[asterisk-dev] Pjsip segfault

Tomec Martin tomec at ipex.cz
Fri Jun 16 09:37:28 CDT 2017 

On Fri, Jun 16, 2017, at 11:10 AM, Tomec Martin wrote:
> Hi,
> I am looking at issue
> https://issues.asterisk.org/jira/browse/ASTERISK-27037 and so far I have
> found that:
> In asterisk function ast_sip_send_stateful_response, we receive message
> via pjsip_tsx_recv_msg then prepare answer and send answer via
> pjsip_tsx_send_msg.
> Before we send the answer, the pjsip_transaction structure can be deleted
> by some pjsip callbacks. So the pjsip_tsx_send_msg is called with invalid
> pjsip_transaction.
> 
> Is anybody aware of correct way how to prevent pjsip_transaction from
> being deleted? Or is there a way to determine that transaction was
> deleted (by some callback)?

Have you determined what callbacks will occur that can cause it to
happen? Are you referring to timer entries for example?

I can't tell exactly. We suspect that it could be caused by some bad implemented webrtc client. 
>From the log it seems to some "transport error" while receiving message. And the terminated transaction is then destroyed by timer:
[Jun 13 12:45:18] DEBUG[8093] pjproject:             tsx0x7fe4bc0631a8 ..Transaction created for Request msg REGISTER/cseq=2 (rdata0x7fe494118e18)
[Jun 13 12:45:18] DEBUG[8093] pjproject:             tsx0x7fe4bc0631a8 .Incoming Request msg REGISTER/cseq=2 (rdata0x7fe494118e18) in state Null
[Jun 13 12:45:18] DEBUG[8093] pjproject:             tsx0x7fe4bc0631a8 ..State changed from Null to Trying, event=RX_MSG
[Jun 13 12:45:18] DEBUG[8092] pjproject:             tsx0x7fe4bc0631a8 State changed from Trying to Terminated, event=TRANSPORT_ERROR
[Jun 13 12:45:18] DEBUG[8092] pjproject:             tsx0x7fe4bc0631a8 Timeout timer event
[Jun 13 12:45:18] DEBUG[8092] pjproject:             tsx0x7fe4bc0631a8 .State changed from Terminated to Destroyed, event=TIMER
[Jun 13 12:45:18] DEBUG[8092] pjproject:             tsx0x7fe4bc0631a8 Transaction destroyed!
[Jun 13 12:45:19] DEBUG[8093] pjproject:             tsx0x7fe4bc0631a8 .Sending Response msg 200/REGISTER/cseq=2 (tdta0x7fe4bc1e5aa8) in state Destroyed
We can replicate this only in production environment, but it is possible to add some logging if needed...

Martin Tomec

More information about the asterisk-dev mailing list