Uploaded image for project: 'FreeSWITCH'
  1. FreeSWITCH
  2. FS-9548

crash on Invite due to bad config for sip profile

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 1.6.10
    • Fix Version/s: None
    • Component/s: freeswitch-core
    • Labels:
      None
    • Environment:
      Linux
    • CPU Architecture:
      x86-64
    • Kernel:
      Linux
    • Userland:
      GNU/Linux
    • Distribution:
      Debian
    • Distribution Version:
      Debian 8 jessie
    • Compiler:
      gcc
    • FreeSWITCH GIT Revision:
      fca259d13c422517164dfa723c8e73a4fdf7d63c
    • GIT Master Revision hash::
      fca259d13c422517164dfa723c8e73a4fdf7d63c

      Description


      I needed multiple and customized sip profiles and I misconfigured two vars like below. Notice I had an IP instead of port and the empty RTP IP .

      2016-09-20 16:11:32.988063 [DEBUG] sofia.c:4240 sip-port [172.17.140.160]
      [...]
      2016-09-20 16:11:32.988189 [DEBUG] sofia.c:4240 rtp-ip []
      2016-09-20 16:11:32.988193 [DEBUG] sofia.c:4240 sip-ip [172.17.140.160]

      FS started (with this invalid sip port and no RTP IP on the profile where the call was supposed to go out) , then I placed a call and I ran into this crash immediately :

