[Home]

Summary:ASTERISK-26270: Asterisk crashes with double free or corruption on AGI request
Reporter:Fiftyz Fifty (fiftyz)Labels:
Date Opened:2016-08-05 03:05:27Date Closed:2016-08-05 06:19:40
Priority:MajorRegression?
Status:Closed/CompleteComponents:. I did not set the category correctly.
Versions:11.23.0 Frequency of
Occurrence
Constant
Related
Issues:
duplicatesASTERISK-25706 pbx: Abort asterisk on features reload (handle_hint_change)
Environment:FreePBX Distro 10.13.66-13 under qemu vm.Attachments:( 0) backtrace.txt
( 1) backtrace-asterisk-debuginfo.txt
Description:Executing AGI php script user_login_out.agi on Log On / Log Off user with *11 / *12 crashes the asterisk core. The crash seems to happens at random on Log On or Log Off but if it didn't happened on user Log On, definitely happens when user try to log off.

I'm running the distribution unaltered version of all packages.

The output of the asterisk cli started with {code:java} asterisk -fgcvvvvvvvvvvvvvvvvvvvvvvvvv -ddddddddddddddddddddd -U asterisk -G asterisk {code} is:

{code:java}
   -- Executing [*11@from-internal:1] Macro("SIP/200-00000009", "user-logon,") in new stack
   -- Executing [s@macro-user-logon:1] Set("SIP/200-00000009", "DEVICETYPE=adhoc") in new stack
   -- Executing [s@macro-user-logon:2] Answer("SIP/200-00000009", "") in new stack
      > [INSERT INTO cel (eventtype,eventtime,cid_name,cid_num,cid_ani,cid_rdnis,cid_dnid,exten,context,channame,appname,appdata,amaflags,accountcode,uniqueid,linkedid,peer,userdeftype,extra) VALUES ('ANSWER',{t
s '2016-08-04 19:55:33.572701'},'John Mobile','200','200','','*11','s','macro-user-logon','SIP/200-00000009','Answer','',3,'','1470329733.27','1470329733.27','','','')]
   -- Executing [s@macro-user-logon:3] Wait("SIP/200-00000009", "1") in new stack
   -- Executing [s@macro-user-logon:4] GotoIf("SIP/200-00000009", "0?s-FIXED,1") in new stack
   -- Executing [s@macro-user-logon:5] Set("SIP/200-00000009", "AMPUSER=") in new stack
   -- Executing [s@macro-user-logon:6] GotoIf("SIP/200-00000009", "0?gotpass") in new stack
   -- Executing [s@macro-user-logon:7] Read("SIP/200-00000009", "AMPUSER,please-enter-your-extension-then-press-pound,,,4") in new stack
   -- <SIP/200-00000009> Playing 'please-enter-your-extension-then-press-pound.slin' (language 'en')
   -- User entered '156'
   -- Executing [s@macro-user-logon:8] GotoIf("SIP/200-00000009", "0?s-MAXATTEMPTS,1") in new stack
   -- Executing [s@macro-user-logon:9] GotoIf("SIP/200-00000009", "0?s-NOUSER,1") in new stack
   -- Executing [s@macro-user-logon:10] Set("SIP/200-00000009", "AMPUSERPASS=156156") in new stack
   -- Executing [s@macro-user-logon:11] GotoIf("SIP/200-00000009", "0?s-NOPASSWORD,1") in new stack
   -- Executing [s@macro-user-logon:12] Set("SIP/200-00000009", "DEVICEUSER=100") in new stack
   -- Executing [s@macro-user-logon:13] GotoIf("SIP/200-00000009", "0?s-ALREADYLOGGEDON,1") in new stack
   -- Executing [s@macro-user-logon:14] Authenticate("SIP/200-00000009", "156156") in new stack
