Project

General

Profile

Actions

Bug #3488

closed

sanitizer issue after "Wrong domain name"

Added by neels over 5 years ago. Updated over 5 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
-
Target version:
-
Start date:
08/20/2018
Due date:
% Done:

100%

Spec Reference:

Description

connecting osmo-mgw (address sanitizer build) to a 3rd party SCCPlite MSC, I get

20180820221412904 DLMGCP NOTICE mgcp_protocol.c:694 CRCX: creating new connection ...
../../../../src/osmo-mgw/src/libosmo-mgcp/mgcp_protocol.c:738:7: runtime error: member access within null pointer of type 'struct mgcp_endpoint'
AddressSanitizer:DEADLYSIGNAL
=================================================================
==20815==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000038 (pc 0x55b37dea6785 bp 0x000000000000 sp 0x7ffd88b8d210 T0)
==20815==The signal is caused by a READ memory access.
==20815==Hint: address points to the zero page.
    #0 0x55b37dea6784 in handle_create_con ../../../../src/osmo-mgw/src/libosmo-mgcp/mgcp_protocol.c:741

Files

osmo_mgw_mgcp_crash.pcapng osmo_mgw_mgcp_crash.pcapng 2.37 KB MGCP commands leading to the crash neels, 08/20/2018 08:19 PM
Actions #1

Updated by neels over 5 years ago

full log:

20180820220618779 DLGLOBAL NOTICE telnet_interface.c:104 telnet at 127.0.0.2 4243
20180820220618779 DLMGCP NOTICE mgw_main.c:318 Configured for MGCP, listen on 172.31.49.100:2427
20180820221411833 DLMGCP DEBUG mgcp_msg.c:65 Received message: line #00: CRCX 1 3@mgw MGCP 1.0
20180820221411833 DLMGCP DEBUG mgcp_msg.c:65 Received message: line #01: C: 2
20180820221411833 DLMGCP DEBUG mgcp_msg.c:65 Received message: line #02: L: p:20, a:GSM-EFR, nt:IN
20180820221411833 DLMGCP DEBUG mgcp_msg.c:65 Received message: line #03: M: recvonly
20180820221411833 DLMGCP NOTICE mgcp_msg.c:279 Addressing virtual trunk without prefix (deprecated), please use rtpbridge/: '3@mgw'
20180820221411833 DLMGCP NOTICE mgcp_protocol.c:694 CRCX: creating new connection ...
20180820221411833 DLGLOBAL DEBUG rate_ctr.c:88 validating counter group 0x55b37defac40(conn_rtp) with 7 counters
20180820221411833 DLMGCP DEBUG mgcp_msg.c:118 endpoint:0x3 conn:(2/rtp, id:0x87518CBE6D74E3809896DE22410B4BB4, ip:0.0.0.0, rtp:0 rtcp:0)
20180820221411833 DLMGCP DEBUG mgcp_msg.c:122 endpoint:0x3 connection mode 'recvonly' 1
20180820221411833 DLMGCP DEBUG mgcp_msg.c:127 endpoint:0x3 output_enabled 0
20180820221411833 DLMGCP DEBUG mgcp_protocol.c:554 local CX options: lco->pkt_period_max: 20, lco->codec: GSM-EFR
20180820221411834 DLMGCP DEBUG mgcp_codec.c:69 endpoint:0x3 conn:(2/rtp, id:0x87518CBE6D74E3809896DE22410B4BB4, ip:0.0.0.0, rtp:0 rtcp:0) codecs[0]:(pt:110=DYNAMIC, audio:GSM-EFR subt=GSM-EFR, rate=8000, ch=1, t=20/1000) [selected]
20180820221411834 DLMGCP DEBUG mgcp_protocol.c:580 Configuring RTP endpoint: local port 0
20180820221411834 DRTP DEBUG mgcp_network.c:104 endpoint:0x3 CI:87518CBE6D74E3809896DE22410B4BB4 using mgcp bind ip as local rtp bind ip: 172.31.49.100
20180820221411834 DRTP DEBUG mgcp_network.c:1274 created socket + bound UDP port (172.31.49.100:16002).
20180820221411834 DRTP DEBUG mgcp_network.c:1274 created socket + bound UDP port (172.31.49.100:16003).
20180820221411834 DRTP DEBUG mgcp_network.c:413 endpoint:0x3 transcoding disabled
20180820221411834 DLMGCP DEBUG mgcp_protocol.c:902 CRCX: endpoint:0x3 Creating connection: CI: 87518CBE6D74E3809896DE22410B4BB4 port: 16002
20180820221411834 DRTP DEBUG mgcp_network.c:167 endpoint:0x3 sending dummy packet...
20180820221411834 DRTP DEBUG mgcp_network.c:169 endpoint:0x3 conn:(2/rtp, id:0x87518CBE6D74E3809896DE22410B4BB4, ip:0.0.0.0, rtp:0 rtcp:0)
20180820221411834 DRTP DEBUG mgcp_network.c:144 sending 1 bytes length packet to 0.0.0.0:0 ...
20180820221411834 DRTP ERROR mgcp_network.c:190 endpoint:0x3 Failed to send dummy RTP packet.
20180820221411834 DLMGCP NOTICE mgcp_protocol.c:914 CRCX: endpoint:0x3 connection successfully created
20180820221411834 DRTP DEBUG mgcp_network.c:104 endpoint:0x3 CI:87518CBE6D74E3809896DE22410B4BB4 using mgcp bind ip as local rtp bind ip: 172.31.49.100
20180820221411834 DRTP DEBUG mgcp_network.c:425 endpoint:0x3 conn:(2/rtp, id:0x87518CBE6D74E3809896DE22410B4BB4, ip:0.0.0.0, rtp:0 rtcp:0) using format defaults
20180820221411834 DLMGCP DEBUG mgcp_protocol.c:154 Generated response: code=200
20180820221411834 DLMGCP DEBUG mgcp_msg.c:65 Generated response: line #00: 200 1 OK
20180820221411834 DLMGCP DEBUG mgcp_msg.c:65 Generated response: line #01: I: 87518CBE6D74E3809896DE22410B4BB4
20180820221411834 DLMGCP DEBUG mgcp_msg.c:65 Generated response: line #02: v=0
20180820221411834 DLMGCP DEBUG mgcp_msg.c:65 Generated response: line #03: o=- 87518CBE6D74E3809896DE22410B4BB4 23 IN IP4 172.31.49.100
20180820221411834 DLMGCP DEBUG mgcp_msg.c:65 Generated response: line #04: s=-
20180820221411834 DLMGCP DEBUG mgcp_msg.c:65 Generated response: line #05: c=IN IP4 172.31.49.100
20180820221411834 DLMGCP DEBUG mgcp_msg.c:65 Generated response: line #06: t=0 0
20180820221411834 DLMGCP DEBUG mgcp_msg.c:65 Generated response: line #07: m=audio 16002 RTP/AVP 110
