[asterisk-bugs] [Asterisk 0013040]: 1.4.21.1 crashes seg fault using console/dsp
Asterisk Bug Tracker
noreply at bugs.digium.com
Fri Aug 1 14:46:59 CDT 2008
A NOTE has been added to this issue.
======================================================================
http://bugs.digium.com/view.php?id=13040
======================================================================
Reported By: Geisj
Assigned To: kpfleming
======================================================================
Project: Asterisk
Issue ID: 13040
Category: Channels/chan_alsa
Reproducibility: always
Severity: crash
Priority: normal
Status: assigned
Asterisk Version: 1.4.21.1
SVN Branch (only for SVN checkouts, not tarball releases): N/A
SVN Revision (number only!):
Disclaimer on File?: N/A
Request Review:
======================================================================
Date Submitted: 2008-07-09 15:17 CDT
Last Modified: 2008-08-01 14:46 CDT
======================================================================
Summary: 1.4.21.1 crashes seg fault using console/dsp
Description:
Simple call into dialplan, dials console/dsp speaks message
every minute then hangs up. EVENTUALLY seg faults with below.
I am using alsa 1.0.16 with centos 4.6
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1215857760 (LWP 29590)]
__ast_read (chan=0x8ed5e08, dropaudio=0) at channel.c:2052
2052 f = AST_LIST_REMOVE_HEAD(&chan->readq,
frame_list);
(gdb) where
http://bugs.digium.com/view.php?id=0 __ast_read (chan=0x8ed5e08, dropaudio=0)
at channel.c:2052
http://bugs.digium.com/view.php?id=1 0x08087b69 in ast_channel_bridge
(c0=0x8eca668, c1=0x8ed5e08,
config=0xb78720d0, fo=0xb7871ca0, rc=0xb7871ca4) at channel.c:2348
http://bugs.digium.com/view.php?id=2 0x002f4bad in ast_bridge_call
(chan=0x8eca668, peer=0x8ed5e08,
config=0xb78720d0) at res_features.c:1422
http://bugs.digium.com/view.php?id=3 0x00cbf03a in dial_exec_full
(chan=0x8eca668, data=) at
app_dial.c:1699
http://bugs.digium.com/view.php?id=4 0x00cc1bd4 in dial_exec (chan=0xffffffff,
data=0xffffffff)
at app_dial.c:1753
http://bugs.digium.com/view.php?id=5 0x080ca1d0 in pbx_extension_helper
(c=0x8eca668, con=)
at /usr/src/digium/asterisk-1.4.21.1/include/asterisk/strings.h:35
http://bugs.digium.com/view.php?id=6 0x080ceb46 in __ast_pbx_run (c=0x8eca668)
at pbx.c:2317
http://bugs.digium.com/view.php?id=7 0x080d097e in pbx_thread (data=0x8eca668)
at pbx.c:2636
http://bugs.digium.com/view.php?id=8 0x080ff5e5 in dummy_start
(data=0xffffffff) at utils.c:895
http://bugs.digium.com/view.php?id=9 0x005963cc in start_thread () from
/lib/tls/libpthread.so.0
http://bugs.digium.com/view.php?id=10 0x004ef1ae in clone () from
/lib/tls/libc.so.6
(gdb) q
The program is running. Quit anyway (and detach it)? (y or n) Detaching
from program: /usr/sbin/asterisk, process 28404
======================================================================
----------------------------------------------------------------------
(0091000) Geisj (reporter) - 2008-08-01 14:46
http://bugs.digium.com/view.php?id=13040#c91000
----------------------------------------------------------------------
Forgive me for placing this in the note BUT when trying to attache the
file
I got errors. tried multiple times.
please note the malloc_debug.txt was empty.
==3496== Memcheck, a memory error detector.
==3496== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==3496== Using LibVEX rev 1854, a library for dynamic binary translation.
==3496== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
==3496== Using valgrind-3.3.1, a dynamic binary instrumentation
framework.
