[asterisk-bugs] [JIRA] (ASTERISK-26219) segfault in ast_manager_build_channel_state_string_prefix

Matt Jordan (JIRA) noreply at issues.asterisk.org
Sat Sep 3 16:42:01 CDT 2016 

    [ https://issues.asterisk.org/jira/browse/ASTERISK-26219?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=232140#comment-232140 ] 

Matt Jordan commented on ASTERISK-26219:
----------------------------------------

The issue is that somehow, something is raising a hold indication without a channel. You can see that in the backtrace here:

{code}
#0  0x0000000000561d93 in ast_manager_build_channel_state_string_prefix (snapshot=0x0, prefix=0x6ce4db "")
    at manager_channels.c:417
        out = 0x7f23bc04bbe0
        res = 0
        caller_name = 0x7f241dd00aa0 "\300\n\320\035$\177"
        connected_name = 0x563b05 "UH\211\345SH\203\354xH\211}\270H\211u\260H\211U\250H\213E\250H\211\307\350\345\340\a"
#1  0x0000000000562273 in ast_manager_build_channel_state_string (snapshot=0x0) at manager_channels.c:483
No locals.
#2  0x0000000000563b54 in channel_hold_cb (data=0x0, sub=0x1d01c88, message=0x7f2380141e38) at manager_channels.c:1104
        obj = 0x7f23802caa68
        musicclass_string = 0x7f23bc009600
        channel_event_string = 0x1d020e8
        __PRETTY_FUNCTION__ = "channel_hold_cb"
#3  0x00000000005e2365 in router_dispatch (data=0x1d01f78, sub=0x1d01c88, message=0x7f2380141e38)
    at stasis_message_router.c:201
        router = 0x1d01f78
        route = {message_type = 0x1c09fa8, callback = 0x563b05 <channel_hold_cb>, data = 0x0}
{code}

Note that in {{ast_manager_build_channel_state_string}}, the snapshot is NULL. That's bad, as that has to be pulled directly out of the {{obj}} that was passed onto the Stasis message bus. That means that when we made the message to be published, we were unable to get a snapshot for the channel out of the Stasis cache:

{code}
struct stasis_message *ast_channel_blob_create_from_cache(const char *channel_id,
					       struct stasis_message_type *type,
					       struct ast_json *blob)
{
	RAII_VAR(struct ast_channel_snapshot *, snapshot,
			NULL,
			ao2_cleanup);

	if (!type) {
		return NULL;
	}

	snapshot = ast_channel_snapshot_get_latest(channel_id);

	return create_channel_blob_message(snapshot, type, blob);
}
{code}

That's pretty odd, as I'm not sure how you'd get a hold indication raised on a channel whose state wasn't being tracked appropriately.

What channel technologies are you using?

> segfault in ast_manager_build_channel_state_string_prefix
> ---------------------------------------------------------
>
>                 Key: ASTERISK-26219
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-26219
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>         Environment: CentOS release 6.8 (Final)
> Linux asterisk2.ansspc.com 2.6.32-573.1.1.el6.x86_64 #1 SMP Sat Jul 25 17:05:50 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
> Asterisk GIT-13-ac6824eM built by root @ asterisk2.ansspc.com on a x86_64 running Linux on 2016-06-01 13:44:27 UTC
>            Reporter: Michel R. Vaillancourt
>            Assignee: Michel R. Vaillancourt
>            Severity: Critical
>         Attachments: core.asterisk.26919.backtrace.txt
>
>
> Two segFaults in Asterisk within past week.
> Jul 12 18:23:05 asterisk2 kernel: asterisk[19715]: segfault at 108 ip 000000000053cd1f sp 00007ff376f24a70 error 4 in asterisk[400000+25e000]
> Jul 19 14:48:04 asterisk2 kernel: asterisk[32177]: segfault at 108 ip 000000000053cd1f sp 00007f45e5b29a50 error 4 in asterisk[400000+25e000]
> We'll provide a core dump with appropriate debugging enabled as soon as we can.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list