Summary: | ASTERISK-02757: Cisco CID blocking cause crash | ||
Reporter: | Andrew Lindh (andrew) | Labels: | |
Date Opened: | 2004-11-07 15:33:27.000-0600 | Date Closed: | 2004-11-09 00:30:14.000-0600 |
Priority: | Critical | Regression? | No |
Status: | Closed/Complete | Components: | Core/General |
Versions: | Frequency of Occurrence | ||
Related Issues: | |||
Environment: | Attachments: | ( 0) sip-debug.txt | |
Description: | On a cisco 7960 SIP phone: When I set "Caller ID Blocking" to YES on the phone and then make a call it crashes Asterisk: asterisk*CLI> /usr/sbin/safe_asterisk: line 83: 13209 Killed asterisk ${CLIARGS} ${ASTARGS} 1>&/dev/${TTY} </dev/${TTY} Asterisk ended with exit status 137 Asterisk exited on signal 9. Automatically restarting Asterisk. ****** ADDITIONAL INFORMATION ****** Cisco phone software tested is SIP version 7.3 and 7.2 | ||
Comments: | By: Mark Spencer (markster) 2004-11-07 16:17:36.000-0600 Please provide a gdb backtrace in accordance with the bug guidelines which were highlighted in yellow when you went to place your bug report or find someone on IRC that can login to your machine and generate it for you, along with SIP debug again in accordance with the bug guidelines. By: Andrew Lindh (andrew) 2004-11-07 17:55:57.000-0600 # 0 0x403a7b80 in check_user_full (p=0x4065ba58, req=0xbeffe7a4, cmd=0xbeffe9b8 "INVITE", uri=0xbeffe9bf "sip:301@204.213.176.174", reliable=1, sin=0xbeffe794, ignore=0, mailbox=0x0, mailboxlen=320) at utils.h:21 # 1 0x4039de7c in handle_request (p=0x4065ba58, req=0xbeffe7a4, sin=0xbeffe794, recount=0x140, nounlock=0xbeffe72c) at chan_sip.c:5456 # 2 0x40399ecf in sipsock_read (id=0x81153f8, fd=13, events=1, ignore=0x0) at chan_sip.c:7640 # 3 0x08052700 in ast_io_wait (ioc=0x81145f0, howlong=320) at io.c:267 # 4 0x4039476c in do_monitor (data=0x0) at chan_sip.c:7788 # 5 0x40025e51 in pthread_start_thread () from /lib/libpthread.so.0 # 6 0x401ed69a in clone () from /lib/libc.so.6 See attached sip-debug.txt file also. edited on: 11-07-04 18:05 edited on: 11-07-04 18:05 By: Mark Spencer (markster) 2004-11-07 19:00:54.000-0600 Please update to latest CVS and run "make clean ; make valgrind" and then provide an updated backtrace. Thanks. By: Andrew Lindh (andrew) 2004-11-07 19:03:09.000-0600 Still crashes. 0 byte core file in /tmp after crash whith a make valgrind. What options/output would you like when I run it from valgrind? When I run it from valgrind it still dies and repeats forever: Ouch ... error while writing audio data: : Broken pipe edited on: 11-07-04 19:49 By: Brian West (bkw918) 2004-11-08 09:13:10.000-0600 well asterisk doesn't crash but you do get some intresting things. ACK sip:4238080@65.38.28.146 SIP/2.0 Via: SIP/2.0/UDP 65.38.28.157:5060;branch=z9hG4bK6aeb6c68 From: "Anonymous" <sip:Anonymous@65.38.28.146>;tag=000dbcd92c3834d4091e28f4-666f50fc To: <sip:4238080@65.38.28.146>;tag=as449d05ed Call-ID: 000dbcd9-2c3800a4-27c16773-241c1043@65.38.28.157 Date: Mon, 08 Nov 2004 15:12:06 GMT CSeq: 102 ACK Content-Length: 0 INVITE sip:4238080@65.38.28.146 SIP/2.0 Via: SIP/2.0/UDP 65.38.28.157:5060;branch=z9hG4bK6aeb6c68 From: "Anonymous" <sip:Anonymous@65.38.28.146>;tag=000dbcd92c3834d4091e28f4-666f50fc To: <sip:4238080@65.38.28.146> Call-ID: 000dbcd9-2c3800a4-27c16773-241c1043@65.38.28.157 Date: Mon, 08 Nov 2004 15:12:06 GMT CSeq: 102 INVITE User-Agent: CSCO/7 Contact: <sip:10@65.38.28.157:5060> Proxy-Authorization: Digest username="10",realm="bkw.org",uri="sip:65.38.28.146",response="f5e674c9e1dd07e4b14bef7ccffd7412",nonce="3dcc0b78",algorithm=md5 Expires: 180 Content-Type: application/sdp Content-Length: 247 :P By: Brian West (bkw918) 2004-11-08 09:15:24.000-0600 [Anonymous] type=user username=Anonymous callerid=Unknown <0000000000> context=default deny=0.0.0.0/0 permit=65.38.28.144/28 By: Mark Spencer (markster) 2004-11-08 09:57:45.000-0600 You need not run it *from* valgrind, just run "make clean ; make valgrind" and run normally. In that way I should be able to see the real location where the crash took place. By: Andrew Lindh (andrew) 2004-11-08 11:35:44.000-0600 0 length core was caused deleted open files filling /tmp space....reboot fixed that... # 0 0x403a613c in ast_strlen_zero (s=0x140 <Address 0x140 out of bounds>) at utils.h:22 No locals. # 1 0x4039803c in check_user_full (p=0x81bac80, req=0xbeffe824, cmd=0xbeffea38 "INVITE", uri=0xbeffea3f "sip:301@204.213.176.174", reliable=1, sin=0xbeffe814, ignore=0, mailbox=0x0, mailboxlen=0) at chan_sip.c:5414 user = (struct sip_user *) 0x0 peer = (struct sip_peer *) 0x813c348 of = 0xbeffd115 "Anonymous" from = "\"Anonymous\" <sip:Anonymous\000204.213.176.174\000;tag=003094c384f700087ddff7e6-508fa31a", '\0' <repeats 174 times> c = 0x0 rpid = 0x403a6519 "" rpid_num = '\0' <repeats 49 times> iabuf = '\0' <repeats 15 times> res = 0 t = 0xbeffea56 "" calleridname = "Anonymous", '\0' <repeats 40 times> debug = 0 # 2 0x40398354 in check_user (p=0x81bac80, req=0xbeffe824, cmd=0xbeffea38 "INVITE", uri=0xbeffea3f "sip:301@204.213.176.174", reliable=1, sin=0xbeffe814, ignore=0) at chan_sip.c:5456 No locals. # 3 0x4039eb7c in handle_request (p=0x81bac80, req=0xbeffe824, sin=0xbeffe814, recount=0xbeffe800, nounlock=0xbeffe804) at chan_sip.c:7183 resp = {rlPart1 = 0x0, rlPart2 = 0x0, len = 0, headers = 0, header = { 0x0 <repeats 64 times>}, lines = 0, line = {0x0 <repeats 64 times>}, data = '\0' <repeats 4095 times>} cmd = 0xbeffea38 "INVITE" cseq = 0xbeffeb98 " INVITE" from = 0x0 e = 0xbeffea3f "sip:301@204.213.176.174" useragent = 0xbeffebad "CSCO/7" c = (struct ast_channel *) 0x0 transfer_to = (struct ast_channel *) 0x0 seqno = 102 len = 3 ignore = 0 respid = 200 res = 1 gotdest = 0 iabuf = '\0' <repeats 15 times> af = {frametype = 5, subclass = 0, datalen = 0, samples = 0, mallocd = 0, offset = 0, src = 0x0, data = 0x0, delivery = {tv_sec = 0, tv_usec = 0}, prev = 0x0, next = 0x0} debug = 0 # 4 0x403a09a3 in sipsock_read (id=0x810f488, fd=13, events=1, ignore=0x0) at chan_sip.c:7640 req = {rlPart1 = 0xbeffea38 "INVITE", rlPart2 = 0xbeffea3f "sip:301@204.213.176.174", len = 907, headers = 13, header = {0xbeffea38 "INVITE", 0xbeffea6b "Via: SIP/2.0/UDP 204.213.176.211:5060;branch=z9hG4bK574a1dfa", 0xbeffeaa9 "From: \"Anonymous\" <sip:Anonymous@204.213.176.174>;tag=003094c384f700087ddff7e6-508fa31a", 0xbeffeb02 "To: <sip:301@204.213.176.174;user=phone>", 0xbeffeb2c "Call-ID: 003094c3-84f7000d-0d9bd8dc-72180935@204.213.176.211", 0xbeffeb6a "Date: Mon, 08 Nov 2004 17:30:34 GMT", 0xbeffeb8f "CSeq: 102 INVITE", 0xbeffeba1 "User-Agent: CSCO/7", 0xbeffebb5 "Contact: <sip:311f@204.213.176.211:5060>", 0xbeffebdf "Proxy-Authorization: Digest username=\"311f\",realm=\"asterisk\",uri=\"sip:204.213.176.174\",response=\"43de4a29cc62d73ebc321abca1d7dcec\",nonce=\"57fa31a6\",algorithm=md5", 0xbeffec82 "Expires: 180", 0xbeffec90 "Content-Type: application/sdp", 0xbeffecaf "Content-Length: 253", 0xbeffecc4 "", 0x0 <repeats 50 times>}, lines = 11, line = {0xbeffecc6 "v=0", 0xbeffeccb "o=Cisco-SIPUA 25447 10476 IN IP4 204.213.176.211", 0xbeffecfd "s=SIP Call", 0xbeffed09 "c=IN IP4 204.213.176.211", 0xbeffed23 "t=0 0", 0xbeffed2a "m=audio 30746 RTP/AVP 0 8 18 101", 0xbeffed4c "a=rtpmap:0 PCMU/8000", 0xbeffed62 "a=rtpmap:8 PCMA/8000", 0xbeffed78 "a=rtpmap:18 G729/8000", 0xbeffed8f "a=rtpmap:101 telephone-event/8000", 0xbeffedb2 "a=fmtp:101 0-15", 0xbeffedc3 "", 0x0 <repeats 52 times>}, data = "INVITE\000sip:301@204.213.176.174\000user=phone\000SIP/2.0\000\000Via: SIP/2.0/UDP 204.213.176.211:5060;branch=z9hG4bK574a1dfa\000\000From: \"Anonymous\" <sip:Anonymous@204.213.176.174>;tag=003094c384f700087ddff7e6-508fa31a"...} sin = {sin_family = 2, sin_port = 50195, sin_addr = { s_addr = 3551581644}, sin_zero = "\000\000\000\000\000\000\000"} p = (struct sip_pvt *) 0x81bac80 res = 907 len = 16 nounlock = 0 recount = 0 debug = 0 # 5 0x08052e09 in ast_io_wait (ioc=0x810e680, howlong=1000) at io.c:267 res = 1 x = 0 origcnt = 1 # 6 0x403a10e6 in do_monitor (data=0x0) at chan_sip.c:7788 res = 1000 sip = (struct sip_pvt *) 0x0 peer = (struct sip_peer *) 0x0 t = 1099935030 fastrestart = 0 lastpeernum = -1 curpeernum = 57 reloading = 0 # 7 0x40025e51 in pthread_start_thread () from /lib/libpthread.so.0 No symbol table info available. # 8 0x401ed69a in clone () from /lib/libc.so.6 No symbol table info available. By: Andrew Lindh (andrew) 2004-11-08 12:30:01.000-0600 If a NULL pointer is sent to ast_strlen_zero() then it will segfault asterisk. A non-NULL but still out of range pointer will also cause the same problem.... You could account for the NULL by using: static inline int ast_strlen_zero(const char *s) { if (s) return (*s == '\0'); else return(-1); } but still does not account for a bad pointer.... By: Brian West (bkw918) 2004-11-08 16:21:07.000-0600 doesn't crash for me.. what gcc are you using? bkw By: Mark Spencer (markster) 2004-11-08 16:27:31.000-0600 ast_strlen_zero is exactly the way it's supposed to be and should NOT check for NULL. This is still not CVS head, however, since those lines numbers do not jive with current CVS head. You either need to update to latest head or you need to find me on IRC so I can login to your system and see what those line numbers map to. By: Andrew Lindh (andrew) 2004-11-08 17:04:24.000-0600 CVS-HEAD-11/08/04-17:59:00 Linux asterisk 2.6.7-1-686-smp #1 SMP Thu Jul 8 06:08:37 EDT 2004 i686 GNU/Linux gcc -v Reading specs from /usr/lib/gcc-lib/i486-linux/3.3.4/specs Configured with: ../src/configure -v --enable-languages=c,c++,java,f77,pascal,objc,ada,treelang --prefix=/usr --mandir=/usr/share/man --infodir=/usr/share/info --with-gxx-include-dir=/usr/include/c++/3.3 --enable-shared --with-system-zlib --enable-nls --without-included-gettext --enable-__cxa_atexit --enable-clocale=gnu --enable-debug --enable-java-gc=boehm --enable-java-awt=xlib --enable-objc-gc i486-linux Thread model: posix gcc version 3.3.4 (Debian 1:3.3.4-6sarge1) # 0 0x403a634a in ast_strlen_zero (s=0x140 <Address 0x140 out of bounds>) at utils.h:22 # 1 0x403980ab in check_user_full (p=0x814f198, req=0xbeffe824, cmd=0xbeffea38 "INVITE", uri=0xbeffea3f "sip:301@204.213.176.174", reliable=1, sin=0xbeffe814, ignore=0, mailbox=0x0, mailboxlen=0) at chan_sip.c:5420 # 2 0x403983c3 in check_user (p=0x814f198, req=0xbeffe824, cmd=0xbeffea38 "INVITE", uri=0xbeffea3f "sip:301@204.213.176.174", reliable=1, sin=0xbeffe814, ignore=0) at chan_sip.c:5462 # 3 0x4039ed1c in handle_request (p=0x814f198, req=0xbeffe824, sin=0xbeffe814, recount=0xbeffe800, nounlock=0xbeffe804) at chan_sip.c:7205 # 4 0x403a0b43 in sipsock_read (id=0x814a120, fd=13, events=1, ignore=0x0) at chan_sip.c:7662 # 5 0x08052e09 in ast_io_wait (ioc=0x8110620, howlong=1000) at io.c:267 # 6 0x403a1286 in do_monitor (data=0x0) at chan_sip.c:7810 # 7 0x40025e51 in pthread_start_thread () from /lib/libpthread.so.0 # 8 0x401ed69a in clone () from /lib/libc.so.6 By: Mark Spencer (markster) 2004-11-08 21:36:39.000-0600 Nevermind... Fixed in CVS By: Russell Bryant (russell) 2004-11-09 00:30:14.000-0600 not an issue with 1.0 as far as i know |