ASTERISK-17460: Crash in ast

[Home]

Summary: ASTERISK-17460: Crash in ast_frdup

Reporter: Matt Riddell (zx81) Labels:

Date Opened: 2011-02-22 17:55:07.000-0600 Date Closed: 2015-03-07 11:47:44.000-0600

Priority: Critical Regression? No

Status: Closed/Complete Components: Channels/General

Versions: 1.8.2 Frequency of
Occurrence

Related
Issues:
is caused by ASTERISK-25603 [patch]udptl: Uninitialized lengths and bufs in udptl_rx_packet cause ast_frdup crash

Environment: Attachments: ( 0) crash

Description: Asterisk crashed, dumped core, backtrace:

#0 ast_frdup (f=0x4d6448ce) at frame.c:481
#1 0x000000000046772e in __ast_queue_frame (chan=0x1fdf268, fin=0x4d6448ce, head=0, after=0x0) at channel.c:1401
#2 0x000000000047559a in __ast_read (chan=0x1fdf268, dropaudio=0) at channel.c:3853
#3 0x0000000000477fe2 in ast_channel_bridge (c0=0x1fdf268, c1=0x2023218, config=0x429ed510, fo=0x429eca50, rc=0x429eca48) at channel.c:4176
#4 0x00000000004a7a66 in ast_bridge_call (chan=0x1fdf268, peer=0x2023218, config=0x429ed510) at features.c:3572
ASTERISK-1 0x00007f8084354811 in dial_exec_full (chan=0x1fdf268, data=<value optimized out>, peerflags=0x429ed800, continue_exec=0x0) at app_dial.c:2653
ASTERISK-2 0x00007f8084356096 in dial_exec (chan=0x4d6448ce, data=0x1 <Address 0x1 out of bounds>) at app_dial.c:2753
ASTERISK-3 0x00000000004eeed0 in pbx_exec (c=0x1fdf268, app=0x7f8064000e40, data=0x429ef910 "SIP/709,30,tTwW") at pbx.c:1406
ASTERISK-4 0x00000000004faf9d in pbx_extension_helper (c=0x1fdf268, con=<value optimized out>, context=0x1fdf7c0 "macro-stdexten", exten=0x1fdf810 "s", priority=3, label=0x0, callerid=0x201b550 "P\001\002",
action=E_SPAWN, found=0x429f287c, combined_find_spawn=1) at pbx.c:4085
ASTERISK-5 0x00000000004fb510 in ast_spawn_extension (c=0x4d6448ce, context=<value optimized out>, exten=<value optimized out>, priority=<value optimized out>, callerid=<value optimized out>,
found=<value optimized out>, combined_find_spawn=1) at pbx.c:4608
ASTERISK-6 0x00007f80774a5748 in _macro_exec (chan=0x1fdf268, data=<value optimized out>, exclusive=0) at app_macro.c:408
ASTERISK-7 0x00000000004eeed0 in pbx_exec (c=0x1fdf268, app=0x1f9c460, data=0x429f49c0 "stdexten,709,SIP/709") at pbx.c:1406
ASTERISK-8 0x00000000004faf9d in pbx_extension_helper (c=0x1fdf268, con=<value optimized out>, context=0x1fdf7c0 "macro-stdexten", exten=0x1fdf810 "s", priority=1, label=0x0, callerid=0x201b550 "P\001\002",
action=E_SPAWN, found=0x429f704c, combined_find_spawn=1) at pbx.c:4085
ASTERISK-9 0x00000000004fce3f in __ast_pbx_run (c=0x1fdf268, args=0x0) at pbx.c:4608
ASTERISK-10 0x00000000004fe5db in pbx_thread (data=0x4d6448ce) at pbx.c:5017
ASTERISK-11 0x00000000005374ac in dummy_start (data=<value optimized out>) at utils.c:973
ASTERISK-12 0x00007f8087d28fc7 in start_thread () from /lib/libpthread.so.0
ASTERISK-13 0x00007f808856d64d in clone () from /lib/libc.so.6
ASTERISK-14 0x0000000000000000 in ?? ()

Comments: By: Leif Madsen (lmadsen) 2011-02-23 16:25:16.000-0600

See <value optimize out> in the following line?

0000005 0x00007f8084354811 in dial_exec_full (chan=0x1fdf268, data=<value optimized out>, peerflags=0x429ed800, continue_exec=0x0) at app_dial.c:2653

That means you haven't enabled DONT_OPTIMIZE in menuselect and reinstalled Asterisk. This is required for meaningful backtraces.

Please follow the instructions at https://wiki.asterisk.org/wiki/display/AST/Getting+a+Backtrace
By: Matt Riddell (zx81) 2011-02-23 16:37:37.000-0600

Yeah I know - crash was in a production system so I've changed it now but the problem was happening irregularly.

I've changed it now.
By: Matt Riddell (zx81) 2011-02-23 21:30:51.000-0600

Ok, it just crashed again now. I'll attach the backtrace
By: Matt Jordan (mjordan) 2013-01-14 14:55:09.872-0600

I know this issue is rather old, but are you still seeing crashes on ast_frdup?
By: Walter Doekes (wdoekes) 2013-01-18 04:52:15.862-0600

I had one recently (asterisk 10.7). The frame data was 0x0. Channel had been using T38.
By: Walter Doekes (wdoekes) 2013-11-21 10:58:05.771-0600

I haven't seen any crashes related to this lately. Feel free to close.
By: Joshua C. Colp (jcolp) 2015-03-07 11:47:44.919-0600

I'm suspending this issue since it has not been reported occurring in current supported versions.