[asterisk-bugs] [JIRA] (ASTERISK-28674) Asterisk becomes unstable after SS7 signalling link restarts

Kevin Harwell (JIRA) noreply at issues.asterisk.org
Mon Jan 6 14:57:25 CST 2020 

    [ https://issues.asterisk.org/jira/browse/ASTERISK-28674?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=249245#comment-249245 ] 

Kevin Harwell commented on ASTERISK-28674:
------------------------------------------

This is just a theory, but I'm thinking this issue might be result of an infinite loop.

Note something like the following in both the post "ss7 show linkset 1" CLI command backtraces:
{noformat}
#0  len_buf (buf=<optimized out>) at mtp2.c:50
#1  0x00007f0ffee71f10 in ss7_show_linkset (ss7=0x562f906ed0c0, cust_printf=0x562f8df73e76 <ast_cli>, fd=146) at ss7.c:668
#2  0x00007f0fff2ef7d9 in handle_ss7_show_linkset (e=0x7f0fff52b8a0 <dahdi_ss7_cli+1600>, cmd=-4, a=0x7f0f276b7450) at chan_dahdi.c:17265
#3  0x0000562f8df7d8dd in ast_cli_command_full (uid=0, gid=0, fd=146, s=0x7f0f276b7720 "ss7 show linkset 1") at cli.c:2833
#4  0x0000562f8df7dacf in ast_cli_command_multiple_full (uid=0, gid=0, fd=146, size=19, s=0x7f0f276b79d0 "ss7 show linkset 1") at cli.c:2860
#5  0x0000562f8df030be in netconsole (vconsole=0x562f8e3ee180 <consoles>) at asterisk.c:1424
#6  0x0000562f8e094e21 in dummy_start (data=0x7f102c004090) at utils.c:1249
#7  0x00007f1051a756db in start_thread (arg=0x7f0f276b8700) at pthread_create.c:463
#8  0x00007f1050c5e88f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
{noformat}
Now if we take a look at what is at, or around line number 50 in [mtp2.c|https://github.com/asterisk/libss7/blob/master/mtp2.c]:
{noformat}
int len_buf(struct ss7_msg *buf)
{
	int res = 0;
	struct ss7_msg *cur = buf;

	while (cur) {
		res++;
		cur = cur->next;
	}
	return res;
}
{noformat}
In this branch at least line 50 is incrementing "res". I think it's a coincidence the threads in both backtraces are on the same line. However, there are only a couple of lines of code in the loop itself so the chances of capturing a thread at that line increases especially if caught in an infinite loop here. Really that's probably the only way the code could get "stuck" in this spot. It would also explain no further output on the CLI, and the 100% CPU.


