data=0x7fab75f7cd50) at pbx.c:942 ASTERISK-9 0x0000000000491eac in pbx_extension_helper (c=0x7fab7c006bd0, con=<value optimized out>, context=0x7fab7c006e28 "HassogbergDirect", exten=0x7fab7c006e78 "s", priority=<value optimized out>, label=<value optimized out>, callerid=0x7fab7c004a10 "792", action=E_SPAWN, found=0x7fab75f7eecc, combined_find_spawn=1) at pbx.c:3111 ASTERISK-10 0x0000000000492370 in ast_spawn_extension (c=0x0, context=<value optimized out>, exten=<value optimized out>, priority=<value optimized out>, callerid=<value optimized out>, found=<value optimized out>, combined_find_spawn=1) at pbx.c:3614 ASTERISK-11 0x00000000004964ef in __ast_pbx_run (c=0x7fab7c006bd0, args=<value optimized out>) at pbx.c:3701 ---Type <return> to continue, or q <return> to quit--- ASTERISK-12 0x000000000049754b in pbx_thread (data=0x0) at pbx.c:3974 ASTERISK-13 0x00000000004ccfe8 in dummy_start (data=<value optimized out>) at utils.c:861 ASTERISK-14 0x00007fabb70cc86a in start_thread (arg=<value optimized out>) at pthread_create.c:297 ASTERISK-15 0x00007fabb77c839d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112 ASTERISK-16 0x0000000000000000 in ?? () By: David Brillert (aragon) 2009-08-20 10:18:48 amorsen Your Asterisk install is still compiled without DONT_OPTIMIZE enabled so your bt values are optimized out. There is a minimal performance hit enabling DONT_OPTIMIZE so that you won't notice any degradation. Secondly this is a memory abort and the only way the developers can see what is really going on is with a valgrind trace or you can try compiling and using Tilghman's malloc_hold checkout https://reviewboard.asterisk.org/r/309/ I captured a crash in Valgrind yesterday related to this issue and it is posted to ticket 15109 Here is a link to the valgrind trace. https://issues.asterisk.org/file_download.php?file_id=23566&type=bug By: Russell Bryant (russell) 2009-08-25 14:51:35 I have posted a patch on issue 15109 which should address this issue. Please give it a try! https://issues.asterisk.org/view.php?id=15109 By: Digium Subversion (svnbot) 2009-09-01 15:40:39 Repository: asterisk-addons Revision: 1024 U branches/1.6.0/formats/format_mp3.c ------------------------------------------------------------------------ r1024 | russell | 2009-09-01 15:40:16 -0500 (Tue, 01 Sep 2009) | 45 lines Fix memory corruption caused by format_mp3. format_mp3 claimed that it provided AST_FRIENDLY_OFFSET in frames returned by read(). However, it lied. This means that other parts of the code that attempted to make use of the offset buffer would end up corrupting the fields in the ast_filestream structure. This resulted in quite a few crashes due to unexpected values for fields in ast_filestream. This patch closes out quite a few bugs. However, some of these bugs have been open for a while and have been an area where more than one bug has been discussed. So with that said, anyone that is following one of the issues closed here, if you still have a problem, please open a new bug report for the specific problem you are still having. If you do, please ensure that the bug report is based on the newest version of Asterisk, and that this patch is applied if format_mp3 is in use. Thanks! (closes issue ASTERISK-14129) Reported by: jvandal Tested by: aragon, russell, zerohalo, marhbere, rgj (closes issue ASTERISK-14007) Reported by: aragon (closes issue ASTERISK-14141) Reported by: axisinternet (closes issue ASTERISK-14074) Reported by: maxnuv (closes issue ASTERISK-14374) Reported by: aragon (closes issue ASTERISK-14203) Reported by: amorsen Tested by: amorsen (closes issue ASTERISK-14718) Reported by: jensvb (closes issue ASTERISK-14673) Reported by: thom4fun (closes issue ASTERISK-14428) Reported by: marhbere ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk-addons?view=rev&revision=1024 By: Digium Subversion (svnbot) 2009-09-01 15:42:42 Repository: asterisk-addons Revision: 1025 U branches/1.6.1/formats/format_mp3.c ------------------------------------------------------------------------ r1025 | russell | 2009-09-01 15:42:24 -0500 (Tue, 01 Sep 2009) | 45 lines Fix memory corruption caused by format_mp3. format_mp3 claimed that it provided AST_FRIENDLY_OFFSET in frames returned by read(). However, it lied. This means that other parts of the code that attempted to make use of the offset buffer would end up corrupting the fields in the ast_filestream structure. This resulted in quite a few crashes due to unexpected values for fields in ast_filestream. This patch closes out quite a few bugs. However, some of these bugs have been open for a while and have been an area where more than one bug has been discussed. So with that said, anyone that is following one of the issues closed here, if you still have a problem, please open a new bug report for the specific problem you are still having. If you do, please ensure that the bug report is based on the newest version of Asterisk, and that this patch is applied if format_mp3 is in use. Thanks! (closes issue ASTERISK-14129) Reported by: jvandal Tested by: aragon, russell, zerohalo, marhbere, rgj (closes issue ASTERISK-14007) Reported by: aragon (closes issue ASTERISK-14141) Reported by: axisinternet (closes issue ASTERISK-14074) Reported by: maxnuv (closes issue ASTERISK-14374) Reported by: aragon (closes issue ASTERISK-14203) Reported by: amorsen Tested by: amorsen (closes issue ASTERISK-14718) Reported by: jensvb (closes issue ASTERISK-14673) Reported by: thom4fun (closes issue ASTERISK-14428) Reported