ASTERISK-22615: sip_attended_transfer: crash on disposed of object in native RTP bridge

[Home]

Summary: ASTERISK-22615: sip_attended_transfer: crash on disposed of object in native RTP bridge

Reporter: Matt Jordan (mjordan) Labels:

Date Opened: 2013-09-29 16:04:32 Date Closed: 2013-10-03 14:18:01

Priority: Major Regression?

Status: Closed/Complete Components: Bridges/bridge_native_rtp Channels/chan_sip/Transfers

Versions: 12.0.0-alpha1 Frequency of
Occurrence

Related
Issues:
is related to ASTERISK-22532 Fix chan_pjsip two party alice initiated test failures

Environment: Attachments: ( 0) backtrace_13905.txt

Description: The sip_attended_transfer is periodically crashing on the Asterisk Test Suite. Small snippet of the attached backtrace below:

{noformat}
#0 0x080c95cb in INTERNAL_OBJ (user_data=0xdeaddead) at astobj2.c:161
161 if (AO2_MAGIC != p->priv_data.magic) {
#0 0x080c95cb in INTERNAL_OBJ (user_data=0xdeaddead) at astobj2.c:161
p = 0xdeadde99
__PRETTY_FUNCTION__ = "INTERNAL_OBJ"
#1 0x080cd153 in internal_ao2_traverse (self=0xdeaddead, flags=OBJ_NOLOCK, cb_fn=0x8332d8b, arg=0xb39e68f4, data=0x0, type=AO2_CALLBACK_DEFAULT, tag=0x0, file=0x0, line=0, func=0x0) at astobj2.c:1272
ret = 0x0
cb_default = 0
cb_withdata = 0
node = 0x0
traversal_state = 0x0
orig_lock = AO2_LOCK_REQ_MUTEX
multi_container = 0x0
multi_iterator = 0x0
__PRETTY_FUNCTION__ = "internal_ao2_traverse"
#2 0x080cdf55 in __ao2_callback (c=0xdeaddead, flags=OBJ_NOLOCK, cb_fn=0x8332d8b <rtp_payload_type_find_format>, arg=0xb39e68f4) at astobj2.c:1490
No locals.
#3 0x08332edb in ast_rtp_codecs_payload_code (codecs=0xb73a9534, asterisk_format=1, format=0xb39e68f4, code=0) at rtp_engine.c:847
type = 0xb7251eb4
i = -1222272540
res = -1
__PRETTY_FUNCTION__ = "ast_rtp_codecs_payload_code"
#4 0x05b6b362 in bridge_p2p_rtp_write (instance=0xdeaddead, rtcp=16) at res_rtp_asterisk.c:3456
rtp = 0xb7257568
bridged = 0xdeaddead
res = 0
payload = 0
mark = 0
reconstruct = -2147478590
ice = <value optimized out>
bridged_payload = 0
hdrlen = 12
instance1 = 0xb73a940c
payload_type = {asterisk_format = 1, format = {id = AST_FORMAT_ULAW, fattr = {format_attr = {0 <repeats 64 times>}, rtp_marker_bit = 0 '\000'}}, rtp_code = 0, payload = 0}
remote_address = {ss = {ss_family = 0, __ss_align = 0, __ss_padding = '\000' <repeats 119 times>}, len = 0}
#5 ast_rtp_read (instance=0xdeaddead, rtcp=16) at res_rtp_asterisk.c:3655
rtp = 0xb7257568
addr = {ss = {ss_family = 2, __ss_align = 16777343, __ss_padding = "\000\000\000\000\000\000\000\000,\024\017\003,\024\017\003hl\236\263\025\246'\b\300\234R\b\000\000\000\000\230\273\301\264\001\000\000\000\250\000\000\000\020\000\020\267\230\273\301\264\020\021\333\004\000\000\000\000\000\000\000\000L\026$\b\000\000\000\000\000\000\000\000\300k\236\263", '\000' <repeats 12 times>"\270, l\236\263\002\000\000\000D\006T\267\031\260\267\000\267\005\000\000\310\363S\267\070\267\301\264"}, len = 16}
