[asterisk-dev] [Asterisk 0015465]: crash in bridging api
Marcus Hunger
hunger at sipgate.de
Fri Sep 25 10:52:51 CDT 2009
hi,
sorry for replying so latly. i just checked out the current 1.6.2 branch to
confirm this issue. here's a DONT_OPTIMIZE backtrace. the last action i
tried before the segfault was removing a channel from a 3-party-bridge.
regards, marcus
(gdb) bt
#0 0x0000000000000050 in ?? ()
#1 0x00002aaab681e83d in softmix_bridge_thread (bridge=0xe188f8) at
bridge_softmix.c:270
#2 0x000000000043b084 in bridge_thread (data=<value optimized out>) at
bridging.c:370
#3 0x00000000004fd4fc in dummy_start (data=<value optimized out>) at
utils.c:968
#4 0x00002b128a21df1a in start_thread () from /lib/libpthread.so.0
#5 0x00002b1289d625d2 in clone () from /lib/libc.so.6
#6 0x0000000000000000 in ?? ()
(gdb) bt full
#0 0x0000000000000050 in ?? ()
No symbol table info available.
#1 0x00002aaab681e83d in softmix_bridge_thread (bridge=0xe188f8) at
bridge_softmix.c:270
sc = (struct softmix_channel *) 0xe3e3f0
bridge_channel = (struct ast_bridge_channel *) 0x0
buf = {-1208, -1432, -1032, -936, -664, -872, -1304, -664, -240, -80,
-160, -536, 288, 1016, 1000, 128, 600, 1928, 1432, 616, 16, 336, 744, 432,
192, -584, -472, 256, 32, -96, -448, -32, 304, 144, 488, 48, -696, -80, 600,
-16, -416, -680, -664, -128, -648, -416, 48,
528, 808, 528, 744, 560, 112, 1224, 600, -728, -552, -432, -32, -592,
-1032, -672, -856, -32, -112, -904, -744, -224, 624, 792, -128, -112, 560,
696, 480, 48, -32, -64, -208, -384, -304, -680, 48, 320, -504, -792, -984,
-208, -128, -304, -224, -272, 664, 872, 336, 144, 488,
1080, 952, 464, 368, 272, 560, 544, 48, 64, 192, 552, 400, 288, -192,
-568, -48, 400, -224, -1432, -1240, -272, -368, -480, -192, -48, 320, 448,
-336, -368, -160, 240, 808, 272, -368, -384, 96, 32, -320, 48, 96, -112,
112, 208, -336, -776, -416, -856, -1208, -1464, -1032,
-192, -176, -352, -96, 632, 1528, 1992, 1432, 1112, 1064, 1400, 1224, 568,
0 <repeats 160 times>}
timeout = -1
timer = (struct ast_timer *) 0xe48fa0
timingfd = 15
#2 0x000000000043b084 in bridge_thread (data=<value optimized out>) at
bridging.c:370
bridge = (struct ast_bridge *) 0xe188f8
res = <value optimized out>
__PRETTY_FUNCTION__ = "bridge_thread"
#3 0x00000000004fd4fc in dummy_start (data=<value optimized out>) at
utils.c:968
__cancel_buf = {__cancel_jmp_buf = {{__cancel_jmp_buf = {14901408, 0, 0,
0, 1082880656, 14814256, 1082880320, 5231842}, __mask_was_saved = 0}}, __pad
= {0x408b7200, 0x0, 0x2b1289eccb08, 0x2b1289eccb10}}
__cancel_arg = (void *) 0x408b7960
not_first_call = <value optimized out>
ret = <value optimized out>
#4 0x00002b128a21df1a in start_thread () from /lib/libpthread.so.0
No symbol table info available.
#5 0x00002b1289d625d2 in clone () from /lib/libc.so.6
No symbol table info available.
#6 0x0000000000000000 in ?? ()
No symbol table info available.
On Tue, Sep 22, 2009 at 3:50 PM, Asterisk Bug Tracker <
noreply at bugs.digium.com> wrote:
>
> The following issue has been UPDATED.
> ======================================================================
> https://issues.asterisk.org/view.php?id=15465
> ======================================================================
> Reported By: fnordian
> Assigned To:
> ======================================================================
> Project: Asterisk
> Issue ID: 15465
> Category: Core/General
> Reproducibility: sometimes
> Severity: crash
> Priority: normal
> Status: closed
> Asterisk Version: SVN
> Regression: No
> SVN Branch (only for SVN checkouts, not tarball releases): 1.6.2
> SVN Revision (number only!): 204918
> Resolution: suspended
> Fixed in Version:
> ======================================================================
> Date Submitted: 2009-07-08 07:00 CDT
> Last Modified: 2009-09-22 08:50 CDT
> ======================================================================
> Summary: crash in bridging api
> Description:
> There's a racecondition in smart_bridge_operation(). I do not understand
> this function completely, but it seems like one of it's purposes is to
> change a bridge's technology. For doing so it stops the bridge->thread
> before working on it. Stopping is done by setting a flag and sending a
> signal. What's missing there imho is a pthread_join to assure the thread is
> really gone.
>
> I noticed crashes when doing transfers from and to the bridges and I guess
> one of the reasons is this bug:
>
> (gdb) bt full
> https://issues.asterisk.org/view.php?id=0 0x0000000000000024 in ?? ()
> No symbol table info available.
> https://issues.asterisk.org/view.php?id=1 0x00002aaab677483d in
> softmix_bridge_thread (bridge=0x2aaab7819e88)
> at bridge_softmix.c:270
> sc = (struct softmix_channel *) 0x2aaab780a7d0
> bridge_channel = (struct ast_bridge_channel *) 0x0
> buf = {0 <repeats 320 times>}
> timeout = -1
> timer = (struct ast_timer *) 0x2aaab7833370
> timingfd = 40
> https://issues.asterisk.org/view.php?id=2 0x000000000043ae34 in
> bridge_thread
> (data=<value optimized out>) at
> bridging.c:381
> bridge = (struct ast_bridge *) 0x2aaab7819e88
> res = <value optimized out>
> __PRETTY_FUNCTION__ = "bridge_thread"
> https://issues.asterisk.org/view.php?id=3 0x00000000004fb96c in
> dummy_start
> (data=<value optimized out>) at
> utils.c:968
> __cancel_buf = {__cancel_jmp_buf = {{__cancel_jmp_buf =
> {46912711515904,
> 0, 0,
> 0, 1089483408, 1089486848, 1089483072, 5224786}, __mask_was_saved
> = 0}},
> __pad = {0x40f03200, 0x0, 0x0, 0x0}}
> __cancel_arg = (void *) 0x40f03960
> not_first_call = <value optimized out>
> ret = <value optimized out>
> https://issues.asterisk.org/view.php?id=4 0x00002b56877dff1a in
> start_thread ()
> from /lib/libpthread.so.0
> No symbol table info available.
> https://issues.asterisk.org/view.php?id=5 0x00002b56873245d2 in clone ()
> from
> /lib/libc.so.6
> No symbol table info available.
> https://issues.asterisk.org/view.php?id=6 0x0000000000000000 in ?? ()
> No symbol table info available.
> (gdb) p *bridge->technology
> $14 = {name = 0x2aaab1ada807 "multiplexed_bridge", capabilities = 2,
> preference = AST_BRIDGE_PREFERENCE_HIGH,
> create = 0x2aaab1ad9bc0 <multiplexed_bridge_create>,
> destroy = 0x2aaab1ad9fc0 <multiplexed_bridge_destroy>,
> join = 0x2aaab1ad9a90 <multiplexed_bridge_join>,
> leave = 0x2aaab1ad97d0 <multiplexed_bridge_leave>,
> suspend = 0x2aaab1ad9740 <multiplexed_bridge_suspend>,
> unsuspend = 0x2aaab1ad96b0 <multiplexed_bridge_unsuspend>, compatible =
> 0,
> write = 0x2aaab1ad9370 <multiplexed_bridge_write>, fd = 0, thread = 0,
> poke = 0,
> formats = 1073741823, suspended = 0, mod = 0x9c9a80, entry = {next =
> 0x2aaaaedaf300}}
>
> The crash is in bridge_softmix, working on a bridge which thinks it's
> bridge_multiplexed.
>
> ======================================================================
>
> ----------------------------------------------------------------------
> (0111160) lmadsen (administrator) - 2009-09-22 08:50
> https://issues.asterisk.org/view.php?id=15465#c111160
> ----------------------------------------------------------------------
> Closed due to no response from reporter. Please reopen if you're able to
> provide the requested information. Thanks!
>
> Issue History
> Date Modified Username Field Change
> ======================================================================
> 2009-09-22 08:50 lmadsen Note Added: 0111160
> 2009-09-22 08:50 lmadsen Status feedback => closed
> 2009-09-22 08:50 lmadsen Resolution open => suspended
> ======================================================================
>
>
--
Dipl.-Inf. (FH)
Marcus Hunger - hunger at sipgate.de
Telefon: +49 (0)211-63 55 55-61
Telefax: +49 (0)211-63 55 55-22
sipgate GmbH - Gladbacher Str. 74 - 40219 Düsseldorf
HRB Düsseldorf 39841 - Geschäftsführer: Thilo Salmon, Tim Mois
Steuernummer: 106 / 5724 / 7147, Umsatzsteuer-ID: DE219349391
www.sipgate.de - www.sipgate.at - www.sipgate.co.uk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-dev/attachments/20090925/aea00d88/attachment.htm
More information about the asterisk-dev
mailing list