search

ossrs / srs-gb28181

GB28181 server based on SRS
https://ossrs.net
MIT License
83 stars 41 forks source link

GB28181: SIP注销时程序崩溃(偶发) #2256 #27

Open winlinvip opened 2 years ago

winlinvip commented 2 years ago

描述(Description)

当sip注销时,接受到一个invite请求,status等于486,然后调用SrsGb28181SipSession::get_device_info(std::string chid)函数时,程序崩溃。目前定位到的原因是_device_list这个map的size突然变的特别大,导致find函数异常。

  1. SRS版本(Version): 4.0release
  2. SRS的日志如下(Log): 
    
#0  0x00007ffff7568906 in std::string::compare(std::string const&) const () from /lib64/libstdc++.so.6
#1  0x00000000004a3dd3 in std::operator< <char, std::char_traits<char>, std::allocator<char> > (__lhs=<error reading variable: Cannot access memory at address 0x72460a0d45544976>, __rhs="34020000001310000001")
at /opt/rh/devtoolset-9/root/usr/include/c++/9/bits/basic_string.h:6229
#2  0x00000000004a3c3d in std::less<std::string>::operator() (this=0xed8be0, __x=<error reading variable: Cannot access memory at address 0x72460a0d45544976>, __y="34020000001310000001")
at /opt/rh/devtoolset-9/root/usr/include/c++/9/bits/stl_function.h:386
#3  0x000000000067aa1d in std::_Rb_tree<std::string, std::pair<std::string const, SrsGb28181Device*>, std::_Select1st<std::pair<std::string const, SrsGb28181Device*> >, std::less<std::string>, std::allocator<std::pair<std::string const, SrsGb28181Device*> > >::_M_lower_bound (this=0xed8be0, __x=0x72460a0d45544956, __y=0xed8be8, __k="34020000001310000001") at /opt/rh/devtoolset-9/root/usr/include/c++/9/bits/stl_tree.h:1929
#4  0x00000000006796c9 in std::_Rb_tree<std::string, std::pair<std::string const, SrsGb28181Device*>, std::_Select1st<std::pair<std::string const, SrsGb28181Device*> >, std::less<std::string>, std::allocator<std::pair<std::string const, SrsGb28181Device*> > >::find (this=0xed8be0, __k="34020000001310000001") at /opt/rh/devtoolset-9/root/usr/include/c++/9/bits/stl_tree.h:2557
#5  0x000000000067823d in std::map<std::string, SrsGb28181Device*, std::less<std::string>, std::allocator<std::pair<std::string const, SrsGb28181Device*> > >::find (this=0xed8be0, __x="34020000001310000001")
at /opt/rh/devtoolset-9/root/usr/include/c++/9/bits/stl_map.h:1169
#6  0x000000000066fcb9 in SrsGb28181SipSession::get_device_info (this=0xed8b50, chid="34020000001310000001") at src/app/srs_app_gb28181_sip.cpp:392
#7  0x000000000067320e in SrsGb28181SipService::on_udp_sip (this=0xdcac60, peer_ip="192.168.103.195", peer_port=5060, 
recv_msg="SIP/2.0 486 Busy Here\r\nCall-ID: 202040942889\r\nContact: <sip:34020000001320000001@192.168.103.195:5060>\r\nContent-Length: 0\r\nCSeq: 3220 INVITE\r\nFrom: <sip:34020000002000000001@3402000000>;tag=SrsGbF3196"..., from=0xdebc00, fromlen=16) at src/app/srs_app_gb28181_sip.cpp:702
#8  0x0000000000670ebb in SrsGb28181SipService::on_udp_packet (this=0xdcac60, from=0xdebc00, fromlen=16, 
buf=0xdcaec0 "SIP/2.0 486 Busy Here\r\nCall-ID: 202040942889\r\nContact: <sip:34020000001320000001@192.168.103.195:5060>\r\nContent-Length: 0\r\nCSeq: 3220 INVITE\r\nFrom: <sip:34020000002000000001@3402000000>;tag=SrsGbF3196"..., nb_buf=492) at src/app/srs_app_gb28181_sip.cpp:497
#9  0x00000000005d283d in SrsUdpListener::cycle (this=0xdcae70) at src/app/srs_app_listener.cpp:218
#10 0x000000000052b141 in SrsFastCoroutine::cycle (this=0xddaed0) at src/app/srs_app_st.cpp:270
#11 0x000000000052b1c4 in SrsFastCoroutine::pfn (arg=0xddaed0) at src/app/srs_app_st.cpp:285
#12 0x00000000006970cc in _st_thread_main () at sched.c:363
#13 0x0000000000697946 in st_thread_create (start=
0x4c0692 <std::_Rb_tree<std::string, std::pair<std::string const, SrsHttpMuxEntry*>, std::_Select1st<std::pair<std::string const, SrsHttpMuxEntry*> >, std::less<std::string>, std::allocator<std::pair<std::string const, SrsHttpMuxEntry*> > >::_M_insert_<std::_Rb_tree<std::string, std::pair<std::string const, SrsHttpMuxEntry*>, std::_Select1st<std::pair<std::string const, SrsHttpMuxEntry*> >, std::less<std::string>, std::allocator<std::pair<std::string const, SrsHttpMuxEntry*> > >::_Alloc_node>(std::_Rb_tree_node_base*, std::_Rb_tree_node_base*, std::pair<std::string const, SrsHttpMuxEntry*> const&, std::_Rb_tree<std::string, std::pair<std::string const, SrsHttpMuxEntry*>, std::_Select1st<std::pair<std::string const, SrsHttpMuxEntry*> >, std::less<std::string>, std::allocator<std::pair<std::string const, SrsHttpMuxEntry*> > >::_Alloc_node&)+216>, 
arg=0x7fffffffdb10, joinable=32767, stk_size=-9496) at sched.c:694
#14 0x0000000000012010 in ?? ()
#15 0x00007ffff6f8c7b8 in main_arena () from /lib64/libc.so.6
#16 0x00007ffff6c478ca in _int_malloc () from /lib64/libc.so.6
#17 0x00007ffff6c4a6fc in malloc () from /lib64/libc.so.6
#18 0x0000000000020b30 in ?? ()
#19 0x0000000000000010 in ?? ()
#20 0x0000000000eb24d0 in ?? ()
#21 0x0000000000000000 in ?? ()
1. SRS的配置如下(Config):

配置使用的是 push.gb28181.conf



**重现(Replay)**

> 重现Bug的步骤(How to replay bug?)

1. 偶发。基本上是在sip注册成功,然后调用了sip的catalog、device_info和config_download查询指令,然后再注销sip时偶发。
<img width="1200" alt="D5E5F44B-C96D-492f-BF66-46F86CFAB6EE" src="https://user-images.githubusercontent.com/47287700/112099433-73fea180-8bde-11eb-99ce-b6445dc161cd.png">

**期望行为(Expect)**

> 描述你期望发生的事情(Please describe your expectation)