[asterisk-bugs] [JIRA] (ASTERISK-28674) Asterisk becomes unstable after SS7 signalling link restarts

Gregory Massel (JIRA) noreply at issues.asterisk.org
Thu Jan 9 14:23:25 CST 2020


    [ https://issues.asterisk.org/jira/browse/ASTERISK-28674?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=249306#comment-249306 ] 

Gregory Massel commented on ASTERISK-28674:
-------------------------------------------

It worked!!!

With the 'break;' in place, I'm now able to repeatedly fail any of the four links and Asterisk correcly handles it, sending COO, receiving COA, marking the link as FAILED and effecting changeover cleanly. Moreover, I can bring the failed link back up and it cleanly restores. I can successfully do a "ss7 show linkset 1" in between each.

So, what I've discovered through this is that there are TWO bugs that actually need addressing:
1. The original issue of "Asterisk becomes unstable after SS7 signalling link restarts" 
2. A logging bug which can be described as "Wrong SLC number logged when MTP2 link state changes"

And, a more precise described of bug 1 is "Crash and/or instability during SS7 link changeover with linksets of more then two links"

Let's deal with 1 as it's what was originally logged here. The fix involves two changes to mtp3.c (libss7-2.0.0):
1. Lines 1869-1872 in mtp3.c should be removed or commented out:
{noformat}
/*              if (link->slc != rl.sls) {
                        ss7_error(ss7, "Received message for slc 0x%x, but we are 0x%x.  Dropping\n", rl.sls, link->slc);
                        return -1;
                } */
{noformat}
This code is entirely nonsensical because, by very nature of a link having failed, we will NEVER receive SIG_NET_MNG over the failed link and have to receive it over one of the other links.
2. Lines 1599 to 1606 require the addition of a "break;" so as to exit the for loop after the NET_MNG message has been successfully sent via an alternate link:
{noformat}
                /* we may use another link to the same adjacent sp */
                res = -1;
                for (i = 0; i < link->adj_sp->numlinks; i++) {
                        if (link->adj_sp->links[i]->std_test_passed) {
                                res = mtp3_transmit(ss7, SIG_NET_MNG, rl, 3, m, link->adj_sp->links[i]);
+++                             break;
                        }
                }
{noformat}

In terms of bug 2, the logging bug, the applicable code is in channels/sig_ss7.c (Asterisk itself), lines 1493 to 1498, within ss7_linkset.
I changed it as follows.
Before:
{noformat}
                       case MTP2_LINK_UP:
                                ast_verb(1, "MTP2 link up (SLC %d)\n", e->gen.data);
                                break;
                        case MTP2_LINK_DOWN:
                                ast_log(LOG_WARNING, "MTP2 link down (SLC %d)\n", e->gen.data);
                                break;
{noformat}
After:
{noformat}
                       case MTP2_LINK_UP:
                                ast_verb(1, "MTP2 link up (SLC %d)\n", e->link.link->slc);
                                break;
                        case MTP2_LINK_DOWN:
                                ast_log(LOG_WARNING, "MTP2 link down (SLC %d)\n", e->link.link->slc);
                                break;
{noformat}
In essence, e->gen.data is random garbage and the correct way to determine the SLC number is e->link.link->slc.
However, where things get more complex is that sig_ss7.c won't compile then because the reference to "slc" requires struct mtp2 to be defined and that is defined in mtp2.h which is in the libss7 source base. I added a #include "mtp2.h" into sig_ss7.c and symlinked mtp2.h from libss7 into the asterisk/channels directory as well as ss7_internal.h (because mtp2.h includes it), however, there is more than likely a cleaner solution to this (e.g. making libss7 install mtp2.h and ss7_internal.h to /usr/include as part of a "make install").

I would greatly appreciate it if you could submit the first fix for inclusion in the next version of libss7 and finesse the second fix and then include it in Asterisk.

Thank you for all the assistance in helping me understand the applicable code and backtraces so as to get to this point of being able to propose fixes.

> Asterisk becomes unstable after SS7 signalling link restarts
> ------------------------------------------------------------
>
>                 Key: ASTERISK-28674
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-28674
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Channels/chan_dahdi/SS7
>    Affects Versions: 13.29.2, 16.7.0
>         Environment: Asterisk 16.7.0, LibSS7 2.0.0, DAHDI 3.1.0, Digium TE820 + TE420 (5th gen), Ubuntu 18.04.3 LTS, Kernel 5.0.0-37-generic.
> Same issue also ocurrs using Asterisk 13.29.2.
>            Reporter: Gregory Massel
>            Assignee: Unassigned
>            Severity: Minor
>         Attachments: chan_dahdi.conf.txt, core-asterisk-running-2020-01-02T23-14-27+0200-brief.txt, core-asterisk-running-2020-01-02T23-14-27+0200-full.txt, core-asterisk-running-2020-01-02T23-14-27+0200-locks.txt, core-asterisk-running-2020-01-02T23-14-27+0200-thread1.txt, core-asterisk-running-2020-01-03T21-43-37+0200-brief.txt, core-asterisk-running-2020-01-03T21-43-37+0200-full.txt, core-asterisk-running-2020-01-03T21-43-37+0200-locks.txt, core-asterisk-running-2020-01-03T21-43-37+0200-thread1.txt, core-asterisk-running-2020-01-03T21-44-45+0200-brief.txt, core-asterisk-running-2020-01-03T21-44-45+0200-full.txt, core-asterisk-running-2020-01-03T21-44-45+0200-locks.txt, core-asterisk-running-2020-01-03T21-44-45+0200-thread1.txt, core-brief.txt, core-full.txt, core-locks.txt, core-thread1.txt, ss7-debug.txt, ss7.timers.txt
>
>
> When one of the SS7 signalling links goes down briefly and then restores, the SS7 subsystem goes into a corrupt state. This manifests in a numbers of ways:
> 1. The system starts using consistently 100% CPU on exactly one core, resulting in a load average of just over 1.0. This will continue indefinitely.
> 2. All outbound DAHDI calls thereafter hang during initiation reflecting a "Ring" state; a "core show channels" after a few hours shows thousands of hung channels. The corresponding PJSIP channels close and log "res_pjsip_sdp_rtp.c: Disconnecting channel 'PJSIP/xxx' for lack of RTP activity in 60 seconds" but the call and DAHDI channel remain hung.
> 3. No inbound calls are accepted via the DAHDI spans.
> 4. A "ss7 show linkset 1" seems to be missing signalling links that were there before, as if they were never configured.
> The log entries before everything goes pear-shaped look like this:
> {noformat}
> [Jan  1 03:14:08] WARNING[24375] sig_ss7.c: MTP2 link down (SLC 33)
> [Jan  1 03:14:08] ERROR[24375] chan_dahdi.c: [1] Received message for slc 0x3, but we are 0x0.  Dropping
> [Jan  1 03:14:08] ERROR[24375] chan_dahdi.c: [1] Received message for slc 0x3, but we are 0x0.  Dropping
> [Jan  1 03:14:08] ERROR[24375] chan_dahdi.c: [1] Received message for slc 0x3, but we are 0x0.  Dropping
> [Jan  1 03:14:08] ERROR[24375] chan_dahdi.c: [1] Received message for slc 0x3, but we are 0x0.  Dropping
> [Jan  1 03:14:09] VERBOSE[24375] sig_ss7.c: MTP2 link up (SLC 34)
> [Jan  1 03:14:09] VERBOSE[24375] chan_dahdi.c: [1] MTP3 T2 timer expired on link SLC: 3 ADJPC: 2200 changeover completed
> [Jan  1 03:14:09] ERROR[24375] chan_dahdi.c: [1] Received message for slc 0x3, but we are 0x1.  Dropping
> [Jan  1 03:14:09] ERROR[24375] chan_dahdi.c: [1] Received message for slc 0x3, but we are 0x0.  Dropping
> [Jan  1 03:14:09] ERROR[24375] chan_dahdi.c: [1] Received message for slc 0x3, but we are 0x2.  Dropping
