Actions
Bug #5079
closedosmo_str_tolower() segfaults on sysmoBTS (arm-poky-linux-gnueabi)
Start date:
03/17/2021
Due date:
% Done:
100%
Spec Reference:
Description
Using osmo-bts version
root@sysmobts-v2:~# opkg list_installed |grep osmo libosmoabis10 - 1.1.1+gitr0+4aea11befc-r1.18.0.7 libosmoabis6 - 0.7.0+gitr0+30249a15d5-r0.18.0.0 libosmoabis9 - 0.8.0+gitr39+6e831b72d7-r1.18.0.1 libosmocodec0 - 1.5.1+gitr7+9e37bf4bbc-r2.18.0.0 libosmocore - 1.5.1+gitr7+9e37bf4bbc-r2.18.0.0 libosmoctrl0 - 1.5.1+gitr7+9e37bf4bbc-r2.18.0.0 libosmogb12 - 1.5.1+gitr7+9e37bf4bbc-r2.18.0.0 libosmogsm13 - 1.2.0+gitr0+c144f3a781-r0.18.0.0 libosmogsm15 - 1.3.0+gitr158+d01163a977-r2.18.0.0 libosmogsm16 - 1.5.1+gitr7+9e37bf4bbc-r2.18.0.0 libosmotrau2 - 1.1.1+gitr0+4aea11befc-r1.18.0.7 libosmovty4 - 1.3.0+gitr158+d01163a977-r2.18.0.0 libosmovty9 - 1.5.1+gitr7+9e37bf4bbc-r2.18.0.0 osmo-bts - 1.3.0+git5+29c4f3173f-r0.18.0 osmo-bts-remote - 1.3.0+git5+29c4f3173f-r0.18.0 osmo-config-merge - 1.5.1+gitr7+9e37bf4bbc-r2.18.0.0 osmo-pcu - 0.9.0+git11+c7cc4162e1-r0.18.0 packagegroup-osmocom - 1.0-r2.8
osmo-bts-sysmo --version OsmoBTS version 1.3.0.9-29c4
connect to the vty
enable configure terminal bts 0 gsmtap-remote-host 127.0.0.2 end show running-config
Related issues
Updated by fixeria about 3 years ago
- Status changed from New to In Progress
- Assignee set to fixeria
Interesting, seems to work just fine with osmo-bts-trx. I am taking a look.
Updated by fixeria about 3 years ago
- Status changed from In Progress to Feedback
- Assignee changed from fixeria to lynxis
Interesting, seems to work just fine with osmo-bts-trx. I am taking a look.
I cannot reproduce this with osmo-bts-trx. Could you please attach a backtrace?
Updated by lynxis about 3 years ago
root@sysmobts-v2:~# opkg list_installed |grep osmo libosmoabis-dbg - 1.1.1+gitr0+4aea11befc-r1.18.0.20 libosmoabis10 - 1.1.1+gitr0+4aea11befc-r1.18.0.20 libosmocore - 1.5.1+gitr20+d4393608a4-r2.18.0.0 libosmocore-dbg - 1.5.1+gitr20+d4393608a4-r2.18.0.0 libosmoctrl0 - 1.5.1+gitr20+d4393608a4-r2.18.0.0 libosmogsm13 - 1.2.0+gitr0+c144f3a781-r0.18.0.0 libosmotrau2 - 1.1.1+gitr0+4aea11befc-r1.18.0.20 osmo-bts - 1.3.0+git9+1adcc27eb9-r0.18.0 osmo-bts-dbg - 1.3.0+git9+1adcc27eb9-r0.18.0 osmo-pcu - 0.9.0+git16+86580e1966-r0.18.3
show running-config
#0 memcpy () at ../sysdeps/arm/memcpy.S:193
#1 0xb6ebb058 in osmo_strlcpy (dst=0xb6c8b1f8 "\001\b", src=0x484ec "BCCH", siz=<optimized out>)
at /usr/src/debug/libosmocore/1.5.1+gitrAUTOINC+d4393608a4-r2.18.0/git/src/utils.c:582
#2 0xb6ebc158 in osmo_str_tolower_buf (dest=0xb6c8b1f8 "\001\b", dest_len=<optimized out>, src=<optimized out>)
at /usr/src/debug/libosmocore/1.5.1+gitrAUTOINC+d4393608a4-r2.18.0/git/src/utils.c:1072
