[asterisk-bugs] [JIRA] (ASTERISK-25395) Crash when establishing subscription with pjsip

Joshua Colp (JIRA) noreply at issues.asterisk.org
Fri Mar 3 06:29:10 CST 2017 

     [ https://issues.asterisk.org/jira/browse/ASTERISK-25395?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Joshua Colp closed ASTERISK-25395.
----------------------------------

    Resolution: Fixed

> Crash when establishing subscription with pjsip
> -----------------------------------------------
>
>                 Key: ASTERISK-25395
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-25395
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Resources/res_pjsip
>    Affects Versions: 13.5.0
>            Reporter: Mark Michelson
>            Assignee: Mark Michelson
>
> Sometimes when establishing a subscription on a busy system, a crash can be seen to occur. This is due to a race condition that occurs when an initial NOTIFY and a state change NOTIFY compete over the same memory.
> A sample backtrace from when this occurs looks like:
> {noformat}
> #0  0x009de424 in __kernel_vsyscall ()
> No symbol table info available.
> #1  0x0064b871 in raise () from /lib/libc.so.6
> No symbol table info available.
> #2  0x0064d14a in abort () from /lib/libc.so.6
> No symbol table info available.
> #3  0x0068b735 in __libc_message () from /lib/libc.so.6
> No symbol table info available.
> #4  0x00691b91 in malloc_printerr () from /lib/libc.so.6
> No symbol table info available.
> #5  0x006942f8 in _int_free () from /lib/libc.so.6
> No symbol table info available.
> #6  0x00696da9 in _int_realloc () from /lib/libc.so.6
> No symbol table info available.
> #7  0x00696ffc in realloc () from /lib/libc.so.6
> No symbol table info available.
> #8  0x08206179 in _ast_realloc (p=0x1aec0218, len=268, file=0x82fce30 "/home/fourloop/6_0_prem/base/asterisk/asterisk/src/include/asterisk/strings.h", lineno=814, func=0x82fd4fb "ast_str_make_space") at /home/fourloop/6_0_prem/base/asterisk/asterisk/src/include/asterisk/utils.h:596
>         newp = 0xef34c5
>         __PRETTY_FUNCTION__ = "_ast_realloc"
> #9  0x08206708 in ast_str_make_space (buf=0x1b58b6b4, new_len=256) at /home/fourloop/6_0_prem/base/asterisk/asterisk/src/include/asterisk/strings.h:792
>         old_buf = 0x1aec0218
>         __PRETTY_FUNCTION__ = "ast_str_make_space"
> #10 0x074feea4 in pidf_to_string (body=0xbfdc7a4, str=0x1b58b6b4) at res_pjsip_pidf_body_generator.c:94
>         pres = 0xbfdc7a4
>         growths = 0
>         size = 39
>         __PRETTY_FUNCTION__ = "pidf_to_string"
> #11 0x04c1a2bb in ast_sip_pubsub_generate_body_content (type=0x74ff0d9 "application", subtype=0x74ff0e5 "pidf+xml", data=0xb6f3f0f4, str=0x1b58b6b4) at res_pjsip_pubsub.c:3142
>         supplement = 0x0
>         generator = 0x7500660
>         res = 0
>         body = 0xbfdc7a4
>         __PRETTY_FUNCTION__ = "ast_sip_pubsub_generate_body_content"
> #12 0x04c16d4c in ast_sip_subscription_notify (sub=0x1b58b698, notify_data=0xb6f3f0f4, terminate=0) at res_pjsip_pubsub.c:2203
>         res = 79785520
> #13 0x01027651 in notify_task (obj=0x1ad14d2c) at res_pjsip_exten_state.c:259
>         task_data = 0x1ad14d2c
>         data = {body_type = 0x102800e "ast_sip_exten_state_data", body_data = 0x1ad14d2c}
> #14 0x081f5574 in ast_taskprocessor_execute (tps=0x1a154644) at taskprocessor.c:769
>         local = {local_data = 0x82f99eb, data = 0x2fc}
>         t = 0x1680a028
>         size = 137338661
>         __PRETTY_FUNCTION__ = "ast_taskprocessor_execute"
> #15 0x081fd5f5 in execute_tasks (data=0x1a154644) at threadpool.c:1157
>         tps = 0x1a154644
> #16 0x081f5574 in ast_taskprocessor_execute (tps=0x889b79c) at taskprocessor.c:769
>         local = {local_data = 0x889cc28, data = 0x889cc28}
>         t = 0x174b38b0
>         size = 0
>         __PRETTY_FUNCTION__ = "ast_taskprocessor_execute"
> #17 0x081fbee1 in threadpool_execute (pool=0x889cc5c) at threadpool.c:351
>         __PRETTY_FUNCTION__ = "threadpool_execute"
> #18 0x081fd318 in worker_active (worker=0xb50fe0fc) at threadpool.c:1075
>         alive = 0
> #19 0x081fd0d8 in worker_start (arg=0xb50fe0fc) at threadpool.c:995
>         worker = 0xb50fe0fc
>         __PRETTY_FUNCTION__ = "worker_start"
> #20 0x08207714 in dummy_start (data=0xb759fa88) at utils.c:1232
>         __cancel_buf = {__cancel_jmp_buf = {{__cancel_jmp_buf = {3649524, 0, 4001536, -1225526584, -1404079342, 189168239}, __mask_was_saved = 0}}, __pad = {0xb6f3f394, 0x0, 0xffffffff, 0x1adaf900}}
>         __cancel_routine = 0x808c82d <ast_unregister_thread>
>         __cancel_arg = 0xb6f3fb70
>         not_first_call = 0
>         ret = 0x76309e
>         a = {start_routine = 0x81fd04e <worker_start>, data = 0xb50fe0fc, name = 0xb7539820 "worker_start         started at [ 1049] threadpool.c worker_thread_start()"}
> #21 0x00369b39 in start_thread () from /lib/libpthread.so.0
> No symbol table info available.
> #22 0x00703c2e in clone () from /lib/libc.so.6
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list