ASTERISK-29215: res_pjsip_session: NULL active_media_state topology caused asterisk crash

[Home]

Summary: ASTERISK-29215: res_pjsip_session: NULL active_media_state topology caused asterisk crash

Reporter: sungtae kim (pchero) Labels:

Date Opened: 2020-12-16 20:27:22.000-0600 Date Closed: 2021-03-22 10:46:33

Priority: Minor Regression?

Status: Closed/Complete Components: Resources/res_pjsip_session

Versions: 18.1.0 Frequency of
Occurrence Constant

Related
Issues:

Environment: Attachments:

Description: NULL active_media_state topology causing an Asterisk crash

{noformat}
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `/usr/sbin/asterisk -f -g -C /etc/asterisk/asterisk.conf'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x00005571c1e9faec in ast_stream_topology_get_count (topology=0x0) at stream.c:769
769 return AST_VECTOR_SIZE(&topology->streams);
[Current thread is 1 (Thread 0x7fabe5f88700 (LWP 13628))]
(gdb) where
#0 0x00005571c1e9faec in ast_stream_topology_get_count (topology=0x0) at stream.c:769
#1 0x00005571c1e9f72a in ast_stream_topology_equal (left=0x0, right=0x7fabe80175e8) at stream.c:704
#2 0x00007fabe65a05a4 in sip_session_refresh (session=0x7fabe0066150, on_request_creation=0x0, on_sdp_creation=0x0, on_response=0x7fabe64ffbfc <on_topology_change_response>,
method=AST_SIP_SESSION_REFRESH_METHOD_INVITE, generate_new_sdp=1, pending_media_state=0x7fabe8017fb0, active_media_state=0x7fabe0064c70, queued=1) at res_pjsip_session.c:2291
#3 0x00007fabe659a78a in send_delayed_request (session=0x7fabe0066150, delay=0x7fabe00260e0) at res_pjsip_session.c:1400
#4 0x00007fabe659b08b in invite_terminated (vsession=0x7fabe0066150) at res_pjsip_session.c:1512
#5 0x00005571c1ea8254 in ast_taskprocessor_execute (tps=0x7fabe0066920) at taskprocessor.c:1237
#6 0x00005571c1eb1e8f in execute_tasks (data=0x7fabe0066920) at threadpool.c:1354
#7 0x00005571c1ea8254 in ast_taskprocessor_execute (tps=0x5571c300df30) at taskprocessor.c:1237
#8 0x00005571c1eafa93 in threadpool_execute (pool=0x5571c300c950) at threadpool.c:367
#9 0x00005571c1eb16d0 in worker_active (worker=0x7fabf4001340) at threadpool.c:1137
#10 0x00005571c1eb1442 in worker_start (arg=0x7fabf4001340) at threadpool.c:1056
#11 0x00005571c1ebb170 in dummy_start (data=0x5571c2f666e0) at utils.c:1299
#12 0x00007fac07537fa3 in start_thread () from /lib/x86_64-linux-gnu/libpthread.so.0
#13 0x00007fac06fcb4cf in clone () from /lib/x86_64-linux-gnu/libc.so.6
(gdb) frame 0
l#0 0x00005571c1e9faec in ast_stream_topology_get_count (topology=0x0) at stream.c:769
i769 return AST_VECTOR_SIZE(&topology->streams);
(gdb) list
764
765 int ast_stream_topology_get_count(const struct ast_stream_topology *topology)
766 {
767 ast_assert(topology != NULL);
768
769 return AST_VECTOR_SIZE(&topology->streams);
770 }
771
772 int ast_stream_topology_get_active_count(const struct ast_stream_topology *topology)
773 {
(gdb) p topology
$1 = (const struct ast_stream_topology *) 0x0
(gdb) f 2
#2 0x00007fabe65a05a4 in sip_session_refresh (session=0x7fabe0066150, on_request_creation=0x0, on_sdp_creation=0x0, on_response=0x7fabe64ffbfc <on_topology_change_response>,
method=AST_SIP_SESSION_REFRESH_METHOD_INVITE, generate_new_sdp=1, pending_media_state=0x7fabe8017fb0, active_media_state=0x7fabe0064c70, queued=1) at res_pjsip_session.c:2291
2291 topology_change_request = !ast_stream_topology_equal(active_media_state->topology, pending_media_state->topology);
(gdb) p
$2 = (const struct ast_stream_topology *) 0x0
(gdb) list
2286 * We need to check if the passed in active and pending states are equal
2287 * before we run the media states resolver. We'll use the flag later
2288 * to signal whether this was topology change or some other change such
2289 * as a connected line change.
2290 */
2291 topology_change_request = !ast_stream_topology_equal(active_media_state->topology, pending_media_state->topology);
2292
2293 ast_trace(-1, "%s: Active media state exists and is%s equal to pending\n", ast_sip_session_get_name(session),
2294 topology_change_request ? " not" : "");
2295 ast_trace(-1, "%s: DP: %s\n", ast_sip_session_get_name(session), ast_str_tmp(256, ast_stream_topology_to_str(pending_media_state->topology, &STR_TMP)));
(gdb) p active_media_state->topology
$3 = (struct ast_stream_topology *) 0x0
(gdb)
{noformat}

