[Home]

Summary:ASTERISK-04432: Problem with utils.c causes seg fault
Reporter:unknownLabels:
Date Opened:2005-06-17 12:52:07Date Closed:2005-06-20 18:59:28
Priority:CriticalRegression?No
Status:Closed/CompleteComponents:Core/General
Versions:Frequency of
Occurrence
Related
Issues:
Environment:Attachments:
Description:Latest CVS HEAD crashes while parsing sip messages.  Happens after making a bunch of sip calls.  Doesn't happen every time, but when it does, it seg faults.

****** ADDITIONAL INFORMATION ******

Here is core read out:

#0  0x080c6402 in ast_skip_blanks (str=0x1 "") at utils.c:42
42              while (*str && *str < 33)
(gdb) bt
#0  0x080c6402 in ast_skip_blanks (str=0x1 "") at utils.c:42
#1  0x009f925a in reply_digest (p=0x9972208, req=0xb7d9a180,
   header=0xa0b4f6 "WWW-Authenticate", sipmethod=1, digest=0xb7d988f0 "",
   digest_len=1024) at chan_sip.c:7773
#2  0x009f8e3c in do_register_auth (p=0x9972208, req=0xb7d9a180,
   header=0xa0b4f6 "WWW-Authenticate", respheader=0xa0b13d "Authorization")
   at chan_sip.c:7708
#3  0x009fa04d in handle_response_register (p=0x9972208, resp=401,
   rest=0xb7d9a3a4 "Unauthorized", req=0xb7d9a180, ignore=0, seqno=106)
   at chan_sip.c:8062
#4  0x009fb5a3 in handle_response (p=0x9972208, resp=401,
   rest=0xb7d9a3a4 "Unauthorized", req=0xb7d9a180, ignore=0, seqno=106)
   at chan_sip.c:8356
ASTERISK-1  0x009ff46e in handle_request (p=0x9972208, req=0xb7d9a180, sin=0xb7d9a170,
   recount=0xb7d9a15c, nounlock=0xb7d9a160) at chan_sip.c:9296
ASTERISK-2  0x00a000bd in sipsock_read (id=0x990fe58, fd=42, events=1, ignore=0x0)
   at chan_sip.c:9479
ASTERISK-3  0x08054b51 in ast_io_wait (ioc=0x98efb80, howlong=1000) at io.c:272
ASTERISK-4  0x00a00833 in do_monitor (data=0x0) at chan_sip.c:9626
ASTERISK-5  0x002e93ae in __pthread_initialize_minimal () from /lib/tls/libpthread.so.0
ASTERISK-6 0x00232aee in clone () from /lib/tls/libc.so.6
Comments:By: Andrew Lindh (andrew) 2005-06-17 13:43:01

I have the same problem....same utils.c:42 line and chan_sip.c:7773
Same WWW-Authenticate when asterisk is registering with FWD.

If I disable the FWD register it does not crash....
Seems consistant in terms of it WILL crash in a few minutes after startup.

I was just about to open a new bug, but I went to lunch and you beat me to it....

I can post bt full from make valgrind if needed.
By: Brian West (bkw918) 2005-06-18 02:32:34

"bt full" and "info threads" if you can please.

