| Summary: | ASTERISK-06025: chan_sip schedules destruction of subscription twice (causes crash) | ||
| Reporter: | Philip Walls (malverian) | Labels: | |
| Date Opened: | 2006-01-09 18:06:41.000-0600 | Date Closed: | 2006-01-28 06:55:56.000-0600 |
| Priority: | Critical | Regression? | No |
| Status: | Closed/Complete | Components: | Channels/chan_sip/General |
| Versions: | Frequency of Occurrence | ||
| Related Issues: | |||
| Environment: | Attachments: | ||
| Description: | It appears that the chan_sip __sip_destroy method is scheduling the destruction of calls that have already been destroyed. This results in a double-free and a corrupted stack (no backtrace). Initially I believed that this problem was only occuring when the owner was in place, but the most recent crash disproves that theory. This problem has been an issue for me since I began using Asterisk (pre-1.2 CVS) through 1.2.0 and 1.2.1. I have other logs available if you believe they will be of any use. This problem may be brought out by our inhouse developed SIP phone. We use that phone along with about 30x SNOM 320 phones. If the SIP phone is required to reproduce this bug, I should be able to provide you with a Win32 binary (works well in wine). ****** ADDITIONAL INFORMATION ****** Jan 6 23:24:03 DEBUG[30813] chan_sip.c: Auto destroying call '' Jan 6 23:24:03 NOTICE[30813] sched.c: Attempted to delete nonexistent schedule entry 0! Jan 6 23:24:03 WARNING[30813] chan_sip.c: Trying to destroy "", not found in dialog list?!?! Jan 6 23:24:03 WARNING[30813] chan_sip.c: Huh? Not a SIP header ()? Jan 6 23:24:03 DEBUG[30813] chan_sip.c: Auto destroying call <A5>F<B7>L<C8>' Jan 6 23:24:03 NOTICE[30813] sched.c: Attempted to delete nonexistent schedule entry 0! Jan 6 23:24:03 WARNING[30813] chan_sip.c: Trying to destroy <A5>F<B7>L<C8>", not found in dialog list?!?! Jan 6 23:24:03 DEBUG[30813] chan_sip.c: Stopping retransmission on 'fehv4tkmp5k9hb17jl92@209.208.68.76' of Request 103: Match Found Jan 6 23:24:03 DEBUG[30813] chan_sip.c: Auto destroying call '' | ||
| Comments: | By: paradise (paradise) 2006-01-10 00:29:34.000-0600 see also bug ASTERISK-5755813 there is also some patches there. it seems that this bug is related to subscription and hint system. if you remove all hints from extensions.conf no more crash will occur. By: Olle Johansson (oej) 2006-01-10 00:46:23.000-0600 Please provide a SIP debug of a call that ends like this. Turn on debug and verbosity to 4 and capture together with sip debugging. By: Olle Johansson (oej) 2006-01-10 00:47:11.000-0600 paradise: Why do you think this bug is related to subscriptions? By: paradise (paradise) 2006-01-10 02:20:47.000-0600 when i remove hints no more crash will occur. but when adding them back crashing starts. By: Philip Walls (malverian) 2006-01-10 11:08:08.000-0600 This looks identical to the problem paradise linked to. Sorry for the duplicate. I am getting spammed with call destruction of a bunch of subscription related call IDs right before crash. I can't disable hints here on my production system to confirm that the crashes stop. As it is the crashes occur seemingly at random intervals (sometimes days between, sometimes 2-3 in a day). By: Olle Johansson (oej) 2006-01-24 13:30:14.000-0600 Got access to the machine to debug this By: Olle Johansson (oej) 2006-01-26 01:57:37.000-0600 Malverian: Any more crashes on your machine? By: Ramon Peek-Fares (ramonpeek) 2006-01-27 10:34:05.000-0600 Just to inform you, I have had the same issue several times now. Using Asterisk 1.2.2 stable and I also use Snom phones 320 and 360. Although my believe is it happens due to a login from an Xlite user. Because everytime it happens that user has just logged on. My FULL.log shows: Jan 27 15:45:15 VERBOSE[6283] logger.c: -- Registered SIP '5171' at 192.168.1.253 port 8286 expires 180 Jan 27 15:45:15 DEBUG[6283] chan_sip.c: Stopping retransmission on '190becbe1739cc780c18f8ae20704a70@pbx.trends.nl' of Request 102: Match Found Jan 27 15:45:16 DEBUG[6283] chan_sip.c: Auto destroying call '441eeb6ad83cb753@bGFwdG9wLXJwLnRyZW5kcy5ubA..' Jan 27 15:45:16 DEBUG[6283] chan_sip.c: Auto destroying call 'd854802eeb7ccc08@bGFwdG9wLXJwLnRyZW5kcy5ubA..' Jan 27 15:45:16 DEBUG[6283] chan_sip.c: Auto destroying call '' Jan 27 15:45:16 NOTICE[6283] sched.c: Attempted to delete nonexistent schedule entry 0! ++++ CRASH ++++ Notice the empty '' ??!? By: Serge Vecher (serge-v) 2006-01-27 10:55:41.000-0600 ramonpeek: stable 1.2.2 is outdated. Please test with v.1.2.3. If the problem persists: 1) set debug 4; 2) set verbose 4; 3) sip debug on; 4)capture the full transaction and 5) post log here as an _attachment_. By: Philip Walls (malverian) 2006-01-27 14:18:08.000-0600 oej, Last night I implemented the patch you made into our production server. We haven't had any crashes yet so far. I will keep you posted. By: Philip Walls (malverian) 2006-01-27 14:22:55.000-0600 Also, I haven't tried mgernoth's patch from bug 5813. If we do end up having crashes still, I will try it out. By: Olle Johansson (oej) 2006-01-28 06:52:40.000-0600 Resolved in svn 1.2 and trunk. If there are new problems with this issue, please re-open or contact us in #asterisk-dev on Freenode IRC. Thanks to Malverian for letting me access his system. Revision 8808 of 1.2, Fixed previously in trunk. | ||