Actions
Bug #2349
closedosmo-bts-octphy: segfault in l1_if.c
Start date:
07/04/2017
Due date:
% Done:
100%
Spec Reference:
Description
The current master of osmo-bts segfaults when used with osmo-bts-octphy:
Tue Jul 4 11:40:01 2017 <0006> l1_oml.c:385 (bts=0,trx=0,ts=2,ss=0) MPH-ACTIVATE.conf (FACCH/F RX_BTS_MS(UL)) Tue Jul 4 11:40:01 2017 <0006> l1_oml.c:250 (bts=0,trx=0,ts=2,ss=0): lchan2lch_par tch_mode=0x00 Tue Jul 4 11:40:01 2017 <0006> l1_oml.c:452 (bts=0,trx=0,ts=2,ss=0) MPH-ACTIVATE.req (SACCH TX_BTS_MS(DL)) Tue Jul 4 11:40:01 2017 <0006> l1_oml.c:385 (bts=0,trx=0,ts=2,ss=0) MPH-ACTIVATE.conf (SACCH TX_BTS_MS(DL)) Tue Jul 4 11:40:01 2017 <0006> l1_oml.c:250 (bts=0,trx=0,ts=2,ss=0): lchan2lch_par tch_mode=0x00 Tue Jul 4 11:40:01 2017 <0006> l1_oml.c:452 (bts=0,trx=0,ts=2,ss=0) MPH-ACTIVATE.req (SACCH RX_BTS_MS(UL)) Tue Jul 4 11:40:01 2017 <0006> l1_oml.c:385 (bts=0,trx=0,ts=2,ss=0) MPH-ACTIVATE.conf (SACCH RX_BTS_MS(UL)) Tue Jul 4 11:40:01 2017 <0007> l1sap.c:545 activate confirm chan_nr=0x0a trx=0 Tue Jul 4 11:40:01 2017 <0000> rsl.c:595 (bts=0,trx=0,ts=2,ss=0) Tx CHAN ACT ACK Tue Jul 4 11:40:01 2017 <0006> l1_oml.c:859 (bts=0,trx=0,ts=2,ss=0) End of queue encountered. Now empty? 1 Tue Jul 4 11:40:01 2017 <0000> rsl.c:2386 (bts=0,trx=0,ts=0,ss=0) Rx RSL IMM_ASS_CMD Program received signal SIGSEGV, Segmentation fault. bts_model_l1sap_down (trx=trx@entry=0x7ffff7ef2070, l1sap=l1sap@entry=0x7fffffffdff0) at l1_if.c:705 705 rc = ph_tch_req(trx, msg, l1sap); (gdb) bt #0 bts_model_l1sap_down (trx=trx@entry=0x7ffff7ef2070, l1sap=l1sap@entry=0x7fffffffdff0) at l1_if.c:705 #1 0x000000000041f050 in l1sap_down (trx=trx@entry=0x7ffff7ef2070, l1sap=l1sap@entry=0x7fffffffdff0) at l1sap.c:1195 #2 0x000000000041fa4d in l1sap_tch_rts_ind (l1sap=<optimized out>, rts_ind=<optimized out>, rts_ind=<optimized out>, trx=0x7ffff7ef2070) at l1sap.c:863 #3 l1sap_up (trx=trx@entry=0x7ffff7ef2070, l1sap=<optimized out>) at l1sap.c:1160 #4 0x00000000004083d3 in handle_ph_rach_ind (fl1=<optimized out>, l1p_msg=<optimized out>, ra_ind=<optimized out>) at l1_if.c:1180 #5 rx_gsm_trx_rach_ind (msg=<optimized out>) at l1_if.c:1370 #6 rx_octvc1_notif (msg_id=<optimized out>, msg=<optimized out>) at l1_if.c:1408 #7 rx_octvc1_event_msg (msg=<optimized out>) at l1_if.c:1449 #8 rx_octvc1_data_f_msg (msg=<optimized out>) at l1_if.c:1557 #9 rx_octphy_msg (msg=<optimized out>) at l1_if.c:1609 #10 octphy_read_cb (ofd=<optimized out>) at l1_if.c:1661 #11 0x00007ffff79b99b3 in osmo_wqueue_bfd_cb (fd=0x6e8de8, what=1) at write_queue.c:49 #12 0x00007ffff79b5d9f in osmo_fd_disp_fds (_eset=0x7fffffffe2a0, _wset=0x7fffffffe220, _rset=0x7fffffffe1a0) at select.c:178 #13 osmo_select_main (polling=polling@entry=0) at select.c:218 #14 0x0000000000422365 in bts_main (argc=<optimized out>, argv=<optimized out>) at main.c:359 #15 0x00007ffff6756f45 in __libc_start_main (main=0x404700 <main>, argc=3, argv=0x7fffffffe498, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffe488) at libc-start.c:287 #16 0x000000000040472e in _start () (gdb)
Updated by dexter over 6 years ago
- Status changed from New to Resolved
- % Done changed from 0 to 100
The problem was caused the following two patches:
5047fbe3b8b9e1e2404c7c8952ae2ac7a0ada662 octphy: initalize nmsg only when needed
521ab50dcc95a7f0626340b76f9803805ee09bfc octphy: octphy: initalize l1msg and only when needed
nmsg and lmsg are still used by the else branch. However, the problem gets solved by the following patch, which is still in review:
https://gerrit.osmocom.org/#/c/3060/ octphy: do not send empty frames to phy
This patch removes the else branch almost completely so that nmsg/l1msg are not accessed anymore outside the if branch. For development I can revert the two mentioned patches. When 3060 is merged, things will be back to normal.
Actions