Possible crash/malfunction in the handover code

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/OpenBSC@lists.osmocom.org/.

Ciaby ciaby at autistici.org
Mon Nov 10 20:10:46 UTC 2014


On 11/10/2014 01:44 PM, Holger Hans Peter Freyther wrote:
> On Mon, Nov 10, 2014 at 12:16:47PM -0600, Ciaby wrote:
> 
> 
>> Sometimes osmo-nitb crashes, and our users have reported the fact that sometimes they end up listening to someone's else conversation.
> 
> ouch!
> 
>> This started to happen since we enabled handover.
>> This is the backtrace i got from a core dump of osmo-nitb:
>>
>> (gdb) bt
> 
> Can you please make a "bt full" so we see the values of
> structures 
> 
>> Any clue about why this is happening?
> 
> Yes. "abnormal" condition. So somehow conn->subscr = NULL. This
> means the subscriber was never loaded from the database or what
> is more likely is that subscr_con_free has been called for the
> old channel.
> 
>  subscr_name(ho->old_lchan->conn->subscr)
> 
> is crashing because subscr is 0x0. I wonder about the state of
> conn and the old_lchan in general. My guess would be that the
> old_lchan has already failed.
Here comes the "bt full" output:

#0  subscr_name (subscr=0x0) at gsm_subscriber_base.c:47
No locals.
#1  0x00000000004079e3 in ho_gsm48_ho_compl (new_lchan=0x7fb1a80dd0b0)
at handover_logic.c:259
        net = 0x894690
        ho = 0xe1ccb0
#2  ho_logic_sig_cb (signal_data=<optimized out>, signal=<optimized
out>, subsys=<optimized out>, handler_data=<optimized out>) at
handover_logic.c:353
        lchan = 0x7fb1a80dd0b0
#3  ho_logic_sig_cb (subsys=<optimized out>, signal=<optimized out>,
handler_data=<optimized out>, signal_data=<optimized out>) at
handover_logic.c:335
        lchan_data = <optimized out>
#4  0x00007fb1a76dccec in osmo_signal_dispatch (subsys=4, signal=3,
signal_data=0x7ffffe668090) at signal.c:105
        handler = 0x7af060
#5  0x0000000000408d25 in handle_rr_ho_compl (msg=<optimized out>) at
bsc_api.c:524
        sig = {lchan = 0x7fb1a80dd0b0, mr = 0x0}
        gh = <optimized out>
#6  dispatch_dtap (msg=0x2436980, link_id=<optimized out>,
conn=0xc8e070) at bsc_api.c:583
        api = 0x6757c0
        gh = <optimized out>
        pdisc = <optimized out>
        rc = <optimized out>
#7  gsm0408_rcvmsg (msg=0x2436980, link_id=<optimized out>) at bsc_api.c:657
        rc = <optimized out>
        api = 0x6757c0
        lchan = 0x7fb1a80dd0b0
#8  0x000000000041fde1 in abis_rsl_rx_rll (msg=0x2436980) at abis_rsl.c:1682
        rllh = 0x2436a0e
        ts_name = <optimized out>
        sign_link = <optimized out>
        rc = 0
        sapi = <optimized out>
#9  abis_rsl_rcvmsg (msg=0x2436980) at abis_rsl.c:2093
        rslh = 0x2436a0e
        rc = 0
#10 0x00007fb1a74cce5a in handle_ts1_read (bfd=0x90d6b8) at
input/ipaccess.c:469
        line = 0x90cb00
        link = <optimized out>
        hh = 0x2436a0b
        msg = 0x2436980
        ret = <optimized out>
        ts_nr = 2
        e1i_ts = 0x90d118
#11 ipaccess_fd_cb (bfd=0x90d6b8, what=1) at input/ipaccess.c:603
        rc = 0
#12 0x00007fb1a76dca11 in osmo_select_main (polling=0) at select.c:158
        flags = 1
        ufd = 0x90d6b8
        tmp = 0x8aa118
        readset = {__fds_bits = {0 <repeats 16 times>}}
        writeset = {__fds_bits = {0 <repeats 16 times>}}
        exceptset = {__fds_bits = {0 <repeats 16 times>}}
        work = 1
        rc = <optimized out>
        no_time = {tv_sec = 0, tv_usec = 0}
#13 0x0000000000406e34 in main (argc=<optimized out>,
argv=0x7ffffe6684f8) at bsc_hack.c:354
        rc = <optimized out>

Cheers

Ciaby




More information about the OpenBSC mailing list