[asterisk-bugs] [JIRA] (ASTERISK-29196) res_pjsip: Segmentation fault

Friendly Automation (JIRA) noreply at issues.asterisk.org
Thu Feb 18 10:12:15 CST 2021 

    [ https://issues.asterisk.org/jira/browse/ASTERISK-29196?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=253869#comment-253869 ] 

Friendly Automation commented on ASTERISK-29196:
------------------------------------------------

Change 15434 merged by Joshua Colp:
pjsip: Make modify_local_offer2 tolerate previous failed SDP.

[https://gerrit.asterisk.org/c/asterisk/+/15434|https://gerrit.asterisk.org/c/asterisk/+/15434]

> res_pjsip: Segmentation fault
> -----------------------------
>
>                 Key: ASTERISK-29196
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-29196
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Resources/res_pjsip
>    Affects Versions: 18.1.0
>            Reporter: Mauri de Souza Meneguzzo (3CPlus)
>            Assignee: Joshua C. Colp
>            Severity: Major
>              Labels: patch
>         Attachments: 0080-fix-sdp-neg-modify-local-offer.patch, ast-coredumper-files.tar.gz
>
>
> Asterisk instances running 18.1.0 are crashing with segmentation fault, nothing is shown in the logs besides the segfault.
> After we upgraded to 18.1.0 this issue is happening multiple times a day, going back to 18.0.1 fixed the issue.
> {noformat}
> (gdb) bt
> #0  0x00007fb40787f5bd in pj_strdup (pool=0x7fb37453c490, dst=0x7fb378140b18, src=0x0) at ../include/pj/string_i.h:40
> #1  0x00007fb40782806c in pjmedia_sdp_neg_modify_local_offer2 (pool=0x7fb37453c490, neg=0x7fb3682f0f30, flags=1, local=0x7fb3680d1fb8)
>     at ../src/pjmedia/sdp_neg.c:336
> #2  0x00007fb4077a1d9e in inv_check_sdp_in_incoming_msg (inv=0x7fb3682f0c68, tsx=0x7fb3a8154208, rdata=0x7fb38832d3b8)
>     at ../src/pjsip-ua/sip_inv.c:2084
> #3  0x00007fb4077a5bbd in inv_on_state_early (inv=0x7fb3682f0c68, e=0x7fb2f4ad7a70) at ../src/pjsip-ua/sip_inv.c:4447
> #4  0x00007fb40779f4a3 in mod_inv_on_tsx_state (tsx=0x7fb3a8154208, e=0x7fb2f4ad7a70) at ../src/pjsip-ua/sip_inv.c:736
> #5  0x00007fb4077ec047 in pjsip_dlg_on_tsx_state (dlg=0x7fb3960c48a8, tsx=0x7fb3a8154208, e=0x7fb2f4ad7a70) at ../src/pjsip/sip_dialog.c:2129
> #6  0x00007fb4077ec8b9 in mod_ua_on_tsx_state (tsx=0x7fb3a8154208, e=0x7fb2f4ad7a70) at ../src/pjsip/sip_ua_layer.c:178
> #7  0x00007fb4077e499a in tsx_set_state (tsx=0x7fb3a8154208, state=PJSIP_TSX_STATE_PROCEEDING, event_src_type=PJSIP_EVENT_RX_MSG,
>     event_src=0x7fb38832d3b8, flag=0) at ../src/pjsip/sip_transaction.c:1272
> #8  0x00007fb4077e75a6 in tsx_on_state_proceeding_uac (tsx=0x7fb3a8154208, event=0x7fb2f4ad7b60) at ../src/pjsip/sip_transaction.c:2975
> #9  0x00007fb4077e58fe in pjsip_tsx_recv_msg (tsx=0x7fb3a8154208, rdata=0x7fb38832d3b8) at ../src/pjsip/sip_transaction.c:1832
> #10 0x00007fb4077e3ec1 in mod_tsx_layer_on_rx_response (rdata=0x7fb38832d3b8) at ../src/pjsip/sip_transaction.c:893
> #11 0x00007fb4077c8d4d in pjsip_endpt_process_rx_data (endpt=0x55dc325f63b8, rdata=0x7fb38832d3b8, p=0x7fb3a5c32b00, p_handled=0x7fb2f4ad7c94)
>     at ../src/pjsip/sip_endpoint.c:938
> #12 0x00007fb3a5c00b33 in ?? () from /usr/lib/asterisk/modules/res_pjsip.so
> #13 0x0000000000000000 in ?? ()
> (gdb) bt full
> #0  0x00007fb40787f5bd in pj_strdup (pool=0x7fb37453c490, dst=0x7fb378140b18, src=0x0) at ../include/pj/string_i.h:40
> No locals.
> #1  0x00007fb40782806c in pjmedia_sdp_neg_modify_local_offer2 (pool=0x7fb37453c490, neg=0x7fb3682f0f30, flags=1, local=0x7fb3680d1fb8)
>     at ../src/pjmedia/sdp_neg.c:336
>         new_offer = 0x7fb378140b18
>         old_offer = 0x0
>         media_used = '\000' <repeats 15 times>
>         oi = 0
>         status = 0
> #2  0x00007fb4077a1d9e in inv_check_sdp_in_incoming_msg (inv=0x7fb3682f0c68, tsx=0x7fb3a8154208, rdata=0x7fb38832d3b8)
>     at ../src/pjsip-ua/sip_inv.c:2084
