This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/OpenBSC@lists.osmocom.org/.
Holger Hans Peter Freyther holger at freyther.deOn 06/30/2010 03:59 AM, Richard Zahoransky wrote:\ Hi, thanks a lot for starting to debug this. Could you help me a bit with your test setup? Which type of BTS do you use? Could you get us a pcap file for the Channel Activate NACK? > maybe this could be because I have installed openggsn? Sound likely, I would guess you need to update libgtp.. > ==26461== Invalid read of size 4 > ==26461== at 0x806DA60: subscr_paging_cb (linuxlist.h:163) > ==26461== by 0x806EE46: paging_T3113_expired (paging.c:209) > ==26461== by 0x403D3EF: bsc_update_timers (timer.c:160) > ==26461== by 0x403D8F6: bsc_select_main (select.c:94) > ==26461== by 0x804BC75: main (bsc_hack.c:271) > ==26461== Address 0x4731120 is 432 bytes inside a block of size 440 free'd > ==26461== at 0x4024B3A: free (vg_replace_malloc.c:366) > ==26461== by 0x40471AF: talloc_free (talloc.c:610) > ==26461== by 0x806DD34: subscr_put (gsm_subscriber_base.c:133) > ==26461== by 0x806E9F5: paging_remove_request (paging.c:77) > ==26461== by 0x806EE02: paging_T3113_expired (paging.c:204) > ==26461== by 0x403D3EF: bsc_update_timers (timer.c:160) > ==26461== by 0x403D8F6: bsc_select_main (select.c:94) > ==26461== by 0x804BC75: main (bsc_hack.c:271) Thank's a lot. So the ingredient I was missing for my test was the failing paging request. I am using code from subscr_get_channel which is not adding a subscr_get/subscr_put... so the callback param points to a deleted subscriber. > ==26524== Use of uninitialised value of size 4 > ==26524== at 0x43A9288: _itoa_word (_itoa.c:196) > ==26524== by 0x43ACAE1: vfprintf (vfprintf.c:1613) > ==26524== by 0x444DBF3: __vsnprintf_chk (vsnprintf_chk.c:65) > ==26524== by 0x444DB13: __snprintf_chk (snprintf_chk.c:36) > ==26524== by 0x40417E4: hexdump (stdio2.h:65) > ==26524== by 0x8072538: ipaccess_fd_cb (ipaccess.c:566) > ==26524== by 0x403D924: bsc_select_main (select.c:119) > ==26524== by 0x804BC75: main (bsc_hack.c:271) > ==26524== > ==26524== Syscall param socketcall.send(msg) points to uninitialised byte(s) > ==26524== at 0x443BE78: send (socket.S:100) > ==26524== by 0x403D924: bsc_select_main (select.c:119) > ==26524== by 0x804BC75: main (bsc_hack.c:271) > ==26524== Address 0x4736d9d is 261 bytes inside a block of size 1,140 alloc'd > ==26524== at 0x4024F20: malloc (vg_replace_malloc.c:236) > ==26524== by 0x4045291: _talloc_zero (talloc.c:355) > ==26524== by 0x403DD66: msgb_alloc (msgb.c:37) > ==26524== by 0x8061FF9: rsl_msgb_alloc (msgb.h:159) > ==26524== by 0x806436E: rsl_chan_activate_lchan (abis_rsl.c:443) > ==26524== by 0x80653D0: abis_rsl_rcvmsg (abis_rsl.c:1228) > ==26524== by 0x80725F9: ipaccess_fd_cb (ipaccess.c:489) > ==26524== by 0x403D924: bsc_select_main (select.c:119) > ==26524== by 0x804BC75: main (bsc_hack.c:271) > ==26524== These two are new as well.... for the last it is either me or harald... doing it wrong. I will poke it a bit.