[asterisk-bugs] [JIRA] (ASTERISK-28156) Race condition involving session->media (res_pjsip_session) leads to crash.

Ross Beer (JIRA) noreply at issues.asterisk.org
Mon Jan 14 09:11:47 CST 2019 

    [ https://issues.asterisk.org/jira/browse/ASTERISK-28156?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=245969#comment-245969 ] 

Ross Beer commented on ASTERISK-28156:
--------------------------------------

I beleive I am seeing the same issue:

{NOFORMAT}
[2019-01-14 14:58:09] ERROR[173287]: astobj2_container.c:493 __ao2_find: FRACK!, Failed assertion 0 (0)
[2019-01-14 14:58:09] ERROR[173287]:   Got 13 backtrace records
# 0: /usr/sbin/asterisk(__ast_assert_failed+0x84) [0x60accf]
# 1: /usr/sbin/asterisk() [0x45cf86]
# 2: /usr/sbin/asterisk(__ao2_find+0x41) [0x45dbaa]
# 3: /usr/lib64/asterisk/modules/res_pjsip_t38.so(+0x2cc4) [0x7ff4fe7dbcc4]
# 4: /usr/sbin/asterisk(ast_taskprocessor_execute+0x10d) [0x5f2252]
# 5: /usr/sbin/asterisk() [0x5fbcb5]
# 6: /usr/sbin/asterisk(ast_taskprocessor_execute+0x10d) [0x5f2252]
# 7: /usr/sbin/asterisk() [0x5f9f0f]
# 8: /usr/sbin/asterisk() [0x5fb5a3]
# 9: /usr/sbin/asterisk() [0x5fb35c]
#10: /usr/sbin/asterisk() [0x607b73]
#11: /usr/lib64/libpthread.so.0(+0x7dd5) [0x7ff8244ccdd5]
#12: /usr/lib64/libc.so.6(clone+0x6d) [0x7ff82386eead]
{NOFORMAT}

> Race condition involving session->media (res_pjsip_session) leads to crash.
> ---------------------------------------------------------------------------
>
>                 Key: ASTERISK-28156
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-28156
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Channels/chan_pjsip, Core/Bridging
>    Affects Versions: 13.20.0
>            Reporter: Paulo Vicentini
>            Assignee: Paulo Vicentini
>              Labels: pjsip
>
> We are experiencing a crash due to a misuse of session->media container between threads running (bridge_channel_ind_thread / pbx_thread) (at t38_framehook_read function) and the thread running ast_taskprocessor_execute (res/res_pjsip_session.c:session_end)
> Depending on the SIP flow (during a disconnection) and the threads' code path, the session->media container is being destroyed (and set to NULL) by the thread running ast_taskprocessor_execute while the thread running t38_framehook_read is still referring to it.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list