Uploaded image for project: 'FreeSWITCH'
  1. FreeSWITCH
  2. FS-9954

Crash on switch_ivr_intercept_session due null pointer for buuid

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: freeswitch-core
    • Security Level: public
    • Labels:
      None
    • CPU Architecture:
      x86-64
    • Kernel:
      Linux
    • uname:
      Linux
    • Userland:
      GNU/Linux
    • Distribution:
      Debian
    • Distribution Version:
      Debian 8 jessie
    • lsb_release:
      Hide
      [root@lab002137-basix-ban freeswitch]$ lsb_release -a
      No LSB modules are available.
      Distributor ID: Debian
      Description: Debian GNU/Linux 8.6 (jessie)
      Release: 8.6
      Codename: jessie
      Show
      [ root@lab002137-basix-ban freeswitch]$ lsb_release -a No LSB modules are available. Distributor ID: Debian Description: Debian GNU/Linux 8.6 (jessie) Release: 8.6 Codename: jessie
    • Compiler:
      gcc
    • Compiler Version:
      gcc version 4.9.2 (Debian 4.9.2-10)
    • FreeSWITCH GIT Revision:
      4110fe336219021afcc00519becf2182a7624a78
    • GIT Master Revision hash::
      4110fe336219021afcc00519becf2182a7624a78

      Description

      Here is the backtrace:

      (gdb) bt
      #0 __strcasecmp_l_sse2 () at ../sysdeps/x86_64/multiarch/../strcmp.S:209
      #1 0x00007fba98542eb7 in switch_ivr_intercept_session (session=0x2458d48, uuid=0x24f69e0 "43fa0001-449c-439d-990d-45ae125698b4", bleg=(unknown: 2536996640)) at src/switch_ivr_bridge.c:2184
      #2 0x00007fba6aef327e in intercept_function (session=0x2458d48, data=0x2459554 "e254141c-db8d-4b71-9cd3-a25f8eb6aaef") at mod_dptools.c:847
      #3 0x00007fba984c969a in switch_core_session_exec (session=0x2458d48, application_interface=0x2263178, arg=0x2271a40 "43fa0001-449c-439d-990d-45ae125698b4") at src/switch_core_session.c:2871
      #4 0x00007fba984c9c38 in switch_core_session_execute_application_get_flags (session=0x0, app=0x2271a30 "intercept", arg=0x2271a40 "43fa0001-449c-439d-990d-45ae125698b4", flags=0x0)
          at src/switch_core_session.c:2741
      #5 0x00007fba984cd632 in switch_core_standard_on_execute (session=<optimized out>) at src/switch_core_state_machine.c:353
      #6 switch_core_session_run (session=0x2458d48) at src/switch_core_state_machine.c:650
      #7 0x00007fba984c6f3e in switch_core_session_thread (thread=<optimized out>, obj=0x2458d48) at src/switch_core_session.c:1695
      #8 0x00007fba984c29fd in switch_core_session_thread_pool_worker (thread=0x7fba6cb67270, obj=0x2459554) at src/switch_core_session.c:1758
      #9 0x00007fba987b04b0 in dummy_worker (opaque=0x7fba6cb67270) at threadproc/unix/thread.c:151
      #10 0x00007fba979e20a4 in start_thread (arg=0x7fba645a9700) at pthread_create.c:309
      #11 0x00007fba970ba62d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111
      (gdb) bt full
      #0 __strcasecmp_l_sse2 () at ../sysdeps/x86_64/multiarch/../strcmp.S:209
      No locals.
      #1 0x00007fba98542eb7 in switch_ivr_intercept_session (session=0x2458d48, uuid=0x24f69e0 "43fa0001-449c-439d-990d-45ae125698b4", bleg=(unknown: 2536996640)) at src/switch_ivr_bridge.c:2184
              rsession = 0x7fba6c076f38
              channel = 0x22fb7f0
              rchannel = 0x7fba6c293e50
              buuid = 0x0
              brto = '\000' <repeats 256 times>
              __func__ = "switch_ivr_intercept_session"
      #2 0x00007fba6aef327e in intercept_function (session=0x2458d48, data=0x2459554 "e254141c-db8d-4b71-9cd3-a25f8eb6aaef") at mod_dptools.c:847
              argv = {0x24f69e0 "43fa0001-449c-439d-990d-45ae125698b4", 0x0, 0x0, 0x0}
              mydata = 0x0
              uuid = 0x24f69e0 "43fa0001-449c-439d-990d-45ae125698b4"
              bleg = (unknown: 2536996640)
              __func__ = "intercept_function"
      #3 0x00007fba984c969a in switch_core_session_exec (session=0x2458d48, application_interface=0x2263178, arg=0x2271a40 "43fa0001-449c-439d-990d-45ae125698b4") at src/switch_core_session.c:2871
              log = 0x259ba40
              event = 0x0
              channel = 0x22fb7f0
              expanded = 0x2271a40 "43fa0001-449c-439d-990d-45ae125698b4"
              msg = {from = 0x7fba987c94b9 "src/switch_core_session.c", message_id = SWITCH_MESSAGE_INDICATE_APPLICATION_EXEC, numeric_arg = 0, string_arg = 0x0, string_arg_size = 0, pointer_arg = 0x0,
                pointer_arg_size = 0, numeric_reply = 0, string_reply = 0x0, string_reply_size = 0, pointer_reply = 0x0, pointer_reply_size = 0, flags = 0, _file = 0x0, _func = 0x0, _line = 0,
                string_array_arg = {0x7fba6af00e8b "intercept", 0x2271a40 "43fa0001-449c-439d-990d-45ae125698b4", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, delivery_time = 0}
              delim = 32 ' '
              uuid_str = "c0b3e75c-9b8c-40d7-afa1-50cfac7d2a06", '\000' <repeats 188 times>...
              __PRETTY_FUNCTION__ = "switch_core_session_exec"
              __func__ = "switch_core_session_exec"
      #4 0x00007fba984c9c38 in switch_core_session_execute_application_get_flags (session=0x0, app=0x2271a30 "intercept", arg=0x2271a40 "43fa0001-449c-439d-990d-45ae125698b4", flags=0x0)
          at src/switch_core_session.c:2741
              application_interface = 0x2263178
              status = SWITCH_STATUS_SUCCESS
              __func__ = "switch_core_session_execute_application_get_flags"
      #5 0x00007fba984cd632 in switch_core_standard_on_execute (session=<optimized out>) at src/switch_core_state_machine.c:353
              extension = 0x2271800
              uuid = 0x0
      #6 switch_core_session_run (session=0x2458d48) at src/switch_core_state_machine.c:650
              ptr = 0x2271800
              midstate = CS_INIT
              endstate = 36116480
              endpoint_interface = 0x0
              driver_state_handler = 0x7fba82bd0a80 <sofia_event_handlers>
              __PRETTY_FUNCTION__ = "switch_core_session_run"
              __func__ = "switch_core_session_run"
      #7 0x00007fba984c6f3e in switch_core_session_thread (thread=<optimized out>, obj=0x2458d48) at src/switch_core_session.c:1695
              session = 0x2458d48
              event = 0x4c4b40
              event_str = 0x0
              val = <optimized out>
              __func__ = "switch_core_session_thread"
              __PRETTY_FUNCTION__ = "switch_core_session_thread"
      #8 0x00007fba984c29fd in switch_core_session_thread_pool_worker (thread=0x7fba6cb67270, obj=0x2459554) at src/switch_core_session.c:1758
              td = 0x2575540
              pop = 0x2575540
              check_status = 39277888
              pool = 0x7fba6cb67018
              __func__ = "switch_core_session_thread_pool_worker"
      #9 0x00007fba987b04b0 in dummy_worker (opaque=0x7fba6cb67270) at threadproc/unix/thread.c:151
      ---Type <return> to continue, or q <return> to quit---
              thread = 0x7fba6cb67270
      #10 0x00007fba979e20a4 in start_thread (arg=0x7fba645a9700) at pthread_create.c:309
              __res = <optimized out>
              pd = 0x7fba645a9700
              now = <optimized out>
              unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140438524303104, -902398669693151574, 0, 140438661809248, 18, 140438524303104, 868844559304988330, 868955088905672362}, mask_was_saved = 0}}, priv = {
                  pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
              not_first_call = <optimized out>
              pagesize_m1 = <optimized out>
              sp = <optimized out>
              freesize = <optimized out>
              __PRETTY_FUNCTION__ = "start_thread"
      #11 0x00007fba970ba62d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111
      No locals.


