search

drachtio / drachtio-freeswitch-modules

A collection of open-sourced freeswitch modules that I use in various drachtio applications
MIT License
176 stars 119 forks source link

Freeswitch is crashing when using mod_google_transcribe. #48

Closed Chetan177 closed 3 years ago

Chetan177 commented 3 years ago

Hi Dave, I am using mod_google_transcribe with freeswitch(v1.10.5). Freeswitch is crashing when I execute hangup application on a call. Call Flow:

I went through the core dump and it is showingstr = 0x7fe9bd292098 "double free or corruption (out)"

bt full for core dump is as follows:

#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1  0x00007fe9bd16042a in __GI_abort () at abort.c:89
#2  0x00007fe9bd19cc00 in __libc_message (do_abort=do_abort@entry=2, fmt=fmt@entry=0x7fe9bd291fd0 "*** Error in `%s': %s: 0x%s ***\n")
    at ../sysdeps/posix/libc_fatal.c:175
#3  0x00007fe9bd1a2fc6 in malloc_printerr (action=3, str=0x7fe9bd292098 "double free or corruption (out)", ptr=<optimized out>,
    ar_ptr=<optimized out>) at malloc.c:5049
#4  0x00007fe9bd1a380e in _int_free (av=0x7fe9bd4c5b00 <main_arena>, p=0x7fe9ac0011b0, have_lock=0) at malloc.c:3905
#5  0x00007fe9bc0bd21d in speex_resampler_destroy () from /usr/lib/x86_64-linux-gnu/libspeexdsp.so.1
#6  0x00007fe968345271 in ?? () from /usr/local/freeswitch/mod/mod_google_transcribe.so
#7  0x00007fe9bf18cb76 in default_coef_probs_4x4 () from /usr/local/freeswitch/lib/libfreeswitch.so.1
#8  0x0000000000000000 in ?? ()
(gdb) bt full
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
        set = {__val = {0, 2314885530818453536, 2314885530818453536, 6732726843261788192, 7378697629483820554, 3472328296331896422,
            7378697629483806000, 3472609797883717222, 2337500343188860976, 3472328296227680304, 3467824696768081952,
            2314885530818453536, 2314885530818453536, 7166204968890474528, 3472332531824356449, 3467895053655089200}}
        pid = <optimized out>
        tid = <optimized out>
#1  0x00007fe9bd16042a in __GI_abort () at abort.c:89
        save_stage = 2
        act = {__sigaction_handler = {sa_handler = 0xa20302030303a30, sa_sigaction = 0xa20302030303a30}, sa_mask = {__val = {
              3558237752655177271, 7306588112676728931, 3472386575481332281, 3467895053655089200, 2319406791620833328,
              2319389199435444272, 7090462661995280138, 7365405400577893681, 3486968509209131365, 2337418197644357680,
              3472328296227680304, 3467824696768081952, 7377522247255656992, 3975887029563438178, 3977912562749105510,
              140641734039760}}, sa_flags = 83, sa_restorer = 0x7fe9b49918d0}
        sigs = {__val = {32, 0 <repeats 15 times>}}
#2  0x00007fe9bd19cc00 in __libc_message (do_abort=do_abort@entry=2, fmt=fmt@entry=0x7fe9bd291fd0 "*** Error in `%s': %s: 0x%s ***\n")
    at ../sysdeps/posix/libc_fatal.c:175
        ap = {{gp_offset = 40, fp_offset = 1000, overflow_arg_area = 0x7fe9b49918e0, reg_save_area = 0x7fe9b4991870}}
        fd = 2
        on_2 = <optimized out>
        list = <optimized out>
        nlist = <optimized out>
        cp = <optimized out>
        written = <optimized out>
#3  0x00007fe9bd1a2fc6 in malloc_printerr (action=3, str=0x7fe9bd292098 "double free or corruption (out)", ptr=<optimized out>,
    ar_ptr=<optimized out>) at malloc.c:5049
        buf = "00007fe9ac0011c0"
        cp = <optimized out>
        ar_ptr = <optimized out>
        ptr = <optimized out>
        str = 0x7fe9bd292098 "double free or corruption (out)"
        action = 3
#4  0x00007fe9bd1a380e in _int_free (av=0x7fe9bd4c5b00 <main_arena>, p=0x7fe9ac0011b0, have_lock=0) at malloc.c:3905
        size = <optimized out>
        fb = <optimized out>
        nextchunk = <optimized out>
        nextsize = <optimized out>
        nextinuse = <optimized out>
        prevsize = <optimized out>
---Type <return> to continue, or q <return> to quit---
        bck = <optimized out>
        fwd = <optimized out>
        errstr = <optimized out>
        locked = <optimized out>
        __func__ = "_int_free"
#5  0x00007fe9bc0bd21d in speex_resampler_destroy () from /usr/lib/x86_64-linux-gnu/libspeexdsp.so.1
No symbol table info available.
#6  0x00007fe968345271 in ?? () from /usr/local/freeswitch/mod/mod_google_transcribe.so
No symbol table info available.
#7  0x00007fe9bf18cb76 in default_coef_probs_4x4 () from /usr/local/freeswitch/lib/libfreeswitch.so.1
No symbol table info available.
#8  0x0000000000000000 in ?? ()
No symbol table info available.