   -- <SIP/200-00000009> Playing 'agent-pass.gsm' (language 'en')
   -- <SIP/200-00000009> Playing 'auth-thankyou.gsm' (language 'en')
   -- Executing [s@macro-user-logon:15] AGI("SIP/200-00000009", "user_login_out.agi,login,200,156") in new stack
   -- Launched AGI Script /var/lib/asterisk/agi-bin/user_login_out.agi
   -- user_login_out.agi,login,200,156: Logging in user 156 to device 200
      > user_login_out.agi,login,200,156: user_login: this_device: 200, new_user: 156
      > user_login_out.agi,login,200,156: get_logged_in_user: device: 200
      > user_login_out.agi,login,200,156: get_logged_in_user: got user: 100
      > user_login_out.agi,login,200,156: Logging out current user 100 from device 200 so 156 can login
      > user_login_out.agi,login,200,156: remove_user: device: 200
      > user_login_out.agi,login,200,156: get_user: device: 200
      > user_login_out.agi,login,200,156: get_user: got: 100
      > user_login_out.agi,login,200,156: get_devices: user: 100
      > user_login_out.agi,login,200,156: get_devices: got: 201&202&205&206
      > user_login_out.agi,login,200,156: remove_device: devices: 201&202&205&206, remove_device: 200
      > user_login_out.agi,login,200,156: remove_user: Setting user 100 to devices 201&202&205&206
      > user_login_out.agi,login,200,156: set_user_devices: user: 100,  devices: 201&202&205&206
      > user_login_out.agi,login,200,156: set_user_devices: assigning 201&202&205&206 to 100 /device key
      > user_login_out.agi,login,200,156: set_hint: user: 100, devices: 201&202&205&206
      > user_login_out.agi,login,200,156: get_dial_string: devices: 201&202&205&206
      > user_login_out.agi,login,200,156: Setting user 100 hint to SIP/201&SIP/202&SIP/205&SIP/206&Custom:DND100
   -- Added extension '100' priority -1 to ext-local
*** glibc detected *** asterisk: double free or corruption (out): 0x00007fba17e8acd0 ***
======= Backtrace: =========
/lib64/libc.so.6(+0x75f4e)[0x7fba2f4a4f4e]
/lib64/libc.so.6(+0x78cf0)[0x7fba2f4a7cf0]
asterisk[0x5377ac]
asterisk[0x586590]
asterisk[0x598c80]
/lib64/libpthread.so.0(+0x7aa1)[0x7fba2df4aaa1]
/lib64/libc.so.6(clone+0x6d)[0x7fba2f51793d]
======= Memory map: ========
00400000-00631000 r-xp 00000000 fc:02 399318                             /usr/sbin/asterisk
00830000-00841000 rw-p 00230000 fc:02 399318                             /usr/sbin/asterisk
00841000-00878000 rw-p 00000000 00:00 0
00f58000-0267c000 rw-p 00000000 00:00 0                                  [heap]
7fb9deedf000-7fb9deee0000 ---p 00000000 00:00 0
7fb9deee0000-7fb9def5b000 rw-p 00000000 00:00 0
7fb9def5c000-7fb9def5d000 ---p 00000000 00:00 0
7fb9def5d000-7fb9defd8000 rw-p 00000000 00:00 0
7fb9defd8000-7fb9defd9000 ---p 00000000 00:00 0
7fb9defd9000-7fb9df054000 rw-p 00000000 00:00 0
7fb9df054000-7fb9df055000 ---p 00000000 00:00 0
7fb9df055000-7fb9df0d0000 rw-p 00000000 00:00 0
7fb9df0d0000-7fb9df0d1000 ---p 00000000 00:00 0
7fb9df0d1000-7fb9df14c000 rw-p 00000000 00:00 0
7fb9df14c000-7fb9df14d000 ---p 00000000 00:00 0
