Summary:ASTERISK-20574: Crash in MeetMe using a chan_motif channel when shutting down Asterisk
Reporter:Dmitry Melekhov (slesru)Labels:
Date Opened:2012-10-17 01:54:32Date Closed:2013-07-05 12:34:01
Status:Closed/CompleteComponents:Applications/app_meetme Channels/chan_motif
Versions:11.0.0-beta2 11.0.0 Frequency of
Environment:Centos 5.8/x86 Attachments:( 0) ASTERISK-20574-backtrace.txt
( 1) bt
( 2) motif.conf
( 3) xmpp.conf
[Edit - mjordan]

The original text of the issue here is incorrect, as this particular crash has not be reproducible.  The backtrace attached to the issue (ASTERISK-20574-backtrace.txt) illustrates a crash in MeetMe when writing to a chan_motif channel during Asterisk shutdown.


I'm trying to test calls between asterisk and psi with chan_motif with 11rc1 and just got crash:

Program terminated with signal 11, Segmentation fault.
#0  0x4fa00945 in memcpy () from /lib/libc.so.6
(gdb) bt
#0  0x4fa00945 in memcpy () from /lib/libc.so.6
#1  0x4fb3e04d in ?? () from /lib/libz.so.1
#2  0x4fb3f162 in ?? () from /lib/libz.so.1
#3  0x4fb3e2f7 in deflate () from /lib/libz.so.1
#4  0x4fcbd8aa in ?? () from /lib/libcrypto.so.6
#5  0x4fcbd42e in COMP_compress_block () from /lib/libcrypto.so.6
#6  0x4ffa148a in ssl3_do_compress () from /lib/libssl.so.6
#7  0x4ffa15bd in ?? () from /lib/libssl.so.6
#8  0x4ffa19d5 in ssl3_write_bytes () from /lib/libssl.so.6
#9  0x4ff9efb1 in ssl3_write () from /lib/libssl.so.6
#10 0x4ffb0879 in SSL_write () from /lib/libssl.so.6
#11 0xb74d1eb9 in xmpp_client_send_raw_message (client=0xb7209f84, stanza=0x9c267e4) at res_xmpp.c:2409
#12 ast_xmpp_client_send (client=0xb7209f84, stanza=0x9c267e4) at res_xmpp.c:2443
#13 0xb64e0b4d in jingle_send_session_action (session=0x9c2a26c, action=0xb64e6c9f "session-initiate") at chan_motif.c:1318
#14 0xb64e5f01 in jingle_send_session_initiate (ast=0x9c3b354, dest=0x9c0dec0 "jabber/dm@jabber.belkam.com", timeout=0) at chan_motif.c:1342

not big deal just because I can't get sound between asterisk and psi yet, but anyway I guess there should be no crash... :-)

#15 jingle_call (ast=0x9c3b354, dest=0x9c0dec0 "jabber/dm@jabber.belkam.com", timeout=0) at chan_motif.c:1682
#16 0x080b8c28 in ast_call (chan=0x9c3b354, addr=0x9c0dec0 "jabber/dm@jabber.belkam.com", timeout=0) at channel.c:5959
#17 0xb6d7662a in dial_exec_full (chan=0x9c0a544, data=<value optimized out>, peerflags=0xb4b1ae50, continue_exec=0x0) at app_dial.c:2594
#18 0xb6d7a979 in dial_exec (chan=0x9c0a544, data=0xb4b1cf04 "Motif/jabber/dm@jabber.belkam.com,,r") at app_dial.c:3124
#19 0x08165b70 in pbx_exec (c=0x9c0a544, app=0xb54954e0, data=0xb4b1cf04 "Motif/jabber/dm@jabber.belkam.com,,r") at pbx.c:1589
#20 0x081769cd in pbx_extension_helper (c=0x9c0a544, con=0x0, context=0x9c0b0f8 "default", exten=0x9c0b148 "6006", priority=1, label=0x0,
   callerid=0x9bfea88 "6401", action=E_SPAWN, found=0xb4b1f328, combined_find_spawn=1) at pbx.c:4442
#21 0x0817bdad in ast_spawn_extension (c=0x9c0a544, args=0x0) at pbx.c:5558
#22 __ast_pbx_run (c=0x9c0a544, args=0x0) at pbx.c:6030
#23 0x0817e870 in pbx_thread (data=0x9c0a544) at pbx.c:6360
#24 0x081c220b in dummy_start (data=0x9c0d270) at utils.c:1030
#25 0x4faf8852 in start_thread () from /lib/libpthread.so.0
#26 0x4fa62a8e in clone () from /lib/libc.so.6
Comments:By: Rusty Newton (rnewton) 2012-10-18 16:22:05.066-0500


can you get the "bt full" and "thread apply all bt"


Can you reproduce the crash? If so, can you get a full log with VERBOSE and DEBUG at level 5 running up to the crash?

By: Rusty Newton (rnewton) 2012-10-18 16:37:35.971-0500

Also helpful:

What is the XMPP server software and version, plus the if a client is involved, the client software and version, and a log of the XMPP traffic happening during the crash if possible.