==3496== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==3496== For more details, rerun with: -v
==3496==
==3496== My PID = 3496, parent PID = 21920. Prog and args are:
==3496== asterisk
==3496== -vvvvvvcg
==3496==
==3496== Invalid read of size 4
==3496== at 0x52423D: _dl_close (in /lib/tls/libc-2.3.4.so)
==3496== by 0x554D59: dlclose_doit (in /lib/libdl-2.3.4.so)
==3496== by 0x4185ED: _dl_catch_error (in /lib/ld-2.3.4.so)
==3496== by 0x5552BA: _dlerror_run (in /lib/libdl-2.3.4.so)
==3496== by 0x554D89: dlclose (in /lib/libdl-2.3.4.so)
==3496== by 0x80BEE55: load_dynamic_module (loader.c:389)
==3496== by 0x80BFC9A: load_resource (loader.c:654)
==3496== by 0x80C04B5: load_modules (loader.c:855)
==3496== by 0x80732F8: main (asterisk.c:3058)
==3496== Address 0x4058520 is 24 bytes inside a block of size 630 free'd
==3496== at 0x40054A1: free (vg_replace_malloc.c:323)
==3496== by 0x524760: _dl_close (in /lib/tls/libc-2.3.4.so)
==3496== by 0x554D59: dlclose_doit (in /lib/libdl-2.3.4.so)
==3496== by 0x4185ED: _dl_catch_error (in /lib/ld-2.3.4.so)
==3496== by 0x5552BA: _dlerror_run (in /lib/libdl-2.3.4.so)
==3496== by 0x554D89: dlclose (in /lib/libdl-2.3.4.so)
==3496== by 0x80BEE55: load_dynamic_module (loader.c:389)
==3496== by 0x80BFC9A: load_resource (loader.c:654)
==3496== by 0x80C04B5: load_modules (loader.c:855)
==3496== by 0x80732F8: main (asterisk.c:3058)
==3496==
==3496== Invalid read of size 1
==3496== at 0x524240: _dl_close (in /lib/tls/libc-2.3.4.so)
==3496== by 0x554D59: dlclose_doit (in /lib/libdl-2.3.4.so)
==3496== by 0x4185ED: _dl_catch_error (in /lib/ld-2.3.4.so)
==3496== by 0x5552BA: _dlerror_run (in /lib/libdl-2.3.4.so)
==3496== by 0x554D89: dlclose (in /lib/libdl-2.3.4.so)
==3496== by 0x80BEE55: load_dynamic_module (loader.c:389)
==3496== by 0x80BFC9A: load_resource (loader.c:654)
==3496== by 0x80C04B5: load_modules (loader.c:855)
==3496== by 0x80732F8: main (asterisk.c:3058)
==3496== Address 0x4058700 is 504 bytes inside a block of size 630
free'd
==3496== at 0x40054A1: free (vg_replace_malloc.c:323)
==3496== by 0x524760: _dl_close (in /lib/tls/libc-2.3.4.so)
==3496== by 0x554D59: dlclose_doit (in /lib/libdl-2.3.4.so)
==3496== by 0x4185ED: _dl_catch_error (in /lib/ld-2.3.4.so)
==3496== by 0x5552BA: _dlerror_run (in /lib/libdl-2.3.4.so)
==3496== by 0x554D89: dlclose (in /lib/libdl-2.3.4.so)
==3496== by 0x80BEE55: load_dynamic_module (loader.c:389)
==3496== by 0x80BFC9A: load_resource (loader.c:654)
==3496== by 0x80C04B5: load_modules (loader.c:855)
==3496== by 0x80732F8: main (asterisk.c:3058)
==3496==
==3496== Invalid read of size 4
==3496== at 0x524253: _dl_close (in /lib/tls/libc-2.3.4.so)
==3496== by 0x554D59: dlclose_doit (in /lib/libdl-2.3.4.so)
==3496== by 0x4185ED: _dl_catch_error (in /lib/ld-2.3.4.so)
==3496== by 0x5552BA: _dlerror_run (in /lib/libdl-2.3.4.so)
==3496== by 0x554D89: dlclose (in /lib/libdl-2.3.4.so)
==3496== by 0x80BEE55: load_dynamic_module (loader.c:389)
==3496== by 0x80BFC9A: load_resource (loader.c:654)
==3496== by 0x80C04B5: load_modules (loader.c:855)
==3496== by 0x80732F8: main (asterisk.c:3058)
==3496== Address 0x4058684 is 380 bytes inside a block of size 630
free'd
==3496== at 0x40054A1: free (vg_replace_malloc.c:323)
==3496== by 0x524760: _dl_close (in /lib/tls/libc-2.3.4.so)
==3496== by 0x554D59: dlclose_doit (in /lib/libdl-2.3.4.so)
==3496== by 0x4185ED: _dl_catch_error (in /lib/ld-2.3.4.so)
==3496== by 0x5552BA: _dlerror_run (in /lib/libdl-2.3.4.so)
==3496== by 0x554D89: dlclose (in /lib/libdl-2.3.4.so)
==3496== by 0x80BEE55: load_dynamic_module (loader.c:389)
==3496== by 0x80BFC9A: load_resource (loader.c:654)
==3496== by 0x80C04B5: load_modules (loader.c:855)
==3496== by 0x80732F8: main (asterisk.c:3058)
==3496==
==3496== Invalid read of size 4
