[ASTERISK-171] chan_iax2: Crash due to memory corruption following packet decrypt failures

INTERLINKED-27
CONVERT_TZ not recognizing US timezones
LBBS-121
mod_asterisk_queues: Memory corruption or use after free in agent list
LBBS-130
test_imap_msn: Flaky test
LBBS-129
editor.c: Small terminal widths lead to drawing issues
LBBS-128
thread.c: Recursive lock attempt between find_thread and thread_unregister
LBBS-32
mod_spamassassin: Improve default spam handling
LBBS-109
net_telnet: Local echo remains enabled in some cases
PHREAKNET-65
ZEnith numbers don't bill properly
PHREAKNET-66
Allow signaling when through on coin calls
LBBS-127
net_tap: Add support for TAP/IXO paging protocol
PHREAKNET-64
234 5700 unable to dial 980 5111
ASTERISK-171
chan_iax2: Crash due to memory corruption following packet decrypt failures
LBBS-56
net_snpp: Add Simple Network Paging Protocol support
PHREAKNET-62
Trunk calls where a #7 is keyed a second tone is inserted
PHREAKSCRIPT-66
dahdi_vpmadt032_loader.o: unannotated intra-function call
ASTERISK-176
chan_pjsip: Add "none" DTMF method
PHREAKSCRIPT-78
chan_sccp: Don't know how to send format
ASTERISK-175
app_mixmonitor: Can record multiple times to same file
ASTERISK-174
func_channel: Allow manually changing channel format
ASTERISK-173
dsp.c: Double DTMF detection with busydetect
LBBS-120
mod_asterisk_ami: NULL dereference possible if ami_session is currently NULL
ASTERISK-172
chan_dahdi: DAHDI FXO channels can stay busy on repeated access attempts
INTERLINKED-26
Emails with the .wiki extensions are not valid
PHREAKSCRIPT-77
install: install_prereq aborts early
PHREAKSCRIPT-25
chan_sccp no longer compiles
LBBS-27
mod_irc_relay: Allow relaying of away/here status
LBBS-126
mod_oauth: OAuth tokens are refreshed unnecessarily frequently
LBBS-101
io_tls: Automatically reload TLS certificates and non-disruptively
LBBS-114
net_imap: Modifying header files doesn't cause all dependents to get recompiled
LBBS-125
net_imap: SEGV if client login fails
WSSMAIL-8
Add NNTP support and IRC integration
PHREAKNET-63
Change of IP address
PHREAKSCRIPT-76
ast_safe_sleep: Memory corruption when freeing frames
ASTERISK-58
xml: Add config documentation
LBBS-95
mod_mailscript: Add ADDFLAG action
ASTERISK-170
app_voicemail: Read-only option doesn't prevent move operations
PHREAKSCRIPT-75
Add support for DNVT military phones
LBBS-118
SEGV in IMAP session when mailbox selected
LBBS-123
module.c: Use after free with module references
LBBS-122
mod_http: Uninitialized memory access during Basic Authentication
LBBS-119
module.c: Use after free when unloading modules with recursive dependents
PHREAKNET-61
Create a webpage for the operator automatic traffic generator
LBBS-124
net_http: Allow for multiple virtualhosts
ASL-7
app_rpt: Add XML documentation
ASTERISK-169
stasis: Memory corruption in channel_snapshot_dialplan_create
ASTERISK-109
voicemail.conf.sample: Clarify misnamed option behavior
ASTERISK-168
chan_iax2: Make refresh interval configurable
PHREAKSCRIPT-39
Add optional flag to not update system first
ASTERISK-167
sig_analog: Improve Call Forwarding implementation
ASTERISK-166
sig_analog: Make call waiting hangup behavior configurable
ASTERISK-165
res_calendar_icalendar: SEGV during module refresh
INTERLINKED-25
Optimize caching of dynamic CSS files
PHREAKNET-60
Enable standalone provisioning server
INTERLINKED-24
Improve programmatic interfaces to issues
LBBS-117
TLS/IMAP: Add extensible/detailed logging info
LBBS-116
net_imap: Untagged responses should be flushed before tagged response
LBBS-115
net_imap: Untagged EXPUNGE sent while no command in progress
EVERGREEN-4
Expunge of folder with mix of \Deleted messages results in stale view
LBBS-34
