Project

General

Profile

Bug #2472

alignment trap with nanobts type

Added by msuraev 5 months ago. Updated about 1 month ago.

Status:
Stalled
Priority:
Normal
Assignee:
Category:
ip.access BTS
Target version:
-
Start date:
08/30/2017
Due date:
% Done:

50%

Spec Reference:

Description

Tested using sysmobts with image sysmocom-core-image-sysmobts-v2-20170830105631.rootfs.ubi

If osmo-bsc is configured with 'nanobts' type than it leads to alignment trap error:

(gdb) bt
#0 0x00040e58 in abis_nm_ipaccess_cgi (buf=buf@entry=0xbeffe600 "r\364\200 T", bts=bts@entry=0x146bb0)
at /usr/src/debug/openbsc/0.15.0+gitrAUTOINC+ba66e79953-r21.18.6/git/openbsc/src/libbsc/abis_nm.c:2791
#1 0x00048e44 in nanobts_attr_bts_get (bts=bts@entry=0x146bb0)
at /usr/src/debug/openbsc/0.15.0+gitrAUTOINC+ba66e79953-r21.18.6/git/openbsc/src/libbsc/bts_ipaccess_nanobts_omlattr.c:104
#2 0x00042f94 in nm_statechg_event (nsd=0xbeffe7a0, evt=8)
at /usr/src/debug/openbsc/0.15.0+gitrAUTOINC+ba66e79953-r21.18.6/git/openbsc/src/libbsc/bts_ipaccess_nanobts.c:141
#3 bts_ipa_nm_sig_cb (subsys=subsys@entry=3, signal=signal@entry=8, handler_data=<optimized out>,
signal_data=signal_data@entry=0xbeffe7a0)
at /usr/src/debug/openbsc/0.15.0+gitrAUTOINC+ba66e79953-r21.18.6/git/openbsc/src/libbsc/bts_ipaccess_nanobts.c:301
#4 0x469e735c in osmo_signal_dispatch (subsys=subsys@entry=3, signal=signal@entry=8, signal_data=signal_data@entry=0xbeffe7a0)
at /usr/src/debug/libosmocore/0.9.0+gitrAUTOINC+a8a8d3977d-r1/git/src/signal.c:109
#5 0x0003d320 in abis_nm_rx_statechg_rep (mb=0xbeffe7a0)
at /usr/src/debug/openbsc/0.15.0+gitrAUTOINC+ba66e79953-r21.18.6/git/openbsc/src/libbsc/abis_nm.c:258
#6 abis_nm_rcvmsg_report (bts=<optimized out>, mb=0xbeffe7a0)
at /usr/src/debug/openbsc/0.15.0+gitrAUTOINC+ba66e79953-r21.18.6/git/openbsc/src/libbsc/abis_nm.c:387
#7 abis_nm_rcvmsg_fom (mb=mb@entry=0x1701d8)
at /usr/src/debug/openbsc/0.15.0+gitrAUTOINC+ba66e79953-r21.18.6/git/openbsc/src/libbsc/abis_nm.c:716
#8 0x0003e9e0 in abis_nm_rcvmsg (msg=0x1701d8)
at /usr/src/debug/openbsc/0.15.0+gitrAUTOINC+ba66e79953-r21.18.6/git/openbsc/src/libbsc/abis_nm.c:868
#9 0x46a49794 in handle_ts1_read (bfd=0x165580)
at /usr/src/debug/libosmo-abis/0.3.2+gitrAUTOINC+35003ec2ea-r2.18.1/git/src/input/ipaccess.c:276
#10 ipaccess_fd_cb (bfd=0x165580, what=3)
at /usr/src/debug/libosmo-abis/0.3.2+gitrAUTOINC+35003ec2ea-r2.18.1/git/src/input/ipaccess.c:391
#11 0x469e7078 in osmo_fd_disp_fds (_eset=0xbefffb40, _wset=0xbefffac0, _rset=0xbefffa40)
at /usr/src/debug/libosmocore/0.9.0+gitrAUTOINC+a8a8d3977d-r1/git/src/select.c:195
#12 osmo_select_main (polling=polling@entry=0) at /usr/src/debug/libosmocore/0.9.0+gitrAUTOINC+a8a8d3977d-r1/git/src/select.c:235
#13 0x00015404 in main (argc=<optimized out>, argv=0xbefffd74)
at /usr/src/debug/openbsc/0.15.0+gitrAUTOINC+ba66e79953-r21.18.6/git/openbsc/src/osmo-bsc/osmo_bsc_main.c:297

The problem function is abis_nm_ipaccess_cgi() in abis_nm.c

History

#1 Updated by msuraev 5 months ago

Note: to actually get SIGBUS on alignment trap use echo 5 > /proc/cpu/alignment.