20180820221411834 DLMGCP DEBUG mgcp_msg.c:65 Generated response: line #08: a=rtpmap:110 GSM-EFR
20180820221411834 DLMGCP DEBUG mgcp_msg.c:65 Generated response: line #09: a=ptime:20
20180820221411984 DLMGCP DEBUG mgcp_msg.c:65 Received message: line #00: MDCX 2 3@mgw MGCP 1.0
20180820221411984 DLMGCP DEBUG mgcp_msg.c:65 Received message: line #01: C: 2
20180820221411984 DLMGCP DEBUG mgcp_msg.c:65 Received message: line #02: I: 87518CBE6D74E3809896DE22410B4BB4
20180820221411984 DLMGCP DEBUG mgcp_msg.c:65 Received message: line #03: M: sendrecv
20180820221411984 DLMGCP DEBUG mgcp_msg.c:65 Received message: line #04: v=0
20180820221411984 DLMGCP DEBUG mgcp_msg.c:65 Received message: line #05: o=- 2 23 IN IP4 172.31.49.100
20180820221411984 DLMGCP DEBUG mgcp_msg.c:65 Received message: line #06: s=-
20180820221411984 DLMGCP DEBUG mgcp_msg.c:65 Received message: line #07: c=IN IP4 192.168.0.125
20180820221411984 DLMGCP DEBUG mgcp_msg.c:65 Received message: line #08: t=0 0
20180820221411985 DLMGCP DEBUG mgcp_msg.c:65 Received message: line #09: m=audio 56994 RTP/AVP 97
20180820221411985 DLMGCP DEBUG mgcp_msg.c:65 Received message: line #10: a=rtpmap:97 GSM-EFR/8000/1
20180820221411985 DLMGCP DEBUG mgcp_msg.c:65 Received message: line #11: a=ptime:20
20180820221411985 DLMGCP NOTICE mgcp_msg.c:279 Addressing virtual trunk without prefix (deprecated), please use rtpbridge/: '3@mgw'
20180820221411985 DLMGCP NOTICE mgcp_protocol.c:942 MDCX: modifying existing connection ...
20180820221411985 DLMGCP DEBUG mgcp_msg.c:118 endpoint:0x3 conn:(2/rtp, id:0x87518CBE6D74E3809896DE22410B4BB4, ip:0.0.0.0, rtp:0 rtcp:0)
20180820221411985 DLMGCP DEBUG mgcp_msg.c:122 endpoint:0x3 connection mode 'sendrecv' 3
20180820221411985 DLMGCP DEBUG mgcp_msg.c:127 endpoint:0x3 output_enabled 1
20180820221411985 DLMGCP NOTICE mgcp_sdp.c:275 Got media info via SDP: port:56994, addr:192.168.0.125, duration:20, payload-types:97=GSM-EFR 
20180820221411985 DLMGCP DEBUG mgcp_codec.c:69 endpoint:0x3 conn:(2/rtp, id:0x87518CBE6D74E3809896DE22410B4BB4, ip:192.168.0.125, rtp:56994 rtcp:56995) codecs[0]:(pt:97=DYNAMIC, audio:GSM-EFR/8000/1 subt=GSM-EFR, rate=8000, ch=1, t=20/1000) [selected]
20180820221411985 DRTP DEBUG mgcp_network.c:413 endpoint:0x3 transcoding disabled
20180820221411985 DLMGCP DEBUG mgcp_protocol.c:580 Configuring RTP endpoint: local port 56994
20180820221411985 DLMGCP DEBUG mgcp_protocol.c:1088 MDCX: endpoint:0x3 modified conn:(2/rtp, id:0x87518CBE6D74E3809896DE22410B4BB4, ip:192.168.0.125, rtp:56994 rtcp:56995)
20180820221411985 DRTP DEBUG mgcp_network.c:167 endpoint:0x3 sending dummy packet...
20180820221411985 DRTP DEBUG mgcp_network.c:169 endpoint:0x3 conn:(2/rtp, id:0x87518CBE6D74E3809896DE22410B4BB4, ip:192.168.0.125, rtp:56994 rtcp:56995)
20180820221411985 DRTP DEBUG mgcp_network.c:144 sending 1 bytes length packet to 192.168.0.125:56994 ...
20180820221411985 DRTP DEBUG mgcp_network.c:144 sending 1 bytes length packet to 192.168.0.125:56995 ...
20180820221411985 DLMGCP NOTICE mgcp_protocol.c:1104 MDCX: endpoint:0x3 connection successfully modified
20180820221411985 DRTP DEBUG mgcp_network.c:104 endpoint:0x3 CI:87518CBE6D74E3809896DE22410B4BB4 using mgcp bind ip as local rtp bind ip: 172.31.49.100
20180820221411985 DRTP DEBUG mgcp_network.c:425 endpoint:0x3 conn:(2/rtp, id:0x87518CBE6D74E3809896DE22410B4BB4, ip:192.168.0.125, rtp:56994 rtcp:56995) using format defaults
20180820221411985 DLMGCP DEBUG mgcp_protocol.c:154 Generated response: code=200
20180820221411985 DLMGCP DEBUG mgcp_msg.c:65 Generated response: line #00: 200 2 OK
20180820221411985 DLMGCP DEBUG mgcp_msg.c:65 Generated response: line #01: v=0
20180820221411985 DLMGCP DEBUG mgcp_msg.c:65 Generated response: line #02: o=- 87518CBE6D74E3809896DE22410B4BB4 23 IN IP4 172.31.49.100
