| Summary: | ASTERISK-04166: crash during user register request when using realtime | ||
| Reporter: | laureen (laureen) | Labels: | |
| Date Opened: | 2005-05-14 11:09:11 | Date Closed: | 2008-01-15 15:34:47.000-0600 |
| Priority: | Critical | Regression? | No |
| Status: | Closed/Complete | Components: | Channels/chan_iax2 |
| Versions: | Frequency of Occurrence | ||
| Related Issues: | |||
| Environment: | Attachments: | ( 0) bt2.txt | |
| Description: | When using Realtime for iax users and a users tries to register from another asterisk box with the register => fred:<freds_password>@<ip_of_crashing_asterisk> command in iax.conf, the asterisk that he wants to register to, crashes with core dump ****** ADDITIONAL INFORMATION ****** - no difference between iax.conf setting "rtcachefirend" to yes or no - could see on mysql log that asterisk sends the request to get the user's data: "select * from iax_users where name='fred'" - using Fedora Core 3 (latest updates), MySQL 3.23.58 | ||
| Comments: | By: laureen (laureen) 2005-05-14 16:20:45 this one is _NOT_ the same issue than bug 4140!!!! there is no query loop, just one single query and then it crashes. By: Mark Spencer (markster) 2005-05-14 17:50:32 Please read the bug guidelines and attach a bug trace. By: laureen (laureen) 2005-05-15 06:01:06 Here's the debug output when registering: May 15 12:56:20 DEBUG[3940] res_config_mysql.c: MySQL RealTime: Retrieve SQL: SELECT * FROM iax_users WHERE name = 'fred' May 15 12:56:20 DEBUG[3940] res_config_mysql.c: MySQL RealTime: Everything is fine. May 15 12:56:20 DEBUG[3940] acl.c: 10.0.0.3/255.255.255.255/255.255.255.255 appended to acl for peer May 15 12:56:20 DEBUG[3940] acl.c: 0.0.0.0/0.0.0.0/0.0.0.0 appended to acl for peer and here's the backtrace of the core: #0 realtime_peer (peername=0x811c2f8 "\030Ã\021\b\035Ã\021\b") at chan_iax2.c:2597 var = (struct ast_variable *) 0x81280c0 tmp = (struct ast_variable *) 0x811c2f8 peer = (struct iax2_peer *) 0x0 regseconds = 0 nowtime = 11578503 dynamic = 1 __PRETTY_FUNCTION__ = "realtime_peer" #1 0xb496c9fb in register_verify (callno=1, sin=0xb4957390, ies=0x0) at chan_iax2.c:804 md5 = {buf = {0, 0, 0, 0}, bits = {0, 0}, in = '\0' <repeats 63 times>} digest = '\0' <repeats 15 times> stringp = 0x0 requeststr = '\0' <repeats 255 times> peer = "fred", '\0' <repeats 251 times> md5secret = '\0' <repeats 255 times> rsasecret = '\0' <repeats 255 times> secret = '\0' <repeats 255 times> iabuf = '\0' <repeats 15 times> key = (struct ast_key *) 0x0 keyn = 0x0 x = 0 expire = 1833 __PRETTY_FUNCTION__ = "register_verify" #2 0xb496f7c9 in socket_read (id=0x8142ec0, fd=26, events=1, cbdata=0x8142cc8) at chan_iax2.c:7169 sin = {sin_family = 2, sin_port = 55569, sin_addr = {s_addr = 50331658}, sin_zero = "\000\000\000\000\000\000\000"} res = 22 updatehistory = 0 new = 1 buf = "\200\001\000\000\000\000\000\020\000\000\006\r\000\004fred\000\002\000<", '\0' <repeats 2926 times>, "\207¬°\000\000\000\000\000ìC\230´\000\000\000\0000J\004@´Q\230´\236e\226´´Q\230´0J\004@\204o\225´", '\0' <repeats 36 times>, "´Q\230´\000\000\000\000\000\000\000\000\210o\225´", '\0' <repeats 20 times>, "\001\000\000\000Ô*\207B|\231\a", '\0' <repeats 893 times>, "¤>\223", '\0' <repeats 45 times>, " -\024\b\000\230\237\000 \000\000\000\000\230\237\000°s\225´áÃ\236\000\000\000\000\000\000\000\000\0008\230\237", '\0' <repeats 48 times> ptr = 0xb49551c0 "" len = 16 dcallno = 0 fh = (struct ast_iax2_full_hdr *) 0xb496f703 dblbuf = '\0' <repeats 4095 times> fr = {sockfd = 0, callno = 1, dcallno = 0, data = 0x0, datalen = 0, retries = 0, ts = 16, retrytime = 0, outoforder = 0, sentyet = 0, oseqno = 0, iseqno = 0, transfer = 0, final = 0, direction = 0, retrans = 0, next = 0x0, prev = 0x0, af = {frametype = 0, subclass = 0, datalen = 0, samples = 0, mallocd = 0, offset = 0, src = 0x0, data = 0x0, delivery = {tv_sec = 0, tv_usec = 0}, prev = 0x0, next = 0x0}, unused = '\0' <repeats 63 times>, afdata = 0xb4955384 ""} cur = (struct iax_frame *) 0xb496f703 iabuf = '\0' <repeats 15 times> f = {frametype = 6, subclass = 13, datalen = 10, samples = 0, mallocd = 0, offset = 0, src = 0x0, data = 0x0, delivery = {tv_sec = 0, tv_usec = 0}, prev = 0x0, next = 0x0} c = (struct ast_channel *) 0x729 dp = (struct iax2_dpcache *) 0xb49551c0 tpeer = (struct iax2_trunk_peer *) 0xb49552d0 rxtrunktime = {tv_sec = 0, tv_usec = 0} ies = {called_number = 0x0, calling_number = 0x0, calling_ani = 0x0, calling_name = 0x0, calling_ton = -1, calling_tns = -1, calling_pres = -1, called_context = 0x0, username = 0xb495639e "fred", password = 0x0, capability = 0, format = 0, codec_prefs = 0x0, language = 0x0, version = 0, adsicpe = 0, dnid = 0x0, rdnis = 0x0, authmethods = 0, encmethods = 0, challenge = 0x0, md5_result = 0x0, rsa_result = 0x0, apparent_addr = 0x0, refresh = 60, dpstatus = 0, callno = 0, cause = 0x0, causecode = 0 '\0', iax_unknown = 0 '\0', msgcount = -1, autoanswer = 0, musiconhold = 0, transferid = 0, datetime = 0, devicetype = 0x0, serviceident = 0x0, firmwarever = -1, fwdesc = 0, fwdata = 0x0, fwdatalen = 0 '\0', enckey = 0x0, enckeylen = 0 '\0', provver = 0, samprate = 1, provverpres = 0, rr_jitter = 0, rr_loss = 0, rr_pkts = 0, rr_delay = 0, rr_dropped = 0, rr_ooo = 0} ied0 = {buf = '\0' <repeats 1023 times>, pos = 0} ied1 = {buf = '\0' <repeats 1023 times>, pos = 0} format = -1265174781 exists = -1265174781 minivid = 0 empty = '\0' <repeats 31 times> host_pref_buf = '\0' <repeats 127 times> caller_pref_buf = '\0' <repeats 127 times> pref = {order = '\0' <repeats 31 times>} rpref = {order = '\0' <repeats 31 times>} __PRETTY_FUNCTION__ = "socket_read" #3 0x0805440f in ast_io_wait (ioc=0x811a320, howlong=1833) at io.c:268 res = 1 x = 0 origcnt = 2 #4 0xb4966e94 in network_thread (ignore=0x0) at chan_iax2.c:7753 res = 1833 f = (struct iax_frame *) 0x811a320 freeme = (struct iax_frame *) 0x3e8 ASTERISK-1 0x00b09341 in start_thread () from /lib/tls/libpthread.so.0 No symbol table info available. ASTERISK-2 0x00998fee in clone () from /lib/tls/libc.so.6 No symbol table info available. By: Kevin P. Fleming (kpfleming) 2005-05-15 12:09:07 Unfortunately the Wiki notes on making a backtrace are incomplete... It is necessary to build Asterisk with "make valgrind" so that there is no compiler optimization used, otherwise the backtrace is not correct. In this example, the trace shows register_verify() directly calling realtime_peer(), which does not actually exist in the code. Please use "make valgrind" to build your Asterisk binary, and send a new backtrace after you have reproduced the problem. By: laureen (laureen) 2005-05-15 14:52:06 i did a complete, fresh checkout of the CVS and recompiled everything (zaptel, libpri, asterisk and asterisk-addons) and reproduced the crash, you can find the backtrace in attached file "bt2.txt". hope it's resolvable, please tell me if you need to know something else! thank you in advance for your great work on asterisk!!! regards, roland By: Kevin P. Fleming (kpfleming) 2005-05-15 15:56:14 Yes, that backtrace was extremely helpful. I found some problems in the realtime_peer and realtime_user functions in chan_iax2.c, and have committed fixes for them to CVS HEAD. Note that you would only see this problem if the realtime database is returning a 'type=user' entry when you are doing a peer lookup (or vice-versa), so you have some other configuration problem to correct as well, but at least it exposed this coding problem. Thanks for the report and the followups! By: Digium Subversion (svnbot) 2008-01-15 15:34:47.000-0600 Repository: asterisk Revision: 5680 U trunk/channels/chan_iax2.c ------------------------------------------------------------------------ r5680 | kpfleming | 2008-01-15 15:34:46 -0600 (Tue, 15 Jan 2008) | 2 lines fix segfaults in realtime_peer/realtime_user when wrong-type realtime entry is loaded (bug ASTERISK-4166) ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=5680 | ||