[asterisk-bugs] [JIRA] (ASTERISK-26831) res_rtp_asterisk: Race condition when RTCP and WebRTC is used

Joshua Colp (JIRA) noreply at issues.asterisk.org
Thu Mar 2 08:41:10 CST 2017


    [ https://issues.asterisk.org/jira/browse/ASTERISK-26831?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=235517#comment-235517 ] 

Joshua Colp commented on ASTERISK-26831:
----------------------------------------

There is no immediate reason to explain why this is happening with the information provided. An actual full backtrace (if it were a crash) would show the state of everything, and console log with debug could show the progression. As you've said it does not happen very often it's likely a very very narrow race condition and one that is hard to isolate.

> res_rtp_asterisk: Race condition when RTCP and WebRTC is used
> -------------------------------------------------------------
>
>                 Key: ASTERISK-26831
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-26831
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Resources/res_rtp_asterisk
>    Affects Versions: 13.14.0
>            Reporter: Badalian Vyacheslav
>            Severity: Minor
>
> Race condition. With this story, I am fighting for more than a month. I tried different options but the idea of an end. There is only a heavy load (more than 200 simultaneous calls WebRTC) after 50 000-100 000 calls.
> Please help. It is difficult to disentangle this tangle. The error for a long time (many versions).
> It may have an idea why this might happen? This is because rtp_stop or because rtp_destroy?
> {code}
> =ERROR: AddressSanitizer: heap-use-after-free on address 0x6290016c326c at pc 0x7f007c288b1b bp 0x7f00404275b0 sp 0x7f0040426d58
> WRITE of size 64 at 0x6290016c326c thread T467
>     #0 0x7f007c288b1a  (/lib64/libasan.so.3+0x5eb1a)
>     #1 0x7f0074fdea26 in memcpy /usr/include/bits/string3.h:51
>     #2 0x7f0074fdea26 in ast_srtp_protect /home/pbs.vbadalyan/asterisk-13.14.0/res/res_srtp.c:438
>     #3 0x7f005c6e65de in __rtp_sendto /home/pbs.vbadalyan/asterisk-13.14.0/res/res_rtp_asterisk.c:2305
>     #4 0x7f005c6f5e8d in rtcp_sendto /home/pbs.vbadalyan/asterisk-13.14.0/res/res_rtp_asterisk.c:2330
>     #5 0x7f005c6f5e8d in ast_rtcp_write_report /home/pbs.vbadalyan/asterisk-13.14.0/res/res_rtp_asterisk.c:3286
>     #6 0x7f005c6f6ecc in ast_rtcp_write /home/pbs.vbadalyan/asterisk-13.14.0/res/res_rtp_asterisk.c:3357
>     #7 0x740c64 in ast_sched_runq /home/pbs.vbadalyan/asterisk-13.14.0/main/sched.c:783
>     #8 0x7f00469ad02d in do_monitor /home/pbs.vbadalyan/asterisk-13.14.0/channels/chan_sip.c:29514
>     #9 0x7b217f in dummy_start /home/pbs.vbadalyan/asterisk-13.14.0/main/utils.c:1235
>     #10 0x7f007a4c2dc4 in start_thread (/lib64/libpthread.so.0+0x7dc4)
>     #11 0x7f00797a273c in clone (/lib64/libc.so.6+0xf773c)
> {code}
> {code}