7fb9df14d000-7fb9df1c8000 rw-p 00000000 00:00 0
7fb9df1c8000-7fb9df1c9000 ---p 00000000 00:00 0
7fb9df1c9000-7fb9df244000 rw-p 00000000 00:00 0
7fb9df244000-7fb9df245000 ---p 00000000 00:00 0
7fb9df245000-7fb9df2c0000 rw-p 00000000 00:00 0
7fb9df2c0000-7fb9df2c1000 ---p 00000000 00:00 0
7fb9df2c1000-7fb9df33c000 rw-p 00000000 00:00 0
7fb9df33c000-7fb9df33d000 ---p 00000000 00:00 0
7fb9df33d000-7fb9df3b8000 rw-p 00000000 00:00 0
7fb9df3b8000-7fb9df3b9000 ---p 00000000 00:00 0
7fb9df3b9000-7fb9df434000 rw-p 00000000 00:00 0
7fb9df434000-7fb9df435000 ---p 00000000 00:00 0
7fb9df435000-7fb9df4b0000 rw-p 00000000 00:00 0
7fb9df4b0000-7fb9df4b1000 ---p 00000000 00:00 0
7fb9df4b1000-7fb9df52c000 rw-p 00000000 00:00 0
7fb9df52c000-7fb9df52d000 ---p 00000000 00:00 0
7fb9df52d000-7fb9df5a8000 rw-p 00000000 00:00 0
7fb9df5a8000-7fb9df5a9000 ---p 00000000 00:00 0
7fb9df5a9000-7fb9df624000 rw-p 00000000 00:00 0
7fb9df624000-7fb9df625000 ---p 00000000 00:00 0
7fb9df625000-7fb9df6a0000 rw-p 00000000 00:00 0
7fb9df6a1000-7fb9df6a2000 ---p 00000000 00:00 0
7fb9df6a2000-7fb9df71d000 rw-p 00000000 00:00 0
7fb9df71d000-7fb9df71e000 ---p 00000000 00:00 0
7fb9df71e000-7fb9df799000 rw-p 00000000 00:00 0
7fb9df799000-7fb9df79a000 ---p 00000000 00:00 0
7fb9df79a000-7fb9df815000 rw-p 00000000 00:00 0
7fb9df815000-7fb9df816000 ---p 00000000 00:00 0
7fb9df816000-7fb9df891000 rw-p 00000000 00:00 0
7fb9df891000-7fb9df892000 ---p 00000000 00:00 0
7fb9df892000-7fb9df90d000 rw-p 00000000 00:00 0
7fb9df90d000-7fb9df90e000 ---p 00000000 00:00 0
7fb9df90e000-7fb9df989000 rw-p 00000000 00:00 0
7fb9df989000-7fb9df98a000 ---p 00000000 00:00 0
7fb9df98a000-7fb9dfa05000 rw-p 00000000 00:00 0
7fb9dfa05000-7fb9dfa06000 ---p 00000000 00:00 0
7fb9dfa06000-7fb9dfa81000 rw-p 00000000 00:00 0
7fb9dfa81000-7fb9dfa82000 ---p 00000000 00:00 0
7fb9dfa82000-7fb9dfafd000 rw-p 00000000 00:00 0
7fb9dfafd000-7fb9dfafe000 ---p 00000000 00:00 0
7fb9dfafe000-7fb9dfbbe000 rw-p 00000000 00:00 0
7fb9dfbbe000-7fb9dfbbf000 ---p 00000000 00:00 0
7fb9dfbbf000-7fb9dfc80000 rw-p 00000000 00:00 0
7fb9dfc80000-7fb9dfc81000 ---p 00000000 00:00 0
7fb9dfc81000-7fb9dfcfc000 rw-p 00000000 00:00 0
7fb9dfcfc000-7fb9dfcfd000 ---p 00000000 00:00 0
7fb9dfcfd000-7fb9dfd78000 rw-p 00000000 00:00 0
7fb9dfd78000-7fb9dfd79000 ---p 00000000 00:00 0
7fb9dfd79000-7fb9dfdf4000 rw-p 00000000 00:00 0
7fb9dfdf4000-7fb9dfdf5000 ---p 00000000 00:00 0
7fb9dfdf5000-7fb9dfe70000 rw-p 00000000 00:00 0
7fb9dfe70000-7fb9dfe71000 ---p 00000000 00:00 0
7fb9dfe71000-7fb9dfeec000 rw-p 00000000 00:00 0
7fb9dfeec000-7fb9dfeed000 ---p 00000000 00:00 0
7fb9dfeed000-7fb9dff68000 rw-p 00000000 00:00 0
7fb9dff68000-7fb9dff69000 ---p 00000000 00:00 0
7fb9dff69000-7fb9dffe4000 rw-p 00000000 00:00 0
7fb9dffe4000-7fb9dffe5000 ---p 00000000 00:00 0
7fb9dffe5000-7fb9e0060000 rw-p 00000000 00:00 0
7fb9e0060000-7fb9e0061000 ---p 00000000 00:00 0
7fb9e0061000-7fb9e00dc000 rw-p 00000000 00:00 0
7fb9e00dc000-7fb9e00dd000 ---p 00000000 00:00 0
7fb9e00dd000-7fb9e0158000 rw-p 00000000 00:00 0
7fb9e0158000-7fb9e0159000 ---p 00000000 00:00 0
7fb9e0159000-7fb9e01d4000 rw-p 00000000 00:00 0
7fb9e01d4000-7fb9e01d5000 ---p 00000000 00:00 0
7fb9e01d5000-7fb9e0250000 rw-p 00000000 00:00 0
7fb9e0250000-7fb9e0251000 ---p 00000000 00:00 0
7fb9e0251000-7fb9e02cc000 rw-p 00000000 00:00 0
7fb9e02cc000-7fb9e02cd000 ---p 00000000 00:00 0
7fb9e02cd000-7fb9e0348000 rw-p 00000000 00:00 0
7fb9e0348000-7fb9e0349000 ---p 00000000 00:00 0
7fb9e0349000-7fb9e03c4000 rw-p 00000000 00:00 0
7fb9e03c4000-7fb9e03c5000 ---p 00000000 00:00 0
7fb9e03c5000-7fb9e0440000 rw-p 00000000 00:00 0
7fb9e0440000-7fb9e0441000 ---p 00000000 00:00 0
7fb9e0441000-7fb9e05be000 rw-p 00000000 00:00 0
7fb9e05be000-7fb9e05c3000 r-xp 00000000 fc:02 130614                     /lib64/libnss_dns-2.12.so
7fb9e05c3000-7fb9e07c2000 ---p 00005000 fc:02 130614                     /lib64/libnss_dns-2.12.so
7fb9e07c2000-7fb9e07c3000 r--p 00004000 fc:02 130614                     /lib64/libnss_dns-2.12.so
7fb9e07c3000-7fb9e07c4000 rw-p 00005000 fc:02 130614                     /lib64/libnss_dns-2.12.so
7fb9e07c4000-7fb9e07c7000 r-xp 00000000 fc:02 423318                     /usr/lib64/asterisk/modules/app_mp3.so
7fb9e07c7000-7fb9e09c6000 ---p 00003000 fc:02 423318                     /usr/lib64/asterisk/modules/app_mp3.so
7fb9e09c6000-7fb9e09c7000 rw-p 00002000 fc:02 423318                     /usr/lib64/asterisk/modules/app_mp3.so
7fb9e09c7000-7fb9e09ce000 r-xp 00000000 fc:02 423502                     /usr/lib64/asterisk/modules/cel_odbc.so
7fb9e09ce000-7fb9e0bce000 ---p 00007000 fc:02 423502                     /usr/lib64/asterisk/modules/cel_odbc.so
7fb9e0bce000-7fb9e0bcf000 rw-p 00007000 fc:02 423502                     /usr/lib64/asterisk/modules/cel_odbc.so
7fb9e0bcf000-7fb9e0bd2000 r-xp 00000000 fc:02 423407                     /usr/lib64/asterisk/modules/func_dialgroup.so
7fb9e0bd2000-7fb9e0dd1000 ---p 00003000 fc:02 423407                     /usr/lib64/asterisk/modules/func_dialgroup.so
7fb9e0dd1000-7fb9e0dd2000 rw-p 00002000 fc:02 423407                     /usr/lib64/asterisk/modules/func_dialgroup.so
7fb9e0dd2000-7fb9e0dd8000 r-xp 00000000 fc:02 423506                     /usr/lib64/asterisk/modules/func_curl.so
7fb9e0dd8000-7fb9e0fd7000 ---p 00006000 fc:02 423506                     /usr/lib64/asterisk/modules/func_curl.so
7fb9e0fd7000-7fb9e0fd8000 rw-p 00005000 fc:02 423506                     /usr/lib64/asterisk/modules/func_curl.so
7fb9e0fd8000-7fb9e0fda000 r-xp 00000000 fc:02 423341                     /usr/lib64/asterisk/modules/app_userevent.so
7fb9e0fda000-7fb9e11d9000 ---p 00002000 fc:02 423341                     /usr/lib64/asterisk/modules/app_userevent.so
7fb9e11d9000-7fb9e11da000 rw-p 00001000 fc:02 423341                     /usr/lib64/asterisk/modules/app_userevent.so
7fb9e11da000-7fb9e11dd000 r-xp 00000000 fc:02 423295                     /usr/lib64/asterisk/modules/app_controlplayback.so
7fb9e11dd000-7fb9e13dc000 ---p 00003000 fc:02 423295                     /usr/lib64/asterisk/modules/app_controlplayback.soAborted
{code}

