Summary: | ASTERISK-04432: Problem with utils.c causes seg fault | ||
Reporter: | unknown | Labels: | |
Date Opened: | 2005-06-17 12:52:07 | Date Closed: | 2005-06-20 18:59:28 |
Priority: | Critical | Regression? | No |
Status: | Closed/Complete | Components: | Core/General |
Versions: | Frequency of Occurrence | ||
Related Issues: | |||
Environment: | Attachments: | ||
Description: | Latest CVS HEAD crashes while parsing sip messages. Happens after making a bunch of sip calls. Doesn't happen every time, but when it does, it seg faults. ****** ADDITIONAL INFORMATION ****** Here is core read out: #0 0x080c6402 in ast_skip_blanks (str=0x1 "") at utils.c:42 42 while (*str && *str < 33) (gdb) bt #0 0x080c6402 in ast_skip_blanks (str=0x1 "") at utils.c:42 #1 0x009f925a in reply_digest (p=0x9972208, req=0xb7d9a180, header=0xa0b4f6 "WWW-Authenticate", sipmethod=1, digest=0xb7d988f0 "", digest_len=1024) at chan_sip.c:7773 #2 0x009f8e3c in do_register_auth (p=0x9972208, req=0xb7d9a180, header=0xa0b4f6 "WWW-Authenticate", respheader=0xa0b13d "Authorization") at chan_sip.c:7708 #3 0x009fa04d in handle_response_register (p=0x9972208, resp=401, rest=0xb7d9a3a4 "Unauthorized", req=0xb7d9a180, ignore=0, seqno=106) at chan_sip.c:8062 #4 0x009fb5a3 in handle_response (p=0x9972208, resp=401, rest=0xb7d9a3a4 "Unauthorized", req=0xb7d9a180, ignore=0, seqno=106) at chan_sip.c:8356 ASTERISK-1 0x009ff46e in handle_request (p=0x9972208, req=0xb7d9a180, sin=0xb7d9a170, recount=0xb7d9a15c, nounlock=0xb7d9a160) at chan_sip.c:9296 ASTERISK-2 0x00a000bd in sipsock_read (id=0x990fe58, fd=42, events=1, ignore=0x0) at chan_sip.c:9479 ASTERISK-3 0x08054b51 in ast_io_wait (ioc=0x98efb80, howlong=1000) at io.c:272 ASTERISK-4 0x00a00833 in do_monitor (data=0x0) at chan_sip.c:9626 ASTERISK-5 0x002e93ae in __pthread_initialize_minimal () from /lib/tls/libpthread.so.0 ASTERISK-6 0x00232aee in clone () from /lib/tls/libc.so.6 | ||
Comments: | By: Andrew Lindh (andrew) 2005-06-17 13:43:01 I have the same problem....same utils.c:42 line and chan_sip.c:7773 Same WWW-Authenticate when asterisk is registering with FWD. If I disable the FWD register it does not crash.... Seems consistant in terms of it WILL crash in a few minutes after startup. I was just about to open a new bug, but I went to lunch and you beat me to it.... I can post bt full from make valgrind if needed. By: Brian West (bkw918) 2005-06-18 02:32:34 "bt full" and "info threads" if you can please. /b By: Andrew Lindh (andrew) 2005-06-18 07:40:50 (gdb) bt full #0 0x080c679b in ast_skip_blanks (str=0x1 <address 0x1 out of bounds>) at utils.c:42 No locals. #1 0x403af057 in reply_digest (p=0x4074d898, req=0xbebfe814, header=0x403c19e6 "WWW-Authenticate", sipmethod=1, digest=0xbebfcf84 "", digest_len=1024) at chan_sip.c:7773 tmp = "Digest realm=\"fwd.pulver.com\000, nonce=\"42b41b92a1ce3df0a27022f49eb04f02dbbbcea6\000, stale=true", '\0' <repeats 420 times> c = 0x1 <address 0x1 out of bounds> i = (const struct x *) 0xbebfcd20 keys = {{key = 0x403c391e "realm=", dst = 0x4074ec8c "fwd.pulver.com", dstlen = 64}, {key = 0x403c1a10 "nonce=", dst = 0x4074eccc "42b41b92a1ce3df0a27022f49eb04f02dbbbcea6", dstlen = 256}, {key = 0x403c3925 "opaque=", dst = 0x4074edcc "", dstlen = 256}, {key = 0x403c392d "qop=", dst = 0x4074eecc "", dstlen = 80}, {key = 0x403c3932 "domain=", dst = 0x4074ef1c "", dstlen = 64}, {key = 0x0, dst = 0x0, dstlen = 0}} #2 0x403aec4f in do_register_auth (p=0x4074d898, req=0xbebfe814, header=0x403c19e6 "WWW-Authenticate", respheader=0x403c15c5 "Authorization") at chan_sip.c:7708 digest = '\0' <repeats 1023 times> #3 0x403afe33 in handle_response_register (p=0x4074d898, resp=401, rest=0xbebfea38 "Unauthorized", req=0xbebfe814, ignore=0, seqno=106) at chan_sip.c:8062 expires = -1094724744 expires_ms = 70 r = (struct sip_registry *) 0x8180cd0 #4 0x403b138b in handle_response (p=0x4074d898, resp=401, rest=0xbebfea38 "Unauthorized", req=0xbebfe814, ignore=0, seqno=106) at chan_sip.c:8356 to = 0x0 msg = 0xbebfeb40 "REGISTER" c = 0xbebfeb3c "106 REGISTER" owner = (struct ast_channel *) 0x0 iabuf = "\000\000\000\000\000\000\000\000\200X$@ð¦\025\b" sipmethod = 1 res = 1 ASTERISK-1 0x403b5249 in handle_request (p=0x4074d898, req=0xbebfe814, sin=0xbebfe804, recount=0xbebfe7f0, nounlock=0xbebfe7f4) at chan_sip.c:9296 resp = {rlPart1 = 0x0, rlPart2 = 0x0, len = 0, headers = 0, method = 0, header = {0x0 <repeats 64 times>}, lines = 0, line = { 0x0 <repeats 64 times>}, data = '\0' <repeats 4095 times>} cmd = 0xbebfea2c "SIP/2.0" cseq = 0xbebfeb3c "106 REGISTER" from = 0x0 useragent = 0x403bee72 "" seqno = 106 len = 4 ignore = 0 respid = 401 res = 0 iabuf = "\022ó;@", '\0' <repeats 11 times> debug = 0 e = 0xbebfea34 "401 Unauthorized" ASTERISK-2 0x403b5e89 in sipsock_read (id=0x812bf38, fd=16, events=1, ignore=0x0) at chan_sip.c:9479 req = {rlPart1 = 0xbebfea2c "SIP/2.0", rlPart2 = 0xbebfea34 "401 Unauthorized", len = 468, headers = 9, method = 0, header = {0xbebfea2c "SIP/2.0", 0xbebfea46 "Via: SIP/2.0/UDP 204.213.176.139:5060;branch=z9hG4bK3a21d610", 0xbebfea84 "From: <sip:494263@fwd.pulver.com>;tag=as416ec65c", 0xbebfeab6 "To: <sip:494263@fwd.pulver.com>;tag=cb2000b247d89723001a836145f3b053.bd18", 0xbebfeb01 "Call-ID: 18404e404f78084a3ee8c665443e0e3f@127.0.0.1", 0xbebfeb36 "CSeq: 106 REGISTER", 0xbebfeb4a "WWW-Authenticate: Digest realm=\"fwd.pulver.com\", nonce=\"42b41b92a1ce3df0a27022f49eb04f02dbbbcea6\", stale=true", 0xbebfebb9 "Server: Sip EXpress router (0.8.14 (i386/linux))", 0xbebfebeb "Content-Length: 0", 0xbebfebfe "", 0x0 <repeats 54 times>}, lines = 0, line = {0xbebfec00 "", 0x0 <repeats 63 times>}, data = "SIP/2.0\000401 Unauthorized\000\000Via: SIP/2.0/UDP 204.213.176.139:5060;branch=z9hG4bK3a21d610\000\000From: <sip:494263@fwd.pulver.com>;tag=as416ec65c\000\000To: <sip:494263@fwd.pulver.com>;tag=cb2000b247d89723001a836145"...} sin = {sin_family = 2, sin_port = 50195, sin_addr = { s_addr = 1184586309}, sin_zero = "\000\000\000\000\000\000\000"} p = (struct sip_pvt *) 0x4074d898 res = 468 len = 16 nounlock = 0 recount = 0 debug = 0 iabuf = "\000\000\000\000Ü鿾\001꿾?꿾" ASTERISK-3 0x08055208 in ast_io_wait (ioc=0x8158f60, howlong=1000) at io.c:272 res = 1 x = 0 origcnt = 1 ASTERISK-4 0x403b65f6 in do_monitor (data=0x0) at chan_sip.c:9626 res = 1000 sip = (struct sip_pvt *) 0x0 peer = (struct sip_peer *) 0x0 t = 1119098167 fastrestart = 0 lastpeernum = -1 curpeernum = 189 reloading = 0 ASTERISK-5 0x40025e51 in pthread_start_thread () from /lib/libpthread.so.0 No symbol table info available. ASTERISK-6 0x401ed92a in clone () from /lib/libc.so.6 No symbol table info available. (gdb) info threads 19 process 16073 0x4002babb in read () from /lib/libpthread.so.0 18 process 16084 0x401e4ada in poll () from /lib/libc.so.6 17 process 16086 0x401e4ada in poll () from /lib/libc.so.6 16 process 16087 0x4002be88 in accept () from /lib/libpthread.so.0 15 process 