by: marhbere ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk-addons?view=rev&revision=1025 By: Digium Subversion (svnbot) 2009-09-01 15:43:32 Repository: asterisk-addons Revision: 1026 U branches/1.6.2/formats/format_mp3.c ------------------------------------------------------------------------ r1026 | russell | 2009-09-01 15:43:13 -0500 (Tue, 01 Sep 2009) | 45 lines Fix memory corruption caused by format_mp3. format_mp3 claimed that it provided AST_FRIENDLY_OFFSET in frames returned by read(). However, it lied. This means that other parts of the code that attempted to make use of the offset buffer would end up corrupting the fields in the ast_filestream structure. This resulted in quite a few crashes due to unexpected values for fields in ast_filestream. This patch closes out quite a few bugs. However, some of these bugs have been open for a while and have been an area where more than one bug has been discussed. So with that said, anyone that is following one of the issues closed here, if you still have a problem, please open a new bug report for the specific problem you are still having. If you do, please ensure that the bug report is based on the newest version of Asterisk, and that this patch is applied if format_mp3 is in use. Thanks! (closes issue ASTERISK-14129) Reported by: jvandal Tested by: aragon, russell, zerohalo, marhbere, rgj (closes issue ASTERISK-14007) Reported by: aragon (closes issue ASTERISK-14141) Reported by: axisinternet (closes issue ASTERISK-14074) Reported by: maxnuv (closes issue ASTERISK-14374) Reported by: aragon (closes issue ASTERISK-14203) Reported by: amorsen Tested by: amorsen (closes issue ASTERISK-14718) Reported by: jensvb (closes issue ASTERISK-14673) Reported by: thom4fun (closes issue ASTERISK-14428) Reported by: marhbere ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk-addons?view=rev&revision=1026 By: Digium Subversion (svnbot) 2009-09-01 15:45:15 Repository: asterisk Revision: 215212 U trunk/addons/format_mp3.c ------------------------------------------------------------------------ r215212 | russell | 2009-09-01 15:44:57 -0500 (Tue, 01 Sep 2009) | 45 lines Fix memory corruption caused by format_mp3. format_mp3 claimed that it provided AST_FRIENDLY_OFFSET in frames returned by read(). However, it lied. This means that other parts of the code that attempted to make use of the offset buffer would end up corrupting the fields in the ast_filestream structure. This resulted in quite a few crashes due to unexpected values for fields in ast_filestream. This patch closes out quite a few bugs. However, some of these bugs have been open for a while and have been an area where more than one bug has been discussed. So with that said, anyone that is following one of the issues closed here, if you still have a problem, please open a new bug report for the specific problem you are still having. If you do, please ensure that the bug report is based on the newest version of Asterisk, and that this patch is applied if format_mp3 is in use. Thanks! (closes issue ASTERISK-14129) Reported by: jvandal Tested by: aragon, russell, zerohalo, marhbere, rgj (closes issue ASTERISK-14007) Reported by: aragon (closes issue ASTERISK-14141) Reported by: axisinternet (closes issue ASTERISK-14074) Reported by: maxnuv (closes issue ASTERISK-14374) Reported by: aragon (closes issue ASTERISK-14203) Reported by: amorsen Tested by: amorsen (closes issue ASTERISK-14718) Reported by: jensvb (closes issue ASTERISK-14673) Reported by: thom4fun (closes issue ASTERISK-14428) Reported by: marhbere ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=215212 By: Digium Subversion (svnbot) 2009-09-01 15:45:47 Repository: asterisk Revision: 215213 _U branches/1.6.2/ ------------------------------------------------------------------------ r215213 | russell | 2009-09-01 15:45:26 -0500 (Tue, 01 Sep 2009) | 51 lines Blocked revisions 215212 via svnmerge ........ r215212 | russell | 2009-09-01 15:44:13 -0500 (Tue, 01 Sep 2009) | 45 lines Fix memory corruption caused by format_mp3. format_mp3 claimed that it provided AST_FRIENDLY_OFFSET in frames returned by read(). However, it lied. This means that other parts of the code that attempted to make use of the offset buffer would end up corrupting the fields in the ast_filestream structure. This resulted in quite a few crashes due to unexpected values for fields in ast_filestream. This patch closes out quite a few bugs. However, some of these bugs have been open for a while and have been an area where more than one bug has been discussed. So with that said, anyone that is following one of the issues closed here, if you still have a problem, please open a new bug report for the specific problem you are still having. If you do, please ensure that the bug report is based on the newest version of Asterisk, and that this patch is applied if format_mp3 is in use. Thanks! (closes issue ASTERISK-14129) Reported by: jvandal Tested by: aragon, russell, zerohalo, marhbere, rgj (closes issue ASTERISK-14007) Reported by: aragon (closes issue ASTERISK-14141) Reported by: axisinternet (closes issue ASTERISK-14074) Reported by: maxnuv (closes issue ASTERISK-14374) Reported by: aragon (closes issue ASTERISK-14203) Reported by: amorsen Tested by: amorsen (closes issue ASTERISK-14718) Reported by: jensvb (closes issue ASTERISK-14673) Reported by: thom4fun (closes issue ASTERISK-14428) Reported by: marhbere ........ ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=215213 |