[asterisk-bugs] [JIRA] (ASTERISK-27146) Crash during attended transfer

Worldexe (JIRA) noreply at issues.asterisk.org
Wed Jul 19 10:04:58 CDT 2017 

Worldexe created ASTERISK-27146:
-----------------------------------

             Summary: Crash during attended transfer
                 Key: ASTERISK-27146
                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-27146
             Project: Asterisk
          Issue Type: Bug
      Security Level: None
    Affects Versions: 13.15.0
            Reporter: Worldexe
            Severity: Critical


I encountered a crash that occurs during attended transfer.
I checked the latest 13.x version, but I am not confident enough with Asterisk codebase to identify the potential fix; I also did not find related bugs.
I plan to upgrade to the latest 13.x version soon; hope this will fix the issue.

I am running Asterisk 13.15.0 on Ubuntu 16.04.2;
The crash occured during attended transfer; here is what we have in logs:
{code}
[2017-07-19 16:53:10] WARNING[6544][C-0011e455] bridge_basic.c: Unexpected stimulus 'Transfer Target Answer' received in attended transfer state 'Blond Non-Final'
[2017-07-19 16:53:10] ERROR[6544][C-0011e455] astobj2.c: FRACK!, Failed assertion user_data is NULL (0)
[2017-07-19 16:53:10] VERBOSE[6544][C-0011e455] logger.c: Got 9 backtrace records
[2017-07-19 16:53:10] VERBOSE[6544][C-0011e455] logger.c: #0: [0x493ae4] /usr/sbin/asterisk() [0x493ae4]
[2017-07-19 16:53:10] VERBOSE[6544][C-0011e455] logger.c: #1: [0x4d9f2a] /usr/sbin/asterisk() [0x4d9f2a]
[2017-07-19 16:53:10] VERBOSE[6544][C-0011e455] logger.c: #2: [0x4d3d3d] /usr/sbin/asterisk() [0x4d3d3d]
[2017-07-19 16:53:10] VERBOSE[6544][C-0011e455] logger.c: #3: [0x827e70] /usr/sbin/asterisk() [0x827e70]
[2017-07-19 16:53:10] ERROR[6544][C-0011e455] astobj2.c: FRACK!, Failed assertion user_data is NULL (0)
[2017-07-19 16:53:10] VERBOSE[6544][C-0011e455] logger.c: Got 10 backtrace records
[2017-07-19 16:53:10] VERBOSE[6544][C-0011e455] logger.c: #0: [0x493f82] /usr/sbin/asterisk(__ao2_lock+0x1d2) [0x493f82]
[2017-07-19 16:53:10] VERBOSE[6544][C-0011e455] logger.c: #1: [0x4d9d35] /usr/sbin/asterisk() [0x4d9d35]
[2017-07-19 16:53:10] VERBOSE[6544][C-0011e455] logger.c: #2: [0x4d9f5c] /usr/sbin/asterisk() [0x4d9f5c]
[2017-07-19 16:53:10] VERBOSE[6544][C-0011e455] logger.c: #3: [0x4d3d3d] /usr/sbin/asterisk() [0x4d3d3d]
[2017-07-19 16:53:10] VERBOSE[6544][C-0011e455] logger.c: #4: [0x827e70] /usr/sbin/asterisk() [0x827e70]
{code}

Here is what really happened according to core dump:
{code}
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00000000005a0a27 in ast_channel_internal_bridge_channel (chan=chan at entry=0x0) at channel_internal_api.c:1454
1454            return chan->bridge_channel;
[Current thread is 1 (Thread 0x7fd0eb4ba700 (LWP 6544))]
(gdb) bt
#0  0x00000000005a0a27 in ast_channel_internal_bridge_channel (chan=chan at entry=0x0) at channel_internal_api.c:1454
#1  0x00000000005904ce in ast_channel_get_bridge_channel (chan=chan at entry=0x0) at channel.c:10629
#2  0x00000000004d9d3d in ringing (chan=0x0) at bridge_basic.c:1804
#3  blond_enter (props=props at entry=0x615000a41050) at bridge_basic.c:2315
#4  0x00000000004d9f5c in blond_nonfinal_enter (props=0x615000a41050) at bridge_basic.c:2329
#5  0x00000000004d3d3d in attended_transfer_monitor_thread (data=data at entry=0x615000a41050) at bridge_basic.c:3047
#6  0x0000000000827e70 in dummy_start (data=0x602000446f60) at utils.c:1235
#7  0x00007fd109caa6ba in start_thread (arg=0x7fd0eb4ba700) at pthread_create.c:333
#8  0x00007fd1092933dd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109
(gdb) print chan
$1 = (const struct ast_channel *) 0x0
(gdb) frame 3
#3  blond_enter (props=props at entry=0x615000a41050) at bridge_basic.c:2315
2315            ringing(props->transfer_target);
(gdb) print props->transfer_target
$2 = (struct ast_channel *) 0x0
(gdb) print props->state
$3 = TRANSFER_BLOND_NONFINAL
{code}

So, {{transfer_target}} suddenly became NULL (I guess it was unref'ed by someone); those error messages in log may be related.
I can investigate other threads/info in core dump if you tell me what to search for, but I can not upload it due to privacy reasons.






--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list