Opened 7 years ago

Closed 7 years ago

#1988 closed defect (fixed)

Crash on UDP transport restart

Reported by: nanang Owned by: bennylp
Priority: normal Milestone: release-2.6
Component: pjsip Version: trunk
Keywords: Cc:
Backport to 1.x milestone: Backported: no

Description

Reported that the crash happened because an outstanding read operation key is reset by udp_on_read_complete() so socket read list gets corrupted. When there is incoming packet, ioqueue will try to deliver the packet to application by accessing the corrupted socket read list.

After investigation, possible scenario is:

  1. Spinning loop inside read callback udp_on_read_complete() is somehow still running while another thread is is executing UDP restart (pjsip_udp_transport_restart()).
  2. The UDP restart reinitiates read operation, so some op_key are queued to socket read list.
  3. Unfortunately the still spinning udp_on_read_complete() may wipe out those op_key.

The solution idea is to make sure that there is no read callback execution before reinitiating read operation in UDP restart. However, such synchronization is not simple (note: ioqueue may release key/socket lock before invoking read callback to avoid deadlock). A possible workaround is to wait for any active spinning loop in read callback to complete before reinitiating read operation in UDP restart.

Thanks Kinsey Moore for the report.

Change History (1)

comment:1 Changed 7 years ago by nanang

  • Resolution set to fixed
  • Status changed from new to closed

In 5519:

Fixed #1988: Wait for any active spinning loop in read callback to complete before reinitiating read operation in UDP restart.

Note: See TracTickets for help on using tickets.