laforge has submitted this change. ( https://gerrit.osmocom.org/c/osmo-bsc/+/31990 )
Change subject: segfault: verify lchan presence on Assignment Complete ......................................................................
segfault: verify lchan presence on Assignment Complete
User reports a SEGV:
Program terminated with signal SIGSEGV, Segmentation fault. #0 send_assignment_complete (conn=conn@entry=0x557dbabb75a0) at assignment_fsm.c:188 #1 0x0000557db66aa6b0 in assignment_success (conn=0x557dbabb75a0) at assignment_fsm.c:277 #2 0x00007f6007afee82 in _osmo_fsm_inst_dispatch (fi=0x557db9615b80, event=4, data=0x0, file=0x7f6007a7dc21 "mgcp_client_endpoint_fsm.c", line=513) at fsm.c:875 #3 0x00007f6007a78c12 in ?? () from /lib/x86_64-linux-gnu/libosmo-mgcp-client.so.9
version: osmo-bsc 1.9.0.111.fc339.202212220009
The situation apparently is conn->lchan == NULL (primary lchan is gone), but Assignment has just concluded. Apparently an unexpected / orthogonal event has interrupted operations.
During assignment_success(), do not assume that conn->lchan is still present. This should normally be true, but if not, fail the assignment procedure instead of crashing osmo-bsc.
Related: SYS#6382 Change-Id: I4db25d0458f620954a1ca345282f5d8316341919 --- M src/osmo-bsc/assignment_fsm.c 1 file changed, 33 insertions(+), 0 deletions(-)
Approvals: fixeria: Looks good to me, approved pespin: Looks good to me, but someone else must approve Jenkins Builder: Verified
diff --git a/src/osmo-bsc/assignment_fsm.c b/src/osmo-bsc/assignment_fsm.c index e21a036..02ca29c 100644 --- a/src/osmo-bsc/assignment_fsm.c +++ b/src/osmo-bsc/assignment_fsm.c @@ -185,6 +185,11 @@ struct gsm_lchan *lchan = conn->lchan; struct osmo_fsm_inst *fi = conn->fi;
+ if (!lchan) { + assignment_fail(GSM0808_CAUSE_EQUIPMENT_FAILURE, "Assignment interrupted: primary lchan lost"); + return; + } + chosen_channel = gsm0808_chosen_channel(lchan->type, lchan->current_ch_mode_rate.chan_mode); if (!chosen_channel) { assignment_fail(GSM0808_CAUSE_EQUIPMENT_FAILURE,