We have been experiencing problems with osmo-nitb since we enabled handover. Sometimes osmo-nitb crashes, and our users have reported the fact that sometimes they end up listening to someone's else conversation. This started to happen since we enabled handover. This is the backtrace i got from a core dump of osmo-nitb:
(gdb) bt #0 subscr_name (subscr=0x0) at gsm_subscriber_base.c:47 #1 0x00000000004079e3 in ho_gsm48_ho_compl (new_lchan=0x7fb1a80dd0b0) at handover_logic.c:259 #2 ho_logic_sig_cb (signal_data=<optimized out>, signal=<optimized out>, subsys=<optimized out>, handler_data=<optimized out>) at handover_logic.c:353 #3 ho_logic_sig_cb (subsys=<optimized out>, signal=<optimized out>, handler_data=<optimized out>, signal_data=<optimized out>) at handover_logic.c:335 #4 0x00007fb1a76dccec in osmo_signal_dispatch (subsys=4, signal=3, signal_data=0x7ffffe668090) at signal.c:105 #5 0x0000000000408d25 in handle_rr_ho_compl (msg=<optimized out>) at bsc_api.c:524 #6 dispatch_dtap (msg=0x2436980, link_id=<optimized out>, conn=0xc8e070) at bsc_api.c:583 #7 gsm0408_rcvmsg (msg=0x2436980, link_id=<optimized out>) at bsc_api.c:657 #8 0x000000000041fde1 in abis_rsl_rx_rll (msg=0x2436980) at abis_rsl.c:1682 #9 abis_rsl_rcvmsg (msg=0x2436980) at abis_rsl.c:2093 #10 0x00007fb1a74cce5a in handle_ts1_read (bfd=0x90d6b8) at input/ipaccess.c:469 #11 ipaccess_fd_cb (bfd=0x90d6b8, what=1) at input/ipaccess.c:603 #12 0x00007fb1a76dca11 in osmo_select_main (polling=0) at select.c:158 #13 0x0000000000406e34 in main (argc=<optimized out>, argv=0x7ffffe6684f8) at bsc_hack.c:354
Any clue about why this is happening? Cheers
Ciaby
On Mon, Nov 10, 2014 at 12:16:47PM -0600, Ciaby wrote:
Sometimes osmo-nitb crashes, and our users have reported the fact that sometimes they end up listening to someone's else conversation.
ouch!
This started to happen since we enabled handover. This is the backtrace i got from a core dump of osmo-nitb:
(gdb) bt
Can you please make a "bt full" so we see the values of structures
Any clue about why this is happening?
Yes. "abnormal" condition. So somehow conn->subscr = NULL. This means the subscriber was never loaded from the database or what is more likely is that subscr_con_free has been called for the old channel.
subscr_name(ho->old_lchan->conn->subscr)
is crashing because subscr is 0x0. I wonder about the state of conn and the old_lchan in general. My guess would be that the old_lchan has already failed.
holger
On 11/10/2014 01:44 PM, Holger Hans Peter Freyther wrote:
On Mon, Nov 10, 2014 at 12:16:47PM -0600, Ciaby wrote:
Sometimes osmo-nitb crashes, and our users have reported the fact that sometimes they end up listening to someone's else conversation.
ouch!
This started to happen since we enabled handover. This is the backtrace i got from a core dump of osmo-nitb:
(gdb) bt
Can you please make a "bt full" so we see the values of structures
Any clue about why this is happening?
Yes. "abnormal" condition. So somehow conn->subscr = NULL. This means the subscriber was never loaded from the database or what is more likely is that subscr_con_free has been called for the old channel.
subscr_name(ho->old_lchan->conn->subscr)
is crashing because subscr is 0x0. I wonder about the state of conn and the old_lchan in general. My guess would be that the old_lchan has already failed.
