[asterisk-bugs] [JIRA] (ASTERISK-26706) Segfault in dial_target_free stasis_channels.c:1349
Rusty Newton (JIRA)
noreply at issues.asterisk.org
Tue Jan 24 14:02:11 CST 2017
[ https://issues.asterisk.org/jira/browse/ASTERISK-26706?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=234757#comment-234757 ]
Rusty Newton edited comment on ASTERISK-26706 at 1/24/17 2:00 PM:
------------------------------------------------------------------
Another Segfault, this looks to be memory related
[Edit by Rusty - Don't post full traces inline, please attach to the issue with .txt extension]
was (Author: rossbeer):
Another Segfault, this looks to be memory related
{noformat}
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x000000000059aa0d in ast_rtp_codecs_payload_code (codecs=0x7ffb65757328, asterisk_format=1, format=0x1bc9858, code=0) at rtp_engine.c:944
944 if ((asterisk_format && format && ast_format_cmp(format, type->format) == AST_FORMAT_CMP_EQUAL)
[Current thread is 1 (Thread 0x7ffb0a179700 (LWP 13044))]
#0 0x000000000059aa0d in ast_rtp_codecs_payload_code (codecs=0x7ffb65757328, asterisk_format=1, format=0x1bc9858, code=0) at rtp_engine.c:944
type = 0x6f6e003930
i = 0
payload = -1
__PRETTY_FUNCTION__ = "ast_rtp_codecs_payload_code"
#1 0x00007ffb1bb76567 in ast_rtp_read (hdrlen=12, len=172, rtpheader=0x7ffba8b50220, instance=0x7ffba8899800) at res_rtp_asterisk.c:4388
rtp = <optimized out>
bridged = 0x7ffbb4310520
res = 0
payload = 8
mark = 0
reconstruct = <optimized out>
ice = 0
bridged_payload = 0
instance1 = <optimized out>
payload_type = 0x7ffb50a7a518
remote_address = {ss = {ss_family = 0, __ss_padding = '\000' <repeats 117 times>, __ss_align = 0}, len = 0}
rtp = 0x7ffba8b50150
addr = {ss = {ss_family = 10, __ss_padding = "\267\234", '\000' <repeats 14 times>, "\377\377%\235\066\314\000\000\000\000\000\000\000\000\000[\234\000\000\000\000\000\300\017\257\001\000\000\000\000H\222k\000\000\000\000\000๚\250\373\177\000\000\060I\027\n\373\177\000\000}\355S\000\000\000\000\000\020\245'\250\373\177\000\000\000\017\257\001\000\000\000\000\205 at p\000\000\000\000\000`Dp\000\000\000\000\000\205 at p\000\204\003\000", __ss_align = 7355339}, len = 28}
res = <optimized out>
hdrlen = 12
version = 2
payloadtype = <optimized out>
padding = <optimized out>
mark = <optimized out>
ext = <optimized out>
cc = <optimized out>
prev_seqno = <optimized out>
rtpheader = 0x7ffba8b50220
seqno = <optimized out>
payload = 0x0
remote_address = {ss = {ss_family = 2, __ss_padding = "\267\234%\235\066\314", '\000' <repeats 111 times>, __ss_align = 0}, len = 16}
frames = <optimized out>
__PRETTY_FUNCTION__ = "ast_rtp_read"
#2 0x00007ffb1bb76567 in ast_rtp_read (instance=0x7ffba8899800, rtcp=<optimized out>) at res_rtp_asterisk.c:4605
rtp = 0x7ffba8b50150
addr = {ss = {ss_family = 10, __ss_padding = "\267\234", '\000' <repeats 14 times>, "\377\377%\235\066\314\000\000\000\000\000\000\000\000\000[\234\000\000\000\000\000\300\017\257\001\000\000\000\000H\222k\000\000\000\000\000๚\250\373\177\000\000\060I\027\n\373\177\000\000}\355S\000\000\000\000\000\020\245'\250\373\177\000\000\000\017\257\001\000\000\000\000\205 at p\000\000\000\000\000`Dp\000\000\000\000\000\205 at p\000\204\003\000", __ss_align = 7355339}, len = 28}