==3496== at 0x52497F: _dl_close (in /lib/tls/libc-2.3.4.so)
==3496== by 0x554D59: dlclose_doit (in /lib/libdl-2.3.4.so)
==3496== by 0x4185ED: _dl_catch_error (in /lib/ld-2.3.4.so)
==3496== by 0x5552BA: _dlerror_run (in /lib/libdl-2.3.4.so)
==3496== by 0x554D89: dlclose (in /lib/libdl-2.3.4.so)
==3496== by 0x80BEE55: load_dynamic_module (loader.c:389)
==3496== by 0x80BFC9A: load_resource (loader.c:654)
==3496== by 0x80C04B5: load_modules (loader.c:855)
==3496== by 0x80732F8: main (asterisk.c:3058)
==3496== Address 0x405850c is 4 bytes inside a block of size 630 free'd
==3496== at 0x40054A1: free (vg_replace_malloc.c:323)
==3496== by 0x524760: _dl_close (in /lib/tls/libc-2.3.4.so)
==3496== by 0x554D59: dlclose_doit (in /lib/libdl-2.3.4.so)
==3496== by 0x4185ED: _dl_catch_error (in /lib/ld-2.3.4.so)
==3496== by 0x5552BA: _dlerror_run (in /lib/libdl-2.3.4.so)
==3496== by 0x554D89: dlclose (in /lib/libdl-2.3.4.so)
==3496== by 0x80BEE55: load_dynamic_module (loader.c:389)
==3496== by 0x80BFC9A: load_resource (loader.c:654)
==3496== by 0x80C04B5: load_modules (loader.c:855)
==3496== by 0x80732F8: main (asterisk.c:3058)
==3496==
==3496== Invalid read of size 1
==3496== at 0x40065C4: strlen (mc_replace_strmem.c:243)
==3496== by 0x418367: _dl_signal_error (in /lib/ld-2.3.4.so)
==3496== by 0x524992: _dl_close (in /lib/tls/libc-2.3.4.so)
==3496== by 0x554D59: dlclose_doit (in /lib/libdl-2.3.4.so)
==3496== by 0x4185ED: _dl_catch_error (in /lib/ld-2.3.4.so)
==3496== by 0x5552BA: _dlerror_run (in /lib/libdl-2.3.4.so)
==3496== by 0x554D89: dlclose (in /lib/libdl-2.3.4.so)
==3496== by 0x80BEE55: load_dynamic_module (loader.c:389)
==3496== by 0x80BFC9A: load_resource (loader.c:654)
==3496== by 0x80C04B5: load_modules (loader.c:855)
==3496== by 0x80732F8: main (asterisk.c:3058)
==3496== Address 0x40584a8 is 0 bytes inside a block of size 42 free'd
==3496== at 0x40054A1: free (vg_replace_malloc.c:323)
==3496== by 0x5246D8: _dl_close (in /lib/tls/libc-2.3.4.so)
==3496== by 0x554D59: dlclose_doit (in /lib/libdl-2.3.4.so)
==3496== by 0x4185ED: _dl_catch_error (in /lib/ld-2.3.4.so)
==3496== by 0x5552BA: _dlerror_run (in /lib/libdl-2.3.4.so)
==3496== by 0x554D89: dlclose (in /lib/libdl-2.3.4.so)
==3496== by 0x80BEE55: load_dynamic_module (loader.c:389)
==3496== by 0x80BFC9A: load_resource (loader.c:654)
==3496== by 0x80C04B5: load_modules (loader.c:855)
==3496== by 0x80732F8: main (asterisk.c:3058)
==3496==
==3496== Invalid read of size 1
==3496== at 0x40065CD: strlen (mc_replace_strmem.c:243)
==3496== by 0x418367: _dl_signal_error (in /lib/ld-2.3.4.so)
==3496== by 0x524992: _dl_close (in /lib/tls/libc-2.3.4.so)
==3496== by 0x554D59: dlclose_doit (in /lib/libdl-2.3.4.so)
==3496== by 0x4185ED: _dl_catch_error (in /lib/ld-2.3.4.so)
==3496== by 0x5552BA: _dlerror_run (in /lib/libdl-2.3.4.so)
==3496== by 0x554D89: dlclose (in /lib/libdl-2.3.4.so)
==3496== by 0x80BEE55: load_dynamic_module (loader.c:389)
==3496== by 0x80BFC9A: load_resource (loader.c:654)
==3496== by 0x80C04B5: load_modules (loader.c:855)
==3496== by 0x80732F8: main (asterisk.c:3058)
==3496== Address 0x40584a9 is 1 bytes inside a block of size 42 free'd
==3496== at 0x40054A1: free (vg_replace_malloc.c:323)
==3496== by 0x5246D8: _dl_close (in /lib/tls/libc-2.3.4.so)
==3496== by 0x554D59: dlclose_doit (in /lib/libdl-2.3.4.so)
==3496== by 0x4185ED: _dl_catch_error (in /lib/ld-2.3.4.so)
==3496== by 0x5552BA: _dlerror_run (in /lib/libdl-2.3.4.so)
==3496== by 0x554D89: dlclose (in /lib/libdl-2.3.4.so)
==3496== by 0x80BEE55: load_dynamic_module (loader.c:389)
==3496== by 0x80BFC9A: load_resource (loader.c:654)
==3496== by 0x80C04B5: load_modules (loader.c:855)
==3496== by 0x80732F8: main (asterisk.c:3058)
==3496==
==3496== Invalid read of size 2
==3496== at 0x41EB8A: memcpy (in /lib/ld-2.3.4.so)
==3496== by 0x524992: _dl_close (in /lib/tls/libc-2.3.4.so)
==3496== by 0x554D59: dlclose_doit (in /lib/libdl-2.3.4.so)
==3496== by 0x4185ED: _dl_catch_error (in /lib/ld-2.3.4.so)
==3496== by 0x5552BA: _dlerror_run (in /lib/libdl-2.3.4.so)
==3496== by 0x554D89: dlclose (in /lib/libdl-2.3.4.so)
==3496== by 0x80BEE55: load_dynamic_module (loader.c:389)
==3496== by 0x80BFC9A: load_resource (loader.c:654)
==3496== by 0x80C04B5: load_modules (loader.c:855)
==3496== by 0x80732F8: main (asterisk.c:3058)
==3496== Address 0x40584a8 is 0 bytes inside a block of size 42 free'd
==3496== at 0x40054A1: free (vg_replace_malloc.c:323)
==3496== by 0x5246D8: _dl_close (in /lib/tls/libc-2.3.4.so)
==3496== by 0x554D59: dlclose_doit (in /lib/libdl-2.3.4.so)
==3496== by 0x4185ED: _dl_catch_error (in /lib/ld-2.3.4.so)
==3496== by 0x5552BA: _dlerror_run (in /lib/libdl-2.3.4.so)
==3496== by 0x554D89: dlclose (in /lib/libdl-2.3.4.so)
==3496== by 0x80BEE55: load_dynamic_module (loader.c:389)
==3496== by 0x80BFC9A: load_resource (loader.c:654)
==3496== by 0x80C04B5: load_modules (loader.c:855)
==3496== by 0x80732F8: main (asterisk.c:3058)
==3496==
==3496== Invalid read of size 4
==3496== at 0x41EB8C: memcpy (in /lib/ld-2.3.4.so)
==3496== by 0x524992: _dl_close (in /lib/tls/libc-2.3.4.so)
==3496== by 0x554D59: dlclose_doit (in /lib/libdl-2.3.4.so)
==3496== by 0x4185ED: _dl_catch_error (in /lib/ld-2.3.4.so)
==3496== by 0x5552BA: _dlerror_run (in /lib/libdl-2.3.4.so)
==3496== by 0x554D89: dlclose (in /lib/libdl-2.3.4.so)
==3496== by 0x80BEE55: load_dynamic_module (loader.c:389)
==3496== by 0x80BFC9A: load_resource (loader.c:654)
==3496== by 0x80C04B5: load_modules (loader.c:855)
==3496== by 0x80732F8: main (asterisk.c:3058)
==3496== Address 0x40584aa is 2 bytes inside a block of size 42 free'd
==3496== at 0x40054A1: free (vg_replace_malloc.c:323)
==3496== by 0x5246D8: _dl_close (in /lib/tls/libc-2.3.4.so)
==3496== by 0x554D59: dlclose_doit (in /lib/libdl-2.3.4.so)
==3496== by 0x4185ED: _dl_catch_error (in /lib/ld-2.3.4.so)
==3496== by 0x5552BA: _dlerror_run (in /lib/libdl-2.3.4.so)
==3496== by 0x554D89: dlclose (in /lib/libdl-2.3.4.so)
==3496== by 0x80BEE55: load_dynamic_module (loader.c:389)
==3496== by 0x80BFC9A: load_resource (loader.c:654)
==3496== by 0x80C04B5: load_modules (loader.c:855)
==3496== by 0x80732F8: main (asterisk.c:3058)
==3496==
==3496== Invalid read of size 1
==3496== at 0x41EB85: memcpy (in /lib/ld-2.3.4.so)
==3496== by 0x524992: _dl_close (in /lib/tls/libc-2.3.4.so)
==3496== by 0x554D59: dlclose_doit (in /lib/libdl-2.3.4.so)
==3496== by 0x4185ED: _dl_catch_error (in /lib/ld-2.3.4.so)
==3496== by 0x5552BA: _dlerror_run (in /lib/libdl-2.3.4.so)
==3496== by 0x554D89: dlclose (in /lib/libdl-2.3.4.so)
==3496== by 0x80BEE55: load_dynamic_module (loader.c:389)
==3496== by 0x80BFC9A: load_resource (loader.c:654)
==3496== by 0x80C04B5: load_modules (loader.c:855)
==3496== by 0x80732F8: main (asterisk.c:3058)
==3496== Address 0x4058bb0 is 0 bytes inside a block of size 41 free'd
==3496== at 0x40054A1: free (vg_replace_malloc.c:323)
==3496== by 0x5246D8: _dl_close (in /lib/tls/libc-2.3.4.so)
==3496== by 0x554D59: dlclose_doit (in /lib/libdl-2.3.4.so)
==3496== by 0x4185ED: _dl_catch_error (in /lib/ld-2.3.4.so)
==3496== by 0x5552BA: _dlerror_run (in /lib/libdl-2.3.4.so)
==3496== by 0x554D89: dlclose (in /lib/libdl-2.3.4.so)
==3496== by 0x80BEE55: load_dynamic_module (loader.c:389)
==3496== by 0x80BFC9A: load_resource (loader.c:654)
==3496== by 0x80C04B5: load_modules (loader.c:855)
==3496== by 0x80732F8: main (asterisk.c:3058)
==3496==
==3496== Syscall param ioctl(arg) contains uninitialised byte(s)
==3496== at 0x4E7249: ioctl (in /lib/tls/libc-2.3.4.so)
==3496== by 0x570977B: snd_pcm_prepare (pcm.c:1015)
==3496== by 0x570982D: snd_pcm_hw_params (pcm.c:818)