      Core was generated by `./freeswitch -nc -core'.
      Program terminated with signal 11, Segmentation fault.
      #0 switch_hash_default (ky=0x0) at ./src/include/switch_hashtable.h:230
      230 while ((c = *str)) {
      (gdb) bt
      #0 switch_hash_default (ky=0x0) at ./src/include/switch_hashtable.h:230
      #1 0x00007f2c01a0fd58 in hash (k=0x0, h=<optimized out>) at ./src/include/private/switch_hashtable_private.h:53
      #2 switch_hashtable_search (h=0xaf0520, k=k@entry=0x0) at src/switch_hashtable.c:231
      #3 0x00007f2c019425b5 in switch_core_hash_find (hash=<optimized out>, key=key@entry=0x0) at src/switch_core_hash.c:178
      #4 0x00007f2c019a9263 in switch_rtp_request_port (ip=0x0) at src/switch_rtp.c:2431
      #5 0x00007f2c019764b8 in switch_core_media_choose_port (session=0x7f2bec105da8, type=type@entry=SWITCH_MEDIA_TYPE_AUDIO, force=force@entry=0) at src/switch_core_media.c:6024
      #6 0x00007f2bf979b7d8 in sofia_glue_do_invite (session=session@entry=0x7f2bec105da8) at sofia_glue.c:806
      #7 0x00007f2bf9755103 in sofia_on_init (session=0x7f2bec105da8) at mod_sofia.c:117
      #8 0x00007f2c019561f1 in switch_core_session_run (session=0x7f2bec105da8) at src/switch_core_state_machine.c:586
      #9 0x00007f2c0194f81e in switch_core_session_thread (thread=<optimized out>, obj=0x7f2bec105da8) at src/switch_core_session.c:1630
      #10 0x00007f2c0194bc03 in switch_core_session_thread_pool_worker (thread=0xd11360, obj=<optimized out>) at src/switch_core_session.c:1693
      #11 0x00007f2c01a346d6 in dummy_worker (opaque=0xd11360) at threadproc/unix/thread.c:151
      #12 0x00007f2c00e7ab50 in start_thread () from /lib/x86_64-linux-gnu/libpthread.so.0
      #13 0x00007f2c0056cfbd in clone () from /lib/x86_64-linux-gnu/libc.so.6
      #14 0x0000000000000000 in ?? ()
      (gdb) frame 5
      #5 0x00007f2c019764b8 in switch_core_media_choose_port (session=0x7f2bec105da8, type=type@entry=SWITCH_MEDIA_TYPE_AUDIO, force=force@entry=0) at src/switch_core_media.c:6024
      6024 if (!(engine->local_sdp_port = switch_rtp_request_port(smh->mparams->rtpip))) {
      (gdb) i loc
      lookup_rtpip = 0x0
      sdp_port = <optimized out>
      use_ip = 0x0
      engine = 0x7f2bec114e40
      smh = 0x7f2bec114de8
      tstr = 0x7f2c01a643b7 "audio"
      vname = '\000' <repeats 127 times>
      __PRETTY_FUNCTION__ = "switch_core_media_choose_port"
      __func__ = "switch_core_media_choose_port"
      (gdb) p smh->mparams
      $1 = (switch_core_media_params_t *) 0x7f2bec1129a0
      (gdb) p *smh->mparams
      $2 = {rtp_timeout_sec = 300, rtp_hold_timeout_sec = 1800, dtmf_delay = 40, codec_flags = 0, ndlb = SM_NDLB_ALLOW_NONDUP_SDP,
        auto_rtp_bugs = RTP_BUG_CISCO_SKIP_MARK_BIT_2833, inbound_codec_string = 0x7f2bf4025740 "OPUS,G722,PCMU,PCMA,VP8",
        outbound_codec_string = 0x7f2bf4025760 "OPUS,G722,PCMU,PCMA,VP8", timer_name = 0x7f2bf4025798 "soft", remote_sdp_str = 0x0, early_sdp = 0x0, local_sdp_str = 0x0,
        last_sdp_str = 0x0, last_sdp_response = 0x0, prev_sdp_str = 0x0, prev_sdp_response = 0x0, stun_ip = 0x0, stun_port = 0, stun_flags = 0, jb_msec = 0x0, vflags = 0,
        manual_rtp_bugs = RTP_BUG_NONE, manual_video_rtp_bugs = RTP_BUG_NONE, rtcp_audio_interval_msec = 0x0, rtcp_video_interval_msec = 0x0, extrtpip = 0x0, rtpip = 0x0,
        rtpip4 = 0x0, rtpip6 = 0x0, remote_ip = 0x7f2bec112e59 "172.17.102.53", remote_port = 0, extsipip = 0x0, local_network = 0x7f2bf40257a0 "localnet.auto",
        sipip = 0x7f2bf40257b0 "172.17.140.160", sdp_username = 0x7f2bf40257e8 "FreeSWITCH", te = 101 'e', recv_te = 101 'e', te_rate = 0, cng_rate = 0, adv_sdp_audio_ip = 0x0,
        num_codecs = 1, hold_laps = 0, dtmf_type = DTMF_2833, cng_pt = 13 '\r', external_video_source = SWITCH_FALSE, video_key_freq = 10000000, video_key_first = 1000000,
        video_write_thread = 0x0}
      (gdb) bt full
      #0 switch_hash_default (ky=0x0) at ./src/include/switch_hashtable.h:230
              str = 0x0
              hash = 0
              c = <optimized out>
      #1 0x00007f2c01a0fd58 in hash (k=0x0, h=<optimized out>) at ./src/include/private/switch_hashtable_private.h:53
              i = <optimized out>
      #2 switch_hashtable_search (h=0xaf0520, k=k@entry=0x0) at src/switch_hashtable.c:231
              e = <optimized out>
              hashvalue = 3960557032
      #3 0x00007f2c019425b5 in switch_core_hash_find (hash=<optimized out>, key=key@entry=0x0) at src/switch_core_hash.c:178
      No locals.
      #4 0x00007f2c019a9263 in switch_rtp_request_port (ip=0x0) at src/switch_rtp.c:2431
              port = 0
              alloc = 0x0
      #5 0x00007f2c019764b8 in switch_core_media_choose_port (session=0x7f2bec105da8, type=type@entry=SWITCH_MEDIA_TYPE_AUDIO, force=force@entry=0) at src/switch_core_media.c:6024
