[asterisk-bugs] [LibPRI 0014335]: Crash on pri_schedule_event - t200_expire
Asterisk Bug Tracker
noreply at bugs.digium.com
Mon Feb 2 21:22:33 CST 2009
A NOTE has been added to this issue.
======================================================================
http://bugs.digium.com/view.php?id=14335
======================================================================
Reported By: ricvil
Assigned To: mattf
======================================================================
Project: LibPRI
Issue ID: 14335
Category: General
Reproducibility: random
Severity: crash
Priority: normal
Status: assigned
Asterisk Version: 1.4.22
SVN Branch (only for SVN checkouts, not tarball releases): N/A
SVN Revision (number only!):
Disclaimer on File?: N/A
Request Review:
======================================================================
Date Submitted: 2009-01-26 10:56 CST
Last Modified: 2009-02-02 21:22 CST
======================================================================
Summary: Crash on pri_schedule_event - t200_expire
Description:
I have had multiple crashes using libpri 1.4.7 (see
http://bugs.digium.com/view.php?id=14243).
I now upgraded to libpri 1.4.9 (same Asterisk 1.4.22) and the issue still
happens. Compiled with DONT_OPTIMIZE, DEBUG_CHANNEL_LOCK, and
DEBUG_THREADS
Here is the latest crash from today:
Program terminated with signal 11, Segmentation fault.
http://bugs.digium.com/view.php?id=0 0x009d6ce2 in pri_schedule_event
(pri=0x12, ms=0, function=0x9d43a4
<t200_expire>, data=0xb7a502e0) at prisched.c:44
44 while (pri->master)
(gdb) bt
http://bugs.digium.com/view.php?id=0 0x009d6ce2 in pri_schedule_event
(pri=0x12, ms=0, function=0x9d43a4
<t200_expire>, data=0xb7a502e0) at prisched.c:44
http://bugs.digium.com/view.php?id=1 0x009d3c0f in reschedule_t200
(pri=0xb7a502e0) at q921.c:259
http://bugs.digium.com/view.php?id=2 0x009d4ba7 in q921_transmit_iframe
(pri=0xb7a502e0, buf=0x5725b50,
len=9, cr=1) at q921.c:537
http://bugs.digium.com/view.php?id=3 0x009dd489 in q931_xmit (pri=0xb7a502e0,
h=0x5725b50, len=9, cr=1) at
q931.c:2611
http://bugs.digium.com/view.php?id=4 0x009dd682 in send_message
(pri=0xb7d73540, c=0xb7a383a0, msgtype=69,
ies=0x9f501c) at q931.c:2654
http://bugs.digium.com/view.php?id=5 0x009de935 in q931_disconnect
(pri=0xb7d73540, c=0xb7a383a0, cause=16)
at q931.c:3020
http://bugs.digium.com/view.php?id=6 0x009df2a3 in q931_hangup (pri=0xb7d73540,
c=0xb7a383a0, cause=16) at
q931.c:3230
http://bugs.digium.com/view.php?id=7 0x009d2693 in pri_hangup (pri=0xb7d73540,
call=0xb7a383a0, cause=16)
at pri.c:623
http://bugs.digium.com/view.php?id=8 0x012e9851 in dahdi_hangup
(ast=0xb7a0b9a8) at chan_dahdi.c:2718
http://bugs.digium.com/view.php?id=9 0x08087ae3 in ast_hangup (chan=0xb7a0b9a8)
at channel.c:1507
http://bugs.digium.com/view.php?id=10 0x080d6245 in __ast_pbx_run (c=0xb7a0b9a8)
at pbx.c:2561
http://bugs.digium.com/view.php?id=11 0x080d6495 in pbx_thread (data=0xb7a0b9a8)
at pbx.c:2621
http://bugs.digium.com/view.php?id=12 0x08119e13 in dummy_start
(data=0xb7a6d360) at utils.c:912
http://bugs.digium.com/view.php?id=13 0x0067946b in start_thread () from
/lib/libpthread.so.0
http://bugs.digium.com/view.php?id=14 0x005d0dbe in clone () from /lib/libc.so.6
(gdb)
I will attach the full backtrace on file backtrace1.txt
======================================================================
----------------------------------------------------------------------
(0099314) ricvil (reporter) - 2009-02-02 21:22
http://bugs.digium.com/view.php?id=14335#c99314
----------------------------------------------------------------------
Looking at the last few lines of the log with pri debug enabled I see one
call with a strange 'Cause: Invalid call reference value' then a few more
seconds of calls and then the crash (not sure if its related but the
backtrace indicates pri_release_timeout issues). These are the lines:
[Feb 2 20:05:25] VERBOSE[6376] logger.c: NEW_HANGUP DEBUG: Calling
