[asterisk-bugs] [JIRA] (ASTERISK-27146) Crash during attended transfer

Richard Mudgett (JIRA) noreply at issues.asterisk.org
Wed Jul 19 10:24:57 CDT 2017 

     [ https://issues.asterisk.org/jira/browse/ASTERISK-27146?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Richard Mudgett updated ASTERISK-27146:
---------------------------------------

    Description: 
I encountered a crash that occurs during attended transfer.
I checked the latest 13.x version, but I am not confident enough with Asterisk codebase to identify the potential fix; I also did not find related bugs.
I plan to upgrade to the latest 13.x version soon; hope this will fix the issue.

I am running Asterisk 13.15.0 on Ubuntu 16.04.2;
The crash occurred during attended transfer; here is what we have in logs:
{noformat}
[2017-07-19 16:53:10] WARNING[6544][C-0011e455] bridge_basic.c: Unexpected stimulus 'Transfer Target Answer' received in attended transfer state 'Blond Non-Final'
[2017-07-19 16:53:10] ERROR[6544][C-0011e455] astobj2.c: FRACK!, Failed assertion user_data is NULL (0)
[2017-07-19 16:53:10] VERBOSE[6544][C-0011e455] logger.c: Got 9 backtrace records
[2017-07-19 16:53:10] VERBOSE[6544][C-0011e455] logger.c: #0: [0x493ae4] /usr/sbin/asterisk() [0x493ae4]
[2017-07-19 16:53:10] VERBOSE[6544][C-0011e455] logger.c: #1: [0x4d9f2a] /usr/sbin/asterisk() [0x4d9f2a]
[2017-07-19 16:53:10] VERBOSE[6544][C-0011e455] logger.c: #2: [0x4d3d3d] /usr/sbin/asterisk() [0x4d3d3d]
[2017-07-19 16:53:10] VERBOSE[6544][C-0011e455] logger.c: #3: [0x827e70] /usr/sbin/asterisk() [0x827e70]
[2017-07-19 16:53:10] ERROR[6544][C-0011e455] astobj2.c: FRACK!, Failed assertion user_data is NULL (0)
[2017-07-19 16:53:10] VERBOSE[6544][C-0011e455] logger.c: Got 10 backtrace records
[2017-07-19 16:53:10] VERBOSE[6544][C-0011e455] logger.c: #0: [0x493f82] /usr/sbin/asterisk(__ao2_lock+0x1d2) [0x493f82]
[2017-07-19 16:53:10] VERBOSE[6544][C-0011e455] logger.c: #1: [0x4d9d35] /usr/sbin/asterisk() [0x4d9d35]
[2017-07-19 16:53:10] VERBOSE[6544][C-0011e455] logger.c: #2: [0x4d9f5c] /usr/sbin/asterisk() [0x4d9f5c]
[2017-07-19 16:53:10] VERBOSE[6544][C-0011e455] logger.c: #3: [0x4d3d3d] /usr/sbin/asterisk() [0x4d3d3d]
[2017-07-19 16:53:10] VERBOSE[6544][C-0011e455] logger.c: #4: [0x827e70] /usr/sbin/asterisk() [0x827e70]
{noformat}

Here is what really happened according to core dump:
{noformat}
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00000000005a0a27 in ast_channel_internal_bridge_channel (chan=chan at entry=0x0) at channel_internal_api.c:1454
1454            return chan->bridge_channel;
[Current thread is 1 (Thread 0x7fd0eb4ba700 (LWP 6544))]
(gdb) bt
#0  0x00000000005a0a27 in ast_channel_internal_bridge_channel (chan=chan at entry=0x0) at channel_internal_api.c:1454
#1  0x00000000005904ce in ast_channel_get_bridge_channel (chan=chan at entry=0x0) at channel.c:10629
#2  0x00000000004d9d3d in ringing (chan=0x0) at bridge_basic.c:1804
#3  blond_enter (props=props at entry=0x615000a41050) at bridge_basic.c:2315
#4  0x00000000004d9f5c in blond_nonfinal_enter (props=0x615000a41050) at bridge_basic.c:2329
#5  0x00000000004d3d3d in attended_transfer_monitor_thread (data=data at entry=0x615000a41050) at bridge_basic.c:3047
#6  0x0000000000827e70 in dummy_start (data=0x602000446f60) at utils.c:1235
#7  0x00007fd109caa6ba in start_thread (arg=0x7fd0eb4ba700) at pthread_create.c:333
#8  0x00007fd1092933dd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109
(gdb) print chan
$1 = (const struct ast_channel *) 0x0
(gdb) frame 3
#3  blond_enter (props=props at entry=0x615000a41050) at bridge_basic.c:2315
2315            ringing(props->transfer_target);
(gdb) print props->transfer_target
$2 = (struct ast_channel *) 0x0
(gdb) print props->state
$3 = TRANSFER_BLOND_NONFINAL
{noformat}

So, {{transfer_target}} suddenly became NULL (I guess it was unref'ed by someone); those error messages in log may be related.
I can investigate other threads/info in core dump if you tell me what to search for, but I can not upload it due to privacy reasons.


  was:
I encountered a crash that occurs during attended transfer.
I checked the latest 13.x version, but I am not confident enough with Asterisk codebase to identify the potential fix; I also did not find related bugs.
I plan to upgrade to the latest 13.x version soon; hope this will fix the issue.

