[asterisk-bugs] [JIRA] (ASTERISK-22689) Asterisk crashes when processing ISDN AoC Events

Matt Jordan (JIRA) noreply at issues.asterisk.org
Mon Oct 14 12:25:03 CDT 2013


Matt Jordan created ASTERISK-22689:
--------------------------------------

             Summary: Asterisk crashes when processing ISDN AoC Events
                 Key: ASTERISK-22689
                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-22689
             Project: Asterisk
          Issue Type: Bug
      Security Level: None
          Components: Core/ManagerInterface
    Affects Versions: 12.0.0-alpha1
         Environment: Astersik 12 SVN rev 400692
DAHDI 2.7.0.1
libpri 1.4.14
            Reporter: klaus3000


Asterisk receives AoC on hangup. It seems that Asterisk crashes when generating the AMI event.

The ISDN message with AoC:
{noformat}
    -- Channel DAHDI/i1/0125397831-1 left 'simple_bridge' basic-bridge <baee7f13-5d81-4af8-a213-4ab1a117e6d8>
  == Spawn extension (from_at43-filtered, 0125397831, 6) exited non-zero on 'SIP/at43-00000000'
PRI Span: 1 q931.c:7135 q931_hangup: Hangup other cref:32769
PRI Span: 1 q931.c:6892 __q931_hangup: ourstate Active, peerstate Active, hold-state Idle
PRI Span: 1 q931.c:6081 q931_disconnect: Call 32769 enters state 11 (Disconnect Request).  Hold state: Idle
PRI Span: 1
PRI Span: 1 > DL-DATA request
PRI Span: 1 > Protocol Discriminator: Q.931 (8)  len=9
PRI Span: 1 > TEI=0 Call Ref: len= 2 (reference 1/0x1) (Sent from originator)
PRI Span: 1 > Message Type: DISCONNECT (69)
PRI Span: 1 TEI=0 Transmitting N(S)=5, window is open V(A)=5 K=7
PRI Span: 1
PRI Span: 1 > Protocol Discriminator: Q.931 (8)  len=9
PRI Span: 1 > TEI=0 Call Ref: len= 2 (reference 1/0x1) (Sent from originator)
PRI Span: 1 > Message Type: DISCONNECT (69)
PRI Span: 1 > [08 02 81 90]
PRI Span: 1 > Cause (len= 4) [ Ext: 1  Coding: CCITT (ITU) standard (0)  Spare: 0  Location: Private network serving the local user (1)
PRI Span: 1 >                  Ext: 1  Cause: Normal Clearing (16), class = Normal Event (1) ]
    -- Hungup 'DAHDI/i1/0125397831-1'
PRI Span: 1
PRI Span: 1 < Protocol Discriminator: Q.931 (8)  len=36
PRI Span: 1 < TEI=0 Call Ref: len= 2 (reference 1/0x1) (Sent to originator)
PRI Span: 1 < Message Type: RELEASE (77)
PRI Span: 1 < [1c 14 91 a1 11 02 01 14 02 01 24 30 09 30 07 a1 05 30 03 02 01 01]
PRI Span: 1 < Facility (len=22, codeset=0) [ 0x91, 0xA1, 0x11, 0x02, 0x01, 0x14, 0x02, 0x01, '$0', 0x09, '0', 0x07, 0xA1, 0x05, '0', 0x03, 0x02, 0x01, 0x01 ]
PRI Span: 1 < [28 07 31 20 55 4e 49 54 53]
PRI Span: 1 < Display (len= 7) [ 1 UNITS ]
PRI Span: 1 Received message for call 0xb32aecd0 on link 0xb67ada54 TEI/SAPI 0/0
PRI Span: 1 -- Processing IE 28 (cs0, Facility)
PRI Span: 1 -- Processing IE 40 (cs0, Display)
PRI Span: 1 -- Delayed processing IE 28 (cs0, Facility)
PRI Span: 1 ASN.1 dump
PRI Span: 1   Context Specific/C [1 0x01] <A1> Len:17 <11>
PRI Span: 1     Integer(2 0x02) <02> Len:1 <01>
PRI Span: 1       <14> - "~"
PRI Span: 1     Integer(2 0x02) <02> Len:1 <01>
PRI Span: 1       <24> - "$"
PRI Span: 1     Sequence/C(48 0x30) <30> Len:9 <09>
PRI Span: 1       Sequence/C(48 0x30) <30> Len:7 <07>
PRI Span: 1         Context Specific/C [1 0x01] <A1> Len:5 <05>
PRI Span: 1           Sequence/C(48 0x30) <30> Len:3 <03>
PRI Span: 1             Integer(2 0x02) <02> Len:1 <01>
PRI Span: 1               <01> - "~"
PRI Span: 1 ASN.1 end
PRI Span: 1 INVOKE Component Context Specific/C [1 0x01]
PRI Span: 1   invokeId Integer(2 0x02) = 20 0x0014
PRI Span: 1   operationValue Integer(2 0x02) = 36 0x0024
PRI Span: 1   operationValue = ROSE_ETSI_AOCEChargingUnit
PRI Span: 1   chargingUnitInfo AOCEChargingUnitInfo Sequence/C(48 0x30)
PRI Span: 1   specificChargingUnits Sequence/C(48 0x30)
PRI Span: 1   recordedUnitsList RecordedUnitsList Context Specific/C [1 0x01]
PRI Span: 1   listEntry RecordedUnits Sequence/C(48 0x30)
PRI Span: 1   recordedNumberOfUnits Integer(2 0x02) = 1 0x0001
PRI Span: 1 q931.c:8997 post_handle_q931_message: Call 32769 enters state 0 (Null).  Hold state: Idle
Span 1: Processing event PRI_EVENT_HANGUP(6)
Segmentation fault (core dumped)
{noformat}


