Summary:ASTERISK-26174: res_pjsip: Crash when freeing cloned message in distributor
Reporter:Ross Beer (rossbeer)Labels:
Date Opened:2016-07-06 03:54:50Date Closed:2016-09-01 09:42:33
Versions:13.10.0-rc1 13.10.0 Frequency of
duplicatesASTERISK-26166 res_pjsip_pubsub: Crash when decrementing reference count of message
duplicatesASTERISK-26199 PJSIP: tx_data_destroy called twice
is duplicated byASTERISK-26185 Stringfields ABORT
Environment:Fedora 23Attachments:( 0) backtrace_2016-07-01T10_25_54_CLEAN.txt
( 1) backtrace_2016-07-08T16_34_49_CLEAN.txt
( 2) backtrace-2016-07-12T11_20_57_CLEAN.txt
Description:Asterisk crashes due to cpool_release_pool, this is being discussed on the PJSIP mailing list.
Comments:By: Asterisk Team (asteriskteam) 2016-07-06 03:54:51.780-0500

Thanks for creating a report! The issue has entered the triage process. That means the issue will wait in this status until a Bug Marshal has an opportunity to review the issue. Once the issue has been reviewed you will receive comments regarding the next steps towards resolution.

A good first step is for you to review the [Asterisk Issue Guidelines|https://wiki.asterisk.org/wiki/display/AST/Asterisk+Issue+Guidelines] if you haven't already. The guidelines detail what is expected from an Asterisk issue report.

Then, if you are submitting a patch, please review the [Patch Contribution Process|https://wiki.asterisk.org/wiki/display/AST/Patch+Contribution+Process].

By: Ross Beer (rossbeer) 2016-07-06 06:55:52.524-0500

Asterisk isn't create a core dump for some of these ABORTS:

Stack trace of thread 27450:
#0  0x00007f682e7f3a28 raise (libc.so.6)
#1  0x00007f682e7f562a abort (libc.so.6)
#2  0x00007f682e836d7a __libc_message (libc.so.6)
#3  0x00007f682e83f1ca _int_free (libc.so.6)
#4  0x00007f682e84272c __libc_free (libc.so.6)
#5  0x00007f67e737f6a5 cpool_release_pool (libpj.so.2)
#6  0x00007f67ed05db48 pjsip_tx_data_dec_ref (libpjsip.so.2)
#7  0x00007f67ed061808 on_data_sent (libpjsip.so.2)
#8  0x00007f67ed061c23 on_connect_complete (libpjsip.so.2)
#9  0x00007f67e737672f ioqueue_dispatch_write_event (libpj.so.2)
#10 0x00007f67e7377c9b pj_ioqueue_poll (libpj.so.2)
#11 0x00007f67ed058c85 pjsip_endpt_handle_events2 (libpjsip.so.2)
#12 0x00007f67e5acf638 monitor_thread_exec (res_pjsip.so)
#13 0x00007f67e7378a56 thread_main (libpj.so.2)
#14 0x00007f682f58561a start_thread (libpthread.so.0)
#15 0x00007f682e8c159d __clone (libc.so.6)

By: Ross Beer (rossbeer) 2016-07-08 10:46:00.424-0500

Latest crash in the same position

By: Ross Beer (rossbeer) 2016-07-12 05:42:16.766-0500

This crash is increasingly common, can someone please take a look?

By: Joshua C. Colp (jcolp) 2016-07-12 06:00:06.161-0500

I have marked this issue as accepted, but I am unaware of anyone currently actively working on it.

By: Ross Beer (rossbeer) 2016-07-21 06:44:29.887-0500

A patch is currently up for review on this issue: https://gerrit.asterisk.org/#/c/3254/

By: Malcolm Davenport (mdavenport) 2016-09-01 09:42:33.436-0500