ASTERISK-24621: chan_sip: Crash caused by invalid reference to object in __sip

[Home]

Summary: ASTERISK-24621: chan_sip: Crash caused by invalid reference to object in __sip_autodestruct

Reporter: JoshE (n8ideas) Labels:

Date Opened: 2014-12-15 17:45:50.000-0600 Date Closed: 2015-01-27 12:41:36.000-0600

Priority: Critical Regression?

Status: Closed/Complete Components: Channels/chan_sip/General

Versions: 11.13.0 Frequency of
Occurrence Frequent

Related
Issues:
is related to ASTERISK-24622 chan_sip: Crash when disposing of dialog in scheduled callback __sip_autodestruct

Environment: CentOS 7 Attachments: ( 0) schedulercrash.txt

Description: Seen another variant of a scheduler-related crash on Asterisk 11.13.

#0 0x000000000044ba74 in INTERNAL_OBJ (user_data=0x4542) at astobj2.c:153
p = 0x4522
__PRETTY_FUNCTION__ = "INTERNAL_OBJ"
#1 0x000000000044c110 in internal_ao2_ref (user_data=0x4542, delta=1, file=0x63da74 "astobj2.c", line=548, func=0x63dd31 <__FUNCTION__.8060> "__ao2_ref") at astobj2.c:430
obj = 0x7fbbca726638
obj_mutex = 0x7fbc5d035cf4
obj_rwlock = 0x7fbc5d04f7c0 <__PRETTY_FUNCTION__.34031>
current_value = 8998
ret = 0
__PRETTY_FUNCTION__ = "internal_ao2_ref"

Comments: By: JoshE (n8ideas) 2014-12-15 17:46:18.161-0600

Backtrace
By: Matt Jordan (mjordan) 2014-12-16 09:08:01.488-0600

This crash looks to be caused by a reference count imbalance/error in {{chan_sip}}. Your {{sip.conf}} would be helpful in trying to reproduce this issue.

Please follow the instructions [1] to get a Reference debug log, along with a debug log leading up to the crash [2]. A backtrace from the same run should also be provided. That should show the reference count error along with what particular object went bad.

[1] https://wiki.asterisk.org/wiki/display/AST/Reference+Count+Debugging
[2] https://wiki.asterisk.org/wiki/display/AST/Collecting+Debug+Information
By: JoshE (n8ideas) 2015-01-06 15:19:25.118-0600

Trying to get this created. It looks like this was caused only by very high rate of speed SIPvicious-style INVITE attacks. The repro on this is difficult to get, at least in my environment, but it has been observed every week or so.
By: Matt Jordan (mjordan) 2015-01-27 12:41:32.211-0600

I'm going to close this out as a duplicate of ASTERISK-24622, since the problems appear to be identical and there's a bit more information on that issue.