#3 0xb6ebc1dc in osmo_str_tolower (src=0x484ec "BCCH") at /usr/src/debug/libosmocore/1.5.1+gitrAUTOINC+d4393608a4-r2.18.0/git/src/utils.c:1089
#4 0x000356d0 in config_write_bts_single (bts=0x4a090, vty=0x168868) at /usr/src/debug/osmo-bts/1.3.0+gitAUTOINC+1adcc27eb9-r0.18/git/src/common/vty.c:327
#5 config_write_bts (vty=0x168868) at /usr/src/debug/osmo-bts/1.3.0+gitAUTOINC+1adcc27eb9-r0.18/git/src/common/vty.c:381
#6 0xb6fbaf18 in config_write_terminal (self=<optimized out>, vty=vty@entry=0x168868, argc=<optimized out>, argv=argv@entry=0xbefff4b0)
at /usr/src/debug/libosmocore/1.5.1+gitrAUTOINC+d4393608a4-r2.18.0/git/src/vty/command.c:3498
#7 0xb6fbe490 in cmd_execute_command_real (vty=vty@entry=0x168868, cmd=0x168868, cmd@entry=0x0, vline=<optimized out>, vline=<optimized out>)
at /usr/src/debug/libosmocore/1.5.1+gitrAUTOINC+d4393608a4-r2.18.0/git/src/vty/command.c:2602
#8 0xb6fc0644 in cmd_execute_command (vline=vline@entry=0x169d78, vty=vty@entry=0x168868, cmd=cmd@entry=0x0, vtysh=vtysh@entry=0)
at /usr/src/debug/libosmocore/1.5.1+gitrAUTOINC+d4393608a4-r2.18.0/git/src/vty/command.c:2654
#9 0xb6fc30d0 in vty_command (vty=0x168868) at /usr/src/debug/libosmocore/1.5.1+gitrAUTOINC+d4393608a4-r2.18.0/git/src/vty/vty.c:438
#10 vty_execute (vty=0x168868) at /usr/src/debug/libosmocore/1.5.1+gitrAUTOINC+d4393608a4-r2.18.0/git/src/vty/vty.c:702
#11 vty_read (vty=<optimized out>) at /usr/src/debug/libosmocore/1.5.1+gitrAUTOINC+d4393608a4-r2.18.0/git/src/vty/vty.c:1428
#12 0xb6fc5854 in client_data (fd=0x1644dc, what=1) at /usr/src/debug/libosmocore/1.5.1+gitrAUTOINC+d4393608a4-r2.18.0/git/src/vty/telnet_interface.c:154
#13 0xb6eb4d50 in poll_disp_fds (n_fd=<optimized out>) at /usr/src/debug/libosmocore/1.5.1+gitrAUTOINC+d4393608a4-r2.18.0/git/src/select.c:350
#14 _osmo_select_main (polling=<optimized out>) at /usr/src/debug/libosmocore/1.5.1+gitrAUTOINC+d4393608a4-r2.18.0/git/src/select.c:378
#15 0xb6eb4df0 in osmo_select_main (polling=polling@entry=0) at /usr/src/debug/libosmocore/1.5.1+gitrAUTOINC+d4393608a4-r2.18.0/git/src/select.c:417
#16 0x00042fd4 in bts_main (argc=<optimized out>, argv=<optimized out>) at /usr/src/debug/osmo-bts/1.3.0+gitAUTOINC+1adcc27eb9-r0.18/git/src/common/main.c:427
#17 0x43277c18 in __libc_start_main (main=0xbefffd44, argc=1127887872, argv=0x43277c18 <__libc_start_main+276>, init=<optimized out>, fini=0x4750c <__libc_csu_fini>,
rtld_fini=0x432307d0 <_dl_fini>, stack_end=0xbefffd44) at /usr/src/debug/glibc/2.25-r0/git/csu/libc-start.c:295
#18 0x00014ce0 in _start () at ../sysdeps/arm/start.S:124
Backtrace stopped: previous frame identical to this frame (corrupt stack?)