16088 0x401e7081 in select () from /lib/libc.so.6 14 process 16089 0x4002babb in read () from /lib/libpthread.so.0 13 process 16091 0x4002babb in read () from /lib/libpthread.so.0 12 process 16093 0x401e7081 in select () from /lib/libc.so.6 11 process 16097 0x401e4ada in poll () from /lib/libc.so.6 10 process 16098 0x401e4ada in poll () from /lib/libc.so.6 9 process 16099 0x4002be88 in accept () from /lib/libpthread.so.0 8 process 16100 0x401e4ada in poll () from /lib/libc.so.6 7 process 16101 0x401e7081 in select () from /lib/libc.so.6 6 process 16102 0x401e4ada in poll () from /lib/libc.so.6 5 process 16103 0x401bddb6 in nanosleep () from /lib/libc.so.6 4 process 16104 0x401e4ada in poll () from /lib/libc.so.6 3 process 16105 0x401bddb6 in nanosleep () from /lib/libc.so.6 2 process 16299 0x401e4ada in poll () from /lib/libc.so.6 * 1 process 16096 0x080c679b in ast_skip_blanks ( str=0x1 <address 0x1 out of bounds>) at utils.c:42 (gdb) quit By: Mark Spencer (markster) 2005-06-18 11:39:14 Please confirm this is fixed in CVS head. It's very difficult to read the code as it was reimplemented in this function, but I at least fixed the base functions. By: Andrew Lindh (andrew) 2005-06-18 14:24:25 I updated....same problem...(here's the top of the new bt) (gdb) bt full #0 0x403be75b in ast_skip_blanks (str=0x1 <Address 0x1 out of bounds>) at utils.h:144 No locals. #1 0x403aef97 in reply_digest (p=0x81566f0, req=0xbebfe814, header=0x403c19c6 "WWW-Authenticate", sipmethod=1, digest=0xbebfcf84 "", digest_len=1024) at chan_sip.c:7773 tmp = "Digest realm=\"fwd.pulver.com\000, nonce=\"42b4797b1a52efae269ca9 79d4ee565b31914c43\000, stale=true", '\0' <repeats 420 times> c = 0x1 <Address 0x1 out of bounds> i = (const struct x *) 0xbebfcd20 keys = {{key = 0x403c38fe "realm=", dst = 0x8157ae4 "fwd.pulver.com", dstlen = 64}, {key = 0x403c19f0 "nonce=", dst = 0x8157b24 "42b4797b1a52efae269ca979d4ee565b31914c43", dstlen = 256}, {key = 0x403c3905 "opaque=", dst = 0x8157c24 "", dstlen = 256}, { key = 0x403c390d "qop=", dst = 0x8157d24 "", dstlen = 80}, { key = 0x403c3912 "domain=", dst = 0x8157d74 "", dstlen = 64}, {key = 0x0, dst = 0x0, dstlen = 0}} By: Mark Spencer (markster) 2005-06-18 19:33:38 Try my latest fix attempt. By: Mark Spencer (markster) 2005-06-18 19:39:13 Also, after updating to CVS head, if it still crashes, attach not just the new backtrace but also the sip debug so i can see what's triggering it. thanks! By: () 2005-06-18 23:36:26 Got the newest CVS Head and no more segfaults, however sip calls are not working at all now. Looking at the sip debug, it’s almost as though messaging is going out but it is getting stuck parsing the replies. Same thing happens with FWD and my sip to pstn termination provider. Full debug log doesn’t show anything out of the ordinary. Not sure what I can provide to help troubleshoot. Please advise. (FYI no config file changes made. This config worked perfectly before CVS Update on 6-17-2005) By: Andrew Lindh (andrew) 2005-06-19 08:11:11 Sorry, on cell phone today. I updated, no crashes but have same registration problems as above. No more crashes now, but does not work. By: Kevin P. Fleming (kpfleming) 2005-06-20 18:48:23 The final fix for this problem should be present in CVS HEAD now, please test again. Thanks! By: Kevin P. Fleming (kpfleming) 2005-06-20 18:59:14 Fix has already been committed to CVS HEAD. If the problem still occurs, please reopen this bug. |