Bug#698112: asterisk: Segfault when making a call after update to 1.6.2.9-2+squeeze9

Dennis Rech dre at wikon.de
Mon Jan 14 09:03:55 UTC 2013 

I've tried it on another system. Heres the output:

Core was generated by `asterisk -U asterisk -g -c'.
Program terminated with signal 11, Segmentation fault.
#0  0xb74e8b77 in strchrnul () from /lib/i686/cmov/libc.so.6
(gdb) bt
#0  0xb74e8b77 in strchrnul () from /lib/i686/cmov/libc.so.6
#1  0xb74afd78 in vfprintf () from /lib/i686/cmov/libc.so.6
#2  0xb74d2e30 in vsnprintf () from /lib/i686/cmov/libc.so.6
#3  0x080a683a in ast_devstate_changed (state=AST_DEVICE_UNKNOWN, 
cachable=AST_DEVSTATE_CACHABLE, fmt=0x1 <Address 0x1 out of bounds>) at 
devicestate.c:524
#4  0xb5b7d4be in update_call_counter (fup=<value optimized out>, 
event=<value optimized out>) at chan_sip.c:5914
#5  0xb5baa61b in handle_request_invite (p=<value optimized out>, 
req=<value optimized out>, debug=0, seqno=38802, sin=0xb54a822c, 
recount=0xb54a7cbc,
     e=0xb4f97793 "sip:33 at obelisk.wikon.de;user=phone", 
nounlock=0xb54a7cb8) at chan_sip.c:20297
#6  0xb5bb1000 in handle_incoming (p=<value optimized out>, req=<value 
optimized out>, sin=0xb54a822c, recount=0xb54a7cbc, nounlock=0xb54a7cb8)
     at chan_sip.c:21984
#7  0xb5bb22e0 in handle_request_do (req=<value optimized out>, 
sin=<value optimized out>) at chan_sip.c:22296
#8  0xb5bb3af0 in sipsock_read (id=0x878a388, fd=13, events=1, 
ignore=0x0) at chan_sip.c:22185
#9  0x080cf2e5 in ast_io_wait (ioc=0x8750b60, howlong=1000) at io.c:288
#10 0xb5b8a273 in do_monitor (data=0x0) at chan_sip.c:22757
#11 0x0812ddc7 in dummy_start (data=0x878a7a0) at utils.c:967
#12 0xb732d955 in start_thread () from /lib/i686/cmov/libpthread.so.0
#13 0xb753f1de in clone () from /lib/i686/cmov/libc.so.6



