Bug #1760
closed
LAPD: segfault in T200 call-back
Added by laforge almost 8 years ago.
Updated almost 8 years ago.
Description
<001c> input/lapd.c:628 LAPD DL-RELEASE indication TEI=62 SAPI=62
<001c> lapd_core.c:378 sending MDL-ERROR-IND cause 1
Program received signal SIGSEGV, Segmentation fault.
0xb7f87783 in lapd_dl_flush_hist (dl=<optimized out>, dl=<optimized out>) at lapd_core.c:162
162 if (dl->tx_hist[i].msg) {
(gdb) p dl
$1 = <optimized out>
(gdb) bt
#0 0xb7f87783 in lapd_dl_flush_hist (dl=<optimized out>, dl=<optimized out>) at lapd_core.c:162
#1 0xb7f892cd in lapd_t200_cb (data=0x8194230) at lapd_core.c:581
#2 0xb7f5a99b in osmo_timers_update () at timer.c:244
#3 0xb7f5b0e3 in osmo_select_main (polling=0) at select.c:188
#4 0x0804d575 in main (argc=3, argv=0xbffffd44) at bsc_hack.c:375
further inspection discovers:
- dl->tx_hist == NULL
- dl->range_hist = 2
Files
- Status changed from New to In Progress
So it seems T200 is expiring, but the tx_hist array is NULL at that point.
tx_hist is allocated in lapd_dl_init() and set to NULL in lapd_dl_exit().
The latter appears to be executed before the crash:
Breakpoint 1, lapd_dl_exit (dl=0x8194230) at lapd_core.c:319
319 {
(gdb) bt
#0 lapd_dl_exit (dl=0x8194230) at lapd_core.c:319
#1 0xb7f257d3 in lapd_sap_free (sap=0x8194220) at input/lapd.c:249
#2 0xb7f26996 in send_dlsap (dp=0xbffffa14, lctx=0x8194254) at input/lapd.c:629
#3 0xb7f892ba in send_dl_l3 (msg=<optimized out>, lctx=<optimized out>, op=<optimized out>, prim=<optimized out>) at lapd_core.c:359
#4 send_dl_simple (lctx=<optimized out>, op=<optimized out>, prim=<optimized out>) at lapd_core.c:368
#5 lapd_t200_cb (data=0x8194230) at lapd_core.c:577
#6 0xb7f5a99b in osmo_timers_update () at timer.c:244
#7 0xb7f5b0e3 in osmo_select_main (polling=0) at select.c:188
#8 0x0804d575 in main (argc=3, argv=0xbffffd44) at bsc_hack.c:375
attached diff fixes the crash, but I'm facing other LAPD related issues, not submitting until it is clear.
- Status changed from In Progress to Closed
- % Done changed from 50 to 100
- Related to Bug #1761: LAPD: segfault when bootstrapping Nokia InSite added
- Related to Bug #1762: Review LAPD code for race conditions regarding state, particularly in RELEASE added
- Related to Bug #4646: SEGV when bringing up Nokia InSite added
Also available in: Atom
PDF