This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/OpenBSC@lists.osmocom.org/.
Holger Hans Peter Freyther holger at freyther.deOn Mon, Nov 10, 2014 at 02:29:37PM -0600, Ciaby wrote:
> (gdb) p *ho->old_lchan
> $1 = {ts = 0x7fb1a80fa020, nr = 0 '\000', type = GSM_LCHAN_TCH_F, rsl_cmode = RSL_CMOD_SPD_SIGN, tch_mode = GSM48_CMODE_SIGN, csd_mode = LCHAN_CSD_M_NT,
> state = LCHAN_S_ACTIVE, bs_power = 0 '\000', ms_power = 5 '\005', encr = {alg_id = 1 '\001', key_len = 0 '\000', key = '\000' <repeats 15 times>}, mr_conf = {
> (gdb) p *ho->old_lchan->conn
> $2 = {entry = {next = 0x66ebb0, prev = 0x66ebb0}, subscr = 0x0, expire_timer_stopped = 0 '\000', next_rp_ref = 0 '\000', loc_operation = 0x0, sec_operation = 0x0,
> anch_operation = 0x9ceed0, silent_call = 0, put_channel = 0, sccp_con = 0x0, in_release = 0, lchan = 0x7fb1a80fb128, ho_lchan = 0x7fb1a80dd0b0, bts = 0x8a3290, T10 = {
> node = {rb_parent_color = 0, rb_right = 0x0, rb_left = 0x0}, list = {next = 0x0, prev = 0x0}, timeout = {tv_sec = 0, tv_usec = 0}, active = 0, cb = 0, data = 0x0},
> secondary_lchan = 0x0}
a.) The lchan has been re-used and "old_lchan" is already for someone
new.
b.) We start the handover too early. E.g. while still trying to
determine the subscriber?
diff --git a/openbsc/src/libbsc/handover_logic.c b/openbsc/src/libbsc/handover_logic.c
index 22f9883..d7e1a16 100644
--- a/openbsc/src/libbsc/handover_logic.c
+++ b/openbsc/src/libbsc/handover_logic.c
@@ -93,6 +93,9 @@ int bsc_handover_start(struct gsm_lchan *old_lchan, struct gsm_bts *bts)
if (bsc_ho_by_old_lchan(old_lchan))
return -EBUSY;
+ if (!old_lchan->conn->subscr)
+ return -EBUSY;
+
DEBUGP(DHO, "(old_lchan on BTS %u, new BTS %u)\n",
old_lchan->ts->trx->bts->nr, bts->nr);
this would be a band-aid and it would be interesting if you still see
the crash.