[asterisk-bugs] [JIRA] (ASTERISK-22670) Asterisk crashes when processing ISDN AoC Events
Richard Mudgett (JIRA)
noreply at issues.asterisk.org
Tue Feb 17 11:55:36 CST 2015
[ https://issues.asterisk.org/jira/browse/ASTERISK-22670?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=224975#comment-224975 ]
Richard Mudgett commented on ASTERISK-22670:
--------------------------------------------
I have created a new patch on reviewboard: https://reviewboard.asterisk.org/r/4430/
> Asterisk crashes when processing ISDN AoC Events
> ------------------------------------------------
>
> Key: ASTERISK-22670
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-22670
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: Core/ManagerInterface
> Affects Versions: 12.0.0-alpha1
> Environment: Astersik 12 SVN rev 400692
> DAHDI 2.7.0.1
> libpri 1.4.14
> Reporter: klaus3000
> Assignee: Richard Mudgett
> Attachments: aoce-manager-handling-patch.diff
>
>
> Asterisk receives AoC on hangup. It seems that Asterisk crashes when generating the AMI event.
> The ISDN message with AoC:
> {noformat}
> -- Channel DAHDI/i1/0125397831-1 left 'simple_bridge' basic-bridge <baee7f13-5d81-4af8-a213-4ab1a117e6d8>
> == Spawn extension (from_at43-filtered, 0125397831, 6) exited non-zero on 'SIP/at43-00000000'
> PRI Span: 1 q931.c:7135 q931_hangup: Hangup other cref:32769
> PRI Span: 1 q931.c:6892 __q931_hangup: ourstate Active, peerstate Active, hold-state Idle
> PRI Span: 1 q931.c:6081 q931_disconnect: Call 32769 enters state 11 (Disconnect Request). Hold state: Idle
> PRI Span: 1
> PRI Span: 1 > DL-DATA request
> PRI Span: 1 > Protocol Discriminator: Q.931 (8) len=9
> PRI Span: 1 > TEI=0 Call Ref: len= 2 (reference 1/0x1) (Sent from originator)
> PRI Span: 1 > Message Type: DISCONNECT (69)
> PRI Span: 1 TEI=0 Transmitting N(S)=5, window is open V(A)=5 K=7
> PRI Span: 1
> PRI Span: 1 > Protocol Discriminator: Q.931 (8) len=9
> PRI Span: 1 > TEI=0 Call Ref: len= 2 (reference 1/0x1) (Sent from originator)
> PRI Span: 1 > Message Type: DISCONNECT (69)
> PRI Span: 1 > [08 02 81 90]
> PRI Span: 1 > Cause (len= 4) [ Ext: 1 Coding: CCITT (ITU) standard (0) Spare: 0 Location: Private network serving the local user (1)
> PRI Span: 1 > Ext: 1 Cause: Normal Clearing (16), class = Normal Event (1) ]
> -- Hungup 'DAHDI/i1/0125397831-1'
> PRI Span: 1
> PRI Span: 1 < Protocol Discriminator: Q.931 (8) len=36
> PRI Span: 1 < TEI=0 Call Ref: len= 2 (reference 1/0x1) (Sent to originator)
> PRI Span: 1 < Message Type: RELEASE (77)
> PRI Span: 1 < [1c 14 91 a1 11 02 01 14 02 01 24 30 09 30 07 a1 05 30 03 02 01 01]
> PRI Span: 1 < Facility (len=22, codeset=0) [ 0x91, 0xA1, 0x11, 0x02, 0x01, 0x14, 0x02, 0x01, '$0', 0x09, '0', 0x07, 0xA1, 0x05, '0', 0x03, 0x02, 0x01, 0x01 ]
> PRI Span: 1 < [28 07 31 20 55 4e 49 54 53]
> PRI Span: 1 < Display (len= 7) [ 1 UNITS ]
> PRI Span: 1 Received message for call 0xb32aecd0 on link 0xb67ada54 TEI/SAPI 0/0
> PRI Span: 1 -- Processing IE 28 (cs0, Facility)
