[asterisk-dev] Encountered a crash on asterisk 16.9.0 with a PJSIP SUBSCRIBE response

Thu Nov 19 13:38:15 CST 2020

We have a customer who was running 16.3.0 yesterday.  Almost identical packets worked yesterday.
We upgraded them to 16.9.0 today and the very first time it sends the SUBSCRIBE to the number/ip, the response crashes with the following backtrace.

Customer required we revert back to 16.3.0 so I'm not sure I can replicate this.
Any suggestions of what to do or what to try?

[11/19 08:22:55.815] VERBOSE[1406] res_pjsip_logger.c: <--- Transmitting SIP request (690 bytes) to UDP:z.z.z.z:5060 --->
SUBSCRIBE sip:1234567890 at y.y.y.y;user=phone SIP/2.0
Via: SIP/2.0/UDP x.x.x.x:5060;rport;branch=z9hG4bKPj363c70fc-88e2-4d05-b2ed-d8af5bbea7a2
From: <sip:28100 at x.x.x.x;user=phone>;tag=12277ed8-61f7-4b3b-a6b0-b544cc04cd64
To: "1234567890" <sip:1234567890 at y.y.y.y;user=phone>;tag=16a1f36c
Contact: <sip:x.x.x.x:5060>
Call-ID: mailto:36b40b3bC2_jPc at y.y.y.y
CSeq: 27685 SUBSCRIBE
Route: <sip:z.z.z.z;lr;ftag=16a1f36c>
Event: refer
Expires: 600
Supported: 100rel, timer, replaces, norefersub
Accept: message/sipfrag;version=2.0
Allow-Events: message-summary, presence, dialog, refer
Max-Forwards: 70
User-Agent: Asterisk PBX 16.9.0
Content-Length:  0

[11/19 08:22:55.817] VERBOSE[1406] res_pjsip_logger.c: <--- Received SIP response (447 bytes) from UDP:z.z.z.z:5060 --->
SIP/2.0 405 Method Not Allowed
Via: SIP/2.0/UDP x.x.x.x:5060;received=x.x.x.x;rport=5060;branch=z9hG4bKPj363c70fc-88e2-4d05-b2ed-d8af5bbea7a2
From: <sip:28100 at x.x.x.x;user=phone>;tag=12277ed8-61f7-4b3b-a6b0-b544cc04cd64
To: "1234567890" <sip:1234567890 at y.y.y.y;user=phone>;tag=16a1f36c
Call-ID: mailto:36b40b3bC2_jPc at y.y.y.y
CSeq: 27685 SUBSCRIBE
Allow: INVITE, ACK, BYE, CANCEL, PRACK, REFER, NOTIFY
Content-Length: 0

[11/19 08:22:55.817] ERROR[1745] channel.c: FRACK!, Failed assertion bad magic number 0x0 for object 0x7ff974095ac8 (0)
[11/19 08:22:55.821] ERROR[1745] : Got 22 backtrace records
# 0: /usr/sbin/asterisk(__ao2_lock+0x89) [0x45c5f9]
# 1: /usr/sbin/asterisk() [0x493965]
# 2: /usr/sbin/asterisk(ast_queue_control_data+0x4d) [0x4987cd]
# 3: /usr/lib/asterisk/modules/chan_pjsip.so(+0x7f07) [0x7ff8ecf47f07]
# 4: /usr/lib/libasteriskpj.so.2(+0x746e8) [0x7ff9985616e8]
# 5: /usr/lib/libasteriskpj.so.2(+0x74c88) [0x7ff998561c88]
# 6: /usr/lib/libasteriskpj.so.2(+0x75f16) [0x7ff998562f16]
# 7: /usr/lib/libasteriskpj.so.2(pjsip_dlg_on_tsx_state+0x5d) [0x7ff99859566d]
# 8: /usr/lib/libasteriskpj.so.2(+0xa1203) [0x7ff99858e203]
# 9: /usr/lib/libasteriskpj.so.2(+0xa2431) [0x7ff99858f431]
#10: /usr/lib/libasteriskpj.so.2(+0xa33f4) [0x7ff9985903f4]
#11: /usr/lib/libasteriskpj.so.2(pjsip_tsx_recv_msg+0x8f) [0x7ff9985929af]
#12: /usr/lib/libasteriskpj.so.2(+0xa5a75) [0x7ff998592a75]
#13: /usr/lib/libasteriskpj.so.2(pjsip_endpt_process_rx_data+0x157) [0x7ff998576bd7]
#14: /usr/lib/asterisk/modules/res_pjsip.so(+0x2bcdc) [0x7ff8f259ccdc]
#15: /usr/sbin/asterisk(ast_taskprocessor_execute+0xce) [0x599e2e]
#16: /usr/sbin/asterisk() [0x5a1520]
#17: /usr/sbin/asterisk(ast_taskprocessor_execute+0xce) [0x599e2e]
#18: /usr/sbin/asterisk() [0x5a1cc0]
#19: /usr/sbin/asterisk() [0x5a9b2c]
#20: /lib/x86_64-linux-gnu/libpthread.so.0(+0x76ba) [0x7ff9968f86ba]
#21: /lib/x86_64-linux-gnu/libc.so.6(clone+0x6d) [0x7ff995ed241d]

Dan