> =ERROR: AddressSanitizer: heap-use-after-free on address 0x603002c6d820 at pc 0x7f55310f2ff3 bp 0x7f552b6f2240 sp 0x7f552b6f19e8
> READ of size 3 at 0x603002c6d820 thread T88
>     #0 0x7f55310f2ff2  (/lib64/libasan.so.3+0x3cff2)
>     #1 0x7f552fbae4a4  (/lib64/libjansson.so.4+0x74a4)
>     #2 0x7f552fbad3f7  (/lib64/libjansson.so.4+0x63f7)
>     #3 0x7f552fbad8f3  (/lib64/libjansson.so.4+0x68f3)
>     #4 0x7f552fbad723  (/lib64/libjansson.so.4+0x6723)
>     #5 0x7f552fbadb8c in json_vpack_ex (/lib64/libjansson.so.4+0x6b8c)
>     #6 0x64fd24 in ast_json_vpack /home/pbs.vbadalyan/asterisk-13.14.0/main/json.c:823
>     #7 0x64fef8 in ast_json_pack /home/pbs.vbadalyan/asterisk-13.14.0/main/json.c:814
>     #8 0x7f5511e81f26 in ast_rtcp_write_report /home/pbs.vbadalyan/asterisk-13.14.0/res/res_rtp_asterisk.c:3295
>     #9 0x7f5511e82ea4 in ast_rtcp_write /home/pbs.vbadalyan/asterisk-13.14.0/res/res_rtp_asterisk.c:3360
>     #10 0x740c64 in ast_sched_runq /home/pbs.vbadalyan/asterisk-13.14.0/main/sched.c:783
>     #11 0x7f54fc11a02d in do_monitor /home/pbs.vbadalyan/asterisk-13.14.0/channels/chan_sip.c:29514
>     #12 0x7b217f in dummy_start /home/pbs.vbadalyan/asterisk-13.14.0/main/utils.c:1235
>     #13 0x7f552f34edc4 in start_thread (/lib64/libpthread.so.0+0x7dc4)
>     #14 0x7f552e62e73c in clone (/lib64/libc.so.6+0xf773c)
> {code}
> {code}
> ERROR: AddressSanitizer: heap-use-after-free on address 0x6030003739c0 at pc 0x7f30ccac6e05 bp 0x7f30bec2e2b0 sp 0x7f30bec2da58
> READ of size 19 at 0x6030003739c0 thread T738
>     #0 0x7f30ccac6e04 in __asan_memcpy (/lib64/libasan.so.2+0x8ce04)
>     #1 0x7f30cb530571  (/lib64/libjansson.so.4+0x5571)
>     #2 0x7f30cb532887 in json_string_nocheck (/lib64/libjansson.so.4+0x7887)
>     #3 0x7f30cb531907  (/lib64/libjansson.so.4+0x6907)
>     #4 0x7f30cb531723  (/lib64/libjansson.so.4+0x6723)
>     #5 0x7f30cb531b8c in json_vpack_ex (/lib64/libjansson.so.4+0x6b8c)
>     #6 0x64c2e4 in ast_json_vpack /home/pbs.vbadalyan/asterisk-13.14.0/main/json.c:823
>     #7 0x64c4b8 in ast_json_pack /home/pbs.vbadalyan/asterisk-13.14.0/main/json.c:814
>     #8 0x7f30addd8d77 in ast_sockaddr_copy /home/pbs.vbadalyan/asterisk-13.14.0/include/asterisk/netsock2.h:145
>     #9 0x7f30addd8d77 in ast_rtcp_read /home/pbs.vbadalyan/asterisk-13.14.0/res/res_rtp_asterisk.c:4217
>     #10 0x7f30addd93cc  (/usr/lib/asterisk/modules/res_rtp_asterisk.so+0x2a3cc)
>     #11 0x73d1e3 in ast_sched_runq /home/pbs.vbadalyan/asterisk-13.14.0/main/sched.c:783
>     #12 0x7f30972c78d5 in do_monitor /home/pbs.vbadalyan/asterisk-13.14.0/channels/chan_sip.c:29514
>     #13 0x7ae78f in dummy_start /home/pbs.vbadalyan/asterisk-13.14.0/main/utils.c:1235
>     #14 0x7f30cacd2dc4 in start_thread (/lib64/libpthread.so.0+0x7dc4)
>     #15 0x7f30c9fb373c in clone (/lib64/libc.so.6+0xf773c)
> {code}



--
This message was sent by Atlassian JIRA
(v6.2#6252)



More information about the asterisk-bugs mailing list