#2 Updated by msuraev 5 months ago

  • Status changed from New to In Progress
  • Assignee set to msuraev
  • % Done changed from 0 to 50

Fix has been sent for review in gerrit 3750

#3 Updated by pespin 4 months ago

I also saw this alignment trap today using osmo-bsc in the sysmobts. It triggers every time a osmo-bts connects to a osmo-bsc.

Alignment trap: osmo-bsc (1006) PC=0x00041d7c Instr=0xe1c430b5 Address=0xbea416e5 FSR 0x801
Alignment trap: osmo-bsc (1006) PC=0x00041d7c Instr=0xe1c430b5 Address=0xbea416e5 FSR 0x801

maps shows it's inside osmo-bsc binary:

# cat /proc/`pidof osmo-bsc`/maps
00010000-00075000 r-xp 00000000 00:0d 593        /usr/bin/osmo-bsc
00085000-00088000 r-xp 00065000 00:0d 593        /usr/bin/osmo-bsc
00088000-0008e000 rwxp 00068000 00:0d 593        /usr/bin/osmo-bsc
0008e000-001b0000 rwxp 00000000 00:00 0          [heap]
4c970000-4c990000 r-xp 00000000 00:0d 1606       /lib/ld-2.25.so
4c99f000-4c9a0000 r-xp 0001f000 00:0d 1606       /lib/ld-2.25.so
4c9a0000-4c9a1000 rwxp 00020000 00:0d 1606       /lib/ld-2.25.so
4c9b0000-4cae2000 r-xp 00000000 00:0d 1658       /lib/libc-2.25.so
4cae2000-4caf1000 ---p 00132000 00:0d 1658       /lib/libc-2.25.so
4caf1000-4caf3000 r-xp 00131000 00:0d 1658       /lib/libc-2.25.so
4caf3000-4caf5000 rwxp 00133000 00:0d 1658       /lib/libc-2.25.so
4caf5000-4caf7000 rwxp 00000000 00:00 0
4cb30000-4cb32000 r-xp 00000000 00:0d 1605       /lib/libdl-2.25.so
4cb32000-4cb41000 ---p 00002000 00:0d 1605       /lib/libdl-2.25.so
4cb41000-4cb42000 r-xp 00001000 00:0d 1605       /lib/libdl-2.25.so
4cb42000-4cb43000 rwxp 00002000 00:0d 1605       /lib/libdl-2.25.so
4cc30000-4cc41000 r-xp 00000000 00:0d 932        /usr/lib/libtalloc.so.2.1.3
4cc41000-4cc50000 ---p 00011000 00:0d 932        /usr/lib/libtalloc.so.2.1.3
4cc50000-4cc51000 r-xp 00010000 00:0d 932        /usr/lib/libtalloc.so.2.1.3
4cc51000-4cc52000 rwxp 00011000 00:0d 932        /usr/lib/libtalloc.so.2.1.3
4cc60000-4cc99000 r-xp 00000000 00:0d 904        /usr/lib/libosmogsm.so.6.1.0
4cc99000-4cca8000 ---p 00039000 00:0d 904        /usr/lib/libosmogsm.so.6.1.0
4cca8000-4ccab000 r-xp 00038000 00:0d 904        /usr/lib/libosmogsm.so.6.1.0
4ccab000-4ccac000 rwxp 0003b000 00:0d 904        /usr/lib/libosmogsm.so.6.1.0
4ccac000-4ccad000 rwxp 00000000 00:00 0
4ccb0000-4ccc7000 r-xp 00000000 00:0d 866        /usr/lib/libosmocore.so.8.0.0
4ccc7000-4ccd6000 ---p 00017000 00:0d 866        /usr/lib/libosmocore.so.8.0.0
4ccd6000-4ccd7000 r-xp 00016000 00:0d 866        /usr/lib/libosmocore.so.8.0.0
4ccd7000-4ccd8000 rwxp 00017000 00:0d 866        /usr/lib/libosmocore.so.8.0.0
4ccd8000-4ccda000 rwxp 00000000 00:00 0