> PRI Span: 1 -- Processing IE 40 (cs0, Display)
> PRI Span: 1 -- Delayed processing IE 28 (cs0, Facility)
> PRI Span: 1 ASN.1 dump
> PRI Span: 1 Context Specific/C [1 0x01] <A1> Len:17 <11>
> PRI Span: 1 Integer(2 0x02) <02> Len:1 <01>
> PRI Span: 1 <14> - "~"
> PRI Span: 1 Integer(2 0x02) <02> Len:1 <01>
> PRI Span: 1 <24> - "$"
> PRI Span: 1 Sequence/C(48 0x30) <30> Len:9 <09>
> PRI Span: 1 Sequence/C(48 0x30) <30> Len:7 <07>
> PRI Span: 1 Context Specific/C [1 0x01] <A1> Len:5 <05>
> PRI Span: 1 Sequence/C(48 0x30) <30> Len:3 <03>
> PRI Span: 1 Integer(2 0x02) <02> Len:1 <01>
> PRI Span: 1 <01> - "~"
> PRI Span: 1 ASN.1 end
> PRI Span: 1 INVOKE Component Context Specific/C [1 0x01]
> PRI Span: 1 invokeId Integer(2 0x02) = 20 0x0014
> PRI Span: 1 operationValue Integer(2 0x02) = 36 0x0024
> PRI Span: 1 operationValue = ROSE_ETSI_AOCEChargingUnit
> PRI Span: 1 chargingUnitInfo AOCEChargingUnitInfo Sequence/C(48 0x30)
> PRI Span: 1 specificChargingUnits Sequence/C(48 0x30)
> PRI Span: 1 recordedUnitsList RecordedUnitsList Context Specific/C [1 0x01]
> PRI Span: 1 listEntry RecordedUnits Sequence/C(48 0x30)
> PRI Span: 1 recordedNumberOfUnits Integer(2 0x02) = 1 0x0001
> PRI Span: 1 q931.c:8997 post_handle_q931_message: Call 32769 enters state 0 (Null). Hold state: Idle
> Span 1: Processing event PRI_EVENT_HANGUP(6)
> Segmentation fault (core dumped)
> {noformat}
> The backtrace:
> {noformat}
> Program terminated with signal 11, Segmentation fault.
> #0 0x08170202 in ast_manager_build_channel_state_string_prefix (snapshot=0x0, prefix=0x823a3bb "") at manager_channels.c:386
> 386 if (snapshot->tech_properties & AST_CHAN_TP_INTERNAL) {
> (gdb) bt
> #0 0x08170202 in ast_manager_build_channel_state_string_prefix (snapshot=0x0, prefix=0x823a3bb "") at manager_channels.c:386
> #1 0x081704bb in ast_manager_build_channel_state_string (snapshot=0x0) at manager_channels.c:437
> #2 0x0807cb20 in aoc_to_ami (message=0xb3659814, event_name=0x820ac41 "AOC-E") at aoc.c:1803
> #3 0x0807cc37 in aoc_e_to_ami (message=0xb3659814) at aoc.c:1828
> #4 0x081d5c0e in stasis_message_to_ami (msg=0xb3659814) at stasis_message.c:161
> #5 0x0815904a in manager_default_msg_cb (data=0x0, sub=0x898bfac, message=0xb3659814) at manager.c:1435
> #6 0x081d602e in router_dispatch (data=0x898bf4c, sub=0x898bfac, message=0xb3659814) at stasis_message_router.c:193
> #7 0x081ca9d4 in subscription_invoke (sub=0x898bfac, message=0xb3659814) at stasis.c:262
> #8 0x081cb3e8 in dispatch_exec (local=0xb6de3280) at stasis.c:502
> #9 0x081df40e in ast_taskprocessor_execute (tps=0x898c684) at taskprocessor.c:767
> #10 0x081ddcc6 in default_tps_processing_function (data=0x898c63c) at taskprocessor.c:184
> #11 0x081f0690 in dummy_start (data=0x898c6f0) at utils.c:1169
> #12 0xb7253955 in start_thread (arg=0xb6de3b70) at pthread_create.c:300
> #13 0xb76d71de in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130
> {noformat}
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list