res = <optimized out>
hdrlen = 12
version = 2
payloadtype = <optimized out>
padding = <optimized out>
mark = <optimized out>
ext = <optimized out>
cc = <optimized out>
prev_seqno = <optimized out>
rtpheader = 0x7ffba8b50220
seqno = <optimized out>
payload = 0x0
remote_address = {ss = {ss_family = 2, __ss_padding = "\267\234%\235\066\314", '\000' <repeats 111 times>, __ss_align = 0}, len = 16}
frames = <optimized out>
__PRETTY_FUNCTION__ = "ast_rtp_read"
#3 0x00000000005990b7 in ast_rtp_instance_read (instance=0x7ffba8899800, rtcp=0) at rtp_engine.c:495
#4 0x00007ffb190c6b4f in chan_pjsip_read (ast=0x7ffba89ab9e0) at chan_pjsip.c:718
channel = 0x7ffba827a510
session = 0x7ffba827a510
pvt = <optimized out>
f = <optimized out>
media = 0x7ffba8953d30
rtcp = <optimized out>
fdno = <optimized out>
__PRETTY_FUNCTION__ = "chan_pjsip_read"
#5 0x00000000004b8ace in __ast_read (chan=0x7ffba89ab9e0, dropaudio=0) at channel.c:3964
f = 0x0
prestate = 6
cause = 0
__PRETTY_FUNCTION__ = "__ast_read"
#6 0x00000000004ba612 in ast_read (chan=0x7ffba89ab9e0) at channel.c:4389
#7 0x0000000000487151 in bridge_handle_trip (bridge_channel=0x7ffb5829c4d0) at bridge_channel.c:2416
frame = 0x7ffb5829c4d0
#8 0x00000000004875fc in bridge_channel_wait (bridge_channel=0x7ffb5829c4d0) at bridge_channel.c:2586
ms = -1
outfd = -99999
chan = 0x7ffba89ab9e0
__PRETTY_FUNCTION__ = "bridge_channel_wait"
#9 0x0000000000487ce7 in bridge_channel_internal_join (bridge_channel=0x7ffb5829c4d0) at bridge_channel.c:2732
res = 0
channel_features = 0x0
swap = 0x0
__PRETTY_FUNCTION__ = "bridge_channel_internal_join"
#10 0x000000000046e5c7 in ast_bridge_join (bridge=0x7ffb58281950, chan=0x7ffba89ab9e0, swap=0x0, features=0x7ffb0a174fc0, tech_args=0x0, flags=(AST_BRIDGE_JOIN_PASS_REFERENCE | AST_BRIDGE_JOIN_INHIBIT_JOIN_COLP)) at bridge.c:1712
bridge_channel = 0x7ffb5829c4d0
res = 0
__PRETTY_FUNCTION__ = "ast_bridge_join"
#11 0x000000000050fc7f in ast_bridge_call_with_flags (chan=0x7ffba89ab9e0, peer=0x7ffb58470f50, config=0x7ffb0a176000, flags=0) at features.c:672
res = 0
bridge = 0x7ffb58281950
chan_features = {dtmf_hooks = 0x7ffb58173850, other_hooks = 0x7ffb5835f2c0, interval_hooks = 0x7ffb582d0f40, feature_flags = {flags = 0}, interval_sequence = 0, usable = 0, mute = 0, dtmf_passthrough = 1}
peer_features = 0x7ffb58230630
__PRETTY_FUNCTION__ = "ast_bridge_call_with_flags"
#12 0x000000000050fd51 in ast_bridge_call (chan=0x7ffba89ab9e0, peer=0x7ffb58470f50, config=0x7ffb0a176000) at features.c:711
#13 0x00007ffb31aa07d8 in dial_exec_full (chan=0x7ffba89ab9e0, data=0x7ffb0a176540 "<<< PRIVATE INFORMATION REMOVED >>>", peerflags=0x7ffb0a176400, continue_exec=0x0) at app_dial.c:3201
number = 0x7ffb0a175040 "<<< PRIVATE INFORMATION REMOVED >>>"
dial_end_raised = 1
cause = -1
res = 0
rest = 0x0
cur = 0x0
out_chans = {first = 0x0, last = 0x0}