==3496== by 0x5740E51: snd1_pcm_direct_initialize_slave
(pcm_direct.c:973)
==3496== by 0x573F1B1: snd_pcm_dsnoop_open (pcm_dsnoop.c:583)
==3496== by 0x573F4FE: _snd_pcm_dsnoop_open (pcm_dsnoop.c:790)
==3496== by 0x570B227: snd_pcm_open_conf (pcm.c:2114)
==3496== by 0x570B812: snd_pcm_open_noupdate (pcm.c:2152)
==3496== by 0x570BA00: snd1_pcm_open_named_slave (pcm.c:2239)
==3496== by 0x5742A15: _snd_pcm_asym_open (pcm_asym.c:112)
==3496== by 0x570B227: snd_pcm_open_conf (pcm.c:2114)
==3496== by 0x570B812: snd_pcm_open_noupdate (pcm.c:2152)
==3496==
==3496== Syscall param ioctl(arg) contains uninitialised byte(s)
==3496== at 0x4E7249: ioctl (in /lib/tls/libc-2.3.4.so)
==3496== by 0x5709C47: snd_pcm_start (pcm.c:1047)
==3496== by 0x5741178: snd1_pcm_direct_initialize_slave
(pcm_direct.c:1045)
==3496== by 0x573F1B1: snd_pcm_dsnoop_open (pcm_dsnoop.c:583)
==3496== by 0x573F4FE: _snd_pcm_dsnoop_open (pcm_dsnoop.c:790)
==3496== by 0x570B227: snd_pcm_open_conf (pcm.c:2114)
==3496== by 0x570B812: snd_pcm_open_noupdate (pcm.c:2152)
==3496== by 0x570BA00: snd1_pcm_open_named_slave (pcm.c:2239)
==3496== by 0x5742A15: _snd_pcm_asym_open (pcm_asym.c:112)
==3496== by 0x570B227: snd_pcm_open_conf (pcm.c:2114)
==3496== by 0x570B812: snd_pcm_open_noupdate (pcm.c:2152)
==3496== by 0x570BA00: snd1_pcm_open_named_slave (pcm.c:2239)
==3496==
==3496== Syscall param ioctl(arg) contains uninitialised byte(s)
==3496== at 0x4E7249: ioctl (in /lib/tls/libc-2.3.4.so)
==3496== by 0x5709C47: snd_pcm_start (pcm.c:1047)
==3496== by 0x5741178: snd1_pcm_direct_initialize_slave
(pcm_direct.c:1045)
==3496== by 0x573C18B: snd_pcm_dmix_open (pcm_dmix.c:1006)
==3496== by 0x573C772: _snd_pcm_dmix_open (pcm_dmix.c:1297)
==3496== by 0x570B227: snd_pcm_open_conf (pcm.c:2114)
==3496== by 0x570B812: snd_pcm_open_noupdate (pcm.c:2152)
==3496== by 0x570BA00: snd1_pcm_open_named_slave (pcm.c:2239)
==3496== by 0x5742A15: _snd_pcm_asym_open (pcm_asym.c:112)
==3496== by 0x570B227: snd_pcm_open_conf (pcm.c:2114)
==3496== by 0x570B812: snd_pcm_open_noupdate (pcm.c:2152)
==3496== by 0x570BA00: snd1_pcm_open_named_slave (pcm.c:2239)
==3496==
==3496== Thread 29:
==3496== Syscall param ioctl(arg) contains uninitialised byte(s)
==3496== at 0x4E7249: ioctl (in /lib/tls/libc-2.3.4.so)
==3496== by 0x570999B: snd_pcm_hwsync (pcm.c:932)
==3496== by 0x573E7CB: snd_pcm_dsnoop_start (pcm_dsnoop.c:268)
==3496== by 0x5709C47: snd_pcm_start (pcm.c:1047)
==3496== by 0x571AEF6: snd1_pcm_generic_start (pcm_generic.c:155)
==3496== by 0x5709C47: snd_pcm_start (pcm.c:1047)
==3496== by 0x572593F: snd_pcm_rate_start (pcm_rate.c:1131)
==3496== by 0x5709C47: snd_pcm_start (pcm.c:1047)
==3496== by 0x56B1993: ??? (chan_alsa.c:538)
==3496== by 0x808EA49: ast_call (channel.c:3042)
==3496== by 0x4528D8B: ??? (app_dial.c:1249)
==3496== by 0x452B792: ??? (app_dial.c:1753)
==3496==
==3496== Syscall param ioctl(arg) contains uninitialised byte(s)
==3496== at 0x4E7249: ioctl (in /lib/tls/libc-2.3.4.so)
==3496== by 0x574A649: snd_timer_start (timer.c:908)
==3496== by 0x573E7E8: snd_pcm_dsnoop_start (pcm_dsnoop.c:270)
==3496== by 0x5709C47: snd_pcm_start (pcm.c:1047)
==3496== by 0x571AEF6: snd1_pcm_generic_start (pcm_generic.c:155)
==3496== by 0x5709C47: snd_pcm_start (pcm.c:1047)
==3496== by 0x572593F: snd_pcm_rate_start (pcm_rate.c:1131)
==3496== by 0x5709C47: snd_pcm_start (pcm.c:1047)
==3496== by 0x56B1993: ??? (chan_alsa.c:538)
==3496== by 0x808EA49: ast_call (channel.c:3042)
==3496== by 0x4528D8B: ??? (app_dial.c:1249)
==3496== by 0x452B792: ??? (app_dial.c:1753)
==3496==
==3496== Syscall param ioctl(arg) contains uninitialised byte(s)
==3496== at 0x4E7249: ioctl (in /lib/tls/libc-2.3.4.so)
==3496== by 0x570999B: snd_pcm_hwsync (pcm.c:932)
==3496== by 0x573E3BD: snd_pcm_dsnoop_sync_ptr (pcm_dsnoop.c:127)
==3496== by 0x570999B: snd_pcm_hwsync (pcm.c:932)
