Project

General

Profile

Actions

Bug #2747

closed

OsmoBSC segfaults on Rx MSC UDT BSSMAP RESET

Added by neels over 6 years ago. Updated about 6 years ago.

Status:
Closed
Priority:
Immediate
Assignee:
Category:
-
Target version:
-
Start date:
12/13/2017
Due date:
% Done:

100%

Spec Reference:

Description

cleanly rebuilt OsmoBSC master at 61b0c30cca80cba5522b172b884b2904b91eb516 / I3c278c57880a173df3c4648c9724339d23ce94fd is unable to survive a BSSMAP RESET procedure.

20171213184026287 DMSC <000a> ../../../../src/osmo-bsc/src/osmo-bsc/osmo_bsc_bssap.c:650 Rx MSC UDT BSSMAP RESET
20171213184026287 DMSC <000a> ../../../../src/osmo-bsc/src/osmo-bsc/osmo_bsc_bssap.c:215 RESET from MSC: RI=SSN_PC,PC=0.23.1,SSN=BSSAP,GTI=NO_GT

Program received signal SIGSEGV, Segmentation fault.
0x000055555557b9ff in paging_flush_bts (bts=bts@entry=0x555555986960, msc=msc@entry=0x555555998510) at ../../../../src/osmo-bsc/src/libbsc/paging.c:476
476        llist_for_each_entry_safe(req, req2, &bts->paging.pending_requests, entry) {

backtrace follows

Actions #1

Updated by neels over 6 years ago

the bts->paging.pending_requests llist_head is not initialized:

20171213184026287 DMSC <000a> ../../../../src/osmo-bsc/src/osmo-bsc/osmo_bsc_bssap.c:215 RESET from MSC: RI=SSN_PC,PC=0.23.1,SSN=BSSAP,GTI=NO_GT

Program received signal SIGSEGV, Segmentation fault.
0x000055555557b9ff in paging_flush_bts (bts=bts@entry=0x555555986960, msc=msc@entry=0x555555998510) at ../../../../src/osmo-bsc/src/libbsc/paging.c:476
476        llist_for_each_entry_safe(req, req2, &bts->paging.pending_requests, entry) {
(gdb) bt
#0  0x000055555557b9ff in paging_flush_bts (bts=bts@entry=0x555555986960, msc=msc@entry=0x555555998510) at ../../../../src/osmo-bsc/src/libbsc/paging.c:476
#1  0x000055555557badb in paging_flush_network (net=0x55555580ae20, msc=msc@entry=0x555555998510) at ../../../../src/osmo-bsc/src/libbsc/paging.c:491
#2  0x000055555556f488 in bssmap_handle_reset (msg=0x5555559a0060, length=<optimized out>, msc=0x555555998510) at ../../../../src/osmo-bsc/src/osmo-bsc/osmo_bsc_bssap.c:222
#3  bssmap_rcvmsg_udt (msg=0x5555559a0060, length=<optimized out>, msc=0x555555998510) at ../../../../src/osmo-bsc/src/osmo-bsc/osmo_bsc_bssap.c:657
#4  bsc_handle_udt (msc=msc@entry=0x555555998510, msgb=0x5555559a0060, length=6) at ../../../../src/osmo-bsc/src/osmo-bsc/osmo_bsc_bssap.c:773
#5  0x000055555556cc41 in handle_unitdata_from_msc (scu=0x55555599cce0, msg=<optimized out>, msc_addr=0x5555559a034c) at ../../../../src/osmo-bsc/src/osmo-bsc/osmo_bsc_sigtran.c:157
#6  sccp_sap_up (oph=0x5555559a02e8, _scu=0x55555599cce0) at ../../../../src/osmo-bsc/src/osmo-bsc/osmo_bsc_sigtran.c:179
#7  0x00007ffff6eebb01 in sclc_rx_cldt (xua=<optimized out>, inst=<optimized out>) at ../../../src/libosmo-sccp/src/sccp_sclc.c:195
#8  sccp_sclc_rx_from_scrc (inst=<optimized out>, xua=<optimized out>) at ../../../src/libosmo-sccp/src/sccp_sclc.c:260
#9  0x00007ffff6eeadfd in scrc_node_6 (inst=inst@entry=0x55555599cc10, xua=xua@entry=0x55555599fbb0, called=<optimized out>, called=<optimized out>) at ../../../src/libosmo-sccp/src/sccp_scrc.c:337
#10 0x00007ffff6eeb4c2 in scrc_rx_mtp_xfer_ind_xua (inst=inst@entry=0x55555599cc10, xua=0x55555599fbb0) at ../../../src/libosmo-sccp/src/sccp_scrc.c:459
#11 0x00007ffff6eee2f5 in mtp_user_prim_cb (oph=0x55555599df08, ctx=0x55555599cc10) at ../../../src/libosmo-sccp/src/sccp_user.c:176
#12 0x00007ffff6ee6213 in m3ua_rx_xfer (xua=0x55555599f670, asp=0x55555599c3c0) at ../../../src/libosmo-sccp/src/m3ua.c:586
#13 m3ua_rx_msg (asp=asp@entry=0x55555599c3c0, msg=msg@entry=0x55555599eb80) at ../../../src/libosmo-sccp/src/m3ua.c:738
#14 0x00007ffff6ef1253 in xua_cli_read_cb (conn=<optimized out>) at ../../../src/libosmo-sccp/src/osmo_ss7.c:1554
#15 0x00007ffff61b93fb in osmo_stream_cli_read (cli=0x55555599c7b0) at ../../../src/libosmo-netif/src/stream.c:192
#16 osmo_stream_cli_fd_cb (ofd=<optimized out>, what=1) at ../../../src/libosmo-netif/src/stream.c:276
#17 0x00007ffff7335671 in osmo_fd_disp_fds (_eset=0x7fffffffe490, _wset=0x7fffffffe410, _rset=0x7fffffffe390) at ../../../src/libosmocore/src/select.c:216
#18 osmo_select_main (polling=<optimized out>) at ../../../src/libosmocore/src/select.c:256
#19 0x00005555555656b7 in main (argc=<optimized out>, argv=<optimized out>) at ../../../../src/osmo-bsc/src/osmo-bsc/osmo_bsc_main.c:316
(gdb) p bts
$1 = (struct gsm_bts *) 0x555555986960

(gdb) p bts->paging
$3 = {pending_requests = {next = 0x0, prev = 0x0}, bts = 0x0, work_timer = {node = {rb_parent_color = 0, rb_right = 0x0, rb_left = 0x0}, list = {next = 0x0, prev = 0x0}, timeout = {tv_sec = 0, tv_usec = 0}, 
    active = 0, cb = 0x0, data = 0x0}, credit_timer = {node = {rb_parent_color = 0, rb_right = 0x0, rb_left = 0x0}, list = {next = 0x0, prev = 0x0}, timeout = {tv_sec = 0, tv_usec = 0}, active = 0, cb = 0x0, 
    data = 0x0}, free_chans_need = -1, available_slots = 0}
Actions #2

Updated by neels over 6 years ago

  • Status changed from New to In Progress
  • % Done changed from 0 to 100
Actions #3

Updated by neels over 6 years ago

  • Status changed from In Progress to Resolved
Actions #4

Updated by laforge about 6 years ago

  • Status changed from Resolved to Closed
Actions

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 48.8 MB)