| Summary: | ASTERISK-06193: Bus error on Sparc in socket_read at chan_iax2.c:5280 on asterisk 1.2.1 | ||
| Reporter: | Geoffroy Doucet (gdoucet) | Labels: | |
| Date Opened: | 2006-01-25 18:09:56.000-0600 | Date Closed: | 2006-03-28 13:50:49.000-0600 |
| Priority: | Critical | Regression? | No |
| Status: | Closed/Complete | Components: | Core/General |
| Versions: | Frequency of Occurrence | ||
| Related Issues: | |||
| Environment: | Attachments: | ||
| Description: | Bus error on Sparc Solaris in socket_read with asterisk 1.2.1. Here is the full backtrace: (gdb) bt full #0 socket_read (id=0x400, fd=16, events=1024, cbdata=0x14) at chan_iax2.c:5280 newip = '\0' <repeats 255 times> ied = {buf = '\0' <repeats 1023 times>, pos = 0} new = {sin_family = 0, sin_port = 0, sin_addr = {S_un = {S_un_b = {s_b1 = 0 '\0', s_b2 = 0 '\0', s_b3 = 0 '\0', s_b4 = 0 '\0'}, S_un_w = {s_w1 = 0, s_w2 = 0}, S_addr = 0}}, sin_zero = "\000\000\000\000\000\000\000"} sin = {sin_family = 2, sin_port = 4569, sin_addr = {S_un = {S_un_b = {s_b1 = 192 'À', s_b2 = 246 'ö', s_b3 = 69 'E', s_b4 = 186 'º'}, S_un_w = {s_w1 = 49398, s_w2 = 17850}, S_addr = 3237365178}}, sin_zero = "\000\000\000\000\000\000\000"} res = 40 updatehistory = 0 new = -25764376 buf = "\203+\000\005\000\000'ø\006\003\006\026\000\020\002\000\021Ù\030%\217m\000\000\000\000\000\000\000\000\000\002\000\001\000\0044àÈ\236\000e0f828cd02c257e\000y2\000\f000364000c07\000\004DÆË\221", '\0' <repeats 2345 times>, "þvû¨þç\200\000þä\020", '\0' <repeats 21 times>, "þvû¨\000\000\000\000þvû¨þvû¨\000\000\000\000\000\000\000\000þvúHþåø\200", '\0' <repeats 33 times>, "\bP\003", '\0' <repeats 15 times>, "/\000\000\000\000\000\bP\003", '\0' <repeats 12 times>, "þs\000\000\000\004\000\000\000\000\000\000\000\000\000\000"... ptr = (void *) 0x400 len = 16 dcallno = 1024 fh = (struct ast_iax2_full_hdr *) 0xffffb410 mth = (struct ast_iax2_meta_trunk_hdr *) 0xff379400 mte = (struct ast_iax2_meta_trunk_entry *) 0xff379400 mtm = (struct ast_iax2_meta_trunk_mini *) 0xff379400 dblbuf = '\0' <repeats 1848 times>, "þvéhþç\200\000þä\020", '\0' <repeats 21 times>, "þvéh\000\000\000\000þvéhþvéh\000\000\000\000\000\000\000\000þvè\bþåø\200", '\0' <repeats 33 times>, "\bP\003", '\0' <repeats 15 times>, "/\000\000\000\000\000\bP\003", '\0' <repeats 12 times>, "þs\000\000\000\004\000\000\000\000\000\000\000\000\000\000þ\200\020\001ÿ\tø\034ÿ\tø \000\000\000\000\000\000\000£", '\0' <repeats 20 times>, "þä\020\000\000\000\000\000\000\000\000\025þ\204. \000\000\020\000\000\000\000\f\000\000\aÄþvì þ\200ïÄ\000\000\000\000\022\020\000\002ðÉFR\f"... fr = {sockfd = 0, callno = 5, dcallno = 0, data = 0x0, datalen = 0, retries = 0, ts = 10232, retrytime = 0, outoforder = 0, sentyet = 0, oseqno = 6, iseqno = 3, transfer = 0, final = 0, direction = 0, retrans = 0, next = 0x0, prev = 0x0, af = {frametype = 4, subclass = 4, datalen = 0, samples = 0, mallocd = 0, offset = 64, src = 0xfe82a018 "r device %s\n", data = 0xfe76de9c, delivery = {tv_sec = 0, tv_usec = 0}, prev = 0x0, next = 0x0}, unused = '\0' <repeats 63 times>, afdata = 0xfe76de9c ""} cur = (struct iax_frame *) 0xfe76b2c0 iabuf = '\0' <repeats 15 times> f = {frametype = 6, subclass = 22, datalen = 28, samples = 0, mallocd = 0, offset = 0, src = 0xfe82a018 "r device %s\n", data = 0x0, delivery = {tv_sec = 0, tv_usec = 0}, prev = 0x0, next = 0x0} c = (struct ast_channel *) 0xfe76b2c0 dp = (struct iax2_dpcache *) 0xfe76dcd8 tpeer = (struct iax2_trunk_peer *) 0xfe76b2c0 rxtrunktime = {tv_sec = 0, tv_usec = 0} ies = {called_number = 0x0, calling_number = 0x0, calling_ani = 0x0, calling_name = 0x0, calling_ton = -1, calling_tns = -1, calling_pres = -1, called_context = 0x0, username = 0x0, password = 0x0, capability = 0, format = 0, codec_prefs = 0x0, language = 0x0, version = 0, adsicpe = 0, dnid = 0x0, rdnis = 0x0, authmethods = 0, encmethods = 0, challenge = 0x0, md5_result = 0x0, rsa_result = 0x0, apparent_addr = 0xfe76eeae, refresh = 0, dpstatus = 0, callno = 1, cause = 0x0, causecode = 0 '\0', iax_unknown = 0 '\0', msgcount = -1, autoanswer = 0, musiconhold = 0, transferid = 887146654, datetime = 0, devicetype = 0x0, serviceident = 0x0, firmwarever = -1, fwdesc = 0, fwdata = 0x0, fwdatalen = 0 '\0', enckey = 0x0, enckeylen = 0 '\0', provver = 0, samprate = 1, provverpres = 0, rr_jitter = 0, rr_loss = 0, rr_pkts = 0, rr_delay = 0, rr_dropped = 0, rr_ooo = 0} ied0 = {buf = '\0' <repeats 1023 times>, pos = 0} ied1 = {buf = '\0' <repeats 1023 times>, pos = 0} format = -19440 exists = -25775424 minivid = -8664 ts = 0 empty = '\0' <repeats 31 times> host_pref_buf = '\0' <repeats 127 times> caller_pref_buf = '\0' <repeats 127 times> pref = {order = '\0' <repeats 31 times>} rpref = {order = '\0' <repeats 31 times>} using_prefs = 0xfe76fea0 "" sin = {sin_family = 2, sin_port = 4569, sin_addr = {S_un = {S_un_b = {s_b1 = 192 'À', s_b2 = 246 'ö', s_b3 = 69 'E', s_b4 = 186 'º'}, S_un_w = {s_w1 = 49398, s_w2 = 17850}, S_addr = 3237365178}}, sin_zero = "\000\000\000\000\000\000\000"} res = 40 updatehistory = 0 buf = "\203+\000\005\000\000'ø\006\003\006\026\000\020\002\000\021Ù\030%\217m\000\000\000\000\000\000\000\000\000\002\000\001\000\0044àÈ\236\000e0f828cd02c257e\000y2\000\f000364000c07\000\004DÆË\221", '\0' <repeats 2345 times>, "þvû¨þç\200\000þä\020", '\0' <repeats 21 times>, "þvû¨\000\000\000\000þvû¨þvû¨\000\000\000\000\000\000\000\000þvúHþåø\200", '\0' <repeats 33 times>, "\bP\003", '\0' <repeats 15 times>, "/\000\000\000\000\000\bP\003", '\0' <repeats 12 times>, "þs\000\000\000\004\000\000\000\000\000\000\000\000\000\000"... len = 16 dblbuf = '\0' <repeats 1848 times>, "þvéhþç\200\000þä\020", '\0' <repeats 21 times>, "þvéh\000\000\000\000þvéhþvéh\000\000\000\000\000\000\000\000þvè\bþåø\200", '\0' <repeats 33 times>, "\bP\003", '\0' <repeats 15 times>, "/\000\000\000\000\000\bP\003", '\0' <repeats 12 times>, "þs\000\000\000\004\000\000\000\000\000\000\000\000\000\000þ\200\020\001ÿ\tø\034ÿ\tø \000\000\000\000\000\000\000£", '\0' <repeats 20 times>, "þä\020\000\000\000\000\000\000\000\000\025þ\204. \000\000\020\000\000\000\000\f\000\000\aÄþvì