| Summary: | ASTERISK-13560: Segfault on call termination when attempting to retransmit a packet that should have not been retried due to network issues | ||
| Reporter: | nick_lewis (nick_lewis) | Labels: | |
| Date Opened: | 2009-02-11 08:39:47.000-0600 | Date Closed: | 2009-03-01 15:57:20.000-0600 |
| Priority: | Critical | Regression? | No |
| Status: | Closed/Complete | Components: | Core/PBX |
| Versions: | Frequency of Occurrence | ||
| Related Issues: | |||
| Environment: | Attachments: | ( 0) 14455.patch ( 1) valgrind.txt | |
| Description: | When a call is terminated there is a segmentation fault. Asterisk branch is 1.6.1 and the revision is 174843. I do not understand the cause but the backtrace is attached ****** ADDITIONAL INFORMATION ****** (gdb) backtrace #0 0x0017f8aa in strcmp () from /lib/ld-linux.so.2 #1 0x001789c7 in _dl_name_match_p () from /lib/ld-linux.so.2 #2 0x00172330 in _dl_map_object () from /lib/ld-linux.so.2 #3 0x0017ba31 in dl_open_worker () from /lib/ld-linux.so.2 #4 0x00177e26 in _dl_catch_error () from /lib/ld-linux.so.2 ASTERISK-1 0x0017b412 in _dl_open () from /lib/ld-linux.so.2 ASTERISK-2 0x002937f2 in do_dlopen () from /lib/libc.so.6 ASTERISK-3 0x00177e26 in _dl_catch_error () from /lib/ld-linux.so.2 ASTERISK-4 0x002939a5 in __libc_dlopen_mode () from /lib/libc.so.6 ASTERISK-5 0x002e5b07 in pthread_cancel_init () from /lib/libpthread.so.0 ASTERISK-6 0x002e5c31 in _Unwind_ForcedUnwind () from /lib/libpthread.so.0 ASTERISK-7 0x002e3701 in __pthread_unwind () from /lib/libpthread.so.0 ASTERISK-8 0x002de3d0 in pthread_exit () from /lib/libpthread.so.0 ASTERISK-9 0x0026a6d4 in pthread_exit () from /lib/libc.so.6 ASTERISK-10 0x08101465 in pbx_thread (data=0x8aa1808) at pbx.c:3999 ASTERISK-11 0x0813fd3b in dummy_start (data=0x8aa22c8) at utils.c:968 ASTERISK-12 0x002dd46b in start_thread () from /lib/libpthread.so.0 ASTERISK-13 0x0025ddbe in clone () from /lib/libc.so.6 (gdb) | ||
| Comments: | By: Tilghman Lesher (tilghman) 2009-02-12 00:32:01.000-0600 This appears to be stack corruption. Could you run this under valgrind, please? By: nick_lewis (nick_lewis) 2009-02-12 04:08:32.000-0600 I do not seem to get the segmentation fault under valgrind but please find the valgrind output attached By: Mark Michelson (mmichelson) 2009-02-12 15:21:57.000-0600 The valgrind output shows that we are attempting to retransmit a packet that should have not been retried due to "serious network trouble." I've improved the error handling in __sip_reliable_xmit with 14455.patch. See if this improves the situation for you. By: nick_lewis (nick_lewis) 2009-02-19 09:40:45.000-0600 putnopvut I have tested asterisk with this patch (without changing any configuration) and I am glad to report that the seg fault does not now occur on call termination. Thanks By: Digium Subversion (svnbot) 2009-03-01 15:45:10.000-0600 Repository: asterisk Revision: 179219 U trunk/channels/chan_sip.c ------------------------------------------------------------------------ r179219 | mmichelson | 2009-03-01 15:45:09 -0600 (Sun, 01 Mar 2009) | 18 lines Properly free memory and remove scheduler entries when a transmission failure occurs. Previously, only the "data" field of the sip_pkt created during __sip_reliable_xmit was freed when XMIT_FAILURE was returned by __sip_xmit. When retrans_pkt was called, this inevitably resulted in the reading and writing of freed memory. XMIT_FAILURE is a condition meaning that we don't want to attempt resending the packet at all. The proper action to take is to remove the scheduler entry we just created, free the packet's data as well as the packet itself, and unlink it from the list of packets on the sip_pvt structure. (closes issue ASTERISK-13560) Reported by: Nick_Lewis Patches: 14455.patch uploaded