Possible crash/malfunction in the handover code

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/OpenBSC@lists.osmocom.org/.

Ciaby ciaby at autistici.org
Mon Nov 10 20:29:37 UTC 2014


On 11/10/2014 02:19 PM, Holger Hans Peter Freyther wrote:
> On Mon, Nov 10, 2014 at 02:10:46PM -0600, Ciaby wrote:
> 
>> #0  subscr_name (subscr=0x0) at gsm_subscriber_base.c:47
>> No locals.
>> #1  0x00000000004079e3 in ho_gsm48_ho_compl (new_lchan=0x7fb1a80dd0b0)
>> at handover_logic.c:259
>>         net = 0x894690
>>         ho = 0xe1ccb0
> 
> 
> frame 1
> p *ho
> p *ho->old_lchan
> p *ho->old_lchan->conn
> 
> does it work
> 

(gdb) frame 1
#1  0x00000000004079e3 in ho_gsm48_ho_compl (new_lchan=0x7fb1a80dd0b0) at handover_logic.c:259
259     in handover_logic.c

(gdb) p *ho
$3 = {list = {next = 0x66eba0, prev = 0x66eba0}, old_lchan = 0x7fb1a80fb128, new_lchan = 0x7fb1a80dd0b0, T3103 = {node = {rb_parent_color = 6785312, rb_right = 0x0, 
      rb_left = 0x0}, list = {next = 0xe1cce8, prev = 0xe1cce8}, timeout = {tv_sec = 1415116971, tv_usec = 619112}, active = 1, cb = 0x407740 <ho_T3103_cb>, 
    data = 0xe1ccb0}, ho_ref = 92 '\\'}