The crash appears also on logout:


{code:java}
   -- Executing [*12@from-internal:1] Macro("SIP/200-00000003", "user-logoff,") in new stack
   -- Executing [s@macro-user-logoff:1] Set("SIP/200-00000003", "DEVICETYPE=adhoc") in new stack
   -- Executing [s@macro-user-logoff:2] GotoIf("SIP/200-00000003", "0?s-FIXED,1") in new stack
   -- Executing [s@macro-user-logoff:3] AGI("SIP/200-00000003", "user_login_out.agi,logout,200") in new stack
   -- Launched AGI Script /var/lib/asterisk/agi-bin/user_login_out.agi
   -- user_login_out.agi,logout,200: Logging out current user from device 200
      > user_login_out.agi,logout,200: user_logout: this_device: 200
      > user_login_out.agi,logout,200: get_logged_in_user: device: 200
      > user_login_out.agi,logout,200: get_logged_in_user: got user: 156
      > user_login_out.agi,logout,200: get_default_user: device: 200
      > user_login_out.agi,logout,200: current_user: 156, default_user: 100
      > user_login_out.agi,logout,200: remove_user: device: 200
      > user_login_out.agi,logout,200: get_user: device: 200
      > user_login_out.agi,logout,200: get_user: got: 156
      > user_login_out.agi,logout,200: get_devices: user: 156
      > user_login_out.agi,logout,200: get_devices: got: 156001&200
      > user_login_out.agi,logout,200: remove_device: devices: 156001&200, remove_device: 200
      > user_login_out.agi,logout,200: remove_user: Setting user 156 to devices 156001
      > user_login_out.agi,logout,200: set_user_devices: user: 156,  devices: 156001
      > user_login_out.agi,logout,200: set_user_devices: assigning 156001 to 156 /device key
      > user_login_out.agi,logout,200: set_hint: user: 156, devices: 156001
      > user_login_out.agi,logout,200: get_dial_string: devices: 156001
      > user_login_out.agi,logout,200: Setting user 156 hint to SIP/156001&Custom:DND156
   -- Added extension '156' priority -1 to ext-local
*** glibc detected *** asterisk: double free or corruption (out): 0x00007f7cb26a3cd0 ***
======= Backtrace: =========
/lib64/libc.so.6(+0x75f4e)[0x7f7cb5c5df4e]
/lib64/libc.so.6(+0x78cf0)[0x7f7cb5c60cf0]
asterisk[0x5377ac]
asterisk[0x586590]
asterisk[0x598c80]
/lib64/libpthread.so.0(+0x7aa1)[0x7f7cb4703aa1]
/lib64/libc.so.6(clone+0x6d)[0x7f7cb5cd093d]
======= Memory map: ========
00400000-00631000 r-xp 00000000 fc:02 399318                             /usr/sbin/asterisk
00830000-00841000 rw-p 00230000 fc:02 399318                             /usr/sbin/asterisk
00841000-00878000 rw-p 00000000 00:00 0
01b6a000-032c7000 rw-p 00000000 00:00 0                                  [heap]
7f7c657e8000-7f7c657e9000 ---p 00000000 00:00 0
7f7c657e9000-7f7c65864000 rw-p 00000000 00:00 0
7f7c65864000-7f7c65865000 ---p 00000000 00:00 0
7f7c65865000-7f7c658e0000 rw-p 00000000 00:00 0
7f7c658e0000-7f7c658e1000 ---p 00000000 00:00 0
7f7c658e1000-7f7c6595c000 rw-p 00000000 00:00 0
7f7c6595c000-7f7c6595d000 ---p 00000000 00:00 0
7f7c6595d000-7f7c659d8000 rw-p 00000000 00:00 0
7f7c659d8000-7f7c659d9000 ---p 00000000 00:00 0
7f7c659d9000-7f7c65a54000 rw-p 00000000 00:00 0
7f7c65a54000-7f7c65a55000 ---p 00000000 00:00 0
7f7c65a55000-7f7c65ad0000 rw-p 00000000 00:00 0
7f7c65ad0000-7f7c65ad1000 ---p 00000000 00:00 0
