Actions
Bug #5222
closedSIGSEGV on call establishment
Start date:
08/30/2021
Due date:
% Done:
100%
Spec Reference:
Description
segfault in pdch_ulc_get_node()
ulc is NULL:
Program received signal SIGSEGV, Segmentation fault. pdch_ulc_get_node (ulc=0x0, fn=fn@entry=55453) at /usr/src/debug/osmo-pcu/0.9.0+gitAUTOINC+c4fe1f97b4-r0.18/git/src/pdch_ul_controller.c:78
Currently looking at an optimised binary running on the sysmoBTS;
Up the stack in handle_ph_data_ind() osmo-bts-sysmo/sysmo_l1_if.c:196
(gdb) p bts->trx[0].pdch[0]->ulc $41 = (struct pdch_ulc *) 0x0 (gdb) p bts->trx[0].pdch[1]->ulc $42 = (struct pdch_ulc *) 0x0 (gdb) p bts->trx[0].pdch[2]->ulc $43 = (struct pdch_ulc *) 0x0 (gdb) p bts->trx[0].pdch[3]->ulc $44 = (struct pdch_ulc *) 0x0 (gdb) p bts->trx[0].pdch[4]->ulc $45 = (struct pdch_ulc *) 0x0 (gdb) p bts->trx[0].pdch[5]->ulc $46 = (struct pdch_ulc *) 0x140a40 (gdb) p bts->trx[0].pdch[6]->ulc $47 = (struct pdch_ulc *) 0x1418f0 (gdb) p bts->trx[0].pdch[7]->ulc $48 = (struct pdch_ulc *) 0x1427a0
osmo-bsc Timeslot Config:
timeslot 0 phys_chan_config CCCH hopping enabled 0 timeslot 1 phys_chan_config SDCCH8 hopping enabled 0 timeslot 2 phys_chan_config TCH/H hopping enabled 0 timeslot 3 phys_chan_config TCH/H hopping enabled 0 timeslot 4 phys_chan_config TCH/F_TCH/H_PDCH hopping enabled 0 timeslot 5 phys_chan_config TCH/F_TCH/H_PDCH hopping enabled 0 timeslot 6 phys_chan_config TCH/F_TCH/H_PDCH hopping enabled 0 timeslot 7 phys_chan_config PDCH hopping enabled 0
I changed timeslot 4 to a TCH/H and then the crash happens again in the same place, only now, ulc for timeslot 5 is NULL!
(gdb) p bts->trx[0].pdch[5]->ulc $63 = (struct pdch_ulc *) 0x0 (gdb) p bts->trx[0].pdch[6]->ulc $64 = (struct pdch_ulc *) 0x140a40
to be clear:
#2 0x0001589c in handle_ph_data_ind (fl1h=0x13f430, fl1h=0x13f430, l1p_msg=0x13f620, data_ind=0x13f6e8) at /usr/src/debug/osmo-pcu/0.9.0+gitAUTOINC+c4fe1f97b4-r0.18/git/src/osmo-bts-sysmo/sysmo_l1_if.c:196 196 in /usr/src/debug/osmo-pcu/0.9.0+gitAUTOINC+c4fe1f97b4-r0.18/git/src/osmo-bts-sysmo/sysmo_l1_if.c (gdb) p data_ind->u8Tn $68 = 5 '\005'
Actions