Here comes the "bt full" output:
#0 subscr_name (subscr=0x0) at gsm_subscriber_base.c:47 No locals. #1 0x00000000004079e3 in ho_gsm48_ho_compl (new_lchan=0x7fb1a80dd0b0) at handover_logic.c:259 net = 0x894690 ho = 0xe1ccb0 #2 ho_logic_sig_cb (signal_data=<optimized out>, signal=<optimized out>, subsys=<optimized out>, handler_data=<optimized out>) at handover_logic.c:353 lchan = 0x7fb1a80dd0b0 #3 ho_logic_sig_cb (subsys=<optimized out>, signal=<optimized out>, handler_data=<optimized out>, signal_data=<optimized out>) at handover_logic.c:335 lchan_data = <optimized out> #4 0x00007fb1a76dccec in osmo_signal_dispatch (subsys=4, signal=3, signal_data=0x7ffffe668090) at signal.c:105 handler = 0x7af060 #5 0x0000000000408d25 in handle_rr_ho_compl (msg=<optimized out>) at bsc_api.c:524 sig = {lchan = 0x7fb1a80dd0b0, mr = 0x0} gh = <optimized out> #6 dispatch_dtap (msg=0x2436980, link_id=<optimized out>, conn=0xc8e070) at bsc_api.c:583 api = 0x6757c0 gh = <optimized out> pdisc = <optimized out> rc = <optimized out> #7 gsm0408_rcvmsg (msg=0x2436980, link_id=<optimized out>) at bsc_api.c:657 rc = <optimized out> api = 0x6757c0 lchan = 0x7fb1a80dd0b0 #8 0x000000000041fde1 in abis_rsl_rx_rll (msg=0x2436980) at abis_rsl.c:1682 rllh = 0x2436a0e ts_name = <optimized out> sign_link = <optimized out> rc = 0 sapi = <optimized out> #9 abis_rsl_rcvmsg (msg=0x2436980) at abis_rsl.c:2093 rslh = 0x2436a0e rc = 0 #10 0x00007fb1a74cce5a in handle_ts1_read (bfd=0x90d6b8) at input/ipaccess.c:469 line = 0x90cb00 link = <optimized out> hh = 0x2436a0b msg = 0x2436980 ret = <optimized out> ts_nr = 2 e1i_ts = 0x90d118 #11 ipaccess_fd_cb (bfd=0x90d6b8, what=1) at input/ipaccess.c:603 rc = 0 #12 0x00007fb1a76dca11 in osmo_select_main (polling=0) at select.c:158 flags = 1 ufd = 0x90d6b8 tmp = 0x8aa118 readset = {__fds_bits = {0 <repeats 16 times>}} writeset = {__fds_bits = {0 <repeats 16 times>}} exceptset = {__fds_bits = {0 <repeats 16 times>}} work = 1 rc = <optimized out> no_time = {tv_sec = 0, tv_usec = 0} #13 0x0000000000406e34 in main (argc=<optimized out>, argv=0x7ffffe6684f8) at bsc_hack.c:354 rc = <optimized out>
Cheers
Ciaby
On Mon, Nov 10, 2014 at 02:10:46PM -0600, Ciaby wrote:
#0 subscr_name (subscr=0x0) at gsm_subscriber_base.c:47 No locals. #1 0x00000000004079e3 in ho_gsm48_ho_compl (new_lchan=0x7fb1a80dd0b0) at handover_logic.c:259 net = 0x894690 ho = 0xe1ccb0
frame 1 p *ho p *ho->old_lchan p *ho->old_lchan->conn
does it work
On 11/10/2014 02:19 PM, Holger Hans Peter Freyther wrote:
On Mon, Nov 10, 2014 at 02:10:46PM -0600, Ciaby wrote:
#0 subscr_name (subscr=0x0) at gsm_subscriber_base.c:47 No locals. #1 0x00000000004079e3 in ho_gsm48_ho_compl (new_lchan=0x7fb1a80dd0b0) at handover_logic.c:259 net = 0x894690 ho = 0xe1ccb0
frame 1 p *ho p *ho->old_lchan p *ho->old_lchan->conn
does it work
(gdb) frame 1 #1 0x00000000004079e3 in ho_gsm48_ho_compl (new_lchan=0x7fb1a80dd0b0) at handover_logic.c:259 259 in handover_logic.c
(gdb) p *ho $3 = {list = {next = 0x66eba0, prev = 0x66eba0}, old_lchan = 0x7fb1a80fb128, new_lchan = 0x7fb1a80dd0b0, T3103 = {node = {rb_parent_color = 6785312, rb_right = 0x0, rb_left = 0x0}, list = {next = 0xe1cce8, prev = 0xe1cce8}, timeout = {tv_sec = 1415116971, tv_usec = 619112}, active = 1, cb = 0x407740 <ho_T3103_cb>, data = 0xe1ccb0}, ho_ref = 92 '\'}
(gdb) p *ho->old_lchan $1 = {ts = 0x7fb1a80fa020, nr = 0 '\000', type = GSM_LCHAN_TCH_F, rsl_cmode = RSL_CMOD_SPD_SIGN, tch_mode = GSM48_CMODE_SIGN, csd_mode = LCHAN_CSD_M_NT, state = LCHAN_S_ACTIVE, bs_power = 0 '\000', ms_power = 5 '\005', encr = {alg_id = 1 '\001', key_len = 0 '\000', key = '\000' <repeats 15 times>}, mr_conf = { smod = 0 '\000', spare = 0 '\000', icmi = 0 '\000', nscb = 0 '\000', ver = 0 '\000', m4_75 = 0 '\000', m5_15 = 0 '\000', m5_90 = 0 '\000', m6_70 = 0 '\000', m7_40 = 0 '\000', m7_95 = 0 '\000', m10_2 = 0 '\000', m12_2 = 0 '\000'}, sapis = "\001\000\000\000\000\000\000", sacch_deact = 0, abis_ip = {bound_ip = 2886729995, connect_ip = 2886729985, bound_port = 50846, connect_port = 553, conn_id = 0, rtp_payload = 3 '\003', rtp_payload2 = 0 '\000', speech_mode = 0 '\000', rtp_socket = 0x0}, rqd_ta = 0 '\000', T3101 = {node = {rb_parent_color = 9338528, rb_right = 0x0, rb_left = 0x0}, list = {next = 0x7fb1a80fb1b0, prev = 0x7fb1a80fb1b0}, timeout = {tv_sec = 1415116967, tv_usec = 917091}, active = 0, cb = 0x41f600 <t3101_expired>, data = 0x7fb1a80fb128}, T3109 = {node = { rb_parent_color = 6785313, rb_right = 0x0, rb_left = 0x0}, list = {next = 0x7fb1a80fb200, prev = 0x7fb1a80fb200}, timeout = {tv_sec = 1415116956, tv_usec = 113590}, active = 0, cb = 0x41f310 <t3109_expired>, data = 0x7fb1a80fb128}, T3111 = {node = {rb_parent_color = 6785312, rb_right = 0x0, rb_left = 0x0}, list = {next = 0x7fb1a80fb250, prev = 0x7fb1a80fb250}, timeout = {tv_sec = 1415116952, tv_usec = 273614}, active = 0, cb = 0x41f360 <t3111_expired>, data = 0x7fb1a80fb128}, error_timer = {node = {rb_parent_color = 8996937, rb_right = 0x0, rb_left = 0x0}, list = {next = 0x7fb1a80fb2a0, prev = 0x7fb1a80fb2a0}, timeout = {tv_sec = 1415116278, tv_usec = 714886}, active = 0, cb = 0x41c910 <error_timeout_cb>, data = 0x7fb1a80fb128}, act_timer = {node = { rb_parent_color = 8996937, rb_right = 0x0, rb_left = 0x0}, list = {next = 0x7fb1a80fb2f0, prev = 0x7fb1a80fb2f0}, timeout = {tv_sec = 1415116961, tv_usec = 906814}, active = 0, cb = 0x41b880 <lchan_act_tmr_cb>, data = 0x7fb1a80fb128}, rel_work = {node = {rb_parent_color = 0, rb_right = 0x0, rb_left = 0x0}, list = {next = 0x0, prev = 0x0}, timeout = {tv_sec = 0, tv_usec = 0}, active = 0, cb = 0, data = 0x0}, error_cause = 0 '\000', neigh_meas = {{arfcn = 239, bsic = 63 '?', rxlev = "\r\t\024\024\024\026\026\026\026\027", rxlev_cnt = 58152, last_seen_nr = 6 '\006'}, {arfcn = 0, bsic = 63 '?', rxlev = "\000\000\000\000\000\000\000\000\000", rxlev_cnt = 332, last_seen_nr = 20 '\024'}, {arfcn = 0, bsic = 0 '\000', rxlev = "\000\000\000\000\000\000\000\000\000", rxlev_cnt = 0, last_seen_nr = 0 '\000'}, {arfcn = 0, bsic = 0 '\000', rxlev = "\000\000\000\000\000\000\000\000\000", rxlev_cnt = 0, last_seen_nr = 0 '\000'}, {arfcn = 0, bsic = 0 '\000', rxlev = "\000\000\000\000\000\000\000\000\000", rxlev_cnt = 0, last_seen_nr = 0 '\000'}, {arfcn = 0, bsic = 0 '\000', rxlev = "\000\000\000\000\000\000\000\000\000", rxlev_cnt = 0, last_seen_nr = 0 '\000'}, {arfcn = 0, bsic = 0 '\000', rxlev = "\000\000\000\000\000\000\000\000\000", rxlev_cnt = 0, last_seen_nr = 0 '\000'}, {arfcn = 0, bsic = 0 '\000', rxlev = "\000\000\000\000\000\000\000\000\000", rxlev_cnt = 0, last_seen_nr = 0 '\000'}, {arfcn = 0, bsic = 0 '\000', rxlev = "\000\000\000\000\000\000\000\000\000", rxlev_cnt = 0, last_seen_nr = 0 '\000'}, {arfcn = 0, bsic = 0 '\000', rxlev = "\000\000\000\000\000\000\000\000\000", rxlev_cnt = 0, last_seen_nr = 0 '\000'}}, meas_rep = {{lchan = 0x7fb1a80fb128, nr = 6 '\006', flags = 34, ul = { full = {rx_lev = 13 '\r', rx_qual = 0 '\000'}, sub = {rx_lev = 63 '?', rx_qual = 0 '\000'}}, dl = {full = {rx_lev = 3 '\003', rx_qual = 5 '\005'}, sub = { rx_lev = 4 '\004', rx_qual = 6 '\006'}}, bs_power = 0 '\000', ms_timing_offset = 0 '\000', ms_l1 = {pwr = 33 '!', ta = 12 '\f'}, num_cell = 1, cell = {{ rxlev = 9 '\t', bsic = 63 '?', neigh_idx = 2 '\002', arfcn = 239, flags = 1}, {rxlev = 0 '\000', bsic = 0 '\000', neigh_idx = 0 '\000', arfcn = 0, flags = 0}, {rxlev = 0 '\000', bsic = 0 '\000', neigh_idx = 0 '\000', arfcn = 0, flags = 0}, {rxlev = 0 '\000', bsic = 0 '\000', neigh_idx = 0 '\000', arfcn = 0, flags = 0}, {rxlev = 0 '\000', bsic = 0 '\000', neigh_idx = 0 '\000', arfcn = 