Actions
Bug #5525
closedMulti BSS Handover: gsm_bts_cell_id() passed NULL bts
Start date:
04/12/2022
Due date:
% Done:
100%
Spec Reference:
Description
Program received signal SIGSEGV, Segmentation fault.
gsm_bts_cell_id (cell_id=cell_id@entry=0x7ffde7820830, bts=0x0) at bts.c:538
Happens every time.
(gdb) bt
#0 gsm_bts_cell_id (cell_id=cell_id@entry=0x7ffdebd006c0, bts=0x0) at bts.c:538
#1 0x000055e114b47c50 in find_alternative_lchan (lchan=lchan@entry=0x7fe512ad67d0, include_weaker_rxlev=include_weaker_rxlev@entry=true,
request_upgrade_to_tch_f=request_upgrade_to_tch_f@entry=true) at handover_decision_2.c:1453
#2 0x000055e114b49417 in on_measurement_report (mr=<optimized out>) at handover_decision_2.c:1573
#3 0x000055e114b59b2f in ho_meas_rep (mr=0x7fe512ad6d50) at handover_logic.c:95
#4 ho_logic_sig_cb (subsys=<optimized out>, signal=<optimized out>, handler_data=<optimized out>, signal_data=<optimized out>) at handover_logic.c:316
#5 0x00007fe513a3a45c in osmo_signal_dispatch () from /lib/x86_64-linux-gnu/libosmocore.so.18
#6 0x000055e114aeaf09 in send_lchan_signal (resp=0x7fe512ad6d50, lchan=<optimized out>, sig_no=8) at abis_rsl.c:67
#7 rsl_rx_meas_res (msg=0x55e116746cd0) at abis_rsl.c:1469
#8 0x000055e114aec566 in abis_rsl_rx_dchan (msg=<optimized out>) at abis_rsl.c:1565
#9 0x000055e114af0ac5 in abis_rsl_rcvmsg (msg=0x55e116746cd0) at abis_rsl.c:3119
#10 0x00007fe5139e2e1d in handle_ts1_read () from /usr/local/lib/libosmoabis.so.10
#11 0x00007fe5139e343c in ipaccess_fd_cb () from /usr/local/lib/libosmoabis.so.10
#12 0x00007fe513a39ef3 in ?? () from /lib/x86_64-linux-gnu/libosmocore.so.18
#13 0x00007fe513a3a016 in osmo_select_main_ctx () from /lib/x86_64-linux-gnu/libosmocore.so.18
#14 0x000055e114ad867f in main (argc=<optimized out>, argv=<optimized out>) at osmo_bsc_main.c:1043
Related issues
Updated by keith about 2 years ago
- Related to Bug #5324: MULTI BSS Handover: Target BTS is NULL, sigsegv in chan_counts_for_bts() added
Updated by keith about 2 years ago
- Related to Bug #5385: Segmentation fault in chan_counts_for_bts() added
Updated by keith about 2 years ago
I think we assign a NULL target bts in handover_decision_2:collect_handover_candidate()
/* For cells in a remote BSS, we cannot query the target cell's handover config, and hence
* instead assume the local BTS' config to apply. */
neigh_cfg = (neighbor_bts ? : bts)->ho;
c = (struct ho_candidate){
.current = {
.lchan = lchan,
.bts = bts,
.rxlev = rxlev_current,
},
.target = {
.ab = target_ab,
.bts = neighbor_bts,
.cell_ids = neighbor_cil,
.rxlev = neigh_meas_avg(nmp, ho_get_hodec2_rxlev_neigh_avg_win(bts->ho)),
},
};
candidate_set_free_tch(&c);
Then we dereference this later on in find_alternative_lchan()
Updated by keith about 2 years ago
Introduced with
https://gerrit.osmocom.org/c/osmo-bsc/+/24937
Possibly the fix would be something similar to
Updated by pespin about 2 years ago
- Status changed from New to Feedback
- Assignee set to neels
Updated by neels about 2 years ago
- Status changed from Feedback to In Progress
- % Done changed from 0 to 90
This should fix the segfault:
https://gerrit.osmocom.org/c/osmo-bsc/+/27759
Updated by neels about 2 years ago
- Status changed from In Progress to Resolved
- % Done changed from 90 to 100
patch merged, problem reported to be solved
Actions
