Project

General

Profile

Actions
Copy link

Bug #5385

closed

Segmentation fault in chan_counts_for_bts()

Added by fixeria over 2 years ago. Updated over 2 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
pespin
Category:
-
Target version:
-
Start date:
01/05/2022
Due date:
% Done:

100%

Spec Reference:

Description

Recent ttcn3-bsc-test-latest run 1192 shows +111 failures:

https://jenkins.osmocom.org/jenkins/view/TTCN3/job/ttcn3-bsc-test-latest/1192/

and indeed there is a core dump file in the artifacts:

https://jenkins.osmocom.org/jenkins/view/TTCN3/job/ttcn3-bsc-test-latest/lastCompletedBuild/artifact/logs/bsc/

Here is a backtrace:

Core was generated by `/usr/bin/osmo-bsc -c /data/osmo-bsc.cfg'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x000055cb2eae7111 in chan_counts_for_bts (bts_counts=bts_counts@entry=0x7ffea2f4cf50, bts=0x0) at chan_counts.c:137
137     chan_counts.c: No such file or directory.
(gdb) bt
#0  0x000055cb2eae7111 in chan_counts_for_bts (bts_counts=bts_counts@entry=0x7ffea2f4cf50, bts=0x0) at chan_counts.c:137
#1  0x000055cb2eaf11aa in candidate_set_free_tch (c=c@entry=0x7ffea2f4d730) at handover_decision_2.c:1030
#2  0x000055cb2eaf2c57 in collect_handover_candidate (lchan=lchan@entry=0x7f06d9cdad48, nmp=0x7ffea2f4d730, nmp@entry=0x7f06d9cdaec4, clist=clist@entry=0x7ffea2f4dec0, 
    candidates=candidates@entry=0x7ffea2f4deac, include_weaker_rxlev=include_weaker_rxlev@entry=true, rxlev_current=rxlev_current@entry=8, 
    neighbors_count=0x7ffea2f4de14) at handover_decision_2.c:1146
#3  0x000055cb2eaf3843 in collect_candidates_for_lchan (lchan=lchan@entry=0x7f06d9cdad48, clist=clist@entry=0x7ffea2f4dec0, candidates=candidates@entry=0x7ffea2f4deac, 
    _rxlev_current=_rxlev_current@entry=0x7ffea2f4dea8, include_weaker_rxlev=include_weaker_rxlev@entry=true) at handover_decision_2.c:1224
#4  0x000055cb2eaf4b89 in find_alternative_lchan (lchan=0x7f06d9cdad48, include_weaker_rxlev=<optimized out>, request_upgrade_to_tch_f=true)
    at handover_decision_2.c:1303
#5  0x000055cb2eb00480 in ho_meas_rep (mr=0x7f06d9cdafb8) at handover_logic.c:95
#6  ho_logic_sig_cb (subsys=<optimized out>, signal=<optimized out>, handler_data=<optimized out>, signal_data=<optimized out>) at handover_logic.c:316
#7  0x00007f06da98c50c in osmo_signal_dispatch () from /usr/lib/x86_64-linux-gnu/libosmocore.so.18
#8  0x000055cb2eab0e37 in send_lchan_signal (resp=0x7f06d9cdafb8, lchan=<optimized out>, sig_no=8) at abis_rsl.c:67
#9  rsl_rx_meas_res (msg=msg@entry=0x55cb2f695c70) at abis_rsl.c:1455
#10 0x000055cb2eab5b34 in abis_rsl_rx_dchan (msg=0x55cb2f695c70) at abis_rsl.c:1544
#11 abis_rsl_rcvmsg (msg=0x55cb2f695c70) at abis_rsl.c:3056
#12 0x00007f06da950ee1 in ipaccess_fd_cb () from /usr/lib/x86_64-linux-gnu/libosmoabis.so.10
#13 0x00007f06da98bfd8 in ?? () from /usr/lib/x86_64-linux-gnu/libosmocore.so.18
#14 0x00007f06da98c0c7 in osmo_select_main_ctx () from /usr/lib/x86_64-linux-gnu/libosmocore.so.18
#15 0x000055cb2eaa35d7 in main (argc=3, argv=<optimized out>) at osmo_bsc_main.c:1087

Files

osmo-bsc.log osmo-bsc.log 844 KB pespin, 01/11/2022 10:24 AM

Related issues

Related to OsmoBSC - Bug #5324: MULTI BSS Handover: Target BTS is NULL, sigsegv in chan_counts_for_bts()Resolvedneels11/23/2021

Actions
Related to OsmoBSC - Bug #5525: Multi BSS Handover: gsm_bts_cell_id() passed NULL btsResolvedneels04/12/2022

Actions
Actions
Copy link
 #1

Updated by pespin over 2 years ago

I confirm it. The crash is triggered by running "BSC_Tests.TC_srvcc_eutran_to_geran_ho_out".

It probably started triggering after osmo-ttcn3-hacks.git 6cc90ebcaca2b467b2d39f856cd0797254e2383b was merged.

I attach a full log file running only that test, with osmo-bsc running under gdb and printing a full bt after the crash.

Actions
Copy link
 #2

Updated by pespin over 2 years ago

  • Related to Bug #5324: MULTI BSS Handover: Target BTS is NULL, sigsegv in chan_counts_for_bts() added
Actions
Copy link
 #3

Updated by pespin over 2 years ago

Issue is related to https://osmocom.org/issues/5324#note-7

It seems the issue was fixed in osmo-bsc.git master branch in 88f3c0520295ae014a0e750fb49e09e70799be36.

We probably need to do a patch release of osmo-bsc.

Actions
Copy link
 #4

Updated by pespin over 2 years ago

  • Status changed from New to Feedback
  • Assignee set to pespin

I submitted a new patch release osmo-bsc 1.8.1 to gerrit, containing several fixes.

remote: https://gerrit.osmocom.org/c/osmo-bsc/+/26867 bsc_subscr_conn_fsm: fix crash if !conn [NEW]
remote: https://gerrit.osmocom.org/c/osmo-bsc/+/26868 hodec2: fix segv for inter-BSC ho target [NEW]
remote: https://gerrit.osmocom.org/c/osmo-bsc/+/26869 Disable C/I based MS Power Control Loop by default [NEW]
remote: https://gerrit.osmocom.org/c/osmo-bsc/+/26870 fix chreq:* counters: typos in chreq:successful_* constants [NEW]
remote: https://gerrit.osmocom.org/c/osmo-bsc/+/26871 fix assignment success counters: count before cleanup of fsm state [NEW]
remote: https://gerrit.osmocom.org/c/osmo-bsc/+/26872 om2000: Fix memory leak in OM2000 message handling [NEW]
remote: https://gerrit.osmocom.org/c/osmo-bsc/+/26873 Bump version: 1.8.0.6-9dd7 → 1.8.1 [NEW]

The relevant here is: https://gerrit.osmocom.org/c/osmo-bsc/+/26868 hodec2: fix segv for inter-BSC ho target

Once the patches are merged, tag pushed and ttcn3-bsc-tests-latest is fine, we can close this ticket.

Actions
Copy link
 #5

Updated by pespin over 2 years ago

Merged, tag 1.8.1 pushed. Let's check tomorrow or so how the tests went before closing the ticket.

Actions
Copy link
 #6

Updated by pespin over 2 years ago

  • Status changed from Feedback to Resolved
  • % Done changed from 0 to 100

Fixed, closing.

Actions
Copy link
 #7

Updated by keith about 2 years ago

  • Related to Bug #5525: Multi BSS Handover: gsm_bts_cell_id() passed NULL bts added
Actions
Copy link

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 48.8 MB)