> [Jan  1 03:14:09] ERROR[24375] chan_dahdi.c: [1] Received message for slc 0x3, but we are 0x1.  Dropping
> [Jan  1 03:14:09] ERROR[24375] chan_dahdi.c: [1] T7 expired on link SLC: 0 ADJPC: 2200
> [Jan  1 03:14:09] WARNING[24375] sig_ss7.c: MTP2 link down (SLC 34)
> [Jan  1 03:14:09] ERROR[24375] chan_dahdi.c: [1] T7 expired on link SLC: 1 ADJPC: 2200
> [Jan  1 03:14:09] WARNING[24375] sig_ss7.c: MTP2 link down (SLC 34)
> {noformat}
> This highlights a related issue: I have SLC numbers 0 to 3 only. The system is actually logging an incorrect SLC number (34) as having failed and/or restored. It appears that this goes beyond just the log entry. The entire system seems to get horribly confused because it thinks that an event has ocurred relating to an invalid SLC number.
> Note that the "Received message for slc 0x3, but we are 0x2.  Dropping" messages are NOT the source of the issue; I get these when Asterisk starts up cleanly as well, because chan_dahdi/libss7 wrongly filters out STD Test responses received via a different SLC from the one they're sent on. This is fine because the applicable timer expires and it stops waiting for the STD Test response, however, it highlights another unrelated bug (i.e. that Asterisk shouldn't be filtering STD_TEST replies received on a different signalling link within a single linkset and should treat the received message as proper acknowledgement).
> When Asterisk starts up for the first time, it always shows SLC 0 as up for all signalling links:
> {noformat}
> [Jan  1 18:51:03] VERBOSE[24690] sig_ss7.c: MTP2 link up (SLC 0)
> [Jan  1 18:51:03] VERBOSE[24690] sig_ss7.c: MTP2 link up (SLC 0)
> [Jan  1 18:51:03] VERBOSE[24690] sig_ss7.c: MTP2 link up (SLC 0)
> {noformat}
> This is despite these being SLC 0, 1 and 2 (all part of one linkset).
> The SLC numbers only reflect 33 or 34 (invalid) once one of the signalling links fails and immediately restores.
> The configuration appears to be 100% because the system can run for days - even weeks - perfectly, processing tens of thousands of calls. Things only go awry when the SLC fails and immediately restores and they go awry every single time this happens.
> My suspicion is that the issues here is that Asterisk is mishandling the situation where the signalling link fails by misindentifying which SLC number has failed. Thereafter, it seems to corrupt its own structures relating to the signalling links. Even when the signalling link restores, things are already corrupted beyond any hope of functioning.
> This has happened countless times over many months, however, is becoming more frequent and difficult to manage. What has aggravated it has been enabling 4 signalling links (previously I had 2) within the linkset, as there is a higher probability of failure. 
> All drops have been for a second or less; I'm not sure if this has any bearing on the situation (e.g. if two timers are running concurrently, one relating to link failure and the other to link restoration).
> Killing Asterisk completely and restarting immediately fixes the issue. It's not necessary to restart DAHDI.
> The 100% CPU on a single core does seem to indicate a deadlocked thread, however, I cannot readily identify which thread.
> The config is ITU SS7, 4x E1 circuits are connected to the TE820 card. The TE420 card in the system is unused at this stage (the intention was to provide for 12x E1 in the future). I've experienced similar issues on a system with 2x TE820 and, similarly, 4x E1 on one of the TE820's.



--
This message was sent by Atlassian JIRA
(v6.2#6252)



More information about the asterisk-bugs mailing list