I have compiled freeswitch using this configure command ./configure --with-lws=yes --with-extra=yes CPPFLAGS='-g -O0' CXXFLAGS='-g -O0'

info locals of gdb:

(gdb) info locals
size = <optimized out>
fb = <optimized out>
nextchunk = <optimized out>
nextsize = <optimized out>
nextinuse = <optimized out>
prevsize = <optimized out>
bck = <optimized out>
fwd = <optimized out>
errstr = <optimized out>
locked = <optimized out>
__func__ = "_int_free"

Can you help me with this?

Chetan177 commented 3 years ago

As this line shows:

0x00007fe9bc0bd21d in speex_resampler_destroy () from /usr/lib/x86_64-linux-gnu/libspeexdsp.so.1

I checked the Freeswitch logs, my call is using PCMU 8KHz and It was getting resampled for the mod_google_transcribe bug to 16KHz, so i have changed all the hardcoded values in the google_glue.cpp from 16000 to 8000 and recompiled the module. This has fixed my issue for a specific call. but still need to fix this.

davehorton commented 3 years ago

can you show me the diff of your changes ?

Chetan177 commented 3 years ago

Here is the diff : 

+++ google_glue.cpp     2020-11-17 07:22:49.971140046 +0000
@@ -51,7 +51,7 @@
     }

                config->set_language_code(lang);
-       config->set_sample_rate_hertz(16000);
+       config->set_sample_rate_hertz(8000);
                config->set_encoding(RecognitionConfig::LINEAR16);

     // the rest of config comes from channel vars
@@ -294,8 +294,8 @@

       switch_mutex_init(&cb->mutex, SWITCH_MUTEX_NESTED, switch_core_session_get_pool(session));

-      if (samples_per_second != 16000) {
-          cb->resampler = speex_resampler_init(channels, samples_per_second, 16000, SWITCH_RESAMPLE_QUALITY, &err);
+      if (samples_per_second != 8000) {
+          cb->resampler = speex_resampler_init(channels, samples_per_second, 8000, SWITCH_RESAMPLE_QUALITY, &err);
         if (0 != err) {
            switch_log_printf(SWITCH_CHANNEL_SESSION_LOG(session), SWITCH_LOG_ERROR, "%s: Error initializing resampler: %s.\n",
                                  switch_channel_get_name(channel), speex_resampler_strerror(err));
@@ -410,4 +410,3 @@
       return SWITCH_TRUE;
     }
 }
-
davehorton commented 3 years ago

above fix has been applied