/b
By: Andrew Lindh (andrew) 2005-06-18 07:40:50

(gdb) bt full
#0  0x080c679b in ast_skip_blanks (str=0x1 <address 0x1 out of bounds>)
   at utils.c:42
No locals.
#1  0x403af057 in reply_digest (p=0x4074d898, req=0xbebfe814,
   header=0x403c19e6 "WWW-Authenticate", sipmethod=1, digest=0xbebfcf84 "",
   digest_len=1024) at chan_sip.c:7773
       tmp = "Digest realm=\"fwd.pulver.com\000, nonce=\"42b41b92a1ce3df0a27022f49eb04f02dbbbcea6\000, stale=true", '\0' <repeats 420 times>
       c = 0x1 <address 0x1 out of bounds>
       i = (const struct x *) 0xbebfcd20
       keys = {{key = 0x403c391e "realm=", dst = 0x4074ec8c "fwd.pulver.com",
   dstlen = 64}, {key = 0x403c1a10 "nonce=",
   dst = 0x4074eccc "42b41b92a1ce3df0a27022f49eb04f02dbbbcea6",
   dstlen = 256}, {key = 0x403c3925 "opaque=", dst = 0x4074edcc "",
   dstlen = 256}, {key = 0x403c392d "qop=", dst = 0x4074eecc "",
   dstlen = 80}, {key = 0x403c3932 "domain=", dst = 0x4074ef1c "",
   dstlen = 64}, {key = 0x0, dst = 0x0, dstlen = 0}}
#2  0x403aec4f in do_register_auth (p=0x4074d898, req=0xbebfe814,
   header=0x403c19e6 "WWW-Authenticate",
   respheader=0x403c15c5 "Authorization") at chan_sip.c:7708
       digest = '\0' <repeats 1023 times>
#3  0x403afe33 in handle_response_register (p=0x4074d898, resp=401,
   rest=0xbebfea38 "Unauthorized", req=0xbebfe814, ignore=0, seqno=106)
   at chan_sip.c:8062
       expires = -1094724744
       expires_ms = 70
       r = (struct sip_registry *) 0x8180cd0
#4  0x403b138b in handle_response (p=0x4074d898, resp=401,
   rest=0xbebfea38 "Unauthorized", req=0xbebfe814, ignore=0, seqno=106)
   at chan_sip.c:8356
       to = 0x0
       msg = 0xbebfeb40 "REGISTER"
       c = 0xbebfeb3c "106 REGISTER"
       owner = (struct ast_channel *) 0x0
       iabuf = "\000\000\000\000\000\000\000\000\200X$@ð¦\025\b"
       sipmethod = 1
       res = 1
ASTERISK-1  0x403b5249 in handle_request (p=0x4074d898, req=0xbebfe814,
   sin=0xbebfe804, recount=0xbebfe7f0, nounlock=0xbebfe7f4) at chan_sip.c:9296
       resp = {rlPart1 = 0x0, rlPart2 = 0x0, len = 0, headers = 0,
 method = 0, header = {0x0 <repeats 64 times>}, lines = 0, line = {
   0x0 <repeats 64 times>}, data = '\0' <repeats 4095 times>}
       cmd = 0xbebfea2c "SIP/2.0"
       cseq = 0xbebfeb3c "106 REGISTER"
       from = 0x0
       useragent = 0x403bee72 ""
       seqno = 106
       len = 4
       ignore = 0
       respid = 401
       res = 0
       iabuf = "\022ó;@", '\0' <repeats 11 times>
       debug = 0
       e = 0xbebfea34 "401 Unauthorized"
ASTERISK-2  0x403b5e89 in sipsock_read (id=0x812bf38, fd=16, events=1, ignore=0x0)
   at chan_sip.c:9479
       req = {rlPart1 = 0xbebfea2c "SIP/2.0",
 rlPart2 = 0xbebfea34 "401 Unauthorized", len = 468, headers = 9, method = 0,
 header = {0xbebfea2c "SIP/2.0",
   0xbebfea46 "Via: SIP/2.0/UDP 204.213.176.139:5060;branch=z9hG4bK3a21d610",
   0xbebfea84 "From: <sip:494263@fwd.pulver.com>;tag=as416ec65c",
   0xbebfeab6 "To: <sip:494263@fwd.pulver.com>;tag=cb2000b247d89723001a836145f3b053.bd18", 0xbebfeb01 "Call-ID: 18404e404f78084a3ee8c665443e0e3f@127.0.0.1",
   0xbebfeb36 "CSeq: 106 REGISTER",
   0xbebfeb4a "WWW-Authenticate: Digest realm=\"fwd.pulver.com\", nonce=\"42b41b92a1ce3df0a27022f49eb04f02dbbbcea6\", stale=true",
   0xbebfebb9 "Server: Sip EXpress router (0.8.14 (i386/linux))",
   0xbebfebeb "Content-Length: 0", 0xbebfebfe "", 0x0 <repeats 54 times>},
 lines = 0, line = {0xbebfec00 "", 0x0 <repeats 63 times>},
 data = "SIP/2.0\000401 Unauthorized\000\000Via: SIP/2.0/UDP 204.213.176.139:5060;branch=z9hG4bK3a21d610\000\000From: <sip:494263@fwd.pulver.com>;tag=as416ec65c\000\000To: <sip:494263@fwd.pulver.com>;tag=cb2000b247d89723001a836145"...}
       sin = {sin_family = 2, sin_port = 50195, sin_addr = {
   s_addr = 1184586309}, sin_zero = "\000\000\000\000\000\000\000"}
       p = (struct sip_pvt *) 0x4074d898
       res = 468
       len = 16
       nounlock = 0
       recount = 0
       debug = 0
       iabuf = "\000\000\000\000Ü鿾\001꿾?꿾"
ASTERISK-3  0x08055208 in ast_io_wait (ioc=0x8158f60, howlong=1000) at io.c:272
       res = 1
       x = 0
       origcnt = 1
ASTERISK-4  0x403b65f6 in do_monitor (data=0x0) at chan_sip.c:9626
       res = 1000
       sip = (struct sip_pvt *) 0x0
       peer = (struct sip_peer *) 0x0
       t = 1119098167
       fastrestart = 0
       lastpeernum = -1
       curpeernum = 189
       reloading = 0
ASTERISK-5  0x40025e51 in pthread_start_thread () from /lib/libpthread.so.0
No symbol table info available.
ASTERISK-6 0x401ed92a in clone () from /lib/libc.so.6
No symbol table info available.


