[asterisk-bugs] [JIRA] (ASTERISK-25797) app_queue: Crash when calling a queue with a member with a forward to an nonexistent extension
Rusty Newton (JIRA)
noreply at issues.asterisk.org
Thu Aug 11 09:27:56 CDT 2016
[ https://issues.asterisk.org/jira/browse/ASTERISK-25797?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=231799#comment-231799 ]
Rusty Newton commented on ASTERISK-25797:
-----------------------------------------
ASTERISK-26286 duplicates this issue. The information from it should be useful for resolving this.
[~mjordan] had some analysis as well on the community forum: https://community.asterisk.org/t/asterisk-error-astobj2-c-user-data-is-null/49125/9
{quote}
@david551 is right in that fixing the issue where the forward fails would prevent the error from occurring. That being said, I think the continual errors that occur after failing to forward the Local channel occur are due to an improperly handled off-nominal condition.
I took a look at the log statement just prior to the errors being reported from astobj2:
{noformat}
if (ast_call(o->chan, stuff, 0)) {
ast_log(LOG_NOTICE, "Forwarding failed to dial '%s/%s'\n",
tech, stuff);
do_hang(o);
numnochan++;
}
}
ast_channel_publish_dial(qe->chan, o->chan, stuff, NULL);
ast_channel_publish_dial_forward(qe->chan, original, o->chan, NULL,
"CANCEL", ast_channel_call_forward(original));
{noformat}
You can see that if we log out Forwarding failed to dial ..., we immediately hangup the o channel:
{noformat}
static void do_hang(struct callattempt *o)
{
o->stillgoing = 0;
ast_hangup(o->chan);
o->chan = NULL;
}
{noformat}
Note that o->chan is now NULL.
Immediately after this, we attempt to raise events about the now cancelled dial:
{noformat}
ast_channel_publish_dial(qe->chan, o->chan, stuff, NULL);
ast_channel_publish_dial_forward(qe->chan, original, o->chan, NULL,
"CANCEL", ast_channel_call_forward(original));
{noformat}
Those function calls are going to try and interact with o->chan, which is now quite NULL.
{quote}
> app_queue: Crash when calling a queue with a member with a forward to an nonexistent extension
> ----------------------------------------------------------------------------------------------
>
> Key: ASTERISK-25797
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-25797
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: Applications/app_queue
> Affects Versions: 13.6.0, 13.7.2
> Environment: Debian 8.3 amd64
> Reporter: Etienne Lessard
> Assignee: Unassigned
> Attachments: AST-25797.backtrace.txt, AST-25797.debug.log, AST-25797.log, AST-25797.pcap
>
>
> Given I have a queue with 1 member: Alice (SIP/alice)
> Given Alice's phone has a forward (SIP native) to the 444 extension, and the 444 extension isn't defined in the dialplan
> When Bob calls the queue
> Then asterisk get stuck in what seems to be an infinite loop, consuming a lot of CPU time, and rapidly consuming (in the matter of seconds) all the available memory in the system, until the kernel OOM killer terminate the process
> In my example, I used the following queues.conf:
> {code}
> [sales]
> strategy = ringall
> member => SIP/alice
> {code}
> And the following extensions.conf:
> {code}
> [default]
> exten = 101,1,NoOp()
> same = n,Queue(sales)
> same = n,Hangup()
> {code}
> When Alice's phone receives a SIP INVITE from asterisk, since it has an unconditional forward enabled, it respond with a "302 Moved Temporarily" with the header "Contact: <sip:444 at 10.34.1.11>".
> I've attached the interesting part of the log.
> Thank you
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list