net_xmpp: Add XMPP protocol support
PHREAKNET-47
Add automation for bill mailings
LBBS-47
Email enhancements
LBBS-31
mod_sieve: Major Sieve filtering overhaul and improvements
PHREAKNET-42
Provisioning fails for lines with certain features
LBBS-64
mod_operator: Crash with more than 64 options?
ASTERISK-164
chan_dahdi: Allow setting/getting lastexten from dialplan
ASTERISK-163
Add support for KP2
DAHTOOL-8
autoreconf fails
ASTERISK-162
chan_dahdi: Allow echo cancellation to be toggled during call
LBBS-49
Add functionality expected of a traditional BBS package
ASTERISK-161
config.c: Don't auto-prepend headers if config file unmodified
ASL-6
app_rpt: Allow dialplan to be executed when placing calls
ASL-5
app_rpt: DAHDI tones not working for genchannel
ASTERISK-23
logging: Update log levels
LBBS-113
Add support for TOTP two-factor and app passwords
ASTERISK-160
chan_dahdi: Add timer for caller subscriber held
LBBS-90
mod_smtp_delivery_external: Improve queuing process
LBBS-112
mod_asterisk_ami: Exponential backoff logic busy loops instead
LBBS-111
mod_asterisk_ami: Add multi-Asterisk support
LBBS-110
Support TDD message lines
INTERLINKED-23
Phone number verification not correctly decoding DTMF
ASTERISK-32
chan_dahdi: Allow Call Forwarding to be set/get programatically
PHREAKSCRIPT-74
Finish real time inpulsing support
ASTERISK-159
chan_dahdi: Remove unused code
PHREAKSCRIPT-73
res_smdr_whozz: Heuristically use call progress to determine if call was answered
PHREAKSCRIPT-72
res_smdr_whozz: Build/support loop follower circuit for pulse support
ASTERISK-158
dsp.c: Dial tone detection fails through pulse to tone converter
ASTERISK-157
chan_dahdi: Empty voicemail messages on hangup
PHREAKSCRIPT-69
res_alarmsystem: Add additional environmental integration
PHREAKSCRIPT-37
app_softmodem: Support speeds higher than 2400bps
ASTERISK-151
ast_tls_cert: Expiration days needs to be configurable
ASTERISK-91
features.c: Add warning to not set BRIDGE_NOANSWER as global variable
ASTERISK-24
app_chanspy: Add no answer option
ASTERISK-80
app_record: Add RECORD_TIME function
ASTERISK-20
app_meetme: Update or remove removal version
ASTERISK-59
chan_dahdi: Remove stripmsd
ASTERISK-150
func_curl: Add CURLOPT option to allow digest auth
ASTERISK-49
Remove all deprecated stuff
ASTERISK-93
chan_dahdi: DSP optimizations
ASTERISK-156
chan_dahdi: Clean up permanent/transient private variables
PHREAKSCRIPT-71
Add PolycomPush application
ASTERISK-18
func_frame_drop: Simplify and improve
LBBS-108
parallel.c: Deadlock possible when joining task thread
ASTERISK-130
Verify that res_xmpp can compile and be used
ASTERISK-155
chan_iax2: Barrage of DTMF frames can cause channel to hang
ASTERISK-154
app_dial: Dialplan freeze during announcement
LBBS-9
mod_webmail: Improve MIME parsing to extract HTML/PT components
DAHLIN-18
Avoid flushing system-wide workqueues (calls to __warn_flushing_systemwide_wq)
DAHLIN-16
OSLEC dependency removed from kernel
ASTERISK-153
app_confbridge: Allow disabling the CBAnn channel
DAHTOOL-1
system.conf: Fix typos
DAHTOOL-7
Unknown type bool in Rocky Linux 9.2
DAHTOOL-6
Support ppp 2.5.0
DAHLIN-17
dahdi-base.c: Misusage of strncat function
INTERLINKED-17
Blog: Issues with tag editing and viewing
LBBS-104
net_ssh: Attempt to resize node dimensions after node destroyed
LBBS-106
net_ssh: Soft assertion due to data during shutdown
LBBS-105
config.c: Configs can be purged while being used
SLACK-7
Add support for detecting messages posted via workflow
LBBS-107
mod_sieve: Segfault in lib libsieve_strbuffree during message delivery
ASTERISK-152
app_queue: Allow ringall to be combined with other settings
ASTERISK-148
sig_analog: fgccamamf inserting "A" at the end of dialed number
LBBS-13
