Bug #5226
closedulc NULL in pdch_ulc_release_tbf()
0%
Description
(gdb) bt #0 0xb6ebe3f8 in rb_first () from /usr/lib/libosmocore.so.17 #1 0x0003c394 in pdch_ulc_release_tbf (ulc=0x0, tbf=tbf@entry=0x187208) at /usr/src/debug/osmo-pcu/0.9.0+gitAUTOINC+bf7bde1cbb-r0.18/git/src/pdch_ul_controller.c:273 #2 0x00038eec in gprs_rlcmac_pdch::detach_tbf (this=0x137a34, tbf=tbf@entry=0x187208) at /usr/src/debug/osmo-pcu/0.9.0+gitAUTOINC+bf7bde1cbb-r0.18/git/src/pdch.cpp:1074 #3 0x0002b1c4 in tbf_unlink_pdch (tbf=0x187208) at /usr/src/debug/osmo-pcu/0.9.0+gitAUTOINC+bf7bde1cbb-r0.18/git/src/tbf.cpp:247 #4 tbf_free (tbf=0x187208) at /usr/src/debug/osmo-pcu/0.9.0+gitAUTOINC+bf7bde1cbb-r0.18/git/src/tbf.cpp:280 #5 0x0002c130 in tbf_fsm_timer_cb (fi=<optimized out>) at /usr/src/debug/osmo-pcu/0.9.0+gitAUTOINC+bf7bde1cbb-r0.18/git/src/tbf_fsm.c:368 #6 0xb6eb4090 in ?? () from /usr/lib/libosmocore.so.17
Updated by keith over 2 years ago
I was unable to reproduce it running osmo-pcu on x86 with l1fwd-proxy, but can provoke the crash pretty easy by causing some TBFs then calling the MS, so I assume it is a close relation of #5222. cousins, perhaps?
EDIT: ...can provoke the crash on sysmoBTS hardware with direct phy access
EDIT: How I provoked the crash:
1. Open an app on an MS, browser or whatever, and open a page that will genertate some IP traffic, or check email, mastodon etc.. "causing" TBFs to be created..
2. Call this phone.
3. Boom!
Updated by pespin over 2 years ago
Hi keith,
Can you explain a bit better the scenario? I don't really get what you mean with "causing some TBFs then calling the MS"a, sorry.
can you provide some logs (or PCU gsmtap+gsmtap_log even better) around the time this happens?
Updated by pespin over 2 years ago
- Status changed from New to Feedback
I submitted this fix, but I'm not really sure if it's going to solve the crash you are experience since I lack detailed information.
https://gerrit.osmocom.org/c/osmo-pcu/+/25330 pdch: Make sure pending ImmAssRej scheduled for disabled pdch are dropped
Updated by keith over 2 years ago
- Status changed from Feedback to In Progress
Just a quick note, very quickly testing this patch and still observing a crash, when using data and making calls.
I'll need to get back to it after some other tasks.
Updated by pespin over 2 years ago
- Status changed from In Progress to Feedback
I believe this should be fixed in current osmo-pcu.git master b0aba591433c7c22298035453713724172d1cfbc
Please keith see if you can still reproduce.
