Project

General

Profile

Bug #4709

osmo-bts-trx (latest version 1.2.1) crashes in ttcn3-bts-test-latest

Added by fixeria 2 months ago. Updated 22 days ago.

Status:
Resolved
Priority:
High
Assignee:
-
Category:
osmo-bts-trx
Target version:
-
Start date:
08/13/2020
Due date:
% Done:

0%

Spec Reference:
Tags:

Description

Looking at the build artifacts of https://jenkins.osmocom.org/jenkins/view/TTCN3/job/ttcn3-bts-test-latest/, I noticed that almost all of them (at least since build#647, Jul 15, 2020) contain cordumps of osmo-bts-trx.

(gdb) bt
#0  e1inp_line_put (line=0x0) at e1_input.c:430
#1  0x00007f88e0342d95 in e1inp_sign_link_destroy (link=0x563a8c4be690) at e1_input.c:570
#2  0x0000563a8b6a02fe in sign_link_down (line=<optimized out>) at abis.c:165
#3  0x00007f88e0346dd8 in ipa_client_read (link=<optimized out>) at input/ipa.c:68
#4  ipa_client_fd_cb (ofd=<optimized out>, what=<optimized out>) at input/ipa.c:136
#5  0x00007f88dfa8b0bf in osmo_fd_disp_fds (_eset=<optimized out>, _wset=<optimized out>, _rset=<optimized out>) at select.c:227
#6  _osmo_select_main (polling=polling@entry=0) at select.c:265
#7  0x00007f88dfa8b736 in osmo_select_main (polling=polling@entry=0) at select.c:274
#8  0x0000563a8b69e884 in bts_main (argc=5, argv=0x7ffcc3a7a428) at main.c:354
#9  0x00007f88df2df2e1 in __libc_start_main (main=0x563a8b675d00 <main>, argc=5, argv=0x7ffcc3a7a428, init=<optimized out>, fini=<optimized out>, 
    rtld_fini=<optimized out>, stack_end=0x7ffcc3a7a418) at ../csu/libc-start.c:291
#10 0x0000563a8b675d3a in _start ()

Package versions:

Package: libosmocore-dev
Version: 1.3.2

Package: libosmo-abis-dev
Version: 0.8.1

Package: osmo-bts
Version: 0.4.0-2

I assume it has been fixed in the recent master, as we don't see any coredumps in ttcn3-bts-test (master).


Related issues

Related to OsmoBSC - Bug #4688: TC_chopped_ipa_ping causes use-after-free abort in ipaccess_drop() / msgb_free(e1i_ts->pending_msg); because of recent libosmo-abis commit "ipaccess: Drop e1inp_line reference in ipacess_drop()"Resolved07/31/2020

Related to OsmoBTS - Bug #3612: osmo-bts-trx: heap-use-after-free in e1inp_sign_link_destroyResolved10/02/2018

Related to OpenBSC - Bug #4094: multiple crashes due to connection failures / dropsClosed07/09/2019

History

#1 Updated by fixeria 2 months ago

Hmm, both osmo-bts-trx and apt show different versions:

root@470aa7e166f4:/data# osmo-bts-trx -V
OsmoBTS version 1.2.1

root@470aa7e166f4:/data# apt show osmo-bts | grep Version
Version: 0.4.0-2

#2 Updated by laforge 2 months ago

I wonder why there is a osmo-bts package installed at all. the package we build in obs are osmo-bts-trx and osmo-bts-virtual, see https://download.opensuse.org/repositories/network:/osmocom:/nightly/Debian_10/amd64/

#3 Updated by laforge 2 months ago

In the osmo-bts-latest container here:

root@077a826bddb4:/data# dpkg -l | grep osmo-bts
ii  osmo-bts-trx            1.2.0                 amd64        osmo-bts-trx GSM BTS with osmo-trx
ii  osmo-bts-virtual        1.2.0                 amd64        Virtual Osmocom GSM BTS (no RF hardware; GSMTAP/UDP)

Not sure who/what installed an ancient (maybe upstream debian) package on the container/system you reference?

#4 Updated by laforge 2 months ago

  • Related to Bug #4688: TC_chopped_ipa_ping causes use-after-free abort in ipaccess_drop() / msgb_free(e1i_ts->pending_msg); because of recent libosmo-abis commit "ipaccess: Drop e1inp_line reference in ipacess_drop()" added

#5 Updated by laforge 2 months ago

  • Related to Bug #3612: osmo-bts-trx: heap-use-after-free in e1inp_sign_link_destroy added

#6 Updated by laforge 2 months ago

  • Related to Bug #4094: multiple crashes due to connection failures / drops added

#7 Updated by laforge 2 months ago

  • Priority changed from Low to High

if this only happens in latest but not in nightly, then the bug is fixed already in master. Either we have to back-port the fixes and make a patch release, or we have to tag new releases.

#8 Updated by fixeria 2 months ago

I wonder why there is a osmo-bts package installed at all.

Turns out it's my fault: 'osmo-bts' is an ancient package provided by Debian itself, while in the Dockerfile we actually install 'osmo-bts-trx'.

root@43a16471fc4c:/tmp/osmo-bts# apt show osmo-bts
Version: 0.4.0-2
Maintainer: Debian Science Maintainers <debian-science-maintainers@lists.alioth.debian.org>
APT-Sources: http://deb.debian.org/debian stretch/main amd64 Packages

root@43a16471fc4c:/tmp/osmo-bts# apt show osmo-bts-trx
Version: 1.2.0.212.c131
Maintainer: Holger Hans Peter Freyther <holger@moiji-mobile.com>
APT-Sources: http://download.opensuse.org/repositories/network:/osmocom:/nightly/Debian_9.0 ./ Packages

I should have used dpkg to check versions of the installed packages, not apt (such a mess).

#9 Updated by pespin 2 months ago

So after all mess is resolved, what's the current status of this tickets? Is there still an issue? any proposed solution?

#10 Updated by fixeria 2 months ago

what's the current status of this tickets? Is there still an issue?

I just checked ttcn3-bts-latest, and magically osmo-bts does not crash anymore. Last build where the artifacts contain a coredump is 677: https://jenkins.osmocom.org/jenkins/view/TTCN3/job/ttcn3-bts-test-latest/677/artifact/logs/bts/.

#11 Updated by laforge 22 days ago

  • Status changed from New to Resolved

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 48.8 MB)