Comments: By: Asterisk Team (asteriskteam) 2020-12-16 20:27:23.226-0600

Thanks for creating a report! The issue has entered the triage process. That means the issue will wait in this status until a Bug Marshal has an opportunity to review the issue. Once the issue has been reviewed you will receive comments regarding the next steps towards resolution. Please note that log messages and other files should not be sent to the Sangoma Asterisk Team unless explicitly asked for. All files should be placed on this issue in a sanitized fashion as needed.

A good first step is for you to review the [Asterisk Issue Guidelines|https://wiki.asterisk.org/wiki/display/AST/Asterisk+Issue+Guidelines] if you haven't already. The guidelines detail what is expected from an Asterisk issue report.

Then, if you are submitting a patch, please review the [Patch Contribution Process|https://wiki.asterisk.org/wiki/display/AST/Patch+Contribution+Process].

Please note that once your issue enters an open state it has been accepted. As Asterisk is an open source project there is no guarantee or timeframe on when your issue will be looked into. If you need expedient resolution you will need to find and pay a suitable developer. Asking for an update on your issue will not yield any progress on it and will not result in a response. All updates are posted to the issue when they occur.

Please note that by submitting data, code, or documentation to Sangoma through JIRA, you accept the Terms of Use present at [https://www.asterisk.org/terms-of-use/|https://www.asterisk.org/terms-of-use/].
By: Ross Beer (rossbeer) 2021-03-10 11:12:18.379-0600

I have just seen the same crash with Asterisk 16
By: Ross Beer (rossbeer) 2021-03-16 07:14:28.952-0500

Just had another crash with 16 but still the same method:

{noformat}
Thread 1 (Thread 0x7f88eb34d700 (LWP 154814)):
#st_stream_topology_get_count (topology=0x0) at stream.c:5220 0x00000000005aae12 in ast_stream_topology_get_count (topology=0x0) at stream.c:522
#1 0x00000000005aaa6e in ast_stream_topology_equal (left=0x7f8917a0c108, right=0x0) at stream.c:460
index = 32650
#2 0x00007f8a39bebf0f in reschedule_reinvite (session=0x7f89160a0a70, on_response=0x0) at res_pjsip_session.c:4235
{noformat}
By: George Joseph (gjoseph) 2021-03-19 13:03:54.743-0500

[~rossbeer] Think you can test the new patches?
By: Friendly Automation (friendly-automation) 2021-03-22 09:38:35.287-0500

Change 15658 merged by Joshua Colp:
res_pjsip_session: Make reschedule_reinvite check for NULL topologies

[https://gerrit.asterisk.org/c/asterisk/+/15658|https://gerrit.asterisk.org/c/asterisk/+/15658]
By: Friendly Automation (friendly-automation) 2021-03-22 09:39:08.856-0500

Change 15638 merged by Joshua Colp:
res_pjsip_session: Make reschedule_reinvite check for NULL topologies

[https://gerrit.asterisk.org/c/asterisk/+/15638|https://gerrit.asterisk.org/c/asterisk/+/15638]
By: Friendly Automation (friendly-automation) 2021-03-22 09:39:33.405-0500

Change 15655 merged by Joshua Colp:
res_pjsip_session: Make reschedule_reinvite check for NULL topologies

[https://gerrit.asterisk.org/c/asterisk/+/15655|https://gerrit.asterisk.org/c/asterisk/+/15655]
By: Friendly Automation (friendly-automation) 2021-03-22 09:39:55.557-0500

Change 15656 merged by Joshua Colp:
res_pjsip_session: Make reschedule_reinvite check for NULL topologies

[https://gerrit.asterisk.org/c/asterisk/+/15656|https://gerrit.asterisk.org/c/asterisk/+/15656]
By: Friendly Automation (friendly-automation) 2021-03-22 09:40:17.197-0500

Change 15654 merged by Joshua Colp:
res_pjsip_session: Make reschedule_reinvite check for NULL topologies

[https://gerrit.asterisk.org/c/asterisk/+/15654|https://gerrit.asterisk.org/c/asterisk/+/15654]
By: Friendly Automation (friendly-automation) 2021-03-22 09:40:35.044-0500

Change 15657 merged by Joshua Colp:
res_pjsip_session: Make reschedule_reinvite check for NULL topologies

[https://gerrit.asterisk.org/c/asterisk/+/15657|https://gerrit.asterisk.org/c/asterisk/+/15657]