Project

General

Profile

Actions
Copy link

Bug #5222

closed

SIGSEGV on call establishment

Added by keith over 2 years ago. Updated over 2 years ago.

Status:
Resolved
Priority:
High
Assignee:
keith
Target version:
-
Start date:
08/30/2021
Due date:
% Done:

100%

Spec Reference:

Description

segfault in pdch_ulc_get_node()

ulc is NULL:

Program received signal SIGSEGV, Segmentation fault.
pdch_ulc_get_node (ulc=0x0, fn=fn@entry=55453) at /usr/src/debug/osmo-pcu/0.9.0+gitAUTOINC+c4fe1f97b4-r0.18/git/src/pdch_ul_controller.c:78

Currently looking at an optimised binary running on the sysmoBTS;

Up the stack in handle_ph_data_ind() osmo-bts-sysmo/sysmo_l1_if.c:196

(gdb) p bts->trx[0].pdch[0]->ulc
$41 = (struct pdch_ulc *) 0x0
(gdb) p bts->trx[0].pdch[1]->ulc
$42 = (struct pdch_ulc *) 0x0
(gdb) p bts->trx[0].pdch[2]->ulc
$43 = (struct pdch_ulc *) 0x0
(gdb) p bts->trx[0].pdch[3]->ulc
$44 = (struct pdch_ulc *) 0x0
(gdb) p bts->trx[0].pdch[4]->ulc
$45 = (struct pdch_ulc *) 0x0
(gdb) p bts->trx[0].pdch[5]->ulc
$46 = (struct pdch_ulc *) 0x140a40
(gdb) p bts->trx[0].pdch[6]->ulc
$47 = (struct pdch_ulc *) 0x1418f0
(gdb) p bts->trx[0].pdch[7]->ulc
$48 = (struct pdch_ulc *) 0x1427a0

osmo-bsc Timeslot Config:

   timeslot 0
    phys_chan_config CCCH
    hopping enabled 0
   timeslot 1
    phys_chan_config SDCCH8
    hopping enabled 0
   timeslot 2
    phys_chan_config TCH/H
    hopping enabled 0
   timeslot 3
    phys_chan_config TCH/H
    hopping enabled 0
   timeslot 4
    phys_chan_config TCH/F_TCH/H_PDCH
    hopping enabled 0
   timeslot 5
    phys_chan_config TCH/F_TCH/H_PDCH
    hopping enabled 0
   timeslot 6
    phys_chan_config TCH/F_TCH/H_PDCH
    hopping enabled 0
   timeslot 7
    phys_chan_config PDCH
    hopping enabled 0

I changed timeslot 4 to a TCH/H and then the crash happens again in the same place, only now, ulc for timeslot 5 is NULL!


(gdb) p bts->trx[0].pdch[5]->ulc
$63 = (struct pdch_ulc *) 0x0
(gdb) p bts->trx[0].pdch[6]->ulc
$64 = (struct pdch_ulc *) 0x140a40

to be clear:

#2  0x0001589c in handle_ph_data_ind (fl1h=0x13f430, fl1h=0x13f430, l1p_msg=0x13f620, data_ind=0x13f6e8)
    at /usr/src/debug/osmo-pcu/0.9.0+gitAUTOINC+c4fe1f97b4-r0.18/git/src/osmo-bts-sysmo/sysmo_l1_if.c:196
196    in /usr/src/debug/osmo-pcu/0.9.0+gitAUTOINC+c4fe1f97b4-r0.18/git/src/osmo-bts-sysmo/sysmo_l1_if.c
(gdb) p data_ind->u8Tn
$68 = 5 '\005'
Actions
Copy link
 #1

Updated by laforge over 2 years ago

  • Assignee set to pespin
  • Priority changed from Normal to High
Actions
Copy link
 #2

Updated by pespin over 2 years ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 90

Should be fixed by:
https://gerrit.osmocom.org/c/osmo-pcu/+/25289 Fix crash with dyn TS when using direct pcu

Actions
Copy link
 #3

Updated by pespin over 2 years ago

  • Assignee changed from pespin to keith

Assigning back to keith for him to test once the patch is merged and confirm the issue is solved.

Actions
Copy link
 #4

Updated by keith over 2 years ago

Thanks. Seeing as how it is merged, I'll wait for the nightly build and feed back tomorrow.

Actions
Copy link
 #5

Updated by keith over 2 years ago

  • Status changed from Feedback to Resolved
  • % Done changed from 90 to 100
Actions
Copy link

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 48.8 MB)