þ\200ïÄ\000\000\000\000\022\020\000\002ðÉFR\f"... fr = {sockfd = 0, callno = 5, dcallno = 0, data = 0x0, datalen = 0, retries = 0, ts = 10232, retrytime = 0, outoforder = 0, sentyet = 0, oseqno = 6, iseqno = 3, transfer = 0, final = 0, direction = 0, retrans = 0, next = 0x0, prev = 0x0, af = {frametype = 4, subclass = 4, datalen = 0, samples = 0, mallocd = 0, offset = 64, src = 0xfe82a018 "r device %s\n", data = 0xfe76de9c, delivery = {tv_sec = 0, tv_usec = 0}, prev = 0x0, next = 0x0}, unused = '\0' <repeats 63 times>, afdata = 0xfe76de9c ""} iabuf = '\0' <repeats 15 times> f = {frametype = 6, subclass = 22, datalen = 28, samples = 0, mallocd = 0, offset = 0, src = 0xfe82a018 "r device %s\n", data = 0x0, delivery = {tv_sec = 0, tv_usec = 0}, prev = 0x0, next = 0x0} rxtrunktime = {tv_sec = 0, tv_usec = 0} ies = {called_number = 0x0, calling_number = 0x0, calling_ani = 0x0, calling_name = 0x0, calling_ton = -1, calling_tns = -1, calling_pres = -1, called_context = 0x0, username = 0x0, password = 0x0, capability = 0, format = 0, codec_prefs = 0x0, language = 0x0, version = 0, adsicpe = 0, dnid = 0x0, rdnis = 0x0, authmethods = 0, encmethods = 0, challenge = 0x0, md5_result = 0x0, rsa_result = 0x0, apparent_addr = 0xfe76eeae, refresh = 0, dpstatus = 0, callno = 1, cause = 0x0, causecode = 0 '\0', iax_unknown = 0 '\0', msgcount = -1, autoanswer = 0, musiconhold = 0, transferid = 887146654, datetime = 0, devicetype = 0x0, serviceident = 0x0, firmwarever = -1, fwdesc = 0, fwdata = 0x0, fwdatalen = 0 '\0', enckey = 0x0, enckeylen = 0 '\0', provver = 0, samprate = 1, provverpres = 0, rr_jitter = 0, rr_loss = 0, rr_pkts = 0, rr_delay = 0, rr_dropped = 0, rr_ooo = 0} ied0 = {buf = '\0' <repeats 1023 times>, pos = 0} ied1 = {buf = '\0' <repeats 1023 times>, pos = 0} ts = 0 empty = '\0' <repeats 31 times> host_pref_buf = '\0' <repeats 127 times> caller_pref_buf = '\0' <repeats 127 times> pref = {order = '\0' <repeats 31 times>} rpref = {order = '\0' <repeats 31 times>} sin = {sin_family = 2, sin_port = 4569, sin_addr = {S_un = {S_un_b = {s_b1 = 192 'À', s_b2 = 246 'ö', s_b3 = 69 'E', s_b4 = 186 'º'}, S_un_w = {s_w1 = 49398, s_w2 = 17850}, S_addr = 3237365178}}, sin_zero = "\000\000\000\000\000\000\000"} res = 40 updatehistory = 0 buf = "\203+\000\005\000\000'ø\006\003\006\026\000\020\002\000\021Ù\030%\217m\000\000\000\000\000\000\000\000\000\002\000\001\000\0044àÈ\236\000e0f828cd02c257e\000y2\000\f000364000c07\000\004DÆË\221", '\0' <repeats 2345 times>, "þvû¨þç\200\000þä\020", '\0' <repeats 21 times>, "þvû¨\000\000\000\000þvû¨þvû¨\000\000\000\000\000\000\000\000þvúHþåø\200", '\0' <repeats 33 times>, "\bP\003", '\0' <repeats 15 times>, "/\000\000\000\000\000\bP\003", '\0' <repeats 12 times>, "þs\000\000\000\004\000\000\000\000\000\000\000\000\000\000"... len = 16 dblbuf = '\0' <repeats 1848 times>, "þvéhþç\200\000þä\020", '\0' <repeats 21 times>, "þvéh\000\000\000\000þvéhþvéh\000\000\000\000\000\000\000\000þvè\bþåø\200", '\0' <repeats 33 times>, "\bP\003", '\0' <repeats 