7f7c65ad1000-7f7c65b4c000 rw-p 00000000 00:00 0
7f7c65b4c000-7f7c65b4d000 ---p 00000000 00:00 0
7f7c65b4d000-7f7c65bc8000 rw-p 00000000 00:00 0
7f7c65bc8000-7f7c65bc9000 ---p 00000000 00:00 0
7f7c65bc9000-7f7c65c44000 rw-p 00000000 00:00 0
7f7c65c44000-7f7c65c45000 ---p 00000000 00:00 0
7f7c65c45000-7f7c65cc0000 rw-p 00000000 00:00 0
7f7c65cc0000-7f7c65cc1000 ---p 00000000 00:00 0
7f7c65cc1000-7f7c65d3c000 rw-p 00000000 00:00 0
7f7c65d3c000-7f7c65d3d000 ---p 00000000 00:00 0
7f7c65d3d000-7f7c65db8000 rw-p 00000000 00:00 0
7f7c65db8000-7f7c65db9000 ---p 00000000 00:00 0
7f7c65db9000-7f7c65e34000 rw-p 00000000 00:00 0
7f7c65e34000-7f7c65e35000 ---p 00000000 00:00 0
7f7c65e35000-7f7c65eb0000 rw-p 00000000 00:00 0
7f7c65eb0000-7f7c65eb1000 ---p 00000000 00:00 0
7f7c65eb1000-7f7c65f2c000 rw-p 00000000 00:00 0
7f7c65f2c000-7f7c65f2d000 ---p 00000000 00:00 0
7f7c65f2d000-7f7c65fa8000 rw-p 00000000 00:00 0
7f7c65fa8000-7f7c65fa9000 ---p 00000000 00:00 0
7f7c65fa9000-7f7c66024000 rw-p 00000000 00:00 0
7f7c66024000-7f7c66025000 ---p 00000000 00:00 0
7f7c66025000-7f7c660a0000 rw-p 00000000 00:00 0
7f7c660a0000-7f7c660a1000 ---p 00000000 00:00 0
7f7c660a1000-7f7c6611c000 rw-p 00000000 00:00 0
7f7c6611c000-7f7c6611d000 ---p 00000000 00:00 0
7f7c6611d000-7f7c66198000 rw-p 00000000 00:00 0
7f7c66198000-7f7c66199000 ---p 00000000 00:00 0
7f7c66199000-7f7c66214000 rw-p 00000000 00:00 0
7f7c66214000-7f7c66215000 ---p 00000000 00:00 0
7f7c66215000-7f7c66290000 rw-p 00000000 00:00 0
7f7c66290000-7f7c66291000 ---p 00000000 00:00 0
7f7c66291000-7f7c6630c000 rw-p 00000000 00:00 0
7f7c6630c000-7f7c6630d000 ---p 00000000 00:00 0
7f7c6630d000-7f7c663cd000 rw-p 00000000 00:00 0
7f7c663cd000-7f7c663ce000 ---p 00000000 00:00 0
7f7c663ce000-7f7c6648e000 rw-p 00000000 00:00 0
7f7c6648e000-7f7c6648f000 ---p 00000000 00:00 0
7f7c6648f000-7f7c6650a000 rw-p 00000000 00:00 0
7f7c6650a000-7f7c6650b000 ---p 00000000 00:00 0
7f7c6650b000-7f7c66586000 rw-p 00000000 00:00 0
7f7c66586000-7f7c66587000 ---p 00000000 00:00 0
7f7c66587000-7f7c66602000 rw-p 00000000 00:00 0
7f7c66602000-7f7c66603000 ---p 00000000 00:00 0
7f7c66603000-7f7c6667e000 rw-p 00000000 00:00 0
7f7c6667e000-7f7c6667f000 ---p 00000000 00:00 0
7f7c6667f000-7f7c666fa000 rw-p 00000000 00:00 0
7f7c666fa000-7f7c666fb000 ---p 00000000 00:00 0
7f7c666fb000-7f7c66776000 rw-p 00000000 00:00 0
7f7c66776000-7f7c66777000 ---p 00000000 00:00 0
7f7c66777000-7f7c667f2000 rw-p 00000000 00:00 0
7f7c667f2000-7f7c667f3000 ---p 00000000 00:00 0
7f7c667f3000-7f7c6686e000 rw-p 00000000 00:00 0
7f7c6686e000-7f7c6686f000 ---p 00000000 00:00 0
7f7c6686f000-7f7c668ea000 rw-p 00000000 00:00 0
7f7c668ea000-7f7c668eb000 ---p 00000000 00:00 0
7f7c668eb000-7f7c66966000 rw-p 00000000 00:00 0
7f7c66966000-7f7c66967000 ---p 00000000 00:00 0
7f7c66967000-7f7c669e2000 rw-p 00000000 00:00 0
7f7c669e2000-7f7c669e3000 ---p 00000000 00:00 0
7f7c669e3000-7f7c66a5e000 rw-p 00000000 00:00 0
7f7c66a5e000-7f7c66a5f000 ---p 00000000 00:00 0
7f7c66a5f000-7f7c66ada000 rw-p 00000000 00:00 0
7f7c66ada000-7f7c66adb000 ---p 00000000 00:00 0
7f7c66adb000-7f7c66b56000 rw-p 00000000 00:00 0
7f7c66b56000-7f7c66b57000 ---p 00000000 00:00 0
7f7c66b57000-7f7c66bd2000 rw-p 00000000 00:00 0
