[asterisk-bugs] [JIRA] (ASTERISK-22615) sip_attended_transfer: crash on disposed of object in native RTP bridge

Matt Jordan (JIRA) noreply at issues.asterisk.org
Sun Sep 29 16:07:03 CDT 2013 

     [ https://issues.asterisk.org/jira/browse/ASTERISK-22615?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Matt Jordan updated ASTERISK-22615:
-----------------------------------

                 Component/s: Channels/chan_sip/Transfers
                              Bridges/bridge_native_rtp
           Affects Version/s: 12.0.0-alpha1
    Target Release Version/s: 12.0.0-beta1
    
> sip_attended_transfer: crash on disposed of object in native RTP bridge
> -----------------------------------------------------------------------
>
>                 Key: ASTERISK-22615
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-22615
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Bridges/bridge_native_rtp, Channels/chan_sip/Transfers
>    Affects Versions: 12.0.0-alpha1
>            Reporter: Matt Jordan
>      Target Release: 12.0.0-beta1
>
>         Attachments: backtrace_13905.txt
>
>
> The sip_attended_transfer is periodically crashing on the Asterisk Test Suite. Small snippet of the attached backtrace below:
> {noformat}
> #0  0x080c95cb in INTERNAL_OBJ (user_data=0xdeaddead) at astobj2.c:161
> 161		if (AO2_MAGIC != p->priv_data.magic) {
> #0  0x080c95cb in INTERNAL_OBJ (user_data=0xdeaddead) at astobj2.c:161
>         p = 0xdeadde99
>         __PRETTY_FUNCTION__ = "INTERNAL_OBJ"
> #1  0x080cd153 in internal_ao2_traverse (self=0xdeaddead, flags=OBJ_NOLOCK, cb_fn=0x8332d8b, arg=0xb39e68f4, data=0x0, type=AO2_CALLBACK_DEFAULT, tag=0x0, file=0x0, line=0, func=0x0) at astobj2.c:1272
>         ret = 0x0
>         cb_default = 0
>         cb_withdata = 0
>         node = 0x0
>         traversal_state = 0x0
>         orig_lock = AO2_LOCK_REQ_MUTEX
>         multi_container = 0x0
>         multi_iterator = 0x0
>         __PRETTY_FUNCTION__ = "internal_ao2_traverse"
> #2  0x080cdf55 in __ao2_callback (c=0xdeaddead, flags=OBJ_NOLOCK, cb_fn=0x8332d8b <rtp_payload_type_find_format>, arg=0xb39e68f4) at astobj2.c:1490
> No locals.
> #3  0x08332edb in ast_rtp_codecs_payload_code (codecs=0xb73a9534, asterisk_format=1, format=0xb39e68f4, code=0) at rtp_engine.c:847
>         type = 0xb7251eb4
>         i = -1222272540
>         res = -1
>         __PRETTY_FUNCTION__ = "ast_rtp_codecs_payload_code"
> #4  0x05b6b362 in bridge_p2p_rtp_write (instance=0xdeaddead, rtcp=16) at res_rtp_asterisk.c:3456
>         rtp = 0xb7257568
>         bridged = 0xdeaddead
>         res = 0
>         payload = 0
>         mark = 0
>         reconstruct = -2147478590
>         ice = <value optimized out>
>         bridged_payload = 0
>         hdrlen = 12
>         instance1 = 0xb73a940c
>         payload_type = {asterisk_format = 1, format = {id = AST_FORMAT_ULAW, fattr = {format_attr = {0 <repeats 64 times>}, rtp_marker_bit = 0 '\000'}}, rtp_code = 0, payload = 0}
>         remote_address = {ss = {ss_family = 0, __ss_align = 0, __ss_padding = '\000' <repeats 119 times>}, len = 0}
> #5  ast_rtp_read (instance=0xdeaddead, rtcp=16) at res_rtp_asterisk.c:3655
>         rtp = 0xb7257568
>         addr = {ss = {ss_family = 2, __ss_align = 16777343, __ss_padding = "\000\000\000\000\000\000\000\000,\024\017\003,\024\017\003hl\236\263\025\246'\b\300\234R\b\000\000\000\000\230\273\301\264\001\000\000\000\250\000\000\000\020\000\020\267\230\273\301\264\020\021\333\004\000\000\000\000\000\000\000\000L\026$\b\000\000\000\000\000\000\000\000\300k\236\263", '\000' <repeats 12 times>"\270, l\236\263\002\000\000\000D\006T\267\031\260\267\000\267\005\000\000\310\363S\267\070\267\301\264"}, len = 16}
>         res = 92
>         hdrlen = 12
>         version = 2
>         payloadtype = <value optimized out>
>         padding = <value optimized out>
>         mark = <value optimized out>
>         ext = <value optimized out>
>         cc = <value optimized out>
>         prev_seqno = <value optimized out>
>         rtpheader = 0xb72576f4
>         seqno = 2147488706
>         ssrc = <value optimized out>
>         timestamp = <value optimized out>
>         payload = {asterisk_format = 0, format = {id = 0, fattr = {format_attr = {0 <repeats 31 times>, 1117519874, 1464473610, 0, 0, 0, 0, 0, 3069464812, 3013503672, 11274534, 3072604808, 51458580, 3013503720, 136816149, 3072604808, 0, 0, 0, 0, 0, 0, 0, 0, 0, 3013503816, 135044420, 139827416, 4294967295, 51422269, 51319852, 3072604808, 0, 16}, rtp_marker_bit = 0 '\000'}}, rtp_code = 525, payload = -1219304204}
>         remote_address = {ss = {ss_family = 2, __ss_align = 1464473610, __ss_padding = '\000' <repeats 119 times>}, len = 16}
>         frames = <value optimized out>
>         __PRETTY_FUNCTION__ = "ast_rtp_read"
> #6  0x08330a25 in ast_rtp_instance_read (instance=0xb7251e14, rtcp=0) at rtp_engine.c:436
> No locals.
> #7  0x02fbc632 in sip_rtp_read (ast=0xb7261944, p=0xb7243abc, faxdetect=0xb39e6dc8) at chan_sip.c:8497
>         f = 0xb239eb
>         __PRETTY_FUNCTION__ = "sip_rtp_read"
> #8  0x02fbd8cb in sip_read (ast=0xb7261944) at chan_sip.c:8594
>         fr = 0x81b1da1
>         p = 0xb7243abc
>         faxdetected = 0
>         __PRETTY_FUNCTION__ = "sip_read"
> #9  0x0817ffc0 in __ast_read (chan=0xb7261944, dropaudio=0) at channel.c:3917
>         f = 0x0
>         prestate = 6
>         cause = 0
>         __PRETTY_FUNCTION__ = "__ast_read"
> #10 0x08183ed7 in ast_read (chan=0xb7261944) at channel.c:4269
> No locals.
> #11 0x0811e037 in bridge_handle_trip (bridge_channel=0xb7240364) at bridge_channel.c:1784
>         frame = 0xb85ff4
> #12 0x0811eb56 in bridge_channel_wait (bridge_channel=0xb7240364) at bridge_channel.c:1903
>         ms = -1
>         outfd = -99999
>         chan = 0xb7261944
>         __PRETTY_FUNCTION__ = "bridge_channel_wait"
> #13 0x0811f845 in bridge_channel_internal_join (bridge_channel=0xb7240364) at bridge_channel.c:2020
>         res = 0
>         __PRETTY_FUNCTION__ = "bridge_channel_internal_join"
> #14 0x080eeca8 in bridge_channel_ind_thread (data=0xb7240364) at bridge.c:1531
>         bridge_channel = 0xb7240364
>         chan = 0x1
>         __PRETTY_FUNCTION__ = "bridge_channel_ind_thread"
> #15 0x083e834b in dummy_start (data=0xb7273568) at utils.c:1168
>         __cancel_buf = {__cancel_jmp_buf = {{__cancel_jmp_buf = {12083188, 0, 4001536, -1281461544, 1777649898, 672497565}, __mask_was_saved = 0}}, __pad = {0xb39e73a4, 0x0, 0x0, 0x0}}
>         __cancel_routine = 0x80aa907 <ast_unregister_thread>
>         __cancel_arg = 0xb39e7b70
>         not_first_call = 0
>         ret = 0x0
>         a = {start_routine = 0x80eec1f <bridge_channel_ind_thread>, data = 0xb7240364, name = 0xb728f018 "bridge_channel_ind_thread started at [ 1602] bridge.c ast_bridge_impart()"}
>         __PRETTY_FUNCTION__ = "dummy_start"
> #16 0x00b74a49 in start_thread () from /lib/libpthread.so.0
> No symbol table info available.
> #17 0x00ab0aee in clone () from /lib/libc.so.6
> {noformat}

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.asterisk.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the asterisk-bugs mailing list