[asterisk-bugs] [JIRA] (ASTERISK-24752) Crash in bridge_manager_service_req when bridge is destroyed by ARI during shutdown

Richard Mudgett (JIRA) noreply at issues.asterisk.org
Mon Feb 2 16:01:35 CST 2015


     [ https://issues.asterisk.org/jira/browse/ASTERISK-24752?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Richard Mudgett updated ASTERISK-24752:
---------------------------------------

    Status: Open  (was: Triage)

> Crash in bridge_manager_service_req when bridge is destroyed by ARI during shutdown
> -----------------------------------------------------------------------------------
>
>                 Key: ASTERISK-24752
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-24752
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Core/Bridging, Core/General
>    Affects Versions: 13.1.1
>            Reporter: Richard Mudgett
>         Attachments: threads.txt
>
>
> The full trace is attached.
> The relevant thread is here:
> {noformat}
> #0  0x080a2592 in bridge_manager_service_req ()
> #0  0x080a2592 in bridge_manager_service_req ()
> No symbol table info available.
> #1  0x080a2b65 in bridge_queue_action_nodup ()
> No symbol table info available.
> #2  0x080a2b9a in ast_bridge_queue_action ()
> No symbol table info available.
> #3  0x080a2cc7 in bridge_dissolve ()
> No symbol table info available.
> #4  0x080a48e6 in ast_bridge_destroy ()
> No symbol table info available.
> #5  0x00cec473 in stasis_app_bridge_destroy (bridge_id=0x96ae581 "0d77e47d-dccd-4c8c-96f1-64becabdee8f") at res_stasis.c:794
>         bridge = 0xb2f9421c
> #6  0x08e200e4 in ast_ari_bridges_destroy (headers=0x96ab258, args=0xb71a5e38, response=0xb71a5f64) at ari/resource_bridges.c:862
>         bridge = 0xb2f9421c
> #7  0x08e1c5d3 in ast_ari_bridges_destroy_cb (ser=0x967316c, get_params=0x0, path_vars=0x96ae528, headers=0x96ab258, response=0xb71a5f64) at res_ari_bridges.c:397
>         args = {bridge_id = 0x96ae581 "0d77e47d-dccd-4c8c-96f1-64becabdee8f"}
>         i = 0x0
>         body = 0x0
> #8  0x00b1019e in ast_ari_invoke (ser=0x967316c, uri=0xb71a605c "bridges/0d77e47d-dccd-4c8c-96f1-64becabdee8f", method=AST_HTTP_DELETE, get_params=0x0, headers=0x96ab258, response=0xb71a5f64) at res_ari.c:560
>         root = 0x990e244
>         handler = 0x8e22840
>         path_vars = 0x96ae528
>         path = 0x0
>         path_segment = 0x0
>         callback = 0x8e1c55f <ast_ari_bridges_destroy_cb>
>         __PRETTY_FUNCTION__ = "ast_ari_invoke"
> #9  0x00b111ad in ast_ari_callback (ser=0x967316c, urih=0xb17ba4, uri=0xb71a605c "bridges/0d77e47d-dccd-4c8c-96f1-64becabdee8f", method=AST_HTTP_DELETE, get_params=0x0, headers=0x96ab258) at res_ari.c:965
>         conf = 0x97d6a14
>         response_body = 0x996fa70
>         user = 0x97dcdf4
>         response = {message = 0x0, headers = 0x997d2b8, response_code = 0, response_text = 0x0, no_response = 0}
>         post_vars = 0x0
>         __PRETTY_FUNCTION__ = "ast_ari_callback"
> #10 0x081501c2 in handle_uri ()
> No symbol table info available.
> #11 0x08150ff3 in httpd_process_request ()
> No symbol table info available.
> #12 0x0815141e in httpd_helper_thread ()
> No symbol table info available.
> #13 0x081f6515 in handle_tcptls_connection ()
> No symbol table info available.
> #14 0x08206eb8 in dummy_start ()
> No symbol table info available.
> #15 0x00a24a49 in start_thread () from /lib/libpthread.so.0
> No symbol table info available.
> #16 0x004ba63e in clone () from /lib/libc.so.6
> No symbol table info available.
> {noformat}
> Looking at {{bridge_manager_service_req}}, there's only so many pointers that could have gone wrong:
> {code}
> static void bridge_manager_service_req(struct ast_bridge *bridge)
> {
> 	struct bridge_manager_request *request;
> 	ao2_lock(bridge_manager);
> 	if (bridge_manager->stop) {
> 		ao2_unlock(bridge_manager);
> 		return;
> 	}
> 	/* Create the service request. */
> 	request = ast_calloc(1, sizeof(*request));
> 	if (!request) {
> 		/* Well. This isn't good. */
> 		ao2_unlock(bridge_manager);
> 		return;
> 	}
> 	ao2_ref(bridge, +1);
> 	request->bridge = bridge;
> 	/* Put request into the queue and wake the bridge manager. */
> 	AST_LIST_INSERT_TAIL(&bridge_manager->service_requests, request, node);
> 	ast_cond_signal(&bridge_manager->cond);
> 	ao2_unlock(bridge_manager);
> }
> {code}
> Generally, I'd suspect it would be the {{bridge_manager}} itself... but that'd be odd, since the {{bridge_manager}} is only disposed of on Asterisk shutdown.
> Except, that is what is happening:
> {noformat}
> Thread 99 (Thread 0xb775c780 (LWP 28363)):
> #0  0x0809af9a in hash_ao2_find_next ()
> #1  0x080995b3 in internal_ao2_traverse ()
> #2  0x08099750 in __ao2_callback ()
> #3  0x08099dbe in container_destruct ()
> #4  0x08098394 in internal_ao2_ref ()
> #5  0x08098665 in __ao2_ref ()
> #6  0x080986c3 in __ao2_cleanup ()
> #7  0x08116214 in aco_deinit ()
> #8  0x0808e12a in ast_run_atexits ()
> #9  0x08090567 in really_quit ()
> #10 0x0808ff18 in quit_handler ()
> #11 0x08097a00 in main ()
> {noformat}
> Since we're in the middle of our {{ast_run_atexits}}, it's pretty safe to assume that the {{bridge_manager}} is no more. Or at least, is in the process of becoming no more.



--
This message was sent by Atlassian JIRA
(v6.2#6252)



More information about the asterisk-bugs mailing list