[asterisk-bugs] [JIRA] (ASTERISK-22083) res_musiconhold segfault in free, in moh_scan_files

Shlomi Gutman (JIRA) noreply at issues.asterisk.org
Thu May 22 09:40:44 CDT 2014 

    [ https://issues.asterisk.org/jira/browse/ASTERISK-22083?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=218391#comment-218391 ] 

Shlomi Gutman commented on ASTERISK-22083:
------------------------------------------

Is there any relation to that all crashes of music on hold is happening when using from queue application?
{quote}
#0  0x0000003a5ca30285 in raise () from /lib64/libc.so.6
(gdb) bt
#0  0x0000003a5ca30285 in raise () from /lib64/libc.so.6
#1  0x0000003a5ca31d30 in abort () from /lib64/libc.so.6
#2  0x0000003a5ca6971b in __libc_message () from /lib64/libc.so.6
#3  0x0000003a5ca711df in _int_free () from /lib64/libc.so.6
#4  0x0000003a5ca7163b in free () from /lib64/libc.so.6
#5  0x00002aaace58669d in moh_scan_files (class=0x2aaab12ed278) at res_musiconhold.c:1066
#6  0x00002aaace58add7 in local_ast_moh_start (chan=0x2aab680ac3b8, mclass=0x42692668 "moh_389", interpclass=0x0) at res_musiconhold.c:1518
#7  0x00002aaab40176d2 in say_periodic_announcement (qe=0x42692660, ringing=0) at app_queue.c:3602
#8  0x00002aaab40201c7 in wait_our_turn (chan=0x2aab680ac3b8, data=<value optimized out>) at app_queue.c:4334
#9  queue_exec (chan=0x2aab680ac3b8, data=<value optimized out>) at app_queue.c:6325
#10 0x00000000004ee7bf in pbx_exec (c=0x2aab680ac3b8, app=0x2aaaac0ddb70, data=0x42695990 "queue_10131,t,,blank,1800,,,sub-queue-onanswer") at pbx.c:1446
#11 0x00000000004fe99c in pbx_extension_helper (c=0x2aab680ac3b8, con=<value optimized out>, context=0x2aab680ac910 "asterisk-queue-blc", exten=0x2aab680ac960 "036476661", priority=17, label=0x0,
    callerid=0x2aab680a7310 "05000000", action=E_SPAWN, found=0x4269800c, combined_find_spawn=1) at pbx.c:4489
#12 0x000000000050198b in ast_spawn_extension (c=0x2aab680ac3b8, args=0x0) at pbx.c:5127
#13 __ast_pbx_run (c=0x2aab680ac3b8, args=0x0) at pbx.c:5230
#14 0x0000000000503e6b in pbx_thread (data=0x52e7) at pbx.c:5571
#15 0x000000000053beac in dummy_start (data=<value optimized out>) at utils.c:1075
#16 0x0000003a5d20677d in start_thread () from /lib64/libpthread.so.0
#17 0x0000003a5cad3c1d in clone () from /lib64/libc.so.6
(gdb) bt full
#0  0x0000003a5ca30285 in raise () from /lib64/libc.so.6
No symbol table info available.
#1  0x0000003a5ca31d30 in abort () from /lib64/libc.so.6
No symbol table info available.
#2  0x0000003a5ca6971b in __libc_message () from /lib64/libc.so.6
No symbol table info available.
#3  0x0000003a5ca711df in _int_free () from /lib64/libc.so.6
No symbol table info available.
#4  0x0000003a5ca7163b in free () from /lib64/libc.so.6
No symbol table info available.
#5  0x00002aaace58669d in moh_scan_files (class=0x2aaab12ed278) at res_musiconhold.c:1066
        files_DIR = 0x2aab2802e070
        files_dirent = <value optimized out>
        dir_path = "/var/lib/asterisk/mohmp3/moh_389/\000\000B\000\000\000\000@\021iB\000\000\000\000`#iB\000\000\000\000\035XK\000\000\000\000\000\070?DS\000hC\024 \313\304\364f\366\304\364\212\250\304\372r\306\304\354\272\347?\002\301\304\020p\"\305\034\232^\305P;\004\305@\256\033\303\030H at D\000\236A¼\201\275D\351\205ZE\216\017\260E\260\365\315E\357\370\300E\211v\205E<\005?D\323\064\227?\344\067\305D\352U\305\376\321+\305$\201\262\304V*\243\304 8_\302=qmD\274\310\361D\233\333fD\320a\025½\004\314\304\000\244\357\304!\027:\305\000m>\305,|N?\301\244\304?\254\272\304D\372\026\304X\346\307\303\360\327\020CP\370\332BC\b\260C\344\375-EhshE\317&\233E\250\022\237E,\367\262ER\343\312E<\003\304E4\363\346E\202\316\bF&\363\017F-\207\fF<\203\322Esiren14\000\334\000\n \000\000\000\000\334\000\n \000\000\000\000"...