>         reoffer_sdp = 0x7fb3680d1fb8
>         res_tag = {ptr = 0x7fb38833dd10 "_zE6W-HIusQmE8XhyLrtlBPE-PoerQAq\260\t\001", slen = 32}
>         st_code = 183
>         tsx_inv_data = 0x7fb3696e1ef8
>         status = 32690
>         msg = 0x7fb38833d710
>         sdp_info = 0x7fb3881df488
> #3  0x00007fb4077a5bbd in inv_on_state_early (inv=0x7fb3682f0c68, e=0x7fb2f4ad7a70) at ../src/pjsip-ua/sip_inv.c:4447
>         tsx = 0x7fb3a8154208
>         dlg = 0x7fb3960c48a8
> #4  0x00007fb40779f4a3 in mod_inv_on_tsx_state (tsx=0x7fb3a8154208, e=0x7fb2f4ad7a70) at ../src/pjsip-ua/sip_inv.c:736
>         dlg = 0x7fb3960c48a8
>         inv = 0x7fb3682f0c68
> #5  0x00007fb4077ec047 in pjsip_dlg_on_tsx_state (dlg=0x7fb3960c48a8, tsx=0x7fb3a8154208, e=0x7fb2f4ad7a70) at ../src/pjsip/sip_dialog.c:2129
>         i = 3
> #6  0x00007fb4077ec8b9 in mod_ua_on_tsx_state (tsx=0x7fb3a8154208, e=0x7fb2f4ad7a70) at ../src/pjsip/sip_ua_layer.c:178
>         dlg = 0x7fb3960c48a8
> #7  0x00007fb4077e499a in tsx_set_state (tsx=0x7fb3a8154208, state=PJSIP_TSX_STATE_PROCEEDING, event_src_type=PJSIP_EVENT_RX_MSG,
>     event_src=0x7fb38832d3b8, flag=0) at ../src/pjsip/sip_transaction.c:1272
>         e = {prev = 0x7fb2f4ad7aa0, next = 0x7fb40787f60b <pj_strdup+118>, type = PJSIP_EVENT_TSX_STATE, body = {timer = {
>               entry = 0x7fb38832d3b8}, tsx_state = {src = {rdata = 0x7fb38832d3b8, tdata = 0x7fb38832d3b8, timer = 0x7fb38832d3b8,
>                 status = -2009934920, data = 0x7fb38832d3b8}, tsx = 0x7fb3a8154208, prev_state = 3, type = PJSIP_EVENT_RX_MSG}, tx_msg = {
>               tdata = 0x7fb38832d3b8}, tx_error = {tdata = 0x7fb38832d3b8, tsx = 0x7fb3a8154208}, rx_msg = {rdata = 0x7fb38832d3b8}, user = {
>               user1 = 0x7fb38832d3b8, user2 = 0x7fb3a8154208, user3 = 0x300000003, user4 = 0x7fb2f4ad7ad0}}}
>         prev_state = PJSIP_TSX_STATE_PROCEEDING
> --Type <RET> for more, q to quit, c to continue without paging--
> #8  0x00007fb4077e75a6 in tsx_on_state_proceeding_uac (tsx=0x7fb3a8154208, event=0x7fb2f4ad7b60) at ../src/pjsip/sip_transaction.c:2975
> No locals.
> #9  0x00007fb4077e58fe in pjsip_tsx_recv_msg (tsx=0x7fb3a8154208, rdata=0x7fb38832d3b8) at ../src/pjsip/sip_transaction.c:1832
>         event = {prev = 0x7fb2f4ad7bb0, next = 0x7fb3a897fdf8, type = PJSIP_EVENT_RX_MSG, body = {timer = {entry = 0x7fb38832d3b8}, tsx_state = {
>               src = {rdata = 0x7fb38832d3b8, tdata = 0x7fb38832d3b8, timer = 0x7fb38832d3b8, status = -2009934920, data = 0x7fb38832d3b8},
>               tsx = 0x7fb2f4ad7bb0, prev_state = 126258385, type = 32692}, tx_msg = {tdata = 0x7fb38832d3b8}, tx_error = {
>               tdata = 0x7fb38832d3b8, tsx = 0x7fb2f4ad7bb0}, rx_msg = {rdata = 0x7fb38832d3b8}, user = {user1 = 0x7fb38832d3b8,
>               user2 = 0x7fb2f4ad7bb0, user3 = 0x7fb407868cd1 <pj_mutex_unlock+84>, user4 = 0x7fb2f4ad7bb0}}}
> #10 0x00007fb4077e3ec1 in mod_tsx_layer_on_rx_response (rdata=0x7fb38832d3b8) at ../src/pjsip/sip_transaction.c:893
>         key = {ptr = 0x7fb3881df450 "c$z9hG4bKPjea8a882c-11d6-4b3d-8e1b-4d37e4b6ddc9", slen = 47}
>         hval = 2807140748
>         tsx = 0x7fb3a8154208
> #11 0x00007fb4077c8d4d in pjsip_endpt_process_rx_data (endpt=0x55dc325f63b8, rdata=0x7fb38832d3b8, p=0x7fb3a5c32b00, p_handled=0x7fb2f4ad7c94)
>     at ../src/pjsip/sip_endpoint.c:938
>         msg = 0x7fb38833d710
>         def_prm = {start_prio = 4105010352, start_mod = 0x55dc2fefb633 <__ao2_unlock+245>, idx_after_start = 4105010352, silent = 32690}
>         mod = 0x7fb4078d8a20 <mod_tsx_layer>
>         handled = 0
>         i = 1
>         status = 21980
> #12 0x00007fb3a5c00b33 in ?? () from /usr/lib/asterisk/modules/res_pjsip.so
> No symbol table info available.
> #13 0x0000000000000000 in ?? ()
> No symbol table info available.
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list