==3496== by 0x571AEA6: snd1_pcm_generic_hwsync (pcm_generic.c:143)
==3496== by 0x570999B: snd_pcm_hwsync (pcm.c:932)
==3496== by 0x57245C8: snd_pcm_rate_hwsync (pcm_rate.c:624)
==3496== by 0x570999B: snd_pcm_hwsync (pcm.c:932)
==3496== by 0x570FDFA: snd1_pcm_read_areas (pcm.c:6376)
==3496== by 0x5719C5F: snd_pcm_mmap_readi (pcm_mmap.c:236)
==3496== by 0x570A139: snd_pcm_readi (pcm_local.h:521)
==3496== by 0x56B204E: ??? (chan_alsa.c:683)
==3496==
==3496== Syscall param ioctl(arg) contains uninitialised byte(s)
==3496== at 0x4E7249: ioctl (in /lib/tls/libc-2.3.4.so)
==3496== by 0x574A691: snd_timer_stop (timer.c:919)
==3496== by 0x574027D: snd1_pcm_direct_timer_stop (pcm_direct.c:542)
==3496== by 0x573AFA6: snd_pcm_dmix_drop (pcm_dmix.c:598)
==3496== by 0x5709297: snd_pcm_drop (pcm.c:1068)
==3496== by 0x571AF1E: snd1_pcm_generic_drop (pcm_generic.c:161)
==3496== by 0x5709297: snd_pcm_drop (pcm.c:1068)
==3496== by 0x571AF1E: snd1_pcm_generic_drop (pcm_generic.c:161)
==3496== by 0x5709297: snd_pcm_drop (pcm.c:1068)
==3496== by 0x56B1C7C: ??? (chan_alsa.c:604)
==3496== by 0x808DC91: ast_write (channel.c:2727)
==3496== by 0x809173A: ast_generic_bridge (channel.c:3859)
==3496==
==3496== Syscall param ioctl(arg) contains uninitialised byte(s)
==3496== at 0x4E7249: ioctl (in /lib/tls/libc-2.3.4.so)
==3496== by 0x570999B: snd_pcm_hwsync (pcm.c:932)
==3496== by 0x573AE60: snd_pcm_dmix_start_timer (pcm_dmix.c:562)
==3496== by 0x573AF27: snd_pcm_dmix_start (pcm_dmix.c:585)
==3496== by 0x5709C47: snd_pcm_start (pcm.c:1047)
==3496== by 0x571AEF6: snd1_pcm_generic_start (pcm_generic.c:155)
==3496== by 0x5709C47: snd_pcm_start (pcm.c:1047)
==3496== by 0x572593F: snd_pcm_rate_start (pcm_rate.c:1131)
==3496== by 0x5709C47: snd_pcm_start (pcm.c:1047)
==3496== by 0x5710074: snd1_pcm_write_areas (pcm.c:6483)
==3496== by 0x5719B9F: snd_pcm_mmap_writei (pcm_mmap.c:186)
==3496== by 0x5709F41: snd_pcm_writei (pcm_local.h:511)
==3496==
==3496== Syscall param ioctl(arg) contains uninitialised byte(s)
==3496== at 0x4E7249: ioctl (in /lib/tls/libc-2.3.4.so)
==3496== by 0x574A649: snd_timer_start (timer.c:908)
==3496== by 0x573AE75: snd_pcm_dmix_start_timer (pcm_dmix.c:564)
==3496== by 0x573AF27: snd_pcm_dmix_start (pcm_dmix.c:585)
==3496== by 0x5709C47: snd_pcm_start (pcm.c:1047)
==3496== by 0x571AEF6: snd1_pcm_generic_start (pcm_generic.c:155)
==3496== by 0x5709C47: snd_pcm_start (pcm.c:1047)
==3496== by 0x572593F: snd_pcm_rate_start (pcm_rate.c:1131)
==3496== by 0x5709C47: snd_pcm_start (pcm.c:1047)
==3496== by 0x5710074: snd1_pcm_write_areas (pcm.c:6483)
==3496== by 0x5719B9F: snd_pcm_mmap_writei (pcm_mmap.c:186)
==3496== by 0x5709F41: snd_pcm_writei (pcm_local.h:511)
==3496==
==3496== Syscall param ioctl(arg) contains uninitialised byte(s)
==3496== at 0x4E7249: ioctl (in /lib/tls/libc-2.3.4.so)
==3496== by 0x570999B: snd_pcm_hwsync (pcm.c:932)
==3496== by 0x573A9D6: snd_pcm_dmix_sync_ptr (pcm_dmix.c:398)
==3496== by 0x570999B: snd_pcm_hwsync (pcm.c:932)
==3496== by 0x571AEA6: snd1_pcm_generic_hwsync (pcm_generic.c:143)
==3496== by 0x570999B: snd_pcm_hwsync (pcm.c:932)
==3496== by 0x57245C8: snd_pcm_rate_hwsync (pcm_rate.c:624)
==3496== by 0x570999B: snd_pcm_hwsync (pcm.c:932)
==3496== by 0x570FF90: snd1_pcm_write_areas (pcm.c:6445)
==3496== by 0x5719B9F: snd_pcm_mmap_writei (pcm_mmap.c:186)
==3496== by 0x5709F41: snd_pcm_writei (pcm_local.h:511)
==3496== by 0x56B1D70: ??? (chan_alsa.c:624)
==3496==
==3496== Syscall param ioctl(arg) contains uninitialised byte(s)
==3496== at 0x4E7249: ioctl (in /lib/tls/libc-2.3.4.so)
==3496== by 0x574A691: snd_timer_stop (timer.c:919)
==3496== by 0x573AA6E: snd_pcm_dmix_sync_ptr (pcm_dmix.c:420)
==3496== by 0x570999B: snd_pcm_hwsync (pcm.c:932)
==3496== by 0x571AEA6: snd1_pcm_generic_hwsync (pcm_generic.c:143)