(gdb) bt full
#0  0xb74e8b77 in strchrnul () from /lib/i686/cmov/libc.so.6
No symbol table info available.
#1  0xb74afd78 in vfprintf () from /lib/i686/cmov/libc.so.6
No symbol table info available.
#2  0xb74d2e30 in vsnprintf () from /lib/i686/cmov/libc.so.6
No symbol table info available.
#3  0x080a683a in ast_devstate_changed (state=AST_DEVICE_UNKNOWN, 
cachable=AST_DEVSTATE_CACHABLE, fmt=0x1 <Address 0x1 out of bounds>) at 
devicestate.c:524
         buf = "\000mJ\265\000mJ\265\340lJ\265\270\207\371\264\"Marco 
Spann\" 
<sip:65\000ob`\030L\267\370mJ\265w\376\062\267\000\000\000\000i\022\063\267phon\324\302M\267ag=c\023\034\000\000\364_[\267"
#4  0xb5b7d4be in update_call_counter (fup=<value optimized out>, 
event=<value optimized out>) at chan_sip.c:5914
         name = "65", '\000' <repeats 78 times>, 
"P3x\b\000\000\000\000xnJ\265\024}J\265\000\000\000\000\360|J\265\000\000\000\000\200w\371\264\017\000\000\000\224@\273\265\f\000\000\000rz\371\264", 
'\000' <repeats 12 times>, 
"p\206\274\265\241z\371\264\000\000\000\000\310nJ\265\246.\265\265\274nJ\265\002\000\023\242\254\036\325\005p\206\274\265\241z\371\264\242\023\000\000\000\000\000\000\005\000\000\000\001\000\000\000\377\377\377\377\000\000\000\000\003", 
'\000' <repeats 23 times>, "\017\001\000\000\001\000\000\000\016", 
'\000' <repeats 11 times>, "XvJ\265p\206\274\265"
         outgoing = 0
         p = 0x8796368
         __PRETTY_FUNCTION__ = "update_call_counter"
#5  0xb5baa61b in handle_request_invite (p=<value optimized out>, 
req=<value optimized out>, debug=0, seqno=38802, sin=0xb54a822c, 
recount=0xb54a7cbc,
     e=0xb4f97793 "sip:33 at obelisk.wikon.de;user=phone", 
nounlock=0xb54a7cb8) at chan_sip.c:20297
         res = <value optimized out>
         gotdest = -1253413064
         p_replaces = <value optimized out>
         replace_id = <value optimized out>
         refer_locked = 0
         required = 0xb5bb779a ""
         required_profile = <value optimized out>
         c = <value optimized out>
         reinvite = -1245936016
         rtn = <value optimized out>
         p_uac_se_hdr = <value optimized out>
         p_uac_min_se = <value optimized out>
         uac_max_se = -1
         uac_min_se = -1
         st_active = <value optimized out>
         st_interval = -1246005350
         st_ref = SESSION_TIMER_REFRESHER_AUTO
         dlg_min_se = <value optimized out>
         pickup = {exten = '\000' <repeats 79 times>, context = '\000' 
<repeats 79 times>}
         __PRETTY_FUNCTION__ = "handle_request_invite"
#6  0xb5bb1000 in handle_incoming (p=<value optimized out>, req=<value 
optimized out>, sin=0xb54a822c, recount=0xb54a7cbc, nounlock=0xb54a7cb8)
     at chan_sip.c:21984
         cmd = <value optimized out>
         cseq = <value optimized out>
         useragent = <value optimized out>
         seqno = 38802
        len = <value optimized out>
         respid = <value optimized out>
         res = <value optimized out>
         debug = 0
         e = <value optimized out>
         oldmethod = 6
         acked = <value optimized out>
         __PRETTY_FUNCTION__ = "handle_incoming"
#7  0xb5bb22e0 in handle_request_do (req=<value optimized out>, 
sin=<value optimized out>) at chan_sip.c:22296
         p = <value optimized out>
         recount = 0
         nounlock = 0
         lockretry = 10
         __PRETTY_FUNCTION__ = "handle_request_do"
#8  0xb5bb3af0 in sipsock_read (id=0x878a388, fd=13, events=1, 
ignore=0x0) at chan_sip.c:22185
         req = {rlPart1 = 0, rlPart2 = 7, len = 1046, headers = 15, 
method = 5, lines = 13, sdp_start = 0, sdp_count = 13, debug = 0 '\000',
           has_to_tag = 0 '\000', ignore = 0 '\000', authenticated = 1 
'\001', header = {0, 51, 118, 197, 239, 301, 335, 361, 536, 576, 596, 
637, 655, 742,
             773, 794, 0 <repeats 48 times>}, line = {796, 801, 837, 
849, 872, 879, 912, 924, 946, 968, 990, 1013, 1034, 1046, 0 <repeats 242 
times>},
           data = 0xb4f97780, socket = {type = SIP_TRANSPORT_UDP, fd = 
-1, port = 50195, tcptls_session = 0x0}, next = {next = 0x0}}
         sin = {sin_family = 2, sin_port = 50195, sin_addr = {s_addr = 
97853100}, sin_zero = "\000\000\000\000\000\000\000"}
         res = <value optimized out>
         len = 16
         readbuf = "INVITE sip:33 at obelisk.wikon.de;user=phone 
SIP/2.0\r\nVia: SIP/2.0/UDP 
172.30.213.5:5060;branch=z9hG4bK370b89da23836343\r\nFrom: \"Marco 
Spann\" <sip:65 at obelisk.wikon.de;user=phone>;tag=ce0770de600b64fc\r\nTo:"...
         __PRETTY_FUNCTION__ = "sipsock_read"
#9  0x080cf2e5 in ast_io_wait (ioc=0x8750b60, howlong=1000) at io.c:288
         res = 1
         x = 0
         origcnt = 1
#10 0xb5b8a273 in do_monitor (data=0x0) at chan_sip.c:22757
         res = 1
         t = 1358154110
         reloading = <value optimized out>
         __PRETTY_FUNCTION__ = "do_monitor"
#11 0x0812ddc7 in dummy_start (data=0x878a7a0) at utils.c:967
         __cancel_buf = {__cancel_jmp_buf = {{__cancel_jmp_buf = 
{142125048, 0, 4001536, -1253407848, -223845233, 1108721141}, 
__mask_was_saved = 0}}, __pad = {
             0xb54a8454, 0x0, 0x0, 0x0}}
         not_first_call = <value optimized out>
         ret = <value optimized out>
#12 0xb732d955 in start_thread () from /lib/i686/cmov/libpthread.so.0
No symbol table info available.
#13 0xb753f1de in clone () from /lib/i686/cmov/libc.so.6
No symbol table info available.



