chan_usrp: Core dump

[KB4MDD]

In attempts to get chan_usrp up and operational, I encountered a core dump as it started to channel data.

Thread 1 (Thread 0x6e61c400 (LWP 1611)):
#0  0x00130320 in __ast_frdup (f=0x152, file=0x2bc6b0 "channel.c", line=1059, func=0x2c026c <__PRETTY_FUNCTION__.232> "__ast_queue_frame") at frame.c:316
        out = 0x0
        len = 149
        srclen = 0
        buf = 0x0
        frames = 0x73d44290
        __PRETTY_FUNCTION__ = "__ast_frdup"
#1  0x000b9054 in __ast_queue_frame (chan=0x73d02e20, fin=0x6e618924, head=0, after=0x0) at channel.c:1059
        f = 0x73d547d0
        cur = 0x152
        new_frames = 1
        new_voice_frames = 0
        queued_frames = 0
        queued_voice_frames = 0
        frames = {first = 0x73d547d0
[core-asterisk-2023-07-22T22-48-26Z-full.txt](https://github.com/InterLinked1/app_rpt/files/12137437/core-asterisk-2023-07-22T22-48-26Z-full.txt)
, last = 0
[core-asterisk-2023-07-22T22-48-26Z-full.txt](https://github.com/InterLinked1/app_rpt/files/12137436/core-asterisk-2023-07-22T22-48-26Z-full.txt)
x73d547d0}
        __PRETTY_FUNCTION__ = "__ast_queue_frame"
        __FUNCTION__ = "__ast_queue_frame"
#2  0x000b96d0 in ast_queue_frame (chan=0x73d02e20, fin=0x6e618924) at channel.c:1135
No locals.
#3  0x71f6b984 in usrp_xwrite (ast=0x73d02e20, frame=0x73d4f140) at chan_usrp.c:532
        p = 0x73d02690
        fr = {frametype = AST_FRAME_CONTROL, subclass = {integer = 12, {format = 0x78, topology = 0x78}, frame_ending = 1943335376}, datalen = 0, samples = 0, mallocd = 0, mallocd_hdr_len = 4294967295, offset = 0, src = 0x71f7e1ac <type> "usrp", data = {ptr = 0x0, uint32 = 0, pad = "000000000000000`351r"}, delivery = {tv_sec = 0, tv_usec = 0}, frame_list = {next = 0x152}, flags = 13, ts = 0, len = 1851899712, seqno = 1343304, stream_num = 2869968}
        f = 0x6e6189a4
        qp = 0x73d02c6c
        n = 1
        buf = "354207an024376022000000000000000000000000000334307.000321001000000030274.000$H321s", '000' <repeats 16 times>, "230016321s H321s000000000000$J321s370r321s377377377377001000000000230016321s", '000' <repeats 12 times>, " H321s034210an210375022000001", '000' <repeats 15 times>, "Ĉan020216!000000000000000260Q325s000060000r210247370n", '000' <repeats 12 times>, "001000000000230016321s H321s", '000' <repeats 12 times>, "210247370n000304anR001000000r000000000204177024000320"...
        sendbuf = '000' <repeats 28 times>, "254341367q", '000' <repeats 32 times>, "264346,000000000000000001000000000070250v001177000000001000000000000000000000000USRP000000000246", '000' <repeats 12 times>, "C000000000003000000000D000000000003000000000E000000000003000000000F000000000003000000000031000000000003000000000032000000000003000000000033000000000003000000000034000000000003000000000035000000000003000000000 000000000003000000000!000000000003000000000"...
        bufhdrp = 0x6e618640
        bufdata = 0x6e618660 ""
        __FUNCTION__ = "usrp_xwrite"
        __PRETTY_FUNCTION__ = "usrp_xwrite"
#4  0x000c6088 in tech_write (chan=0x73d02e20, stream=0x73d050f0, default_stream=0x73d050f0, frame=0x73d4f140) at channel.c:5176
No locals.
#5  0x000c77c4 in ast_write_stream (chan=0x73d02e20, stream_num=-1, fr=0x73d4f140) at channel.c:5517
        stream = 0x73d050f0
        default_stream = 0x73d050f0
        res = -1
        f = 0x73d4f140
        count = 0
        hooked = 0
        __PRETTY_FUNCTION__ = "ast_write_stream"
        __FUNCTION__ = "ast_write_stream"
#6  0x000c60c4 in ast_write (chan=0x73d02e20, fr=0x73d4f140) at channel.c:5181
No locals.
#7  0x72e2400c in rpt (this=0x72e983c8 <rpt_vars>) at app_rpt.c:5048
        f1 = 0x0
        cs1 = {0x73d52880, 0x73d5f8a8, 0x73d02e20, 0x73d08068, 0x73d1bd30, 0x73d2f690, 0x73d304d8, 0x73d259f0, 0x73d42dc8, 0x73d4cbb0, 0x73d11f98, 0x0 <repeats 289 times>}
        elap = 13
        toexit = 0
        f1 = 0x6ef8a788