7f7c66bd2000-7f7c66bd7000 r-xp 00000000 fc:02 130614                     /lib64/libnss_dns-2.12.so
7f7c66bd7000-7f7c66dd6000 ---p 00005000 fc:02 130614                     /lib64/libnss_dns-2.12.so
7f7c66dd6000-7f7c66dd7000 r--p 00004000 fc:02 130614                     /lib64/libnss_dns-2.12.so
7f7c66dd7000-7f7c66dd8000 rw-p 00005000 fc:02 130614                     /lib64/libnss_dns-2.12.so
7f7c66dd8000-7f7c66ddb000 r-xp 00000000 fc:02 423318                     /usr/lib64/asterisk/modules/app_mp3.so
7f7c66ddb000-7f7c66fda000 ---p 00003000 fc:02 423318                     /usr/lib64/asterisk/modules/app_mp3.so
7f7c66fda000-7f7c66fdb000 rw-p 00002000 fc:02 423318                     /usr/lib64/asterisk/modules/app_mp3.so
7f7c66fdb000-7f7c66fe2000 r-xp 00000000 fc:02 423502                     /usr/lib64/asterisk/modules/cel_odbc.so
7f7c66fe2000-7f7c671e2000 ---p 00007000 fc:02 423502                     /usr/lib64/asterisk/modules/cel_odbc.so
7f7c671e2000-7f7c671e3000 rw-p 00007000 fc:02 423502                     /usr/lib64/asterisk/modules/cel_odbc.so
7f7c671e3000-7f7c671e6000 r-xp 00000000 fc:02 423407                     /usr/lib64/asterisk/modules/func_dialgroup.so
7f7c671e6000-7f7c673e5000 ---p 00003000 fc:02 423407                     /usr/lib64/asterisk/modules/func_dialgroup.so
7f7c673e5000-7f7c673e6000 rw-p 00002000 fc:02 423407                     /usr/lib64/asterisk/modules/func_dialgroup.so
7f7c673e6000-7f7c673ec000 r-xp 00000000 fc:02 423506                     /usr/lib64/asterisk/modules/func_curl.so
7f7c673ec000-7f7c675eb000 ---p 00006000 fc:02 423506                     /usr/lib64/asterisk/modules/func_curl.so
7f7c675eb000-7f7c675ec000 rw-p 00005000 fc:02 423506                     /usr/lib64/asterisk/modules/func_curl.so
7f7c675ec000-7f7c675ee000 r-xp 00000000 fc:02 423341                     /usr/lib64/asterisk/modules/app_userevent.so
7f7c675ee000-7f7c677ed000 ---p 00002000 fc:02 423341                     /usr/lib64/asterisk/modules/app_userevent.so
7f7c677ed000-7f7c677ee000 rw-p 00001000 fc:02 423341                     /usr/lib64/asterisk/modules/app_userevent.so
7f7c677ee000-7f7c677f1000 r-xp 00000000 fc:02 423295                     /usr/lib64/asterisk/modules/app_controlplayback.so
7f7c677f1000-7f7c679f0000 ---p 00003000 fc:02 423295                     /usr/lib64/asterisk/modules/app_controlplayback.so
7f7c679f0000-7f7c679f1000 rw-p 00002000 fc:02 423295                     /usr/lib64/asterisk/modules/app_controlplayback.so
7f7c679f1000-7f7c679f4000 r-xp 00000000 fc:02 423354                     /usr/lib64/asterisk/modules/cdr_manager.so
7f7c679f4000-7f7c67bf3000 ---p 00003000 fc:02 423354                     /usr/lib64/asterisk/modules/cdr_manager.so
7f7c67bf3000-7f7c67bf4000 rw-p 00002000 fc:02 423354                     /usr/lib64/asterisk/modules/cdr_manager.so
7f7c67bf4000-7f7c67bfe000 r-xp 00000000 fc:02 423316                     /usr/lib64/asterisk/modules/app_mixmonitor.so
7f7c67bfe000-7f7c67dfe000 ---p 0000a000 fc:02 423316                     /usr/lib64/asterisk/modules/app_mixmonitor.so
7f7c67dfe000-7f7c67dff000 rw-p 0000a000 fc:02 423316                     /usr/lib64/asterisk/modules/app_mixmonitor.soAborted
{code}

