| Summary: | ASTERISK-15091: Core dump in audio_audiohook_write_list | ||
| Reporter: | Atis Lezdins (atis) | Labels: | |
| Date Opened: | 2009-11-06 08:47:19.000-0600 | Date Closed: | 2010-06-03 11:35:39 |
| Priority: | Blocker | Regression? | No |
| Status: | Closed/Complete | Components: | Core/General |
| Versions: | Frequency of Occurrence | ||
| Related Issues: | |||
| Environment: | Attachments: | ( 0) bt.asterisk-dev-mc-2009-11-06T15:28:02+0200.32755.txt | |
| Description: | This crash was introduced somewhere between 1.6.1.6 and r228147. I can reproduce it quite easily while running automated tests. # 0 0x0000000000446613 in audio_audiohook_write_list (chan=0x2aaac415ae68, audiohook_list=0x2aaaac2a0728, direction=AST_AUDIOHOOK_DIRECTION_WRITE, frame=0x2aaaac455658) at /usr/dist/asterisk-svn-1.6.1-latest-vanilla/include/asterisk/util s.h:270 # 1 0x0000000000446a7e in ast_audiohook_write_list (chan=0x2aaac415ae68, audiohook_list=0x2aaaac2a0728, direction=AST_AUDIOHOOK_DIRECTION_WRITE, frame=0x2aaaac455658) at audiohook.c:704 # 2 0x00000000004608d5 in ast_write (chan=0x2aaac415ae68, fr=0x2411e40) at channel.c:3472 # 3 0x0000000000466055 in ast_generic_bridge (c0=0x2aaac4359818, c1=0x2aaac415ae68, config=0x429a07b0, fo=0x4299eb38, rc=0x4299eb30, bridge_end={tv_sec = 0, tv_usec = 0}) at channel.c:4855 # 4 0x0000000000467e9e in ast_channel_bridge (c0=0x2aaac4359818, c1=0x2aaac415ae68, config=0x429a07b0, fo=0x4299eb38, rc=0x4299eb30) at channel.c:5194 # 5 0x000000000049cfeb in ast_bridge_call (chan=0x2aaac4359818, peer=0x2aaac415ae68, config=0x429a07b0) at features.c:2544 # 6 0x00002aaabc84171f in try_calling (qe=0x429a0e60, options=0x429a0db7 "", announceoverride=0x429a0db9 "", url=0x429a0db8 "", tries=0x429a1084, noption=0x429a1080, agi=0x0, macro=0x0, gosub=0x0, ringing=0) at app_queue.c:4058 # 7 0x00002aaabc8459cd in queue_exec (chan=0x2aaac4359818, data=0x429a12d0) at app_queue.c:4998 | ||
| Comments: | By: Leif Madsen (lmadsen) 2009-11-06 08:56:36.000-0600 Could you also provide some information on how to reproduce this? Also, what technologies are involved, etc... I think a console output just prior to the crash would also be useful here. By: Atis Lezdins (atis) 2009-11-06 09:30:20.000-0600 I'm using Queue, Local channels (with state_interface), LOCK, GROUP, Dial (with gosub on answer), Monitor and ChanSpy. It's automated test system so, I have no idea for exact steps, however the last log lines before crash shows that it could be related to ChanSpy and Queue [2009-11-06 16:49:00.0762] DEBUG[2301] chan_sip.c: SIP answering channel: SIP/inbound-test-80-00000189 [2009-11-06 16:49:00.0763] DEBUG[2301] chan_sip.c: Setting framing from config on incoming call [2009-11-06 16:49:00.0763] DEBUG[2301] chan_sip.c: ** Our capability: 0x4 (ulaw) Video flag: True Text flag: True [2009-11-06 16:49:00.0764] DEBUG[2301] chan_sip.c: ** Our prefcodec: 0x0 (nothing) [2009-11-06 16:49:00.0764] DEBUG[2301] chan_sip.c: Trying to put 'SIP/2.0 200' onto UDP socket destined for 192.168.1.80:5060 [2009-11-06 16:49:00.0773] DEBUG[28273] chan_sip.c: Stopping retransmission on '0938ab6846b8e1577acd409303fbf4f8@192.168.1.80' of Response 102: Match Found [2009-11-06 16:49:00.2328] DEBUG[32608] app_queue.c: There is 1 available member. [2009-11-06 16:49:00.2329] DEBUG[32608] app_queue.c: It's not our turn (SIP/inbound-test-80-0000010e). [2009-11-06 16:49:00.2330] DEBUG[2116] rtp.c: Got RTCP report of 64 bytes [2009-11-06 16:49:00.2828] DEBUG[32447] app_queue.c: There is 1 available member. [2009-11-06 16:49:00.2829] DEBUG[32447] app_queue.c: It's not our turn (SIP/inbound-test-80-00000106). [2009-11-06 16:49:00.3068] DEBUG[1904] app_queue.c: There is 1 available member. [2009-11-06 16:49:00.3068] DEBUG[1904] app_queue.c: It's not our turn (SIP/inbound-test-80-00000173). [2009-11-06 16:49:00.3230] DEBUG[2170] channel.c: Set channel SIP/22237-00000181 to write format slin [2009-11-06 16:49:00.3231] VERBOSE[2170] app_chanspy.c: == Spying on channel SIP/22219-000000e9 [2009-11-06 16:49:00.3231] NOTICE[2170] app_chanspy.c: Attaching SIP/22237-00000181 to SIP/22219-000000e9 [2009-11-06 16:49:00.3231] NOTICE[2170] app_chanspy.c: Attaching SIP/22237-00000181 to SIP/22219-000000e9 [2009-11-06 16:49:00.3231] NOTICE[2170] app_chanspy.c: Attaching SIP/22237-00000181 to SIP/inbound-test-80-00000090 [2009-11-06 16:49:00.3428] DEBUG[32524] app_queue.c: There is 1 available member. [2009-11-06 16:49:00.3428] DEBUG[32524] app_queue.c: It's not our turn (SIP/inbound-test-80-0000010b). By: Samy Kamkar (samyk) 2010-04-12 22:47:04 I believe the same issue occurs on my system when using MixMonitor and app_swift (cepstral) combined. If I remove MixMonitor, the call is fine. Asterisk 1.6.0.26 Linux adv 2.6.32.1-rscloud ASTERISK-11 SMP Mon Feb 22 13:22:15 UTC 2010 x86_64 x86_64 x86_64 GNU/Linux Cepstral Swift 5.1.0 Last 2 lines in asterisk messages: [Apr 12 20:32:00] VERBOSE[31050] logger.c: -- Executing [s@macro-speech:1] Swift("SIP/flowroute-1-00000006", ""this is a pure test"") in new stack [Apr 12 20:32:00] NOTICE[31050] app_swift.c: Text to Speak : this is a pure test (gdb) bt #0 ast_audiohook_write_list (chan=0x1dc9620, audiohook_list=0x18e4a30, direction=AST_AUDIOHOOK_DIRECTION_WRITE, frame=0x8eacc00000000001) at audiohook.c:713 #1 0x000000000044a81c in ast_write (chan=0x1dc9620, fr=0x417b0e20) at channel.c:3528 #2 0x00007fd291c54c94 in engine (chan=0x1dc9620, data=0x417b3410) at app_swift.c:402 #3 0x000000000049dd52 in pbx_exec (c=0x1dc9620, app=0x7fd29c0267e0, data=0x417b3410) at pbx.c:951 #4 0x00000000004a86fe in pbx_extension_helper (c=0x1dc9620, con=<value optimized out>, context=0x1dc9878 "macro-speech", exten=0x1dc98c8 "s", priority=1, label=0x0, callerid=0x1d63390 "3109990409", action=E_SPAWN, found=0x417b678c, combined_find_spawn=1) at pbx.c:3141 ASTERISK-1 0x00000000004a8c50 in ast_spawn_extension (c=0x1dc9620, context=0x1 <Address 0x1 out of bounds>, exten=0x8eacc00000000001 <Address 0x8eacc00000000001 out of bounds>, priority=30851448, callerid=<value optimized out>, found=<value optimized out>, combined_find_spawn=1) at pbx.c:3608 ASTERISK-2 0x00007fd29b3ada05 in _macro_exec (chan=0x1dc9620, data=0x7fd29c0ad0c0, exclusive=0) at app_macro.c:336 ASTERISK-3 0x000000000049dd52 in pbx_exec (c=0x1dc9620, app=0x7fd29c017250, data=0x417b88a0) at pbx.c:951 ASTERISK-4 0x00000000004a86fe in pbx_extension_helper (c=0x1dc9620, con=<value optimized out>, context=0x1dc9878 "macro-speech", exten=0x1dc98c8 "s", priority=1, label=0x0, callerid=0x1d63390 "3109990409", action=E_SPAWN, found=0x417baeec, combined_find_spawn=1) at pbx.c:3141 ASTERISK-5 0x00000000004ab9d6 in __ast_pbx_run (c=0x1dc9620, args=0x0) at pbx.c:3608 ASTERISK-6 0x00000000004ad2bf in ast_pbx_outgoing_exten (type=0x1d73f5c "SIP", format=64, data=0x1d7405c, timeout=45000, context=0x1d743ac "call-confirm", exten=0x1d7435c "s", priority=1, reason=0x417bb05c, sync=2, cid_num=0x1d74400 "3109990409", cid_name=0x1d74500 "3109990409", vars=0x1d51ce0, account=0x1d74600 "2", channel=0x0) at pbx.c:4010 ASTERISK-7 0x00007fd29513aa4a in attempt_thread (data=<value optimized out>) at pbx_spool.c:344 ASTERISK-8 0x00000000004e1bbc in dummy_start (data=<value optimized out>) at utils.c:861 ASTERISK-9 0x0000003890606617 in start_thread () from /lib64/libpthread.so.0 ASTERISK-10 0x000000388f6d3c2d in clone () from /lib64/libc.so.6 By: Leif Madsen (lmadsen) 2010-04-28 10:52:03 Marked as a blocker for all releases. By: Leif Madsen (lmadsen) 2010-04-28 10:52:25 <The_Boy_Wonder> leifmadsen: the patch to fix it is on reviewboard, it should be resolved today or tomorrow By: Digium Subversion (svnbot) 2010-04-29 10:52:44 Repository: asterisk Revision: 260049 U branches/1.4/include/asterisk/audiohook.h U branches/1.4/main/audiohook.c ------------------------------------------------------------------------ r260049 | dvossel | 2010-04-29 10:31:02 -0500 (Thu, 29 Apr 2010) | 17 lines Fixes crash in audiohook_write_list The middle_frame in the audiohook_write_list function was being freed if a audiohook manipulator returned a failure. This is incorrect logic. This patch resolves this and adds detailed descriptions of how this function should work and why manipulator failures must be ignored. (closes issue ASTERISK-15834) Reported by: dvossel Tested by: dvossel (closes issue ASTERISK-15091) Reported by: atis Review: https://reviewboard.asterisk.org/r/623/ ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=260049 By: Digium Subversion (svnbot) 2010-04-29 10:53:22 Repository: asterisk Revision: 260050 _U trunk/ U trunk/include/asterisk/audiohook.h U trunk/main/audiohook.c ------------------------------------------------------------------------ r260050 | dvossel | 2010-04-29 10:33:27 -0500 (Thu, 29 Apr 2010) | 24 lines Merged revisions 260049 via svnmerge from https://origsvn.digium.com/svn/asterisk/branches/1.4 ........ r260049 | dvossel | 2010-04-29 10:31:02 -0500 (Thu, 29 Apr 2010) | 14 lines Fixes crash in audiohook_write_list The middle_frame in the audiohook_write_list function was being freed if a audiohook manipulator returned a failure. This is incorrect logic. This patch resolves this and adds detailed descriptions of how this function should work and why manipulator failures must be ignored. (closes issue ASTERISK-15834) Reported by: dvossel Tested by: dvossel (closes issue ASTERISK-15091) Reported by: atis Review: https://reviewboard.asterisk.org/r/623/ ........ ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=260050 By: Digium Subversion (svnbot) 2010-04-29 10:53:59 Repository: asterisk Revision: 260051 _U branches/1.6.2/ U branches/1.6.2/include/asterisk/audiohook.h U branches/1.6.2/main/audiohook.c ------------------------------------------------------------------------ r260051 | dvossel | 2010-04-29 10:35:38 -0500 (Thu, 29 Apr 2010) | 31 lines Merged revisions 260050 via svnmerge from https://origsvn.digium.com/svn/asterisk/trunk ................ r260050 | dvossel | 2010-04-29 10:33:27 -0500 (Thu, 29 Apr 2010) | 21 lines Merged revisions 260049 via svnmerge from https://origsvn.digium.com/svn/asterisk/branches/1.4 ........ r260049 | dvossel | 2010-04-29 10:31:02 -0500 (Thu, 29 Apr 2010) | 14 lines Fixes crash in audiohook_write_list The middle_frame in the audiohook_write_list function was being freed if a audiohook manipulator returned a failure. This is incorrect logic. This patch resolves this and adds detailed descriptions of how this function should work and why manipulator failures must be ignored. (closes issue ASTERISK-15834) Reported by: dvossel Tested by: dvossel (closes issue ASTERISK-15091) Reported by: atis Review: https://reviewboard.asterisk.org/r/623/ ........ ................ ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=260051 By: Digium Subversion (svnbot) 2010-04-29 10:54:27 Repository: asterisk Revision: 260052 _U branches/1.6.1/ U branches/1.6.1/include/asterisk/audiohook.h U branches/1.6.1/main/audiohook.c ------------------------------------------------------------------------ r260052 | dvossel | 2010-04-29 10:37:15 -0500 (Thu, 29 Apr 2010) | 31 lines Merged revisions 260050 via svnmerge from https://origsvn.digium.com/svn/asterisk/trunk ................ r260050 | dvossel | 2010-04-29 10:33:27 -0500 (Thu, 29 Apr 2010) | 21 lines Merged revisions 260049 via svnmerge from https://origsvn.digium.com/svn/asterisk/branches/1.4 ........ r260049 | dvossel | 2010-04-29 10:31:02 -0500 (Thu, 29 Apr 2010) | 14 lines Fixes crash in audiohook_write_list The middle_frame in the audiohook_write_list function was being freed if a audiohook manipulator returned a failure. This is incorrect logic. This patch resolves this and adds detailed descriptions of how this function should work and why manipulator failures must be ignored. (closes issue ASTERISK-15834) Reported by: dvossel Tested by: dvossel (closes issue ASTERISK-15091) Reported by: atis Review: https://reviewboard.asterisk.org/r/623/ ........ ................ ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=260052 By: Digium Subversion (svnbot) 2010-04-29 10:55:00 Repository: asterisk Revision: 260053 _U branches/1.6.0/ U branches/1.6.0/include/asterisk/audiohook.h U branches/1.6.0/main/audiohook.c ------------------------------------------------------------------------ r260053 | dvossel | 2010-04-29 10:39:21 -0500 (Thu, 29 Apr 2010) | 31 lines Merged revisions 260050 via svnmerge from https://origsvn.digium.com/svn/asterisk/trunk ................ r260050 | dvossel | 2010-04-29 10:33:27 -0500 (Thu, 29 Apr 2010) | 21 lines Merged revisions 260049 via svnmerge from https://origsvn.digium.com/svn/asterisk/branches/1.4 ........ r260049 | dvossel | 2010-04-29 10:31:02 -0500 (Thu, 29 Apr 2010) | 14 lines Fixes crash in audiohook_write_list The middle_frame in the audiohook_write_list function was being freed if a audiohook manipulator returned a failure. This is incorrect logic. This patch resolves this and adds detailed descriptions of how this function should work and why manipulator failures must be ignored. (closes issue ASTERISK-15834) Reported by: dvossel Tested by: dvossel (closes issue ASTERISK-15091) Reported by: atis Review: https://reviewboard.asterisk.org/r/623/ ........ ................ ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=260053 | ||