[asterisk-bugs] [JIRA] (ASTERISK-27568) PJSIP: Crash during SIP attended transfer.
Richard Mudgett (JIRA)
noreply at issues.asterisk.org
Wed Feb 7 12:21:15 CST 2018
[ https://issues.asterisk.org/jira/browse/ASTERISK-27568?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=242066#comment-242066 ]
Richard Mudgett commented on ASTERISK-27568:
--------------------------------------------
The log is huge but it doesn't have the right log levels to show what is happening at the time of the crash. Asterisk restarts several times in that log without any log messages hinting at what happened. However, looking at the backtrace, I see that the crash happens during a SIP attended transfer. The transferrer channel completes hanging up and disassociates itself from the session in another thread even though there is supposed to be protection from that happening.
I think refer_attended_task() needs to push ast_sip_session_end_if_deferred() onto the transferrer's serializer to avoid the problem.
> PJSIP: Crash during SIP attended transfer.
> ------------------------------------------
>
> Key: ASTERISK-27568
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-27568
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: Channels/chan_pjsip
> Affects Versions: 13.18.5
> Reporter: Bryan Walters
> Assignee: Unassigned
> Labels: pjsip
> Attachments: backtrace.txt
>
>
> We've had reports from users of Asterisk 13.18.5 where asterisk will core dump pretty frequently when using chan_pjsip. Reviewing this with our team, it appears that that chan_pjsip_session_end checks session->channel for validity and later calls ast_channel_hangupcause(session->channel). However, between the time of the check and the call to ast_channel_hangupcause, something is setting session->channel to null, thus causing Asterisk to core dump.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list