outgoing = 0x7ffb58423230
tmp = 0x0
peer = 0x7ffb58470f50
to = -1
num = {chan = 0x7ffba89ab9e0, busy = 0, congestion = 0, nochan = 0}
cause = 0
config = {features_caller = {flags = 0}, features_callee = {flags = 0}, start_time = {tv_sec = 0, tv_usec = 0}, nexteventts = {tv_sec = 0, tv_usec = 0}, feature_start_time = {tv_sec = 0, tv_usec = 0}, feature_timer = 0, timelimit = 0, play_warning = 0, warning_freq = 0, warning_sound = 0x0, end_sound = 0x0, start_sound = 0x0, flags = 0, end_bridge_callback = 0x7ffb31a9b0b0 <end_bridge_callback>, end_bridge_callback_data = 0x7ffba89ab9e0, end_bridge_callback_data_fixup = 0x7ffb31a9b1c5 <end_bridge_callback_data_fixup>}
calldurationlimit = {tv_sec = 0, tv_usec = 0}
dtmfcalled = 0x0
dtmfcalling = 0x0
dtmf_progress = 0x0
pa = {sentringing = 1, privdb_val = 0, privcid = '\000' <repeats 255 times>, privintro = '\000' <repeats 1023 times>, status = "ANSWER\000R\000GS", '\000' <repeats 244 times>}
sentringing = 0
moh = 0
outbound_group = 0x0
result = 0
parse = 0x7ffb0a1750a0 "PJSIP"
opermode = 0
delprivintro = 0
args = {argc = 3, argv = 0x7ffb0a1759b8, peers = 0x7ffb0a1750a0 "PJSIP", timeout = 0x7ffb0a1750b0 "", options = 0x7ffb0a1750b1 "b(vh-add-distinctivering-headers,1,1", url = 0x0}
opts = {flags = 2199023255552}
opt_args = {0x20 <error: Cannot access memory at address 0x20>, 0x7ffbc9331008 <vfprintf+1912> "H\213\225p\373\377\377H\213\215@\373\377\377H\211\326H)\316H9\360uJD\213\215\070\373\377\377\271\377\377\377\177D)\311Hc\311H9\310\177>A\001\301\200:", 0x701e10 <__PRETTY_FUNCTION__.15349> "ast_channel_snapshot_create", 0x7015eb "stasis_channels.c", 0xfd0 <error: Cannot access memory at address 0xfd0>, 0x7ffbc9331008 <vfprintf+1912> "H\213\225p\373\377\377H\213\215@\373\377\377H\211\326H)\316H9\360uJD\213\215\070\373\377\377\271\377\377\377\177D)\311Hc\311H9\310\177>A\001\301\200:", 0x0, 0x7ffbc9331008 <vfprintf+1912> "H\213\225p\373\377\377H\213\215@\373\377\377H\211\326H)\316H9\360uJD\213\215\070\373\377\377\271\377\377\377\177D)\311Hc\311H9\310\177>A\001\301\200:", 0x0, 0x7ffb0a175a08 "", 0x7ffb0a175a00 "", 0x7ffb0a175a18 "", 0x7ffb0a175a10 "", 0x7ffb00000000 <error: Cannot access memory at address 0x7ffb00000000>, 0x1ed100000000 <error: Cannot access memory at address 0x1ed100000000>, 0x7ffb0a175a20 "", 0x7ffb00000000 <error: Cannot access memory at address 0x7ffb00000000>, 0x7ffb0a1750b3 "<<< PRIVATE INFORMATION REMOVED >>>,1,1", 0x7ffb00000000 <error: Cannot access memory at address 0x7ffb00000000>, 0x7ffb00000020 <error: Cannot access memory at address 0x7ffb00000020>}
fulldial = 0
num_dialed = 1
ignore_cc = 1
device_name = "PJSIP/<<< PRIVATE INFORMATION REMOVED >>> \000\060\060\060\066\060def\000\214^\000\000\000\000\000\220\225^X\373\177\000\000\030\061p\000\000\000\000\000\000[\234\000B\000\000\000P0p\000\000\000\000\000\320\017\000\000\000\000\000\000\001\000\000\000\000\000\000"
forced_clid_name = "IDn\000\000\000\000\000\060\000\000\000\060\000\000\000\220b\027\n\373\177\000\000\060\000\000\000\060\000\000\000\240b\027\n\373\177\000\000\060\000\000\000\060\000\000\000\260b\027\n\373\177\000\000\360a\027\n\373\177\000\000\300b\027\n\373\177\000\000\000b\027\n\373\177\000"
