ASTERISK-21041: Asterisk crashes during a frame copy while receiving a fax

[Home]

Summary: ASTERISK-21041: Asterisk crashes during a frame copy while receiving a fax

Reporter: Benjamin (bulkorok) Labels:

Date Opened: 2013-02-06 06:59:48.000-0600 Date Closed: 2016-02-03 15:57:57.000-0600

Priority: Critical Regression?

Status: Closed/Complete Components: Resources/res_fax Resources/res_fax_spandsp

Versions: 1.8.20.1 Frequency of
Occurrence

Related
Issues:
is caused by ASTERISK-25603 [patch]udptl: Uninitialized lengths and bufs in udptl_rx_packet cause ast_frdup crash

Environment: Linux version 2.6.32-5-amd64 (Debian 2.6.32-46) Attachments: ( 0) cli.txt
( 1) configs.txt
( 2) data_ptr.txt
( 3) flow.png
( 4) gdb.txt

Description: Asterisk segfaulting nearly daily unreproducable when receiving faxes.

Comments: By: Benjamin (bulkorok) 2013-02-06 07:00:57.908-0600

backtrace output of core-dump

Some numbers cleaned out
By: Kinsey Moore (kmoore) 2013-02-06 07:55:23.849-0600

Please attach more information about the fax session, fax configs, relevant sip config snippets to the issue if you have them. If you have the core for this crash, could you print the value of f->data.ptr ("print f->data.ptr")?
By: Benjamin (bulkorok) 2013-02-06 08:06:12.114-0600

(gdb) fr 1
#1 0x00000000004d2e72 in ast_frdup (f=0x1a87eb0) at frame.c:537
537 memcpy(out->data.ptr, f->data.ptr, out->datalen);
(gdb) print f->data.ptr
$1 = (void *) 0xb
(gdb)

By: Kinsey Moore (kmoore) 2013-02-06 08:39:57.943-0600

I suspect this to be a problem in utptl.c, much like ASTERISK-19762.
By: Rusty Newton (rnewton) 2013-02-14 10:12:46.523-0600

Just talked with Benjamin on IRC - more debug (pcap and full log) coming tomorrow.
By: Benjamin (bulkorok) 2013-02-19 08:23:42.353-0600

some data.ptr extractions.

still waiting for next segfault.
By: Rusty Newton (rnewton) 2013-02-26 16:27:54.599-0600

Setting this in 'waiting for feedback' until we get some pcaps or logs showing what happens right before the crash. Be sure to hit "Send Back" when you update.
By: Benjamin (bulkorok) 2013-03-14 07:01:22.006-0500

Hi,

finally I have a coredump with a pcap and a cli-capture.
I added a screenshot (without numbers) from the flow of the fax-session that is shown in gdb bt. flow.png
Additionally I can say that 2 seconds before another call to the same number came in. cli.txt shows the cli-output from the incomming calls.

(gdb) print f->data.ptr
$1 = (void *) 0xb

By: Walter Doekes (wdoekes) 2013-05-25 07:23:51.501-0500

Benjamin: are you able to capture a pcap surrounding the crash? See tcpdump and file rotation.
By: Richard Mudgett (rmudgett) 2016-02-03 15:57:57.935-0600

Fixed by ASTERISK-25603