[Home]

Summary:ASTERISK-13147: Bug with iax channel (and perhaps IAXmodem) : randomly crashes asterisk
Reporter:ad (ad)Labels:
Date Opened:2008-12-01 03:52:15.000-0600Date Closed:2011-06-07 14:00:38
Priority:CriticalRegression?No
Status:Closed/CompleteComponents:Channels/chan_iax2
Versions:Frequency of
Occurrence
Related
Issues:
Environment:Attachments:
Description:In one of my installations, asterisk randomly craches. This seems to be caused by the chan_iax2 channel that I'm using with iaxmodems peers (used by a hylafax server).

In case of, here is the modem configurations (located on the same machine):

Iaxmodem side

device /dev/tty3955
owner uucp:uucp
mode 660
port 4570
refresh 60
server 127.0.0.1
peername 3955
secret fax3955
cidname <CID_NAME_OF_MODEM>
cidnumber <CID_NUMBER_OF_MODEM>
codec alaw

Asterisk side (iax.conf)

[3955]
type=friend
username=3955
secret=fax3955
qualify=yes
host=dynamic
port=4570
transfer=no
context=<DEFAULT_CONTEXT_USED>
disallow=all
allow=alaw

I've not recompiled asterisk with "optimisations disabled" for the core dump trace, because it is a production system, but if it should be necessary, I'll do it.

