Bug #5385
closedSegmentation fault in chan_counts_for_bts()
100%
Description
Recent ttcn3-bsc-test-latest run 1192 shows +111 failures:
https://jenkins.osmocom.org/jenkins/view/TTCN3/job/ttcn3-bsc-test-latest/1192/
and indeed there is a core dump file in the artifacts:
Here is a backtrace:
Core was generated by `/usr/bin/osmo-bsc -c /data/osmo-bsc.cfg'. Program terminated with signal SIGSEGV, Segmentation fault. #0 0x000055cb2eae7111 in chan_counts_for_bts (bts_counts=bts_counts@entry=0x7ffea2f4cf50, bts=0x0) at chan_counts.c:137 137 chan_counts.c: No such file or directory. (gdb) bt #0 0x000055cb2eae7111 in chan_counts_for_bts (bts_counts=bts_counts@entry=0x7ffea2f4cf50, bts=0x0) at chan_counts.c:137 #1 0x000055cb2eaf11aa in candidate_set_free_tch (c=c@entry=0x7ffea2f4d730) at handover_decision_2.c:1030 #2 0x000055cb2eaf2c57 in collect_handover_candidate (lchan=lchan@entry=0x7f06d9cdad48, nmp=0x7ffea2f4d730, nmp@entry=0x7f06d9cdaec4, clist=clist@entry=0x7ffea2f4dec0, candidates=candidates@entry=0x7ffea2f4deac, include_weaker_rxlev=include_weaker_rxlev@entry=true, rxlev_current=rxlev_current@entry=8, neighbors_count=0x7ffea2f4de14) at handover_decision_2.c:1146 #3 0x000055cb2eaf3843 in collect_candidates_for_lchan (lchan=lchan@entry=0x7f06d9cdad48, clist=clist@entry=0x7ffea2f4dec0, candidates=candidates@entry=0x7ffea2f4deac, _rxlev_current=_rxlev_current@entry=0x7ffea2f4dea8, include_weaker_rxlev=include_weaker_rxlev@entry=true) at handover_decision_2.c:1224 #4 0x000055cb2eaf4b89 in find_alternative_lchan (lchan=0x7f06d9cdad48, include_weaker_rxlev=<optimized out>, request_upgrade_to_tch_f=true) at handover_decision_2.c:1303 #5 0x000055cb2eb00480 in ho_meas_rep (mr=0x7f06d9cdafb8) at handover_logic.c:95 #6 ho_logic_sig_cb (subsys=<optimized out>, signal=<optimized out>, handler_data=<optimized out>, signal_data=<optimized out>) at handover_logic.c:316 #7 0x00007f06da98c50c in osmo_signal_dispatch () from /usr/lib/x86_64-linux-gnu/libosmocore.so.18 #8 0x000055cb2eab0e37 in send_lchan_signal (resp=0x7f06d9cdafb8, lchan=<optimized out>, sig_no=8) at abis_rsl.c:67 #9 rsl_rx_meas_res (msg=msg@entry=0x55cb2f695c70) at abis_rsl.c:1455 #10 0x000055cb2eab5b34 in abis_rsl_rx_dchan (msg=0x55cb2f695c70) at abis_rsl.c:1544 #11 abis_rsl_rcvmsg (msg=0x55cb2f695c70) at abis_rsl.c:3056 #12 0x00007f06da950ee1 in ipaccess_fd_cb () from /usr/lib/x86_64-linux-gnu/libosmoabis.so.10 #13 0x00007f06da98bfd8 in ?? () from /usr/lib/x86_64-linux-gnu/libosmocore.so.18 #14 0x00007f06da98c0c7 in osmo_select_main_ctx () from /usr/lib/x86_64-linux-gnu/libosmocore.so.18 #15 0x000055cb2eaa35d7 in main (argc=3, argv=<optimized out>) at osmo_bsc_main.c:1087
Files
Related issues
Updated by pespin over 2 years ago
- File osmo-bsc.log osmo-bsc.log added
I confirm it. The crash is triggered by running "BSC_Tests.TC_srvcc_eutran_to_geran_ho_out".
It probably started triggering after osmo-ttcn3-hacks.git 6cc90ebcaca2b467b2d39f856cd0797254e2383b was merged.
I attach a full log file running only that test, with osmo-bsc running under gdb and printing a full bt after the crash.
Updated by pespin over 2 years ago
- Related to Bug #5324: MULTI BSS Handover: Target BTS is NULL, sigsegv in chan_counts_for_bts() added
Updated by pespin over 2 years ago
Issue is related to https://osmocom.org/issues/5324#note-7
It seems the issue was fixed in osmo-bsc.git master branch in 88f3c0520295ae014a0e750fb49e09e70799be36.
We probably need to do a patch release of osmo-bsc.
Updated by pespin over 2 years ago
- Status changed from New to Feedback
- Assignee set to pespin
I submitted a new patch release osmo-bsc 1.8.1 to gerrit, containing several fixes.
remote: https://gerrit.osmocom.org/c/osmo-bsc/+/26867 bsc_subscr_conn_fsm: fix crash if !conn [NEW]
remote: https://gerrit.osmocom.org/c/osmo-bsc/+/26868 hodec2: fix segv for inter-BSC ho target [NEW]
remote: https://gerrit.osmocom.org/c/osmo-bsc/+/26869 Disable C/I based MS Power Control Loop by default [NEW]
remote: https://gerrit.osmocom.org/c/osmo-bsc/+/26870 fix chreq:* counters: typos in chreq:successful_* constants [NEW]
remote: https://gerrit.osmocom.org/c/osmo-bsc/+/26871 fix assignment success counters: count before cleanup of fsm state [NEW]
remote: https://gerrit.osmocom.org/c/osmo-bsc/+/26872 om2000: Fix memory leak in OM2000 message handling [NEW]
remote: https://gerrit.osmocom.org/c/osmo-bsc/+/26873 Bump version: 1.8.0.6-9dd7 → 1.8.1 [NEW]
The relevant here is: https://gerrit.osmocom.org/c/osmo-bsc/+/26868 hodec2: fix segv for inter-BSC ho target
Once the patches are merged, tag pushed and ttcn3-bsc-tests-latest is fine, we can close this ticket.
Updated by pespin over 2 years ago
Merged, tag 1.8.1 pushed. Let's check tomorrow or so how the tests went before closing the ticket.
Updated by pespin over 2 years ago
- Status changed from Feedback to Resolved
- % Done changed from 0 to 100
Fixed, closing.
Updated by keith about 2 years ago
- Related to Bug #5525: Multi BSS Handover: gsm_bts_cell_id() passed NULL bts added