hi,
this is a note. We had a crash with handover. So ho->new_lchan points
to a "valid" lchan but ho->new_lchan->conn is NULL. Which means the new
lchan failed/was freed/re-used.. but the "ho" entry wasn't killed. I
thought I fixed such a bug recently but obviously no.
Program terminated with signal 11, Segmentation fault.
#0 0x00000000004078a7 in ho_T3103_cb (_ho=<optimized out>) at handover_logic.c:192
192 ho->new_lchan->conn->ho_lchan = NULL;
(gdb) p *ho->new_lchan
$1 = {ts = 0x7f9c1439d028, nr = 0 '\000', type = GSM_LCHAN_NONE,
rsl_cmode = RSL_CMOD_SPD_SPEECH, tch_mode = GSM48_CMODE_SPEECH_V1,
csd_mode = LCHAN_CSD_M_NT, state = LCHAN_S_NONE, broken_reason = 0x44c5e3 "",
bs_power = 0 '\000', ms_power = 0 '\000', encr = {alg_id = 2
'\002', key_len = 8 '\b',
key = "\314]\204\276J6\204\000\000\000\000\000\000\000\000"}, mr_conf =
{smod = 0 '\000',
spare = 0 '\000', icmi = 0 '\000', nscb = 0 '\000', ver = 0
'\000', m4_75 = 0 '\000',
m5_15 = 0 '\000', m5_90 = 0 '\000', m6_70 = 0 '\000', m7_40 =
0 '\000', m7_95 = 0 '\000',
m10_2 = 0 '\000', m12_2 = 0 '\000'}, sapis =
"\000\000\000\000\000\000\000",
sacch_deact = 0, abis_ip = {bound_ip = 3232247317, connect_ip = 3232247297,
bound_port = 44336, connect_port = 5011, conn_id = 0, rtp_payload = 3 '\003',
rtp_payload2 = 0 '\000', speech_mode = 0 '\000', rtp_socket = 0x0},
rqd_ta = 0 '\000',
T3101 = {node = {rb_parent_color = 30560649, rb_right = 0x1e46618, rb_left = 0x1bcaf30},
list = {next = 0x7f9c1439e1c0, prev = 0x7f9c1439e1c0}, timeout = {tv_sec = 1419790405,
tv_usec = 573730}, active = 0, cb = 0x41fd10 <t3101_expired>, data =
0x7f9c1439e130},
T3109 = {node = {rb_parent_color = 31559320, rb_right = 0x0, rb_left = 0x0}, list = {
next = 0x7f9c1439e210, prev = 0x7f9c1439e210}, timeout = {tv_sec = 1419790684,
tv_usec = 182786}, active = 0, cb = 0x41fa20 <t3109_expired>, data =
0x7f9c1439e130},
T3111 = {node = {rb_parent_color = 29138256, rb_right = 0x0, rb_left = 0x0}, list = {
next = 0x7f9c1439e260, prev = 0x7f9c1439e260}, timeout = {tv_sec = 1419791140,
tv_usec = 812411}, active = 0, cb = 0x41fa70 <t3111_expired>, data =
0x7f9c1439e130},
error_timer = {node = {rb_parent_color = 30539945, rb_right = 0x1bc9470,
rb_left = 0x1c75728}, list = {next = 0x7f9c1439e2b0, prev = 0x7f9c1439e2b0}, timeout
= {
tv_sec = 1419790405, tv_usec = 637282}, active = 0, cb = 0x41d0f0
<error_timeout_cb>,
data = 0x7f9c1439e130}, act_timer = {node = {rb_parent_color = 29769248, rb_right =
0x0,
rb_left = 0x0}, list = {next = 0x7f9c1439e300, prev = 0x7f9c1439e300}, timeout = {
tv_sec = 1419791144, tv_usec = 812427}, active = 0, cb = 0x41bff0
<lchan_deact_tmr_cb>,
data = 0x7f9c1439e130}, rel_work = {node = {rb_parent_color = 0, rb_right = 0x0,
rb_left = 0x0}, list = {next = 0x0, prev = 0x0}, timeout = {tv_sec = 0, tv_usec =
0},
active = 0, cb = 0, data = 0x0}, error_cause = 0 '\000', neigh_meas = {{arfcn
= 0,
bsic = 63 '?', rxlev = ",,'&\032\016-.+)", rxlev_cnt =
4376, last_seen_nr = 0 '\000'}, {
arfcn = 0, bsic = 63 '?', rxlev = "\031\004$(' \037%*&",
rxlev_cnt = 4372,
last_seen_nr = 0 '\000'}, {arfcn = 0, bsic = 63 '?', rxlev =
"%\017\004''&&&&%",
rxlev_cnt = 4313, last_seen_nr = 0 '\000'}, {arfcn = 0, bsic = 63
'?',
rxlev = "\027\026\024\031\030\031\033\003\027\025", rxlev_cnt = 3328,
last_seen_nr = 0 '\000'}, {arfcn = 0, bsic = 63 '?',
rxlev = "\000\002\001\001\001\003\002\000\000", rxlev_cnt = 1177,
last_seen_nr = 48 '0'}, {arfcn = 0, bsic = 63 '?',
rxlev = "\002\004\002\003\002\005\000\002\005\004", rxlev_cnt = 224,
last_seen_nr = 18 '\022'}, {arfcn = 0, bsic = 0 '\000',
rxlev = "\000\000\000\000\000\000\000\000\000", rxlev_cnt = 0,
last_seen_nr = 0 '\000'}, {arfcn = 0, bsic = 0 '\000',
rxlev = "\000\000\000\000\000\000\000\000\000", rxlev_cnt = 0,
last_seen_nr = 0 '\000'}, {arfcn = 0, bsic = 0 '\000',
rxlev = "\000\000\000\000\000\000\000\000\000", rxlev_cnt = 0,
last_seen_nr = 0 '\000'}, {arfcn = 0, bsic = 0 '\000',
rxlev = "\000\000\000\000\000\000\000\000\000", rxlev_cnt = 0,
---Type <return> to continue, or q <return> to quit---
last_seen_nr = 0 '\000'}}, meas_rep = {{lchan = 0x7f9c1439e130, nr = 0
'\000',
flags = 0, ul = {full = {rx_lev = 3 '\003', rx_qual = 0 '\000'}, sub
= {
rx_lev = 63 '?', rx_qual = 0 '\000'}}, dl = {full = {rx_lev = 3
'\003',
rx_qual = 7 '\a'}, sub = {rx_lev = 7 '\a', rx_qual = 7
'\a'}}, bs_power = 0 '\000',
ms_timing_offset = 0 '\000', ms_l1 = {pwr = 30 '\036', ta = 0
'\000'}, num_cell = 3,
cell = {{rxlev = 14 '\016', bsic = 63 '?', neigh_idx = 0
'\000', arfcn = 866,
flags = 1}, {rxlev = 4 '\004', bsic = 63 '?', neigh_idx = 4
'\004', arfcn = 877,
flags = 1}, {rxlev = 4 '\004', bsic = 63 '?', neigh_idx = 1
'\001', arfcn = 868,
flags = 1}, {rxlev = 0 '\000', bsic = 0 '\000', neigh_idx = 0
'\000', arfcn = 0,
flags = 0}, {rxlev = 0 '\000', bsic = 0 '\000', neigh_idx = 0
'\000', arfcn = 0,
flags = 0}, {rxlev = 0 '\000', bsic = 0 '\000', neigh_idx = 0
'\000', arfcn = 0,
flags = 0}}}, {lchan = 0x7f9c1439e130, nr = 0 '\000', flags = 0, ul =
{full = {
rx_lev = 35 '#', rx_qual = 0 '\000'}, sub = {rx_lev = 63
'?', rx_qual = 0 '\000'}},
dl = {full = {rx_lev = 44 ',', rx_qual = 0 '\000'}, sub = {rx_lev =
41 ')',
rx_qual = 0 '\000'}}, bs_power = 0 '\000', ms_timing_offset = 0
'\000', ms_l1 = {
pwr = 22 '\026', ta = 0 '\000'}, num_cell = 5, cell = {{rxlev = 43
'+',
bsic = 63 '?', neigh_idx = 1 '\001', arfcn = 868, flags = 1},
{rxlev = 39 '\'',
bsic = 63 '?', neigh_idx = 0 '\000', arfcn = 866, flags = 1},
{rxlev = 38 '&',
bsic = 63 '?', neigh_idx = 3 '\003', arfcn = 873, flags = 1},
{rxlev = 22 '\026',
bsic = 63 '?', neigh_idx = 5 '\005', arfcn = 881, flags = 1},
{rxlev = 2 '\002',
bsic = 63 '?', neigh_idx = 2 '\002', arfcn = 871, flags = 1},
{rxlev = 0 '\000',
bsic = 0 '\000', neigh_idx = 0 '\000', arfcn = 0, flags = 0}}},
{
lchan = 0x7f9c1439e130, nr = 0 '\000', flags = 0, ul = {full = {rx_lev = 45
'-',
rx_qual = 0 '\000'}, sub = {rx_lev = 63 '?', rx_qual = 0
'\000'}}, dl = {full = {
rx_lev = 42 '*', rx_qual = 0 '\000'}, sub = {rx_lev = 41
')', rx_qual = 0 '\000'}},
bs_power = 0 '\000', ms_timing_offset = 0 '\000', ms_l1 = {pwr = 30
'\036',
ta = 0 '\000'}, num_cell = 5, cell = {{rxlev = 41 ')', bsic = 63
'?',
neigh_idx = 1 '\001', arfcn = 868, flags = 1}, {rxlev = 38
'&', bsic = 63 '?',
neigh_idx = 3 '\003', arfcn = 873, flags = 1}, {rxlev = 32 ' ',
bsic = 63 '?',
neigh_idx = 0 '\000', arfcn = 866, flags = 1}, {rxlev = 20
'\024', bsic = 63 '?',
neigh_idx = 5 '\005', arfcn = 881, flags = 1}, {rxlev = 1
'\001', bsic = 63 '?',
neigh_idx = 2 '\002', arfcn = 871, flags = 1}, {rxlev = 0
'\000', bsic = 0 '\000',
neigh_idx = 0 '\000', arfcn = 0, flags = 0}}}, {lchan = 0x7f9c1439e130,
nr = 0 '\000', flags = 0, ul = {full = {rx_lev = 37 '%', rx_qual = 0
'\000'}, sub = {
rx_lev = 63 '?', rx_qual = 0 '\000'}}, dl = {full = {rx_lev = 44
',',
rx_qual = 0 '\000'}, sub = {rx_lev = 44 ',', rx_qual = 0
'\000'}},
bs_power = 0 '\000', ms_timing_offset = 0 '\000', ms_l1 = {pwr = 14
'\016',
ta = 0 '\000'}, num_cell = 5, cell = {{rxlev = 44 ',', bsic = 63
'?',
neigh_idx = 1 '\001', arfcn = 868, flags = 1}, {rxlev = 38
'&', bsic = 63 '?',
neigh_idx = 3 '\003', arfcn = 873, flags = 1}, {rxlev = 31
'\037', bsic = 63 '?',
neigh_idx = 0 '\000', arfcn = 866, flags = 1}, {rxlev = 25
'\031', bsic = 63 '?',
neigh_idx = 5 '\005', arfcn = 881, flags = 1}, {rxlev = 1
'\001', bsic = 63 '?',
neigh_idx = 2 '\002', arfcn = 871, flags = 1}, {rxlev = 0
'\000', bsic = 0 '\000',
neigh_idx = 0 '\000', arfcn = 0, flags = 0}}}, {lchan = 0x7f9c1439e130,
nr = 0 '\000', flags = 0, ul = {full = {rx_lev = 23 '\027', rx_qual
= 0 '\000'}, sub = {
rx_lev = 63 '?', rx_qual = 0 '\000'}}, dl = {full = {rx_lev = 44
',',
---Type <return> to continue, or q <return> to quit---
rx_qual = 4 '\004'}, sub = {rx_lev = 43 '+', rx_qual = 0
'\000'}},
bs_power = 0 '\000', ms_timing_offset = 0 '\000', ms_l1 = {pwr = 10
'\n',
ta = 0 '\000'}, num_cell = 5, cell = {{rxlev = 44 ',', bsic = 63
'?',
neigh_idx = 1 '\001', arfcn = 868, flags = 1}, {rxlev = 38
'&', bsic = 63 '?',
neigh_idx = 3 '\003', arfcn = 873, flags = 1}, {rxlev = 37 '%',
bsic = 63 '?',
neigh_idx = 0 '\000', arfcn = 866, flags = 1}, {rxlev = 24
'\030', bsic = 63 '?',
neigh_idx = 5 '\005', arfcn = 881, flags = 1}, {rxlev = 1
'\001', bsic = 63 '?',
neigh_idx = 2 '\002', arfcn = 871, flags = 1}, {rxlev = 0
'\000', bsic = 0 '\000',
neigh_idx = 0 '\000', arfcn = 0, flags = 0}}}, {lchan = 0x7f9c1439e130,
nr = 0 '\000', flags = 0, ul = {full = {rx_lev = 30 '\036', rx_qual
= 0 '\000'}, sub = {
rx_lev = 63 '?', rx_qual = 0 '\000'}}, dl = {full = {rx_lev = 39
'\'',
rx_qual = 2 '\002'}, sub = {rx_lev = 38 '&', rx_qual = 0
'\000'}},
bs_power = 0 '\000', ms_timing_offset = 0 '\000', ms_l1 = {pwr = 26
'\032',
ta = 0 '\000'}, num_cell = 5, cell = {{rxlev = 42 '*', bsic = 63
'?',
neigh_idx = 0 '\000', arfcn = 866, flags = 1}, {rxlev = 39
'\'', bsic = 63 '?',
neigh_idx = 1 '\001', arfcn = 868, flags = 1}, {rxlev = 37 '%',
bsic = 63 '?',
neigh_idx = 3 '\003', arfcn = 873, flags = 1}, {rxlev = 25
'\031', bsic = 63 '?',
neigh_idx = 5 '\005', arfcn = 881, flags = 1}, {rxlev = 3
'\003', bsic = 63 '?',
neigh_idx = 2 '\002', arfcn = 871, flags = 1}, {rxlev = 0
'\000', bsic = 0 '\000',
neigh_idx = 0 '\000', arfcn = 0, flags = 0}}}}, meas_rep_idx = 0,
rqd_ref = 0x0,
conn = 0x0}