[asterisk-bugs] [JIRA] (ASTERISK-29535) Segmentation fault in libasteriskpj.so.2

Mon Aug 9 08:05:34 CDT 2021

     [ https://issues.asterisk.org/jira/browse/ASTERISK-29535?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Allan Rossi Lisboa updated ASTERISK-29535:
------------------------------------------

    Attachment: valgrind_2021-08-05_08_10_15

This second valgrind log (valgrind_2021-08-05_08_10_15) is easy to reproduce with our stack.

I don't know if it directly relates to the SEGFAULT.

It seems to be a concurrency issue with something changing the value of "rtp->themssrc_valid".

>From what I gathered it could be comming from "__rtp_sendto" when the lock to "instance" is released

ao2_ref(ice, +1);
if (instance == transport) {
	ao2_unlock(instance);
}
status = pj_ice_sess_send_data(ice->real_ice, component, temp, len);
ao2_ref(ice, -1);
if (instance == transport) {
	ao2_lock(instance);
}

> Segmentation fault in libasteriskpj.so.2
> ----------------------------------------
>
>                 Key: ASTERISK-29535
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-29535
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: pjproject/pjsip
>    Affects Versions: 18.5.1
>         Environment: Linux 34104asterisk 3.10.0-1160.el7.x86_64 #1 SMP Mon Oct 19 16:18:59 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
>            Reporter: Daniel Bonazzi
>         Attachments: core.34104asterisk-2021-07-27T09-16-30-0400-brief.txt, core.34104asterisk-2021-07-27T09-16-30-0400-full.txt, core.34104asterisk-2021-07-27T09-16-30-0400-info.txt, core.34104asterisk-2021-07-27T09-16-30-0400-locks.txt, core.34104asterisk-2021-07-27T09-16-30-0400-thread1.txt, valgrind_2021-08-05_08_09_18, valgrind_2021-08-05_08_10_15
>
>
> I've been facing some segmentation faults on asterisk without any apparent reason.
> This is what shows on the system logs:
> {noformat}
> Jul 27 09:16:30 34104asterisk kernel: asterisk[6556]: segfault at 0 ip 00007fcc4298678f sp 00007fcacf8ab938 error 6 in libasteriskpj.so.2[7fcc42871000+168000]
> Jul 27 09:16:30 34104asterisk asterisk[223321]: /usr/sbin/safe_asterisk: line 171: 223349 Segmentation fault      (core dumped) nice -n $PRIORITY "${ASTSBINDIR}/asterisk" -f ${CLIARGS} ${ASTARGS} > /dev/${TTY} 2>&1 < /dev/${TTY}
> {noformat}
> Checking the logs of our system that connects to asterisk via ARI and checking the asterisk logs we could see some cases where it crashed after some calls to the ARI API were made in a certain order like:
> {noformat}
> POST /ari/channels/1627495070.126/snoop?app=stasis-&spy=both&whisper=none'
> POST /ari/channels/1627495070.126/moh
> DELETE /ari/channels/1627495070.126
> POST /ari/channels/1627495070.126/moh
> {noformat}
> It is not always that those requests get to asterisk out of order that the crashes happen, but all the time that it crashed we I could saw this pattern.

--
This message was sent by Atlassian JIRA
(v6.2#6252)