ASTERISK-19827: Asterisk crash, whenever mwi => pass:user:authuser@host:port/mailbox is set in sip.conf

[Home]

Summary: ASTERISK-19827: Asterisk crash, whenever mwi => pass:user:authuser@host:port/mailbox is set in sip.conf

Reporter: B. R (kenshin) Labels: Regression

Date Opened: 2012-05-01 16:39:13 Date Closed: 2012-05-22 16:06:06

Priority: Blocker Regression? Yes

Status: Closed/Complete Components: Channels/chan_sip/General

Versions: 10.3.0 10.3.1 Frequency of
Occurrence

Related
Issues:
must be completed before resolving ASTERISK-19901 Asterisk 1.8.13.0 Blockers

must be completed before resolving ASTERISK-19902 Asterisk 10.5.0 Blockers

is caused by ASTERISK-19106 SIP registration fails after temporary dns failure

is related to ASTERISK-16999 [patch] asterisk crash when setting outbound mwi subscription in sip.conf

is related to ASTERISK-19939 Write test for the Asterisk Test Suite to cover subscribing for MWI in chan_sip

Environment: Gentoo Attachments: ( 0) ast_debug.txt

Description: Asterisk crash, whenever mwi => pass:user:authuser@host:port/mailbox is set in sip.conf
the only way to get past it is to enable dsnmgr and use hostnames instead of ip.
To prevent ASTOBJ_UNREF (line 12787 in chan_sip.c) from executing.

The problem seems to come from ASTOBJ_UNREF macro as it expands to this :
{noformat}
ast_dnsmgr_lookup_cb(mwi->hostname, &mwi->us, &mwi->dnsmgr, sip_cfg.srvlookup ? transport : ((void *)0), on_dns_update_mwi, mwi);
if (!mwi->dnsmgr) {
do {
int newcount = 0;
__ast_pthread_mutex_lock("chan_sip.c", 12787, __PRETTY_FUNCTION__, "&(mwi)->_lock", &(mwi)->_lock);
if (__builtin_expect((mwi)->refcount > 0, 1))
newcount = --((mwi)->refcount);
else
ast_log(3, "chan_sip.c", 12787, __PRETTY_FUNCTION__, "Unreferencing unreferenced (object)!\n");
__ast_pthread_mutex_unlock("chan_sip.c", 12787, __PRETTY_FUNCTION__, "&(mwi)->_lock", &(mwi)->_lock);
if (newcount == 0) {
__ast_pthread_mutex_destroy("chan_sip.c", 12787, __PRETTY_FUNCTION__, "&(mwi)->_lock", &(mwi)->_lock);
sip_subscribe_mwi_destroy((mwi));
}
(mwi) = ((void *)0);
} while(0);
{noformat}
Notice that mwi is set to NULL regardless of ref count. that line should be inside the if (newcount == 0) (we relly intend to destroy the object)
I believe this should solve it (didn't test it though) :

[Edit]: inline code contribution removed by Matt Jordan

If you'd like to submit a patch for this problem, that would be appreciated - however, a valid license agreement must be signed and the patch supplied as a unified diff attached to this issue.

Comments: By: B. R (kenshin) 2012-05-01 17:31:45.151-0500

or this : would more (sane ?)

[Edit] - inline code removed by Matt Jordan

Please see my previous comment in the issue description :-)
By: Matt Jordan (mjordan) 2012-05-02 08:19:54.606-0500

If you can, please attach a backtrace[1] generated from the crash. Also, be sure you have DONT_OPTIMIZE enabled in menuselect within the Compiler Flags section, then:

make install

After enabling, reproduce the crash, and then execute the backtrace[1] instructions. When complete, attach that file to this issue report.

[1] https://wiki.asterisk.org/wiki/display/AST/Getting+a+Backtrace

I'm pretty sure you've found the root cause of this problem, but a backtrace never hurts just to make sure.
By: B. R (kenshin) 2012-05-02 18:05:09.726-0500

here's the bt (with debug, value of mwi before and after ASTOBJ_UNREFF )
The previous diffs were by no mean a permanent solution ... just suggestions (if I were to submit a patch I'd attach it instead of putting it in the comment)
By: Terry Wilson (twilson) 2012-05-21 16:14:49.890-0500

Added a patch to reviewboard. Since ASTOBJ_UNREF is behaving as designed, I just did a cheesy patch to fix the two places where we access a variable after it was ASTOBJ_UNREFed by saving the ref to another variable and unreffing that.
By: Terry Wilson (twilson) 2012-05-21 16:15:39.230-0500

Do you mind trying the patch at https://reviewboard.asterisk.org/r/1940/ ?