Summary: | ASTERISK-15457: asterisk crashes while fax sending | ||
Reporter: | krn (krn) | Labels: | |
Date Opened: | 2010-01-18 10:30:46.000-0600 | Date Closed: | 2010-02-02 16:32:58.000-0600 |
Priority: | Critical | Regression? | No |
Status: | Closed/Complete | Components: | Channels/chan_sip/T.38 |
Versions: | Frequency of Occurrence | ||
Related Issues: | |||
Environment: | Attachments: | ( 0) gdb.txt | |
Description: | [general] t38pt_udptl=yes #next three lines makes no changes t38pt_rtp=yes t38pt_usertpsource=yes faxdetect = yes [provider] type=peer host=sip.provider.com fromdomain=sip.provider.com context=incoming-from-prov port=5065 defaultuser=user secret=password fromuser=user call-limit=10 canreinvite=yes insecure=invite,port nat=no disallow=all allow=ulaw allow=alaw dtmfmode=rfc2833 [IntUser] type=friend host=dynamic context=office-internal defaultuser=intuser secret=password callgroup=3 pickupgroup=3 callerid=103 User canreinvite=yes qualify=30000 call-limit=2 t38pt_udptl=yes disallow=all allow=ulaw allow=alaw t38pt_udptl=yes faxdetect=yes dtmfmode=rfc2833 nat=no IntUser - ATA Linksys SPA2102 with fax attached T.38 with reinvite, vad disabled, external non-firewalled ip Messages before crash: WARNING[11356]: udptl.c:766 calculate_far_max_ifp: (no tag): Cannot calculate far_max_ifp before far_max_datagram has been set. WARNING[11389]: udptl.c:725 calculate_local_max_datagram: (no tag): Cannot calculate local_max_datagram before local_max_ifp has been set. WARNING[11389]: udptl.c:766 calculate_far_max_ifp: (SIP/xxxxxxxxxxxxxx): Cannot calculate far_max_ifp before far_max_datagram has been set. | ||
Comments: | By: Trevor Peirce #2 (digitalc) 2010-01-26 02:03:14.000-0600 Also in 1.6.1.13. Linksys ATA on one side calling a T.38 compatible gateway on the other side.. Upon T.38 negotiation, asterisk crashes. Program terminated with signal 11, Segmentation fault. ... #0 0x0814947a in ast_udptl_write (s=0xffffffff, f=0xffffffff) at udptl.c:1067 1067 if (len > 0 && s->them.sin_port && s->them.sin_addr.s_addr) { (gdb) (gdb) bt full #0 0x0814947a in ast_udptl_write (s=0xffffffff, f=0xffffffff) at udptl.c:1067 seq = 0 len = 165 res = 0 buf = 0xc0ff <Address 0xc0ff out of bounds> __PRETTY_FUNCTION__ = "ast_udptl_write" By: krn (krn) 2010-01-26 03:17:52.000-0600 digitalc, later I've found the same error in cache of google it's hidden now https://issues.asterisk.org/view.php?id=16485 I will try to use trunk 807,815d808 < < if ((new_max < 80) && (udptl->error_correction_entries > 1)) { < /* the max ifp is not large enough, subtract an < * error correction entry and calculate again < * */ < --udptl->error_correction_entries; < } else { < break; < } By: Raivis Rengelis (raivisr) 2010-01-26 16:07:09.000-0600 same crash in 1.6.2.243297 (latest 1.6.2 svn revision) #0 0x0815517e in ast_udptl_write (s=0x0, f=0x0) at udptl.c:1074 1074 if (len > 0 && s->them.sin_port && s->them.sin_addr.s_addr) { (gdb) bt full #0 0x0815517e in ast_udptl_write (s=0x0, f=0x0) at udptl.c:1074 seq = 0 len = 186 res = 0 buf = 0x0 __PRETTY_FUNCTION__ = "ast_udptl_write" By: Raivis Rengelis (raivisr) 2010-01-26 16:43:12.000-0600 just tested on svn trunk rev 243383 and got the same crash. * is compiled with DONT_OPTIMIZE option otherwise ReceiveFAX crashes as well. By: Trevor Peirce #2 (digitalc) 2010-01-26 23:18:41.000-0600 Another crash while attempting to send a fax via the same asterisk 1.6.1.13: -- Called sipgateway/12345678901 -- SIP/sipgateway-00000005 is making progress passing it to SIP/customerfax2-00000004 -- SIP/sipgateway-00000005 answered SIP/customerfax2-00000004 -- Packet2Packet bridging SIP/customerfax2-00000004 and SIP/sipgateway-00000005 [Jan 26 21:08:47] WARNING[9846]: udptl.c:766 calculate_far_max_ifp: (no tag): Cannot calculate far_max_ifp before far_max_datagram has been set. [Jan 26 21:08:47] WARNING[12569]: udptl.c:725 calculate_local_max_datagram: (SIP/blah-fax2): Cannot calculate local_max_datagram before local_max_ifp has been set. [Jan 26 21:09:07] NOTICE[12569]: udptl.c:1069 ast_udptl_write: (SIP/12345678901): UDPTL Transmission error to 1.2.3.4:33824: Bad address my*CLI> Disconnected from Asterisk server (gdb) bt full #0 0xb751dde4 in ao2_unlock@plt () from /usr/lib/asterisk/modules/chan_sip.so No symbol table info available. #1 0xb752cf45 in sip_write (ast=0x0, frame=0x0) at chan_sip.c:5890 p = (struct sip_pvt *) 0x0 res = 0 __PRETTY_FUNCTION__ = "sip_write" #2 0x00000000 in ?? () No symbol table info available. By: Raivis Rengelis (raivisr) 2010-01-27 03:00:53.000-0600 if that helps anyhow, my provider has Patton SN2400 on their end and this device does not send T38FaxMaxDatagram in SIP dialog. By: Raivis Rengelis (raivisr) 2010-01-27 11:11:13.000-0600 with following hack I got it running