        path = "/var/lib/asterisk/mohmp3/moh_389\000L9,\253*\000\000\001\000\000\000\000\000\000\000\200\002iB\000\000\000\000;\026\247\\:\000\000\000/tmp\000\000\000\200\370\016iB\000\000\000\000A\000\000\000\000\000\000\000\377\037\000\000\000\000\000\000\260L9,\253*\000\000\370\016iB", '\000' <repeats 12 times>"\266, \346B\000\000\000\000\000\300\026iB\000\000\000\000\060\025iB\000\000\000\000 \000\000\000\060\000\000\000\002\000\000\000\000\000\000\000\320\027iB\000\000\000\000\240\002iB\000\000\000\000\000\000\000\000\376\377\377\377\v\000\000\000\000\000\000\000\060\025iB\000\000\000\000\246\376\243]:", '\000' <repeats 17 times>, "`A\000\000\000\000\000\000\000\000"...
        filepath = "/var/lib/asterisk/mohmp3/moh_389//26905_389_12032013215341\000g729\000/var/lib/asterisk/mohmp3/moh_389//26905_389_12032013215341\000g729\000\220\362hB", '\000' <repeats 36 times>"\226, \000\000\000\n", '\000' <repeats 11 times>"\360, \361hB", '\000' <repeats 12 times>"\357, \023iB\000\000\000\000)\364hB\000\000\000\000)\364hB\000\000\000\000\200$iB\000\000\000\000b\037\002\264\252*\000\000\306"...
        statbuf = {st_dev = 1114186256, st_ino = 0, st_nlink = 0, st_mode = 0, st_uid = 0, st_gid = 0, pad0 = 53, st_rdev = 227633266688, st_size = 46912605442680, st_blksize = 46913094705280, st_blocks = 0, st_atim = {tv_sec = 0,
            tv_nsec = 0}, st_mtim = {tv_sec = 525996840, tv_nsec = 0}, st_ctim = {tv_sec = 8394054, tv_nsec = 1114187368}, __unused = {0, 0, 1114186256}}
        i = 1
        __PRETTY_FUNCTION__ = "moh_scan_files"
#6  0x00002aaace58add7 in local_ast_moh_start (chan=0x2aab680ac3b8, mclass=0x42692668 "moh_389", interpclass=0x0) at res_musiconhold.c:1518
        mohclass = 0x2aaab12ed278
        var = 0x0
        res = -1
        realtime_possible = 1
        __PRETTY_FUNCTION__ = "local_ast_moh_start"
        __FUNCTION__ = "local_ast_moh_start"
#7  0x00002aaab40176d2 in say_periodic_announcement (qe=0x42692660, ringing=0) at app_queue.c:3602
        res = 0
        now = 1397039323
        __PRETTY_FUNCTION__ = "say_periodic_announcement"
#8  0x00002aaab40201c7 in wait_our_turn (chan=0x2aab680ac3b8, data=<value optimized out>) at app_queue.c:4334
No locals.
#9  queue_exec (chan=0x2aab680ac3b8, data=<value optimized out>) at app_queue.c:6325
        res = 0
        ringing = 0
        user_priority = <value optimized out>
        max_penalty_str = <value optimized out>
        min_penalty_str = <value optimized out>
        prio = 0
        qcontinue = 0
        max_penalty = 0
        min_penalty = 0
        reason = QUEUE_UNKNOWN
        tries = 0
        noption = 0
        makeannouncement = <value optimized out>
        position = <value optimized out>
        args = {argc = 8, argv = 0x426937f8, queuename = 0x42692610 "queue_10131", options = 0x4269261c "t", url = 0x4269261e "", announceoverride = 0x4269261f "blank", queuetimeoutstr = 0x42692625 "1800", agi = 0x4269262a "",
          macro = 0x4269262b "", gosub = 0x4269262c "sub-queue-onanswer", rule = 0x0, position = 0x0}
---Type <return> to continue, or q <return> to quit---
        qe = {parent = 0x2aaad4334fd8, moh = "moh_389", '\000' <repeats 72 times>, announce = "/var/lib/asterisk/sounds/blc/user_rec/26905_04032013170704", '\000' <repeats 4037 times>, context = '\000' <repeats 79 times>,
          digits = '\000' <repeats 79 times>, valid_digits = 0, pos = 2, prio = 0, last_pos_said = 0, ring_when_ringing = 0, last_periodic_announce_time = 1397039293, last_periodic_announce_sound = 0, last_pos = 0, opos = 4,
          handled = 0, pending = 0, max_penalty = 0, min_penalty = 0, linpos = 0, linwrapped = 0, start = 1397039113, expire = 1397040913, cancel_answered_elsewhere = 0, chan = 0x2aab680ac3b8, qe_rules = {first = 0x0, last = 0x0},
          pr = 0x0, next = 0x47586660}
        __PRETTY_FUNCTION__ = "queue_exec"
#10 0x00000000004ee7bf in pbx_exec (c=0x2aab680ac3b8, app=0x2aaaac0ddb70, data=0x42695990 "queue_10131,t,,blank,1800,,,sub-queue-onanswer") at pbx.c:1446
        res = <value optimized out>
        u = 0x2aab2c134c60
        saved_c_appl = 0x0
        saved_c_data = 0x0
        __PRETTY_FUNCTION__ = "pbx_exec"
