Summary: | ASTERISK-13147: Bug with iax channel (and perhaps IAXmodem) : randomly crashes asterisk | ||
Reporter: | ad (ad) | Labels: | |
Date Opened: | 2008-12-01 03:52:15.000-0600 | Date Closed: | 2011-06-07 14:00:38 |
Priority: | Critical | Regression? | No |
Status: | Closed/Complete | Components: | Channels/chan_iax2 |
Versions: | Frequency of Occurrence | ||
Related Issues: | |||
Environment: | Attachments: | ||
Description: | In one of my installations, asterisk randomly craches. This seems to be caused by the chan_iax2 channel that I'm using with iaxmodems peers (used by a hylafax server). In case of, here is the modem configurations (located on the same machine): Iaxmodem side device /dev/tty3955 owner uucp:uucp mode 660 port 4570 refresh 60 server 127.0.0.1 peername 3955 secret fax3955 cidname <CID_NAME_OF_MODEM> cidnumber <CID_NUMBER_OF_MODEM> codec alaw Asterisk side (iax.conf) [3955] type=friend username=3955 secret=fax3955 qualify=yes host=dynamic port=4570 transfer=no context=<DEFAULT_CONTEXT_USED> disallow=all allow=alaw I've not recompiled asterisk with "optimisations disabled" for the core dump trace, because it is a production system, but if it should be necessary, I'll do it. OS : Centos 5.1 ****** ADDITIONAL INFORMATION ****** Core was generated by `/usr/sbin/asterisk -f -U asterisk -G asterisk -vvvg -c'. Program terminated with signal 11, Segmentation fault. #0 __find_callno (callno=1559, dcallno=8619, sin=0xb7a5b260, new=0, sockfd=17, return_locked=0, check_dcallno=1) at chan_iax2.c:1249 1249 if (!pvt->peercallno) { (gdb) bt full #0 __find_callno (callno=1559, dcallno=8619, sin=0xb7a5b260, new=0, sockfd=17, return_locked=0, check_dcallno=1) at chan_iax2.c:1249 start = <value optimized out> res = 8619 x = <value optimized out> host = "\000\000\000\000\030\006\000\000 ¶û\b\000\000\000\000\000\000\000\000\033\004\001\001¨¶û\bжû\b\001\000\000\000X\213¥·?\006\a\b¨¶û\b\v\000\000\000\200\003\a\bжû\bÐûÿ\bq\223|\000;\000\000\000pv\003\001\000\000\000" __PRETTY_FUNCTION__ = "__find_callno" #1 0x0102176e in socket_process (thread=0x900bb50) at chan_iax2.c:1685 check_dcallno = <value optimized out> sin = {sin_family = 2, sin_port = 56081, sin_addr = {s_addr = 16777343}, sin_zero = "\000\000\000\000\000\000\000"} res = 12 updatehistory = <value optimized out> new = 0 ptr = <value optimized out> dcallno = 8619 fh = <value optimized out> mth = <value optimized out> cur = <value optimized out> f = {frametype = AST_FRAME_IAX, subclass = 4, datalen = 0, samples = 0, mallocd = 0, mallocd_hdr_len = 0, offset = 0, src = 0x0, data = 0x0, delivery = {tv_sec = 0, tv_usec = 0}, frame_list = {next = 0x0}, flags = 0, ts = 0, len = 0, seqno = 0} c = <value optimized out> dp = <value optimized out> tpeer = <value optimized out> ies = {called_number = 0x0, calling_number = 0x0, calling_ani = 0x0, calling_name = 0x0, calling_ton = -1, calling_tns = -1, calling_pres = -1, called_context = 0x0, username = 0x0, password = 0x0, capability = 0, format = 0, codec_prefs = 0x0, language = 0x0, version = 0, adsicpe = 0, dnid = 0x0, rdnis = 0x0, authmethods = 0, encmethods = 0, challenge = 0x0, md5_result = 0x0, rsa_result = 0x0, apparent_addr = 0x0, refresh = 0, dpstatus = 0, callno = 0, cause = 0x0, causecode = 0 '\0', iax_unknown = 0 '\0', msgcount = -1, autoanswer = 0, musiconhold = 0, transferid = 0, datetime = 0, devicetype = 0x0, serviceident = 0x0, firmwarever = -1, fwdesc = 0, fwdata = 0x0, fwdatalen = 0 '\0', enckey = 0x0, enckeylen = 0 '\0', provver = 0, samprate = 1, provverpres = 0, rr_jitter = 0, rr_loss = 0, rr_pkts = 1, rr_delay = 40, rr_dropped = 0, rr_ooo = 0} ied0 = { buf = '\0' <repeats 820 times>, "À#w\000\000\000\000\000À#w\000\020\000P·\025\000\000\0004\000P·4\000P·\000\000\000\000@\000P·\030", '\0' <repeats 19 times>, "»\\k\000ôÏx\000\020\000P·<\005\000\000ܪ¥·Áyk", '\0' <repeats 13 times>, "Áyk", '\0' <repeats 13 times>, "Áyk\000ð\000P·Çª¥·H\004P·H\000P·@\000P·×ª¥·H\000P·\000\000\000\000\n\000\000\000M\004\000IÊ;\t\000M\004\000IÐ7\000\t\000\000\000\000M\004\000I誥·Æ\022\017\bÀª¥·M\004\000IÊ;\t\000\n\000\000\000\000\000\000\000\036Ú|", pos = 10000} ied1 = {buf = '\0' <repeats 1023 times>, pos = 0} ---Type <return> to continue, or q <return> to quit--- format = <value optimized out> fd = 17 exists = <value optimized out> minivid = 0 empty = '\0' <repeats 31 times> duped_fr = <value optimized out> host_pref_buf = '\0' <repeats 127 times> caller_pref_buf = '\0' <repeats 92 times>, "Oct 23 04:53:13", '\0' <repeats 20 times> pref = {order = "Ë;\t\000M\004\000Iø$\000\t\000\000\000\000aqk\000x±¥·Æ\022\017\bP±¥·", framing = "M\004\000IË;\t\000\004\000\000\000\000\000\000\000\200û\001\000xì\001\000\\Bw\000\004\000\000"} using_prefs = <value optimized out> __PRETTY_FUNCTION__ = "socket_process" #2 0x0102b3e9 in iax2_process_thread (data=0x900bb50) at chan_iax2.c:8660 curelm = <value optimized out> __cancel_buf = {__cancel_jmp_buf = {{__cancel_jmp_buf = {17004144, 0, -1213875312, -1213877400, -665463723, 1861404996}, __mask_was_saved = 0}}, __pad = {0xb7a5b390, 0x0, 0xb7a5bb90, 0xb7a5b368}} not_first_call = <value optimized out> thread = (struct iax2_thread *) 0x900bb50 ts = {tv_sec = 0, tv_nsec = 1} put_into_idle = <value optimized out> #3 0x080fe1cb in dummy_start (data=0x9001a40) at utils.c:912 __cancel_buf = {__cancel_jmp_buf = {{__cancel_jmp_buf = {151000672, 0, -1213875312, -1213877304, -665463403, 1744799569}, __mask_was_saved = 0}}, __pad = {0xb7a5b480, 0x0, 0x0, 0x0}} __cancel_arg = (void *) 0xb7a5bb90 not_first_call = <value optimized out> ret = <value optimized out> #4 0x007c743b in start_thread () from /lib/libpthread.so.0 No symbol table info available. ASTERISK-1 0x0071efde in clone () from /lib/libc.so.6 No symbol table info available. | ||
Comments: | By: ad (ad) 2008-12-02 04:17:13.000-0600 Noticed that crash happens after IAXModem peer becomes unreachable then reachable (curious for a localhost peer)... I've put qualify=no and the problem seems to be temporarily solved, but it doesn't explain why the module crashes asterisk. By: Tilghman Lesher (tilghman) 2008-12-04 13:25:23.000-0600 To figure this out, you're going to need to follow the instructions in doc/valgrind.txt. By: Tilghman Lesher (tilghman) 2008-12-04 13:30:28.000-0600 The issue is specifically that the structure is locked in memory and this should not cause a crash. The only way for this to crash is if something freed the structure without holding the lock (or memory was corrupted). In either case, valgrind is necessary to track this down. By: Leif Madsen (lmadsen) 2009-02-02 16:35:31.000-0600 Pinging the reporter. We need to see the valgrind output, or this issue will be suspended until the required information is available. Thanks! By: Joshua C. Colp (jcolp) 2009-02-25 11:02:27.000-0600 Suspended since the reporter is now unresponsive. If you can provide the information feel free to reopen. |