Please also attach sanitized: xmpp.conf (or jabber.conf if using old configuration) and motif.conf

By: Dmitry Melekhov (slesru) 2012-10-18 22:39:49.795-0500


Unfortunately, I already deleted core, so I can't provide backtraces :-(

Client is Psi+ v0.15.5124

Now I'm going to test -rc2, if I'll reproduce crash I'll provide requiested information. But, really, I don't know how to reproduce it :-)

Config files are attached.
btw, I don't have sound at all with psi connected to asterisk... :-(


By: Dmitry Melekhov (slesru) 2012-10-22 02:31:41.304-0500


I can't reproduce crash with -rc2

By: Rusty Newton (rnewton) 2012-10-29 10:43:36.489-0500

Reporter cannot reproduce with rc2.

By: Dmitry Melekhov (slesru) 2012-11-06 00:26:43.349-0600

OK, but reporduced with 11.0 :-)

(gdb) bt
#0  __ao2_callback (c=0x0, arg=0xb4a90e34, flags=OBJ_POINTER) at astobj2.c:1188
#1  __ao2_find (c=0x0, arg=0xb4a90e34, flags=OBJ_POINTER) at astobj2.c:1219
#2  0x0811f53e in find_interface (format1=0xb4c45bd4, format2=0xb4a90e34) at format.c:107
#3  format_cmp_helper (format1=0xb4c45bd4, format2=0xb4a90e34) at format.c:314
#4  0x080c5b54 in ast_write (chan=0xb4c4534c, fr=0xb4a924f0) at channel.c:5035
#5  0xb6f1f979 in conf_run (chan=0xb4c4534c, conf=0xb4c583b8, confflags=0xb4a92e3c, optargs=0xb4a92e10) at app_meetme.c:3959
#6  0xb6f2a8ff in conf_exec (chan=0xb4c4534c, data=0xb4a94f04 "6000,TL(10800000:60000)") at app_meetme.c:4760
#7  0x08165c10 in pbx_exec (c=0xb4c4534c, app=0xb58e3aa0, data=0xb4a94f04 "6000,TL(10800000:60000)") at pbx.c:1589
#8  0x08176a6d in pbx_extension_helper (c=0xb4c4534c, con=0x0, context=0xb4c45f00 "jabber-in", exten=0xb4c45f50 "s", priority=4, label=0x0,
   callerid=0xb4c1ccf8 "dm", action=E_SPAWN, found=0xb4a97328, combined_find_spawn=1) at pbx.c:4442
#9  0x0817be4d in ast_spawn_extension (c=0xb4c4534c, args=0x0) at pbx.c:5558
#10 __ast_pbx_run (c=0xb4c4534c, args=0x0) at pbx.c:6030
#11 0x0817e910 in pbx_thread (data=0xb4c4534c) at pbx.c:6360
#12 0x081c239b in dummy_start (data=0xb4c1d538) at utils.c:1030
#13 0x4faf8852 in start_thread () from /lib/libpthread.so.0
#14 0x4fa62a8e in clone () from /lib/libc.so.6

By: Dmitry Melekhov (slesru) 2012-11-06 00:27:31.165-0600

[mjordan - removed inline backtrace]

By: Dmitry Melekhov (slesru) 2012-11-06 00:30:16.530-0600

[edit mjordan - removed inline backtrace]

By: Dmitry Melekhov (slesru) 2012-11-06 00:30:44.919-0600

Don't know how to reopen :-(

By: Joshua C. Colp (jcolp) 2012-11-06 05:51:19.843-0600

I've reopened this but it doesn't look like there's a problem in your latest backtrace with chan_motif... it appears as though your Asterisk is being shut down.

By: Dmitry Melekhov (slesru) 2012-11-06 06:02:20.479-0600

As I see in bt it died during jingle call, may be I shutted it down at this time, anyway there is crash, I don't think this is OK to crash on shutdown :-)

By: Matt Jordan (mjordan) 2012-11-06 08:46:43.898-0600

I've removed your backtrace from the comments and attached it as a separate file (ASTERISK-20574-backtrace.txt).  Please do not paste large blobs of anything (much less backtraces) in a comment - attach them as separate files.

Despite the fact that a chan_motif channel was being used at the time, this appears to be a crash occurring in MeetMe as it attempts to access the channel after it has been ref counted out.  This is more likely to be a general problem with MeetMe than a problem with the chan_motif channel driver.  Keep in mind that MeetMe in Asterisk 11 is an extended support module and development support for it comes primarily from the Asterisk community.

Finally, we are now repurposing this issue from a memory corruption crash in one version of Asterisk (a beta release) to a crash you experienced in a different part of the code, in a different scenario, with a different version.  Repurposing issues can become *very* confusing.  In the future, if you experience a problem and the scenario is not the same as what you initially reported, please open a new issue in Jira.  Thanks!

By: Dmitry Melekhov (slesru) 2012-11-06 09:39:19.147-0600


First of all, I didn't post blob , i.e. binary large object here, all I posted is plain text.
Second, I thought and, really, still think,  I got crash in the same part of code, just because there is no such problem in any other channel type ( dahdi, sip, ooh323 ) I connect to meetme.
And, finally, no beta releases tested, only -rc, I don't know why -rc version was not avaialble as option here :-)

Thank you!