Am 14.01.2013 09:51, schrieb Dennis Rech:
> Dear Mr. Cohen,
>
> after the update to squeeze9, the asterisk process restarts fine. When 
> someone does a SIP call, the asterisk process immediately terminates 
> with the described segmentation fault (according to dmesg). As the 
> software is running on our production server infrastructure, I have 
> performed a downgrade to squeeze8 again to ensure proper operation 
> during our office hours. That's also the reason why I won't be able to 
> upgrade again and debug the system now because I have to keep the 
> telephony operational during office hours.
>
> Maybe I can reproduce it with a test system, I'll keep you informed.
>
> Regards,
>
> Dennis Rech
>
> Am 14.01.2013 09:36, schrieb Tzafrir Cohen:
>> On Mon, Jan 14, 2013 at 08:38:35AM +0100, Dennis Rech wrote:
>>> Package: asterisk
>>> Version: 1:1.6.2.9-2+squeeze8
>>> Severity: grave
>>> Justification: renders package unusable
>>>
>>>
>>> asterisk crashes when placing a call after a update to recent 
>>> versions with apt-get
>>>
>>> Upgrade: asterisk:i386 (1.6.2.9-2+squeeze8, 1.6.2.9-2+squeeze9), 
>>> asterisk-sounds-main:i386 (1.6.2.9-2+squeeze8, 1.6.2.9-2+squeeze9), 
>>> asterisk-config:i386 (1.6.2.9-2+squeeze8, 1.6.2.9-2+squeeze9)
>>>
>>> Error:
>>>
>>> [9058168.846934] asterisk[2585]: segfault at 1 ip b7493b77 sp 
>>> b5415684 error 4 in libc-2.11.3.so[b741e000+140000]
>>> [9058212.632085] asterisk[2709]: segfault at 1 ip b748db77 sp 
>>> b540f684 error 4 in libc-2.11.3.so[b7418000+140000]
>> How asy is this issue to reproduce? What type of call? SIP? TCP?
>>
>> Could you please install asterisk-dbg and gdb, run asterisk as:
>>
>> cd /var/spool/asterisk
>> asterisk -U asterisk -g -c
>>
>> and reproduce the issue
>>
>> Then run:
>>
>>    gdb -c core /usr/sbin/asterisk
>>
>> and in the prompt of gdb run:
>>
>>   bt
>>   bt full
>>
>> and provide the output here.
>>
>
>


-- 

Mit freundlichen Grüßen / Best regards,

Dennis Rech
Dipl.-Inf. (TU)

WIKON Kommunikationstechnik GmbH
Entwicklung / IT

Luxemburger Str. 1-3, D-67657 Kaiserslautern
mailto:dre at wikon.de * http://www.wikon.de
Tel: +49-631-205777-64 * Fax: +49-631-205777-99

Haftungsausschluss: http://www.wikon.de/cms/de/kontakt-impressum/impressum.html
HR B-Nr: 2561, Kaiserslautern
Geschäftsführer: Joachim Molz und Andreas Konzelmann

==============================================================
              WIKON - Fernwirksysteme über GSM
==============================================================

More information about the Pkg-voip-maintainers mailing list