Please help, hot desking is not usable until this bug is fixed. :-(

I also opened a Issue on FreePBX side, here: http://issues.freepbx.org/browse/FREEPBX-12880
Comments:By: Asterisk Team (asteriskteam) 2016-08-05 03:05:28.435-0500

Thanks for creating a report! The issue has entered the triage process. That means the issue will wait in this status until a Bug Marshal has an opportunity to review the issue. Once the issue has been reviewed you will receive comments regarding the next steps towards resolution.

A good first step is for you to review the [Asterisk Issue Guidelines|https://wiki.asterisk.org/wiki/display/AST/Asterisk+Issue+Guidelines] if you haven't already. The guidelines detail what is expected from an Asterisk issue report.

Then, if you are submitting a patch, please review the [Patch Contribution Process|https://wiki.asterisk.org/wiki/display/AST/Patch+Contribution+Process].

By: Joshua C. Colp (jcolp) 2016-08-05 04:45:45.955-0500

Thank you for the crash report. However, we need more information to investigate the crash. Please provide:

1. A backtrace generated from a core dump using the instructions provided on the Asterisk wiki [1].
2. Specific steps taken that lead to the crash.
3. All configuration information necesary to reproduce the crash.

Thanks!

[1]: https://wiki.asterisk.org/wiki/display/AST/Getting+a+Backtrace



By: Fiftyz Fifty (fiftyz) 2016-08-05 05:34:25.810-0500

The crash happened on a production server and asterisk server was started with the following args:

{code:java}
# ps -C asterisk u
USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
asterisk  5549  5.7  1.4 1354468 56984 ?       Sl   10:32   9:47 /usr/sbin/asterisk -f -U asterisk -G asterisk -vvvg -c
{code}

I'd attached the extracted backtrace.txt file requested.

On clean FreePBX distro, change to Device and Users mode, add 2 users and 3 devices for them and try to login on a device assigned to user 1 with user 2 using *11 feature code, the crash will occur or at login ar at logout with *12 feature code (seems random here).

Configuration is not chaned, is the one generated by FreePBX, no custom dialplan are involved.

If needed, I can upload any required conf files needed like extensions.conf or extenssions_additional.conf


By: Fiftyz Fifty (fiftyz) 2016-08-05 05:49:19.430-0500

Requeted backtrace. This is the last one but I have multiple ones if needed I can extract more.

By: Joshua C. Colp (jcolp) 2016-08-05 05:56:44.050-0500

The backtrace really isn't useful, it needs debug symbols. I'm not a user of FreePBX or their distribution so I'm unaware of how to get those.

By: Fiftyz Fifty (fiftyz) 2016-08-05 06:14:52.609-0500

I had installed asterisk debuginfo as suggested by gdb but not installed 3rd party debuginfo like suggested also by gdb:

{code:java}
debuginfo-install alsa-lib-1.0.22-3.el6.x86_64 avahi-libs-0.6.25-15.el6.x86_64 bluez-libs-4.66-1.el6.x86_64 cyrus-sasl-lib-2.1.23-15.el6_6.2.x86_64 dbus-libs-1.2.24-8.el6_6.x86_64 flite-1.3-14.el6.x86_64 glibc-2.12-1.166.el6_7.7.x86_64 gnutls-2.8.5-14.el6_5.x86_64 iksemel-1.4-2.el6.x86_64 jack-audio-connection-kit-0.116.1-6_1.el6.x86_64 keyutils-libs-1.4-5.el6.x86_64 krb5-libs-1.10.3-37.el6_6.x86_64 libcom_err-1.41.12-21.el6.x86_64 libcurl-7.19.7-40.el6_6.4.x86_64 libgcc-4.4.7-11.el6.x86_64 libgcrypt-1.4.5-11.el6_4.x86_64 libgpg-error-1.7-4.el6.x86_64 libidn-1.18-2.el6.x86_64 libjpeg-turbo-1.2.1-3.el6_5.x86_64 libopenr2-1.3.3-1.shmz65.1.4.x86_64 libsamplerate-0.1.7-2.1.el6.x86_64 libselinux-2.0.94-5.8.el6.x86_64 libsrtp-1.4.4-4.20101004cvs.el6.x86_64 libss7-1.0.2-7_centos6.x86_64 libssh2-1.4.2-1.el6_6.1.x86_64 libtasn1-2.3-6.el6_5.x86_64 libtiff-3.9.4-10.el6_5.x86_64 libtool-ltdl-2.2.6-15.5.el6.x86_64 libuuid-2.17.2-12.18.el6.x86_64 libxml2-2.7.6-17.el6_6.1.x86_64 lua-5.1.4-4.1.el6.x86_64 mysql-connector-odbc-5.1.5r1144-7.el6.x86_64 mysql-libs-5.1.73-5.el6_6.x86_64 ncurses-libs-5.7-3.20090208.el6.x86_64 nspr-4.10.8-1.el6_6.x86_64 nss-3.19.1-3.el6_6.x86_64 nss-softokn-freebl-3.14.3-22.el6_6.x86_64 nss-util-3.19.1-1.el6_6.x86_64 openldap-2.4.39-8.el6.x86_64 openssl-1.0.1e-30.el6.11.x86_64 portaudio-19-6_4_20071207.el6.x86_64 radiusclient-ng-0.5.6-5.el6.x86_64 spandsp-0.0.6-0.8.pre21.el6.x86_64 speex-1.2-0.12.rc1.1.el6.x86_64 sqlite-3.6.20-1.el6.x86_64 sqlite2-2.8.17-8.el6.x86_64 unixODBC-2.2.14-14.el6.x86_64 zlib-1.2.3-29.el6.x86_64
{code}

Are also those needed?

By: Joshua C. Colp (jcolp) 2016-08-05 06:18:12.445-0500

Nope, the backtrace is now usable.

By: Joshua C. Colp (jcolp) 2016-08-05 06:19:40.167-0500

This is a duplicate of ASTERISK-25706.