to some extent, at least no more segfaults: --- asterisk.orig/channels/chan_sip.c 2010-01-27 15:15:20.000000000 +0200 +++ asterisk/channels/chan_sip.c 2010-01-27 16:28:57.000000000 +0200 @@ -5300,6 +5300,18 @@ static void change_t38_state(struct sip_ if (!chan) return; + /* if remote end did not send their T38FaxMaxDatagram, + * set it to configured value + */ + if (state == T38_PEER_REINVITE || state == T38_ENABLED) + { + if (ast_udptl_get_far_max_datagram(p->udptl) == -1) + { + ast_udptl_set_far_max_datagram(p->udptl, p->t38_maxdatagram); + ast_log(LOG_WARNING,"MaxDatagram has not been set, defaulting to %d",p->t38_maxdatagram); + } + } + /* Given the state requested and old state determine what control frame we want to queue up */ if (state == T38_PEER_REINVITE) { parameters = p->t38.their_parms; patch is for asterisk svn trunk version and requires maxdatagram option to be set either in sip general or for specific peer. By: Trevor Peirce #2 (digitalc) 2010-01-27 21:47:22.000-0600 raivisr, I can confirm that your hack solves the crashing with 1.6.1.13. Thanks. By: Leif Madsen (lmadsen) 2010-01-28 10:15:02.000-0600 OK, marking this as private now that it is assigned to dvossel. This is definitely a duplicate of the other open issues, which are currently being worked on by dvossel as this is considered a security issue. By: Digium Subversion (svnbot) 2010-02-02 16:27:25.000-0600 Repository: asterisk Revision: 244443 U trunk/channels/chan_sip.c U trunk/include/asterisk/udptl.h U trunk/main/udptl.c ------------------------------------------------------------------------ r244443 | dvossel | 2010-02-02 16:27:24 -0600 (Tue, 02 Feb 2010) | 18 lines fixes crash during T.38 negotiation caused by invalid or missing FaxMaxDatagram field AST-2010-001 (closes issue ASTERISK-15457) Reported by: krn (closes issue ASTERISK-15538) Reported by: barthpbx (closes issue ASTERISK-15371) Reported by: bklang (closes issue ASTERISK-15343) Reported by: elsto ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=244443 By: Digium Subversion (svnbot) 2010-02-02 16:29:38.000-0600 Repository: asterisk Revision: 244445 _U branches/1.6.2/ U branches/1.6.2/channels/chan_sip.c U branches/1.6.2/include/asterisk/udptl.h U branches/1.6.2/main/udptl.c ------------------------------------------------------------------------ r244445 | dvossel | 2010-02-02 16:29:38 -0600 (Tue, 02 Feb 2010) | 23 lines Merged revisions 244443 via svnmerge from https://origsvn.digium.com/svn/asterisk/trunk ........ r244443 | dvossel | 2010-02-02 16:27:23 -0600 (Tue, 02 Feb 2010) | 18 lines fixes crash during T.38 negotiation caused by invalid or missing FaxMaxDatagram field AST-2010-001 (closes issue ASTERISK-15457) Reported by: krn (closes issue ASTERISK-15538) Reported by: barthpbx (closes issue ASTERISK-15371) Reported by: bklang (closes issue ASTERISK-15343) Reported by: elsto ........ ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=244445 By: Digium Subversion (svnbot) 2010-02-02 16:31:31.000-0600 Repository: asterisk Revision: 244446 _U branches/1.6.1/ U branches/1.6.1/channels/chan_sip.c U branches/1.6.1/include/asterisk/udptl.h U branches/1.6.1/main/udptl.c ------------------------------------------------------------------------ r244446 | dvossel | 2010-02-02 16:31:30 -0600 (Tue, 02 Feb 2010) | 23 lines Merged revisions 244443 via svnmerge from https://origsvn.digium.com/svn/asterisk/trunk ........ r244443 | dvossel | 2010-02-02 16:27:23 -0600 (Tue, 02 Feb 2010) | 18 lines fixes crash during T.38 negotiation caused by invalid or missing FaxMaxDatagram field AST-2010-001 (closes issue ASTERISK-15457) Reported by: krn (closes issue ASTERISK-15538) Reported by: barthpbx (closes issue ASTERISK-15371) Reported by: bklang (closes issue ASTERISK-15343) Reported by: elsto ........ ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=244446 By: Digium Subversion (svnbot) 2010-02-02 16:32:57.000-0600 Repository: asterisk Revision: 244447 _U branches/1.6.0/ U branches/1.6.0/channels/chan_sip.c U branches/1.6.0/include/asterisk/udptl.h U branches/1.6.0/main/udptl.c ------------------------------------------------------------------------ r244447 | dvossel | 2010-02-02 16:32:56 -0600 (Tue, 02 Feb 2010) | 23 lines Merged revisions 244443 via svnmerge from https://origsvn.digium.com/svn/asterisk/trunk ........ r244443 | dvossel | 2010-02-02 16:27:23 -0600 (Tue, 02 Feb 2010) | 18 lines fixes crash during T.38 negotiation caused by invalid or missing FaxMaxDatagram field AST-2010-001 (closes issue ASTERISK-15457) Reported by: krn (closes issue ASTERISK-15538) Reported by: barthpbx (closes issue ASTERISK-15371) Reported by: bklang (closes issue ASTERISK-15343) Reported by: elsto ........ ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=244447 |