Summary: | ASTERISK-15997: [patch] Segmentation fault with unanswered inbound call via chan_ooh323 | ||
Reporter: | jin (jin) | Labels: | |
Date Opened: | 2010-04-21 16:39:21 | Date Closed: | 2010-06-21 09:07:04 |
Priority: | Critical | Regression? | No |
Status: | Closed/Complete | Components: | Addons/chan_ooh323 |
Versions: | Frequency of Occurrence | ||
Related Issues: | |||
Environment: | Attachments: | ( 0) 1-ooh323-normal-hangup.txt ( 1) 2-asterisk-normal-hangup.txt ( 2) 3-ooh323-crash-hangup.txt ( 3) 4-asterisk-crash-hangup.txt ( 4) 5-asterisk-crash-gdb-backtrace.txt ( 5) 6-asterisk-crash-gdb-backtrace.txt ( 6) bug17227.patch | |
Description: | If i configure a sip phone to hangup a call after 30 seconds of ring time from a inbound call, the chan_ooh323 module crash and asterisk segfault... tested using grandstream gxw-4024 gateway and linksys spa921 phone. attached 4 logs: the phone is configured to hangup after 60 seconds: 1-ooh323-normal-hangup.txt 2-asterisk-normal-hangup.txt the phone is configured to hangup after 30 seconds: 3-ooh323-crash-hangup.txt 4-asterisk-crash-hangup.txt asterisk seem to crash only when the cause of hangup is: 22:01:35:395 Cleaning Call (incoming, ooh323c_2)- reason:OO_REASON_LOCAL_CONGESTED if the cause of hangup is the following, asterisk doesn't crash: 21:57:45:129 Cleaning Call (incoming, ooh323c_1)- reason:OO_REASON_REMOTE_CLEARED so, if the phone doesn't hangup the call before 60 seconds of ring time, asterisk doesn't crash. actual work around: configure all phones to hangup after 60 secs of rings outgoing calls doesn't have any problems. ****** ADDITIONAL INFORMATION ****** this bug is verified using asterisk 1.6.2.6 rpms from digium centos reposistory, tested also i386 and x86_64 versions and made self compiled srpms too. operating system: Linux pbx3.xxxxx.lan 2.6.18-164.15.1.el5 #1 SMP Wed Mar 17 11:30:06 EDT 2010 x86_64 x86_64 x86_64 GNU/Linux ooh323 configuration: Objective Open H.323 Channel Driver's Config: IP:Port: 192.168.6.10:1720 FastStart yes Tunneling yes CallerId 9094 MediaWaitForConnect yes Gatekeeper: 10.22.33.44 H.323 LogFile: /var/log/asterisk/h323_log Context: from-trunk Capability: 0x4 (ulaw) DTMF Mode: rfc2833 AccountCode: ast_h323 AMA flags: Unknown Aliases: 12345678250 9094 | ||
Comments: | By: Alexander Anikin (may213) 2010-04-22 17:59:35 Hi, there are few things. Asterisk crash after hangup h323 channel initiated from local side of asterisk, this crash don't have relation to SIP things. It's possible that asterisk crash after hangup with congestion. You can do test. I see you use FreePBX or like environment, so please set dialing timeout to 30 sec in sip extension config in asterisk then try to call it from h323 and wait for hangup. H323 Call must hangup without congestion but from local side. If asterisk will not crash then reason is in congestion and if it will crash reason is in local side hangup. Also please attach gdb backtrace log from asterisk core after crash. By: jin (jin) 2010-04-23 10:35:25 Hi, i confirm that the this crash happend only on "Everyone is busy/congested at this time" message, if asterisk after 30 secs of ringing terminate the call, asterisk doesn't crash. So the bug is not in