Actions
Bug #2747
closedOsmoBSC segfaults on Rx MSC UDT BSSMAP RESET
Start date:
12/13/2017
Due date:
% Done:
100%
Spec Reference:
Description
cleanly rebuilt OsmoBSC master at 61b0c30cca80cba5522b172b884b2904b91eb516 / I3c278c57880a173df3c4648c9724339d23ce94fd is unable to survive a BSSMAP RESET procedure.
20171213184026287 DMSC <000a> ../../../../src/osmo-bsc/src/osmo-bsc/osmo_bsc_bssap.c:650 Rx MSC UDT BSSMAP RESET 20171213184026287 DMSC <000a> ../../../../src/osmo-bsc/src/osmo-bsc/osmo_bsc_bssap.c:215 RESET from MSC: RI=SSN_PC,PC=0.23.1,SSN=BSSAP,GTI=NO_GT Program received signal SIGSEGV, Segmentation fault. 0x000055555557b9ff in paging_flush_bts (bts=bts@entry=0x555555986960, msc=msc@entry=0x555555998510) at ../../../../src/osmo-bsc/src/libbsc/paging.c:476 476 llist_for_each_entry_safe(req, req2, &bts->paging.pending_requests, entry) {
backtrace follows
Updated by neels over 6 years ago
the bts->paging.pending_requests llist_head is not initialized:
20171213184026287 DMSC <000a> ../../../../src/osmo-bsc/src/osmo-bsc/osmo_bsc_bssap.c:215 RESET from MSC: RI=SSN_PC,PC=0.23.1,SSN=BSSAP,GTI=NO_GT Program received signal SIGSEGV, Segmentation fault. 0x000055555557b9ff in paging_flush_bts (bts=bts@entry=0x555555986960, msc=msc@entry=0x555555998510) at ../../../../src/osmo-bsc/src/libbsc/paging.c:476 476 llist_for_each_entry_safe(req, req2, &bts->paging.pending_requests, entry) { (gdb) bt #0 0x000055555557b9ff in paging_flush_bts (bts=bts@entry=0x555555986960, msc=msc@entry=0x555555998510) at ../../../../src/osmo-bsc/src/libbsc/paging.c:476 #1 0x000055555557badb in paging_flush_network (net=0x55555580ae20, msc=msc@entry=0x555555998510) at ../../../../src/osmo-bsc/src/libbsc/paging.c:491 #2 0x000055555556f488 in bssmap_handle_reset (msg=0x5555559a0060, length=<optimized out>, msc=0x555555998510) at ../../../../src/osmo-bsc/src/osmo-bsc/osmo_bsc_bssap.c:222 #3 bssmap_rcvmsg_udt (msg=0x5555559a0060, length=<optimized out>, msc=0x555555998510) at ../../../../src/osmo-bsc/src/osmo-bsc/osmo_bsc_bssap.c:657 #4 bsc_handle_udt (msc=msc@entry=0x555555998510, msgb=0x5555559a0060, length=6) at ../../../../src/osmo-bsc/src/osmo-bsc/osmo_bsc_bssap.c:773 #5 0x000055555556cc41 in handle_unitdata_from_msc (scu=0x55555599cce0, msg=<optimized out>, msc_addr=0x5555559a034c) at ../../../../src/osmo-bsc/src/osmo-bsc/osmo_bsc_sigtran.c:157 #6 sccp_sap_up (oph=0x5555559a02e8, _scu=0x55555599cce0) at ../../../../src/osmo-bsc/src/osmo-bsc/osmo_bsc_sigtran.c:179 #7 0x00007ffff6eebb01 in sclc_rx_cldt (xua=<optimized out>, inst=<optimized out>) at ../../../src/libosmo-sccp/src/sccp_sclc.c:195 #8 sccp_sclc_rx_from_scrc (inst=<optimized out>, xua=<optimized out>) at ../../../src/libosmo-sccp/src/sccp_sclc.c:260 #9 0x00007ffff6eeadfd in scrc_node_6 (inst=inst@entry=0x55555599cc10, xua=xua@entry=0x55555599fbb0, called=<optimized out>, called=<optimized out>) at ../../../src/libosmo-sccp/src/sccp_scrc.c:337 #10 0x00007ffff6eeb4c2 in scrc_rx_mtp_xfer_ind_xua (inst=inst@entry=0x55555599cc10, xua=0x55555599fbb0) at ../../../src/libosmo-sccp/src/sccp_scrc.c:459 #11 0x00007ffff6eee2f5 in mtp_user_prim_cb (oph=0x55555599df08, ctx=0x55555599cc10) at ../../../src/libosmo-sccp/src/sccp_user.c:176 #12 0x00007ffff6ee6213 in m3ua_rx_xfer (xua=0x55555599f670, asp=0x55555599c3c0) at ../../../src/libosmo-sccp/src/m3ua.c:586 #13 m3ua_rx_msg (asp=asp@entry=0x55555599c3c0, msg=msg@entry=0x55555599eb80) at ../../../src/libosmo-sccp/src/m3ua.c:738 #14 0x00007ffff6ef1253 in xua_cli_read_cb (conn=<optimized out>) at ../../../src/libosmo-sccp/src/osmo_ss7.c:1554 #15 0x00007ffff61b93fb in osmo_stream_cli_read (cli=0x55555599c7b0) at ../../../src/libosmo-netif/src/stream.c:192 #16 osmo_stream_cli_fd_cb (ofd=<optimized out>, what=1) at ../../../src/libosmo-netif/src/stream.c:276 #17 0x00007ffff7335671 in osmo_fd_disp_fds (_eset=0x7fffffffe490, _wset=0x7fffffffe410, _rset=0x7fffffffe390) at ../../../src/libosmocore/src/select.c:216 #18 osmo_select_main (polling=<optimized out>) at ../../../src/libosmocore/src/select.c:256 #19 0x00005555555656b7 in main (argc=<optimized out>, argv=<optimized out>) at ../../../../src/osmo-bsc/src/osmo-bsc/osmo_bsc_main.c:316 (gdb) p bts $1 = (struct gsm_bts *) 0x555555986960 (gdb) p bts->paging $3 = {pending_requests = {next = 0x0, prev = 0x0}, bts = 0x0, work_timer = {node = {rb_parent_color = 0, rb_right = 0x0, rb_left = 0x0}, list = {next = 0x0, prev = 0x0}, timeout = {tv_sec = 0, tv_usec = 0}, active = 0, cb = 0x0, data = 0x0}, credit_timer = {node = {rb_parent_color = 0, rb_right = 0x0, rb_left = 0x0}, list = {next = 0x0, prev = 0x0}, timeout = {tv_sec = 0, tv_usec = 0}, active = 0, cb = 0x0, data = 0x0}, free_chans_need = -1, available_slots = 0}
Updated by neels over 6 years ago
- Status changed from New to In Progress
- % Done changed from 0 to 100
Actions