4cce0000-4ccec000 r-xp 00000000 00:0d 869        /usr/lib/libosmonetif.so.3.0.0
4ccec000-4ccfb000 ---p 0000c000 00:0d 869        /usr/lib/libosmonetif.so.3.0.0
4ccfb000-4ccfc000 r-xp 0000b000 00:0d 869        /usr/lib/libosmonetif.so.3.0.0
4ccfc000-4ccfd000 rwxp 0000c000 00:0d 869        /usr/lib/libosmonetif.so.3.0.0
4cd00000-4cd02000 r-xp 00000000 00:0d 903        /usr/lib/libsctp.so.1.0.16
4cd02000-4cd11000 ---p 00002000 00:0d 903        /usr/lib/libsctp.so.1.0.16
4cd11000-4cd12000 r-xp 00001000 00:0d 903        /usr/lib/libsctp.so.1.0.16
4cd12000-4cd13000 rwxp 00002000 00:0d 903        /usr/lib/libsctp.so.1.0.16
4cd20000-4cd36000 r-xp 00000000 00:0d 936        /usr/lib/libosmovty.so.3.0.0
4cd36000-4cd45000 ---p 00016000 00:0d 936        /usr/lib/libosmovty.so.3.0.0
4cd45000-4cd46000 r-xp 00015000 00:0d 936        /usr/lib/libosmovty.so.3.0.0
4cd46000-4cd48000 rwxp 00016000 00:0d 936        /usr/lib/libosmovty.so.3.0.0
4cd50000-4cd75000 r-xp 00000000 00:0d 819        /usr/lib/libosmo-sigtran.so.0.0.0
4cd75000-4cd84000 ---p 00025000 00:0d 819        /usr/lib/libosmo-sigtran.so.0.0.0
4cd84000-4cd88000 r-xp 00024000 00:0d 819        /usr/lib/libosmo-sigtran.so.0.0.0
4cd88000-4cd89000 rwxp 00028000 00:0d 819        /usr/lib/libosmo-sigtran.so.0.0.0
4cd89000-4cd8a000 rwxp 00000000 00:00 0
4cee0000-4cef4000 r-xp 00000000 00:0d 841        /usr/lib/libosmoabis.so.6.0.0
4cef4000-4cf03000 ---p 00014000 00:0d 841        /usr/lib/libosmoabis.so.6.0.0
4cf03000-4cf04000 r-xp 00013000 00:0d 841        /usr/lib/libosmoabis.so.6.0.0
4cf04000-4cf05000 rwxp 00014000 00:0d 841        /usr/lib/libosmoabis.so.6.0.0
4cf10000-4cf16000 r-xp 00000000 00:0d 865        /usr/lib/libosmoctrl.so.0.0.0
4cf16000-4cf25000 ---p 00006000 00:0d 865        /usr/lib/libosmoctrl.so.0.0.0
4cf25000-4cf26000 r-xp 00005000 00:0d 865        /usr/lib/libosmoctrl.so.0.0.0
4cf26000-4cf27000 rwxp 00006000 00:0d 865        /usr/lib/libosmoctrl.so.0.0.0
b6f51000-b6f55000 rwxp 00000000 00:00 0
bea22000-bea43000 rw-p 00000000 00:00 0          [stack]
beb4b000-beb4c000 r-xp 00000000 00:00 0          [sigpage]
ffff0000-ffff1000 r-xp 00000000 00:00 0          [vectors]

And addr2line gave more info:

$ addr2line -a -p -C -f -i -e usr/bin/osmo-bsc 0x00041d7c
0x00041d7c: abis_nm_ipaccess_cgi at /usr/src/debug/osmo-bsc/1.0.1+gitrAUTOINC+00c22464a0-r0.18.0/git/src/libbsc/abis_nm.c:2791

Which basically points to the following line in abis_nm_ipaccess_cgi:

*((uint16_t *)(buf + 5)) = htons(bts->cell_identity);

#4 Updated by pespin 4 months ago

#5 Updated by msuraev 3 months ago

  • Status changed from In Progress to Stalled

#6 Updated by laforge about 1 month ago

  • Category set to ip.access BTS

Also available in: Atom PDF