pty.c: Attempt to acquire node lock after it's been destroyed
LBBS-103
mod_webmail: Crash when FETCH fails after retry due to no messages returned
ASTERISK-79
config.c: Make ast_variable_retrieve return last match
PHREAKNET-46
Polycom IP phones not provisioning
DAHLIN-15
Add support for 20pps dial pulsing
ASTERISK-122
res_pjsip_device_features: Excessive refcount on endpoint object
ASTERISK-145
res_stir_shaken: Date header is required but shouldn't be
ASTERISK-149
sig_analog: Winks from dialplan don't propagate onto DAHDI channels
DAHLIN-14
DAHDI modules fail to load with error: loading out-of-tree module taints kernel
PHREAKSCRIPT-67
Add rate limiting application
LBBS-102
mod_smtp_filter: Received header no longer has 'for' recipient included
LBBS-71
Limit registrations from same IP within a certain amount of time
ASTERISK-147
res_smdi: Allow Asterisk to be the SMDI server
EVERGREEN-3
Add NNTP support for newsgroups
DOCS-3
verify.conf: Boilerplate uses hardcoded paths for astkeydir
ASTERISK-143
func_sysinfo: Add options to retrieve current verbose/debug levels
PHREAKNET-58
TSPS phrasing is not correct
ASTERISK-142
res_pjsip_caller_id: P-Charge-Info should be used for ANI
ASTERISK-146
res_agi: callingani2 is not formatted as 2 digits
TEST-1
Test issue
ASTERISK-144
chan_pjsip: Add support for directrtpsetup
LBBS-48
net_irc: Support multi-server networks
PHREAKSCRIPT-34
app_verify: Check additional headers for STIR/SHAKEN attestation
ASTERISK-77
sig_analog: Add Call Waiting Deluxe support
LBBS-22
mod_mail_trash: Eliminate bbs_pthread_cancel_kill
LBBS-30
net_nntp: Complete overhaul/rewrite to use maildirs
LBBS-80
tests: Jump to invalid address on the next line
LBBS-96
pty: CR NUL is sometimes split up, leaking to flaky test
DAHLIN-6
Frame relay broken
ASTERISK-141
app_mixmonitor: Warning when writing voicemail
PHREAKNET-36
Trunking integration with Phil McCarter
INTERLINKED-2
PhreakNet Email for BoD Members
ASTERISK-16
res_pbx_validate: Add commands to warn of dialplan problems
ASTERISK-140
res_pjsip_session: Add support for SIP-ISUP
PHREAKSCRIPT-68
asterisk.c: Compilation warning due to fscanf unused result
LBBS-70
mod_smtp_delivery_external: Use SRS for externally forwarded messages
LBBS-6
Add MenuScript, a menu system scripting engine
ASTERISK-22
general: Fix various typos
PHREAKSCRIPT-30
MD5/RSA authenticated calls frequently fail
ASL-4
Add framehook module to convert between mute/unmute and radio key/unkey
LBBS-100
mod_spamassassin: Duplicate close of file descriptor
LBBS-99
mod_webmail: Memory leak when SORT used
ASTERISK-139
app_sms: File a gcc 15 bug for false positive vectorization warning
PHREAKSCRIPT-64
res_smdr_whozz: Add optional DTMF detection via FXO port
PHREAKSCRIPT-65
wanpipe: wanpipe modules fail to load
LBBS-98
net_smtp: Fix message processing actions being skipped in some cases
LBBS-97
system.c: Evaluate shell syntax/variables when launching programs
LBBS-94
net_imap: No response from remote IMAP server at login
ASTERISK-138
pbx.c: Allow KEEPALIVE emulation
PHREAKSCRIPT-61
No rule to make target 'vpmadt032_loader/vpmadt032_x86_64.o'
DAHLIN-9
No rule to make target 'vpmadt032_loader/vpmadt032_x86_64.o'
PHREAKSCRIPT-53
app_george: Cancel in-progress recording if nobody said anything
DAHLIN-13
wct4xxp: Taking address of expression of type void
DAHLIN-12
oct612x, wct4xxp: Compilation failure on next kernel
PHREAKSCRIPT-28
app_predial: Failure to retrieve user agent property
ASTERISK-81
format_lame: MP3 read and write with LAME library
SLACK-5
Failed to receive reply... when message sent
PHREAKSCRIPT-36
app_audichron: Tone not working after announcements
LBBS-86
Deadlock on internal lock mutex
LBBS-93
mod_discord: Reply function on Discord doesn't translate well to IRC
