[asterisk-bugs] [JIRA] (ASTERISK-27481) Asterisk crashes when receiving REFER message on PJSIP channel

Joshua Colp (JIRA) noreply at issues.asterisk.org
Fri Dec 22 07:34:41 CST 2017 

     [ https://issues.asterisk.org/jira/browse/ASTERISK-27481?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Joshua Colp updated ASTERISK-27481:
-----------------------------------

    Assignee: Mika Aalto
      Status: Waiting for Feedback  (was: Triage)

Can you also provide the output of your Asterisk at startup? Looking at the code makes it seem as though an event package is registered that has been unloaded or freed.

> Asterisk crashes when receiving REFER message on PJSIP channel
> --------------------------------------------------------------
>
>                 Key: ASTERISK-27481
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-27481
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: pjproject/pjsip, Resources/res_pjsip_refer
>    Affects Versions: 15.1.2
>            Reporter: Mika Aalto
>            Assignee: Mika Aalto
>              Labels: pjsip
>         Attachments: core.2883-brief.txt, core.2883-full.txt, core.2883-locks.txt, core.2883-thread1.txt, full, messages
>
>
> Asterisk crashes in pj_stricmp function.
> Program terminated with signal 11, Segmentation fault.
> #0  0x00007fae84a54307 in pj_stricmp (str1=0x10, str2=0x7fae00039cd8) at ../include/pj/string_i.h:216
> 216	    if (str1->slen == 0) {
> Stacktrace:
> Thread 1 (Thread 0x7f2fa014a700 (LWP 2914)):
> #0  0x00007f300bf3a305 in pj_stricmp (str1=0x10, str2=0x7f2fec001138) at ../include/pj/string_i.h:216
> #1  0x00007f300be7889e in find_pkg (event_name=0x7f2fec001138) at ../src/pjsip-simple/evsub.c:392
> #2  0x00007f300be79325 in evsub_create (dlg=0x7f2f882c85b8, role=PJSIP_ROLE_UAS, user_cb=0x7f300c1866e0 <xfer_user>, event=0x7f2fec001138, option=1, p_evsub=0x7f2fa01493a0) at ../src/pjsip-simple/evsub.c:766
> #3  0x00007f300be79918 in pjsip_evsub_create_uas (dlg=0x7f2f882c85b8, user_cb=0x7f300c1866e0 <xfer_user>, rdata=0x7f2fec00ee78, option=1, p_evsub=0x7f2fa0149420) at ../src/pjsip-simple/evsub.c:960
> #4  0x00007f300be73f98 in pjsip_xfer_create_uas (dlg=0x7f2f882c85b8, user_cb=0x7f2f68cd23c0 <refer_progress_evsub_cb>, rdata=0x7f2fec00ee78, p_evsub=0x7f2f882dc438) at ../src/pjsip-ua/sip_xfer.c:256
> #5  0x00007f2f68accaa6 in refer_progress_alloc (session=0x7f2f88032158, rdata=0x7f2fec00ee78, progress=0x7f2fa0149600) at res_pjsip_refer.c:393
> #6  0x00007f2f68acf30f in refer_incoming_refer_request (session=0x7f2f88032158, rdata=0x7f2fec00ee78) at res_pjsip_refer.c:1090
> #7  0x00007f2f68acf716 in refer_incoming_request (session=0x7f2f88032158, rdata=0x7f2fec00ee78) at res_pjsip_refer.c:1140
> #8  0x00007f2fa3df831a in handle_incoming_request (session=0x7f2f88032158, rdata=0x7f2fec00ee78) at res_pjsip_session.c:3157
> #9  0x00007f2fa3df857b in handle_incoming (session=0x7f2f88032158, rdata=0x7f2fec00ee78, response_priority=AST_SIP_SESSION_AFTER_MEDIA) at res_pjsip_session.c:3190
> #10 0x00007f2fa3df9098 in session_inv_on_tsx_state_changed (inv=0x7f2f882ca648, tsx=0x7f2f882d8638, e=0x7f2fa01498c0) at res_pjsip_session.c:3478
> #11 0x00007f300be686f7 in mod_inv_on_tsx_state (tsx=0x7f2f882d8638, e=0x7f2fa01498c0) at ../src/pjsip-ua/sip_inv.c:739
> #12 0x00007f300beb2a11 in pjsip_dlg_on_tsx_state (dlg=0x7f2f882c85b8, tsx=0x7f2f882d8638, e=0x7f2fa01498c0) at ../src/pjsip/sip_dialog.c:2064
> #13 0x00007f300beb327f in mod_ua_on_tsx_state (tsx=0x7f2f882d8638, e=0x7f2fa01498c0) at ../src/pjsip/sip_ua_layer.c:178
> #14 0x00007f300beab592 in tsx_set_state (tsx=0x7f2f882d8638, state=PJSIP_TSX_STATE_TRYING, event_src_type=PJSIP_EVENT_RX_MSG, event_src=0x7f2fec00ee78, flag=0) at ../src/pjsip/sip_transaction.c:1267
> #15 0x00007f300bead50d in tsx_on_state_null (tsx=0x7f2f882d8638, event=0x7f2fa0149970) at ../src/pjsip/sip_transaction.c:2410
> #16 0x00007f300beac4e8 in pjsip_tsx_recv_msg (tsx=0x7f2f882d8638, rdata=0x7f2fec00ee78) at ../src/pjsip/sip_transaction.c:1827
> #17 0x00007f300beb2164 in pjsip_dlg_on_rx_request (dlg=0x7f2f882c85b8, rdata=0x7f2fec00ee78) at ../src/pjsip/sip_dialog.c:1711
> #18 0x00007f300beb3d62 in mod_ua_on_rx_request (rdata=0x7f2fec00ee78) at ../src/pjsip/sip_ua_layer.c:704
> #19 0x00007f300be919d1 in pjsip_endpt_process_rx_data (endpt=0x23b15f8, rdata=0x7f2fec00ee78, p=0x7f2fa3be01e0 <param.23503>, p_handled=0x7f2fa0149b74) at ../src/pjsip/sip_endpoint.c:887
> #20 0x00007f2fa39b331f in distribute (data=0x7f2fec00ee78) at res_pjsip/pjsip_distributor.c:903
> #21 0x0000000000606bf9 in ast_taskprocessor_execute (tps=0x7f2f882ca288) at taskprocessor.c:963
> #22 0x000000000060fe03 in execute_tasks (data=0x7f2f882ca288) at threadpool.c:1322
> #23 0x0000000000606bf9 in ast_taskprocessor_execute (tps=0x23ab918) at taskprocessor.c:963
> #24 0x000000000060dd03 in threadpool_execute (pool=0x23ae288) at threadpool.c:351
> #25 0x000000000060f6f1 in worker_active (worker=0x7f2f90000948) at threadpool.c:1105
> #26 0x000000000060f491 in worker_start (arg=0x7f2f90000948) at threadpool.c:1024
> #27 0x000000000061b9b1 in dummy_start (data=0x7f2f90000a60) at utils.c:1257
> #28 0x00007f300a090e25 in start_thread () from /lib64/libpthread.so.0
> #29 0x00007f300937034d in clone () from /lib64/libc.so.6



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list