==3496== by 0x570999B: snd_pcm_hwsync (pcm.c:932)
==3496== by 0x57245C8: snd_pcm_rate_hwsync (pcm_rate.c:624)
==3496== by 0x570999B: snd_pcm_hwsync (pcm.c:932)
==3496== by 0x570FF90: snd1_pcm_write_areas (pcm.c:6445)
==3496== by 0x5719B9F: snd_pcm_mmap_writei (pcm_mmap.c:186)
==3496== by 0x5709F41: snd_pcm_writei (pcm_local.h:511)
==3496== by 0x56B1D70: ??? (chan_alsa.c:624)
==3496==
==3496== Syscall param ioctl(arg) contains uninitialised byte(s)
==3496== at 0x4E7249: ioctl (in /lib/tls/libc-2.3.4.so)
==3496== by 0x570999B: snd_pcm_hwsync (pcm.c:932)
==3496== by 0x573A9D6: snd_pcm_dmix_sync_ptr (pcm_dmix.c:398)
==3496== by 0x573B8A8: snd_pcm_dmix_avail_update (pcm_dmix.c:815)
==3496== by 0x570BC97: snd_pcm_avail_update (pcm.c:2361)
==3496== by 0x571BEB7: snd_pcm_plugin_avail_update (pcm_plugin.c:459)
==3496== by 0x570BC97: snd_pcm_avail_update (pcm.c:2361)
==3496== by 0x57250FF: snd_pcm_rate_avail_update (pcm_rate.c:991)
==3496== by 0x570BC97: snd_pcm_avail_update (pcm.c:2361)
==3496== by 0x570FFA5: snd1_pcm_write_areas (pcm.c:6449)
==3496== by 0x5719B9F: snd_pcm_mmap_writei (pcm_mmap.c:186)
==3496== by 0x5709F41: snd_pcm_writei (pcm_local.h:511)
==3496==
==3496== Syscall param ioctl(arg) contains uninitialised byte(s)
==3496== at 0x4E7249: ioctl (in /lib/tls/libc-2.3.4.so)
==3496== by 0x574A691: snd_timer_stop (timer.c:919)
==3496== by 0x573AA6E: snd_pcm_dmix_sync_ptr (pcm_dmix.c:420)
==3496== by 0x573B8A8: snd_pcm_dmix_avail_update (pcm_dmix.c:815)
==3496== by 0x570BC97: snd_pcm_avail_update (pcm.c:2361)
==3496== by 0x571BC39: snd_pcm_plugin_mmap_commit (pcm_plugin.c:402)
==3496== by 0x570FBC5: snd_pcm_mmap_commit (pcm.c:6306)
==3496== by 0x5724D48: snd_pcm_rate_commit_area (pcm_rate.c:737)
==3496== by 0x572504A: snd_pcm_rate_sync_playback_area
(pcm_rate.c:823)
==3496== by 0x57250AB: snd_pcm_rate_mmap_commit (pcm_rate.c:975)
==3496== by 0x570FBC5: snd_pcm_mmap_commit (pcm.c:6306)
==3496== by 0x57199B1: snd_pcm_mmap_write_areas (pcm_mmap.c:123)
==3496==
==3496== Syscall param ioctl(arg) contains uninitialised byte(s)
==3496== at 0x4E7249: ioctl (in /lib/tls/libc-2.3.4.so)
==3496== by 0x570999B: snd_pcm_hwsync (pcm.c:932)
==3496== by 0x573A9D6: snd_pcm_dmix_sync_ptr (pcm_dmix.c:398)
==3496== by 0x573B7DF: snd_pcm_dmix_mmap_commit (pcm_dmix.c:796)
==3496== by 0x570FBC5: snd_pcm_mmap_commit (pcm.c:6306)
==3496== by 0x571BD5F: snd_pcm_plugin_mmap_commit (pcm_plugin.c:426)
==3496== by 0x570FBC5: snd_pcm_mmap_commit (pcm.c:6306)
==3496== by 0x5724D48: snd_pcm_rate_commit_area (pcm_rate.c:737)
==3496== by 0x572504A: snd_pcm_rate_sync_playback_area
(pcm_rate.c:823)
==3496== by 0x57250AB: snd_pcm_rate_mmap_commit (pcm_rate.c:975)
==3496== by 0x570FBC5: snd_pcm_mmap_commit (pcm.c:6306)
==3496== by 0x57199B1: snd_pcm_mmap_write_areas (pcm_mmap.c:123)
==3496==
==3496== Syscall param ioctl(arg) contains uninitialised byte(s)
==3496== at 0x4E7249: ioctl (in /lib/tls/libc-2.3.4.so)
==3496== by 0x574A691: snd_timer_stop (timer.c:919)
==3496== by 0x573E87B: snd_pcm_dsnoop_drop (pcm_dsnoop.c:283)
==3496== by 0x5709297: snd_pcm_drop (pcm.c:1068)
==3496== by 0x571AF1E: snd1_pcm_generic_drop (pcm_generic.c:161)
==3496== by 0x5709297: snd_pcm_drop (pcm.c:1068)
==3496== by 0x571AF1E: snd1_pcm_generic_drop (pcm_generic.c:161)
==3496== by 0x5709297: snd_pcm_drop (pcm.c:1068)
==3496== by 0x56B1BBB: ??? (chan_alsa.c:582)
==3496== by 0x8089603: ast_hangup (channel.c:1485)
==3496== by 0x452AE7C: ??? (app_dial.c:1719)
==3496== by 0x452B792: ??? (app_dial.c:1753)
==3496==
==3496== Syscall param ioctl(arg) contains uninitialised byte(s)
==3496== at 0x4E7249: ioctl (in /lib/tls/libc-2.3.4.so)
==3496== by 0x570999B: snd_pcm_hwsync (pcm.c:932)
==3496== by 0x573E3BD: snd_pcm_dsnoop_sync_ptr (pcm_dsnoop.c:127)
==3496== by 0x573EC00: snd_pcm_dsnoop_avail_update (pcm_dsnoop.c:400)