ASTERISK-121
Upstream PhreakScript patches
ASTERISK-63
Upstream certain PhreakScript modules
ASTERISK-33
docs: Update obsolete wiki links
ASTERISK-3
Asterisk Wiki issues
PHREAKSCRIPT-63
chan_dahdi: Unused variable x
LBBS-92
Gmail bug causes disconnect after MOVE of certain messages
PHREAKNET-55
PhreakNet telegrams should also page recipient
LBBS-91
readline.c: Crash in memmove
PHREAKSCRIPT-62
res_smdr_whozz: Initialization usually fails in practice
PHREAKNET-6
Verification flags international calls
ASTERISK-137
sig_analog: Add alternate dial pulse scheme support
LBBS-89
mod_sysop: Improve history navigation and tab completion
LBBS-42
mod_discord: Actions not relayed properly from IRC
LBBS-44
io_tls: TLS errors when no certs are defined
ASTERISK-110
chan_iax2: Implement MWI
LBBS-84
net_imap: Microsoft clients disconnected after 1 hour
LBBS-88
net_imap: IDLE data not being processed in realtime
LBBS-74
net_ssh: Sessions persist even when they no longer exist
LBBS-3
module.c: Module ref tracking is flaky
DAHLIN-11
Use dev_addr_set instead of directly modifying const buffer
LBBS-2
module.c: Improve module loading process
SLACK-6
Can't post messages in enterprise workspaces using RTM API
PHREAKNET-39
Splice Fred Covington prompts for speaking clock
DAHLIN-2
Fix typos and dead links
PHREAKSCAN-1
Raw data upload restricted to 15M
LBBS-87
mod_webmail: Null dereference in FETCHLIST
ASTERISK-136
app_voicemail: Voicemails stored but no email sent
LBBS-85
net_imap: Malformed IMAP FETCH response
PHREAKNET-54
Fix trunking to Telstar
LBBS-1
mod_slack: Workspace fails to initialize due to restrictions
PHREAKSCRIPT-59
Add PhreakScript option to enable EMPULSE
DAHLIN-10
Allow enabling EMPULSE and EMFLASH simultaneously
LBBS-83
Node deadlock on shutdown
LBBS-82
localtime_r deadlock
LBBS-81
io_tls: Crash due to uninitialized memory
PHREAKSCRIPT-60
phreak script install failed without --version 22
PHREAKSCAN-2
Improve automation
LBBS-78
node.c: node->ip can be NULL
LBBS-77
test_terminals: Test is now flaky
LBBS-79
Makefile: cp -n is deprecated
PHREAKNET-53
Change in IP address for hosted lines
PHREAKSCRIPT-58
sig_analog: Allow hearpulsing gain to be adjusted
PHREAKSCRIPT-57
res_alarmsystem: Segfault due to calling ast_dtmf_stream on NULL channel
ASTERISK-135
Mutex errors on FreeBSD
LBBS-75
net_smtp: Allow plain text delivery if requirestarttls is false
PHREAKSCRIPT-55
dahdi_tool not installed
ASTERISK-134
chan_dahdi: Improve configuration validation
PHREAKSCRIPT-52
res_alarmsystem: IP loss reported even if no outage
LBBS-76
net_imap: Remote MOVE/COPY operations fail in some circumstances
PHREAKSCRIPT-43
Add spanconfig command
PHREAKSCRIPT-56
DAHDI Tools: Apply unmerged patches
ASTERISK-131
chan_dahdi: Automatically update time when DST starts/ends
WSSMAIL-5
Add full attachment support
DAHTOOL-5
Disabling span auto-assignment implodes kernel
PHREAKNET-52
Cisco end of CSR signing support
LBBS-18
net_ssh: High CPU trying to end SSH session
ASTERISK-106
chan_pjsip: Modify From header appropriately for unavailable presentation
ASTERISK-124
app_mixmonitor: Allow cancelling in-progress recording/recipients
ASTERISK-129
core: Add ref/unref for ast_moh callbacks
PHREAKSCRIPT-54
Replace LOAD_STR_INT with ast_yesno
ASTERISK-128
Rename ast_sip_presence_xml_ functions
ASTERISK-127
func_codecs: view/update codecs
DAHLIN-8
Readd native SF support
ASTERISK-126
chan_iax2: Add fixed jitterbuffer
PHREAKNET-49
ML model for 3-slot coin detection
ASTERISK-125
app_voicemail: Warning when hanging up during playback
ASTERISK-48
func_devstate: Delete empty from AstDB
ASTERISK-108
config.c: Investigate and fix various config file rewrite bugs
LBBS-25
mod_mail_trash: Attempts to open files as directories