0, flags = 0}, {rxlev = 0 '\000', bsic = 0 '\000', neigh_idx = 0 '\000', arfcn = 0, flags = 0}}}, {lchan = 0x7fb1a80fb128, nr = 1 '\001', flags = 34, ul = {full = {rx_lev = 21 '\025', rx_qual = 0 '\000'}, sub = {rx_lev = 63 '?', rx_qual = 0 '\000'}}, dl = {full = {rx_lev = 22 '\026', rx_qual = 0 '\000'}, sub = {rx_lev = 22 '\026', rx_qual = 0 '\000'}}, bs_power = 0 '\000', ms_timing_offset = 0 '\000', ms_l1 = {pwr = 33 '!', ta = 12 '\f'}, num_cell = 1, cell = {{rxlev = 22 '\026', bsic = 63 '?', neigh_idx = 2 '\002', arfcn = 239, flags = 1}, {rxlev = 0 '\000', bsic = 0 '\000', neigh_idx = 0 '\000', arfcn = 0, flags = 0}, {rxlev = 0 '\000', bsic = 0 '\000', neigh_idx = 0 '\000', arfcn = 0, flags = 0}, {rxlev = 0 '\000', bsic = 0 '\000', neigh_idx = 0 '\000', arfcn = 0, flags = 0}, {rxlev = 0 '\000', bsic = 0 '\000', neigh_idx = 0 '\000', arfcn = 0, flags = 0}, {rxlev = 0 '\000', bsic = 0 '\000', neigh_idx = 0 '\000', arfcn = 0, flags = 0}}}, {lchan = 0x7fb1a80fb128, nr = 2 '\002', flags = 34, ul = {full = {rx_lev = 20 '\024', rx_qual = 0 '\000'}, sub = {rx_lev = 63 '?', rx_qual = 0 '\000'}}, dl = {full = {rx_lev = 22 '\026', rx_qual = 0 '\000'}, sub = {rx_lev = 22 '\026', rx_qual = 0 '\000'}}, bs_power = 0 '\000', ms_timing_offset = 0 '\000', ms_l1 = {pwr = 33 '!', ta = 12 '\f'}, num_cell = 1, cell = {{rxlev = 22 '\026', bsic = 63 '?', neigh_idx = 2 '\002', arfcn = 239, flags = 1}, {rxlev = 0 '\000', bsic = 0 '\000', neigh_idx = 0 '\000', arfcn = 0, flags = 0}, {rxlev = 0 '\000', bsic = 0 '\000', neigh_idx = 0 '\000', arfcn = 0, flags = 0}, {rxlev = 0 '\000', bsic = 0 '\000', neigh_idx = 0 '\000', arfcn = 0, flags = 0}, {rxlev = 0 '\000', bsic = 0 '\000', neigh_idx = 0 '\000', arfcn = 0, flags = 0}, {rxlev = 0 '\000', bsic = 0 '\000', neigh_idx = 0 '\000', arfcn = 0, flags = 0}}}, {lchan = 0x7fb1a80fb128, nr = 3 '\003', flags = 34, ul = {full = {rx_lev = 21 '\025', rx_qual = 0 '\000'}, sub = {rx_lev = 63 '?', rx_qual = 0 '\000'}}, dl = {full = {rx_lev = 22 '\026', rx_qual = 0 '\000'}, sub = {rx_lev = 22 '\026', rx_qual = 0 '\000'}}, bs_power = 0 '\000', ms_timing_offset = 0 '\000', ms_l1 = {pwr = 33 '!', ta = 12 '\f'}, num_cell = 1, cell = {{rxlev = 22 '\026', bsic = 63 '?', neigh_idx = 2 '\002', arfcn = 239, flags = 1}, {rxlev = 0 '\000', bsic = 0 '\000', neigh_idx = 0 '\000', arfcn = 0, flags = 0}, { rxlev = 0 '\000', bsic = 0 '\000', neigh_idx = 0 '\000', arfcn = 0, flags = 0}, {rxlev = 0 '\000', bsic = 0 '\000', neigh_idx = 0 '\000', arfcn = 0, flags = 0}, {rxlev = 0 '\000', bsic = 0 '\000', neigh_idx = 0 '\000', arfcn = 0, flags = 0}, {rxlev = 0 '\000', bsic = 0 '\000', neigh_idx = 0 '\000', arfcn = 0, flags = 0}}}, {lchan = 0x7fb1a80fb128, nr = 4 '\004', flags = 34, ul = {full = {rx_lev = 22 '\026', rx_qual = 0 '\000'}, sub = {rx_lev = 63 '?', rx_qual = 0 '\000'}}, dl = {full = {rx_lev = 23 '\027', rx_qual = 0 '\000'}, sub = {rx_lev = 22 '\026', rx_qual = 0 '\000'}}, bs_power = 0 '\000', ms_timing_offset = 0 '\000', ms_l1 = {pwr = 33 '!', ta = 12 '\f'}, num_cell = 1, cell = {{rxlev = 23 '\027', bsic = 63 '?', neigh_idx = 2 '\002', arfcn = 239, flags = 1}, {rxlev = 0 '\000', bsic = 0 '\000', neigh_idx = 0 '\000', arfcn = 0, flags = 0}, {rxlev = 0 '\000', bsic = 0 '\000', neigh_idx = 0 '\000', arfcn = 0, flags = 0}, {rxlev = 0 '\000', bsic = 0 '\000', neigh_idx = 0 '\000', arfcn = 0, flags = 0}, {rxlev = 0 '\000', bsic = 0 '\000', neigh_idx = 0 '\000', arfcn = 0, flags = 0}, {rxlev = 0 '\000', bsic = 0 '\000', neigh_idx = 0 '\000', arfcn = 0, flags = 0}}}, {lchan = 0x7fb1a80fb128, nr = 5 '\005', flags = 34, ul = {full = {rx_lev = 16 '\020', rx_qual = 0 '\000'}, sub = {rx_lev = 63 '?', rx_qual = 0 '\000'}}, dl = {full = {rx_lev = 14 '\016', rx_qual = 0 '\000'}, sub = {rx_lev = 16 '\020', rx_qual = 0 '\000'}}, bs_power = 0 '\000', ms_timing_offset = 0 '\000', ms_l1 = {pwr = 33 '!', ta = 12 '\f'}, num_cell = 1, cell = {{rxlev = 13 '\r', bsic = 63 '?', neigh_idx = 2 '\002', arfcn = 239, flags = 1}, {rxlev = 0 '\000', bsic = 0 '\000', neigh_idx = 0 '\000', arfcn = 0, flags = 0}, {rxlev = 0 '\000', bsic = 0 '\000', neigh_idx = 0 '\000', arfcn = 0, flags = 0}, {rxlev = 0 '\000', bsic = 0 '\000', neigh_idx = 0 '\000', arfcn = 0, flags = 0}, {rxlev = 0 '\000', bsic = 0 '\000', neigh_idx = 0 '\000', arfcn = 0, flags = 0}, {rxlev = 0 '\000', bsic = 0 '\000', neigh_idx = 0 '\000', arfcn = 0, flags = 0}}}}, meas_rep_idx = 1, rqd_ref = 0x0, conn = 0xc8e070}
(gdb) p *ho->old_lchan->conn $2 = {entry = {next = 0x66ebb0, prev = 0x66ebb0}, subscr = 0x0, expire_timer_stopped = 0 '\000', next_rp_ref = 0 '\000', loc_operation = 0x0, sec_operation = 0x0, anch_operation = 0x9ceed0, silent_call = 0, put_channel = 0, sccp_con = 0x0, in_release = 0, lchan = 0x7fb1a80fb128, ho_lchan = 0x7fb1a80dd0b0, bts = 0x8a3290, T10 = { node = {rb_parent_color = 0, rb_right = 0x0, rb_left = 0x0}, list = {next = 0x0, prev = 0x0}, timeout = {tv_sec = 0, tv_usec = 0}, active = 0, cb = 0, data = 0x0}, secondary_lchan = 0x0}
Cheers
Ciaby
On Mon, Nov 10, 2014 at 02:29:37PM -0600, Ciaby wrote:
(gdb) p *ho->old_lchan $1 = {ts = 0x7fb1a80fa020, nr = 0 '\000', type = GSM_LCHAN_TCH_F, rsl_cmode = RSL_CMOD_SPD_SIGN, tch_mode = GSM48_CMODE_SIGN, csd_mode = LCHAN_CSD_M_NT, state = LCHAN_S_ACTIVE, bs_power = 0 '\000', ms_power = 5 '\005', encr = {alg_id = 1 '\001', key_len = 0 '\000', key = '\000' <repeats 15 times>}, mr_conf = { (gdb) p *ho->old_lchan->conn
$2 = {entry = {next = 0x66ebb0, prev = 0x66ebb0}, subscr = 0x0, expire_timer_stopped = 0 '\000', next_rp_ref = 0 '\000', loc_operation = 0x0, sec_operation = 0x0, anch_operation = 0x9ceed0, silent_call = 0, put_channel = 0, sccp_con = 0x0, in_release = 0, lchan = 0x7fb1a80fb128, ho_lchan = 0x7fb1a80dd0b0, bts = 0x8a3290, T10 = { node = {rb_parent_color = 0, rb_right = 0x0, rb_left = 0x0}, list = {next = 0x0, prev = 0x0}, timeout = {tv_sec = 0, tv_usec = 0}, active = 0, cb = 0, data = 0x0}, secondary_lchan = 0x0}
a.) The lchan has been re-used and "old_lchan" is already for someone new. b.) We start the handover too early. E.g. while still trying to determine the subscriber?
diff --git a/openbsc/src/libbsc/handover_logic.c b/openbsc/src/libbsc/handover_logic.c index 22f9883..d7e1a16 100644 --- a/openbsc/src/libbsc/handover_logic.c +++ b/openbsc/src/libbsc/handover_logic.c @@ -93,6 +93,9 @@ int bsc_handover_start(struct gsm_lchan *old_lchan, struct gsm_bts *bts) if (bsc_ho_by_old_lchan(old_lchan)) return -EBUSY;
+ if (!old_lchan->conn->subscr) + return -EBUSY; + DEBUGP(DHO, "(old_lchan on BTS %u, new BTS %u)\n", old_lchan->ts->trx->bts->nr, bts->nr);
this would be a band-aid and it would be interesting if you still see the crash.
On 11/10/2014 03:57 PM, Holger Hans Peter Freyther wrote: [...]
a.) The lchan has been re-used and "old_lchan" is already for someone new. b.) We start the handover too early. E.g. while still trying to determine the subscriber?
diff --git a/openbsc/src/libbsc/handover_logic.c b/openbsc/src/libbsc/handover_logic.c index 22f9883..d7e1a16 100644 --- a/openbsc/src/libbsc/handover_logic.c +++ b/openbsc/src/libbsc/handover_logic.c @@ -93,6 +93,9 @@ int bsc_handover_start(struct gsm_lchan *old_lchan, struct gsm_bts *bts) if (bsc_ho_by_old_lchan(old_lchan)) return -EBUSY;
if (!old_lchan->conn->subscr)return -EBUSY;DEBUGP(DHO, "(old_lchan on BTS %u, new BTS %u)\n", old_lchan->ts->trx->bts->nr, bts->nr);this would be a band-aid and it would be interesting if you still see the crash.
Thanks! I'll apply it to the current version we use, deploy it and see if we still see the same issue. Cheers
Ciaby
-
Ciaby -
Holger Hans Peter Freyther