I am running Asterisk 13.15.0 on Ubuntu 16.04.2;
The crash occured during attended transfer; here is what we have in logs:
{code}
[2017-07-19 16:53:10] WARNING[6544][C-0011e455] bridge_basic.c: Unexpected stimulus 'Transfer Target Answer' received in attended transfer state 'Blond Non-Final'
[2017-07-19 16:53:10] ERROR[6544][C-0011e455] astobj2.c: FRACK!, Failed assertion user_data is NULL (0)
[2017-07-19 16:53:10] VERBOSE[6544][C-0011e455] logger.c: Got 9 backtrace records
[2017-07-19 16:53:10] VERBOSE[6544][C-0011e455] logger.c: #0: [0x493ae4] /usr/sbin/asterisk() [0x493ae4]
[2017-07-19 16:53:10] VERBOSE[6544][C-0011e455] logger.c: #1: [0x4d9f2a] /usr/sbin/asterisk() [0x4d9f2a]
[2017-07-19 16:53:10] VERBOSE[6544][C-0011e455] logger.c: #2: [0x4d3d3d] /usr/sbin/asterisk() [0x4d3d3d]
[2017-07-19 16:53:10] VERBOSE[6544][C-0011e455] logger.c: #3: [0x827e70] /usr/sbin/asterisk() [0x827e70]
[2017-07-19 16:53:10] ERROR[6544][C-0011e455] astobj2.c: FRACK!, Failed assertion user_data is NULL (0)
[2017-07-19 16:53:10] VERBOSE[6544][C-0011e455] logger.c: Got 10 backtrace records
[2017-07-19 16:53:10] VERBOSE[6544][C-0011e455] logger.c: #0: [0x493f82] /usr/sbin/asterisk(__ao2_lock+0x1d2) [0x493f82]
[2017-07-19 16:53:10] VERBOSE[6544][C-0011e455] logger.c: #1: [0x4d9d35] /usr/sbin/asterisk() [0x4d9d35]
[2017-07-19 16:53:10] VERBOSE[6544][C-0011e455] logger.c: #2: [0x4d9f5c] /usr/sbin/asterisk() [0x4d9f5c]
[2017-07-19 16:53:10] VERBOSE[6544][C-0011e455] logger.c: #3: [0x4d3d3d] /usr/sbin/asterisk() [0x4d3d3d]
[2017-07-19 16:53:10] VERBOSE[6544][C-0011e455] logger.c: #4: [0x827e70] /usr/sbin/asterisk() [0x827e70]
{code}

Here is what really happened according to core dump:
{code}
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00000000005a0a27 in ast_channel_internal_bridge_channel (chan=chan at entry=0x0) at channel_internal_api.c:1454
1454            return chan->bridge_channel;
[Current thread is 1 (Thread 0x7fd0eb4ba700 (LWP 6544))]
(gdb) bt
#0  0x00000000005a0a27 in ast_channel_internal_bridge_channel (chan=chan at entry=0x0) at channel_internal_api.c:1454
#1  0x00000000005904ce in ast_channel_get_bridge_channel (chan=chan at entry=0x0) at channel.c:10629
#2  0x00000000004d9d3d in ringing (chan=0x0) at bridge_basic.c:1804
#3  blond_enter (props=props at entry=0x615000a41050) at bridge_basic.c:2315
#4  0x00000000004d9f5c in blond_nonfinal_enter (props=0x615000a41050) at bridge_basic.c:2329
#5  0x00000000004d3d3d in attended_transfer_monitor_thread (data=data at entry=0x615000a41050) at bridge_basic.c:3047
#6  0x0000000000827e70 in dummy_start (data=0x602000446f60) at utils.c:1235
#7  0x00007fd109caa6ba in start_thread (arg=0x7fd0eb4ba700) at pthread_create.c:333
#8  0x00007fd1092933dd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109
(gdb) print chan
$1 = (const struct ast_channel *) 0x0
(gdb) frame 3
#3  blond_enter (props=props at entry=0x615000a41050) at bridge_basic.c:2315
2315            ringing(props->transfer_target);
(gdb) print props->transfer_target
$2 = (struct ast_channel *) 0x0
(gdb) print props->state
$3 = TRANSFER_BLOND_NONFINAL
{code}

So, {{transfer_target}} suddenly became NULL (I guess it was unref'ed by someone); those error messages in log may be related.
I can investigate other threads/info in core dump if you tell me what to search for, but I can not upload it due to privacy reasons.





