[Home]

Summary:ASTERISK-04095: Crash on SIP Register
Reporter:wasim baig (mirza)Labels:
Date Opened:2005-05-06 08:31:15Date Closed:2005-06-20 23:07:12
Priority:CriticalRegression?No
Status:Closed/CompleteComponents:Channels/chan_sip/Registration
Versions:Frequency of
Occurrence
Related
Issues:
Environment:Attachments:
Description:bigmac is a dual opteron 248 running gentoo 2005.0 x86_64, CVSHEAD

Asterisk by itself is fine, until the Grandstream BT attempts to register to it, then it ceremoniously dumps. Happens everytime. System has 512MB ram, but only 1 DIMM, maybe thats the reason, I'm waiting for more RAM. If you turn off the SIP phones, everything is fine, * stays up.

Asterisk Ready.
*CLI> May  6 18:29:12 DEBUG[11443]: chan_sip.c:2589 sip_alloc: Allocating new SIP dialog for ee4c0a2957a22b7f@203.81.192.62 - REGISTER (No RTP)
May  6 18:29:12 DEBUG[11443]: chan_sip.c:9114 handle_request: **** Received REGISTER (1) - Command in SIP REGISTER
Killed

****** ADDITIONAL INFORMATION ******

#0  ast_copy_string (dst=0x67ceec "", src=0xac66de9f <Address 0xac66de9f out of bounds>, size=65) at utils.c:426
426                     size--;

(gdb) frame
#0  ast_copy_string (dst=0x67ceec "", src=0xac66de9f <Address 0xac66de9f out of bounds>, size=65) at utils.c:426
426                     size--;

(gdb) bt
#0  ast_copy_string (dst=0x67ceec "", src=0xac66de9f <Address 0xac66de9f out of bounds>, size=65) at utils.c:426
#1  0x00002aaaac3fe9be in handle_request (p=0x67c730, req=0x2aaaac66d9f0, sin=0x2aaaac66d9e0, recount=0x2aaaac66d854,
   nounlock=0x2aaaac66d858) at chan_sip.c:9138
#2  0x00002aaaac400343 in sipsock_read (id=0x67ceec, fd=-1402544481, events=256, ignore=0x0) at chan_sip.c:9287
#3  0x000000000040f158 in ast_io_wait (ioc=0x6245e0, howlong=-1402544485) at io.c:268
#4  0x00002aaaac408c24 in do_monitor (data=0x67ceec) at chan_sip.c:9434
ASTERISK-1  0x00002aaaaaccabb9 in pthread_start_thread () from /lib/libpthread.so.0
ASTERISK-2  0x00002aaaab54efa3 in clone () from /lib/libc.so.6
Cannot access memory at address 0x2aaaac66f000
Comments:By: Michael Jerris (mikej) 2005-05-06 09:20:03

can you verify if this is only on x86_64
By: Kevin P. Fleming (kpfleming) 2005-05-06 11:07:13

Yeah, I don't see how this particular line of code could fail, unless 'from' contains an unterminated string and the addresses after it are not mapped into the process (i.e. not available).

When this crash occurs, we will need you go into gdb on the core file, and go "up" one stack frame, then print out 'from' using:

gdb> p from
gdb> p *from
By: wasim baig (mirza) 2005-05-06 11:29:38

a) tried recompiling * with -m32 using multilib, but that failed horribly, will continue trying

b) tried the up, p from, p *from (but ...

#0  ast_copy_string (dst=0x67cedc "", src=0xac66de9f <Address 0xac66de9f out of bounds>, size=65) at utils.c:426
426                     size--;
(gdb) frame
#0  ast_copy_string (dst=0x67cedc "", src=0xac66de9f <Address 0xac66de9f out of bounds>, size=65) at utils.c:426
426                     size--;
(gdb) up
#1  0x00002aaaac3fe9be in handle_request (p=0x67c720, req=0x2aaaac66d9f0, sin=0x2aaaac66d9e0, recount=0x2aaaac66d854,
   nounlock=0x2aaaac66d858) at chan_sip.c:9138
9138                            ast_copy_string(p->theirtag, from, sizeof(p->theirtag));
(gdb) p from
No symbol "from" in current context.
(gdb) p *from
No symbol "from" in current context.
(gdb)

ssh access can be arranged
By: wasim baig (mirza) 2005-05-07 11:31:55

i got access to bigmac from outside, and tried to register another * box (bali)

(bali console shows ad nauseum every 20s):
Urgent handler
Urgent handler
May  7 21:19:10 NOTICE[30242]: chan_sip.c:4415 sip_reg_timeout:    -- Registration for '100@' timed out, trying again
May  7 21:19:10 WARNING[30242]: chan_sip.c:1538 create_addr: No such host:

(bigmac console shows only once - before i even start up bali's asterisk)
*CLI> May  7 21:18:10 DEBUG[6228]: chan_sip.c:2589 sip_alloc: Allocating new SIP dialog for (No Call-ID) - NOTIFY (No RTP)

also, tried IAX, but that seems to be ok
(bali)
*CLI>     -- Registered IAX2 to '69.73.19.178', who sees us as 203.81.198.185:4569

(bigmac)
*CLI> May  7 21:27:41 DEBUG[6292]: chan_sip.c:2589 sip_alloc: Allocating new SIP dialog for (No Call-ID) - NOTIFY (No RTP)
May  7 21:27:47 WARNING[6292]: chan_sip.c:863 retrans_pkt: Maximum retries exceeded on call 2dc1219b0ff4f270272665b719389c08@203.81.192.122 for seqno 102 (Non-critical Request)
May  7 21:27:56 DEBUG[6292]: chan_sip.c:940 __sip_autodestruct: Auto destroying call '2dc1219b0ff4f270272665b719389c08@203.81.192.122'
May  7 21:28:13 DEBUG[6294]: chan_iax2.c:968 update_max_nontrunk: New max nontrunk callno is 2
May  7 21:28:13 DEBUG[6294]: chan_iax2.c:1067 find_callno: Creating new call structure 1
May  7 21:28:13 DEBUG[6294]: chan_iax2.c:6338 socket_read: Received packet 0, (6, 13)
May  7 21:28:13 DEBUG[6294]: chan_iax2.c:6525 socket_read: IAX subclass 13 received
May  7 21:28:13 DEBUG[6294]: chan_iax2.c:8883 iax2_devicestate: Checking device state for device 100
May  7 21:28:13 DEBUG[6294]: chan_iax2.c:8890 iax2_devicestate: Found peer. Now checking device state for peer 100
May  7 21:28:13 DEBUG[6294]: pbx.c:1807 ast_device_state_changed: Changing state for IAX2/100 - state 1
Urgent handler
May  7 21:28:13 DEBUG[6305]: app_queue.c:419 changethread: Device 'IAX2/100' changed to state '1'
May  7 21:28:13 DEBUG[6305]: app_queue.c:449 changethread: Device 'IAX2/100' changed to state '1'
May  7 21:28:13 DEBUG[6294]: chan_iax2.c:1468 send_packet: Sending 9 on 1/1 to 203.81.198.185:4569
May  7 21:28:13 DEBUG[6294]: chan_iax2.c:6338 socket_read: Received packet 1, (6, 13)
May  7 21:28:13 DEBUG[6294]: chan_iax2.c:6428 socket_read: Cancelling transmission of packet 0
May  7 21:28:13 DEBUG[6294]: chan_iax2.c:6525 socket_read: IAX subclass 13 received
May  7 21:28:13 DEBUG[6294]: chan_iax2.c:8883 iax2_devicestate: Checking device state for device 100
May  7 21:28:13 DEBUG[6294]: chan_iax2.c:8890 iax2_devicestate: Found peer. Now checking device state for peer 100
May  7 21:28:13 DEBUG[6294]: pbx.c:1807 ast_device_state_changed: Changing state for IAX2/100 - state 1
Urgent handler
May  7 21:28:13 DEBUG[6306]: app_queue.c:419 changethread: Device 'IAX2/100' changed to state '1'
May  7 21:28:13 DEBUG[6306]: app_queue.c:449 changethread: Device 'IAX2/100' changed to state '1'
May  7 21:28:14 DEBUG[6294]: chan_iax2.c:1468 send_packet: Sending 59 on 1/1 to 203.81.198.185:4569
May  7 21:28:14 DEBUG[6294]: chan_iax2.c:6338 socket_read: Received packet 2, (6, 4)
May  7 21:28:14 DEBUG[6294]: chan_iax2.c:6428 socket_read: Cancelling transmission of packet 1
May  7 21:28:14 DEBUG[6294]: chan_iax2.c:6437 socket_read: Really destroying 1, having been acked on final message

will attempt a few calls on IAX just to make sure the rest of the stuff is ok ... anybody else with opterons seen something like this before?
By: agoston (agoston) 2005-05-27 11:50:18

i have the same problem on an amd64. Even an X-lite crashes the *. Any solutions? I don't really want to switch to P4.
By: Mark Spencer (markster) 2005-06-03 09:02:23

This should already be fixed in CVS head now, please confirm.
By: agoston (agoston) 2005-06-04 11:01:34

It seems to work for me on amd64 with x-lite. I'll test it on monday with BT 100.
By: Michael Jerris (mikej) 2005-06-04 13:03:21

This seems to have been resolved by the fix for other bugs.  If you are able to reproduce it still in other situations, please reopen this bug report.