[Home]

Summary:ASTERISK-25096: [patch]Segfault when registering over websockets with PJSIP (in ast_sockaddr_isnull at /include/asterisk/netsock2.h)
Reporter:Josh Kitchens (jkitchens)Labels:
Date Opened:2015-05-15 10:47:10Date Closed:2015-06-10 12:22:51
Priority:MajorRegression?
Status:Closed/CompleteComponents:Resources/res_pjsip
Versions:SVN Frequency of
Occurrence
Frequent
Related
Issues:
Environment:Debian 7.8, pjproject 2.3.0, Asterisk GIT-master-908c6a5 (18/May/15)Attachments:( 0) core.txt
( 1) core20150518-0943.txt
( 2) pjsip_configuration.conf
( 3) WSasteriskcrash.txt
( 4) wsRegister20150518-0943.txt
Description:Asterisk crashes when I attempt to register from a browser, but only after I leave the browser open for some time without registering (~1 hour).
Comments:By: Josh Kitchens (jkitchens) 2015-05-15 10:51:49.956-0500

WSasteriskscrash.txt has the ws connection from chrome, and the Register that crashed asterisk.

I compiled pjproject with CFLAGS='-g3' but I still don't get symbol tables for libpjsip.so.2 in the backtrace.

By: Rusty Newton (rnewton) 2015-05-15 17:30:17.482-0500

Can you verify the issue still occurs in the latest Git branch 13, or Master ?

https://wiki.asterisk.org/wiki/display/AST/Gerrit+Usage

Use Send Back or Enter Feedback to send the issue back to us.

By: Josh Kitchens (jkitchens) 2015-05-18 12:55:25.071-0500

Confirmed with Asterisk GIT-master-908c6a5. Attached the core dump as core20150518-0943.txt, and the websocket message as wsRegister20150518-0943.txt.

By: Josh Kitchens (jkitchens) 2015-05-18 12:57:27.198-0500

Attached files for crash with Asterisk GIT-master-908c6a5.

By: Rusty Newton (rnewton) 2015-05-20 15:18:35.332-0500

Thanks!

So, I'm a little confused on how to reproduce this. Can you provide a step by step guide to reproduce the issue?

Also have you been able to reproduce the issue using any other webRTC client framework like SIPML5 or JSSIP, or only with SIP.js?

By: Matt Jordan (mjordan) 2015-05-20 15:20:31.771-0500

Looking at the backtrace, {{session}} is NULL:

{code}
Program terminated with signal 11, Segmentation fault.
#0  0x00000000005783bb in ast_sockaddr_isnull (addr=0x10) at /usr/local/src/asterisk-13-git/include/asterisk/netsock2.h:115
115 return !addr || addr->len == 0;
#0  0x00000000005783bb in ast_sockaddr_isnull (addr=0x10) at /usr/local/src/asterisk-13-git/include/asterisk/netsock2.h:115
No locals.
#1  0x00000000005784c4 in ast_sockaddr_stringify_fmt (sa=0x10, format=3) at netsock2.c:78
       sa_ipv4 = {ss = {ss_family = 160, __ss_align = 6334499, __ss_padding = "H\016\000\000\000\000\000\000\000\203\214\000\000\000\000\000\020)\001D\210\177\000\000@#\000@\210\177\000\000\300\253\035z\210\177\000\000\324\316`\000\000\000\000\000\300\253\035z\210\177\000\000\345\a_\323\377\177\000\000 \254\035z\210\177\000\000\324{\314F\211\177\000\000 \254\035z\210\177\000\000\324{\314F\211\177\000\000\020\000\000\000\000\000\000\000\000\\\000\304\210\177\000"}, len = 0}
       sa_tmp = 0xffffffff8000dc80
       host = '\000' <repeats 16 times>, "\001\000\000\000\000\000\000\000\300\247\035z\210\177\000\000\260\250\035z\210\177\000\000p\252\035z\210\177\000\000\320\035\315F\211\177\000\000\006\036\315F\211\177\000\000`\252\035z\210\177\000\000\005\000\000\000\000\000\000\000p\252\035z\210\177\000\000\320\035\315F\211\177\000\000`\252\035z\210\177\000\000\215\223\235F\211\177", '\000' <repeats 26 times>, "p\257\035z\210\177", '\000' <repeats 18 times>"\320, \256\035z\210\177", '\000' <repeats 42 times>, "@\252\035z\210\177\000\000H\252\035z\210\177\000\000P\252\035z\210\177\000\000X\252\035z\210\177\000\000x\257\035z\210\177\000\000\000\000\000\000\000\000\000\000\210\257\035z\210\177", '\000' <repeats 34 times>, "\031P\314F\211\177\000\000\000\000\000\000\000\000\000@", '\000' <repeats 376 times>, "p\252\035z\210\177\000\000\324{\314F\211\177\000\000\000\345"...
       port = "\000\000\000\000\000\000\000@", '\000' <repeats 23 times>
       str = 0x7f8946cc5019
       e = 0
       size = 1059
       __PRETTY_FUNCTION__ = "ast_sockaddr_stringify_fmt"
#2  0x00007f889a1a2372 in ast_sockaddr_stringify (addr=0x10) at /usr/local/src/asterisk-13-git/include/asterisk/netsock2.h:232
No locals.
#3  0x00007f889a1a33b9 in transport_read (data=0x7f887a255810) at res_pjsip_transport_websocket.c:208
       read_data = 0x7f887a255810
       newtransport = 0x7f88c4005668
       session = 0x0
       rdata = 0x7f88c40057c0
       recvd = 32649
       buf = {ptr = 0x7f8844012970 "`j\001D\210\177", slen = 0}
       __PRETTY_FUNCTION__ = "transport_read"
{code}

