ASTERISK-26174: res_pjsip: Crash when freeing cloned message in distributor

[Home]

Summary: ASTERISK-26174: res_pjsip: Crash when freeing cloned message in distributor

Reporter: Ross Beer (rossbeer) Labels:

Date Opened: 2016-07-06 03:54:50 Date Closed: 2016-09-01 09:42:33

Priority: Major Regression?

Status: Closed/Complete Components: Resources/res_pjsip

Versions: 13.10.0-rc1 13.10.0 Frequency of
Occurrence Frequent

Related
Issues:
duplicates ASTERISK-26166 res_pjsip_pubsub: Crash when decrementing reference count of message

duplicates ASTERISK-26199 PJSIP: tx_data_destroy called twice

is duplicated by ASTERISK-26185 Stringfields ABORT

Environment: Fedora 23 Attachments: ( 0) backtrace_2016-07-01T10_25_54_CLEAN.txt
( 1) backtrace_2016-07-08T16_34_49_CLEAN.txt
( 2) backtrace-2016-07-12T11_20_57_CLEAN.txt

Description: Asterisk crashes due to cpool_release_pool, this is being discussed on the PJSIP mailing list.

Comments: By: Asterisk Team (asteriskteam) 2016-07-06 03:54:51.780-0500

Thanks for creating a report! The issue has entered the triage process. That means the issue will wait in this status until a Bug Marshal has an opportunity to review the issue. Once the issue has been reviewed you will receive comments regarding the next steps towards resolution.

A good first step is for you to review the [Asterisk Issue Guidelines|https://wiki.asterisk.org/wiki/display/AST/Asterisk+Issue+Guidelines] if you haven't already. The guidelines detail what is expected from an Asterisk issue report.

Then, if you are submitting a patch, please review the [Patch Contribution Process|https://wiki.asterisk.org/wiki/display/AST/Patch+Contribution+Process].
By: Ross Beer (rossbeer) 2016-07-06 06:55:52.524-0500

Asterisk isn't create a core dump for some of these ABORTS:

Stack trace of thread 27450:
#0 0x00007f682e7f3a28 raise (libc.so.6)
#1 0x00007f682e7f562a abort (libc.so.6)
#2 0x00007f682e836d7a __libc_message (libc.so.6)
#3 0x00007f682e83f1ca _int_free (libc.so.6)
#4 0x00007f682e84272c __libc_free (libc.so.6)
#5 0x00007f67e737f6a5 cpool_release_pool (libpj.so.2)
#6 0x00007f67ed05db48 pjsip_tx_data_dec_ref (libpjsip.so.2)
#7 0x00007f67ed061808 on_data_sent (libpjsip.so.2)
#8 0x00007f67ed061c23 on_connect_complete (libpjsip.so.2)
#9 0x00007f67e737672f ioqueue_dispatch_write_event (libpj.so.2)
#10 0x00007f67e7377c9b pj_ioqueue_poll (libpj.so.2)
#11 0x00007f67ed058c85 pjsip_endpt_handle_events2 (libpjsip.so.2)
#12 0x00007f67e5acf638 monitor_thread_exec (res_pjsip.so)
#13 0x00007f67e7378a56 thread_main (libpj.so.2)
#14 0x00007f682f58561a start_thread (libpthread.so.0)
#15 0x00007f682e8c159d __clone (libc.so.6)
By: Ross Beer (rossbeer) 2016-07-08 10:46:00.424-0500

Latest crash in the same position

By: Ross Beer (rossbeer) 2016-07-12 05:42:16.766-0500

This crash is increasingly common, can someone please take a look?
By: Joshua C. Colp (jcolp) 2016-07-12 06:00:06.161-0500

I have marked this issue as accepted, but I am unaware of anyone currently actively working on it.
By: Ross Beer (rossbeer) 2016-07-21 06:44:29.887-0500

A patch is currently up for review on this issue: https://gerrit.asterisk.org/#/c/3254/
By: Malcolm Davenport (mdavenport) 2016-09-01 09:42:33.436-0500

https://gerrit.asterisk.org/#/c/3254/