Summary:ASTERISK-25185: Segfault in app_queue on transfer scenarios
Reporter:Etienne Lessard (hexanol)Labels:
Date Opened:2015-06-23 12:55:41Date Closed:2015-09-19 09:17:06
Versions:13.4.0 Frequency of
is duplicated byASTERISK-25303 Error 4 in app_queue.so in 13.1-cert2
is related toASTERISK-25187 Caller or member information missing from app_queue AgentComplete event
Environment:Attachments:( 0) ASTERISK-25185-workaround.patch
( 1) extensions.conf
( 2) gdb-AST-25185-attended-xfer.txt
( 3) gdb-AST-25185-blind-xfer.txt
( 4) queues.conf
( 5) sip.conf

A segfault happens in asterisk in the following scenario:

Given I have 2 users, Alice and Bob, each with a SIP phone (using chan_sip)
Given I have a queue Foo, with member Bob
When Alice calls the queue Foo
And Bob answers the calls
And Alice then does a direct transfer (SIP native) to another extension
Then asterisk segfaults

There is another similar scenario where a segfault happens:

Given I have 3 users, Alice, Bob and Carol, each with a SIP phone (using chan_sip)
Given I have a queue Foo, with member Bob
When Carol calls Alice
And Alice begins an attended transfer to the queue Foo
And Bob answers the calls
And Alice finalize the attended transfer
Then asterisk segfaults

This happens in a systematic way. I'll attach some gdb output for each scenario.

Thank you
Comments:By: Rusty Newton (rnewton) 2015-06-23 18:12:20.060-0500

Thanks for the report.

Are you able to reproduce the issue with a minimal .conf file configuration? Can you provide a few configuration files that would allow reproduction?

queues.conf, sip.conf, extensions.conf may all be necessary.

By: Etienne Lessard (hexanol) 2015-06-25 07:32:37.132-0500

Here's the requested configuration files, with a minimal config.

By: Etienne Lessard (hexanol) 2015-07-16 07:28:03.109-0500

I've written a small "workaround" that prevents the segfaults, so I'm attaching it to this ticket; that said I don't know if it's the "right" solution.

Also, I've realized that there's a link between this bug and ASTERISK-25187, i.e. both bug happens because the caller's snapshot is null (the other bug can also happens when the member's snapshot is null).

By: Steve Orner (sorner) 2015-11-01 12:08:22.637-0600

Can anyone confirm if this is only a 13.4 issue that was fixed in 13.6, or if this would also exist in certified 13.1? I'm on 13.4 and I am considering downgrading to certified 13.1 for my production server.

By: Kevin Harwell (kharwell) 2015-11-02 09:18:17.526-0600

The fix for this was put into 13.6 thus would not be in the current certified branch (13.1-cert2), so I would assume the bug would exist in the certified branch.

By: Mario Lenis (mario.lenis) 2017-07-31 10:06:43.622-0500

I have this issue in Asterisk 13.17.

This is the scenario:
1. Call enters to a Queue A and is received by Agent A
2. Agent A executes an attended transfer to a Queue B and hangs up before someone answers
3. The trasnfered call is not answered since Queue B has callback agents and none answers.
4. The attended transfer fails (beeperr) but the original channel had been optimized.
5. Asterisk stops.

This is the backtrace of the issue.

By: Joshua C. Colp (jcolp) 2017-07-31 10:17:12.123-0500

[~mario.lenis] This issue has been closed as fixed. Please create a new issue with the information and attach any files.

By: Richard Mudgett (rmudgett) 2017-07-31 10:18:30.578-0500

This issue has been closed for nearly two years.  Please open a new issue and follow the issue guidelines.

By: Kevin Harwell (kharwell) 2017-07-31 10:28:57.450-0500

[~mario.lenis] Your crash looks very similar to the one reported by ASTERISK-27006. Perhaps just a different way of duplicating it.