Summary:ASTERISK-26092: [Segfault] in res_rtp_asterisk.c:4268 after Remotely bridged channels
Reporter:Niklas Larsson (pnlarsson)Labels:
Date Opened:2016-06-07 06:18:19Date Closed:2016-06-09 16:49:09
Versions:13.9.0 Frequency of
Environment:Debian, PjsipAttachments:( 0) ASTERISK-26092.diff
( 1) backtrace.txt
( 2) HOMER_CID_1586769a-6960-4b55-b098-c3b5865ef0c6.txt
( 3) HOMER_CID_88f0d5c4a4565701c6cb00013e1a6592@
Description:Segfault happens after:
[2016-06-07 12:41:23] VERBOSE[13780][C-0000074b] app_dial.c: PJSIP/wid4663-0000131b answered PJSIP/wid4661-0000131a
[2016-06-07 12:41:23] VERBOSE[13802][C-0000074b] bridge_channel.c: Channel PJSIP/wid4663-0000131b joined 'simple_bridge' basic-bridge <ac9e9cd6-a3c2-4c37-bd34-48fc42bad3cd>
[2016-06-07 12:41:23] VERBOSE[13780][C-0000074b] bridge_channel.c: Channel PJSIP/wid4661-0000131a joined 'simple_bridge' basic-bridge <ac9e9cd6-a3c2-4c37-bd34-48fc42bad3cd>
[2016-06-07 12:41:23] VERBOSE[13780][C-0000074b] bridge.c: Bridge ac9e9cd6-a3c2-4c37-bd34-48fc42bad3cd: switching from simple_bridge technology to native_rtp
[2016-06-07 12:41:23] VERBOSE[13780][C-0000074b] bridge_native_rtp.c: Remotely bridged 'PJSIP/wid4661-0000131a' and 'PJSIP/wid4663-0000131b' - media will flow directly between them
[2016-06-07 12:41:23] VERBOSE[13780][C-0000074b] bridge_native_rtp.c: Remotely bridged 'PJSIP/wid4661-0000131a' and 'PJSIP/wid4663-0000131b' - media will flow directly between them
[2016-06-07 12:41:39] Asterisk 13.9.0 built by root @ uc15.example.com on a x86_64 running Linux on 2016-01-21 12:53:22 UTC

Attached backtrace
Comments:By: Asterisk Team (asteriskteam) 2016-06-07 06:18:20.193-0500

Thanks for creating a report! The issue has entered the triage process. That means the issue will wait in this status until a Bug Marshal has an opportunity to review the issue. Once the issue has been reviewed you will receive comments regarding the next steps towards resolution.

A good first step is for you to review the [Asterisk Issue Guidelines|https://wiki.asterisk.org/wiki/display/AST/Asterisk+Issue+Guidelines] if you haven't already. The guidelines detail what is expected from an Asterisk issue report.

Then, if you are submitting a patch, please review the [Patch Contribution Process|https://wiki.asterisk.org/wiki/display/AST/Patch+Contribution+Process].

By: Niklas Larsson (pnlarsson) 2016-06-07 08:53:23.105-0500

sip traces

By: Mark Michelson (mmichelson) 2016-06-07 13:22:52.014-0500

I am attaching ASTERISK-26092.diff . I believe this patch should prevent the crash from occurring. Please test and let me know if it causes the reported crash to go away.

The native RTP bridge code tells the channel drivers that they need to update their RTP instance in order to do direct media. The native RTP bridge code does the proper thing by having the channel locked during this operation. The PJSIP channel driver queues a task onto the session's task queue in order to perform the RTP changes. The problem is that in that queued task, chan_pjsip is not locking the channel when altering the RTP properties. This results in the session's queue destroying the RTCP structure at the same time that the channel's thread is attempting to read from it. This patch corrects this problem by having the queued task that alters the RTP instance also lock the channel, thereby granting exclusive access to the underlying RTP structures.

By: Niklas Larsson (pnlarsson) 2016-06-08 05:16:52.658-0500

I have applied the patch and so far no segfaults, should have some within 24 hours if it's not fixed.

By: Mark Michelson (mmichelson) 2016-06-09 10:31:00.345-0500

It's been over 24 hours. I'm going to assume that no news is good news and post this patch for review.

By: Niklas Larsson (pnlarsson) 2016-06-09 16:48:25.817-0500

Jepp, no news - good news. No segfaults today so it feels like the patch is good.

By: Asterisk Team (asteriskteam) 2016-06-09 16:48:26.086-0500

This issue has been reopened as a result of your commenting on it as the reporter. It will be triaged once again as applicable.