[asterisk-bugs] [JIRA] (ASTERISK-25230) Crash in channels/pjsip/basic_calls/incoming/off-nominal/userpass when decreasing reference on PJSIP transport

Matt Jordan (JIRA) noreply at issues.asterisk.org
Mon Jul 6 08:55:33 CDT 2015 

Matt Jordan created ASTERISK-25230:
--------------------------------------

             Summary: Crash in channels/pjsip/basic_calls/incoming/off-nominal/userpass when decreasing reference on PJSIP transport
                 Key: ASTERISK-25230
                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-25230
             Project: Asterisk
          Issue Type: Bug
      Security Level: None
          Components: Resources/res_pjsip, Tests/testsuite
            Reporter: Matt Jordan
         Attachments: backtrace_5402.txt, full.txt

The Asterisk Test Suite caught a crash in PJSIP via the {{channels/pjsip/basic_calls/incoming/off-nominal/userpass}} test when decrementing the reference on a transport that was being disposed of via {{pjsip_rx_data_free_cloned}}:

{code}
[Thread debugging using libthread_db enabled]
Core was generated by `/usr/sbin/asterisk -f -g -q -m -n -C /tmp/asterisk-testsuite/5dddaa9b1d12e2132f'.
Program terminated with signal 11, Segmentation fault.
#0  0x00a21255 in pj_atomic_get (atomic_var=0x0) at ../src/pj/os_core_unix.c:916
916	    pj_mutex_lock( atomic_var->mutex );
#0  0x00a21255 in pj_atomic_get (atomic_var=0x0) at ../src/pj/os_core_unix.c:916
        oldval = 0
#1  0x006b4e15 in pjsip_transport_dec_ref (tp=0xb7306f14) at ../src/pjsip/sip_transport.c:990
        __PRETTY_FUNCTION__ = "pjsip_transport_dec_ref"
#2  0x006b46fe in pjsip_rx_data_free_cloned (rdata=0xb732de54) at ../src/pjsip/sip_transport.c:723
        __PRETTY_FUNCTION__ = "pjsip_rx_data_free_cloned"
#3  0x003470b6 in distribute (data=0xb732de54) at res_pjsip/pjsip_distributor.c:449
        param = {start_prio = 0, start_mod = 0x365a80, idx_after_start = 1, silent = 0}
        handled = 1
        rdata = 0xb732de54
        is_request = 1
        is_ack = 0
        endpoint = 0x92dd230
        __PRETTY_FUNCTION__ = "distribute"
#4  0x0841f73b in ast_taskprocessor_execute (tps=0x88d8e60) at taskprocessor.c:768
        local = {local_data = 0x10, data = 0x88d8e60}
        t = 0xb73235c8
        size = 135056146
        __PRETTY_FUNCTION__ = "ast_taskprocessor_execute"
#5  0x084384e8 in execute_tasks (data=0x88d8e60) at threadpool.c:1269
        tps = 0x88d8e60
#6  0x0841f73b in ast_taskprocessor_execute (tps=0x8828d98) at taskprocessor.c:768
        local = {local_data = 0xb7201d1c, data = 0xb7201d4c}
        t = 0xb73237f0
        size = 3
{code}

Note that we weren't shutting down or doing anything else intrusive at the time.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list