q931_hangup, ourstate Active, peerstate Active
[Feb 2 20:05:25] VERBOSE[6376] logger.c: q931.c:3009 q931_disconnect:
call 2454 on channel 2 enters state 11 (Disconnect Request)
[Feb 2 20:05:25] VERBOSE[6376] logger.c: > Protocol Discriminator: Q.931
(8) len=9
[Feb 2 20:05:25] VERBOSE[6376] logger.c: > Call Ref: len= 2 (reference
2454/0x996) (Terminator)
[Feb 2 20:05:25] VERBOSE[6376] logger.c: > Message type: DISCONNECT (69)
[Feb 2 20:05:25] VERBOSE[6376] logger.c: > [08 02 81 90]
[Feb 2 20:05:25] VERBOSE[6376] logger.c: > Cause (len= 4) [ Ext: 1
Coding: CCITT (ITU) standard (0) Spare: 0 Location: Private network
serving the local user (1)
[Feb 2 20:05:25] VERBOSE[6376] logger.c: > Ext: 1
Cause: Normal Clearing (16), class = Normal Event (1) ]
[Feb 2 20:05:25] VERBOSE[6376] logger.c: -- Hungup 'DAHDI/50-1'
[Feb 2 20:05:25] VERBOSE[6376] logger.c: -- fixed jitterbuffer
destroyed on channel DAHDI/50-1
[Feb 2 20:05:25] VERBOSE[14361] logger.c: < Protocol Discriminator: Q.931
(8) len=9
[Feb 2 20:05:25] VERBOSE[14361] logger.c: < Call Ref: len= 2 (reference
2454/0x996) (Originator)
[Feb 2 20:05:25] VERBOSE[14361] logger.c: < Message type: RELEASE
COMPLETE (90)
[Feb 2 20:05:25] VERBOSE[14361] logger.c: < [08 02 81 d1]
[Feb 2 20:05:25] VERBOSE[14361] logger.c: < Cause (len= 4) [ Ext: 1
Coding: CCITT (ITU) standard (0) Spare: 0 Location: Private network
serving the local user (1)
[Feb 2 20:05:25] VERBOSE[14361] logger.c: < Ext: 1
Cause: Invalid call reference value (81), class = Invalid message (e.g.
parameter out of range) (5) ]
[Feb 2 20:05:25] VERBOSE[14361] logger.c: -- Processing IE 8 (cs0,
Cause)
[Feb 2 20:05:25] VERBOSE[14361] logger.c: q931.c:3760 q931_receive: call
2454 on channel 2 enters state 0 (Null)
[Feb 2 20:05:25] VERBOSE[14361] logger.c: NEW_HANGUP DEBUG: Calling
q931_hangup, ourstate Null, peerstate Null
[Feb 2 20:05:25] VERBOSE[14361] logger.c: NEW_HANGUP DEBUG: Destroying
the call, ourstate Null, peerstate Null
.
.
.
.
.
[Feb 2 20:05:47] VERBOSE[14361] logger.c: < Protocol Discriminator: Q.931
(8) len=9
[Feb 2 20:05:47] VERBOSE[14361] logger.c: < Call Ref: len= 2 (reference
2450/0x992) (Originator)
[Feb 2 20:05:47] VERBOSE[14361] logger.c: < Message type: RELEASE (77)
[Feb 2 20:05:47] VERBOSE[14361] logger.c: < [08 02 81 90]
[Feb 2 20:05:47] VERBOSE[14361] logger.c: < Cause (len= 4) [ Ext: 1
Coding: CCITT (ITU) standard (0) Spare: 0 Location: Private network
serving the local user (1)
[Feb 2 20:05:47] VERBOSE[14361] logger.c: < Ext: 1
Cause: Normal Clearing (16), class = Normal Event (1) ]
[Feb 2 20:05:47] VERBOSE[14361] logger.c: -- Processing IE 8 (cs0,
Cause)
[Feb 2 20:05:47] VERBOSE[14361] logger.c: q931.c:3795 q931_receive: call
2450 on channel 8 enters state 0 (Null)
[Feb 2 20:05:47] VERBOSE[14361] logger.c: NEW_HANGUP DEBUG: Calling
q931_hangup, ourstate Null, peerstate Release Request
[Feb 2 20:05:47] VERBOSE[14361] logger.c: > Protocol Discriminator: Q.931
(8) len=9
[Feb 2 20:05:47] VERBOSE[14361] logger.c: > Call Ref: len= 2 (reference
2450/0x992) (Terminator)
[Feb 2 20:05:47] VERBOSE[14361] logger.c: > Message type: RELEASE
COMPLETE (90)
[Feb 2 20:05:47] VERBOSE[14361] logger.c: > [08 02 81 90]
[Feb 2 20:05:47] VERBOSE[14361] logger.c: > Cause (len= 4) [ Ext: 1
Coding: CCITT (ITU) standard (0) Spare: 0 Location: Private network
serving the local user (1)
[Feb 2 20:05:47] VERBOSE[14361] logger.c: > Ext: 1
Cause: Normal Clearing (16), class = Normal Event (1) ]
[Feb 2 20:05:47] VERBOSE[14361] logger.c: NEW_HANGUP DEBUG: Calling
q931_hangup, ourstate Null, peerstate Null
[Feb 2 20:05:47] VERBOSE[14361] logger.c: NEW_HANGUP DEBUG: Destroying
the call, ourstate Null, peerstate Null
.
.
.CRASH....
Issue History
Date Modified Username Field Change
======================================================================
2009-02-02 21:22 ricvil Note Added: 0099314
======================================================================
More information about the asterisk-bugs
mailing list