← All Issues || New Issue →

Sort Normal || Priority

Details

Category: Asterisk
Type: Bug
Severity: Critical
Priority: High
Resolution Effort: Unknown
Visibility: Public
Topic:
Milestone:
External Link: https://github.com/asterisk/asterisk/pull/1708
Reported: 12/31/2025 4:58 PM
Last Active: 1/7/2026 11:08 PM
Status: Pending
Reporter: InterLinked
Watching: InterLinked, csptechnologies
Assigned To: Nobody

Unsure exactly how this fluke happened...

[2025-12-31 21:49:19.704] WARNING[1819857]: chan_iax2.c:10454 socket_process_helper: Packet Decrypt Failed!
[2025-12-31 21:49:19.784] ERROR[1819854]: iax2/parser.c:1224 iax_frame_wrap: Losing frame data because destination buffer size '4096' bytes not big enough for '-2' bytes in the frame
[2025-12-31 21:49:19.784] ERROR[1819854]: iax2/parser.c:1224 iax_frame_wrap: Losing frame data because destination buffer size '4096' bytes not big enough for '-2' bytes in the frame

#5  0x00007ff54c02686a in malloc_printerr (str=str@entry=0x7ff54c12f158 "double free or corruption (!prev)") at ./malloc/malloc.c:5660
#6  0x00007ff54c0288dc in _int_free (av=0x7ff53c000030, p=0x7ff53cada5a0, have_lock=<optimized out>, have_lock@entry=0) at ./malloc/malloc.c:4587
        size = 224
        fb = <optimized out>
        nextchunk = 0x7ff53cada680
        nextsize = <optimized out>
        nextinuse = <optimized out>
        prevsize = <optimized out>
        bck = <optimized out>
        fwd = <optimized out>
        __PRETTY_FUNCTION__ = "_int_free"
#7  0x00007ff54c02af4f in __GI___libc_free (mem=<optimized out>) at ./malloc/malloc.c:3385
        ar_ptr = <optimized out>
        p = <optimized out>
        err = 0
#8  0x0000563937216c55 in __ast_free (ptr=0x7ff53cada5b0, file=0x563937463889 "frame.c", lineno=169, func=0x563937463f28 <__PRETTY_FUNCTION__.3> "__frame_free") at astmm.c:1556
#9  0x00005639372c6950 in __frame_free (fr=0x7ff53cada5b0, cache=1) at frame.c:169
        __PRETTY_FUNCTION__ = "__frame_free"
#10 0x00005639372c6990 in ast_frame_free (frame=0x7ff53cada5b0, cache=1) at frame.c:182
        next = 0x0
#11 0x000056393725fab5 in __ast_read (chan=0x7ff524132410, dropaudio=0, dropnondefault=1) at channel.c:3739
        skipped_dtmf_frame = 0
        skip_dtmf = 0
        f = 0x7ff53cada5b0
        prestate = 4
        cause = 0
        stream = 0x0
        default_stream = 0x0
        __PRETTY_FUNCTION__ = "__ast_read"
        __FUNCTION__ = "__ast_read"
#12 0x0000563937261ae9 in ast_read (chan=0x7ff524132410) at channel.c:4265
#13 0x0000563937258d64 in safe_sleep_conditional (chan=0x7ff524132410, timeout_ms=1000, cond=0x0, data=0x0, generate_silence=1) at channel.c:1527
        dup_f = 0x0
        f = 0x5639374fbe20 <ast_null_frame>
        silgen = 0x0
        res = 0
        start = {tv_sec = 1767217759, tv_usec = 553782}
        ms = 770
        deferred_frames = {first = 0x0, last = 0x0}
        __PRETTY_FUNCTION__ = "safe_sleep_conditional"
#14 0x0000563937258f7d in ast_safe_sleep (chan=0x7ff524132410, ms=1000) at channel.c:1576
#15 0x00007ff5480c64ba in streamsilence_exec (chan=0x7ff524132410, data=0x7ff51f50f9d0 "1") at app_streamsilence.c:106

Happened again, not once, but twice, I believe:

[2026-01-01 21:32:22.033] WARNING[3457527]: chan_iax2.c:10454 socket_process_helper: Packet Decrypt Failed!
[2026-01-01 21:32:22.053] WARNING[3457526]: chan_iax2.c:10454 socket_process_helper: Packet Decrypt Failed!
[2026-01-01 21:32:22.113] WARNING[3457524]: chan_iax2.c:10454 socket_process_helper: Packet Decrypt Failed!
[2026-01-01 21:32:22.143] WARNING[3457530]: chan_iax2.c:10454 socket_process_helper: Packet Decrypt Failed!
[2026-01-01 21:32:22.188] WARNING[3457531]: chan_iax2.c:10454 socket_process_helper: Packet Decrypt Failed!
[2026-01-01 21:32:22.449] ERROR[3457522]: iax2/parser.c:1224 iax_frame_wrap: Losing frame data because destination buffer size '4096' bytes not big enough for '-2' bytes in the frame
[2026-01-01 21:32:22.449] ERROR[3457522]: iax2/parser.c:1224 iax_frame_wrap: Losing frame data because destination buffer size '4096' bytes not big enough for '-2' bytes in the frame

Comments

1/1/2026 7:24 PM — csptechnologies

I’m having the same issue too! My asterisk crashes after that error message.

1/1/2026 7:29 PM — InterLinked

Very interesting... are you able to reproduce it reliably or does it seem kind of random?

1/2/2026 2:40 PM — InterLinked

Another crash today, with similar circumstances: 

[2026-01-02 18:43:48.728] WARNING[3551228]: chan_iax2.c:10454 socket_process_helper: Packet Decrypt Failed!  
[2026-01-02 18:43:50.371] WARNING[3551230]: chan_iax2.c:10454 socket_process_helper: Packet Decrypt Failed!  
[2026-01-02 18:43:50.423] WARNING[3551227]: chan_iax2.c:10454 socket_process_helper: Packet Decrypt Failed!

However, the frame wrap thing didn't happen, as I added an assert in that function which was not triggered.

So far, I've only been seeing these on incoming calls from your node, @csptechnologies.

If you are able to set up a DISA on your node that would allow me to dial back so I can try to reproduce the crashes, that might help get to the bottom of this. Of course, if it also crashes yours, that might be a bit inconvenient... I have a cron job that runs every few minutes to start Asterisk if it's crashed.

1/2/2026 3:02 PM — csptechnologies

Mine happens at random times. I made an temporary DISA on 277-7473 and you should be able to natively dial PhreakNet Numbers.

1/2/2026 3:06 PM — csptechnologies

Sorry, I meant 277-7475

1/2/2026 3:45 PM — InterLinked

Looks like it happened just now, right after the start of an incoming call attempt: 

[2026-01-02 20:43:28.211] WARNING[3555976]: chan_iax2.c:10454 socket_process_helper: Packet Decrypt Failed!  
[2026-01-02 20:43:28.260] ERROR[3555976]: iax2/parser.c:1224 iax_frame_wrap: Losing frame data because destination buffer size '4096' bytes not big enough for '-1' bytes in the frame  
[2026-01-02 20:43:28.261] ERROR[3555976]: iax2/parser.c:1224 iax_frame_wrap: Losing frame data because destination buffer size '4096' bytes not big enough for '-1' bytes in the frame

What's happening on your end when this happens? Do you crash as well?

1/2/2026 3:55 PM — csptechnologies

Yes, I crash as well. Here are my logs 

-- Accepting AUTHENTICATED call from 68.180.38.252:4569:  
--        > requested auth methods = (RSA|MD5),  
--        > actual auth method = MD5,  
--        > encrypted = yes,  
--        > requested format = Unknown,  
--        > requested prefs = (h264|g722|ulaw|alaw|gsm|mpeg4),  
--        > actual format = g722,  
--        > host prefs = (g722|ulaw|alaw|gsm|h264|mpeg4),  
--        > priority = mine  
-- Executing [2772745@from-phreaknet:1] NoOp("IAX2/phreaknet-7968", "") in new stack  
-- Executing [2772745@from-phreaknet:2] Set("IAX2/phreaknet-7968", "CALLERID(num)=972774801") in new stack  
-- Executing [2772745@from-phreaknet:3] SIPAddHeader("IAX2/phreaknet-7968", "Alert-Info: <Bellcore-dr2>") in new stack  
-- Executing [2772745@from-phreaknet:4] Goto("IAX2/phreaknet-7968", "phreaknet-exchange,2772745,1") in new stack  
-- Goto (phreaknet-exchange,2772745,1)  
-- Executing [2772745@phreaknet-exchange:1] Goto("IAX2/phreaknet-7968", "from-internal,2745,1") in new stack  
-- Goto (from-internal,2745,1)  
-- Executing [2745@from-internal:1] Progress("IAX2/phreaknet-7968", "") in new stack

[2026-01-02 14:41:20] WARNING[878856][C-000006d4]: pbx_functions.c:459 func_args: Can't find trailing parenthesis for function 'CALLERID(name'?
-- Executing [2745@from-internal:2] System("IAX2/phreaknet-7968", "/usr/bin/php /var/lib/asterisk/agi-bin/intercept.php "972774801" "2745" "Elliot McPike"") in new stack
-- Call accepted by 68.180.38.252:4569 (format g722)
-- Format for call is (g722)
-- IAX2/68.180.38.252:4569-14033 is making progress passing it to SIP/4801-000004d6
[2026-01-02 14:41:20] WARNING[710179]: res_pjsip_pubsub.c:3603 pubsub_on_rx_publish_request: No registered publish handler for event presence from 5336
[2026-01-02 14:41:21] WARNING[436071]: chan_iax2.c:12013 socket_process_helper: Received mini frame before first full video frame
[2026-01-02 14:41:21] WARNING[878864]: chan_iax2.c:12013 socket_process_helper: Received mini frame before first full video frame
[2026-01-02 14:41:21] WARNING[436068]: chan_iax2.c:10491 socket_process_helper: Packet Decrypt Failed!
[2026-01-02 14:41:21] WARNING[436065]: chan_iax2.c:12013 socket_process_helper: Received mini frame before first full video frame
[2026-01-02 14:41:21] WARNING[436066]: chan_iax2.c:12013 socket_process_helper: Received mini frame before first full video frame
[2026-01-02 14:41:21] WARNING[436074]: chan_iax2.c:12013 socket_process_helper: Received mini frame before first full video frame
[2026-01-02 14:41:21] WARNING[436073]: chan_iax2.c:12013 socket_process_helper: Received mini frame before first full video frame
[2026-01-02 14:41:21] WARNING[436072]: chan_iax2.c:12013 socket_process_helper: Received mini frame before first full video frame
[2026-01-02 14:41:21] WARNING[878865]: chan_iax2.c:12013 socket_process_helper: Received mini frame before first full video frame
[2026-01-02 14:41:21] WARNING[436065]: chan_iax2.c:12013 socket_process_helper: Received mini frame before first full video frame
[2026-01-02 14:41:21] ERROR[436072]: iax2/parser.c:1213 iax_frame_wrap: Losing frame data because destination buffer size '4096' bytes not big enough for '-2' bytes in the frame
[2026-01-02 14:41:21] ERROR[436072]: iax2/parser.c:1213 iax_frame_wrap: Losing frame data because destination buffer size '4096' bytes not big enough for '-2' bytes in the frame
-- Executing [2745@from-internal:3] Set("IAX2/phreaknet-7968", "CONNECTEDLINE(all,i)=SVA-INTERCEPT") in new stack
-- Executing [2745@from-internal:4] Wait("IAX2/phreaknet-7968", "1") in new stack
-- Executing [2745@from-internal:5] Playback("IAX2/phreaknet-7968", "custom/intercept_cisco") in new stack
-- IAX2/68.180.38.252:4569-14033 answered SIP/4801-000004d6
-- Channel IAX2/68.180.38.252:4569-14033 joined 'simple_bridge' basic-bridge <242bf7c6-29f0-4d8a-b6fe-2b8c7c98fcfc>
-- <IAX2/phreaknet-7968> Playing 'custom/intercept_cisco.g722' (language 'en')
-- Channel SIP/4801-000004d6 joined 'simple_bridge' basic-bridge <242bf7c6-29f0-4d8a-b6fe-2b8c7c98fcfc>
[2026-01-02 14:41:22] WARNING[440217]: res_pjsip_pubsub.c:1010 subscription_get_handler_from_rdata: No registered subscribe handler for event as-feature-event from 4448
cspserver*CLI>
Disconnected from Asterisk server
Asterisk cleanly ending (0).
Executing last minute cleanups

1/2/2026 3:58 PM — InterLinked

I wonder if this has to do with video support in some way... maybe try disabling that temporarily and see if that changes anything?
Could you also share the Asterisk version that you are using and anything that might be special about your build (how you installed it, etc.)

1/2/2026 4:02 PM — csptechnologies

Video Support over IAX2 is now disabled. I am currently running Asterisk 20.15.2 which was downloaded directly from Asterisk's Website, and compiled the official way (./configure, make, make install)

1/2/2026 4:08 PM — InterLinked

DISA was working before (sort of, I was getting a verification error), although now it's not going to it anymore it seems.

1/2/2026 4:28 PM — csptechnologies

DISA seems to be working on my end.

1/2/2026 4:44 PM — InterLinked

I'm getting a verification failure, likely due to the call not being out-verified when it leaves your node.
If you call the out verify routines, or as a simple hack, do Set(IAXVAR(nodevia)=2777475), I think that would fix the issue.

On another note, though it hasn't been long yet, things seem more stable... I haven't noticed any crashes since disabling video so maybe that's related.
Maybe we'll let it run for a little bit and if no crashes, then we can re-enable that for a more focused test.

1/2/2026 5:10 PM — csptechnologies

I made the changes now. Is the verfication working properly now?

1/2/2026 5:16 PM — InterLinked

Well, I spoke too soon - just saw this recently: 

[2026-01-02 22:03:21.502] WARNING[3562480]: chan_iax2.c:10454 socket_process_helper: Packet Decrypt Failed!  
[2026-01-02 22:03:21.563] ERROR[3562479]: iax2/parser.c:1225 iax_frame_wrap: Losing frame data because destination buffer size '4096' bytes not big enough for '-1' bytes in the frame

I'm getting some leads though, it crashed somewhere I added an assertion.

On the DISA, I get "call cannot be completed as dialed" again now. I think this might be happening after a crash has happened.

1/2/2026 5:21 PM — csptechnologies

Interesting... I don't have video enabled at all. The DISA seems to be working though.

1/2/2026 6:22 PM — InterLinked

Yes, at the moment, all is well. I'm waiting for the next crash which should help me pinpoint closer to the root cause. If you're able to expedite that, that would certainly help ;)

1/2/2026 7:03 PM — InterLinked

Also, what user agent (IP phone, ATA, analog phone) are you using to place calls?
I can't seem to trigger it when placing DISA calls, but it's happened several times on calls you've made it seems. One difference I see is your call used the G.722 codec, which I don't think a call from my system and then to yours would use (I'm also realizing your snippet above doesn't appear to be coming from my system, as I only allow ulaw and alaw).

1/2/2026 7:06 PM — csptechnologies

I am using a Cisco 8865-K9 which is on my Cisco UCM system which then trunks into my asterisk server, which then trunks into CSP CPBX Asterisk Server

1/2/2026 7:22 PM — InterLinked

I was able to get some useful insight on this from gdb... looks like this is indeed is video related in some way (at least from the one core dump I analyzed) 

6  0x00007f39acc46542 in socket_process_helper (thread=0x55f368a05390) at chan_iax2.c:12132  
12132                   duped_fr = iaxfrdup2(fr);  
(gdb) print f.datalen  
$1 = -1  
(gdb) print f  
$2 = {frametype = AST_FRAME_VIDEO, subclass = {integer = 0, {format = 0x55f3680af6d8, topology = 0x55f3680af6d8}, frame_ending = 1}, datalen = -1, samples = 0, mallocd = 0, mallocd_hdr_len = 0,  
  offset = 0, src = 0x7f39acc6620c "IAX2", data = {ptr = 0x55f368a054a6, uint32 = 1755337894, pad = "\246T\240h\363U\000"}, delivery = {tv_sec = 0, tv_usec = 0}, frame_list = {next = 0x0},  
  flags = 0, ts = 0, len = 0, seqno = 0, stream_num = 0}

That might explain why it only happens when you make the calls... the 8865-K9 is a video-enabled phone, after all.

I would say go ahead and re-enable video (it didn't seem to make much difference anyways). I have additional assertions in place now for spots where I think something fishy may be going.

1/7/2026 7:54 PM — InterLinked

Another crash, got some additional clues from that: 

#4  0x00007f0d7d045064 in socket_process_helper (thread=0x7f0d940caf50) at chan_iax2.c:11981  
11981                   f.datalen = res - sizeof(*vh);  
(gdb) print f  
$4 = {frametype = AST_FRAME_VIDEO, subclass = {integer = 0, {format = 0x55ba23fb4c88, topology = 0x55ba23fb4c88}, frame_ending = 1}, datalen = -2, samples = 0, mallocd = 0, mallocd_hdr_len = 0,  
  offset = 0, src = 0x0, data = {ptr = 0x0, uint32 = 0, pad = "\000\000\000\000\000\000\000"}, delivery = {tv_sec = 0, tv_usec = 0}, frame_list = {next = 0x0}, flags = 0, ts = 0, len = 0,  
  seqno = 0, stream_num = 0}  
(gdb) print res  
$5 = 4  
(gdb) print sizeof(*vh)  
$6 = 6

1/7/2026 8:00 PM — csptechnologies

Interesting... It shouldn't send video packets at all when sending a fax. That might also explain why I didn't get a fax back

1/7/2026 8:17 PM — InterLinked

Well, it shouldn't be crashing, but it is, so I don't know how useful it is discuss what should be happening.
I just added some code that I think should prevent the crash, so feel free to try to break it!

1/7/2026 8:42 PM — csptechnologies

I do not see the code you added, could you clarify where you attached the code that should prevent it from crashing?

1/7/2026 8:52 PM — InterLinked

Sorry, I should have been cleared - I made some code changes on the server.
If there aren't any crashes after this, I'll clean it up and share/submit the patch.

1/7/2026 9:19 PM — csptechnologies

I'll try placing a video call, and then a non video call.

1/7/2026 9:34 PM — csptechnologies

My server did not crash. I think it's fixed

1/7/2026 9:37 PM — InterLinked

The issue hasn't been triggered yet, so it's not conclusive just yet - and I'm watching for a crash on my end.

1/7/2026 9:42 PM — InterLinked

It just happened... I could see a bunch of this: 

[2026-01-08 02:40:15.091] WARNING[3743858]: chan_iax2.c:10456 socket_process_helper: Packet Decrypt Failed!  
[2026-01-08 02:40:15.195] WARNING[3743850]: chan_iax2.c:10456 socket_process_helper: Packet Decrypt Failed!  
[2026-01-08 02:40:15.294] WARNING[3743855]: chan_iax2.c:11985 socket_process_helper: Datalen < 0?  
[2026-01-08 02:40:15.324] WARNING[3743851]: chan_iax2.c:11985 socket_process_helper: Datalen < 0?  
[2026-01-08 02:40:15.352] WARNING[3743857]: chan_iax2.c:10456 socket_process_helper: Packet Decrypt Failed!  
[2026-01-08 02:40:15.462] WARNING[3743852]: chan_iax2.c:10456 socket_process_helper: Packet Decrypt Failed!  
[2026-01-08 02:40:15.499] WARNING[3743850]: chan_iax2.c:11985 socket_process_helper: Datalen < 0?  
[2026-01-08 02:40:15.629] WARNING[3743858]: chan_iax2.c:10456 socket_process_helper: Packet Decrypt Failed!  
[2026-01-08 02:40:15.727] WARNING[3743850]: chan_iax2.c:11985 socket_process_helper: Datalen < 0?  
[2026-01-08 02:40:15.789] WARNING[3743851]: chan_iax2.c:10456 socket_process_helper: Packet Decrypt Failed!  
[2026-01-08 02:40:15.856] WARNING[3743859]: chan_iax2.c:10456 socket_process_helper: Packet Decrypt Failed!  
[2026-01-08 02:40:15.926] WARNING[3743859]: chan_iax2.c:10456 socket_process_helper: Packet Decrypt Failed!

But the system seemed sane and didn't crash, so I'd say this is a success.
How'd your side fare?

1/7/2026 11:08 PM — csptechnologies

My system didn't seem to crash, My side appears sane as well.

You must be logged in to leave a comment.