[Home]

Summary:ASTERISK-28086: chan_pjsip: Crash when initiating PlayDTMF over AMI
Reporter:Jeremiah Gadd (jgadd)Labels:pjsip
Date Opened:2018-10-01 13:50:07Date Closed:2019-10-10 07:29:14
Priority:MinorRegression?
Status:Closed/CompleteComponents:Channels/chan_pjsip Resources/res_pjsip_session
Versions:13.14.1 13.19.0 15.6.1 Frequency of
Occurrence
Occasional
Related
Issues:
is duplicated byASTERISK-28216 Crash when race condition between manager_play_dtmf and ast_hangup
Environment:Gentoo (physical), Debian (AWS)Attachments:( 0) asterisk-13-14-1-ASTERISK-28086-results.tar.gz
( 1) backtrace-pjsip-playdtmf-asterisk16.txt
( 2) core.13-23-1-ASTERISK-28086-results.tar.gz
Description:It appears there may be a race condition in which PJSIP attempts to end the sending of a DTMF tone after a bridge is destroyed, causing PJSIP to try to send to a non-existent channel.

I've attached the corresponding core dumps.
Comments:By: Asterisk Team (asteriskteam) 2018-10-01 13:50:09.677-0500

Thanks for creating a report! The issue has entered the triage process. That means the issue will wait in this status until a Bug Marshal has an opportunity to review the issue. Once the issue has been reviewed you will receive comments regarding the next steps towards resolution.

A good first step is for you to review the [Asterisk Issue Guidelines|https://wiki.asterisk.org/wiki/display/AST/Asterisk+Issue+Guidelines] if you haven't already. The guidelines detail what is expected from an Asterisk issue report.

Then, if you are submitting a patch, please review the [Patch Contribution Process|https://wiki.asterisk.org/wiki/display/AST/Patch+Contribution+Process].

By: Jeremiah Gadd (jgadd) 2018-10-01 13:51:39.440-0500

Attached core dumps showing the segfault.

By: Joshua C. Colp (jcolp) 2018-10-01 14:03:14.114-0500

Thank you for the crash report. However, we need more information to investigate the crash. Please provide:

1. A backtrace generated from a core dump using the instructions provided on the Asterisk wiki [1].
2. Specific steps taken that lead to the crash.
3. All configuration information necesary to reproduce the crash.

Thanks!

[1]: https://wiki.asterisk.org/wiki/display/AST/Getting+a+Backtrace

In this case the backtrace has been optimized it seems, and barely any data can be retrieved from it.

As well the version of Asterisk in use is about 10 months old. Please ensure you are using the latest one as we do fix bugs such as this.

By: Richard Mudgett (rmudgett) 2018-10-01 14:07:51.615-0500

Your backtraces have no symbols and are not usable.  You need to run asterisk that does not have the symbols stripped from it.

You can use the {{file}} command to determine if you have symbols:
{noformat}
rmudgett@piglet:~/projects/asterisk/ws1/v16 (v16)$ file /usr/sbin/asterisk
/usr/sbin/asterisk: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=84c7982bc02ad1d00a7e38fa03e6473ece79e0c4, not stripped

rmudgett@piglet:~/projects/asterisk/ws1/v16 (v16)$ file /usr/lib/asterisk/modules/res_pjsip.so
/usr/lib/asterisk/modules/res_pjsip.so: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=227cd8a844382f758f54eeccb450dc0330cded44, not stripped
{noformat}
If your modules are {{not stripped}} you have symbols available and backtraces will be usable.

https://wiki.asterisk.org/wiki/display/AST/Getting+a+Backtrace

By: Asterisk Team (asteriskteam) 2018-10-16 12:00:01.082-0500

Suspended due to lack of activity. This issue will be automatically re-opened if the reporter posts a comment. If you are not the reporter and would like this re-opened please create a new issue instead. If the new issue is related to this one a link will be created during the triage process. Further information on issue tracker usage can be found in the Asterisk Issue Guidlines [1].

[1] https://wiki.asterisk.org/wiki/display/AST/Asterisk+Issue+Guidelines

By: Jeremiah Gadd (jgadd) 2018-10-18 01:11:55.940-0500

Here are core dumps for both the version we're running and the current version.

By: Asterisk Team (asteriskteam) 2018-10-18 01:11:56.291-0500

This issue has been reopened as a result of your commenting on it as the reporter. It will be triaged once again as applicable.

By: Jeremiah Gadd (jgadd) 2018-10-19 11:06:55.728-0500

I should note the new core dumps I've attached do include symbols. We've found we can easily reproduce this by spamming DTMF commands through the AMI and simultaneously disconnecting the call. We've also found Asterisk 15 to be affected by the same bug.

By: Jeremiah Gadd (jgadd) 2018-10-23 11:49:35.631-0500

Here is an easy way to replicate the crash:
https://github.com/jgallred/chan-pjsip-crash-demo

By: Aaron An (aaron) 2018-12-19 06:33:11.930-0600

I had this issue too.
ASTERISK-28216


By: laszlovl (lvl) 2019-09-03 04:38:46.809-0500

Can still trivially reproduce this on Asterisk 16: just set up an AMI client that'll listen to newly created channels, and start an infinite loop of PlayDTMF commands on them. As soon as the channel starts hanging up, Asterisk will segfault. Will attach an Asterisk 16 backtrace.

By: laszlovl (lvl) 2019-10-01 06:50:48.258-0500

Submitted a simple patch at https://gerrit.asterisk.org/c/asterisk/+/12992 and verified that the issue can no longer be reproduced.

By: Friendly Automation (friendly-automation) 2019-10-10 07:29:16.065-0500

Change 12992 merged by Friendly Automation:
chan_pjsip: Prevent segfault when running PlayDTMF on hungup channel

[https://gerrit.asterisk.org/c/asterisk/+/12992|https://gerrit.asterisk.org/c/asterisk/+/12992]

By: Friendly Automation (friendly-automation) 2019-10-10 07:35:40.592-0500

Change 13028 merged by Friendly Automation:
chan_pjsip: Prevent segfault when running PlayDTMF on hungup channel

[https://gerrit.asterisk.org/c/asterisk/+/13028|https://gerrit.asterisk.org/c/asterisk/+/13028]

By: Friendly Automation (friendly-automation) 2019-10-10 08:46:50.867-0500

Change 13021 merged by Friendly Automation:
chan_pjsip: Prevent segfault when running PlayDTMF on hungup channel

[https://gerrit.asterisk.org/c/asterisk/+/13021|https://gerrit.asterisk.org/c/asterisk/+/13021]

By: Friendly Automation (friendly-automation) 2019-10-10 08:59:59.726-0500

Change 13022 merged by Friendly Automation:
chan_pjsip: Prevent segfault when running PlayDTMF on hungup channel

[https://gerrit.asterisk.org/c/asterisk/+/13022|https://gerrit.asterisk.org/c/asterisk/+/13022]