[asterisk-bugs] [JIRA] (ASTERISK-29149) res_pjsip may crash on load_module (two times)

Alexander Traud (JIRA) noreply at issues.asterisk.org
Mon Nov 2 04:18:15 CST 2020 

Alexander Traud created ASTERISK-29149:
------------------------------------------

             Summary: res_pjsip may crash on load_module (two times)
                 Key: ASTERISK-29149
                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-29149
             Project: Asterisk
          Issue Type: Bug
      Security Level: None
          Components: Resources/res_pjsip
    Affects Versions: 18.0.0, 16.14.0
            Reporter: Alexander Traud
            Severity: Minor


In the configuration file {{/etc/asterisk/modules.conf}} go for:
{code}noload = res_sorcery_astdb.so
require = res_pjsip.so{code}then Asterisk crashes with:{code}  == Manager registered action PJSIPShowEndpoints
  == Manager registered action PJSIPShowEndpoint
  == Manager registered action PJSIPShowAuths
ERROR: sorcery.c:886 __ast_sorcery_object_type_insert_wizard: Wizard 'astdb' could not be applied to object type 'contact' as it was not found
ERROR: res_pjsip/pjsip_configuration.c:2164 ast_res_pjsip_initialize_configuration: Failed to register SIP location support with sorcery
ERROR: res_pjsip.c:5722 load_module: Failed to initialize SIP configuration. Aborting load

munmap_chunk(): invalid pointer
Thread 1 "asterisk" received signal SIGABRT, Aborted.
#0  __GI_raise (sig=sig at entry=6) at ../sysdeps/unix/sysv/linux/raise.c:49
#1  0x00007ffff72a1864 in __GI_abort () at abort.c:79
#2  0x00007ffff7304af6 in __libc_message (action=action at entry=do_abort, fmt=fmt at entry=0x7ffff742c128 "%s\n")
    at ../sysdeps/posix/libc_fatal.c:155
#3  0x00007ffff730d46c in malloc_printerr (str=str at entry=0x7ffff742e0f0 "munmap_chunk(): invalid pointer") at malloc.c:5389
#4  0x00007ffff730d83c in munmap_chunk (p=<optimized out>) at malloc.c:2845
#5  0x00005555555c80a2 in __ast_free (ptr=0x7ffff49f8dd0, file=0x5555558001ad "cli.c", lineno=2363, 
    func=0x555555802b70 <__PRETTY_FUNCTION__.11> "ast_cli_unregister") at astmm.c:1588
#6  0x000055555563be40 in ast_cli_unregister (e=0x7ffff4a0cb20 <cli_commands>) at cli.c:2363
#7  0x000055555563c45f in ast_cli_unregister_multiple (e=0x7ffff4a0cb20 <cli_commands>, len=1) at cli.c:2464
#8  0x00007ffff49da845 in ast_sip_destroy_distributor () at res_pjsip/pjsip_distributor.c:1336
#9  0x00007ffff49b7a37 in unload_pjsip (data=0x0) at res_pjsip.c:5558
#10 0x00007ffff49b814e in load_module () at res_pjsip.c:5762
#11 0x000055555568ecd5 in start_resource (mod=0x55555597ea30) at loader.c:1711
#12 0x000055555568f7a2 in start_resource_attempt (mod=0x55555597ea30, count=0x7fffffffb0e8) at loader.c:1887
#13 0x0000555555690189 in start_resource_list (resources=0x7fffffffb140, mod_count=0x7fffffffb0e8) at loader.c:1984
#14 0x0000555555690f36 in load_resource_list (load_order=0x7fffffffb1b0, mod_count=0x7fffffffb170) at loader.c:2166
#15 0x0000555555691996 in load_modules () at loader.c:2379
#16 0x00005555555c7bcd in asterisk_daemon (isroot=1, runuser=0x0, rungroup=0x0) at asterisk.c:4158
#17 0x00005555555c7086 in main (argc=2, argv=0x7fffffffe4f8) at asterisk.c:3925{code}The cause is
{{ast_res_pjsip_initialize_configuration(…)}} → {{goto error}} → {{unload_module()}} → {{ast_sip_destroy_distributor()}} → {{ast_cli_unregister_multiple(…)}}. That is called with one (statically defined) CLI command. However, that command has not been registered yet. For a quick test, I commented that out. Which gave the next crash:{code}Thread 1 "asterisk" received signal SIGSEGV, Segmentation fault.
#0  __GI___pthread_mutex_lock (mutex=0x0) at ../nptl/pthread_mutex_lock.c:67
#1  0x0000555555692891 in __ast_pthread_mutex_lock (filename=0x555555820674 "sched.c", lineno=412, 
    func=0x555555820ad0 <__PRETTY_FUNCTION__.15> "ast_sched_clean_by_callback", mutex_name=0x555555820669 "&con->lock", t=0x0) at lock.c:326
#2  0x000055555571173d in ast_sched_clean_by_callback (con=0x0, match=0x7ffff49ed1b9 <idle_sched_cb>, 
    cleanup_cb=0x7ffff49ed2e3 <idle_sched_cleanup>) at sched.c:412
#3  0x00007ffff49edbbf in ast_sip_destroy_transport_management () at res_pjsip/pjsip_transport_management.c:427
#4  0x00007ffff49b7a3c in unload_pjsip (data=0x0) at res_pjsip.c:5559
#5  0x00007ffff49b814e in load_module () at res_pjsip.c:5762
#6  0x000055555568ecd5 in start_resource (mod=0x55555594a2e0) at loader.c:1711
#7  0x000055555568f7a2 in start_resource_attempt (mod=0x55555594a2e0, count=0x7fffffffb0e8) at loader.c:1887
#8  0x0000555555690189 in start_resource_list (resources=0x7fffffffb140, mod_count=0x7fffffffb0e8) at loader.c:1984
#9  0x0000555555690f36 in load_resource_list (load_order=0x7fffffffb1b0, mod_count=0x7fffffffb170) at loader.c:2166
#10 0x0000555555691996 in load_modules () at loader.c:2379
#11 0x00005555555c7bcd in asterisk_daemon (isroot=1, runuser=0x0, rungroup=0x0) at asterisk.c:4158
#12 0x00005555555c7086 in main (argc=2, argv=0x7fffffffe4f8) at asterisk.c:3925{code}Again, something is destroyed which has not be inited, yet.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list