stored_clid_name = "\000\000\000\000\000\000\000\000\260\000\000\000\001\000\000\000IDn\000\000\000\000\000\000\000\000\000\001\000\000\000\260X\027\n\373\177\000\000\000\000\000\000\000\000\000\000\377\377\377\377\377\377\377\377\000\000\000\000&\000\000\000IDn", '\000' <repeats 12 times>
force_forwards_only = 0
forced_clid = {name = {str = 0x0, char_set = 1, presentation = 0, valid = 0 '\000'}, number = {str = 0x0, plan = 0, presentation = 1, valid = 0 '\000'}, subaddress = {str = 0x0, type = 0, odd_even_indicator = 0 '\000', valid = 0 '\000'}, tag = 0x0}
stored_clid = {name = {str = 0x0, char_set = 1, presentation = 0, valid = 0 '\000'}, number = {str = 0x7ffb0a175080 "<<< PRIVATE INFORMATION REMOVED >>>", plan = 0, presentation = 0, valid = 1 '\001'}, subaddress = {str = 0x0, type = 0, odd_even_indicator = 0 '\000', valid = 0 '\000'}, tag = 0x0}
caller = {id = {name = {str = 0x0, char_set = 1, presentation = 0, valid = 1 '\001'}, number = {str = 0x0, plan = 0, presentation = 0, valid = 1 '\001'}, subaddress = {str = 0x0, type = 0, odd_even_indicator = 0 '\000', valid = 0 '\000'}, tag = 0x0}, ani = {name = {str = 0x0, char_set = 1, presentation = 0, valid = 1 '\001'}, number = {str = 0x0, plan = 0, presentation = 0, valid = 1 '\001'}, subaddress = {str = 0x0, type = 0, odd_even_indicator = 0 '\000', valid = 0 '\000'}, tag = 0x0}, priv = {name = {str = 0x0, char_set = 1, presentation = 0, valid = 0 '\000'}, number = {str = 0x0, plan = 0, presentation = 0, valid = 0 '\000'}, subaddress = {str = 0x0, type = 0, odd_even_indicator = 0 '\000', valid = 0 '\000'}, tag = 0x0}, ani2 = 0}
max_forwards = 20
__PRETTY_FUNCTION__ = "dial_exec_full"
#14 0x00007ffb31aa0b69 in dial_exec (chan=0x7ffba89ab9e0, data=0x7ffb0a176540 "PJSIP/<<< PRIVATE INFORMATION REMOVED >>>,,b(<<< PRIVATE INFORMATION REMOVED >>>^1^1)") at app_dial.c:3257
peerflags = {flags = 0}
#15 0x0000000000589ca2 in pbx_exec (c=0x7ffba89ab9e0, app=0x330e980, data=0x7ffb0a176540 "PJSIP/<<< PRIVATE INFORMATION REMOVED >>>,,b(<<< PRIVATE INFORMATION REMOVED >>>^1^1)") at pbx_app.c:485
res = 0
u = 0x7ffb584cc770
saved_c_appl = 0x0
saved_c_data = 0x0
__PRETTY_FUNCTION__ = "pbx_exec"
#16 0x00000000005776d7 in pbx_extension_helper (c=0x7ffba89ab9e0, con=0x0, context=0x7ffba89ac398 "<<< PRIVATE INFORMATION REMOVED >>>", exten=0x7ffba89ac3e8 "<<< PRIVATE INFORMATION REMOVED >>>", priority=18, label=0x0, callerid=0x7ffb584ca750 "01614166101", action=E_SPAWN, found=0x7ffb0a178be4, combined_find_spawn=1) at pbx.c:2884
e = 0x7ffb9c43b3a0
app = 0x330e980
substitute = 0x7ffb0a1764a0 "<<< PRIVATE INFORMATION REMOVED >>>,,b(<<< PRIVATE INFORMATION REMOVED >>>^1^1)"
res = 32763
q = {incstack = {0x0 <repeats 128 times>}, stacklen = 0, status = 5, swo = 0x0, data = 0x0, foundcontext = 0x7ffba89ac398 "<<< PRIVATE INFORMATION REMOVED >>>"}
passdata = "PJSIP/<<< PRIVATE INFORMATION REMOVED >>>,,<<< PRIVATE INFORMATION REMOVED >>>...