#11 0x00000000004fe99c in pbx_extension_helper (c=0x2aab680ac3b8, con=<value optimized out>, context=0x2aab680ac910 "asterisk-queue-blc", exten=0x2aab680ac960 "030000000000", priority=17, label=0x0,
    callerid=0x2aab680a7310 "0500000000", action=E_SPAWN, found=0x4269800c, combined_find_spawn=1) at pbx.c:4489
        e = <value optimized out>
        app = 0x2aaaac0ddb70
        res = <value optimized out>
        q = {incstack = {0x0 <repeats 128 times>}, stacklen = 0, status = 5, swo = 0x0, data = 0x0, foundcontext = 0x2aab680ac910 "asterisk-queue-blc"}
        passdata = "queue_10131,t,,blank,1800,,,sub-queue-onanswer\000/FDcwXzuO\000e89\000\000\000\000``iB\000\000\000\000\340giB\000\000\000\000\340giB\000\000\000\000\340giB", '\000' <repeats 12 times>"\377, \377\377\377\377\377\377\377\377giB\023\000\000\000\026\242X", '\000' <repeats 13 times>, "\030_iB\000\000\000\000\000\000\000\000\001\000\000\000\v", '\000' <repeats 31 times>, " [iB", '\000' <repeats 52 times>, " \000\000\000\000\000\000\000P\000\000\000\000\000\000\000\377\377\377s", '\000' <repeats 12 times>"\377, \377\377\377\060\000\000\000`\004\325\\:", '\000' <repeats 11 times>"\340"...
        matching_action = 0
        __PRETTY_FUNCTION__ = "pbx_extension_helper"
#12 0x000000000050198b in ast_spawn_extension (c=0x2aab680ac3b8, args=0x0) at pbx.c:5127
No locals.
#13 __ast_pbx_run (c=0x2aab680ac3b8, args=0x0) at pbx.c:5230
        digit = <value optimized out>
        invalid = <value optimized out>
        dst_exten = "\000\200iB\000\000\000\000\020\200iB", '\000' <repeats 12 times>, "\030\200iB", '\000' <repeats 20 times>, "\030", '\000' <repeats 47 times>, " \200iB\000\000\000\000(\200iB\000\000\000\000\060\200iB\000\000\000\000\070\200iB\000\000\000\000\000\000\000\000\001\000\000\000\000\000\000\000\004\000\000\000P\200iB\000\000\000\000\244\323 ]:", '\000' <repeats 27 times>"\340, )\325\\:", '\000' <repeats 11 times>"\240, \367\236 \000\000\000\000`\b\002\000\000\000\000\000\340)\325\\:\000\000\000\030\000\000\000\000\000\000\000-8\247\\:", '\000' <repeats 11 times>, "@d\030h\253*\000"
        pos = 5440934
        found = 1
        res = 0
        error = 0
        __PRETTY_FUNCTION__ = "__ast_pbx_run"
#14 0x0000000000503e6b in pbx_thread (data=0x52e7) at pbx.c:5571
No locals.
#15 0x000000000053beac in dummy_start (data=<value optimized out>) at utils.c:1075
        __cancel_buf = {__cancel_jmp_buf = {{__cancel_jmp_buf = {46915674203200, 4875765709081475290, 0, 3, 4096, 46915674089632, 4875765708039747770, 4875765709076383304}, __mask_was_saved = 0}}, __pad = {0x426981a0, 0x0,
            0x3a5cd4d890, 0x3a5cd4d898}}
        __cancel_arg = 0x42698940
        not_first_call = <value optimized out>
        ret = <value optimized out>
#16 0x0000003a5d20677d in start_thread () from /lib64/libpthread.so.0
No symbol table info available.
#17 0x0000003a5cad3c1d in clone () from /lib64/libc.so.6
No symbol table info available.
{quote}

> res_musiconhold segfault in free, in moh_scan_files
> ---------------------------------------------------
>
>                 Key: ASTERISK-22083
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-22083
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Resources/res_musiconhold
>    Affects Versions: 1.8.22.0
>         Environment: Linux vgw1 2.6.32-35-generic #78-Ubuntu SMP Tue Oct 11 16:11:24 UTC 2011 x86_64 GNU/Linux
>            Reporter: Sébastien Couture
>            Assignee: Walter Doekes
>         Attachments: backtrace.txt
>
>
> We've had Asterisk segfault with an error in res_musiconhold.c; more specifically in the 'moh_scan_files' function (line 1066):
> {code}
> for (i = 0; i < class->total_files; i++)
>   ast_free(class->filearray[i]);
> {code}
> I've attached a backtrace of the core dump. I'm wondering if this could be related to ASTERISK-21775. I haven't yet tried the patch mentioned in that issue.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list