[asterisk-bugs] [JIRA] (ASTERISK-28157) Asterisk crashes when the res_pjsip_* modules unload

sungtae kim (JIRA) noreply at issues.asterisk.org
Tue Nov 13 17:49:47 CST 2018


     [ https://issues.asterisk.org/jira/browse/ASTERISK-28157?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

sungtae kim updated ASTERISK-28157:
-----------------------------------

    Status: Waiting for Feedback  (was: In Progress)

> Asterisk crashes when the res_pjsip_* modules unload
> ----------------------------------------------------
>
>                 Key: ASTERISK-28157
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-28157
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Resources/res_pjsip_session
>    Affects Versions: 15.5.0, 16.0.0
>         Environment: Debian
>            Reporter: sungtae kim
>            Assignee: sungtae kim
>            Severity: Minor
>              Labels: pjsip
>
> Asterisk crashes when the res_pjsip_* modules unloading.
> The pjsip supplement register/unregister has a race-condition problem.
> When the Asterisk traverse the registered callback for the supplements, it's possible to hits the unregistered callback already. And it did.
> Tested with Asterisk-15.5.0 and * master a3fc97aa13 res_pjsip: Send a 503 response when overload state if reliable transport.
> {noformat}
> 	AST_LIST_TRAVERSE(&session->supplements, supplement, next) {
> 		if (supplement->incoming_request && does_method_match(&req.method.name, supplement->method)) {
> 			if (supplement->incoming_request(session, rdata)) {
> 				break;
> 			}
> 		}
> 	}
> {noformat}
> Here's detail core dump.
> {noformat}
> [Thread debugging using libthread_db enabled]
> Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
> Core was generated by `asterisk -vvvvvvgc'.
> Program terminated with signal SIGSEGV, Segmentation fault.
> #0  0x00007f0423ad035e in ast_strlen_zero (s=0x7f0426946977 <error: Cannot access memory at address 0x7f0426946977>)
>     at /home/sungtaekim/worksapce/asterisk/include/asterisk/strings.h:67
> 67		return (!s || (*s == '\0'));
> [Current thread is 1 (Thread 0x7f0420021700 (LWP 19499))]
> (gdb) where
> #0  0x00007f0423ad035e in ast_strlen_zero (s=0x7f0426946977 <error: Cannot access memory at address 0x7f0426946977>) at /home/sungtaekim/worksapce/asterisk/include/asterisk/strings.h:67
> #1  does_method_match (supplement_method=0x7f0426946977 <error: Cannot access memory at address 0x7f0426946977>, message_method=0x7f0420020968) at res_pjsip_session.c:3129
> #2  handle_incoming_request (session=session at entry=0x7f0460152770, rdata=rdata at entry=0x7f0480009938) at res_pjsip_session.c:3310
> #3  0x00007f0423ad05b3 in handle_incoming (session=session at entry=0x7f0460152770, rdata=rdata at entry=0x7f0480009938, response_priority=response_priority at entry=AST_SIP_SESSION_BEFORE_MEDIA) at res_pjsip_session.c:3344
> #4  0x00007f0423ad5eb4 in handle_incoming_before_media (rdata=0x7f0480009938, session=0x7f0460152770, inv=0x7f0460185d08) at res_pjsip_session.c:3459
> #5  session_inv_on_state_changed (inv=0x7f0460185d08, e=<optimized out>) at res_pjsip_session.c:3519
> #6  0x00007f048bd19248 in inv_set_state (state=PJSIP_INV_STATE_DISCONNECTED, e=0x7f0420020b30, inv=0x7f0460185d08) at ../src/pjsip-ua/sip_inv.c:318
> #7  inv_respond_incoming_bye (inv=0x7f0460185d08, bye_tsx=<optimized out>, rdata=<optimized out>, e=0x7f0420020b30) at ../src/pjsip-ua/sip_inv.c:3385
> #8  0x00007f048bd1ffb3 in inv_on_state_confirmed (inv=0x7f0460185d08, e=0x7f0420020b30) at ../src/pjsip-ua/sip_inv.c:4790
> #9  0x00007f048bd19637 in mod_inv_on_tsx_state (tsx=0x7f04601418f8, e=0x7f0420020b30) at ../src/pjsip-ua/sip_inv.c:718
> #10 0x00007f048bd58979 in pjsip_dlg_on_tsx_state (dlg=0x7f04601704a8, tsx=0x7f04601418f8, e=0x7f0420020b30) at ../src/pjsip/sip_dialog.c:2069
> #11 0x00007f048bd52fe9 in tsx_set_state (flag=<optimized out>, event_src=<optimized out>, event_src_type=<optimized out>, state=<optimized out>, tsx=<optimized out>) at ../src/pjsip/sip_transaction.c:1272
> #12 tsx_on_state_null (tsx=0x7f04601418f8, event=<optimized out>) at ../src/pjsip/sip_transaction.c:2429
> #13 0x00007f048bd55f6f in pjsip_tsx_recv_msg (tsx=0x7f04601418f8, rdata=rdata at entry=0x7f0480009938) at ../src/pjsip/sip_transaction.c:1832
> #14 0x00007f048bd58702 in pjsip_dlg_on_rx_request (dlg=dlg at entry=0x7f04601704a8, rdata=rdata at entry=0x7f0480009938) at ../src/pjsip/sip_dialog.c:1716
> #15 0x00007f048bd59c97 in mod_ua_on_rx_request (rdata=0x7f0480009938) at ../src/pjsip/sip_ua_layer.c:704
> #16 0x00007f048bd3b316 in pjsip_endpt_process_rx_data (endpt=<optimized out>, rdata=rdata at entry=0x7f0480009938, p=p at entry=0x7f0427de10e0 <param>, p_handled=p_handled at entry=0x7f0420020d4c) at ../src/pjsip/sip_endpoint.c:893
> #17 0x00007f0427bb429f in distribute (data=0x7f0480009938) at res_pjsip/pjsip_distributor.c:951
> #18 0x000055ce9036db28 in ast_taskprocessor_execute (tps=tps at entry=0x55ce92856db0) at taskprocessor.c:974
> #19 0x000055ce903748f0 in execute_tasks (data=0x55ce92856db0) at threadpool.c:1348
> #20 0x000055ce9036db28 in ast_taskprocessor_execute (tps=0x55ce925a95f0) at taskprocessor.c:974
> #21 0x000055ce90375154 in threadpool_execute (pool=0x55ce925a8d00) at threadpool.c:367
> #22 worker_active (worker=0x7f0468000980) at threadpool.c:1131
> #23 worker_start (arg=arg at entry=0x7f0468000980) at threadpool.c:1050
> #24 0x000055ce9037d56c in dummy_start (data=<optimized out>) at utils.c:1249
> #25 0x00007f048a496494 in start_thread (arg=0x7f0420021700) at pthread_create.c:333
> #26 0x00007f04890a0acf in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.2#6252)



More information about the asterisk-bugs mailing list