Summary:ASTERISK-08912: Segfault on transfers from an incoming IAX2 or Zap, towards a Queue with Agents, through a Local Dial
Reporter:Corentin Le Gall (clegall_proformatique)Labels:
Date Opened:2007-03-01 05:01:15.000-0600Date Closed:2007-06-30 09:20:06
Versions:Frequency of
Environment:Attachments:( 0) backtrace.txt
( 1) backtrace2.txt
( 2) extensions1.conf
( 3) extensions2.conf
( 4) verbosedebug.txt
( 5) verbosedebug2.txt
Description:The following behaviour has been seen on Asterisk's 1.2.14 ; 1.2.15 ; 1.4.0.
It is better seen with the patch provided in ASTERISK-7849 (1.2 rev 56230, 1.4 r56231 and trunk 56323).

One SIP phone "100" is registered as "Agent 5100", and belongs to a Queue whose calling number is 6666.
The incoming IAX2 or Zap channel is defined in order to Dial this number 6666.
Please find details in the extensions1.conf attached.

When the Queue is called through one of these IAX2/Zap channels (there are then 2 Dial functions called), and once the SIP/100 has picked up the phone, there remains a NULL pointer hanging out, just waiting to segfault.

Then, a way to speed up the segfault might be to make an attended transfer to an other SIP phone (provided the above-mentioned patch is applied), or to issue (core) "show channels" (+ verbose, concise) commands to the CLI.

When replacing the rule Dial(6666) with a Goto(6666), however, everything goes fine (see the extensions2.conf attached).


If the segfault doesn't occur too early, one can see that the "BridgedTo" field of the first line of the (core) "show channels verbose" command changes from time to time : the pointer to this field has actually been freed.

The backtrace always begins with a call to ast_bridged_channel().
Comments:By: Serge Vecher (serge-v) 2007-03-01 09:38:17.000-0600

clegall_proformatique: is this an issue with 1.2/1.4 checked out from SVN, since that's where patches from 8064 went into -- the will incorporated into 1.2.16/1.4.1 whenever they are released.

By: Corentin Le Gall (clegall_proformatique) 2007-03-01 10:29:13.000-0600

serge-v, yes it is still an issue, despite the patches from ASTERISK-7849 (the ones from file are fine, by the way).

It has sth to do with the fact that Dial() function is called twice, see my extensions.conf attached.

The current issue ASTERISK-8912 still applies on :

* Asterisk SVN-branch-1.2-r57118 built by ...
* Asterisk SVN-trunk-r56209 built by ...
(the SVN tree is actually really updated to r56231 - I have CLI access issue with the latest r57290)

However, this current issue could fit the note 0057196 written by kibeki on ASTERISK-7849 issue, it depends on its dialplan.

By: Serge Vecher (serge-v) 2007-03-01 10:40:19.000-0600

ok, let's see the backtrace then, and verbosedebug.txt with sip debug, please.

By: Serge Vecher (serge-v) 2007-03-01 12:06:09.000-0600

ok, verbosedebug.txt is almost right, you need to have debug enabled for console in logger.conf. Also, it would be helpful to see an output of "thread apply all bt full"

By: Serge Vecher (serge-v) 2007-03-01 12:34:25.000-0600

thanks for quick responses!

By: Serge Vecher (serge-v) 2007-03-01 14:05:05.000-0600

inspecting bt in 7706 revealed that the crash there is also in ast_bridged_channel, after issuing "core show channels."

By: Joshua C. Colp (jcolp) 2007-03-01 16:23:45.000-0600

Fixed in 1.2 as of revision 57317, 1.4 as of revision 57318, and trunk as of revision 57319.