The backtrace:

{noformat}
Program terminated with signal 11, Segmentation fault.
#0  0x08170202 in ast_manager_build_channel_state_string_prefix (snapshot=0x0, prefix=0x823a3bb "") at manager_channels.c:386
386             if (snapshot->tech_properties & AST_CHAN_TP_INTERNAL) {
(gdb) bt
#0  0x08170202 in ast_manager_build_channel_state_string_prefix (snapshot=0x0, prefix=0x823a3bb "") at manager_channels.c:386
#1  0x081704bb in ast_manager_build_channel_state_string (snapshot=0x0) at manager_channels.c:437
#2  0x0807cb20 in aoc_to_ami (message=0xb3659814, event_name=0x820ac41 "AOC-E") at aoc.c:1803
#3  0x0807cc37 in aoc_e_to_ami (message=0xb3659814) at aoc.c:1828
#4  0x081d5c0e in stasis_message_to_ami (msg=0xb3659814) at stasis_message.c:161
#5  0x0815904a in manager_default_msg_cb (data=0x0, sub=0x898bfac, message=0xb3659814) at manager.c:1435
#6  0x081d602e in router_dispatch (data=0x898bf4c, sub=0x898bfac, message=0xb3659814) at stasis_message_router.c:193
#7  0x081ca9d4 in subscription_invoke (sub=0x898bfac, message=0xb3659814) at stasis.c:262
#8  0x081cb3e8 in dispatch_exec (local=0xb6de3280) at stasis.c:502
#9  0x081df40e in ast_taskprocessor_execute (tps=0x898c684) at taskprocessor.c:767
#10 0x081ddcc6 in default_tps_processing_function (data=0x898c63c) at taskprocessor.c:184
#11 0x081f0690 in dummy_start (data=0x898c6f0) at utils.c:1169
#12 0xb7253955 in start_thread (arg=0xb6de3b70) at pthread_create.c:300
#13 0xb76d71de in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130
{noformat}


--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.asterisk.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira



More information about the asterisk-bugs mailing list