      The above reproducible with a originate+intercept like this:

              <action application='set' data='ringback=$${jp-ring}'/>
              <action application='set' data='transfer_ringback=$${jp-ring}'/>
              <action application='set' data='intercept_unbridged_only=true'/>
              <action application='sched_hangup' data='+21990'/>
              <action application='answer'/>
              <action application='intercept' data='04099ee1-7b29-4d7b-9c30-94f398e2cd91'/>
       
      It was detected on this commit:
      4110fe336219021afcc00519becf2182a7624a78

      I am sure it doesn't happen with aprevious commit: 197b5731378c60b308019c95643700594fd26160

        Activity

        Hide
        mikej Mike Jerris added a comment -
        the commits you reference are not in our repository.

        root@jessie [Wed Jan 18 10:29 AM] /usr/src/freeswitch.git
        <703>:git log -p -w -1 4110fe336219021afcc00519becf2182a7624a78
        fatal: bad object 4110fe336219021afcc00519becf2182a7624a78

        root@jessie [Wed Jan 18 10:29 AM] /usr/src/freeswitch.git
        <704>:git log -p -w -1 197b5731378c60b308019c95643700594fd26160
        fatal: bad object 197b5731378c60b308019c95643700594fd26160
        Show
        mikej Mike Jerris added a comment - the commits you reference are not in our repository. root@jessie [Wed Jan 18 10:29 AM] /usr/src/freeswitch.git <703>:git log -p -w -1 4110fe336219021afcc00519becf2182a7624a78 fatal: bad object 4110fe336219021afcc00519becf2182a7624a78 root@jessie [Wed Jan 18 10:29 AM] /usr/src/freeswitch.git <704>:git log -p -w -1 197b5731378c60b308019c95643700594fd26160 fatal: bad object 197b5731378c60b308019c95643700594fd26160
        Hide
        takeshi mayamatakeshi added a comment -
        I confirmed problem was solved on commit e6b8d995f79b5562da176083b45c1fcd0f359ccd.
        However, the above commit shows up when I get FS from our internal git repo clone.
        I cloned the original fs git repo and could not find it there.
        I am not sure why this is happening (maybe there is some misconfiguration. I don't know as I was not the one who setup this)
        Sorry for this. I will correct this (or use original fs repo) when reporting subsequent issues.
        Show
        takeshi mayamatakeshi added a comment - I confirmed problem was solved on commit e6b8d995f79b5562da176083b45c1fcd0f359ccd. However, the above commit shows up when I get FS from our internal git repo clone. I cloned the original fs git repo and could not find it there. I am not sure why this is happening (maybe there is some misconfiguration. I don't know as I was not the one who setup this) Sorry for this. I will correct this (or use original fs repo) when reporting subsequent issues.

          People

          • Assignee:
            mikej Mike Jerris
            Reporter:
            takeshi mayamatakeshi
          • Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development