[Home]

Summary:ASTERISK-13029: Crash after attended transfer and call park
Reporter:Adam Lee (adam lee)Labels:
Date Opened:2008-11-06 22:32:05.000-0600Date Closed:2008-12-02 17:04:20.000-0600
Priority:CriticalRegression?No
Status:Closed/CompleteComponents:Channels/chan_sip/Transfers
Versions:Frequency of
Occurrence
Related
Issues:
Environment:Attachments:( 0) gdb.txt
Description:Hi all,

I found a crash case after attend transfer and call-park usages.

Here is my scenario:
Phone 1: 1001
Phone 2: 1002
Phone 3: 1003

Step 1: 1001 calls 1002, and 1002 answers the call.
Step 2: 1001 makes an attended transfer to 1003, and 1003 answers the call.
Step 3: 1001 hangups the call with 1003, and then 1002 communicates with 1003.
Step 4: 1002 makes a call-park to Asterisk. After Asterisk repeats the parking lot numbers to 1002, Asterisk disconnects the call with 1003 strangely.
Step 5: 1001 calls 1002 once again, and Asterisk crashes.

I verified the case on 1.4.22 and 1.4.20, and the crash situation happened on both versions. I doubt that Asterisk did not handle transferee well, and if transferee wants to do call transfer or call park, it would fail.
Comments:By: Adam Lee (adam lee) 2008-11-06 22:38:30.000-0600

Here are the debug messages:

*CLI>     -- Executing [1001@gDefaultGroup:1] Dial("SIP/1006-088d0690", "SIP/1001|20|Tt") in new stack
   -- Called 1001
   -- SIP/1001-088d8598 is ringing
   -- SIP/1001-088d8598 answered SIP/1006-088d0690
   -- Started music on hold, class 'default', on SIP/1001-088d8598
   -- <SIP/1006-088d0690> Playing 'pbx-transfer' (language 'en')
[Nov  7 12:03:19] WARNING[23260]: channel.c:2813 set_format: Unable to find a codec translation path from 0x100 (g729) to 0x40 (slin)
[Nov  7 12:03:19] WARNING[23260]: indications.c:121 playtones_alloc: Unable to set 'SIP/1006-088d0690' to signed linear format (write)
[Nov  7 12:03:21] WARNING[23260]: channel.c:2813 set_format: Unable to find a codec translation path from 0x100 (g729) to 0x40 (slin)
[Nov  7 12:03:21] WARNING[23260]: indications.c:121 playtones_alloc: Unable to set 'SIP/1006-088d0690' to signed linear format (write)
   -- Executing [1007@gDefaultGroup:1] Dial("Local/1007@gDefaultGroup-be0c,2", "SIP/1007|20|Tt") in new stack
   -- Called 1007
   -- SIP/1007-088e8de8 is ringing
   -- Local/1007@gDefaultGroup-be0c,1 is ringing
[Nov  7 12:03:21] WARNING[23260]: channel.c:2813 set_format: Unable to find a codec translation path from 0x100 (g729) to 0x40 (slin)
[Nov  7 12:03:21] WARNING[23260]: indications.c:121 playtones_alloc: Unable to set 'SIP/1006-088d0690' to signed linear format (write)
   -- Saved useragent "ICOM-UA/VP-71" for peer 1006
   -- SIP/1007-088e8de8 answered Local/1007@gDefaultGroup-be0c,2
   -- Packet2Packet bridging SIP/1006-088d0690 and SIP/1007-088e8de8
 == Spawn extension (gDefaultGroup, 1007, 1) exited non-zero on 'Local/1007@gDefaultGroup-be0c,2'
   -- Stopped music on hold on SIP/1001-088d8598
   -- <SIP/1007-088e8de8> Playing 'beep' (language 'en')
 == Spawn extension (gDefaultGroup, 1001, 1) exited non-zero on 'SIP/1006-088d0690'
   -- Started music on hold, class 'default', on SIP/1007-088e8de8
   -- <SIP/1001-088d8598> Playing 'pbx-transfer' (language 'en')
[Nov  7 12:03:31] WARNING[23263]: channel.c:2813 set_format: Unable to find a codec translation path from 0x100 (g729) to 0x40 (slin)
[Nov  7 12:03:31] WARNING[23263]: indications.c:121 playtones_alloc: Unable to set 'SIP/1001-088d8598' to signed linear format (write)
   -- Stopped music on hold on SIP/1007-088e8de8
   -- Started music on hold, class 'default', on SIP/1007-088e8de8
 == Parked SIP/1007-088e8de8 on 701@parkedcalls. Will timeout back to extension [gDefaultGroup] 1007, 1 in 45 seconds
   -- <SIP/1001-088d8598> Playing 'digits/7' (language 'en')
   -- <SIP/1001-088d8598> Playing 'digits/0' (language 'en')
   -- <SIP/1001-088d8598> Playing 'digits/1' (language 'en')
   -- Added extension '701' priority 1 to parkedcalls
   -- Stopped music on hold on SIP/1007-088e8de8
   -- Saved useragent "ICOM-UA/VP-71" for peer 1001
   -- Executing [1001@gDefaultGroup:1] Dial("SIP/1006-088e6c20", "SIP/1001|20|Tt") in new stack
   -- Called 1001
Segmentation fault
[root@localhost asterisk-1.4.22]#


*CLI> dialplan show
[ Context 'gDefaultGroup' created by 'pbx_config' ]
 Include =>        'LocalExt'                                    [pbx_config]
 Include =>        'parkedcalls'                                 [pbx_config]

[ Context 'LocalExt' created by 'pbx_config' ]
 '1001' =>         1. Dial(SIP/1001|20|Tt)                       [pbx_config]
                   2. Hangup()                                   [pbx_config]
 '1006' =>         1. Dial(SIP/1006|20|Tt)                       [pbx_config]
                   2. Hangup()                                   [pbx_config]
 '1007' =>         1. Dial(SIP/1007|20|Tt)                       [pbx_config]
                   2. Hangup()                                   [pbx_config]

[ Context 'default' created by 'pbx_config' ]

[ Context 'parkedcalls' created by 'res_features' ]
 '700' =>          1. Park()                                     [res_features]
By: David Woolley (davidw) 2008-11-07 05:43:45.000-0600

This looks like a features transfer, not a SIP transfer.

The extension numbers in your scenario don't match those in the trace or dialplan.

You appear to have negotiated G.729 as the codec, but without having G.729 codec support, so it is not possible to generate tones, which might, at least, be a co-factor.

You need to follow the correct protocol for crash reports, i.e. compile with NOOPTIMIZE set, run with core dumps enabled, and provide the required gdb back traces.
By: Adam Lee (adam lee) 2008-11-09 20:43:37.000-0600

I am sorry for my mistakes. I changed my dial-plan with different extension numbers. EXT 1002 is the EXT 1006 in my dial-plan, and EXT 1003 is the EXT 1007 in my dial-plan. And the issue is indeed not a SIP transfer issue and should be placed in feature category.

In order to debug the issue, I dump the gdb back traces as attachment. Thank you.
By: Terry Wilson (twilson) 2008-11-25 18:21:00.000-0600

I can reproduce this on my test machine.  I'll take a look at it.
By: Digium Subversion (svnbot) 2008-12-02 17:04:19.000-0600

Repository: asterisk
Revision: 160390

U   branches/1.4/res/res_features.c

------------------------------------------------------------------------
r160390 | twilson | 2008-12-02 17:04:18 -0600 (Tue, 02 Dec 2008) | 6 lines

A situation like A calls B, A builtin_atxfers B to C, C parks B would lead to a crash.  Thanks to file for telling me how to fix it!

(closes issue ASTERISK-13029)
Reported by: Adam Lee
Tested by: otherwiseguy

------------------------------------------------------------------------

http://svn.digium.com/view/asterisk?view=rev&revision=160390