Summary: | ASTERISK-25230: Crash in channels/pjsip/basic_calls/incoming/off-nominal/userpass when decreasing reference on PJSIP transport | ||
Reporter: | Matt Jordan (mjordan) | Labels: | |
Date Opened: | 2015-07-06 08:54:34 | Date Closed: | 2015-09-10 10:15:44 |
Priority: | Major | Regression? | |
Status: | Closed/Complete | Components: | Resources/res_pjsip Tests/testsuite |
Versions: | Frequency of Occurrence | ||
Related Issues: | |||
Environment: | Attachments: | ( 0) backtrace_5402.txt ( 1) full.txt | |
Description: | The Asterisk Test Suite caught a crash in PJSIP via the {{channels/pjsip/basic_calls/incoming/off-nominal/userpass}} test when decrementing the reference on a transport that was being disposed of via {{pjsip_rx_data_free_cloned}}:
{code} [Thread debugging using libthread_db enabled] Core was generated by `/usr/sbin/asterisk -f -g -q -m -n -C /tmp/asterisk-testsuite/5dddaa9b1d12e2132f'. Program terminated with signal 11, Segmentation fault. #0 0x00a21255 in pj_atomic_get (atomic_var=0x0) at ../src/pj/os_core_unix.c:916 916 pj_mutex_lock( atomic_var->mutex ); #0 0x00a21255 in pj_atomic_get (atomic_var=0x0) at ../src/pj/os_core_unix.c:916 oldval = 0 #1 0x006b4e15 in pjsip_transport_dec_ref (tp=0xb7306f14) at ../src/pjsip/sip_transport.c:990 __PRETTY_FUNCTION__ = "pjsip_transport_dec_ref" #2 0x006b46fe in pjsip_rx_data_free_cloned (rdata=0xb732de54) at ../src/pjsip/sip_transport.c:723 __PRETTY_FUNCTION__ = "pjsip_rx_data_free_cloned" #3 0x003470b6 in distribute (data=0xb732de54) at res_pjsip/pjsip_distributor.c:449 param = {start_prio = 0, start_mod = 0x365a80, idx_after_start = 1, silent = 0} handled = 1 rdata = 0xb732de54 is_request = 1 is_ack = 0 endpoint = 0x92dd230 __PRETTY_FUNCTION__ = "distribute" #4 0x0841f73b in ast_taskprocessor_execute (tps=0x88d8e60) at taskprocessor.c:768 local = {local_data = 0x10, data = 0x88d8e60} t = 0xb73235c8 size = 135056146 __PRETTY_FUNCTION__ = "ast_taskprocessor_execute" #5 0x084384e8 in execute_tasks (data=0x88d8e60) at threadpool.c:1269 tps = 0x88d8e60 #6 0x0841f73b in ast_taskprocessor_execute (tps=0x8828d98) at taskprocessor.c:768 local = {local_data = 0xb7201d1c, data = 0xb7201d4c} t = 0xb73237f0 size = 3 {code} Note that we weren't shutting down or doing anything else intrusive at the time. | ||
Comments: | By: Asterisk Team (asteriskteam) 2015-07-06 08:54:36.511-0500 Thanks for creating a report! The issue has entered the triage process. That means the issue will wait in this status until a Bug Marshal has an opportunity to review the issue. Once the issue has been reviewed you will receive comments regarding the next steps towards resolution. A good first step is for you to review the [Asterisk Issue Guidelines|https://wiki.asterisk.org/wiki/display/AST/Asterisk+Issue+Guidelines] if you haven't already. The guidelines detail what is expected from an Asterisk issue report. Then, if you are submitting a patch, please review the [Patch Contribution Process|https://wiki.asterisk.org/wiki/display/AST/Patch+Contribution+Process]. |