That's bad. That means there is no longer a WebSocket session.

For whatever reason, it looks like {{ast_websocket_read}} doesn't return -1 even if the underlying read fails. That feels wrong, but could explain how we managed to call the callback with a NULL session.

By: Josh Kitchens (jkitchens) 2015-05-20 17:30:21.550-0500

So, this happens when I register, unregister, wait some time (>~20mins) then have the same sipJS UA register again. I did notice that the UA uses the same call-id as the last register/unregister. Is that the problem here? I don't quite understand https://tools.ietf.org/html/rfc3261#section-8.1.1.4 (Call-ID Definitaion in the SIP RFC).

{code:title=Unregister, Response, Register|borderStyle=solid}
13:51:41.482 AKDT
REGISTER sip:testerisk.microcom.tv SIP/2.0
Via: SIP/2.0/WSS 192.0.2.26;branch=z9hG4bK262665
Max-Forwards: 70
To: <sip:3883ws@testerisk.microcom.tv>
From: <sip:3883ws@testerisk.microcom.tv>;tag=t601r9h9l7
Call-ID: 8k66qli3e5lt508nsjgi14
CSeq: 83 REGISTER
Authorization: Digest algorithm=MD5, username="3883ws", realm="asterisk", nonce="1432158862/ff10df63bd59e001305fbd575b10d3a4", uri="sip:testerisk.microcom.tv", response="1c431aea63b9652c621aac6dd753cf1b", opaque="3274ceb57a1bf800", qop=auth, cnonce="jphct6760h6u", nc=00000001
Contact: <sip:q6tf3g61@192.0.2.26;transport=wss>;reg-id=1;+sip.instance="<urn:uuid:fca0da87-6640-476b-ba93-98c552fce98d>";expires=0
Supported: path,gruu,outbound
User-Agent: SIP.js/0.6.4
Content-Length: 0

13:51:41.661 AKDT
SIP/2.0 200 OK
Via: SIP/2.0/WSS 192.0.2.26;rport=44041;received=10.100.100.198;branch=z9hG4bK262665
Call-ID: 8k66qli3e5lt508nsjgi14
From: <sip:3883ws@testerisk.microcom.tv>;tag=t601r9h9l7
To: <sip:3883ws@testerisk.microcom.tv>;tag=z9hG4bK262665
CSeq: 83 REGISTER
Date: Wed, 20 May 2015 21:54:41 GMT
Server: Asterisk PBX GIT-master-908c6a5
Content-Length:  0

14:12:13.995 AKDT
REGISTER sip:testerisk.microcom.tv SIP/2.0
Via: SIP/2.0/WSS 192.0.2.26;branch=z9hG4bK6090101
Max-Forwards: 70
To: <sip:3883ws@testerisk.microcom.tv>
From: <sip:3883ws@testerisk.microcom.tv>;tag=t601r9h9l7
Call-ID: 8k66qli3e5lt508nsjgi14
CSeq: 84 REGISTER
Authorization: Digest algorithm=MD5, username="3883ws", realm="asterisk", nonce="1432158862/ff10df63bd59e001305fbd575b10d3a4", uri="sip:testerisk.microcom.tv", response="1c431aea63b9652c621aac6dd753cf1b", opaque="3274ceb57a1bf800", qop=auth, cnonce="jphct6760h6u", nc=00000001
Contact: <sip:q6tf3g61@192.0.2.26;transport=wss>;reg-id=1;+sip.instance="<urn:uuid:fca0da87-6640-476b-ba93-98c552fce98d>";expires=600
Allow: ACK,CANCEL,BYE,OPTIONS,INFO,NOTIFY,INVITE
Supported: path,gruu,outbound
User-Agent: SIP.js/0.6.4
Content-Length: 0
{code}


By: Ivan Poddubny (ipoddubny) 2015-06-06 13:15:25.995-0500

I've submitted a patch that I believe fixes the problem: https://gerrit.asterisk.org/#/c/598/
Josh, can you please test it?