15 times>, "/\000\000\000\000\000\bP\003", '\0' <repeats 12 times>, "þs\000\000\000\004\000\000\000\000\000\000\000\000\000\000þ\200\020\001ÿ\tø\034ÿ\tø \000\000\000\000\000\000\000£", '\0' <repeats 20 times>, "þä\020\000\000\000\000\000\000\000\000\025þ\204. \000\000\020\000\000\000\000\f\ 000\000\aÄþvì þ\200ïÄ\000\000\000\000\022\020\000\002ðÉFR\f"... fr = {sockfd = 0, callno = 5, dcallno = 0, data = 0x0, datalen = 0, retries = 0, ts = 10232, retrytime = 0, outoforder = 0, sentyet = 0, oseqno = 6, iseqno = 3, transfer = 0, final = 0, direction = 0, retrans = 0, next = 0x0, prev = 0x0, af = {frametype = 4, subclass = 4, datalen = 0, samples = 0, mallocd = 0, offset = 64, src = 0xfe82a018 "r device %s\n", data = 0xfe76de9c, delivery = {tv_sec = 0, tv_usec = 0}, prev = 0x0, next = 0x0}, unused = '\0' <repeats 63 times>, afdata = 0xfe76de9c ""} iabuf = '\0' <repeats 15 times> f = {frametype = 6, subclass = 22, datalen = 28, samples = 0, mallocd = 0, offset = 0, src = 0xfe82a018 "r device %s\n", data = 0x0, delivery = {tv_sec = 0, tv_usec = 0}, prev = 0x0, next = 0x0} rxtrunktime = {tv_sec = 0, tv_usec = 0} ies = {called_number = 0x0, calling_number = 0x0, calling_ani = 0x0, calling_name = 0x0, calling_ton = -1, calling_tns = -1, calling_pres = -1, called_context = 0x0, username = 0x0, password = 0x0, capability = 0, format = 0, codec_prefs = 0x0, language = 0x0, version = 0, adsicpe = 0, dnid = 0x0, rdnis = 0x0, authmethods = 0, encmethods = 0, challenge = 0x0, md5_result = 0x0, rsa_result = 0x0, apparent_addr = 0xfe76eeae, refresh = 0, dpstatus = 0, callno = 1, cause = 0x0, causecode = 0 '\0', iax_unknown = 0 '\0', msgcount = -1, autoanswer = 0, musiconhold = 0, transferid = 887146654, datetime = 0, devicetype = 0x0, serviceident = 0x0, firmwarever = -1, fwdesc = 0, fwdata = 0x0, fwdatalen = 0 '\0', enckey = 0x0, enckeylen = 0 '\0', provver = 0, samprate = 1, provverpres = 0, rr_jitter = 0, rr_loss = 0, rr_pkts = 0, rr_delay = 0, rr_dropped = 0, rr_ooo = 0} ied0 = {buf = '\0' <repeats 1023 times>, pos = 0} ied1 = {buf = '\0' <repeats 1023 times>, pos = 0} ts = 0 empty = '\0' <repeats 31 times> host_pref_buf = '\0' <repeats 127 times> caller_pref_buf = '\0' <repeats 127 times> pref = {order = '\0' <repeats 31 times>} rpref = {order = '\0' <repeats 31 times>} #1 0x0001c900 in ast_io_wait (ioc=0x10e478, howlong=1024) at io.c:284 res = 1 x = 0 origcnt = 1 #2 0xfe81af80 in network_thread (ignore=0x10e478) at chan_iax2.c:7968 res = 1107064 count = 0 f = (struct iax_frame *) 0x0 freeme = (struct iax_frame *) 0xfee41000 It seem that memcpy failed because ies->apparent_addr is not allign (apparent_addr = 0xfe76eeae) and generate a bus error on the SPARC platform. After looking in the code it like this is cause of the problem in iax2-parse.c: 698 case IAX_IE_APPARENT_ADDR: -->699 ies->apparent_addr = ((struct sockaddr_in *)(data + 2)); 700 break; This code only works on CPU that don't need the memory to be allign (i.e.: Intel x86). | ||
