Project

General

Profile

Actions

Bug #5982

open

conn->fi is NULL in gscon_bssmap_clear()

Added by keith almost 1 year ago. Updated 12 months ago.

Status:
Feedback
Priority:
Low
Assignee:
Category:
-
Target version:
-
Start date:
03/29/2023
Due date:
% Done:

0%

Spec Reference:

Description

not master, but I don't think anything relevant has changed, there is one SEGV fix (7a0bef1ae4784203bf5f93b2dc2c4138dcad9397) but my quick static analysis suggests it's not related.

Program terminated with signal SIGSEGV, Segmentation fault.

(gdb) bt
#0  0x0000558c248184b4 in gscon_bssmap_clear (conn=conn@entry=0x558c262a0410, cause=cause@entry=GSM0808_CAUSE_EQUIPMENT_FAILURE) at bsc_subscr_conn_fsm.c:151
#1  0x0000558c24819932 in gscon_forget_lchan (conn=conn@entry=0x558c262a0410, lchan=lchan@entry=0x7faef1906718) at bsc_subscr_conn_fsm.c:943
#2  0x0000558c2487f3cf in lchan_fsm_wait_rf_release_ack_onenter (fi=<optimized out>, prev_state=<optimized out>) at lchan_fsm.c:1429
#3  0x00007faef078b41b in ?? () from /usr/lib/x86_64-linux-gnu/libosmocore.so.19
#4  0x00007faef078bb1d in _osmo_fsm_inst_state_chg () from /usr/lib/x86_64-linux-gnu/libosmocore.so.19
#5  0x0000558c24871c56 in lchan_fsm_timer_cb (fi=0x558c26255430) at lchan_fsm.c:1810
#6  0x00007faef078d0f1 in ?? () from /usr/lib/x86_64-linux-gnu/libosmocore.so.19
#7  0x00007faef07861f6 in osmo_timers_update () from /usr/lib/x86_64-linux-gnu/libosmocore.so.19
#8  0x00007faef0786d25 in ?? () from /usr/lib/x86_64-linux-gnu/libosmocore.so.19
#9  0x00007faef0786db6 in osmo_select_main_ctx () from /usr/lib/x86_64-linux-gnu/libosmocore.so.19
#10 0x0000558c247dc486 in main (argc=<optimized out>, argv=<optimized out>) at osmo_bsc_main.c:1031

(gdb) p conn->fi
$4 = (struct osmo_fsm_inst *) 0x0

I don't have log at level DEBUG but this looks to be the trigger condition:

DRSL ERROR handover_fsm.c:1557 handover(intraBSC_msc0-conn1_subscr-IMSI-[redacted]-TMSI-0x213e241e)[0x558c262a2e70]{WAIT_LCHAN_ACTIVE}: (4-0-4-TCH_F-0-SPEECH_V1) --HO-> (0-0-4-TCH/F_TCH/H_SDCCH8_PDCH:PDCH-0) (subscr subscr-IMSI-[redacted]-TMSI-0x213e241e) HO-intraBSC: Handover failed in state WAIT_SCCP_RLSD, Connection released: Connection releasing in the middle of handover

I have four SEGV in the log over the last few days and all are preceded by this RSL ERROR, however in at least one of the core dumps, conn->fi is not NULL but the crash is the same, weird?

coredumps are available. ping me on IRC for access.

Actions

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 48.8 MB)