| Summary: | ASTERISK-24869: Asterisk segfaults on DAHDI attended transfer due to application (appl) being NULL on unbridged channel | ||||
| Reporter: | viniciusfontes (viniciusfontes) | Labels: | |||
| Date Opened: | 2015-03-12 09:16:42 | Date Closed: | 2015-04-17 09:33:14 | ||
| Priority: | Major | Regression? | |||
| Status: | Closed/Complete | Components: | Channels/chan_dahdi Core/Bridging | ||
| Versions: | 13.2.0 13.3.0 | Frequency of Occurrence | Frequent | ||
| Related Issues: |
| ||||
| Environment: | Attachments: | ( 0) additional_trace.txt ( 1) ASTERISK-24869.diff ( 2) backtrace.txt ( 3) backtrace2.txt ( 4) even_more_additional_trace.txt ( 5) messages.txt ( 6) messages2.txt | |||
| Description: | Asterisk 13.2.0 segfaults on some DAHDI attended transfers. The issue isn't exactly easy to reproduce, but I managed to get as much data as I could before submitting this issue.
OS detail: Debian 7.8 (Linux 3.2.0-4-amd64 #1 SMP Debian 3.2.65-1+deb7u2 x86_64 unknown unknown GNU/Linux) I'll attach the relevant part of /var/log/asterisk/messages and the backtraces. | ||||
| Comments: | By: viniciusfontes (viniciusfontes) 2015-03-12 09:20:16.282-0500 The last two lines in the log are as follows: [Mar 12 10:43:39] VERBOSE[28577][C-00000227] sig_analog.c: TRANSFERRING DAHDI/38-1 to DAHDI/38-2 [Mar 12 10:43:39] VERBOSE[28566][C-00000227] res_musiconhold.c: Stopped music on hold on IAX2/dundi-ramais-11400 After that, Asterisk crashed with a segmentation fault. It seems like the user is trying to make an attended transfer to its own extension, which is odd. However, I believe that should not make Asterisk crash. By: Matt Jordan (mjordan) 2015-03-12 09:37:59.938-0500 If you have the core file still, can you print out the following: {noformat} # frame 1 # print ast_channel_appl(chan_unbridged) {noformat} By: viniciusfontes (viniciusfontes) 2015-03-12 09:43:17.445-0500 As requested. By: Matt Jordan (mjordan) 2015-03-12 10:41:23.146-0500 Nuts. That didn't quite work: {noformat} #1 0x0000000000476f69 in ast_bridge_transfer_attended (to_transferee=0x7fd48c287048, to_transfer_target=0x26c4d88) at bridge.c:4591 4591 app = ast_strdupa(ast_channel_appl(chan_unbridged)); (gdb) print ast_channel_appl(chan_unbridged)You can't do that without a process to debug. {noformat} How about just: {noformat} # print *chan_unbridged {noformat} That should get all of it. By: viniciusfontes (viniciusfontes) 2015-03-12 11:35:34.988-0500 Done. That seemed to work. By: viniciusfontes (viniciusfontes) 2015-03-12 12:00:03.718-0500 Asterisk just segfaulted again. I collected the full backtrace and last 100 lines of /var/log/asterisk/messages, which are attached as messages2.txt and backtrace2.txt. It seems the issue is really about DAHDI attended transfers. By: Matt Jordan (mjordan) 2015-03-12 12:32:30.744-0500 Yup, that shows the problem. For some reason {{appl}} can be NULL in that situation, and dup'ing that on the stack is a "bad thing". By: Matt Jordan (mjordan) 2015-03-12 12:34:18.239-0500 The question is: how is DAHDI creating an unbridged channel that is *also* not in a dialplan application? This sounds like one of the "weird" things that analog channels can do. By: viniciusfontes (viniciusfontes) 2015-03-12 12:38:00.683-0500 Weird indeed. Is there a quick hack I could do in the code to avoid this situation while this bug isn't fixed properly? This Asterisk box is managing an entire university campus, and I'm afraid there's more "creative" users lying around there... By: viniciusfontes (viniciusfontes) 2015-03-31 13:36:34.648-0500 Is there anything I can do to help solve this? Providing backtraces, applying patches, anything. Asterisk is crashing so frequently I have no option but to run safe_asterisk (yes, it's that bad). By: Kevin Harwell (kharwell) 2015-04-16 11:20:48.739-0500 I added a patch (ASTERISK-24869.diff) that is currently up for review [here|https://gerrit.asterisk.org/#/c/133/] if you would like to try it out. By: viniciusfontes (viniciusfontes) 2015-04-17 07:49:53.248-0500 Thank you! I'll be able to test the patch next week, probably monday or tuesday. I'll let you know how it goes. | ||||