        cs = {0x73d02e20, 0x73d08068, 0x73d1bd30, 0x73d2f690, 0x73d304d8, 0x73d259f0, 0x73d42dc8, 0x73d4cbb0, 0x73d11f98, 0x73d52880, 0x73d5f8a8, 0x0 <repeats 289 times>}
        n = 11
        x = 0
        f = 0x73d4f140
        f2 = 0x6e61c400
        totx = 0
        looptimenow = {tv_sec = 1690066106, tv_usec = 478803}
        myrpt = 0x72e983c8 <rpt_vars>
        tele = 0x6e61b8c5 "127.0.0.1:34001:32001"
        idtalkover = 0x74008fa7 "|ie"
        c = 0 '000'
        myfirst = 0 '000'
        ms = 7
        i = 0
        lasttx = 0
        lastexttx = 0
        lastpatchup = 0
        val = 1
        identqueued = 0
        othertelemqueued = 0
        tailmessagequeued = 0
        ctqueued = 0
        dtmfed = 0
        lastmyrx = 1
        localmsgqueued = 0
        u = 0
        fp = 0x0
        mystat = {st_dev = 0, __pad1 = 0, __st_ino = 0, st_mode = 0, st_nlink = 0, st_uid = 0, st_gid = 0, st_rdev = 0, __pad2 = 0, st_size = 0, st_blksize = 0, st_blocks = 0, st_atim = {tv_sec = 0, tv_nsec = 0}, st_mtim = {tv_sec = 0, tv_nsec = 0}, st_ctim = {tv_sec = 0, tv_nsec = 0}, st_ino = 0}
        who = 0x73d11f98
        ci = {chan = 32775, confno = 1023, confmode = 516}
        t = 1690066106
        was = 1985438296
        l = 0x72e99240 <rpt_vars+3704>
        m = 0x72e99240 <rpt_vars+3704>
        telem = 0x72e9b208 <rpt_vars+11840>
        tmpstr = "USRP000061062067.0.0.1:34001:32001", '000' <repeats 485 times>
        lstr = "L ", '000' <repeats 5117 times>
        lat = '000' <repeats 99 times>
        lon = '000' <repeats 99 times>
        elev = '000' <repeats 99 times>
        cap = 0x73d01b90
        looptimestart = {tv_sec = 1690066106, tv_usec = 478803}
        __PRETTY_FUNCTION__ = "rpt"
        __FUNCTION__ = "rpt"
#8  0x00221f84 in dummy_start (data=0x740095f0) at utils.c:1574
        __cancel_buf = {__cancel_jmp_buf = {{__cancel_jmp_buf = {-1550265907, -841256399, 1851900928, 1861789576, 1851900928, 338, 1861789394, 1861789576, 1851899712, 1851899396, 0 <repeats 54 times>}, __mask_was_saved = 0}}, __pad = {0x6e61be10, 0x0, 0x0, 0x0}}
        __cancel_routine = 0x66af0 <ast_unregister_thread>
        __cancel_arg = 0x6e61c400
        __not_first_call = 0
        ret = 0x0
        a = {start_routine = 0x72e15394 <rpt>, data = 0x72e983c8 <rpt_vars>, name = 0x74004388 "rpt", ' ' <repeats 18 times>, "started at [ 6008] app_rpt.c rpt_master()"}
        __PRETTY_FUNCTION__ = "dummy_start"
#9  0x7664e310 in start_thread (arg=0x6e61c400) at pthread_create.c:477
        ret = <optimized out>
        pd = 0x6e61c400
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {-1550265595, -1147301927, 1851900928, 1861789576, 1851900928, 338, 1861789394, 1861789576, 1851899712, 1851899708, 0 <repeats 54 times>}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
        not_first_call = <optimized out>
#10 0x76501da8 in ?? () at ../sysdeps/unix/sysv/linux/arm/clone.S:73 from /lib/arm-linux-gnueabihf/libc.so.6

[InterLinked1]

I've only looked at this for a minute, but f=0x152 seems suspicious to me. Any time of low address like that is almost always some kind of offset from NULL, e.g. f->member when f is NULL. This would fit if member is 152 bytes into the struct, for instance. Further up though, the frame is definitely not NULL... one tactic that might help here is adding assertions liberally starting from the first stack frame and working up from there, asserting the frame is not NULL (since it seems like it might be). That could narrow down where things are going wrong. Not sure how I'd reproduce this since it looks like you're using hardware, but if you need guidance on where to add those in, let me know (but basically each stack frame function call is what I do).

[KB4MDD]

Possible issue with fr not being initialized to zero at line 522. I will test as soon as I can get to the equipment.