the local side hangup. attached gdb backtrace. Best regards and many thanks for looking up in this bug By: jin (jin) 2010-04-28 17:07:22 Today I tested ooh323 of asterisk-addons-1.4.11 and asterisk-1.4.30, and the crash doesn't happens, so this bug is related to asterisk 1.6.x (tested 1.6.0 and 1.6.1 branches) only. Best regards By: jin (jin) 2010-05-13 04:08:38 any news about this bug? do you need other infos? best regards By: Alexander Anikin (may213) 2010-05-23 13:19:34 Hi, I can't seek any troubles in ooh323 codes related to this bug. Can you recompile 1.6 version with MALLOC_DEBUG flags and see on /var/log/asterisk/mmlog messages? And can you test with trunk version? By: jin (jin) 2010-06-01 12:36:34 Just recompiled asterisk 1.6.2.7 and asterisk addons-1.6.2.1 with the following compile flags MENUSELECT_CFLAGS=DONT_OPTIMIZE DEBUG_THREADS LOADABLE_MODULES MALLOC_DEBUG attached the new backstrace 6-asterisk-crash-gdb-backtrace.txt into /var/log/asterisk/mmlog I see only: 1275413189 - New session 1275413251 - New session first possible I'try the trunk version of asterisk and asterisk-addons, however the backtrace now is more verbose: Core was generated by `/usr/sbin/asterisk -f -vvvg -c'. Program terminated with signal 11, Segmentation fault. #0 0x00002aaab2294c06 in asn1PD_H225CryptoH323Token_cryptoGKPwdHash () from /usr/lib/asterisk/modules/chan_ooh323.so (gdb) bt #0 0x00002aaab2294c06 in asn1PD_H225CryptoH323Token_cryptoGKPwdHash () from /usr/lib/asterisk/modules/chan_ooh323.so #1 0x00002aaab2297ca8 in ?? () from /usr/lib/asterisk/modules/chan_ooh323.so #2 0x000000000046a6e9 in __ast_read (chan=0x1c5fbcb8, dropaudio=0) at channel.c:2802 #3 0x000000000046c1e8 in ast_read (chan=0x1c5fbcb8) at channel.c:3102 #4 0x0000000000465f79 in ast_safe_sleep_conditional (chan=0x1c5fbcb8, ms=3, cond=0, data=0x0) at channel.c:1349 ASTERISK-1 0x0000000000465fdf in ast_safe_sleep (chan=0x1c5fbcb8, ms=10000) at channel.c:1369 ASTERISK-2 0x0000000000509a23 in wait_for_hangup (chan=0x1c5fbcb8, data=0x405381d0) at pbx.c:8433 ASTERISK-3 0x0000000000509b7d in pbx_builtin_congestion (chan=0x1c5fbcb8, data=0x405381d0) at pbx.c:8497 ASTERISK-4 0x00000000004ef04f in pbx_exec (c=0x1c5fbcb8, app=0x1c470ca8, data=0x405381d0) at pbx.c:1348 ASTERISK-5 0x00000000004f90a8 in pbx_extension_helper (c=0x1c5fbcb8, con=0x0, context=0x1c5fcc30 "macro-exten-vm", exten=0x1c5fcc80 "s-CONGESTION", priority=4, label=0x0, callerid=0x1c5679d8 "0575250438", action=E_SPAWN, found=0x4053abf4, combined_find_spawn=1) at pbx.c:3711 ASTERISK-6 0x00000000004fa894 in ast_spawn_extension (c=0x1c5fbcb8, context=0x1c5fcc30 "macro-exten-vm", exten=0x1c5fcc80 "s-CONGESTION", priority=4, callerid=0x1c5679d8 "0575250438", found=0x4053abf4, combined_find_spawn=1) at pbx.c:4170 ASTERISK-7 0x00002aaac96b7c8e in _macro_exec (chan=0x1c5fbcb8, data=0x4053d8a0, exclusive=0) at app_macro.c:398 ASTERISK-8 0x00002aaac96b9804 in macro_exec (chan=0x1c5fbcb8, data=0x4053d8a0) at app_macro.c:561 ASTERISK-9 0x00000000004ef04f in pbx_exec (c=0x1c5fbcb8, app=0x1c394398, data=0x4053d8a0) at pbx.c:1348 ASTERISK-10 0x00000000004f90a8 in pbx_extension_helper (c=0x1c5fbcb8, con=0x0, context=0x1c5fcc30 "macro-exten-vm", exten=0x1c5fcc80 "s-CONGESTION", priority=1, label=0x0, callerid=0x1c5679d8 "0575250438", action=E_SPAWN, found=0x4053ffa4, combined_find_spawn=1) at pbx.c:3711 ASTERISK-11 0x00000000004fa894 in ast_spawn_extension (c=0x1c5fbcb8, context=0x1c5fcc30 "macro-exten-vm", exten=0x1c5fcc80 "s-CONGESTION", priority=1, callerid=0x1c5679d8 "0575250438", found=0x4053ffa4, combined_find_spawn=1) at pbx.c:4170 ASTERISK-12 0x00000000004fb03c in __ast_pbx_run (c=0x1c5fbcb8, args=0x0) at pbx.c:4264 ASTERISK-13 0x00000000004fc63c in pbx_thread (data=0x1c5fbcb8) at pbx.c:4551 ASTERISK-14 0x000000000056160a in dummy_start (data=0x1c56ba88) at utils.c:968 ASTERISK-15 0x000000328920673d in start_thread () from /lib64/libpthread.so.0 ASTERISK-16 0x00000032886d3d1d in clone () from /lib64/libc.so.6 Best regards By: Alexander Anikin (may213) 2010-06-06 15:03:52 Hi, please try attached patch, i think it'll solve trouble. By: jin (jin) 2010-06-07 04:04:42 Great! I've done many calls and asterisk never crashed! please include the patch upstream. Thank you very much! Best regards By: Digium Subversion (svnbot) 2010-06-07 15:12:54 Repository: asterisk-addons Revision: 1115 U branches/1.6.0/channels/chan_ooh323.c ------------------------------------------------------------------------ r1115 | may | 2010-06-07 15:12:53 -0500 (Mon, 07 Jun 2010) | 13 lines don't read rtp data from channel without private structure In some cases asterisk channel can exist but on protocol stack side channel can be closed and we must return null frame in reading data functions instead of reading data from destroyed channel (issue ASTERISK-15997) Reported by: jin Patches: bug17227.patch uploaded by may213 (license 454) Tested by: jin ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk-addons?view=rev&revision=1115 By: Digium Subversion (svnbot) 2010-06-07 15:14:10 Repository: asterisk-addons Revision: 1116 U branches/1.6.1/channels/chan_ooh323.c ------------------------------------------------------------------------ r1116 | may | 2010-06-07 15:14:10 -0500 (Mon, 07 Jun 2010) | 14 lines don't read rtp data from channel without private structure In some cases asterisk channel can exist but on protocol stack side channel can be closed and we must return null frame in reading data functions instead of reading data from destroyed channel (issue ASTERISK-15997) Reported by: jin Patches: bug17227.patch uploaded by may213 (license 454) Tested by: jin ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk-addons?view=rev&revision=1116 By: Digium Subversion (svnbot) 2010-06-07 15:15:08 Repository: asterisk-addons Revision: 1117 U branches/1.6.2/channels/chan_ooh323.c ------------------------------------------------------------------------ r1117 | may | 2010-06-07 15:15:08 -0500 (Mon, 07 Jun 2010) | 15 lines don't read rtp data from channel without private structure In some cases asterisk channel can exist but on protocol stack side channel can be closed and we must return null frame in reading data functions instead of reading data from destroyed channel (closes issue ASTERISK-15997) Reported by: jin Patches: bug17227.patch uploaded by may213 (license 454) Tested by: jin ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk-addons?view=rev&revision=1117 |