20180820221411986 DLMGCP DEBUG mgcp_msg.c:65 Generated response: line #03: s=-
20180820221411986 DLMGCP DEBUG mgcp_msg.c:65 Generated response: line #04: c=IN IP4 172.31.49.100
20180820221411986 DLMGCP DEBUG mgcp_msg.c:65 Generated response: line #05: t=0 0
20180820221411986 DLMGCP DEBUG mgcp_msg.c:65 Generated response: line #06: m=audio 16002 RTP/AVP 97
20180820221411986 DLMGCP DEBUG mgcp_msg.c:65 Generated response: line #07: a=rtpmap:97 GSM-EFR/8000/1
20180820221411986 DLMGCP DEBUG mgcp_msg.c:65 Generated response: line #08: a=ptime:20
20180820221412904 DLMGCP DEBUG mgcp_msg.c:65 Received message: line #00: CRCX 548 3@172.31.49.100 MGCP 1.0
20180820221412904 DLMGCP DEBUG mgcp_msg.c:65 Received message: line #01: M: sendrecv
20180820221412904 DLMGCP DEBUG mgcp_msg.c:65 Received message: line #02: C: 1
20180820221412904 DLMGCP DEBUG mgcp_msg.c:65 Received message: line #03: v=0
20180820221412904 DLMGCP DEBUG mgcp_msg.c:65 Received message: line #04: c=IN IP4 172.31.0.200
20180820221412904 DLMGCP DEBUG mgcp_msg.c:65 Received message: line #05: m=audio 10540 RTP/AVP 97
20180820221412904 DLMGCP DEBUG mgcp_msg.c:65 Received message: line #06: a=rtpmap:97 GSM-EFR/8000
20180820221412904 DLMGCP ERROR mgcp_msg.c:243 Wrong domain name '3@172.31.49.100'
20180820221412904 DLMGCP ERROR mgcp_msg.c:322 Unable to find Endpoint `3@172.31.49.100'
20180820221412904 DLMGCP NOTICE mgcp_protocol.c:694 CRCX: creating new connection ...
../../../../src/osmo-mgw/src/libosmo-mgcp/mgcp_protocol.c:738:7: runtime error: member access within null pointer of type 'struct mgcp_endpoint'
AddressSanitizer:DEADLYSIGNAL
=================================================================
==20815==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000038 (pc 0x55b37dea6785 bp 0x000000000000 sp 0x7ffd88b8d210 T0)
==20815==The signal is caused by a READ memory access.
==20815==Hint: address points to the zero page.
    #0 0x55b37dea6784 in handle_create_con ../../../../src/osmo-mgw/src/libosmo-mgcp/mgcp_protocol.c:741
    #1 0x55b37dea1c10 in mgcp_handle_message ../../../../src/osmo-mgw/src/libosmo-mgcp/mgcp_protocol.c:338
    #2 0x55b37de9b58f in read_call_agent ../../../../src/osmo-mgw/src/osmo-mgw/mgw_main.c:174
    #3 0x7f38c89f785f in osmo_fd_disp_fds ../../../src/libosmocore/src/select.c:217
    #4 0x7f38c89f785f in osmo_select_main ../../../src/libosmocore/src/select.c:257
    #5 0x55b37de9a8d6 in main ../../../../src/osmo-mgw/src/osmo-mgw/mgw_main.c:333
    #6 0x7f38c7bbdb16 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x22b16)
    #7 0x55b37de9ae69 in _start (/usr/local/bin/osmo-mgw+0x77e69)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV ../../../../src/osmo-mgw/src/libosmo-mgcp/mgcp_protocol.c:741 in handle_create_con
==20815==ABORTING
Actions #2

Updated by neels over 5 years ago

  • Status changed from New to In Progress
  • Assignee set to neels

To be able to work with the SCCPlite MSC, apparently we need to use the local IP as domain name.
osmo-bsc also needs to use this same domain name as rtpbridge endpoint name, so that both the SCCPlite MSC and osmo-bsc add CI to the same endpoint as intended.

IIUC both osmo-mgw and osmo-bsc need a config item that make the domain name part of the MGW endpoint configurable.
Alternatively, osmo-mgw could ignore the domain name part.

Actions #3

Updated by neels over 5 years ago

https://gerrit.osmocom.org/#/c/osmo-mgw/+/10556 fixes the segfault (described as sanitizer crash above, but actually is a segfault)

Actions #4

Updated by neels over 5 years ago

  • % Done changed from 0 to 90
Actions #5

Updated by neels over 5 years ago

  • Status changed from In Progress to Resolved
  • % Done changed from 90 to 100

merged.

Actions

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 48.8 MB)