[asterisk-bugs] [JIRA] (ASTERISK-29466) Asterisk crashes when the call hangs up a few seconds before it would send UPDATE

Sunny Narendra (JIRA) noreply at issues.asterisk.org
Mon Jun 7 05:53:08 CDT 2021 

Sunny Narendra created ASTERISK-29466:
-----------------------------------------

             Summary: Asterisk crashes when the call hangs up a few seconds before it would send UPDATE
                 Key: ASTERISK-29466
                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-29466
             Project: Asterisk
          Issue Type: Bug
      Security Level: None
          Components: pjproject/pjsip
    Affects Versions: 18.4.0
            Reporter: Sunny Narendra
            Severity: Major


To reproduce the crash:
 * Make Asterisk Session-Expires timer to 120 instead of using the default 1800 (timers_sess_expires=120). With this change the Asterisk will send the UPDATE every 60s.

The call scenario:
* A calls B
* B answers the call
* B hangs up after 0:57

Core dump:
{code:java}
(gdb) bt
#0  __GI_raise (sig=sig at entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1  0x00007f0c75ec242a in __GI_abort () at abort.c:89
#2  0x00007f0c75eb9e67 in __assert_fail_base (fmt=<optimized out>, assertion=assertion at entry=0x7f0c78d15b70 "inv->state < PJSIP_INV_STATE_DISCONNECTED", file=file at entry=0x7f0c78d150af "../src/pjsip-ua/sip_inv.c", line=line at entry=3064,
    function=function at entry=0x7f0c78d162b0 <__PRETTY_FUNCTION__.8486> "pjsip_inv_update") at assert.c:92
#3  0x00007f0c75eb9f12 in __GI___assert_fail (assertion=0x7f0c78d15b70 "inv->state < PJSIP_INV_STATE_DISCONNECTED", file=0x7f0c78d150af "../src/pjsip-ua/sip_inv.c", line=3064, function=0x7f0c78d162b0 <__PRETTY_FUNCTION__.8486> "pjsip_inv_update") at assert.c:101
#4  0x00007f0c78c09811 in pjsip_inv_update (inv=0x7f0c68023c68, new_contact=0x0, offer=0x0, p_tdata=0x7f0c245f9ce8) at ../src/pjsip-ua/sip_inv.c:3063
#5  0x00007f0c78c15680 in timer_cb (timer_heap=0x5597b71a04b0, entry=0x7f0c68023ed0) at ../src/pjsip-ua/sip_timer.c:398
#6  0x00007f0c78d0d487 in pj_timer_heap_poll (ht=0x5597b71a04b0, next_delay=0x7f0c245f9e10) at ../src/pj/timer.c:913
#7  0x00007f0c78c33f63 in pjsip_endpt_handle_events2 (endpt=0x5597b71a01c8, max_timeout=0x7f0c245f9e70, p_count=0x0) at ../src/pjsip/sip_endpoint.c:716
#8  0x00007f0c78c340ee in pjsip_endpt_handle_events (endpt=0x5597b71a01c8, max_timeout=0x7f0c245f9e70) at ../src/pjsip/sip_endpoint.c:777
#9  0x00007f0c2b2113e0 in monitor_thread_exec (endpt=0x0) at res_pjsip.c:5166
#10 0x00007f0c78cef7b2 in thread_main (param=0x5597b73cb708) at ../src/pj/os_core_unix.c:541
#11 0x00007f0c7736b4a4 in start_thread (arg=0x7f0c245fa700) at pthread_create.c:456
#12 0x00007f0c75f76d0f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97
(gdb)
{code}
Following patch seems to fix the issue:
{code:java}
--- a/third-party/pjproject/patches/0011-sip_inv_patch.patch	Wed May 12 14:52:42 2021 +0000
+++ b/third-party/pjproject/patches/0011-sip_inv_patch.patch	Wed May 12 14:52:57 2021 +0000
@@ -15,11 +15,13 @@
 index ca225015b..7c11b1c8e 100644
 --- a/pjsip/src/pjsip-ua/sip_inv.c
 +++ b/pjsip/src/pjsip-ua/sip_inv.c
-@@ -323,9 +323,19 @@ static void inv_set_state(pjsip_inv_session *inv, pjsip_inv_state state,
+@@ -323,9 +323,20 @@ static void inv_set_state(pjsip_inv_session *inv, pjsip_inv_state state,
  	(*mod_inv.cb.on_state_changed)(inv, e);
      pjsip_inv_dec_ref(inv);

 -    /* Only decrement when previous state is not already DISCONNECTED */
+-    if (state == PJSIP_INV_STATE_DISCONNECTED &&
+-	prev_state != PJSIP_INV_STATE_DISCONNECTED)
 +    /* The above callback may change the state, so we need to be careful here
 +     * and only decrement inv under the following conditions:
 +     * 1. If the state parameter is DISCONNECTED, and previous state is not
@@ -30,10 +32,10 @@
 +     *    inv within the callback. Note that this check must be last since
 +     *    inv may have already been destroyed.
 +     */
-     if (state == PJSIP_INV_STATE_DISCONNECTED &&
--	prev_state != PJSIP_INV_STATE_DISCONNECTED)
-+	prev_state != PJSIP_INV_STATE_DISCONNECTED &&
-+	inv->state == PJSIP_INV_STATE_DISCONNECTED)
++    if ((state == PJSIP_INV_STATE_DISCONNECTED &&
++	prev_state != PJSIP_INV_STATE_DISCONNECTED) ||
++	(prev_state != PJSIP_INV_STATE_DISCONNECTED &&
++	inv->state == PJSIP_INV_STATE_DISCONNECTED))
      {
  	pjsip_inv_dec_ref(inv);
      }
{code}



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list