> Asterisk becomes unstable after SS7 signalling link restarts
> ------------------------------------------------------------
>
>                 Key: ASTERISK-28674
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-28674
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Channels/chan_dahdi/SS7
>    Affects Versions: 13.29.2, 16.7.0
>         Environment: Asterisk 16.7.0, LibSS7 2.0.0, DAHDI 3.1.0, Digium TE820 + TE420 (5th gen), Ubuntu 18.04.3 LTS, Kernel 5.0.0-37-generic.
> Same issue also ocurrs using Asterisk 13.29.2.
>            Reporter: Gregory Massel
>            Assignee: Unassigned
>            Severity: Minor
>         Attachments: chan_dahdi.conf.txt, core-asterisk-running-2020-01-02T23-14-27+0200-brief.txt, core-asterisk-running-2020-01-02T23-14-27+0200-full.txt, core-asterisk-running-2020-01-02T23-14-27+0200-locks.txt, core-asterisk-running-2020-01-02T23-14-27+0200-thread1.txt, core-asterisk-running-2020-01-03T21-43-37+0200-brief.txt, core-asterisk-running-2020-01-03T21-43-37+0200-full.txt, core-asterisk-running-2020-01-03T21-43-37+0200-locks.txt, core-asterisk-running-2020-01-03T21-43-37+0200-thread1.txt, core-asterisk-running-2020-01-03T21-44-45+0200-brief.txt, core-asterisk-running-2020-01-03T21-44-45+0200-full.txt, core-asterisk-running-2020-01-03T21-44-45+0200-locks.txt, core-asterisk-running-2020-01-03T21-44-45+0200-thread1.txt, ss7-debug.txt, ss7.timers.txt
>
>
> When one of the SS7 signalling links goes down briefly and then restores, the SS7 subsystem goes into a corrupt state. This manifests in a numbers of ways:
> 1. The system starts using consistently 100% CPU on exactly one core, resulting in a load average of just over 1.0. This will continue indefinitely.
> 2. All outbound DAHDI calls thereafter hang during initiation reflecting a "Ring" state; a "core show channels" after a few hours shows thousands of hung channels. The corresponding PJSIP channels close and log "res_pjsip_sdp_rtp.c: Disconnecting channel 'PJSIP/xxx' for lack of RTP activity in 60 seconds" but the call and DAHDI channel remain hung.
> 3. No inbound calls are accepted via the DAHDI spans.
> 4. A "ss7 show linkset 1" seems to be missing signalling links that were there before, as if they were never configured.
> The log entries before everything goes pear-shaped look like this:
> {noformat}
> [Jan  1 03:14:08] WARNING[24375] sig_ss7.c: MTP2 link down (SLC 33)
> [Jan  1 03:14:08] ERROR[24375] chan_dahdi.c: [1] Received message for slc 0x3, but we are 0x0.  Dropping
> [Jan  1 03:14:08] ERROR[24375] chan_dahdi.c: [1] Received message for slc 0x3, but we are 0x0.  Dropping
> [Jan  1 03:14:08] ERROR[24375] chan_dahdi.c: [1] Received message for slc 0x3, but we are 0x0.  Dropping
> [Jan  1 03:14:08] ERROR[24375] chan_dahdi.c: [1] Received message for slc 0x3, but we are 0x0.  Dropping
> [Jan  1 03:14:09] VERBOSE[24375] sig_ss7.c: MTP2 link up (SLC 34)
> [Jan  1 03:14:09] VERBOSE[24375] chan_dahdi.c: [1] MTP3 T2 timer expired on link SLC: 3 ADJPC: 2200 changeover completed
> [Jan  1 03:14:09] ERROR[24375] chan_dahdi.c: [1] Received message for slc 0x3, but we are 0x1.  Dropping
> [Jan  1 03:14:09] ERROR[24375] chan_dahdi.c: [1] Received message for slc 0x3, but we are 0x0.  Dropping
> [Jan  1 03:14:09] ERROR[24375] chan_dahdi.c: [1] Received message for slc 0x3, but we are 0x2.  Dropping
> [Jan  1 03:14:09] ERROR[24375] chan_dahdi.c: [1] Received message for slc 0x3, but we are 0x1.  Dropping
> [Jan  1 03:14:09] ERROR[24375] chan_dahdi.c: [1] T7 expired on link SLC: 0 ADJPC: 2200
> [Jan  1 03:14:09] WARNING[24375] sig_ss7.c: MTP2 link down (SLC 34)
> [Jan  1 03:14:09] ERROR[24375] chan_dahdi.c: [1] T7 expired on link SLC: 1 ADJPC: 2200
> [Jan  1 03:14:09] WARNING[24375] sig_ss7.c: MTP2 link down (SLC 34)
> {noformat}
> This highlights a related issue: I have SLC numbers 0 to 3 only. The system is actually logging an incorrect SLC number (34) as having failed and/or restored. It appears that this goes beyond just the log entry. The entire system seems to get horribly confused because it thinks that an event has ocurred relating to an invalid SLC number.
> Note that the "Received message for slc 0x3, but we are 0x2.  Dropping" messages are NOT the source of the issue; I get these when Asterisk starts up cleanly as well, because chan_dahdi/libss7 wrongly filters out STD Test responses received via a different SLC from the one they're sent on. This is fine because the applicable timer expires and it stops waiting for the STD Test response, however, it highlights another unrelated bug (i.e. that Asterisk shouldn't be filtering STD_TEST replies received on a different signalling link within a single linkset and should treat the received message as proper acknowledgement).
> When Asterisk starts up for the first time, it always shows SLC 0 as up for all signalling links:
> {noformat}
> [Jan  1 18:51:03] VERBOSE[24690] sig_ss7.c: MTP2 link up (SLC 0)
> [Jan  1 18:51:03] VERBOSE[24690] sig_ss7.c: MTP2 link up (SLC 0)
> [Jan  1 18:51:03] VERBOSE[24690] sig_ss7.c: MTP2 link up (SLC 0)
> {noformat}
> This is despite these being SLC 0, 1 and 2 (all part of one linkset).
> The SLC numbers only reflect 33 or 34 (invalid) once one of the signalling links fails and immediately restores.
> The configuration appears to be 100% because the system can run for days - even weeks - perfectly, processing tens of thousands of calls. Things only go awry when the SLC fails and immediately restores and they go awry every single time this happens.
> My suspicion is that the issues here is that Asterisk is mishandling the situation where the signalling link fails by misindentifying which SLC number has failed. Thereafter, it seems to corrupt its own structures relating to the signalling links. Even when the signalling link restores, things are already corrupted beyond any hope of functioning.
> This has happened countless times over many months, however, is becoming more frequent and difficult to manage. What has aggravated it has been enabling 4 signalling links (previously I had 2) within the linkset, as there is a higher probability of failure. 
> All drops have been for a second or less; I'm not sure if this has any bearing on the situation (e.g. if two timers are running concurrently, one relating to link failure and the other to link restoration).
> Killing Asterisk completely and restarting immediately fixes the issue. It's not necessary to restart DAHDI.
> The 100% CPU on a single core does seem to indicate a deadlocked thread, however, I cannot readily identify which thread.
> The config is ITU SS7, 4x E1 circuits are connected to the TE820 card. The TE420 card in the system is unused at this stage (the intention was to provide for 12x E1 in the future). I've experienced similar issues on a system with 2x TE820 and, similarly, 4x E1 on one of the TE820's.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list