[asterisk-bugs] [JIRA] (ASTERISK-25295) res_pjsip crash - pjsip_uri_get_uri at /usr/include/pjsip/sip_uri.h
Mark Michelson (JIRA)
noreply at issues.asterisk.org
Tue Aug 18 18:00:33 CDT 2015
[ https://issues.asterisk.org/jira/browse/ASTERISK-25295?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=227290#comment-227290 ]
Mark Michelson commented on ASTERISK-25295:
-------------------------------------------
It looks like there are a couple of different types of crashes that are occurring here.
# A crash occurs when attempting to send a response to a REGISTER request with a strange Contact URI. This is what I see before the crash occurs: {noformat}[2015-07-30 12:18:20] VERBOSE[22319] res_pjsip_registrar.c: Added contact 'sip:wiseua at 195.69.202.35:31382;rinstance=e770d0cd5972231a;X-PUSH-URI=' to AOR 'wiseua' with expiration of 7200 seconds{noformat} That URI has a stray '=' at the end of it. I think what is happening is that the attempt to parse the URI is failing, and we are ignoring the failure. This leads to creation of a Contact header with a NULL URI, which leads to the crash seen here. When I try to reproduce this crash using SIPp, I can't make it happen. Instead, I see this: {noformat}Added contact 'sip:wiseua at 127.0.0.1:5061;rinstance=e770d0cd5972231a;X-PUSH-URI' to AOR 'sipp' with expiration of 3600 seconds{noformat} Notice how in my version, the stray '=' at the end is removed. However, my SIPp scenario has the '=' at the end of the Contact URI. Another similar crash has this: {noformat}[2015-08-10 20:36:18] VERBOSE[7386] res_pjsip_registrar.c: Added contact 'sip:16923 at 195.16.110.63:51677;app-id=s.notify.live.net;pn-type=wp;pn-tok= S' to AOR '16923' with expiration of 7200 seconds
{noformat}. When I try to put this URI into a SIPp scenario, this fails to even reach the registrar because of a detected syntax error in PJSIP. So this means either that the version of PJSIP that you are using is different than the one I am using, and it therefore parses the URI differently, or it means that the Contact URI format is not what I was expecting it to be, and so I am not properly reproducing the problem. In either case, I believe the correct action to take here is to ensure that we do not ignore the return value when attempting to parse contact URIs.
# A second crash appears to be due to attempting to use a task serializer that has already been destroyed. This appears to happen due to a SIP subscription being destroyed, then attempting to handle a 200 OK to an outgoing NOTIFY that we sent. There appears to be a reference counting issue here, so this is going to be more difficult to diagnose and fix.
> res_pjsip crash - pjsip_uri_get_uri at /usr/include/pjsip/sip_uri.h
> -------------------------------------------------------------------
>
> Key: ASTERISK-25295
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-25295
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: Resources/res_pjsip
> Affects Versions: 13.4.0
> Reporter: Dmitriy Serov
> Assignee: Mark Michelson
> Attachments: 2015_08_10__20_38_07.backtrace-threads.txt, 2015_08_10__20_38_07.full.tail.txt, 2015_08_10__20_58_07.backtrace-threads.txt, 2015_08_10__20_58_07.full.tail.txt, backtrace.2015-07-30-1.txt, backtrace.2015-07-30-2.txt, backtrace.2015-07-30-3.txt, backtrace.2015-07-30-5.txt, core.back-trace.txt, debuglog.txt, full.2015-07-30-1.txt, full.2015-07-30-2.txt, full.2015-07-30-3.txt, full.2015-07-30-5.txt
>
>
> Using last git branch 13. Now is 13.5-rc.
> Tired of fighting with deadlock when using chan_sip. Decided to convert all the devices and the gateways to res_pjsip.
> The result was crash very often. When asterisk boots. Sometimes asterisk successfully loaded and crash in a few minutes.
> In the configs, nothing has changed except transfer chan_sip devices to res_pjsip.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list