ASTERISK-26963: Crash in ast_manager_build_bridge_state_string

[Home]

Summary: ASTERISK-26963: Crash in ast_manager_build_bridge_state_string_prefix

Reporter: Alex Hermann (gaaf) Labels:

Date Opened: 2017-04-25 03:05:11 Date Closed: 2020-01-14 11:13:59.000-0600

Priority: Major Regression? Yes

Status: Closed/Complete Components: . I did not set the category correctly.

Versions: 13.16.0 Frequency of
Occurrence Occasional

Related
Issues:

Environment: Debian jessie asterisk 13.16pre @ 12ffc2c5b6c576e + rtp_engine/res_rtp_asterisk: Fix RTP struct reentrancy crashes. + Revert "bridging: Ensure successful T.38 negotation" PJSIP is the only channel driver. Dialplan is pretty basic, only functioning as B2BUA. No fancy applications like Queue of Conference. Attachments: ( 0) 26963-bt-1.txt

Description: Asterisk crashed in ast_manager_build_bridge_state_string_prefix because that function got passed a null pointer.

No errors in the log.

Comments: By: Asterisk Team (asteriskteam) 2017-04-25 03:05:12.801-0500

Thanks for creating a report! The issue has entered the triage process. That means the issue will wait in this status until a Bug Marshal has an opportunity to review the issue. Once the issue has been reviewed you will receive comments regarding the next steps towards resolution.

A good first step is for you to review the [Asterisk Issue Guidelines|https://wiki.asterisk.org/wiki/display/AST/Asterisk+Issue+Guidelines] if you haven't already. The guidelines detail what is expected from an Asterisk issue report.

Then, if you are submitting a patch, please review the [Patch Contribution Process|https://wiki.asterisk.org/wiki/display/AST/Patch+Contribution+Process].
By: Alex Hermann (gaaf) 2017-04-25 03:06:28.212-0500

Backtrace of crash
By: Rusty Newton (rnewton) 2017-04-25 17:47:32.241-0500

We require additional debug to continue with triage of your issue. Please follow the instructions on the wiki [1] for how to collect debugging information from Asterisk. For expediency, where possible, attach the debug with a '.txt' file extension so that the debug will be usable for further analysis.

Thanks!

[1] https://wiki.asterisk.org/wiki/display/AST/Collecting+Debug+Information

By: Rusty Newton (rnewton) 2017-04-25 17:47:41.633-0500

Thank you for the crash report. However, we need more information to investigate the crash. Please provide:

1. A backtrace generated from a core dump using the instructions provided on the Asterisk wiki [1].
2. Specific steps taken that lead to the crash.
3. All configuration information necesary to reproduce the crash.

Thanks!

[1]: https://wiki.asterisk.org/wiki/display/AST/Getting+a+Backtrace

By: Rusty Newton (rnewton) 2017-04-25 17:49:24.681-0500

Alex I provided two links in the previous comments for more detailed instruction on providing logs and additional traces.

Primarily, attach a debug log showing what is happening right up to the crash. In addition, provide an additional trace without optimizations (specific compiler flags mentioned in the link) if possible.

That information will help us understand what is going on to get the null pointer.
By: Alex Hermann (gaaf) 2017-04-26 15:05:01.735-0500

I don't have debug logging of the crash. Regular logs show nothing of interest.

I now patched the ast_manager_build_bridge_state_string_prefix and t_manager_build_channel_state_string_prefix functions to check for NULL pointers to prevent the crash. So i won't be able to provide new backtraces for this specific crash.

I noticed that even though i had enable BETTER_BACKTRACES, i forgot to enable DONT_OPTiMIZE. While i can't undo the damage done by optimization, I still have the core file; i can provide backtraces of all threads. Would that still be be useful?

I don't know how to deliberately reproduce the crash. As said this is just a Dial to a pjsip channel on an inbound pjsip channel.

If no one has a clue where to look based on the backtrace i provided, maybe this won't be solvable
By: Joshua C. Colp (jcolp) 2017-04-27 12:10:27.235-0500

I've looked through the code and based on the backtrace I don't see how it would have actually happened. I think the only way to identify the cause would be to have a console log with debug enabled to show the series of events and actions leading up to the crash.
By: Asterisk Team (asteriskteam) 2017-05-12 12:00:02.110-0500

Suspended due to lack of activity. This issue will be automatically re-opened if the reporter posts a comment. If you are not the reporter and would like this re-opened please create a new issue instead. If the new issue is related to this one a link will be created during the triage process. Further information on issue tracker usage can be found in the Asterisk Issue Guidlines [1].

[1] https://wiki.asterisk.org/wiki/display/AST/Asterisk+Issue+Guidelines