Summary:ASTERISK-23135: Crash - segfault in ast_channel_hangupcause_set - probably introduced in 11.7.0
Reporter:OK (oleke)Labels:
Date Opened:2014-01-12 03:11:12.000-0600Date Closed:2014-02-28 12:02:06.000-0600
Status:Closed/CompleteComponents:Channels/chan_sip/General Channels/General
Versions:11.7.0 Frequency of
is caused byASTERISK-22621 chan_sip can send two BYEs for a single call
Environment:Ubuntu 12.04.3Attachments:( 0) backtrace2.txt
( 1) dump.txt
Description:Asterisk goes down with segfault message

[1710042.449224] asterisk[26863]: segfault at 9f0 ip 00000000004984ff sp 00007ff1788ed810 error 6 in asterisk[400000+233000]

Program terminated with signal 11, Segmentation fault.
#0  0x00000000004984ff in ast_channel_hangupcause_set (chan=0x0, value=58) at channel_internal_api.c:580
580             chan->hangupcause = value;
(gdb) bt
#0  0x00000000004984ff in ast_channel_hangupcause_set (chan=0x0, value=58) at channel_internal_api.c:580
#1  0x00007ff17ca7417b in handle_response_invite (p=0x7ff0b81d2f98, resp=200, rest=0x7ff1380b89d4 "OK", req=0x7ff1788ee2a0, seqno=102) at chan_sip.c:22821
#2  0x00007ff17ca79a2a in handle_response (p=0x7ff0b81d2f98, resp=200, rest=0x7ff1380b89d4 "OK", req=0x7ff1788ee2a0, seqno=102) at chan_sip.c:23820
#3  0x00007ff17ca8d538 in handle_incoming (p=0x7ff0b81d2f98, req=0x7ff1788ee2a0, addr=0x7ff1788eed10, recount=0x7ff1788ee250, nounlock=0x7ff1788ee254) at chan_sip.c:28137
#4  0x00007ff17ca8ebe9 in handle_request_do (req=0x7ff1788ee2a0, addr=0x7ff1788eed10) at chan_sip.c:28447
#5  0x00007ff17ca8e7d2 in sipsock_read (id=0x7ff138000f70, fd=10, events=1, ignore=0x0) at chan_sip.c:28378
#6  0x0000000000501f9a in ast_io_wait (ioc=0x1552f30, howlong=576) at io.c:292
#7  0x00007ff17ca90808 in do_monitor (data=0x0) at chan_sip.c:28976
#8  0x000000000059f064 in dummy_start (data=0x15848d0) at utils.c:1162
#9  0x00007ff1c53a6e9a in start_thread () from /lib/x86_64-linux-gnu/libpthread.so.0
#10 0x00007ff1c64ec3fd in clone () from /lib/x86_64-linux-gnu/libc.so.6
#11 0x0000000000000000 in ?? ()

Full Backtrace attached

Also in all cases the last messages in log file are:

[Jan 12 08:56:55] WARNING[26863][C-000001f4] chan_sip.c: Ignoring audio media offer because port number is zero
[Jan 12 08:56:55] WARNING[26863][C-000001f4] chan_sip.c: Failing due to no acceptable offer found

[Jan 12 13:01:02] Asterisk 11.7.0 built by root @ mcall-aster on a x86_64 running Linux on 2014-01-11 13:59:57 UTC
Comments:By: OK (oleke) 2014-01-13 05:46:34.505-0600

SIP debug

By: OK (oleke) 2014-01-13 05:47:01.135-0600

Attached dump.txt -- last 5 sec for sip debug/verbose output for full log.

By: OK (oleke) 2014-01-13 12:10:12.668-0600

Asterisk forum discussion


By: David Woolley (davidw) 2014-01-13 16:05:05.452-0600

It looks like the SIP device is responding inappropriately to a CANCEL by sending 200 OK, rather than request cancelled, with the old style hold state (0 as the RTP port number), on the INVITE  transaction.  Whilst that could happen as a collision, it seems unlikely.  I don't know if it is just the 200 response, or the combination with the hold.

By: OK (oleke) 2014-01-14 01:39:08.944-0600

Thanks for your reply. Which workaround would you recommend? In most cases our Asterisk works as autodialing solution (via call files) and 3cx phone agents recieve incoming call when autodial succeeded.

By: OK (oleke) 2014-01-15 06:31:26.119-0600

rolling back to 11.5.0 fixed the issue -- no segfaults anymore

so some changes between .5 and .7 could be the reason

By: Corey Farrell (coreyfarrell) 2014-01-15 07:54:53.709-0600

Instead of 11.5.0 I would recommend 11.6.1, since it has security fixes.  The call to ast_channel_hangupcause_set was added in r400971, released in 11.7.0.