> Crash during attended transfer
> ------------------------------
>
>                 Key: ASTERISK-27146
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-27146
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>    Affects Versions: 13.15.0
>            Reporter: Worldexe
>            Severity: Critical
>
> I encountered a crash that occurs during attended transfer.
> I checked the latest 13.x version, but I am not confident enough with Asterisk codebase to identify the potential fix; I also did not find related bugs.
> I plan to upgrade to the latest 13.x version soon; hope this will fix the issue.
> I am running Asterisk 13.15.0 on Ubuntu 16.04.2;
> The crash occurred during attended transfer; here is what we have in logs:
> {noformat}
> [2017-07-19 16:53:10] WARNING[6544][C-0011e455] bridge_basic.c: Unexpected stimulus 'Transfer Target Answer' received in attended transfer state 'Blond Non-Final'
> [2017-07-19 16:53:10] ERROR[6544][C-0011e455] astobj2.c: FRACK!, Failed assertion user_data is NULL (0)
> [2017-07-19 16:53:10] VERBOSE[6544][C-0011e455] logger.c: Got 9 backtrace records
> [2017-07-19 16:53:10] VERBOSE[6544][C-0011e455] logger.c: #0: [0x493ae4] /usr/sbin/asterisk() [0x493ae4]
> [2017-07-19 16:53:10] VERBOSE[6544][C-0011e455] logger.c: #1: [0x4d9f2a] /usr/sbin/asterisk() [0x4d9f2a]
> [2017-07-19 16:53:10] VERBOSE[6544][C-0011e455] logger.c: #2: [0x4d3d3d] /usr/sbin/asterisk() [0x4d3d3d]
> [2017-07-19 16:53:10] VERBOSE[6544][C-0011e455] logger.c: #3: [0x827e70] /usr/sbin/asterisk() [0x827e70]
> [2017-07-19 16:53:10] ERROR[6544][C-0011e455] astobj2.c: FRACK!, Failed assertion user_data is NULL (0)
> [2017-07-19 16:53:10] VERBOSE[6544][C-0011e455] logger.c: Got 10 backtrace records
> [2017-07-19 16:53:10] VERBOSE[6544][C-0011e455] logger.c: #0: [0x493f82] /usr/sbin/asterisk(__ao2_lock+0x1d2) [0x493f82]
> [2017-07-19 16:53:10] VERBOSE[6544][C-0011e455] logger.c: #1: [0x4d9d35] /usr/sbin/asterisk() [0x4d9d35]
> [2017-07-19 16:53:10] VERBOSE[6544][C-0011e455] logger.c: #2: [0x4d9f5c] /usr/sbin/asterisk() [0x4d9f5c]
> [2017-07-19 16:53:10] VERBOSE[6544][C-0011e455] logger.c: #3: [0x4d3d3d] /usr/sbin/asterisk() [0x4d3d3d]
> [2017-07-19 16:53:10] VERBOSE[6544][C-0011e455] logger.c: #4: [0x827e70] /usr/sbin/asterisk() [0x827e70]
> {noformat}
> Here is what really happened according to core dump:
> {noformat}
> Program terminated with signal SIGSEGV, Segmentation fault.
> #0  0x00000000005a0a27 in ast_channel_internal_bridge_channel (chan=chan at entry=0x0) at channel_internal_api.c:1454
> 1454            return chan->bridge_channel;
> [Current thread is 1 (Thread 0x7fd0eb4ba700 (LWP 6544))]
> (gdb) bt
> #0  0x00000000005a0a27 in ast_channel_internal_bridge_channel (chan=chan at entry=0x0) at channel_internal_api.c:1454
> #1  0x00000000005904ce in ast_channel_get_bridge_channel (chan=chan at entry=0x0) at channel.c:10629
> #2  0x00000000004d9d3d in ringing (chan=0x0) at bridge_basic.c:1804
> #3  blond_enter (props=props at entry=0x615000a41050) at bridge_basic.c:2315
> #4  0x00000000004d9f5c in blond_nonfinal_enter (props=0x615000a41050) at bridge_basic.c:2329
> #5  0x00000000004d3d3d in attended_transfer_monitor_thread (data=data at entry=0x615000a41050) at bridge_basic.c:3047
> #6  0x0000000000827e70 in dummy_start (data=0x602000446f60) at utils.c:1235
> #7  0x00007fd109caa6ba in start_thread (arg=0x7fd0eb4ba700) at pthread_create.c:333
> #8  0x00007fd1092933dd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109
> (gdb) print chan
> $1 = (const struct ast_channel *) 0x0
> (gdb) frame 3
> #3  blond_enter (props=props at entry=0x615000a41050) at bridge_basic.c:2315
> 2315            ringing(props->transfer_target);
> (gdb) print props->transfer_target
> $2 = (struct ast_channel *) 0x0
> (gdb) print props->state
> $3 = TRANSFER_BLOND_NONFINAL
> {noformat}
> So, {{transfer_target}} suddenly became NULL (I guess it was unref'ed by someone); those error messages in log may be related.
> I can investigate other threads/info in core dump if you tell me what to search for, but I can not upload it due to privacy reasons.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list