[asterisk-bugs] [JIRA] (ASTERISK-27146) Crash during attended transfer

Asterisk Team (JIRA) noreply at issues.asterisk.org
Wed Jul 19 10:04:58 CDT 2017 

    [ https://issues.asterisk.org/jira/browse/ASTERISK-27146?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=237746#comment-237746 ] 

Asterisk Team commented on ASTERISK-27146:
------------------------------------------

Thanks for creating a report! The issue has entered the triage process. That means the issue will wait in this status until a Bug Marshal has an opportunity to review the issue. Once the issue has been reviewed you will receive comments regarding the next steps towards resolution.

A good first step is for you to review the [Asterisk Issue Guidelines|https://wiki.asterisk.org/wiki/display/AST/Asterisk+Issue+Guidelines] if you haven't already. The guidelines detail what is expected from an Asterisk issue report.

Then, if you are submitting a patch, please review the [Patch Contribution Process|https://wiki.asterisk.org/wiki/display/AST/Patch+Contribution+Process].

> Crash during attended transfer
> ------------------------------
>
>                 Key: ASTERISK-27146
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-27146
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>    Affects Versions: 13.15.0
>            Reporter: Worldexe
>            Severity: Critical
>
> I encountered a crash that occurs during attended transfer.
> I checked the latest 13.x version, but I am not confident enough with Asterisk codebase to identify the potential fix; I also did not find related bugs.
> I plan to upgrade to the latest 13.x version soon; hope this will fix the issue.
> I am running Asterisk 13.15.0 on Ubuntu 16.04.2;
> The crash occured during attended transfer; here is what we have in logs:
> {code}
> [2017-07-19 16:53:10] WARNING[6544][C-0011e455] bridge_basic.c: Unexpected stimulus 'Transfer Target Answer' received in attended transfer state 'Blond Non-Final'
> [2017-07-19 16:53:10] ERROR[6544][C-0011e455] astobj2.c: FRACK!, Failed assertion user_data is NULL (0)
> [2017-07-19 16:53:10] VERBOSE[6544][C-0011e455] logger.c: Got 9 backtrace records
> [2017-07-19 16:53:10] VERBOSE[6544][C-0011e455] logger.c: #0: [0x493ae4] /usr/sbin/asterisk() [0x493ae4]
> [2017-07-19 16:53:10] VERBOSE[6544][C-0011e455] logger.c: #1: [0x4d9f2a] /usr/sbin/asterisk() [0x4d9f2a]
> [2017-07-19 16:53:10] VERBOSE[6544][C-0011e455] logger.c: #2: [0x4d3d3d] /usr/sbin/asterisk() [0x4d3d3d]
> [2017-07-19 16:53:10] VERBOSE[6544][C-0011e455] logger.c: #3: [0x827e70] /usr/sbin/asterisk() [0x827e70]
> [2017-07-19 16:53:10] ERROR[6544][C-0011e455] astobj2.c: FRACK!, Failed assertion user_data is NULL (0)
> [2017-07-19 16:53:10] VERBOSE[6544][C-0011e455] logger.c: Got 10 backtrace records
> [2017-07-19 16:53:10] VERBOSE[6544][C-0011e455] logger.c: #0: [0x493f82] /usr/sbin/asterisk(__ao2_lock+0x1d2) [0x493f82]
> [2017-07-19 16:53:10] VERBOSE[6544][C-0011e455] logger.c: #1: [0x4d9d35] /usr/sbin/asterisk() [0x4d9d35]
> [2017-07-19 16:53:10] VERBOSE[6544][C-0011e455] logger.c: #2: [0x4d9f5c] /usr/sbin/asterisk() [0x4d9f5c]
> [2017-07-19 16:53:10] VERBOSE[6544][C-0011e455] logger.c: #3: [0x4d3d3d] /usr/sbin/asterisk() [0x4d3d3d]
> [2017-07-19 16:53:10] VERBOSE[6544][C-0011e455] logger.c: #4: [0x827e70] /usr/sbin/asterisk() [0x827e70]
> {code}
> Here is what really happened according to core dump:
> {code}
> Program terminated with signal SIGSEGV, Segmentation fault.
> #0  0x00000000005a0a27 in ast_channel_internal_bridge_channel (chan=chan at entry=0x0) at channel_internal_api.c:1454
> 1454            return chan->bridge_channel;
> [Current thread is 1 (Thread 0x7fd0eb4ba700 (LWP 6544))]
> (gdb) bt
> #0  0x00000000005a0a27 in ast_channel_internal_bridge_channel (chan=chan at entry=0x0) at channel_internal_api.c:1454
> #1  0x00000000005904ce in ast_channel_get_bridge_channel (chan=chan at entry=0x0) at channel.c:10629
> #2  0x00000000004d9d3d in ringing (chan=0x0) at bridge_basic.c:1804
> #3  blond_enter (props=props at entry=0x615000a41050) at bridge_basic.c:2315
> #4  0x00000000004d9f5c in blond_nonfinal_enter (props=0x615000a41050) at bridge_basic.c:2329
> #5  0x00000000004d3d3d in attended_transfer_monitor_thread (data=data at entry=0x615000a41050) at bridge_basic.c:3047
> #6  0x0000000000827e70 in dummy_start (data=0x602000446f60) at utils.c:1235
> #7  0x00007fd109caa6ba in start_thread (arg=0x7fd0eb4ba700) at pthread_create.c:333
> #8  0x00007fd1092933dd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109
> (gdb) print chan
> $1 = (const struct ast_channel *) 0x0
> (gdb) frame 3
> #3  blond_enter (props=props at entry=0x615000a41050) at bridge_basic.c:2315
> 2315            ringing(props->transfer_target);
> (gdb) print props->transfer_target
> $2 = (struct ast_channel *) 0x0
> (gdb) print props->state
> $3 = TRANSFER_BLOND_NONFINAL
> {code}
> So, {{transfer_target}} suddenly became NULL (I guess it was unref'ed by someone); those error messages in log may be related.
> I can investigate other threads/info in core dump if you tell me what to search for, but I can not upload it due to privacy reasons.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list