Summary: | ASTERISK-04296: Attended Transfer causes Crash | ||
Reporter: | Trevor Peirce (trev) | Labels: | |
Date Opened: | 2005-05-28 09:49:35 | Date Closed: | 2008-01-15 15:36:31.000-0600 |
Priority: | Critical | Regression? | No |
Status: | Closed/Complete | Components: | Core/General |
Versions: | Frequency of Occurrence | ||
Related Issues: | |||
Environment: | Attachments: | ( 0) 4404.stable.patch.txt ( 1) fix-att-transfer.txt | |
Description: | Using SIP (did not test others), performing an attended transfer will cause asterisk to crash. All three parties can speak, but when the transferer hangs up to complete the transfer, asterisk will crash. Steps to reproduce: 1. With regular PSTN line, call your PRI 2. Answer the call with a phone plugged in to Linksys WRT54GP2-NA 3. Press flash and dial a number (eg. voicemail) 4. Press flash - you are now in a 3 way call 5. Hangup (to complete transfer), and asterisk will crash. Additionally, asterisk keeps crashing after it has restarted. I must run killall -9 asterisk safe_asterisk mpg123; service zaptel restart; safe_asterisk in order to get the system running again. ****** ADDITIONAL INFORMATION ****** (gdb) bt full #0 0x0074d363 in strchr () from /lib/tls/libc.so.6 No symbol table info available. #1 0x00159d33 in get_refer_info (sip_pvt=0x91e9b58, outgoing_req=0xb7cba770) at chan_sip.c:5767 p_refer_to = 0xb7cb1180 "8500" p_referred_by = 0xb7cb1180 "8500" h_refer_to = 0x4 "" h_referred_by = 0x4 "" h_contact = 0xb7cbaaf8 "Trevor Peirce <sip:digitalcon701@216.210.111.122:5060>" replace_callid = 0xb7cb10fc "4e4cbac4-b5b06dd8@216.210.111.122" refer_to = 0xb7cb1180 "8500" referred_by = 0x4 "" ptr = 0xb7cb1180 "8500" req = (struct sip_request *) 0x74ee51 sip_pvt_ptr = (struct sip_pvt *) 0x4 chan = (struct ast_channel *) 0x74ee51 peer = (struct ast_channel *) 0xb7cb24c2 #2 0x00156191 in handle_request_refer (p=0x91e9b58, req=0xb7cba770, debug=0, ignore=0, seqno=4, nounlock=0xb7cba6e8) at chan_sip.c:8864 c = (struct ast_channel *) 0x7219fb res = -1211426676 transfer_to = (struct ast_channel *) 0x0 #3 0x0014f7f1 in handle_request (p=0x91e9b58, req=0xb7cba770, sin=0xb7cba760, recount=0x4, nounlock=0x4) at chan_sip.c:9273 resp = {rlPart1 = 0x0, rlPart2 = 0x0, len = 0, headers = 0, method = 0, header = {0x0 <repeats 64 times>}, lines = 0, line = { 0x0 <repeats 64 times>}, data = '\0' <repeats 4095 times>} cmd = 0x0 cseq = 0x40404040 <Address 0x40404040 out of bounds> from = 0x40404040 <Address 0x40404040 out of bounds> useragent = 0x4 "" seqno = 103 len = 3 ignore = 0 respid = 200 res = 0 iabuf = '\0' <repeats 15 times> e = 0xb7cba98e "sip:2503917293@72.2.6.230" #4 0x0014d1e4 in sipsock_read (id=0x9185c38, fd=12, events=1, ignore=0x0) at chan_sip.c:9405 req = {rlPart1 = 0xb7cba988 "REFER", rlPart2 = 0xb7cba98e "sip:2503917293@72.2.6.230", len = 600, headers = 12, method = 0, header = { 0xb7cba988 "REFER", 0xb7cba9b1 "v: SIP/2.0/UDP 216.210.111.122:5060;branch=z9hG4bK-3133e766", 0xb7cba9ee "f: <sip:digitalcon701@216.210.111.122:5060>;tag=daadd280496dd7b6i0", 0xb7cbaa32 "t: \"PEIRCE T \" <sip:2503917293@72.2.6.230>;tag=as210df83b", 0xb7cbaa73 "b: Trevor Peirce <sip:digitalcon701@hysma.ca>", 0xb7cbaaa2 "i: 0e7686cc16812cc44d23120771b925f4@72.2.6.230", 0xb7cbaad2 "CSeq: 103 REFER", 0xb7cbaae3 "Max-Forwards: 70", 0xb7cbaaf5 "m: Trevor Peirce <sip:digitalcon701@216.210.111.122:5060>", 0xb7cbab30 "r: sip:8500@hysma.ca?Replaces=4e4cbac4%2Db5b06dd8%40216%2E210%2E111%2E122%3Bfrom-tag%3D825035d48644ae08o0%3Bto-tag%3Das33f16899", 0xb7cbabb1 "User-Agent: Linksys/RT31P2-2.0.12(LI)", 0xb7cbabd8 "l: 0", 0xb7cbabde "", 0x0 <repeats 51 times>}, lines = 0, line = {0xb7cbabe0 "", 0x0 <repeats 63 times>}, data = "REFER\000sip:2503917293@72.2.6.230\000SIP/2.0\000\000v: SIP/2.0/UDP 216.210.111.122:5060;branch=z9hG4bK-3133e766\000\000f: <sip:digitalcon701@216.210.111.122:5060>;tag=daadd280496dd7b6i0\000\000t: \"PEIRCE T \" <sip:2503"...} sin = {sin_family = 2, sin_port = 50195, sin_addr = {s_addr = 2054148824}, sin_zero = "\000\000\000\000\000\000\000"} p = (struct sip_pvt *) 0x91e9b58 res = 4 len = 16 nounlock = 0 recount = 0 iabuf = "&ASTERISK-1558;&ASTERISK-753;&ASTERISK-753;/&ASTERISK-753;C&ASTERISK-753;" ---Type <return> to continue, or q <return> to quit--- ASTERISK-1 0x080540ad in ast_io_wait (ioc=0x91758a0, howlong=4) at io.c:268 res = 1 x = 0 origcnt = 1 ASTERISK-2 0x00145c21 in do_monitor (data=0x0) at chan_sip.c:9552 res = 152535112 sip = (struct sip_pvt *) 0x9178048 peer = (struct sip_peer *) 0x9178048 t = 1117289047 fastrestart = 0 lastpeernum = -1 curpeernum = 2 reloading = 152535112 ASTERISK-3 0x0084798c in start_thread () from /lib/tls/libpthread.so.0 No symbol table info available. ASTERISK-4 0x007a27da in clone () from /lib/tls/libc.so.6 No symbol table info available. (gdb) | ||
Comments: | By: Trevor Peirce (trev) 2005-05-28 09:51:42 Console output doesn't appear to help much, but here it is so you need not ask :) -- SIP/digitalcon701-448c is ringing -- SIP/digitalcon701-448c answered Zap/1-1 -- Started music on hold, class 'default', on Zap/1-1 -- Executing VoiceMailMain("SIP/digitalcon701-90f2", "@digitalcon") in new stack -- Playing 'vm-login' (language 'en') -- Stopped music on hold on Zap/1-1 May 28 06:56:06 WARNING[24202]: chan_sip.c:5732 get_refer_info: Referred-by: Huh? Not a SIP header () Ignoring? callcentre*CLI> Disconnected from Asterisk server /usr/sbin/safe_asterisk: line 83: 24202 Segmentation fault (core dumped) asterisk ${CLIARGS} ${ASTARGS} 1>&/dev/${TTY} </dev/${TTY} Asterisk ended with exit status 139 Asterisk exited on signal 11. Automatically restarting Asterisk. [root@callcentre tmp]# /usr/sbin/safe_asterisk: line 83: 28532 Segmentation fault (core dumped) asterisk ${CLIARGS} ${ASTARGS} 1>&/dev/${TTY} </dev/${TTY} Asterisk ended with exit status 139 Asterisk exited on signal 11. Automatically restarting Asterisk. [root@callcentre tmp]# killal/usr/sbin/safe_asterisk: line 83: 28558 Segmentation fault (core dumped) asterisk ${CLIARGS} ${ASTARGS} 1>&/dev/${TTY} </dev/${TTY} Asterisk ended with exit status 139 Asterisk exited on signal 11. Automatically restarting Asterisk. By: Trevor Peirce (trev) 2005-05-29 19:31:51 Okay, here is an easy enough fix*, but it I think there is another problem here slightly beyond my knowledge of chan_sip.c which is the crash. There should be a more graceful way of erroring out rather than crashing if the Referred-By header seems absent. * See http://www.faqs.org/rfcs/rfc3892.html for the missing compact SIP header my patch adds. By: Mark Spencer (markster) 2005-05-30 09:47:50 Patch did not apply... Fixed in CVS head including the root source of the segfault. By: Michael Jerris (mikej) 2005-05-30 23:08:10 patch for stable, disclaimer on file. includes the fix from the patch. The "root cause" mark referred to does not exist in stable so that part of the patch ommited. By: Russell Bryant (russell) 2005-05-31 00:17:25 fixed in 1.0, thanks! By: Olle Johansson (oej) 2005-05-31 01:08:49 SIP is unfortunately not Core Asterisk. Please file a bug report in the proper category or people like me will miss it... By: Digium Subversion (svnbot) 2008-01-15 15:36:21.000-0600 Repository: asterisk Revision: 5787 U trunk/channels/chan_sip.c ------------------------------------------------------------------------ r5787 | markster | 2008-01-15 15:36:21 -0600 (Tue, 15 Jan 2008) | 2 lines Fix attended transfer crash (bug ASTERISK-4296 with changes) ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=5787 By: Digium Subversion (svnbot) 2008-01-15 15:36:31.000-0600 Repository: asterisk Revision: 5798 U branches/v1-0/channels/chan_sip.c ------------------------------------------------------------------------ r5798 | russell | 2008-01-15 15:36:30 -0600 (Tue, 15 Jan 2008) | 2 lines add "Referred-by" to the aliases list (bug ASTERISK-4296) ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=5798 |