==3496== by 0x570BC97: snd_pcm_avail_update (pcm.c:2361)
==3496== by 0x571BEB7: snd_pcm_plugin_avail_update (pcm_plugin.c:459)
==3496== by 0x570BC97: snd_pcm_avail_update (pcm.c:2361)
==3496== by 0x57250FF: snd_pcm_rate_avail_update (pcm_rate.c:991)
==3496== by 0x570BC97: snd_pcm_avail_update (pcm.c:2361)
==3496== by 0x570FDB4: snd1_pcm_read_areas (pcm.c:6380)
==3496== by 0x5719C5F: snd_pcm_mmap_readi (pcm_mmap.c:236)
==3496== by 0x570A139: snd_pcm_readi (pcm_local.h:521)
==3496==
==3496== Syscall param ioctl(arg) contains uninitialised byte(s)
==3496== at 0x4E7249: ioctl (in /lib/tls/libc-2.3.4.so)
==3496== by 0x570999B: snd_pcm_hwsync (pcm.c:932)
==3496== by 0x573E3BD: snd_pcm_dsnoop_sync_ptr (pcm_dsnoop.c:127)
==3496== by 0x573EBAC: snd_pcm_dsnoop_mmap_commit (pcm_dsnoop.c:383)
==3496== by 0x570FBC5: snd_pcm_mmap_commit (pcm.c:6306)
==3496== by 0x571C046: snd_pcm_plugin_avail_update (pcm_plugin.c:500)
==3496== by 0x570BC97: snd_pcm_avail_update (pcm.c:2361)
==3496== by 0x57250FF: snd_pcm_rate_avail_update (pcm_rate.c:991)
==3496== by 0x570BC97: snd_pcm_avail_update (pcm.c:2361)
==3496== by 0x570FDB4: snd1_pcm_read_areas (pcm.c:6380)
==3496== by 0x5719C5F: snd_pcm_mmap_readi (pcm_mmap.c:236)
==3496== by 0x570A139: snd_pcm_readi (pcm_local.h:521)
==3496==
==3496== Invalid read of size 4
==3496== at 0x808B369: __ast_read (channel.c:2052)
==3496== by 0x808C7BE: ast_read (channel.c:2348)
==3496== by 0x80914AF: ast_generic_bridge (channel.c:3800)
==3496== by 0x80926A1: ast_channel_bridge (channel.c:4114)
==3496== by 0x44C009D: ast_bridge_call (res_features.c:1422)
==3496== by 0x452AD86: ??? (app_dial.c:1699)
==3496== by 0x452B792: ??? (app_dial.c:1753)
==3496== by 0x80D0F63: pbx_exec (strings.h:35)
==3496== by 0x80D4A0B: pbx_extension_helper (pbx.c:1862)
==3496== by 0x80D5D83: ast_spawn_extension (pbx.c:2317)
==3496== by 0x80D6301: __ast_pbx_run (pbx.c:2419)
==3496== by 0x80D70EE: pbx_thread (pbx.c:2636)
==3496== Address 0xfff0001c is not stack'd, malloc'd or (recently)
free'd
==3496==
==3496== Process terminating with default action of signal 11 (SIGSEGV):
dumping core
==3496== Access not within mapped region at address 0xFFF0001C
==3496== at 0x808B369: __ast_read (channel.c:2052)
==3496== by 0x808C7BE: ast_read (channel.c:2348)
==3496== by 0x80914AF: ast_generic_bridge (channel.c:3800)
==3496== by 0x80926A1: ast_channel_bridge (channel.c:4114)
==3496== by 0x44C009D: ast_bridge_call (res_features.c:1422)
==3496== by 0x452AD86: ??? (app_dial.c:1699)
==3496== by 0x452B792: ??? (app_dial.c:1753)
==3496== by 0x80D0F63: pbx_exec (strings.h:35)
==3496== by 0x80D4A0B: pbx_extension_helper (pbx.c:1862)
==3496== by 0x80D5D83: ast_spawn_extension (pbx.c:2317)
==3496== by 0x80D6301: __ast_pbx_run (pbx.c:2419)
==3496== by 0x80D70EE: pbx_thread (pbx.c:2636)
==3496==
==3496== ERROR SUMMARY: 7833 errors from 27 contexts (suppressed: 620 from
2)
==3496== malloc/free: in use at exit: 1,504,710 bytes in 7,832 blocks.
==3496== malloc/free: 13,688 allocs, 5,856 frees, 2,811,329 bytes
allocated.
==3496== For counts of detected errors, rerun with: -v
==3496== searching for pointers to 7,832 not-freed blocks.
==3496== checked 17,994,672 bytes.
==3496==
==3496== LEAK SUMMARY:
==3496== definitely lost: 1,171 bytes in 31 blocks.
==3496== possibly lost: 15,304 bytes in 350 blocks.
==3496== still reachable: 1,488,235 bytes in 7,451 blocks.
==3496== suppressed: 0 bytes in 0 blocks.
==3496== Rerun with --leak-check=full to see details of leaked memory.
Issue History
Date Modified Username Field Change
======================================================================
2008-08-01 14:46 Geisj Note Added: 0091000
======================================================================
More information about the asterisk-bugs
mailing list