Updated by lynxis about 3 years ago
I hope it matches the code.
for (i = 0; i < sizeof(uint32_t) * 8; i++) {
if (bts->gsmtap.sapi_mask & ((uint32_t) 1 << i)) {
sapi_buf = get_value_string_or_null(gsmtap_sapi_names, i);
if (sapi_buf == NULL)
continue;
>>> sapi_buf = osmo_str_tolower(sapi_buf);
vty_out(vty, " gsmtap-sapi %s%s", sapi_buf, VTY_NEWLINE);
}
}
Updated by fixeria about 3 years ago
- Status changed from Feedback to Stalled
I don't have access to sysmoBTS, so I cannot reproduce it. Will try next time I am in the office.
Updated by fixeria about 3 years ago
- Status changed from Stalled to In Progress
- Priority changed from Urgent to High
Got a sysmoBTS, managed to reproduce the problem.
Updated by fixeria about 3 years ago
- % Done changed from 0 to 20
It does not seem to be osmo-bts specific, I can also trigger a segfault like that:
(gdb) p osmo_str_tolower("test")
Program received signal SIGSEGV, Segmentation fault.
memcpy () at ../sysdeps/arm/memcpy.S:193
193 ../sysdeps/arm/memcpy.S: No such file or directory.
The program being debugged was signaled while in a function called from GDB.
GDB remains in the frame where the signal was received.
To change this behavior use "set unwindonsignal on".
Evaluation of the expression containing the function
(osmo_str_tolower) will be abandoned.
When the function is done executing, GDB will silently stop.
Updated by fixeria about 3 years ago
I fed libosmocore.so from the toolchain into Ghidra and disassembled osmo_str_tolower():
int osmo_str_tolower(undefined4 param_1)
{
int iVar1;
iVar1 = __tls_get_addr(&PTR_0004657c);
osmo_str_tolower_buf(iVar1 +0x4184,0x80,param_1);
return iVar1 + 0x4184;
}
AFAIU, 'PTR_0004657c' corresponds to:
static __thread char capsbuf[128];
so I assume it's somehow related to #4062.
Updated by fixeria about 3 years ago
- Project changed from OsmoBTS to libosmocore
- Subject changed from osmo-bts crash on `gsmtap-remote-host` and `show running-config` to osmo_str_tolower() segfaults on sysmoBTS (arm-poky-linux-gnueabi)
Updated by fixeria about 3 years ago
- Related to Bug #4062: vty tests fails on arm (raspberry pi) added
Updated by fixeria about 3 years ago
- Status changed from In Progress to Feedback
- Assignee changed from fixeria to laforge
My conclusion is that we're dealing with another weird issue related to TLS. This is not related to the recent changes I introduced to osmo-bts, and in general not related to osmo-bts. I would like to hand this ticket over to somebody, who has more experience with debugging this. laforge, assigning to you, please coordinate.
Updated by laforge almost 3 years ago
- Assignee changed from laforge to pespin
as discussed with fixeria on the phone, I think we should simlpy "#define __thread NULL" on the libosmocore builds for sysmobts-* targes in our OE builds. BSC/BTS/MSC/MGW/.... all are single-threaded, only osmo-trx and osmo-remsim are - none of which we wun on osmo-bts-{sysmo,oc2g,lc15} targets.
This is of course "just" a work-around until at some point (if ever) we upgrade to a more modern version of OE/poky which then has a gcc version that is no longer affected by this bug.
pespin, do you agree this is viable? If so, please adjust the nightly builds for the OE nightly + latest builds. Thanks!
Updated by fixeria almost 3 years ago
As a quick test I removed keyword '__thread' from all files in libosmocore, and this indeed eliminates the problem: osmo_str_tolower() does not provoke SIGSEGV anymore. Just FYI.
Updated by pespin almost 3 years ago
I did some tests myself with current master (only with libosmocore-dbg, no osmo-bts-dbg due to lack of space, but it's enough):
Program received signal SIGSEGV, Segmentation fault.
memcpy () at ../sysdeps/arm/memcpy.S:193
193 ../sysdeps/arm/memcpy.S: No such file or directory.
(gdb) bt
#0 memcpy () at ../sysdeps/arm/memcpy.S:193
#1 0xb6e0b058 in osmo_strlcpy (dst=0xb6c021f8 "\001\b", src=0x486e0 "BCCH", siz=<optimized out>)
at /usr/src/debug/libosmocore/1.5.1+gitrAUTOINC+4b44ac4012-r2.18.0/git/src/utils.c:582
#2 0xb6e0c158 in osmo_str_tolower_buf (dest=0xb6c021f8 "\001\b", dest_len=<optimized out>, src=<optimized out>)
at /usr/src/debug/libosmocore/1.5.1+gitrAUTOINC+4b44ac4012-r2.18.0/git/src/utils.c:1072
#3 0xb6e0c1dc in osmo_str_tolower (src=0x486e0 "BCCH") at /usr/src/debug/libosmocore/1.5.1+gitrAUTOINC+4b44ac4012-r2.18.0/git/src/utils.c:1089
Backtrace stopped: Cannot access memory at address 0xa04
(gdb) frame 1
#1 0xb6e0b058 in osmo_strlcpy (dst=0xb6c021f8 "\001\b", src=0x486e0 "BCCH", siz=<optimized out>)
at /usr/src/debug/libosmocore/1.5.1+gitrAUTOINC+4b44ac4012-r2.18.0/git/src/utils.c:582
582 /usr/src/debug/libosmocore/1.5.1+gitrAUTOINC+4b44ac4012-r2.18.0/git/src/utils.c: No such file or directory.
(gdb) info args
dst = 0xb6c021f8 "\001\b"
src = 0x486e0 "BCCH"
siz = <optimized out>
(gdb) print len
$3 = 4
(gdb) print dst
$4 = 0xb6c021f8 "\001\b"
(gdb) print /x memcpy(dst, src, 4)
Program received signal SIGSEGV, Segmentation fault.
memcpy () at ../sysdeps/arm/memcpy.S:193
193 ../sysdeps/arm/memcpy.S: No such file or directory.
The program being debugged was signaled while in a function called from GDB.
GDB remains in the frame where the signal was received.
To change this behavior use "set unwindonsignal on".
Evaluation of the expression containing the function
(memcpy) will be abandoned.
When the function is done executing, GDB will silently stop.
/proc/$(pidof osmo-bts-sysmo)/maps:
00010000-0005f000 r-xp 00000000 00:0d 2717 /usr/bin/osmo-bts-sysmo 0006f000-00073000 r-xp 0004f000 00:0d 2717 /usr/bin/osmo-bts-sysmo 00073000-00075000 rwxp 00053000 00:0d 2717 /usr/bin/osmo-bts-sysmo 00075000-0018b000 rwxp 00000000 00:00 0 [heap] 430a0000-430c0000 r-xp 00000000 00:0d 366 /lib/ld-2.25.so 430cf000-430d0000 r-xp 0001f000 00:0d 366 /lib/ld-2.25.so 430d0000-430d1000 rwxp 00020000 00:0d 366 /lib/ld-2.25.so 430e0000-43212000 r-xp 00000000 00:0d 367 /lib/libc-2.25.so 43212000-43221000 ---p 00132000 00:0d 367 /lib/libc-2.25.so 43221000-43223000 r-xp 00131000 00:0d 367 /lib/libc-2.25.so 43223000-43225000 rwxp 00133000 00:0d 367 /lib/libc-2.25.so 43225000-43227000 rwxp 00000000 00:00 0 43230000-43248000 r-xp 00000000 00:0d 70 /lib/libpthread-2.25.so 43248000-43257000 ---p 00018000 00:0d 70 /lib/libpthread-2.25.so 43257000-43258000 r-xp 00017000 00:0d 70 /lib/libpthread-2.25.so 43258000-43259000 rwxp 00018000 00:0d 70 /lib/libpthread-2.25.so 43259000-4325b000 rwxp 00000000 00:00 0 43260000-4330c000 r-xp 00000000 00:0d 80 /lib/libm-2.25.so 4330c000-4331b000 ---p 000ac000 00:0d 80 /lib/libm-2.25.so 4331b000-4331c000 r-xp 000ab000 00:0d 80 /lib/libm-2.25.so 4331c000-4331d000 rwxp 000ac000 00:0d 80 /lib/libm-2.25.so 43320000-43322000 r-xp 00000000 00:0d 98 /lib/libdl-2.25.so 43322000-43331000 ---p 00002000 00:0d 98 /lib/libdl-2.25.so 43331000-43332000 r-xp 00001000 00:0d 98 /lib/libdl-2.25.so 43332000-43333000 rwxp 00002000 00:0d 98 /lib/libdl-2.25.so 43380000-43386000 r-xp 00000000 00:0d 91 /lib/librt-2.25.so 43386000-43395000 ---p 00006000 00:0d 91 /lib/librt-2.25.so 43395000-43396000 r-xp 00005000 00:0d 91 /lib/librt-2.25.so 43396000-43397000 rwxp 00006000 00:0d 91 /lib/librt-2.25.so 433a0000-433d5000 r-xp 00000000 00:0d 1177 /usr/lib/libnettle.so.6.3 433d5000-433e5000 ---p 00035000 00:0d 1177 /usr/lib/libnettle.so.6.3 433e5000-433e6000 r-xp 00035000 00:0d 1177 /usr/lib/libnettle.so.6.3 433e6000-433e7000 rwxp 00036000 00:0d 1177 /usr/lib/libnettle.so.6.3 433f0000-43403000 r-xp 00000000 00:0d 99 /lib/libz.so.1.2.11 43403000-43412000 ---p 00013000 00:0d 99 /lib/libz.so.1.2.11 43412000-43413000 r-xp 00012000 00:0d 99 /lib/libz.so.1.2.11 43413000-43414000 rwxp 00013000 00:0d 99 /lib/libz.so.1.2.11 43420000-43423000 r-xp 00000000 00:0d 1113 /usr/lib/libmnl.so.0.1.0 43423000-43432000 ---p 00003000 00:0d 1113 /usr/lib/libmnl.so.0.1.0 43432000-43433000 r-xp 00002000 00:0d 1113 /usr/lib/libmnl.so.0.1.0 43433000-43434000 rwxp 00003000 00:0d 1113 /usr/lib/libmnl.so.0.1.0 43440000-4345d000 r-xp 00000000 00:0d 1170 /usr/lib/libortp.so.10.0.0 4345d000-4346c000 ---p 0001d000 00:0d 1170 /usr/lib/libortp.so.10.0.0 