Summary: | ASTERISK-04095: Crash on SIP Register | ||
Reporter: | wasim baig (mirza) | Labels: | |
Date Opened: | 2005-05-06 08:31:15 | Date Closed: | 2005-06-20 23:07:12 |
Priority: | Critical | Regression? | No |
Status: | Closed/Complete | Components: | Channels/chan_sip/Registration |
Versions: | Frequency of Occurrence | ||
Related Issues: | |||
Environment: | Attachments: | ||
Description: | bigmac is a dual opteron 248 running gentoo 2005.0 x86_64, CVSHEAD Asterisk by itself is fine, until the Grandstream BT attempts to register to it, then it ceremoniously dumps. Happens everytime. System has 512MB ram, but only 1 DIMM, maybe thats the reason, I'm waiting for more RAM. If you turn off the SIP phones, everything is fine, * stays up. Asterisk Ready. *CLI> May 6 18:29:12 DEBUG[11443]: chan_sip.c:2589 sip_alloc: Allocating new SIP dialog for ee4c0a2957a22b7f@203.81.192.62 - REGISTER (No RTP) May 6 18:29:12 DEBUG[11443]: chan_sip.c:9114 handle_request: **** Received REGISTER (1) - Command in SIP REGISTER Killed ****** ADDITIONAL INFORMATION ****** #0 ast_copy_string (dst=0x67ceec "", src=0xac66de9f <Address 0xac66de9f out of bounds>, size=65) at utils.c:426 426 size--; (gdb) frame #0 ast_copy_string (dst=0x67ceec "", src=0xac66de9f <Address 0xac66de9f out of bounds>, size=65) at utils.c:426 426 size--; (gdb) bt #0 ast_copy_string (dst=0x67ceec "", src=0xac66de9f <Address 0xac66de9f out of bounds>, size=65) at utils.c:426 #1 0x00002aaaac3fe9be in handle_request (p=0x67c730, req=0x2aaaac66d9f0, sin=0x2aaaac66d9e0, recount=0x2aaaac66d854, nounlock=0x2aaaac66d858) at chan_sip.c:9138 #2 0x00002aaaac400343 in sipsock_read (id=0x67ceec, fd=-1402544481, events=256, ignore=0x0) at chan_sip.c:9287 #3 0x000000000040f158 in ast_io_wait (ioc=0x6245e0, howlong=-1402544485) at io.c:268 #4 0x00002aaaac408c24 in do_monitor (data=0x67ceec) at chan_sip.c:9434 ASTERISK-1 0x00002aaaaaccabb9 in pthread_start_thread () from /lib/libpthread.so.0 ASTERISK-2 0x00002aaaab54efa3 in clone () from /lib/libc.so.6 Cannot access memory at address 0x2aaaac66f000 | ||
Comments: | By: Michael Jerris (mikej) 2005-05-06 09:20:03 can you verify if this is only on x86_64 By: Kevin P. Fleming (kpfleming) 2005-05-06 11:07:13 Yeah, I don't see how this particular line of code could fail, unless 'from' contains an unterminated string and the addresses after it are not mapped into the process (i.e. not available). When this crash occurs, we will need you go into gdb on the core file, and go "up" one stack frame, then print out 'from' using: gdb> p from gdb> p *from By: wasim baig (mirza) 2005-05-06 11:29:38 a) tried recompiling * with -m32 using multilib, but that failed horribly, will continue trying b) tried the up, p from, p *from (but ... #0 ast_copy_string (dst=0x67cedc "", src=0xac66de9f <Address 0xac66de9f out of bounds>, size=65) at utils.c:426 426 size--; (gdb) frame #0 ast_copy_string (dst=0x67cedc "", src=0xac66de9f <Address 0xac66de9f out of bounds>, size=65) at utils.c:426 426 size--; (gdb) up #1 0x00002aaaac3fe9be in handle_request (p=0x67c720, req=0x2aaaac66d9f0, sin=0x2aaaac66d9e0, recount=0x2aaaac66d854, nounlock=0x2aaaac66d858) at chan_sip.c:9138 9138 ast_copy_string(p->theirtag, from, sizeof(p->theirtag)); (gdb) p from No symbol "from" in current context. (gdb) p *from No symbol "from" in current context. (gdb) ssh access can be arranged By: wasim baig (mirza) 2005-05-07 11:31:55 i got access to bigmac from outside, and tried to register another * box (bali) (bali console shows ad nauseum every 20s): Urgent handler Urgent handler May 7 21:19:10 NOTICE[30242]: chan_sip.c:4415 sip_reg_timeout: -- Registration for '100@' timed out, trying again May 7 21:19:10 WARNING[30242]: chan_sip.c:1538 create_addr: No such host: (bigmac console shows only once - before i even start up bali's asterisk) *CLI> May 7 21:18:10 DEBUG[6228]: chan_sip.c:2589 sip_alloc: Allocating new SIP dialog for (No Call-ID) - NOTIFY (No RTP) also, tried IAX, but that seems to be ok (bali) *CLI> -- Registered IAX2 to '69.73.19.178', who sees us as 203.81.198.185:4569 (bigmac) *CLI> May 7 21:27:41 DEBUG[6292]: chan_sip.c:2589 sip_alloc: Allocating new SIP dialog for (No Call-ID) - NOTIFY (No RTP) May 7 21:27:47 WARNING[6292]: chan_sip.c:863 retrans_pkt: Maximum retries exceeded on call 2dc1219b0ff4f270272665b719389c08@203.81.192.122 for seqno 102 (Non-critical Request) May 7 21:27:56 DEBUG[6292]: chan_sip.c:940 __sip_autodestruct: Auto destroying call '2dc1219b0ff4f270272665b719389c08@203.81.192.122' May 7 21:28:13 DEBUG[6294]: chan_iax2.c:968 update_max_nontrunk: New max nontrunk callno is 2 May 7 21:28:13 DEBUG[6294]: chan_iax2.c:1067 find_callno: Creating new call structure 1 May 7 21:28:13 DEBUG[6294]: chan_iax2.c:6338 socket_read: Received packet 0, (6, 13) May 7 21:28:13 DEBUG[6294]: chan_iax2.c:6525 socket_read: IAX subclass 13 received May 7 21:28:13 DEBUG[6294]: chan_iax2.c:8883 iax2_devicestate: Checking device state for device 100 May 7 21:28:13 DEBUG[6294]: chan_iax2.c:8890 iax2_devicestate: Found peer. Now checking device state for peer 100 May 7 21:28:13 DEBUG[6294]: pbx.c:1807 ast_device_state_changed: Changing state for IAX2/100 - state 1 Urgent handler May 7 21:28:13 DEBUG[6305]: app_queue.c:419 changethread: Device 'IAX2/100' changed to state '1' May 7 21:28:13 DEBUG[6305]: app_queue.c:449 changethread: Device 'IAX2/100' changed to state '1' May 7 21:28:13 DEBUG[6294]: chan_iax2.c:1468 send_packet: Sending 9 on 1/1 to 203.81.198.185:4569 May 7 21:28:13 DEBUG[6294]: chan_iax2.c:6338 socket_read: Received packet 1, (6, 13) May 7 21:28:13 DEBUG[6294]: chan_iax2.c:6428 socket_read: Cancelling transmission of packet 0 May 7 21:28:13 DEBUG[6294]: chan_iax2.c:6525 socket_read: IAX subclass 13 received May 7 21:28:13 DEBUG[6294]: chan_iax2.c:8883 iax2_devicestate: Checking device state for device 100 May 7 21:28:13 DEBUG[6294]: chan_iax2.c:8890 iax2_devicestate: Found peer. Now checking device state for peer 100 May 7 21:28:13 DEBUG[6294]: pbx.c:1807 ast_device_state_changed: Changing state for IAX2/100 - state 1 Urgent handler May 7 21:28:13 DEBUG[6306]: app_queue.c:419 changethread: Device 'IAX2/100' changed to state '1' May 7 21:28:13 DEBUG[6306]: app_queue.c:449 changethread: Device 'IAX2/100' changed to state '1' May 7 21:28:14 DEBUG[6294]: chan_iax2.c:1468 send_packet: Sending 59 on 1/1 to 203.81.198.185:4569 May 7 21:28:14 DEBUG[6294]: chan_iax2.c:6338 socket_read: Received packet 2, (6, 4) May 7 21:28:14 DEBUG[6294]: chan_iax2.c:6428 socket_read: Cancelling transmission of packet 1 May 7 21:28:14 DEBUG[6294]: chan_iax2.c:6437 socket_read: Really destroying 1, having been acked on final message will attempt a few calls on IAX just to make sure the rest of the stuff is ok ... anybody else with opterons seen something like this before? By: agoston (agoston) 2005-05-27 11:50:18 i have the same problem on an amd64. Even an X-lite crashes the *. Any solutions? I don't really want to switch to P4. By: Mark Spencer (markster) 2005-06-03 09:02:23 This should already be fixed in CVS head now, please confirm. By: agoston (agoston) 2005-06-04 11:01:34 It seems to work for me on amd64 with x-lite. I'll test it on monday with BT 100. By: Michael Jerris (mikej) 2005-06-04 13:03:21 This seems to have been resolved by the fix for other bugs. If you are able to reproduce it still in other situations, please reopen this bug report. |