| Summary: | ASTERISK-25096: [patch]Segfault when registering over websockets with PJSIP (in ast_sockaddr_isnull at /include/asterisk/netsock2.h) | ||
| Reporter: | Josh Kitchens (jkitchens) | Labels: | |
| Date Opened: | 2015-05-15 10:47:10 | Date Closed: | 2015-06-10 12:22:51 |
| Priority: | Major | Regression? | |
| Status: | Closed/Complete | Components: | Resources/res_pjsip |
| Versions: | SVN | Frequency of Occurrence | Frequent |
| Related Issues: | |||
| Environment: | Debian 7.8, pjproject 2.3.0, Asterisk GIT-master-908c6a5 (18/May/15) | Attachments: | ( 0) core.txt ( 1) core20150518-0943.txt ( 2) pjsip_configuration.conf ( 3) WSasteriskcrash.txt ( 4) wsRegister20150518-0943.txt |
| Description: | Asterisk crashes when I attempt to register from a browser, but only after I leave the browser open for some time without registering (~1 hour). | ||
| Comments: | By: Josh Kitchens (jkitchens) 2015-05-15 10:51:49.956-0500 WSasteriskscrash.txt has the ws connection from chrome, and the Register that crashed asterisk. I compiled pjproject with CFLAGS='-g3' but I still don't get symbol tables for libpjsip.so.2 in the backtrace. By: Rusty Newton (rnewton) 2015-05-15 17:30:17.482-0500 Can you verify the issue still occurs in the latest Git branch 13, or Master ? https://wiki.asterisk.org/wiki/display/AST/Gerrit+Usage Use Send Back or Enter Feedback to send the issue back to us. By: Josh Kitchens (jkitchens) 2015-05-18 12:55:25.071-0500 Confirmed with Asterisk GIT-master-908c6a5. Attached the core dump as core20150518-0943.txt, and the websocket message as wsRegister20150518-0943.txt. By: Josh Kitchens (jkitchens) 2015-05-18 12:57:27.198-0500 Attached files for crash with Asterisk GIT-master-908c6a5. By: Rusty Newton (rnewton) 2015-05-20 15:18:35.332-0500 Thanks! So, I'm a little confused on how to reproduce this. Can you provide a step by step guide to reproduce the issue? Also have you been able to reproduce the issue using any other webRTC client framework like SIPML5 or JSSIP, or only with SIP.js? By: Matt Jordan (mjordan) 2015-05-20 15:20:31.771-0500 Looking at the backtrace, {{session}} is NULL: {code} Program terminated with signal 11, Segmentation fault. #0 0x00000000005783bb in ast_sockaddr_isnull (addr=0x10) at /usr/local/src/asterisk-13-git/include/asterisk/netsock2.h:115 115 return !addr || addr->len == 0; #0 0x00000000005783bb in ast_sockaddr_isnull (addr=0x10) at /usr/local/src/asterisk-13-git/include/asterisk/netsock2.h:115 No locals. #1 0x00000000005784c4 in ast_sockaddr_stringify_fmt (sa=0x10, format=3) at netsock2.c:78 sa_ipv4 = {ss = {ss_family = 160, __ss_align = 6334499, __ss_padding = "H\016\000\000\000\000\000\000\000\203\214\000\000\000\000\000\020)\001D\210\177\000\000@#\000@\210\177\000\000\300\253\035z\210\177\000\000\324\316`\000\000\000\000\000\300\253\035z\210\177\000\000\345\a_\323\377\177\000\000 \254\035z\210\177\000\000\324{\314F\211\177\000\000 \254\035z\210\177\000\000\324{\314F\211\177\000\000\020\000\000\000\000\000\000\000\000\\\000\304\210\177\000"}, len = 0} sa_tmp = 0xffffffff8000dc80 host = '\000' <repeats 16 times>, "\001\000\000\000\000\000\000\000\300\247\035z\210\177\000\000\260\250\035z\210\177\000\000p\252\035z\210\177\000\000\320\035\315F\211\177\000\000\006\036\315F\211\177\000\000`\252\035z\210\177\000\000\005\000\000\000\000\000\000\000p\252\035z\210\177\000\000\320\035\315F\211\177\000\000`\252\035z\210\177\000\000\215\223\235F\211\177", '\000' <repeats 26 times>, "p\257\035z\210\177", '\000' <repeats 18 times>"\320, \256\035z\210\177", '\000' <repeats 42 times>, "@\252\035z\210\177\000\000H\252\035z\210\177\000\000P\252\035z\210\177\000\000X\252\035z\210\177\000\000x\257\035z\210\177\000\000\000\000\000\000\000\000\000\000\210\257\035z\210\177", '\000' <repeats 34 times>, "\031P\314F\211\177\000\000\000\000\000\000\000\000\000@", '\000' <repeats 376 times>, "p\252\035z\210\177\000\000\324{\314F\211\177\000\000\000\345"... port = "\000\000\000\000\000\000\000@", '\000' <repeats 23 times> str = 0x7f8946cc5019 e = 0 size = 1059 __PRETTY_FUNCTION__ = "ast_sockaddr_stringify_fmt" #2 0x00007f889a1a2372 in ast_sockaddr_stringify (addr=0x10) at /usr/local/src/asterisk-13-git/include/asterisk/netsock2.h:232 No locals. #3 0x00007f889a1a33b9 in transport_read (data=0x7f887a255810) at res_pjsip_transport_websocket.c:208 read_data = 0x7f887a255810 newtransport = 0x7f88c4005668 session = 0x0 rdata = 0x7f88c40057c0 recvd = 32649 buf = {ptr = 0x7f8844012970 "`j\001D\210\177", slen = 0} __PRETTY_FUNCTION__ = "transport_read" {code} That's bad. That means there is no longer a WebSocket session. For whatever reason, it looks like {{ast_websocket_read}} doesn't return -1 even if the underlying read fails. That feels wrong, but could explain how we managed to call the callback with a NULL session. By: Josh Kitchens (jkitchens) 2015-05-20 17:30:21.550-0500 So, this happens when I register, unregister, wait some time (>~20mins) then have the same sipJS UA register again. I did notice that the UA uses the same call-id as the last register/unregister. Is that the problem here? I don't quite understand https://tools.ietf.org/html/rfc3261#section-8.1.1.4 (Call-ID Definitaion in the SIP RFC). {code:title=Unregister, Response, Register|borderStyle=solid} 13:51:41.482 AKDT REGISTER sip:testerisk.microcom.tv SIP/2.0 Via: SIP/2.0/WSS 192.0.2.26;branch=z9hG4bK262665 Max-Forwards: 70 To: <sip:3883ws@testerisk.microcom.tv> From: <sip:3883ws@testerisk.microcom.tv>;tag=t601r9h9l7 Call-ID: 8k66qli3e5lt508nsjgi14 CSeq: 83 REGISTER Authorization: Digest algorithm=MD5, username="3883ws", realm="asterisk", nonce="1432158862/ff10df63bd59e001305fbd575b10d3a4", uri="sip:testerisk.microcom.tv", response="1c431aea63b9652c621aac6dd753cf1b", opaque="3274ceb57a1bf800", qop=auth, cnonce="jphct6760h6u", nc=00000001 Contact: <sip:q6tf3g61@192.0.2.26;transport=wss>;reg-id=1;+sip.instance="<urn:uuid:fca0da87-6640-476b-ba93-98c552fce98d>";expires=0 Supported: path,gruu,outbound User-Agent: SIP.js/0.6.4 Content-Length: 0 13:51:41.661 AKDT SIP/2.0 200 OK Via: SIP/2.0/WSS 192.0.2.26;rport=44041;received=10.100.100.198;branch=z9hG4bK262665 Call-ID: 8k66qli3e5lt508nsjgi14 From: <sip:3883ws@testerisk.microcom.tv>;tag=t601r9h9l7 To: <sip:3883ws@testerisk.microcom.tv>;tag=z9hG4bK262665 CSeq: 83 REGISTER Date: Wed, 20 May 2015 21:54:41 GMT Server: Asterisk PBX GIT-master-908c6a5 Content-Length: 0 14:12:13.995 AKDT REGISTER sip:testerisk.microcom.tv SIP/2.0 Via: SIP/2.0/WSS 192.0.2.26;branch=z9hG4bK6090101 Max-Forwards: 70 To: <sip:3883ws@testerisk.microcom.tv> From: <sip:3883ws@testerisk.microcom.tv>;tag=t601r9h9l7 Call-ID: 8k66qli3e5lt508nsjgi14 CSeq: 84 REGISTER Authorization: Digest algorithm=MD5, username="3883ws", realm="asterisk", nonce="1432158862/ff10df63bd59e001305fbd575b10d3a4", uri="sip:testerisk.microcom.tv", response="1c431aea63b9652c621aac6dd753cf1b", opaque="3274ceb57a1bf800", qop=auth, cnonce="jphct6760h6u", nc=00000001 Contact: <sip:q6tf3g61@192.0.2.26;transport=wss>;reg-id=1;+sip.instance="<urn:uuid:fca0da87-6640-476b-ba93-98c552fce98d>";expires=600 Allow: ACK,CANCEL,BYE,OPTIONS,INFO,NOTIFY,INVITE Supported: path,gruu,outbound User-Agent: SIP.js/0.6.4 Content-Length: 0 {code} By: Ivan Poddubny (ipoddubny) 2015-06-06 13:15:25.995-0500 I've submitted a patch that I believe fixes the problem: https://gerrit.asterisk.org/#/c/598/ Josh, can you please test it? | ||