[asterisk-bugs] [JIRA] (ASTERISK-26853) res_rtp_asterisk: Crash in pjnath when receiving packet

Rusty Newton (JIRA) noreply at issues.asterisk.org
Fri Mar 17 11:11:11 CDT 2017 

    [ https://issues.asterisk.org/jira/browse/ASTERISK-26853?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=235746#comment-235746 ] 

Rusty Newton edited comment on ASTERISK-26853 at 3/17/17 11:10 AM:
-------------------------------------------------------------------

I already signed license agreement but it seems it is in pending review.
I attached gdb.txt previously that is my backtrace (https://issues.asterisk.org/jira/secure/attachment/55125/gdb.txt) that contains this :

[Edit by Rusty - removed inline debug, please attach to issue instead]

I don't know what else I could give you...


was (Author: studioadagio):
I already signed license agreement but it seems it is in pending review.
I attached gdb.txt previously that is my backtrace (https://issues.asterisk.org/jira/secure/attachment/55125/gdb.txt) that contains this :

#0  0x00007f4cb5a07067 in __GI_raise (sig=sig at entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#1  0x00007f4cb5a08448 in __GI_abort () at abort.c:89
#2  0x00007f4cb5a451b4 in __libc_message (do_abort=do_abort at entry=1, fmt=fmt at entry=0x7f4cb5b3a210 "*** Error in `%s': %s: 0x%s ***\n")
    at ../sysdeps/posix/libc_fatal.c:175
#3  0x00007f4cb5a4a98e in malloc_printerr (action=1, str=0x7f4cb5b3a360 "double free or corruption (out)", ptr=<optimized out>) at malloc.c:4996
#4  0x00007f4cb5a4b696 in _int_free (av=<optimized out>, p=<optimized out>, have_lock=0) at malloc.c:3840
#5  0x00007f4c52d0ba98 in default_block_free () from /usr/local/lib/libpj.so.2
#6  0x00007f4c52d13afa in pj_pool_destroy_int () from /usr/local/lib/libpj.so.2
#7  0x00007f4c52d142c8 in cpool_release_pool () from /usr/local/lib/libpj.so.2
#8  0x00007f4c52d132e9 in pj_pool_release () from /usr/local/lib/libpj.so.2
#9  0x00007f4c53ded0e0 in destroy_tdata () from /usr/local/lib/libpjnath.so.2
#10 0x00007f4c53dedcb6 in stun_sess_on_destroy () from /usr/local/lib/libpjnath.so.2
#11 0x00007f4c52d114fc in grp_lock_destroy () from /usr/local/lib/libpj.so.2
#12 0x00007f4c52d11982 in grp_lock_dec_ref () from /usr/local/lib/libpj.so.2
#13 0x00007f4c52d119ce in pj_grp_lock_dec_ref () from /usr/local/lib/libpj.so.2
#14 0x00007f4c52d11390 in grp_lock_release () from /usr/local/lib/libpj.so.2
#15 0x00007f4c52d117b6 in pj_grp_lock_release () from /usr/local/lib/libpj.so.2
#16 0x00007f4c53de1a96 in pj_ice_sess_on_rx_pkt () from /usr/local/lib/libpjnath.so.2
#17 0x00007f4beeaa00db in __rtp_recvfrom (instance=0x7f4c340b5e90, buf=0x7f4c340b6e50, size=8192, flags=0, sa=0x7f4be56c6940, rtcp=0)
    at res_rtp_asterisk.c:2260
#18 0x00007f4beeaa0255 in rtp_recvfrom (instance=0x7f4c340b5e90, buf=0x7f4c340b6e50, size=8192, flags=0, sa=0x7f4be56c6940) at res_rtp_asterisk.c:2292
#19 0x00007f4beeaa8e00 in ast_rtp_read (instance=0x7f4c340b5e90, rtcp=0) at res_rtp_asterisk.c:4505
#20 0x0000000000596dcb in ast_rtp_instance_read (instance=0x7f4c340b5e90, rtcp=0) at rtp_engine.c:495
#21 0x00007f4bea9e004f in chan_pjsip_read (ast=0x7f4c340292a0) at chan_pjsip.c:718
#22 0x00000000004b8cc7 in __ast_read (chan=0x7f4c340292a0, dropaudio=0) at channel.c:3943
#23 0x00000000004ba858 in ast_read (chan=0x7f4c340292a0) at channel.c:4375
#24 0x000000000051ba80 in waitstream_core (c=0x7f4c340292a0, breakon=0x6507a4 "0123456789#*ABCD", forward=0x63b0aa "", reverse=0x63b0aa "", skip_ms=0, 
    audiofd=-1, cmdfd=-1, context=0x0, cb=0x0) at file.c:1602
#25 0x000000000051c0ed in ast_waitstream (c=0x7f4c340292a0, breakon=0x6507a4 "0123456789#*ABCD") at file.c:1754
#26 0x000000000058a22f in pbx_builtin_background (chan=0x7f4c340292a0, 
    data=0x7f4be56c77e0 "/prod-Asterisk-Client/SVI/Taxis/Sounds/taxinergy-mode-ecoute-active") at pbx_builtins.c:1110
#27 0x00000000005887a8 in pbx_exec (c=0x7f4c340292a0, app=0xe7c620, data=0x7f4be56c77e0 "/prod-Asterisk-Client/SVI/Taxis/Sounds/taxinergy-mode-ecoute-active")
    at pbx_app.c:485
#28 0x00007f4c4dc6a7b4 in handle_exec (chan=0x7f4c340292a0, agi=0x7f4be56c80e0, argc=3, argv=0x7f4be56c7330) at res_agi.c:3127
#29 0x00007f4c4dc6d2e2 in agi_handle_command (chan=0x7f4c340292a0, agi=0x7f4be56c80e0, buf=0x7f4be56c77d0 "EXEC", dead=0) at res_agi.c:4028
#30 0x00007f4c4dc6dd81 in run_agi (chan=0x7f4c340292a0, request=0x7f4be56c8070 "/prod-Asterisk-Client/SVI/Taxis/SVI_Taxi.php", agi=0x7f4be56c80e0, pid=30236, 
    status=0x7f4be56c80d4, dead=0, argc=2, argv=0x7f4be56c8108) at res_agi.c:4228
#31 0x00007f4c4dc6eff0 in agi_exec_full (chan=0x7f4c340292a0, data=0x7f4be56c8630 "/prod-Asterisk-Client/SVI/Taxis/SVI_Taxi.php,40", enhanced=0, dead=0)
    at res_agi.c:4514
#32 0x00007f4c4dc6f132 in agi_exec (chan=0x7f4c340292a0, data=0x7f4be56c8630 "/prod-Asterisk-Client/SVI/Taxis/SVI_Taxi.php,40") at res_agi.c:4548
#33 0x00000000005887a8 in pbx_exec (c=0x7f4c340292a0, app=0x325c5a0, data=0x7f4be56c8630 "/prod-Asterisk-Client/SVI/Taxis/SVI_Taxi.php,40") at pbx_app.c:485
#34 0x0000000000575d78 in pbx_extension_helper (c=0x7f4c340292a0, con=0x0, context=0x7f4c34029c70 "Taxinergy", exten=0x7f4c34029cc0 "0972579035", priority=1, 
    label=0x0, callerid=0x7f4c3407a090 "0685765923", action=E_SPAWN, found=0x7f4be56cacd4, combined_find_spawn=1) at pbx.c:2884
#35 0x0000000000579344 in ast_spawn_extension (c=0x7f4c340292a0, context=0x7f4c34029c70 "Taxinergy", exten=0x7f4c34029cc0 "0972579035", priority=1, 
    callerid=0x7f4c3407a090 "0685765923", found=0x7f4be56cacd4, combined_find_spawn=1) at pbx.c:4110
#36 0x0000000000579fba in __ast_pbx_run (c=0x7f4c340292a0, args=0x0) at pbx.c:4285
#37 0x000000000057b70d in pbx_thread (data=0x7f4c340292a0) at pbx.c:4605
#38 0x0000000000600f38 in dummy_start (data=0x7f4c34069570) at utils.c:1235
#39 0x00007f4cb6d41064 in start_thread (arg=0x7f4be56cb700) at pthread_create.c:309
#40 0x00007f4cb5aba62d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111