(gdb) info threads
 19 process 16073  0x4002babb in read () from /lib/libpthread.so.0
 18 process 16084  0x401e4ada in poll () from /lib/libc.so.6
 17 process 16086  0x401e4ada in poll () from /lib/libc.so.6
 16 process 16087  0x4002be88 in accept () from /lib/libpthread.so.0
 15 process 16088  0x401e7081 in select () from /lib/libc.so.6
 14 process 16089  0x4002babb in read () from /lib/libpthread.so.0
 13 process 16091  0x4002babb in read () from /lib/libpthread.so.0
 12 process 16093  0x401e7081 in select () from /lib/libc.so.6
 11 process 16097  0x401e4ada in poll () from /lib/libc.so.6
 10 process 16098  0x401e4ada in poll () from /lib/libc.so.6
 9 process 16099  0x4002be88 in accept () from /lib/libpthread.so.0
 8 process 16100  0x401e4ada in poll () from /lib/libc.so.6
 7 process 16101  0x401e7081 in select () from /lib/libc.so.6
 6 process 16102  0x401e4ada in poll () from /lib/libc.so.6
 5 process 16103  0x401bddb6 in nanosleep () from /lib/libc.so.6
 4 process 16104  0x401e4ada in poll () from /lib/libc.so.6
 3 process 16105  0x401bddb6 in nanosleep () from /lib/libc.so.6
 2 process 16299  0x401e4ada in poll () from /lib/libc.so.6
* 1 process 16096  0x080c679b in ast_skip_blanks (
   str=0x1 <address 0x1 out of bounds>) at utils.c:42
(gdb) quit
By: Mark Spencer (markster) 2005-06-18 11:39:14

Please confirm this is fixed in CVS head.  It's very difficult to read the code as it was reimplemented in this function, but I at least fixed the base functions.
By: Andrew Lindh (andrew) 2005-06-18 14:24:25

I updated....same problem...(here's the top of the new bt)

(gdb) bt full
#0  0x403be75b in ast_skip_blanks (str=0x1 <Address 0x1 out of bounds>)
   at utils.h:144
No locals.
#1  0x403aef97 in reply_digest (p=0x81566f0, req=0xbebfe814,
   header=0x403c19c6 "WWW-Authenticate", sipmethod=1, digest=0xbebfcf84 "",
   digest_len=1024) at chan_sip.c:7773
       tmp = "Digest realm=\"fwd.pulver.com\000, nonce=\"42b4797b1a52efae269ca9
79d4ee565b31914c43\000, stale=true", '\0' <repeats 420 times>
       c = 0x1 <Address 0x1 out of bounds>
       i = (const struct x *) 0xbebfcd20
       keys = {{key = 0x403c38fe "realm=", dst = 0x8157ae4 "fwd.pulver.com",
   dstlen = 64}, {key = 0x403c19f0 "nonce=",
   dst = 0x8157b24 "42b4797b1a52efae269ca979d4ee565b31914c43", dstlen = 256},
 {key = 0x403c3905 "opaque=", dst = 0x8157c24 "", dstlen = 256}, {
   key = 0x403c390d "qop=", dst = 0x8157d24 "", dstlen = 80}, {
   key = 0x403c3912 "domain=", dst = 0x8157d74 "", dstlen = 64}, {key = 0x0,
   dst = 0x0, dstlen = 0}}
By: Mark Spencer (markster) 2005-06-18 19:33:38

Try my latest fix attempt.
By: Mark Spencer (markster) 2005-06-18 19:39:13

Also, after updating to CVS head, if it still crashes, attach not just the new backtrace but also the sip debug so i can see what's triggering it.  thanks!
By: () 2005-06-18 23:36:26

Got the newest CVS Head and no more segfaults, however sip calls are not working at all now.  Looking at the sip debug, it’s almost as though messaging is going out but it is getting stuck parsing the replies.  Same thing happens with FWD and my sip to pstn termination provider.  Full debug log doesn’t show anything out of the ordinary.  Not sure what I can provide to help troubleshoot.  Please advise.  (FYI no config file changes made.  This config worked perfectly before CVS Update on 6-17-2005)
By: Andrew Lindh (andrew) 2005-06-19 08:11:11

Sorry, on cell phone today.
I updated, no crashes but have same registration problems as above.
No more crashes now, but does not work.
By: Kevin P. Fleming (kpfleming) 2005-06-20 18:48:23

The final fix for this problem should be present in CVS HEAD now, please test again. Thanks!
By: Kevin P. Fleming (kpfleming) 2005-06-20 18:59:14

Fix has already been committed to CVS HEAD. If the problem still occurs, please reopen this bug.