| Summary: | ASTERISK-30035: ari: bridge addChannel race condition causes segfault | ||||
| Reporter: | Richard Johnson (rjohnsondev) | Labels: | |||
| Date Opened: | 2022-04-28 07:35:29 | Date Closed: | |||
| Priority: | Major | Regression? | No | ||
| Status: | Open/New | Components: | Applications/app_stasis Resources/res_ari Resources/res_ari_bridges | ||
| Versions: | 18.11.1 18.11.2 | Frequency of Occurrence | Frequent | ||
| Related Issues: |
| ||||
| Environment: | linux debian buster | Attachments: | ( 0) core-asterisk-2022-04-28T03-09-04Z-brief.txt ( 1) core-asterisk-2022-04-28T03-09-17Z-brief.txt ( 2) core-asterisk-2022-04-28T04-14-03Z-brief.txt ( 3) docker_bundle.tar.gz ( 4) main.py | ||
| Description: | There is a race condition when calling /bridges/xx/addChannel which results in asterisk crashing.
Here is some example code to reproduce the issue: https://gist.github.com/rjohnsondev/babfd730d0076eb7c3404cd8c0c85d3d PJSUA was used as a quick client to test against: {{./pjsua-x86_64-unknown-linux-gnu --color --realm=\* --no-tcp --auto-answer=200 --max-calls=4}} The issue appears to be when https://github.com/asterisk/asterisk/blob/master/res/stasis/control.c#L1335 removes the bridge_features on the channel control while performing the swap in https://github.com/asterisk/asterisk/blob/master/res/ari/resource_bridges.c#L230 If a secondary request to move the channel to a different bridge is received while this is happening, the bridge_features on the control for the channel will be NULL while attempting to update the features in https://github.com/asterisk/asterisk/blob/master/res/ari/resource_bridges.c#L222 | ||||
| Comments: | By: Asterisk Team (asteriskteam) 2022-04-28 07:35:31.195-0500 Thanks for creating a report! The issue has entered the triage process. That means the issue will wait in this status until a Bug Marshal has an opportunity to review the issue. Once the issue has been reviewed you will receive comments regarding the next steps towards resolution. Please note that log messages and other files should not be sent to the Sangoma Asterisk Team unless explicitly asked for. All files should be placed on this issue in a sanitized fashion as needed. A good first step is for you to review the [Asterisk Issue Guidelines|https://wiki.asterisk.org/wiki/display/AST/Asterisk+Issue+Guidelines] if you haven't already. The guidelines detail what is expected from an Asterisk issue report. Then, if you are submitting a patch, please review the [Patch Contribution Process|https://wiki.asterisk.org/wiki/display/AST/Patch+Contribution+Process]. Please note that once your issue enters an open state it has been accepted. As Asterisk is an open source project there is no guarantee or timeframe on when your issue will be looked into. If you need expedient resolution you will need to find and pay a suitable developer. Asking for an update on your issue will not yield any progress on it and will not result in a response. All updates are posted to the issue when they occur. Please note that by submitting data, code, or documentation to Sangoma through JIRA, you accept the Terms of Use present at [https://www.asterisk.org/terms-of-use/|https://www.asterisk.org/terms-of-use/]. By: Richard Johnson (rjohnsondev) 2022-04-28 07:40:13.710-0500 Quick python script to reproduce the issue By: Joshua C. Colp (jcolp) 2022-04-28 07:41:34.221-0500 Thank you for the crash report. However, we need more information to investigate the crash. Please provide: 1. A backtrace generated from a core dump using the instructions provided on the Asterisk wiki [1]. 2. Specific steps taken that lead to the crash. 3. All configuration information necesary to reproduce the crash. Thanks! [1]: https://wiki.asterisk.org/wiki/display/AST/Getting+a+Backtrace By: Richard Johnson (rjohnsondev) 2022-04-28 07:42:04.574-0500 example tracebacks By: Richard Johnson (rjohnsondev) 2022-04-28 07:56:24.498-0500 Updated description with more detailed information By: George Joseph (gjoseph) 2022-04-29 11:43:41.626-0500 When I run your {{main.py}} I get... {code} python ./main.py Bridges created ['1afc0775-6b09-4d6b-a5ff-57447cea2720', 'a3049cde-7f8d-46c2-9e62-6944e91fddfb', '0e72d1b8-da23-4df4-8f7a-af37c1afb199', '2262d21e-03c6-4aab-8225-7c0bfa3046c5'] Traceback (most recent call last): File "/usr/src/asterisk/debugging/ASTERISK/30035/./main.py", line 81, in <module> start() File "/usr/src/asterisk/debugging/ASTERISK/30035/./main.py", line 65, in start channels.append(resp_json["id"]) KeyError: 'id' {code} What other configuration is required? pjsip.conf, extensions.conf, etc? By: Richard Johnson (rjohnsondev) 2022-04-29 20:45:14.141-0500 Apologies, I believe this would have been caused by the sip services completing for port 5060 with the softphone. It may be enough for you to grab the pjsip.conf file, however to try and make things simplier I have gone a step further and included a full docker build, config and instructions to reproduce the crash. Please see the readme.md file in https://issues.asterisk.org/jira/secure/attachment/61454/docker_bundle.tar.gz for step-by-step instructions This dockerfile performs an asterisk build, runs it with core dumping functionality enabled, and provides an environment that the script can run in. I hope it's useful! By: George Joseph (gjoseph) 2022-05-02 06:27:43.921-0500 I was able to reproduce. Thanks for the info. | ||||