[asterisk-bugs] [Asterisk 0010316]: Crash on ast_openstream on disconnected (at that moment) channel

noreply at bugs.digium.com noreply at bugs.digium.com
Wed Sep 19 08:58:51 CDT 2007 

The following issue has been REOPENED. 
====================================================================== 
http://bugs.digium.com/view.php?id=10316 
====================================================================== 
Reported By:                datacompboy
Assigned To:                file
====================================================================== 
Project:                    Asterisk
Issue ID:                   10316
Category:                   Core-General
Reproducibility:            sometimes
Severity:                   minor
Priority:                   normal
Status:                     feedback
Asterisk Version:           1.4.9  
SVN Branch (only for SVN checkouts, not tarball releases): N/A  
SVN Revision (number only!):  
Disclaimer on File?:        N/A 
Request Review:              
====================================================================== 
Date Submitted:             07-26-2007 23:52 CDT
Last Modified:              09-19-2007 08:58 CDT
====================================================================== 
Summary:                    Crash on ast_openstream on disconnected (at that
moment) channel
Description: 

(gdb) backtrace
http://bugs.digium.com/view.php?id=0  0x000000000044bb0d in ast_closestream ()
http://bugs.digium.com/view.php?id=1  0x000000000044be75 in ast_stopstream ()
http://bugs.digium.com/view.php?id=2  0x000000000044dbb5 in ast_openstream_full
()
http://bugs.digium.com/view.php?id=3  0x00002aaac3a64c45 in basic_play_sound
(member=0x8075b0, file=0x8242c0
"ps/default/client-leave", mute=0)
    at conference.c:2807
http://bugs.digium.com/view.php?id=4  0x00002aaac3a61b54 in remove_member
(member=0x824580, conf=0x8063e0)
at conference.c:985
http://bugs.digium.com/view.php?id=5  0x00002aaac3a6aa09 in
member_process_spoken_frames (conf=0x8063e0,
member=0x824580, spoken_frames=0x4086f038,
    time_diff=23, listener_count=0x4086f030, speaker_count=0x4086f034) at
member.c:3249
http://bugs.digium.com/view.php?id=6  0x00002aaac3a606c4 in conference_exec
(conf=0x8063e0) at
conference.c:206
http://bugs.digium.com/view.php?id=7  0x000000000049221c in ?? ()
http://bugs.digium.com/view.php?id=8  0x00002b8300296317 in start_thread () from
/lib/libpthread.so.0
http://bugs.digium.com/view.php?id=9  0x00002b8300c6faad in clone () from
/lib/libc.so.6

====================================================================== 

---------------------------------------------------------------------- 
 datacompboy - 09-19-07 08:58  
---------------------------------------------------------------------- 
Sorry, but I still think that this issue relate to asterisk. 
Let me describe:

http://bugs.digium.com/view.php?id=0  0x000000000044bb0d in ast_closestream
(f=0x8557d0) at file.c:715
    cmd = <value optimized out>
    size = <value optimized out>
http://bugs.digium.com/view.php?id=1  0x000000000044d6bc in ast_filehelper
(filename=0x4099ad80
"ps/default/client-leave", arg2=0x855730, fmt=0x0,
    action=ACTION_OPEN) at file.c:423
    bfile = (FILE *) 0x86d850
    s = (struct ast_filestream *) 0x8bd2e0
    f = (struct ast_format *) 0x817b70
    res = -1
    __PRETTY_FUNCTION__ = "ast_filehelper"
http://bugs.digium.com/view.php?id=2  0x000000000044dbf8 in ast_openstream_full
(chan=0x855730,
filename=0x842da0 "ps/default/client-leave",
    preflang=0x4ba54f "", asis=<value optimized out>) at file.c:569
    fmts = <value optimized out>
    res = <value optimized out>
    buflen = <value optimized out>
    buf = 0x855790 "\032"
    __PRETTY_FUNCTION__ = "ast_openstream_full"

was called ast_openstream_full when chan going to hangup.
file.c:715 is in
int ast_closestream(struct ast_filestream *f)
(called with non-zero, correct ast_filestrem!)
line 715 is
        if (f->fmt->format < AST_FORMAT_MAX_AUDIO) {
so, we have situation when f->fmt are now zero, while we have tested only

if (f->owner).

I think, there should be or check for f->fmt nonzero, or
<<  struct ast_format *fmt; /* need to write to the lock and usecnt */ >>
but there no lock used, as i see.

or i misunderstand something?

this situation ONLY when call to ast_openstream_full on channel that just
going to hangup (but I have not get info about it).

I can provide core dumps (have 4 dumps).

Attached output of 
gdb /usr/sbin/asterisk --se=/usr/lib/debug/usr/sbin/asterisk
core.ps40-2007-09-19T08\:11\:08+0200 <<END >astcrash.log && bzip2 -9
astcrash.log && mv astcrash.log.bz2 /home/ps40
bt full
info thread
thread apply all bt full
quit
END 

Issue History 
Date Modified   Username       Field                    Change               
====================================================================== 
09-19-07 08:58  datacompboy    Status                   closed => feedback  
09-19-07 08:58  datacompboy    Resolution               won't fix => reopened
09-19-07 08:58  datacompboy    Note Added: 0070792                          
======================================================================

More information about the asterisk-bugs mailing list