lte-softmodem, tag "2020.w06" and "develop-nr-2020w03": reproducible crash in rx_pucch when trying to saturate connection
I set up an eNodeB with URSP 210 board by starting the lte-softmodem program built from the sources tag "2020.w05". My UE can connect, and the connection remains working (e.g. Ping to Internet server). But when I try to load the connection with a saturated TCP flow (by using the NetPerfMeter performance testing tool https://www.uni-due.de/~be0001/netperfmeter/), the lte-softmodem crashes reproducibly after a short time. I built lte-softmodem with the following parameters, to get a stack trace: build_oai -I -w USRP -x -c --eNB --run-with-gdb RelWithDebInfo.
My eNodeB system is Ubuntu 18.04 (x86_64), using the lowlatency kernel 4.15.0-76-lowlatency and the recommended performance settings for the CPU.
Test 1:
[RRC] [FRAME 01003][eNB][MOD 00][RNTI 99ef]CALLING RLC CONFIG SRB1 (rbid 1)
add new uid is 2 99ef
[PDCP] [FRAME 01003][eNB][MOD 00][RNTI 99ef][SRB 01] Action ADD LCID 1 (SRB id 1) configured with SN size 5 bits and RLC AM
[RLC] [FRAME 01003][eNB][MOD 00][RNTI 99ef] [SRB 1] rrc_rlc_add_rlc SRB
[RLC] [FRAME 01003][eNB][MOD 00][RNTI 99ef][SRB AM 01][CONFIGURE] max_retx_threshold 4 poll_pdu 4 poll_byte 65535 t_poll_retransmit 80 t_reordering 35 t_status_prohibit 0
[MAC] generate_Msg4 ra->Msg4_frame SFN/SF: 1003.6, frameP SFN/SF: 1003.6 FOR eNB_Mod: 0
[MAC] [eNB 0][RAPROC] CC_id 0 Frame 1003, subframeP 6: Generating Msg4 with RRC Piggyback (RNTI 99ef)
U
Thread 9 "ru thread" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffed7fa700 (LWP 18809)]
rx_pucch (eNB=eNB@entry=0x7ffff522b010, fmt=<optimized out>, UE_id=255 '\377', n1_pucch=<optimized out>, n2_pucch=n2_pucch@entry=0,
shortened_format=<optimized out>, payload=0x7fffed7f92bf "", frame=1004, subframe=0 '\000', pucch1_thres=0 '\000', br_flag=0 '\000')
at /home/nornetpp/src/openairinterface5g/openair1/PHY/LTE_TRANSPORT/pucch.c:1078
1078 eNB->pucch1_stats[UE_id][(subframe<<10)+eNB->pucch1_stats_cnt[UE_id][subframe]] = stat_max;
(gdb) print UE_id
$3 = 255 '\377'
(gdb) print UE_id
$4 = 255 '\377'
(gdb) print subframe
$5 = 0 '\000'
(gdb) print stat_max
$6 = 282
Test 2:
[PDCP] [FRAME 00243][eNB][MOD 00][RNTI b63b][SRB 01] Action ADD LCID 1 (SRB id 1) configured with SN size 5 bits and RLC AM
[RLC] [FRAME 00243][eNB][MOD 00][RNTI b63b] [SRB 1] rrc_rlc_add_rlc SRB
[RLC] [FRAME 00243][eNB][MOD 00][RNTI b63b][SRB AM 01][CONFIGURE] max_retx_threshold 4 poll_pdu 4 poll_byte 65535 t_poll_retransmit 80 t_reordering 35 t_status_prohibit 0
[MAC] generate_Msg4 ra->Msg4_frame SFN/SF: 243.6, frameP SFN/SF: 243.6 FOR eNB_Mod: 0
[MAC] [eNB 0][RAPROC] CC_id 0 Frame 243, subframeP 6: Generating Msg4 with RRC Piggyback (RNTI b63b)
U
Thread 9 "ru thread" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffecff9700 (LWP 31790)]
rx_pucch (eNB=eNB@entry=0x7ffff522b010, fmt=<optimized out>, UE_id=255 '\377', n1_pucch=<optimized out>, n2_pucch=n2_pucch@entry=0,
shortened_format=<optimized out>, payload=0x7fffecff82bf "", frame=244, subframe=0 '\000', pucch1_thres=0 '\000', br_flag=0 '\000')
at /home/nornetpp/src/openairinterface5g/openair1/PHY/LTE_TRANSPORT/pucch.c:1078
1078 eNB->pucch1_stats[UE_id][(subframe<<10)+eNB->pucch1_stats_cnt[UE_id][subframe]] = stat_max;
(gdb) print UE_id
$1 = 255 '\377'
(gdb) print subframe
$2 = 0 '\000'