matching_action = 0
__PRETTY_FUNCTION__ = "pbx_extension_helper"
#17 0x000000000057ab9e in ast_spawn_extension (c=0x7ffba89ab9e0, context=0x7ffba89ac398 "<<< PRIVATE INFORMATION REMOVED >>>", exten=0x7ffba89ac3e8 "<<< PRIVATE INFORMATION REMOVED >>>", priority=18, callerid=0x7ffb584ca750 "01614166101", found=0x7ffb0a178be4, combined_find_spawn=1) at pbx.c:4110
#18 0x000000000057b807 in __ast_pbx_run (c=0x7ffba89ab9e0, args=0x0) at pbx.c:4285
digit = 0
invalid = 0
timeout = 0
dst_exten = "\000\213\027\n\373\177\000\000\371\342E\000\000\000\000\000\260 \312P\373\177\000\000]Vp\000\000\000\000\000\210$\257\001\236\003\000\000X[p\000\000\000\000\000`Vp\000\000\000\000\000\000\017\257\001\000\000\000\000\260\257eP\373\177\000\000\240$\257\001\000\000\000\000@[p\000\000\000\000\000\260\016\257\001\000\000\000\000\350\016\257\001\000\000\000\000\062\344^\000\000\000\000\000 \213\027\n\373\177\000\000[v_\000\000\000\000\000X\213\027\n\373\177\000\000p\312\023\004\000\000\000\000p\213\027\n\373\177\000\000p\312\023\004\000\000\000\000P\213\027\n\373\177\000\000\260\016t\254\373\177\000\000\031\202_\000\000\000\000\000}\355S\000\000\000\000\000p\213\027\n\373\177\000\000"...
pos = 0
found = 1
res = 0
autoloopflag = 0
error = 0
pbx = 0x7ffb584059d0
callid = 0x0
__PRETTY_FUNCTION__ = "__ast_pbx_run"
#19 0x000000000057cf33 in pbx_thread (data=0x7ffba89ab9e0) at pbx.c:4605
c = 0x7ffba89ab9e0
#20 0x0000000000603e35 in dummy_start (data=0x7ffba8abf170) at utils.c:1235
__cancel_buf = {__cancel_jmp_buf = {{__cancel_jmp_buf = {0, 3535623191221426431, 140716329183503, 140716182836992, 507904, 507904, 3535623191246592255, -3537829981782353665}, __mask_was_saved = 0}}, __pad = {0x7ffb0a178df0, 0x0, 0x1, 0x7ffbca2bd6e8 <__pthread_keys+1032>}}
__cancel_routine = 0x4527df <ast_unregister_thread>
__cancel_arg = 0x7ffb0a179700
__not_first_call = 0
ret = 0x7ffbc969c8d8
a = {start_routine = 0x57cf0e <pbx_thread>, data = 0x7ffba89ab9e0, name = 0x7ffba874b4a0 "pbx_thread", ' ' <repeats 11 times>, "started at [ 4631] pbx.c ast_pbx_start()"}
#21 0x00007ffbca0ab61a in start_thread () at /lib64/libpthread.so.0
#22 0x00007ffbc93e75fd in clone () at /lib64/libc.so.6
{noformat}
> Segfault in dial_target_free stasis_channels.c:1349
> ---------------------------------------------------
>
> Key: ASTERISK-26706
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-26706
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: Core/Stasis
> Affects Versions: 14.2.1
> Environment: Fedora 23
> Reporter: Ross Beer
> Assignee: Ross Beer
> Attachments: backtrace_20160109_clean.txt, backtrace_20JAN17.txt
>
>
> Segfault dial_target_free (doomed=0x7efd5c007c10) at stasis_channels.c:1349
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list