| Comments: | By: Olle Johansson (oej) 2006-02-02 01:12:49.000-0600 Anyone that can check this issue? Any updates or workarounds? Patches? /Housekeeping By: Stuart Henderson (stuarth) 2006-02-04 19:34:14.000-0600 I've had a report of this on 1.2.4 on OpenBSD/sparc64, (I couldn't reproduce it myself but from the name of the variable I wonder if it might only happen where nat is involved). Most of the iax2-parser code takes care of alignment (get_unaligned_xx) but not this one. I'm not much of a coder and didn't get my head round it, but http://72.14.207.104/search?q=cache:EvC6PW1SQX8J:www.feyrer.de/PGC/Fighting_the_Lemmings.pdf (the 'pointer casts' section) should point someone in the right direction if they can code but don't know so much about portability/alignment issues. By: Stuart Henderson (stuarth) 2006-02-09 10:42:35.000-0600 See thread http://lists.debian.org/debian-devel/2002/03/msg00111.html: seems some GCC versions with -O2 or higher have some alignment requirements for memcpy. Try bcopy (reverse the order of src+dest compared to memcpy - apparent_addr is ref'd twice in chan_iax2.c, both will need changing), reducing optimization to -O, or different GCC. I haven't had a report whether it fixes the SIGBUS yet, but it doesn't make things any worse (on OpenBSD at least). By: Stuart Henderson (stuarth) 2006-02-09 10:44:13.000-0600 Sorry, mantis parsed trailing : as part of url. Thread is here: http://lists.debian.org/debian-devel/2002/03/msg00111.html By: Stuart Henderson (stuarth) 2006-02-12 16:42:14.000-0600 Using bcopy rather than memcpy seems to fix this on OpenBSD/sparc64. By: Mark Spencer (markster) 2006-02-14 12:43:13.000-0600 is "OpenBSD" defined for openbsd? e.g. is the following okay? +#if (defined(SOLARIS) || defined(OpenBSD)) && defined(__sparc__) + bcopy(ies->apparent_addr, &us, sizeof(new)); +#else memcpy(&us, ies->apparent_addr, sizeof(us)); +#endif By: Stuart Henderson (stuarth) 2006-02-14 13:02:32.000-0600 It's defined, but I'm not sure if this is the best way to solve it - machines other than sparc have strict alignment requirements (in fact, most machines other than i386/amd64: powerpc and sparc are probably going to be the most common, but alpha/arm/hppa etc do too) and I never got it to occur myself on OpenBSD when I tried to replicate it, so it doesn't happen for everyone. gdoucet, if you're reading, what OS are you using? By: Geoffroy Doucet (gdoucet) 2006-03-08 22:08:00.000-0600 I use Solaris 9. Here is the code I used and it work on Solaris: case IAX_IE_APPARENT_ADDR: ies->apparent_addr = malloc(sizeof(struct sockaddr_in)); memcpy(ies->apparent_addr, &data[2],sizeof(struct sockaddr_in)); /* ies->apparent_addr = ((struct sockaddr_in *)(data + 2)); */ break; The only thing I am afraid is to create a memory leak with my malloc. By: Russell Bryant (russell) 2006-03-28 13:50:30.000-0600 this should be fixed in 1.2 and the trunk in revisions 15703 and 15704 I changed the offending memcpy calls to bcopy. Feel free to reopen this issue or open a new one if there is still a problem. Thanks! | ||