OS : Centos 5.1

****** ADDITIONAL INFORMATION ******

Core was generated by `/usr/sbin/asterisk -f -U asterisk -G asterisk -vvvg -c'.
Program terminated with signal 11, Segmentation fault.
#0  __find_callno (callno=1559, dcallno=8619, sin=0xb7a5b260, new=0, sockfd=17,
   return_locked=0, check_dcallno=1) at chan_iax2.c:1249
1249            if (!pvt->peercallno) {
(gdb) bt full
#0  __find_callno (callno=1559, dcallno=8619, sin=0xb7a5b260, new=0, sockfd=17,
   return_locked=0, check_dcallno=1) at chan_iax2.c:1249
       start = <value optimized out>
       res = 8619
       x = <value optimized out>
       host = "\000\000\000\000\030\006\000\000 ¶û\b\000\000\000\000\000\000\000\000\033\004\001\001¨¶û\bжû\b\001\000\000\000X\213¥·?\006\a\b¨¶û\b\v\000\000\000\200\003\a\bжû\bÐûÿ\bq\223|\000;\000\000\000pv\003\001\000\000\000"
       __PRETTY_FUNCTION__ = "__find_callno"
#1  0x0102176e in socket_process (thread=0x900bb50) at chan_iax2.c:1685
       check_dcallno = <value optimized out>
       sin = {sin_family = 2, sin_port = 56081, sin_addr = {s_addr = 16777343},
 sin_zero = "\000\000\000\000\000\000\000"}
       res = 12
       updatehistory = <value optimized out>
       new = 0
       ptr = <value optimized out>
       dcallno = 8619
       fh = <value optimized out>
       mth = <value optimized out>
       cur = <value optimized out>
       f = {frametype = AST_FRAME_IAX, subclass = 4, datalen = 0, samples = 0, mallocd = 0,
 mallocd_hdr_len = 0, offset = 0, src = 0x0, data = 0x0, delivery = {tv_sec = 0, tv_usec = 0},
 frame_list = {next = 0x0}, flags = 0, ts = 0, len = 0, seqno = 0}
       c = <value optimized out>
       dp = <value optimized out>
       tpeer = <value optimized out>
       ies = {called_number = 0x0, calling_number = 0x0, calling_ani = 0x0,
 calling_name = 0x0, calling_ton = -1, calling_tns = -1, calling_pres = -1,
 called_context = 0x0, username = 0x0, password = 0x0, capability = 0, format = 0,
 codec_prefs = 0x0, language = 0x0, version = 0, adsicpe = 0, dnid = 0x0, rdnis = 0x0,
 authmethods = 0, encmethods = 0, challenge = 0x0, md5_result = 0x0, rsa_result = 0x0,
 apparent_addr = 0x0, refresh = 0, dpstatus = 0, callno = 0, cause = 0x0, causecode = 0 '\0',
 iax_unknown = 0 '\0', msgcount = -1, autoanswer = 0, musiconhold = 0, transferid = 0,
 datetime = 0, devicetype = 0x0, serviceident = 0x0, firmwarever = -1, fwdesc = 0,
 fwdata = 0x0, fwdatalen = 0 '\0', enckey = 0x0, enckeylen = 0 '\0', provver = 0,
 samprate = 1, provverpres = 0, rr_jitter = 0, rr_loss = 0, rr_pkts = 1, rr_delay = 40,
 rr_dropped = 0, rr_ooo = 0}
       ied0 = {
 buf = '\0' <repeats 820 times>, "À#w\000\000\000\000\000À#w\000\020\000P·\025\000\000\0004\000P·4\000P·\000\000\000\000@\000P·\030", '\0' <repeats 19 times>, "»\\k\000ôÏx\000\020\000P·<\005\000\000ܪ¥·Áyk", '\0' <repeats 13 times>, "Áyk", '\0' <repeats 13 times>, "Áyk\000ð\000P·Çª¥·H\004P·H\000P·@\000P·×ª¥·H\000P·\000\000\000\000\n\000\000\000M\004\000IÊ;\t\000M\004\000IÐ7\000\t\000\000\000\000M\004\000I誥·Æ\022\017\bÀª¥·M\004\000IÊ;\t\000\n\000\000\000\000\000\000\000\036Ú|", pos = 10000}
       ied1 = {buf = '\0' <repeats 1023 times>, pos = 0}
---Type <return> to continue, or q <return> to quit---
       format = <value optimized out>
       fd = 17
       exists = <value optimized out>
       minivid = 0
       empty = '\0' <repeats 31 times>
       duped_fr = <value optimized out>
       host_pref_buf = '\0' <repeats 127 times>
       caller_pref_buf = '\0' <repeats 92 times>, "Oct 23 04:53:13", '\0' <repeats 20 times>
       pref = {order = "Ë;\t\000M\004\000Iø$\000\t\000\000\000\000aqk\000x±¥·Æ\022\017\bP±¥·",
 framing = "M\004\000IË;\t\000\004\000\000\000\000\000\000\000\200û\001\000xì\001\000\\Bw\000\004\000\000"}
       using_prefs = <value optimized out>
       __PRETTY_FUNCTION__ = "socket_process"
#2  0x0102b3e9 in iax2_process_thread (data=0x900bb50) at chan_iax2.c:8660
       curelm = <value optimized out>
       __cancel_buf = {__cancel_jmp_buf = {{__cancel_jmp_buf = {17004144, 0, -1213875312,
       -1213877400, -665463723, 1861404996}, __mask_was_saved = 0}}, __pad = {0xb7a5b390, 0x0,
   0xb7a5bb90, 0xb7a5b368}}
       not_first_call = <value optimized out>
       thread = (struct iax2_thread *) 0x900bb50
       ts = {tv_sec = 0, tv_nsec = 1}
       put_into_idle = <value optimized out>
#3  0x080fe1cb in dummy_start (data=0x9001a40) at utils.c:912
       __cancel_buf = {__cancel_jmp_buf = {{__cancel_jmp_buf = {151000672, 0, -1213875312,
       -1213877304, -665463403, 1744799569}, __mask_was_saved = 0}}, __pad = {0xb7a5b480, 0x0,
   0x0, 0x0}}
       __cancel_arg = (void *) 0xb7a5bb90
       not_first_call = <value optimized out>
       ret = <value optimized out>
#4  0x007c743b in start_thread () from /lib/libpthread.so.0
No symbol table info available.
ASTERISK-1  0x0071efde in clone () from /lib/libc.so.6
No symbol table info available.
Comments:By: ad (ad) 2008-12-02 04:17:13.000-0600

Noticed that crash happens after IAXModem peer becomes unreachable then reachable (curious for a localhost peer)... I've put qualify=no and the problem seems to be temporarily solved, but it doesn't explain why the module crashes asterisk.
By: Tilghman Lesher (tilghman) 2008-12-04 13:25:23.000-0600

To figure this out, you're going to need to follow the instructions in doc/valgrind.txt.
By: Tilghman Lesher (tilghman) 2008-12-04 13:30:28.000-0600

The issue is specifically that the structure is locked in memory and this should not cause a crash.  The only way for this to crash is if something freed the structure without holding the lock (or memory was corrupted).  In either case, valgrind is necessary to track this down.
By: Leif Madsen (lmadsen) 2009-02-02 16:35:31.000-0600

Pinging the reporter. We need to see the valgrind output, or this issue will be suspended until the required information is available. Thanks!
By: Joshua C. Colp (jcolp) 2009-02-25 11:02:27.000-0600

Suspended since the reporter is now unresponsive. If you can provide the information feel free to reopen.