by mmichelson (license 60) Tested by: Nick_Lewis ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=179219 By: Digium Subversion (svnbot) 2009-03-01 15:47:28.000-0600 Repository: asterisk Revision: 179219 U trunk/channels/chan_sip.c ------------------------------------------------------------------------ r179219 | mmichelson | 2009-03-01 15:45:08 -0600 (Sun, 01 Mar 2009) | 18 lines Properly free memory and remove scheduler entries when a transmission failure occurs. Previously, only the "data" field of the sip_pkt created during __sip_reliable_xmit was freed when XMIT_ERROR was returned by __sip_xmit. When retrans_pkt was called, this inevitably resulted in the reading and writing of freed memory. XMIT_ERROR is a condition meaning that we don't want to attempt resending the packet at all. The proper action to take is to remove the scheduler entry we just created, free the packet's data as well as the packet itself, and unlink it from the list of packets on the sip_pvt structure. (closes issue ASTERISK-13560) Reported by: Nick_Lewis Patches: 14455.patch uploaded by mmichelson (license 60) Tested by: Nick_Lewis ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=179219 By: Digium Subversion (svnbot) 2009-03-01 15:52:41.000-0600 Repository: asterisk Revision: 179220 _U branches/1.6.0/ U branches/1.6.0/channels/chan_sip.c ------------------------------------------------------------------------ r179220 | mmichelson | 2009-03-01 15:52:40 -0600 (Sun, 01 Mar 2009) | 24 lines Merged revisions 179219 via svnmerge from https://origsvn.digium.com/svn/asterisk/trunk ........ r179219 | mmichelson | 2009-03-01 15:45:08 -0600 (Sun, 01 Mar 2009) | 18 lines Properly free memory and remove scheduler entries when a transmission failure occurs. Previously, only the "data" field of the sip_pkt created during __sip_reliable_xmit was freed when XMIT_FAILURE was returned by __sip_xmit. When retrans_pkt was called, this inevitably resulted in the reading and writing of freed memory. XMIT_FAILURE is a condition meaning that we don't want to attempt resending the packet at all. The proper action to take is to remove the scheduler entry we just created, free the packet's data as well as the packet itself, and unlink it from the list of packets on the sip_pvt structure. (closes issue ASTERISK-13560) Reported by: Nick_Lewis Patches: 14455.patch uploaded by mmichelson (license 60) Tested by: Nick_Lewis ........ ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=179220 By: Digium Subversion (svnbot) 2009-03-01 15:57:19.000-0600 Repository: asterisk Revision: 179221 _U branches/1.6.1/ U branches/1.6.1/channels/chan_sip.c ------------------------------------------------------------------------ r179221 | mmichelson | 2009-03-01 15:57:19 -0600 (Sun, 01 Mar 2009) | 24 lines Merged revisions 179219 via svnmerge from https://origsvn.digium.com/svn/asterisk/trunk ........ r179219 | mmichelson | 2009-03-01 15:45:08 -0600 (Sun, 01 Mar 2009) | 18 lines Properly free memory and remove scheduler entries when a transmission failure occurs. Previously, only the "data" field of the sip_pkt created during __sip_reliable_xmit was freed when XMIT_ERROR was returned by __sip_xmit. When retrans_pkt was called, this inevitably resulted in the reading and writing of freed memory. XMIT_ERROR is a condition meaning that we don't want to attempt resending the packet at all. The proper action to take is to remove the scheduler entry we just created, free the packet's data as well as the packet itself, and unlink it from the list of packets on the sip_pvt structure. (closes issue ASTERISK-13560) Reported by: Nick_Lewis Patches: 14455.patch uploaded by mmichelson (license 60) Tested by: Nick_Lewis ........ ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=179221 | ||