              lookup_rtpip = 0x0
              sdp_port = <optimized out>
              use_ip = 0x0
              engine = 0x7f2bec114e40
              smh = 0x7f2bec114de8
              tstr = 0x7f2c01a643b7 "audio"
              vname = '\000' <repeats 127 times>
              __PRETTY_FUNCTION__ = "switch_core_media_choose_port"
              __func__ = "switch_core_media_choose_port"
      #6 0x00007f2bf979b7d8 in sofia_glue_do_invite (session=session@entry=0x7f2bec105da8) at sofia_glue.c:806
              alert_info = 0x0
              max_forwards = 0x7f2bec113668 "68"
              alertbuf = <optimized out>
              tech_pvt = 0x7f2bec112958
              channel = 0x7f2bec0ac830
              caller_profile = 0x7f2bec112fb8
              cid_name = 0x7f2bec113148 "+12450069"
              cid_num = 0x7f2bec113158 "+12450069"
              e_dest = 0x0
              holdstr = 0x7f2bf98aaced ""
              extra_headers = 0x0
              status = SWITCH_STATUS_FALSE
              session_timeout = 0
              val = <optimized out>
              rep = 0x0
              call_id = 0x0
      ---Type <return> to continue, or q <return> to quit---
              route = 0x0
              route_uri = 0x0
              dst = 0x0
              cid_type = CID_TYPE_RPID
              cseq = 0x0
              invite_record_route = <optimized out>
              invite_route_uri = 0x0
              invite_full_from = 0x0
              invite_full_to = 0x0
              handle_full_from = 0x0
              handle_full_to = 0x0
              force_full_from = 0x0
              force_full_to = 0x0
              content_encoding = 0x0
              mp = 0x0
              mp_type = 0x0
              record_route = 0x0
              recover_via = 0x0
              require_timer = 1
              is_t38 = 0 '\000'
              __func__ = "sofia_glue_do_invite"
              __PRETTY_FUNCTION__ = "sofia_glue_do_invite"
      #7 0x00007f2bf9755103 in sofia_on_init (session=0x7f2bec105da8) at mod_sofia.c:117
              hval = <optimized out>
              channel = 0x7f2bec0ac830
              tech_pvt = 0x7f2bec112958
              status = SWITCH_STATUS_SUCCESS
              __PRETTY_FUNCTION__ = "sofia_on_init"
              __func__ = "sofia_on_init"
      #8 0x00007f2c019561f1 in switch_core_session_run (session=0x7f2bec105da8) at src/switch_core_state_machine.c:586
              event = 0x0
              global_proceed = 1
              index = 0
              proceed = 1
              do_extra_handlers = 1
              ptr = <optimized out>
              rstatus = <optimized out>
              state = CS_INIT
              midstate = CS_INIT
              endstate = <optimized out>
              endpoint_interface = <optimized out>
      ---Type <return> to continue, or q <return> to quit---
              driver_state_handler = 0x7f2bf9af9da0
              application_state_handler = <optimized out>
              new_loops = 500
              __PRETTY_FUNCTION__ = "switch_core_session_run"
              __func__ = "switch_core_session_run"
      #9 0x00007f2c0194f81e in switch_core_session_thread (thread=<optimized out>, obj=0x7f2bec105da8) at src/switch_core_session.c:1630
              session = 0x7f2bec105da8
              event = <optimized out>
              event_str = 0x0
              val = <optimized out>
              __func__ = "switch_core_session_thread"
              __PRETTY_FUNCTION__ = "switch_core_session_thread"
      #10 0x00007f2c0194bc03 in switch_core_session_thread_pool_worker (thread=0xd11360, obj=<optimized out>) at src/switch_core_session.c:1693
              td = 0x7f2bec113638
              pop = 0x7f2bec113638
              check_status = <optimized out>
              node = <optimized out>
              pool = 0xd11108
              __func__ = "switch_core_session_thread_pool_worker"
      #11 0x00007f2c01a346d6 in dummy_worker (opaque=0xd11360) at threadproc/unix/thread.c:151
              thread = 0xd11360
      #12 0x00007f2c00e7ab50 in start_thread () from /lib/x86_64-linux-gnu/libpthread.so.0
      No symbol table info available.
      #13 0x00007f2c0056cfbd in clone () from /lib/x86_64-linux-gnu/libc.so.6
      No symbol table info available.
      #14 0x0000000000000000 in ?? ()

      I've done a quick fix so it will drop the call with the log message :
      2016-09-20 16:37:43.013859 [ERR] sofia_glue.c:807 Port Error!

        Attachments

          Activity

            People

            • Assignee:
              mikej Mike Jerris
              Reporter:
              dragos_oancea Dragos Oancea
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: