Summary:ASTERISK-19827: Asterisk crash, whenever mwi => pass:user:authuser@host:port/mailbox is set in sip.conf
Reporter:B. R (kenshin)Labels:Regression
Date Opened:2012-05-01 16:39:13Date Closed:2012-05-22 16:06:06
Versions:10.3.0 10.3.1 Frequency of
must be completed before resolvingASTERISK-19901 Asterisk Blockers
must be completed before resolvingASTERISK-19902 Asterisk 10.5.0 Blockers
is caused byASTERISK-19106 SIP registration fails after temporary dns failure
is related toASTERISK-16999 [patch] asterisk crash when setting outbound mwi subscription in sip.conf
is related toASTERISK-19939 Write test for the Asterisk Test Suite to cover subscribing for MWI in chan_sip
Environment:GentooAttachments:( 0) ast_debug.txt
Description:Asterisk crash, whenever mwi => pass:user:authuser@host:port/mailbox is set in sip.conf
the only way to get past it is to enable dsnmgr and use hostnames instead of ip.
To prevent ASTOBJ_UNREF (line 12787 in chan_sip.c) from executing.

The problem seems to come from ASTOBJ_UNREF macro as it expands to this :
ast_dnsmgr_lookup_cb(mwi->hostname, &mwi->us, &mwi->dnsmgr, sip_cfg.srvlookup ? transport : ((void *)0), on_dns_update_mwi, mwi);
   if (!mwi->dnsmgr) {
     do {
       int newcount = 0;
       __ast_pthread_mutex_lock("chan_sip.c", 12787, __PRETTY_FUNCTION__, "&(mwi)->_lock", &(mwi)->_lock);
       if (__builtin_expect((mwi)->refcount > 0, 1))
         newcount = --((mwi)->refcount);
         ast_log(3, "chan_sip.c", 12787, __PRETTY_FUNCTION__, "Unreferencing unreferenced (object)!\n");
       __ast_pthread_mutex_unlock("chan_sip.c", 12787, __PRETTY_FUNCTION__, "&(mwi)->_lock", &(mwi)->_lock);
       if (newcount == 0) {
         __ast_pthread_mutex_destroy("chan_sip.c", 12787, __PRETTY_FUNCTION__, "&(mwi)->_lock", &(mwi)->_lock);
       (mwi) = ((void *)0);
     } while(0);
Notice that mwi is set to NULL regardless of ref count. that line should be inside the if (newcount == 0) (we relly intend to destroy the object)
I believe this should solve it (didn't test it though) :

[Edit]: inline code contribution removed by Matt Jordan

If you'd like to submit a patch for this problem, that would be appreciated - however, a valid license agreement must be signed and the patch supplied as a unified diff attached to this issue.
Comments:By: B. R (kenshin) 2012-05-01 17:31:45.151-0500

or this : would more (sane ?)

[Edit] - inline code removed by Matt Jordan

Please see my previous comment in the issue description :-)

By: Matt Jordan (mjordan) 2012-05-02 08:19:54.606-0500

If you can, please attach a backtrace[1] generated from the crash. Also, be sure you have DONT_OPTIMIZE enabled in menuselect within the Compiler Flags section, then:

make install

After enabling, reproduce the crash, and then execute the backtrace[1] instructions. When complete, attach that file to this issue report.

[1] https://wiki.asterisk.org/wiki/display/AST/Getting+a+Backtrace

I'm pretty sure you've found the root cause of this problem, but a backtrace never hurts just to make sure.

By: B. R (kenshin) 2012-05-02 18:05:09.726-0500

here's the bt (with debug, value of mwi before and after ASTOBJ_UNREFF )
The previous diffs were by no mean a permanent solution ... just suggestions (if I were to submit a patch I'd attach it instead of putting it in the comment)

By: Terry Wilson (twilson) 2012-05-21 16:14:49.890-0500

Added a patch to reviewboard. Since ASTOBJ_UNREF is behaving as designed, I just did a cheesy patch to fix the two places where we access a variable after it was ASTOBJ_UNREFed by saving the ref to another variable and unreffing that.

By: Terry Wilson (twilson) 2012-05-21 16:15:39.230-0500

Do you mind trying the patch at https://reviewboard.asterisk.org/r/1940/ ?