res = 92
hdrlen = 12
version = 2
payloadtype = <value optimized out>
padding = <value optimized out>
mark = <value optimized out>
ext = <value optimized out>
cc = <value optimized out>
prev_seqno = <value optimized out>
rtpheader = 0xb72576f4
seqno = 2147488706
ssrc = <value optimized out>
timestamp = <value optimized out>
payload = {asterisk_format = 0, format = {id = 0, fattr = {format_attr = {0 <repeats 31 times>, 1117519874, 1464473610, 0, 0, 0, 0, 0, 3069464812, 3013503672, 11274534, 3072604808, 51458580, 3013503720, 136816149, 3072604808, 0, 0, 0, 0, 0, 0, 0, 0, 0, 3013503816, 135044420, 139827416, 4294967295, 51422269, 51319852, 3072604808, 0, 16}, rtp_marker_bit = 0 '\000'}}, rtp_code = 525, payload = -1219304204}
remote_address = {ss = {ss_family = 2, __ss_align = 1464473610, __ss_padding = '\000' <repeats 119 times>}, len = 16}
frames = <value optimized out>
__PRETTY_FUNCTION__ = "ast_rtp_read"
#6 0x08330a25 in ast_rtp_instance_read (instance=0xb7251e14, rtcp=0) at rtp_engine.c:436
No locals.
#7 0x02fbc632 in sip_rtp_read (ast=0xb7261944, p=0xb7243abc, faxdetect=0xb39e6dc8) at chan_sip.c:8497
f = 0xb239eb
__PRETTY_FUNCTION__ = "sip_rtp_read"
#8 0x02fbd8cb in sip_read (ast=0xb7261944) at chan_sip.c:8594
fr = 0x81b1da1
p = 0xb7243abc
faxdetected = 0
__PRETTY_FUNCTION__ = "sip_read"
#9 0x0817ffc0 in __ast_read (chan=0xb7261944, dropaudio=0) at channel.c:3917
f = 0x0
prestate = 6
cause = 0
__PRETTY_FUNCTION__ = "__ast_read"
#10 0x08183ed7 in ast_read (chan=0xb7261944) at channel.c:4269
No locals.
#11 0x0811e037 in bridge_handle_trip (bridge_channel=0xb7240364) at bridge_channel.c:1784
frame = 0xb85ff4
#12 0x0811eb56 in bridge_channel_wait (bridge_channel=0xb7240364) at bridge_channel.c:1903
ms = -1
outfd = -99999
chan = 0xb7261944
__PRETTY_FUNCTION__ = "bridge_channel_wait"
#13 0x0811f845 in bridge_channel_internal_join (bridge_channel=0xb7240364) at bridge_channel.c:2020
res = 0
__PRETTY_FUNCTION__ = "bridge_channel_internal_join"
#14 0x080eeca8 in bridge_channel_ind_thread (data=0xb7240364) at bridge.c:1531
bridge_channel = 0xb7240364
chan = 0x1
__PRETTY_FUNCTION__ = "bridge_channel_ind_thread"
#15 0x083e834b in dummy_start (data=0xb7273568) at utils.c:1168
__cancel_buf = {__cancel_jmp_buf = {{__cancel_jmp_buf = {12083188, 0, 4001536, -1281461544, 1777649898, 672497565}, __mask_was_saved = 0}}, __pad = {0xb39e73a4, 0x0, 0x0, 0x0}}
__cancel_routine = 0x80aa907 <ast_unregister_thread>
__cancel_arg = 0xb39e7b70
not_first_call = 0
ret = 0x0
a = {start_routine = 0x80eec1f <bridge_channel_ind_thread>, data = 0xb7240364, name = 0xb728f018 "bridge_channel_ind_thread started at [ 1602] bridge.c ast_bridge_impart()"}
__PRETTY_FUNCTION__ = "dummy_start"
#16 0x00b74a49 in start_thread () from /lib/libpthread.so.0
No symbol table info available.
#17 0x00ab0aee in clone () from /lib/libc.so.6
{noformat}

Comments: