Summary: | ASTERISK-14933: [patch] crash in ast_frame_free / ast_generic_bridge | ||
Reporter: | Atis Lezdins (atis) | Labels: | |
Date Opened: | 2009-10-02 12:35:39 | Date Closed: | 2009-11-13 14:51:43.000-0600 |
Priority: | Critical | Regression? | No |
Status: | Closed/Complete | Components: | Core/General |
Versions: | Frequency of Occurrence | ||
Related Issues: | |||
Environment: | Attachments: | ( 0) 20091105__issue16013.diff.txt ( 1) bt.asterisk-dev-mc-2009-10-02T19:01:06+0300.27152.txt ( 2) bt.asterisk-dev-mc-2009-11-06T15:03:57+0200.1995_2.txt ( 3) gdb_cms_001.txt ( 4) gdb.txt ( 5) jpeeler-gdb.txt | |
Description: | I have this crash sometimes on 1.6.1 branch # 0 0x00000000004abe46 in ast_frame_free (frame=0x323931203a6d6f72, cache=1) at frame.c:379 # 1 0x000000000046600c in ast_generic_bridge (c0=0x2aaaac272818, c1=0x2aaad4079fb8, config=0x44065120, fo=0x44064278, rc=0x44064270, bridge_end={tv_sec = 0, tv_usec = 0}) at channel.c:4855 # 2 0x0000000000467e2e in ast_channel_bridge (c0=0x2aaaac272818, c1=0x2aaad4079fb8, config=0x44065120, fo=0x44064278, rc=0x44064270) at channel.c:5187 # 3 0x000000000049d00a in ast_bridge_call (chan=0x2aaaac272818, peer=0x2aaad4079fb8, config=0x44065120) at features.c:2540 # 4 0x00002aaab333b026 in dial_exec_full (chan=0x2aaaac272818, data=0x44067890, peerflags=0x44065680, continue_exec=0x0) at app_dial.c:1986 # 5 0x00002aaab333b863 in dial_exec (chan=0x2aaaac272818, data=0x44067890) at app_dial.c:2060 | ||
Comments: | By: Tilghman Lesher (tilghman) 2009-11-05 15:48:34.000-0600 What is the output of: (gdb) p *frame By: Tilghman Lesher (tilghman) 2009-11-05 15:54:54.000-0600 Secondarily, can you reproduce this crash with SVN branch 1.6.1 revision 224858 or later? I diagnosed a similar frame corruption problem and the fix was in that revision. By: Jeff Peeler (jpeeler) 2009-11-05 16:04:50.000-0600 The gdb.txt output is from 1.6.1 r228193. By: Chris Stone (habile) 2009-11-05 17:19:08.000-0600 Hello forgive the intrusion (and my possible ignorance) but I've had this for a while, I'm up to 227448. Can reproduce at will. Although I see this could be different, hence my possible ignorance. See https://issues.asterisk.org/view.php?id=15842 By: Tilghman Lesher (tilghman) 2009-11-05 18:24:35.000-0600 Patch uploaded for testing. By: Chris Stone (habile) 2009-11-06 02:23:03.000-0600 Still crashes for me. Attached gdb output gdb_cms_001.txt. Thanks. By: Atis Lezdins (atis) 2009-11-06 07:38:40.000-0600 Attached backtrace while using r228147 + 20091105__issue16013.diff.txt (gdb) p *frame Cannot access memory at address 0x756d2f656d6f682f (gdb) frame 1 # 1 0x0000000000460cdf in ast_write (chan=0x2aaac8133b68, fr=0x23b97f0) at channel.c:3582 3582 ast_frfree(f); (gdb) p *f $1 = {frametype = AST_FRAME_DTMF_END, subclass = 0, datalen = 0, samples = 0, mallocd = -670184184, mallocd_hdr_len = 0, offset = -559038737, src = 0xc0 <Address 0xc0 out of bounds>, data = {ptr = 0xc4, uint32 = 196, pad = "?\000\000\000\000\000\000"}, delivery = {tv_sec = 46913257589472, tv_usec = 32}, frame_list = {next = 0x756d2f656d6f682f}, flags = 1630496370, ts = 3329899763270906729, len = 7002937344469577521, seqno = 1700754547} By: Tilghman Lesher (tilghman) 2009-11-10 16:37:32.000-0600 Please attempt to replicate this issue when using revision 228695 or greater, as a fix went into 1.6.1 as of that revision number that fixed certain audiohook crashes. This may also solve this issue. By: Atis Lezdins (atis) 2009-11-13 08:39:54.000-0600 No crash on r229569 (with only difference --enable-dev-mode and DO_CRASH) By: Tilghman Lesher (tilghman) 2009-11-13 14:51:39.000-0600 Appears to be fixed with David Vossell's change in revision 228695. |