(gdb) p *ho->old_lchan
$1 = {ts = 0x7fb1a80fa020, nr = 0 '\000', type = GSM_LCHAN_TCH_F, rsl_cmode = RSL_CMOD_SPD_SIGN, tch_mode = GSM48_CMODE_SIGN, csd_mode = LCHAN_CSD_M_NT, 
  state = LCHAN_S_ACTIVE, bs_power = 0 '\000', ms_power = 5 '\005', encr = {alg_id = 1 '\001', key_len = 0 '\000', key = '\000' <repeats 15 times>}, mr_conf = {
    smod = 0 '\000', spare = 0 '\000', icmi = 0 '\000', nscb = 0 '\000', ver = 0 '\000', m4_75 = 0 '\000', m5_15 = 0 '\000', m5_90 = 0 '\000', m6_70 = 0 '\000', 
    m7_40 = 0 '\000', m7_95 = 0 '\000', m10_2 = 0 '\000', m12_2 = 0 '\000'}, sapis = "\001\000\000\000\000\000\000", sacch_deact = 0, abis_ip = {bound_ip = 2886729995, 
    connect_ip = 2886729985, bound_port = 50846, connect_port = 553, conn_id = 0, rtp_payload = 3 '\003', rtp_payload2 = 0 '\000', speech_mode = 0 '\000', 
    rtp_socket = 0x0}, rqd_ta = 0 '\000', T3101 = {node = {rb_parent_color = 9338528, rb_right = 0x0, rb_left = 0x0}, list = {next = 0x7fb1a80fb1b0, 
      prev = 0x7fb1a80fb1b0}, timeout = {tv_sec = 1415116967, tv_usec = 917091}, active = 0, cb = 0x41f600 <t3101_expired>, data = 0x7fb1a80fb128}, T3109 = {node = {
      rb_parent_color = 6785313, rb_right = 0x0, rb_left = 0x0}, list = {next = 0x7fb1a80fb200, prev = 0x7fb1a80fb200}, timeout = {tv_sec = 1415116956, 
      tv_usec = 113590}, active = 0, cb = 0x41f310 <t3109_expired>, data = 0x7fb1a80fb128}, T3111 = {node = {rb_parent_color = 6785312, rb_right = 0x0, rb_left = 0x0}, 
    list = {next = 0x7fb1a80fb250, prev = 0x7fb1a80fb250}, timeout = {tv_sec = 1415116952, tv_usec = 273614}, active = 0, cb = 0x41f360 <t3111_expired>, 
    data = 0x7fb1a80fb128}, error_timer = {node = {rb_parent_color = 8996937, rb_right = 0x0, rb_left = 0x0}, list = {next = 0x7fb1a80fb2a0, prev = 0x7fb1a80fb2a0}, 
    timeout = {tv_sec = 1415116278, tv_usec = 714886}, active = 0, cb = 0x41c910 <error_timeout_cb>, data = 0x7fb1a80fb128}, act_timer = {node = {
      rb_parent_color = 8996937, rb_right = 0x0, rb_left = 0x0}, list = {next = 0x7fb1a80fb2f0, prev = 0x7fb1a80fb2f0}, timeout = {tv_sec = 1415116961, 
      tv_usec = 906814}, active = 0, cb = 0x41b880 <lchan_act_tmr_cb>, data = 0x7fb1a80fb128}, rel_work = {node = {rb_parent_color = 0, rb_right = 0x0, rb_left = 0x0}, 
    list = {next = 0x0, prev = 0x0}, timeout = {tv_sec = 0, tv_usec = 0}, active = 0, cb = 0, data = 0x0}, error_cause = 0 '\000', neigh_meas = {{arfcn = 239, 
      bsic = 63 '?', rxlev = "\r\t\024\024\024\026\026\026\026\027", rxlev_cnt = 58152, last_seen_nr = 6 '\006'}, {arfcn = 0, bsic = 63 '?', 
      rxlev = "\000\000\000\000\000\000\000\000\000", rxlev_cnt = 332, last_seen_nr = 20 '\024'}, {arfcn = 0, bsic = 0 '\000', 
      rxlev = "\000\000\000\000\000\000\000\000\000", rxlev_cnt = 0, last_seen_nr = 0 '\000'}, {arfcn = 0, bsic = 0 '\000', 
      rxlev = "\000\000\000\000\000\000\000\000\000", rxlev_cnt = 0, last_seen_nr = 0 '\000'}, {arfcn = 0, bsic = 0 '\000', 
      rxlev = "\000\000\000\000\000\000\000\000\000", rxlev_cnt = 0, last_seen_nr = 0 '\000'}, {arfcn = 0, bsic = 0 '\000', 
      rxlev = "\000\000\000\000\000\000\000\000\000", rxlev_cnt = 0, last_seen_nr = 0 '\000'}, {arfcn = 0, bsic = 0 '\000', 
      rxlev = "\000\000\000\000\000\000\000\000\000", rxlev_cnt = 0, last_seen_nr = 0 '\000'}, {arfcn = 0, bsic = 0 '\000', 
      rxlev = "\000\000\000\000\000\000\000\000\000", rxlev_cnt = 0, last_seen_nr = 0 '\000'}, {arfcn = 0, bsic = 0 '\000', 
      rxlev = "\000\000\000\000\000\000\000\000\000", rxlev_cnt = 0, last_seen_nr = 0 '\000'}, {arfcn = 0, bsic = 0 '\000', 
      rxlev = "\000\000\000\000\000\000\000\000\000", rxlev_cnt = 0, last_seen_nr = 0 '\000'}}, meas_rep = {{lchan = 0x7fb1a80fb128, nr = 6 '\006', flags = 34, ul = {
        full = {rx_lev = 13 '\r', rx_qual = 0 '\000'}, sub = {rx_lev = 63 '?', rx_qual = 0 '\000'}}, dl = {full = {rx_lev = 3 '\003', rx_qual = 5 '\005'}, sub = {
          rx_lev = 4 '\004', rx_qual = 6 '\006'}}, bs_power = 0 '\000', ms_timing_offset = 0 '\000', ms_l1 = {pwr = 33 '!', ta = 12 '\f'}, num_cell = 1, cell = {{
          rxlev = 9 '\t', bsic = 63 '?', neigh_idx = 2 '\002', arfcn = 239, flags = 1}, {rxlev = 0 '\000', bsic = 0 '\000', neigh_idx = 0 '\000', arfcn = 0, flags = 0}, 
        {rxlev = 0 '\000', bsic = 0 '\000', neigh_idx = 0 '\000', arfcn = 0, flags = 0}, {rxlev = 0 '\000', bsic = 0 '\000', neigh_idx = 0 '\000', arfcn = 0, 
          flags = 0}, {rxlev = 0 '\000', bsic = 0 '\000', neigh_idx = 0 '\000', arfcn = 0, flags = 0}, {rxlev = 0 '\000', bsic = 0 '\000', neigh_idx = 0 '\000', 
          arfcn = 0, flags = 0}}}, {lchan = 0x7fb1a80fb128, nr = 1 '\001', flags = 34, ul = {full = {rx_lev = 21 '\025', rx_qual = 0 '\000'}, sub = {rx_lev = 63 '?', 
          rx_qual = 0 '\000'}}, dl = {full = {rx_lev = 22 '\026', rx_qual = 0 '\000'}, sub = {rx_lev = 22 '\026', rx_qual = 0 '\000'}}, bs_power = 0 '\000', 
      ms_timing_offset = 0 '\000', ms_l1 = {pwr = 33 '!', ta = 12 '\f'}, num_cell = 1, cell = {{rxlev = 22 '\026', bsic = 63 '?', neigh_idx = 2 '\002', arfcn = 239, 
          flags = 1}, {rxlev = 0 '\000', bsic = 0 '\000', neigh_idx = 0 '\000', arfcn = 0, flags = 0}, {rxlev = 0 '\000', bsic = 0 '\000', neigh_idx = 0 '\000', 
          arfcn = 0, flags = 0}, {rxlev = 0 '\000', bsic = 0 '\000', neigh_idx = 0 '\000', arfcn = 0, flags = 0}, {rxlev = 0 '\000', bsic = 0 '\000', 
          neigh_idx = 0 '\000', arfcn = 0, flags = 0}, {rxlev = 0 '\000', bsic = 0 '\000', neigh_idx = 0 '\000', arfcn = 0, flags = 0}}}, {lchan = 0x7fb1a80fb128, 
      nr = 2 '\002', flags = 34, ul = {full = {rx_lev = 20 '\024', rx_qual = 0 '\000'}, sub = {rx_lev = 63 '?', rx_qual = 0 '\000'}}, dl = {full = {rx_lev = 22 '\026', 
          rx_qual = 0 '\000'}, sub = {rx_lev = 22 '\026', rx_qual = 0 '\000'}}, bs_power = 0 '\000', ms_timing_offset = 0 '\000', ms_l1 = {pwr = 33 '!', ta = 12 '\f'}, 
      num_cell = 1, cell = {{rxlev = 22 '\026', bsic = 63 '?', neigh_idx = 2 '\002', arfcn = 239, flags = 1}, {rxlev = 0 '\000', bsic = 0 '\000', neigh_idx = 0 '\000', 
          arfcn = 0, flags = 0}, {rxlev = 0 '\000', bsic = 0 '\000', neigh_idx = 0 '\000', arfcn = 0, flags = 0}, {rxlev = 0 '\000', bsic = 0 '\000', 
          neigh_idx = 0 '\000', arfcn = 0, flags = 0}, {rxlev = 0 '\000', bsic = 0 '\000', neigh_idx = 0 '\000', arfcn = 0, flags = 0}, {rxlev = 0 '\000', 
          bsic = 0 '\000', neigh_idx = 0 '\000', arfcn = 0, flags = 0}}}, {lchan = 0x7fb1a80fb128, nr = 3 '\003', flags = 34, ul = {full = {rx_lev = 21 '\025', 
          rx_qual = 0 '\000'}, sub = {rx_lev = 63 '?', rx_qual = 0 '\000'}}, dl = {full = {rx_lev = 22 '\026', rx_qual = 0 '\000'}, sub = {rx_lev = 22 '\026', 
          rx_qual = 0 '\000'}}, bs_power = 0 '\000', ms_timing_offset = 0 '\000', ms_l1 = {pwr = 33 '!', ta = 12 '\f'}, num_cell = 1, cell = {{rxlev = 22 '\026', 
          bsic = 63 '?', neigh_idx = 2 '\002', arfcn = 239, flags = 1}, {rxlev = 0 '\000', bsic = 0 '\000', neigh_idx = 0 '\000', arfcn = 0, flags = 0}, {
          rxlev = 0 '\000', bsic = 0 '\000', neigh_idx = 0 '\000', arfcn = 0, flags = 0}, {rxlev = 0 '\000', bsic = 0 '\000', neigh_idx = 0 '\000', arfcn = 0, 
          flags = 0}, {rxlev = 0 '\000', bsic = 0 '\000', neigh_idx = 0 '\000', arfcn = 0, flags = 0}, {rxlev = 0 '\000', bsic = 0 '\000', neigh_idx = 0 '\000', 
          arfcn = 0, flags = 0}}}, {lchan = 0x7fb1a80fb128, nr = 4 '\004', flags = 34, ul = {full = {rx_lev = 22 '\026', rx_qual = 0 '\000'}, sub = {rx_lev = 63 '?', 
          rx_qual = 0 '\000'}}, dl = {full = {rx_lev = 23 '\027', rx_qual = 0 '\000'}, sub = {rx_lev = 22 '\026', rx_qual = 0 '\000'}}, bs_power = 0 '\000', 
      ms_timing_offset = 0 '\000', ms_l1 = {pwr = 33 '!', ta = 12 '\f'}, num_cell = 1, cell = {{rxlev = 23 '\027', bsic = 63 '?', neigh_idx = 2 '\002', arfcn = 239, 
          flags = 1}, {rxlev = 0 '\000', bsic = 0 '\000', neigh_idx = 0 '\000', arfcn = 0, flags = 0}, {rxlev = 0 '\000', bsic = 0 '\000', neigh_idx = 0 '\000', 
          arfcn = 0, flags = 0}, {rxlev = 0 '\000', bsic = 0 '\000', neigh_idx = 0 '\000', arfcn = 0, flags = 0}, {rxlev = 0 '\000', bsic = 0 '\000', 
          neigh_idx = 0 '\000', arfcn = 0, flags = 0}, {rxlev = 0 '\000', bsic = 0 '\000', neigh_idx = 0 '\000', arfcn = 0, flags = 0}}}, {lchan = 0x7fb1a80fb128, 
      nr = 5 '\005', flags = 34, ul = {full = {rx_lev = 16 '\020', rx_qual = 0 '\000'}, sub = {rx_lev = 63 '?', rx_qual = 0 '\000'}}, dl = {full = {rx_lev = 14 '\016', 
          rx_qual = 0 '\000'}, sub = {rx_lev = 16 '\020', rx_qual = 0 '\000'}}, bs_power = 0 '\000', ms_timing_offset = 0 '\000', ms_l1 = {pwr = 33 '!', ta = 12 '\f'}, 
      num_cell = 1, cell = {{rxlev = 13 '\r', bsic = 63 '?', neigh_idx = 2 '\002', arfcn = 239, flags = 1}, {rxlev = 0 '\000', bsic = 0 '\000', neigh_idx = 0 '\000', 
          arfcn = 0, flags = 0}, {rxlev = 0 '\000', bsic = 0 '\000', neigh_idx = 0 '\000', arfcn = 0, flags = 0}, {rxlev = 0 '\000', bsic = 0 '\000', 
          neigh_idx = 0 '\000', arfcn = 0, flags = 0}, {rxlev = 0 '\000', bsic = 0 '\000', neigh_idx = 0 '\000', arfcn = 0, flags = 0}, {rxlev = 0 '\000', 
          bsic = 0 '\000', neigh_idx = 0 '\000', arfcn = 0, flags = 0}}}}, meas_rep_idx = 1, rqd_ref = 0x0, conn = 0xc8e070}

(gdb) p *ho->old_lchan->conn
$2 = {entry = {next = 0x66ebb0, prev = 0x66ebb0}, subscr = 0x0, expire_timer_stopped = 0 '\000', next_rp_ref = 0 '\000', loc_operation = 0x0, sec_operation = 0x0, 
  anch_operation = 0x9ceed0, silent_call = 0, put_channel = 0, sccp_con = 0x0, in_release = 0, lchan = 0x7fb1a80fb128, ho_lchan = 0x7fb1a80dd0b0, bts = 0x8a3290, T10 = {
    node = {rb_parent_color = 0, rb_right = 0x0, rb_left = 0x0}, list = {next = 0x0, prev = 0x0}, timeout = {tv_sec = 0, tv_usec = 0}, active = 0, cb = 0, data = 0x0}, 
  secondary_lchan = 0x0}

Cheers

Ciaby




More information about the OpenBSC mailing list