I don't know what else I could give you...

> res_rtp_asterisk: Crash in pjnath when receiving packet
> -------------------------------------------------------
>
>                 Key: ASTERISK-26853
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-26853
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Resources/res_rtp_asterisk
>    Affects Versions: 13.14.0, 14.2.0
>         Environment: Debian jessie
>            Reporter: Studio ADAGIO
>            Assignee: Unassigned
>         Attachments: Config.tar.gz, debug.txt, gdb.txt, messages.log, verbose.log
>
>
> Hi
> We have a business application that uses both conventional telephony and VoIP.
> We use the PJSIP library to make VoIP calls from mobile devices (Android & iOS). On server side we have Asterisk with PJSIP.
> Sometimes "Asterisk" process crash with "double free or corruption". This happens shortly after the INVITE transaction was finished (we hear about 0.5s of sound) and only if the call was started on Android device.
> We tried to reproduce the crash with other softphones (Zoiper, CSipSimple, Ekiga) and pjsua in CLI but it doesn't crash. Also it doesn't crash when iOS app is used. So, it seems that, the problem is with our Android implementation, but we don't know where to search for the solution.
> We tried workarounds from here: ASTERISK-25274
> ASTERISK-25275
> But nothing worked.
> This crash occur once in about 200 calls.
> After using Valgrind (valgrind.org) to analyze Asterisk memory, we restart Asterisk and crash is happening more often. Is there a link ?
> You will find backtrace and debug in attachments.
> We tried Asterisk versions: 13.14 and 14.2
> PJSSIP versions: 2.5.5, 2.6
> (We tried to change audio codec but nothing changed)
> Thanks a lot



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list