4346c000-4346d000 r-xp 0001c000 00:0d 1170 /usr/lib/libortp.so.10.0.0 4346d000-4346f000 rwxp 0001d000 00:0d 1170 /usr/lib/libortp.so.10.0.0 43480000-43482000 r-xp 00000000 00:0d 1191 /usr/lib/libsctp.so.1.0.16 43482000-43491000 ---p 00002000 00:0d 1191 /usr/lib/libsctp.so.1.0.16 43491000-43492000 r-xp 00001000 00:0d 1191 /usr/lib/libsctp.so.1.0.16 43492000-43493000 rwxp 00002000 00:0d 1191 /usr/lib/libsctp.so.1.0.16 434a0000-434b1000 r-xp 00000000 00:0d 1109 /usr/lib/libtalloc.so.2.1.3 434b1000-434c0000 ---p 00011000 00:0d 1109 /usr/lib/libtalloc.so.2.1.3 434c0000-434c1000 r-xp 00010000 00:0d 1109 /usr/lib/libtalloc.so.2.1.3 434c1000-434c2000 rwxp 00011000 00:0d 1109 /usr/lib/libtalloc.so.2.1.3 437a0000-437d0000 r-xp 00000000 00:0d 1103 /usr/lib/libidn.so.11.6.16 437d0000-437df000 ---p 00030000 00:0d 1103 /usr/lib/libidn.so.11.6.16 437df000-437e0000 r-xp 0002f000 00:0d 1103 /usr/lib/libidn.so.11.6.16 437e0000-437e1000 rwxp 00030000 00:0d 1103 /usr/lib/libidn.so.11.6.16 437f0000-43948000 r-xp 00000000 00:0d 1192 /usr/lib/libunistring.so.2.0.0 43948000-43958000 ---p 00158000 00:0d 1192 /usr/lib/libunistring.so.2.0.0 43958000-4395a000 r-xp 00158000 00:0d 1192 /usr/lib/libunistring.so.2.0.0 4395a000-4395b000 rwxp 0015a000 00:0d 1192 /usr/lib/libunistring.so.2.0.0 b6adf000-b6c02000 rwxp 00000000 00:00 0 b6c02000-b6c5f000 r-xp 00000000 00:0d 1120 /usr/lib/libgmp.so.10.3.2 <!----- "dst" address points to this mem segment (B6C021F8) b6c5f000-b6c6f000 ---p 0005d000 00:0d 1120 /usr/lib/libgmp.so.10.3.2 b6c6f000-b6c70000 r-xp 0005d000 00:0d 1120 /usr/lib/libgmp.so.10.3.2 b6c70000-b6c71000 rwxp 0005e000 00:0d 1120 /usr/lib/libgmp.so.10.3.2 b6c71000-b6c9c000 r-xp 00000000 00:0d 1095 /usr/lib/libhogweed.so.4.3 b6c9c000-b6cab000 ---p 0002b000 00:0d 1095 /usr/lib/libhogweed.so.4.3 b6cab000-b6cac000 r-xp 0002a000 00:0d 1095 /usr/lib/libhogweed.so.4.3 b6cac000-b6cad000 rwxp 0002b000 00:0d 1095 /usr/lib/libhogweed.so.4.3 b6cad000-b6caf000 rwxp 00000000 00:00 0 b6caf000-b6de0000 r-xp 00000000 00:0d 1180 /usr/lib/libgnutls.so.30.14.0 b6de0000-b6def000 ---p 00131000 00:0d 1180 /usr/lib/libgnutls.so.30.14.0 b6def000-b6df6000 r-xp 00130000 00:0d 1180 /usr/lib/libgnutls.so.30.14.0 b6df6000-b6df8000 rwxp 00137000 00:0d 1180 /usr/lib/libgnutls.so.30.14.0 b6df8000-b6dfa000 rwxp 00000000 00:00 0 b6dfa000-b6e20000 r-xp 00000000 00:0d 2660 /usr/lib/libosmocore.so.17.0.0 b6e20000-b6e2f000 ---p 00026000 00:0d 2660 /usr/lib/libosmocore.so.17.0.0 b6e2f000-b6e30000 r-xp 00025000 00:0d 2660 /usr/lib/libosmocore.so.17.0.0 b6e30000-b6e31000 rwxp 00026000 00:0d 2660 /usr/lib/libosmocore.so.17.0.0 b6e31000-b6e95000 r-xp 00000000 00:0d 2669 /usr/lib/libosmogsm.so.16.0.0 b6e95000-b6ea4000 ---p 00064000 00:0d 2669 /usr/lib/libosmogsm.so.16.0.0 b6ea4000-b6ea9000 r-xp 00063000 00:0d 2669 /usr/lib/libosmogsm.so.16.0.0 b6ea9000-b6eaa000 rwxp 00068000 00:0d 2669 /usr/lib/libosmogsm.so.16.0.0 b6eaa000-b6eab000 rwxp 00000000 00:00 0 b6eab000-b6eb2000 r-xp 00000000 00:0d 2696 /usr/lib/libosmoctrl.so.0.5.0 b6eb2000-b6ec2000 ---p 00007000 00:0d 2696 /usr/lib/libosmoctrl.so.0.5.0 b6ec2000-b6ec3000 r-xp 00007000 00:0d 2696 /usr/lib/libosmoctrl.so.0.5.0 b6ec3000-b6ec4000 rwxp 00008000 00:0d 2696 /usr/lib/libosmoctrl.so.0.5.0 b6ec4000-b6edc000 r-xp 00000000 00:0d 2690 /usr/lib/libosmoabis.so.10.0.0 b6edc000-b6eeb000 ---p 00018000 00:0d 2690 /usr/lib/libosmoabis.so.10.0.0 b6eeb000-b6eec000 r-xp 00017000 00:0d 2690 /usr/lib/libosmoabis.so.10.0.0 b6eec000-b6eed000 rwxp 00018000 00:0d 2690 /usr/lib/libosmoabis.so.10.0.0 b6eed000-b6ef4000 r-xp 00000000 00:0d 2703 /usr/lib/libosmotrau.so.2.4.0 b6ef4000-b6f03000 ---p 00007000 00:0d 2703 /usr/lib/libosmotrau.so.2.4.0 b6f03000-b6f04000 r-xp 00006000 00:0d 2703 /usr/lib/libosmotrau.so.2.4.0 b6f04000-b6f06000 rwxp 00007000 00:0d 2703 /usr/lib/libosmotrau.so.2.4.0 b6f06000-b6f26000 r-xp 00000000 00:0d 2682 /usr/lib/libosmovty.so.9.0.0 b6f26000-b6f35000 ---p 00020000 00:0d 2682 /usr/lib/libosmovty.so.9.0.0 b6f35000-b6f36000 r-xp 0001f000 00:0d 2682 /usr/lib/libosmovty.so.9.0.0 b6f36000-b6f38000 rwxp 00020000 00:0d 2682 /usr/lib/libosmovty.so.9.0.0 b6f38000-b6f3b000 r-xp 00000000 00:0d 2676 /usr/lib/libosmocodec.so.0.2.0 b6f3b000-b6f4a000 ---p 00003000 00:0d 2676 /usr/lib/libosmocodec.so.0.2.0 b6f4a000-b6f4b000 r-xp 00002000 00:0d 2676 /usr/lib/libosmocodec.so.0.2.0 b6f4b000-b6f4c000 rwxp 00003000 00:0d 2676 /usr/lib/libosmocodec.so.0.2.0 b6f4c000-b6f4e000 rwxp 00000000 00:00 0 bed04000-bed25000 rw-p 00000000 00:00 0 [stack] bed91000-bed92000 r-xp 00000000 00:00 0 [sigpage] ffff0000-ffff1000 r-xp 00000000 00:00 0 [vectors]
So it can be seen that the address of "dst" (aka "static __thread char capsbuf128;") is cleary pointing to the incorrect place, which belongs to libgmp. The address shoudld point to a segment pointed to /usr/lib/libosmocore.so.17.0.0 or some sort of generic per-thread segment.
Updated by pespin almost 3 years ago
- % Done changed from 20 to 90
Updated by pespin almost 3 years ago
Patches merged and build jobs are running.
201705-testing and 201705-nightly repos from tomorrow should contain the fix. fixeria please update packages tomorrow and give it a try, then close the ticket.
Updated by fixeria almost 3 years ago
- Status changed from Feedback to Resolved
- % Done changed from 90 to 100
Thanks, Pau! I flashed today's nightly image, osmo-bts does not crash anymore.
Actions
