ASTERISK-27707: Segfault after hanging up a queue call where Bridge() was used

[Home]

Summary: ASTERISK-27707: Segfault after hanging up a queue call where Bridge() was used

Reporter: laszlovl (lvl) Labels:

Date Opened: 2018-03-01 07:34:36.000-0600 Date Closed: 2018-03-01 07:38:52.000-0600

Priority: Major Regression?

Status: Closed/Complete Components: Applications/app_queue

Versions: 15.2.1 Frequency of
Occurrence

Related
Issues:
duplicates ASTERISK-27006 app_queue: Crash when hanging up with realtime queues

duplicates ASTERISK-27567 app_queue.so segfault

Environment: Attachments: ( 0) bt_full.txt

Description: Steps to reproduce:

1. Call into a queue
2. Have the queue dial an agent
3. Use AMI Redirect() + Bridge() to transfer the agent's channel elsewhere
4. Hangup the call

Around 30% of the time, Asterisk segfaults on https://github.com/asterisk/asterisk/blob/15.2/apps/app_queue.c#L6364 because caller_snapshot is NULL.

{quote}
#0 0x00007f9dbcab5cb3 in handle_hangup (userdata=0x7f9dd4002078, sub=0x7f9dd4018378, msg=0x7f9dfc0302b8) at app_queue.c:6364
queue_data = 0x7f9dd4002078
channel_blob = 0x7f9dfc02f088
caller_snapshot = 0x0
member_snapshot = 0x7f9df4003760
chan = 0x0
reason = CALLER

(gdb) print *queue_data
$2 = {
__field_mgr_pool = 0x7f9dd4002140,
caller_uniqueid = 0x7f9dd4002162 "acme01-1519904274.78",
member_uniqueid = 0x7f9dd400217c "acme01-1519904274.79",
bridge_uniqueid = 0x7f9dd4002196 "b72d5911-db0a-413c-b4a8-0b9549f4ca8c",
{quote}

Apparently, the member channel is sometimes already cleared from the Stasis cache by the time we reach ast_queue_log.

I suggest to at least add an ast_assert and/or null check for caller_snapshot & member_snapshot.

Comments: By: Asterisk Team (asteriskteam) 2018-03-01 07:34:37.431-0600

Thanks for creating a report! The issue has entered the triage process. That means the issue will wait in this status until a Bug Marshal has an opportunity to review the issue. Once the issue has been reviewed you will receive comments regarding the next steps towards resolution.

A good first step is for you to review the [Asterisk Issue Guidelines|https://wiki.asterisk.org/wiki/display/AST/Asterisk+Issue+Guidelines] if you haven't already. The guidelines detail what is expected from an Asterisk issue report.

Then, if you are submitting a patch, please review the [Patch Contribution Process|https://wiki.asterisk.org/wiki/display/AST/Patch+Contribution+Process].