[asterisk-bugs] [JIRA] (ASTERISK-28086) chan_pjsip: Crash when initiating PlayDTMF over AMI
Jeremiah Gadd (JIRA)
noreply at issues.asterisk.org
Fri Oct 19 11:08:47 CDT 2018
[ https://issues.asterisk.org/jira/browse/ASTERISK-28086?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=245211#comment-245211 ]
Jeremiah Gadd commented on ASTERISK-28086:
------------------------------------------
I should note the new core dumps I've attached do include symbols. We've found we can easily reproduce this by spamming DTMF commands through the AMI and simultaneously disconnecting the call. We've also found Asterisk 15 to be affected by the same bug.
> chan_pjsip: Crash when initiating PlayDTMF over AMI
> ---------------------------------------------------
>
> Key: ASTERISK-28086
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-28086
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: Channels/chan_pjsip, Resources/res_pjsip_session
> Affects Versions: 13.14.1, 13.19.0, 15.6.1
> Environment: Gentoo (physical), Debian (AWS)
> Reporter: Jeremiah Gadd
> Severity: Minor
> Labels: pjsip
> Attachments: asterisk-13-14-1-ASTERISK-28086-results.tar.gz, core.13-23-1-ASTERISK-28086-results.tar.gz, core-20180926-094817-brief.txt, core-20180926-094817-full.txt, core-20180926-094817-locks.txt, core-20180926-094817-thread1.txt
>
>
> It appears there may be a race condition in which PJSIP attempts to end the sending of a DTMF tone after a bridge is destroyed, causing PJSIP to try to send to a non-existent channel.
> I've attached the corresponding core dumps.
> Thread 1 (Thread 0x7f45562ef700 (LWP 3781)):
> #0 0x00007f49d9b49233 in ?? () from /usr/lib64/asterisk/modules/chan_pjsip.so
> #1 0x00000000004b5fe7 in ast_senddigit_end ()
> #2 0x00007f49da56d29c in ?? () from /usr/lib64/asterisk/modules/app_senddtmf.so
> #3 0x000000000054ce1e in ?? ()
> #4 0x000000000054fbaa in ?? ()
> #5 0x00000000005dd2dd in ?? ()
> #6 0x00000000005eb91a in ?? ()
> #7 0x00007f4a6a065f3a in __pthread_mutex_unlock_full () from /lib64/libpthread.so.0
> #8 0xb5e6219ff3277d21 in ?? ()
> #9 0x0000000000000000 in ?? ()
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list