[Home]

Summary:ASTERISK-25738: res_pjsip_pubsub: Crash while executing OutboundSubscriptionDetail ami action
Reporter:Kevin Harwell (kharwell)Labels:
Date Opened:2016-02-01 17:34:55.000-0600Date Closed:2016-02-15 14:47:39.000-0600
Priority:MinorRegression?No
Status:Closed/CompleteComponents:Resources/res_pjsip_pubsub
Versions:13.7.0 Frequency of
Occurrence
One Time
Related
Issues:
Environment:Attachments:( 0) backtrace_9242.txt
Description:Asterisk crashed when trying execute 'OutboundSubscriptionDetail' AMI action. It looks like the sub_tree's evsub structure has not been initialized yet when attempting to reference it.

If you look where it crashed:
{noformat}
#0  0x00007f601ddffdbb in pjsip_evsub_get_state_name () from /usr/lib/libpjsip-simple.so.2
#0  0x00007f601ddffdbb in pjsip_evsub_get_state_name () from /usr/lib/libpjsip-simple.so.2
No symbol table info available.
#1  0x00007f5fa8503931 in sip_subscription_to_ami (sub_tree=0x7f5ff063f210, buf=0x7f5f65520f18) at res_pjsip_pubsub.c:1532
       str = "<unknown>\000˧_\177\000\000\000\000\000\000\000\000\000\000\330\016Re_\177\000\000\300\264\250\350'\000\000\000\030\000\000\000\060\000\000\000\300\016Re_\177\
\000\000\000\016Re_\177\000\000\000\000\000\000\000\000\000\000\001\000\000\000\000\000\000\000\200\016Re_\177\000\000\232\022\020\350_\177\000\000onDetailx\000\000\350_\177\
\000\000p7P\250_\177\000\000n\234P\250_\177\000\000b\304V\000\000\000\000\000V\211i\000\000\000\000\000\233\323V\000\206\002\000\000\210}i\000\000\000\000\000\030\002\000\00\
0\000\000\000\000\001\000\000\000\000\000\000\000}\264! `\177\000\000\020\215`\350_\177\000\000\260\016Re_\177\000\000\307"...
       id = 0x352bb80
       __PRETTY_FUNCTION__ = "sip_subscription_to_ami"
#2  0x00007f5fa8509a62 in ami_subscription_detail (sub_tree=0x7f5ff063f210, ami=0x7f5f65520fc0, event=0x7f5fa850e329 "OutboundSubscriptionDetail") at res_pjsip_pubsub.c:3440
       buf = 0x7f5fe8608d10
#3  0x00007f5fa8509b13 in ami_subscription_detail_outbound (sub_tree=0x7f5ff063f210, arg=0x7f5f65520fc0) at res_pjsip_pubsub.c:3455
No locals.
#4  0x00007f5fa85037ab in for_each_subscription (on_subscription=0x7f5fa8509ade <ami_subscription_detail_outbound>, arg=0x7f5f65520fc0) at res_pjsip_pubsub.c:1506
{noformat}

and also at thread 175 (in the backtrace):
{noformat}
Thread 175 (Thread 0x7f5f654a6700 (LWP 9400)):
#0  pthread_rwlock_unlock () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_rwlock_unlock.S:84
#1  0x0000000000553105 in __ast_rwlock_unlock (filename=0x7f5fa850d1e4 "res_pjsip_pubsub.c", line=1028, func=0x7f5fa850f2b1 <__PRETTY_FUNCTION__.23811> "_dtor_lock", t=0x7f5\
fa8713630 <subscriptions+16>, name=0x7f5fa850d600 "&(*v)->lock") at lock.c:827
#2  0x00007f5fa8501bb4 in _dtor_lock (v=0x7f5f654a58e8) at res_pjsip_pubsub.c:1028
#3  0x00007f5fa8501c53 in add_subscription (obj=0x7f5ff063f210) at res_pjsip_pubsub.c:1028
#4  0x00007f5fa8502a91 in allocate_subscription_tree (endpoint=0x352b9a8) at res_pjsip_pubsub.c:1257
#5  0x00007f5fa8502add in create_subscription_tree (handler=0x7f5f6d1da280 <presence_handler>, endpoint=0x352b9a8, rdata=0x7f6007efca18, resource=0x7f5f654a5a00 "291", gener\
ator=0x7f5f6fea0140 <pidf_body_generator>, tree=0x7f5f654a5aa0, dlg_status=0x7f5f654a5a48) at res_pjsip_pubsub.c:1290
...
{noformat}
you'll notice that the subscription it crashed on is also currently in the process of being added. See the attached backtrace for more information.
Comments: