LCR segfault on SIP invite

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/OpenBSC@lists.osmocom.org/.

OMAR RAMADAN omar.ramadan at berkeley.edu
Fri Jan 15 19:50:47 UTC 2016 

I'm using LCR as a GSM <-> SIP interface and I've been trying to figure out
why MO calls result in a segfault. I am running openbsc on cdc548cb and LCR
on  c14326641a built and run on an ubuntu 14.04 64bit.

>From what I've investigated so far, the request_uri passed to sofia-sip is
malformed.

Has anyone seen this problem before? Would appreciate pointers.

Here are the full logs and stack trace:

** LCR  Version 1.14
> 000000 DEBUG (in route.c/getrulesetbyname() line 1928): ruleset main found.
> 000000 DEBUG (in sip.cpp/sip_init() line 1997): SIP globals initialized
> 000000 DEBUG (in gsm.cpp/mncc_socket_retry_cb() line 1443): Connected to
> MNCC socket /tmp/bsc_mncc!
> su_port_create(0x6ad410): epoll_create() => 0: OK
> su_socket_port_init(0x6ad410, 0x7ffff7dcf880) called
> su_pthread_port_init(0x6ad410, 0x7ffff7dcf880) called
> nua: nua_create: entering
> [New Thread 0x7ffff6c52700 (LWP 11520)]
> su_port_create(0x7ffff00008c0): epoll_create() => 0: OK
> su_socket_port_init(0x7ffff00008c0, 0x7ffff7dcf880) called
> su_pthread_port_init(0x7ffff00008c0, 0x7ffff7dcf880) called
> nua: nua_stack_init: entering
> nua: nua_stack_set_params: entering
> soa_create("default", 0x7ffff0001130, 0x7ffff0001230) called
> soa_set_params(static::0x7ffff0001920, ...) called
> soa_set_params(static::0x7ffff0001920, ...) called
> nta_agent_create: initialized hash tables
> nta_agent_create: initialized transports
> nta_agent_create: initialized random identifiers
> nta_agent_create: initialized timer
> nta_agent_create: initialized resolver
> tport_create(): 0x7ffff0003df0
> nta: master transport created
> tport_bind_server(0x7ffff0003df0) to */127.0.0.1:5062/sip
> tport_bind_server(0x7ffff0003df0): calling tport_listen for udp
> tport_alloc_primary(0x7ffff0003df0): new primary tport 0x7ffff0004470
> tport_listen(0x7ffff0004470): listening at udp/127.0.0.1:5062/sip
> tport_bind_server(0x7ffff0003df0): calling tport_listen for tcp
> tport_alloc_primary(0x7ffff0003df0): new primary tport 0x7ffff0004910
> tport_listen(0x7ffff0004910): listening at tcp/127.0.0.1:5062/sip
> nta: bound to (127.0.0.1:5062;transport=*)
> nta: agent_init_via: SIP/2.0/udp 127.0.0.1:5062 (sip)
> nta: agent_init_via: SIP/2.0/tcp 127.0.0.1:5062 (sip)
> nta: Via fields initialized
> nta: Contact header created
> nua_register: Adding contact URL '127.0.0.1' to list.
> nua: nua_set_params: entering
> nua((nil)): sent signal r_set_params
> 000000 DEBUG (in sip.cpp/sip_init_inst() line 1942): SIP interface created
> (inst=0x6acce0)
> nua((nil)): recv signal r_set_params
> nua: nua_stack_set_params: entering
> soa_set_params(static::0x7ffff0001920, ...) called
> nua((nil)): event r_set_params 200 OK
> LCR 1.14 started, waiting for calls...
> 000000 TRACE 15.01.16 11:36:21.011 --: LCR 1.14 started, waiting for
> calls...
> nua: nua_application_event: entering
> 000000 DEBUG (in sip.cpp/sip_callback() line 1785): Event 23 from stack
> received (handle=(nil))
> 000000 DEBUG (in port.cpp/Port() line 210): new port (1) of type 0x3101,
> name 'gsm-0-in' interface 'gsm'
> 000000 DEBUG (in gsm.cpp/Pgsm() line 239): Created new GSMPort(gsm-0-in).
> 000000 DEBUG (in gsm_bs.cpp/Pgsm_bs() line 56): Created new
> GSMBSPort(gsm-0-in).
> 000000 TRACE 15.01.16 11:37:28.210 CH(1): New call ref LCR<->BSC  callref
> new=0x8000000d
> 000000 TRACE 15.01.16 11:37:28.210 CH(1): Codec negotiation LCR<->BSC
>  bearer capa='given by MS'  speech version='Full Rate given'
> 000000 TRACE 15.01.16 11:37:28.210 CH(1): MNCC_SETUP_IND LCR<->BSC
>  calling number=639360100037 imsi=901550000000824  dialing number=12345678
> 000000 DEBUG (in endpoint.cpp/Endpoint() line 48): EPOINT(1): Allocating
> enpoint 1 and connecting it with: ioport
> 000000 DEBUG (in endpoint.cpp/portlist_new() line 150): EPOINT(1)
> allocating port_list, attaching to port 1
> 000000 DEBUG (in appbridge.cpp/EndpointAppBridge() line 31): Bridge
> endpoint created
> 000000 DEBUG (in port.cpp/epointlist_new() line 131): PORT(1) allocating
> epoint_list.
> 000000 TRACE 15.01.16 11:37:28.211 CH(1): MNCC_CALL_PROC_REQ LCR<->BSC
>  progress coding=3 location=1 descr=8
> 000000 DEBUG (in port.cpp/new_state() line 283): PORT(gsm-0-in) new state
> PORT_STATE_IDLE --> PORT_STATE_IN_PROCEEDING
> 000000 TRACE 15.01.16 11:37:28.211 CH(1): MNCC_FRAME_RECV LCR<->BSC
> 000000 DEBUG (in gsm_bs.cpp/setup_ind() line 631): Request RTP peer info,
> before forwarding setup
> 000000 DEBUG (in gsm.cpp/rtp_create_ind() line 869): Got RTP peer info
> (7f000001,52103) forwarding setup
> 000000 DEBUG (in message.c/_message_put() line 70): message MESSAGE_SETUP
> written from 140733193388033 to 140733193388033 (memory 6b1a50 at file
> gsm.cpp, line 872)
> 000000 DEBUG (in message.c/message_get() line 115): message MESSAGE_SETUP
> reading from 1 to 140733193388033 (memory 6b1a50)
> 000000 DEBUG (in appbridge.cpp/port_setup() line 94): EPOINT(1) epoint
> received setup from='639360100037' to='12345678'
> 000000 DEBUG (in port.cpp/Port() line 210): new port (2) of type 0x2002,
> name 'sip-0-out' interface 'sip'
> 000000 DEBUG (in sip.cpp/Psip() line 72): Created new Psip(sip-0-out).
> 000000 DEBUG (in endpoint.cpp/portlist_new() line 150): EPOINT(1)
> allocating port_list, attaching to port 2
> 000000 DEBUG (in message.c/_message_put() line 70): message MESSAGE_SETUP
> written from 1 to 2 (memory 6b1a50 at file message.c, line 94)
> 000000 DEBUG (in message.c/_message_put() line 70): message MESSAGE_BRIDGE
> written from 1 to 1 (memory 6b6c00 at file appbridge.cpp, line 222)
> 000000 DEBUG (in message.c/_message_put() line 70): message MESSAGE_BRIDGE
> written from 1 to 2 (memory 6ba6e0 at file appbridge.cpp, line 225)
> 000000 DEBUG (in message.c/message_get() line 115): message MESSAGE_SETUP
> reading from 140733193388033 to 2 (memory 6b1a50)
> 000000 DEBUG (in sip.cpp/message_setup() line 954): Doing Setup (inst
> 0x6acce0)
> 000000 DEBUG (in sip.cpp/message_setup() line 961): RTP info given by
> remote, forward that
> 000000 DEBUG (in sip.cpp/message_setup() line 968): local ip 7f000001 port
> 52103
> 000000 DEBUG (in sip.cpp/message_setup() line 969): remote ip 00000000
> port 0
> nua: nh_create_handle: entering
> 000000 TRACE 15.01.16 11:37:28.816 CH(2): NEW handle  handle new=0x6b09c0
> 000000 DEBUG (in sip.cpp/message_setup() line 1038): Using SDP for invite:
> v=0
> o=LCR-Sofia-SIP 0 0 IN IP4 127.0.0.1
> s=SIP Call
> c=IN IP4 127.0.0.1
> t=0 0
> m=audio 52103 RTP/AVP 3
> a=rtpmap:3 GSM/8000
> 000000 TRACE 15.01.16 11:37:28.816 CH(2): INVITE  from uri=
> sip:639360100037 at 127.0.0.1:5062  to uri=sip:12345678 at 192.168.40.100:5060
>  rtp ip=127.0.0.1 port=52103,52104 payload=GSM:3
> nua: nua_invite: entering
> nua(0x6b09c0): sent signal r_invite
> 000000 DEBUG (in port.cpp/new_state() line 283): PORT(sip-0-out) new state
> PORT_STATE_IDLE --> PORT_STATE_OUT_SETUP
> 000000 DEBUG (in sip.cpp/message_setup() line 1069): do proceeding
> 000000 DEBUG (in port.cpp/new_state() line 283): PORT(sip-0-out) new state
> PORT_STATE_OUT_SETUP --> PORT_STATE_OUT_PROCEEDING
> 000000 DEBUG (in message.c/_message_put() line 70): message
> MESSAGE_PROCEEDING written from 2 to 1 (memory 6be1c0 at file sip.cpp, line
> 1072)
> 000000 DEBUG (in port.cpp/epointlist_new() line 131): PORT(2) allocating
> epoint_list.
> 000000 DEBUG (in message.c/message_get() line 115): message MESSAGE_BRIDGE
> reading from 1 to 1 (memory 6b6c00)
> 000000 DEBUG (in port.cpp/message_epoint() line 657): PORT(gsm-0-in)
> bridging to id 1
> nua(0x6b09c0): recv signal r_invite
> 000000 DEBUG (in port.cpp/bridge() line 1305): Port 1 creating not
> existing bridge 1.
> 000000 DEBUG (in message.c/message_get() line 115): message MESSAGE_BRIDGE
> reading from 1 to 2 (memory 6ba6e0)
> 000000 DEBUG (in port.cpp/message_epoint() line 657): PORT(sip-0-out)
> bridging to id 1
> nua: nua_stack_set_params: entering
> 000000 DEBUG (in port.cpp/bridge() line 1290): Port 2 found existing
> bridge 1.
> 000000 DEBUG (in message.c/message_get() line 115): message
> MESSAGE_PROCEEDING reading from 2 to 1 (memory 6be1c0)
> 000000 DEBUG (in appbridge.cpp/port_other() line 259): EPOINT(8) epoint
> received message 7070144 from port
> 000000 DEBUG (in message.c/_message_put() line 70): message
> MESSAGE_PROCEEDING written from 1 to 140733193388033 (memory 6be1c0 at file
> message.c, line 94)
> 000000 DEBUG (in message.c/message_get() line 115): message
> MESSAGE_PROCEEDING reading from 1 to 1 (memory 6be1c0)
> nua(0x6b09c0): adding session usage
> nta_leg_tcreate(0x7ffff0006b00)
> Program received signal SIGSEGV, Segmentation fault.
> [Switching to Thread 0x7ffff6c52700 (LWP 11520)]
> strlen () at ../sysdeps/x86_64/strlen.S:106
> 106 ../sysdeps/x86_64/strlen.S: No such file or directory.
> (gdb) bt
> #0  strlen () at ../sysdeps/x86_64/strlen.S:106
> #1  0x00007ffff7b70896 in url_xtra (url=url at entry=0x7ffff00075d0) at
> url.c:1048
> #2  0x00007ffff7b2deaf in sip_request_create (home=home at entry=0x7ffff0006fc0,
> method=method at entry=sip_method_invite, name=0x7ffff7b916e2
> <sip_method_name_invite> "INVITE",
>     name at entry=0x7ffff7b8ed49 "INVITE", uri=uri at entry=0x7ffff00075d0,
> version=version at entry=0x0) at sip_basic.c:225
> #3  0x00007ffff7ae3512 in nta_msg_request_complete (msg=msg at entry=0x7ffff0006fc0,
> leg=leg at entry=0x7ffff0006b00, method=method at entry=sip_method_invite,
>     method_name=method_name at entry=0x7ffff7b8ed49 "INVITE",
> request_uri=0x7ffff00075d0, request_uri at entry=0x0) at nta.c:3890
> #4  0x00007ffff7b07d92 in nua_client_request_sendmsg (cr=cr at entry=0x7ffff0005af0)
> at nua_client.c:803
> #5  0x00007ffff7b08de9 in nua_client_request_try (cr=0x7ffff0005af0) at
> nua_client.c:708
> #6  0x00007ffff7b06b93 in nua_client_init_request0 (cr=0x7ffff0005af0) at
> nua_client.c:605
> #7  nua_client_init_request (cr=0x7ffff0005af0) at nua_client.c:442
> #8  0x00007ffff7b07246 in nua_client_create (nh=nh at entry=0x6b09c0,
> event=event at entry=31, methods=methods at entry=0x7ffff7dc4d20
> <nua_invite_client_methods>, tags=tags at entry=0x6b0eb0)
>     at nua_client.c:199
> #9  0x00007ffff7b1cc61 in nua_stack_invite (nua=nua at entry=0x6adc80,
> nh=nh at entry=0x6b09c0, e=e at entry=nua_r_invite, tags=tags at entry=0x6b0eb0)
> at nua_session.c:705
> #10 0x00007ffff7b03eb3 in nua_stack_signal (nua=0x6adc80, msg=<optimized
> out>, ee=0x6b0e88) at nua_stack.c:582
> #11 0x00007ffff7b522b2 in su_base_port_execute_msgs (queue=0x0) at
> su_base_port.c:280
> #12 0x00007ffff7b527bd in su_base_port_run (self=0x7ffff00008c0) at
> su_base_port.c:335
> #13 0x00007ffff7b52f10 in su_pthread_port_clone_main (varg=0x7fffffffe4c0)
> at su_pthread_port.c:324
> #14 0x00007ffff7840182 in start_thread (arg=0x7ffff6c52700) at
> pthread_create.c:312
> #15 0x00007ffff6d4d47d in clone () at
> ../sysdeps/unix/sysv/linux/x86_64/clone.S:111
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osmocom.org/pipermail/openbsc/attachments/20160115/25ffa31e/attachment.htm>

More information about the OpenBSC mailing list