[asterisk-bugs] [JIRA] (ASTERISK-29149) res_pjsip may crash on load_module (two times)

Benjamin Keith Ford (JIRA) noreply at issues.asterisk.org
Fri Nov 6 10:23:15 CST 2020 

     [ https://issues.asterisk.org/jira/browse/ASTERISK-29149?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Benjamin Keith Ford updated ASTERISK-29149:
-------------------------------------------

    Status: Open  (was: Triage)

> res_pjsip may crash on load_module (two times)
> ----------------------------------------------
>
>                 Key: ASTERISK-29149
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-29149
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Resources/res_pjsip
>    Affects Versions: 16.14.0, 18.0.0
>            Reporter: Alexander Traud
>            Assignee: Unassigned
>            Severity: Minor
>
> In the configuration file {{/etc/asterisk/modules.conf}} go for:
> {code}noload = res_sorcery_astdb.so
> require = res_pjsip.so{code}then Asterisk crashes with:{code}  == Manager registered action PJSIPShowEndpoints
>   == Manager registered action PJSIPShowEndpoint
>   == Manager registered action PJSIPShowAuths
> ERROR: sorcery.c:886 __ast_sorcery_object_type_insert_wizard: Wizard 'astdb' could not be applied to object type 'contact' as it was not found
> ERROR: res_pjsip/pjsip_configuration.c:2164 ast_res_pjsip_initialize_configuration: Failed to register SIP location support with sorcery
> ERROR: res_pjsip.c:5722 load_module: Failed to initialize SIP configuration. Aborting load
> munmap_chunk(): invalid pointer
> Thread 1 "asterisk" received signal SIGABRT, Aborted.
> #0  __GI_raise (sig=sig at entry=6) at ../sysdeps/unix/sysv/linux/raise.c:49
> #1  0x00007ffff72a1864 in __GI_abort () at abort.c:79
> #2  0x00007ffff7304af6 in __libc_message (action=action at entry=do_abort, fmt=fmt at entry=0x7ffff742c128 "%s\n")
>     at ../sysdeps/posix/libc_fatal.c:155
> #3  0x00007ffff730d46c in malloc_printerr (str=str at entry=0x7ffff742e0f0 "munmap_chunk(): invalid pointer") at malloc.c:5389
> #4  0x00007ffff730d83c in munmap_chunk (p=<optimized out>) at malloc.c:2845
> #5  0x00005555555c80a2 in __ast_free (ptr=0x7ffff49f8dd0, file=0x5555558001ad "cli.c", lineno=2363, 
>     func=0x555555802b70 <__PRETTY_FUNCTION__.11> "ast_cli_unregister") at astmm.c:1588
> #6  0x000055555563be40 in ast_cli_unregister (e=0x7ffff4a0cb20 <cli_commands>) at cli.c:2363
> #7  0x000055555563c45f in ast_cli_unregister_multiple (e=0x7ffff4a0cb20 <cli_commands>, len=1) at cli.c:2464
> #8  0x00007ffff49da845 in ast_sip_destroy_distributor () at res_pjsip/pjsip_distributor.c:1336
> #9  0x00007ffff49b7a37 in unload_pjsip (data=0x0) at res_pjsip.c:5558
> #10 0x00007ffff49b814e in load_module () at res_pjsip.c:5762
> #11 0x000055555568ecd5 in start_resource (mod=0x55555597ea30) at loader.c:1711
> #12 0x000055555568f7a2 in start_resource_attempt (mod=0x55555597ea30, count=0x7fffffffb0e8) at loader.c:1887
> #13 0x0000555555690189 in start_resource_list (resources=0x7fffffffb140, mod_count=0x7fffffffb0e8) at loader.c:1984
> #14 0x0000555555690f36 in load_resource_list (load_order=0x7fffffffb1b0, mod_count=0x7fffffffb170) at loader.c:2166
> #15 0x0000555555691996 in load_modules () at loader.c:2379
> #16 0x00005555555c7bcd in asterisk_daemon (isroot=1, runuser=0x0, rungroup=0x0) at asterisk.c:4158
> #17 0x00005555555c7086 in main (argc=2, argv=0x7fffffffe4f8) at asterisk.c:3925{code}The cause is
> {{ast_res_pjsip_initialize_configuration(…)}} → {{goto error}} → {{unload_module()}} → {{ast_sip_destroy_distributor()}} → {{ast_cli_unregister_multiple(…)}}. That is called with one (statically defined) CLI command. However, that command has not been registered yet. For a quick test, I commented that out. Which gave the next crash:{code}Thread 1 "asterisk" received signal SIGSEGV, Segmentation fault.
> #0  __GI___pthread_mutex_lock (mutex=0x0) at ../nptl/pthread_mutex_lock.c:67
> #1  0x0000555555692891 in __ast_pthread_mutex_lock (filename=0x555555820674 "sched.c", lineno=412, 
>     func=0x555555820ad0 <__PRETTY_FUNCTION__.15> "ast_sched_clean_by_callback", mutex_name=0x555555820669 "&con->lock", t=0x0) at lock.c:326
> #2  0x000055555571173d in ast_sched_clean_by_callback (con=0x0, match=0x7ffff49ed1b9 <idle_sched_cb>, 
>     cleanup_cb=0x7ffff49ed2e3 <idle_sched_cleanup>) at sched.c:412
> #3  0x00007ffff49edbbf in ast_sip_destroy_transport_management () at res_pjsip/pjsip_transport_management.c:427
> #4  0x00007ffff49b7a3c in unload_pjsip (data=0x0) at res_pjsip.c:5559
> #5  0x00007ffff49b814e in load_module () at res_pjsip.c:5762
> #6  0x000055555568ecd5 in start_resource (mod=0x55555594a2e0) at loader.c:1711
> #7  0x000055555568f7a2 in start_resource_attempt (mod=0x55555594a2e0, count=0x7fffffffb0e8) at loader.c:1887
> #8  0x0000555555690189 in start_resource_list (resources=0x7fffffffb140, mod_count=0x7fffffffb0e8) at loader.c:1984
> #9  0x0000555555690f36 in load_resource_list (load_order=0x7fffffffb1b0, mod_count=0x7fffffffb170) at loader.c:2166
> #10 0x0000555555691996 in load_modules () at loader.c:2379
> #11 0x00005555555c7bcd in asterisk_daemon (isroot=1, runuser=0x0, rungroup=0x0) at asterisk.c:4158
> #12 0x00005555555c7086 in main (argc=2, argv=0x7fffffffe4f8) at asterisk.c:3925{code}Again, something is destroyed which has not be inited, yet.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list