Open Source Mobile Communications: Issueshttps://osmocom.org/https://osmocom.org/favicon.ico?16647414092023-08-24T14:29:37ZOpen Source Mobile Communications
Redmine OsmoBTS - Bug #6147 (Resolved): TC_pcu_data_req_pdtch/ptcch/pdtch/ptcch and TC_pcu_ptcch failhttps://osmocom.org/issues/61472023-08-24T14:29:37Zdexter
<p>Since 20.08.2023 the following testcases fail:</p>
<p>TC_pcu_data_req_pdtch<br />TC_pcu_data_req_ptcch<br />TC_pcu_data_req_pdtch<br />TC_pcu_data_req_ptcch<br />TC_pcu_ptcch</p> OsmoBTS - Bug #6142 (Resolved): channels are opened, but nothing happens, sometimes strange DTAP ...https://osmocom.org/issues/61422023-08-23T14:41:41Zdexter
<p>This behavior was observed with osmo-bts-trx. A channel gets assigned, we see measurement reports and rarely some strange DTAP messages. The channel stays open for a while and then closes. (see attached trace)</p>
<p>When libosmocore change Id62c18f49f270449067b25b7104eb8b47f1955ec is reverted, then everything appears to be normal again.</p> OsmoMGW - Bug #5984 (Closed): fix regression in TC_two_crcx_and_one_mdcx_rtp_hohttps://osmocom.org/issues/59842023-03-29T20:00:42Zdexter
<p>TC_two_crcx_and_one_mdcx_rtp_ho fails with reason: "RTP packets received while RX was disabled"</p> OsmoBTS - Bug #5645 (Resolved): osmo-bts-trx crashes when using gsmtap option -ihttps://osmocom.org/issues/56452022-08-15T12:48:31Zdexter
<p>When osmo-bts-trx is started with option -i (osmo-bts-trx -c ./osmo-bts.cfg -i 127.0.0.1), then it fails with SIGABRT (or Segmentation Fault without GDB). The problem is most likely related to an msgb that is too small.</p>
<pre>
Mon Aug 15 14:43:21 2022 <0001> nm_channel_fsm.c:152 NM_CHAN_OP(bts0-trx0-ts5)[0x55555576f660]{DISABLED_OFFLINE}: state_chg to ENABLED
Mon Aug 15 14:43:21 2022 <0001> oml.c:354 OC=CHANNEL INST=(00,00,05) AVAIL STATE Off line -> OK
Mon Aug 15 14:43:21 2022 <0001> oml.c:362 OC=CHANNEL INST=(00,00,05) OPER STATE Disabled -> Enabled
Mon Aug 15 14:43:21 2022 <0009> pcu_sock.c:242 Sending info
Mon Aug 15 14:43:21 2022 <0009> pcu_sock.c:257 BTS is up
Mon Aug 15 14:43:21 2022 <0001> oml.c:144 OC=CHANNEL(03) INST=(00,00,05): Tx State Changed Event Report
Mon Aug 15 14:43:21 2022 <0011> input/ipa.c:139 127.0.0.1:3002 connected write
Mon Aug 15 14:43:21 2022 <0011> input/ipa.c:139 127.0.0.1:3002 connected write
Mon Aug 15 14:43:21 2022 <0011> input/ipa.c:135 127.0.0.1:3002 connected read
Mon Aug 15 14:43:21 2022 <0011> input/ipa.c:56 127.0.0.1:3002 message received
Mon Aug 15 14:43:21 2022 <0001> oml.c:1017 OC=CHANNEL(03) INST=(00,00,06): Rx OPSTART
Mon Aug 15 14:43:21 2022 <0001> l1_if.c:588 NM_CHAN_OP(bts0-trx0-ts6)[0x55555576fcb0]{DISABLED_OFFLINE}: Received Event OPSTART_ACK
Mon Aug 15 14:43:21 2022 <0001> oml.c:144 OC=CHANNEL(03) INST=(00,00,06): Tx Opstart Ack
Mon Aug 15 14:43:21 2022 <0001> nm_channel_fsm.c:152 NM_CHAN_OP(bts0-trx0-ts6)[0x55555576fcb0]{DISABLED_OFFLINE}: state_chg to ENABLED
Mon Aug 15 14:43:21 2022 <0001> oml.c:354 OC=CHANNEL INST=(00,00,06) AVAIL STATE Off line -> OK
Mon Aug 15 14:43:21 2022 <0001> oml.c:362 OC=CHANNEL INST=(00,00,06) OPER STATE Disabled -> Enabled
Mon Aug 15 14:43:21 2022 <0009> pcu_sock.c:242 Sending info
Mon Aug 15 14:43:21 2022 <0009> pcu_sock.c:257 BTS is up
Mon Aug 15 14:43:21 2022 <0001> oml.c:144 OC=CHANNEL(03) INST=(00,00,06): Tx State Changed Event Report
Mon Aug 15 14:43:21 2022 <0011> input/ipa.c:139 127.0.0.1:3002 connected write
Mon Aug 15 14:43:21 2022 <0011> input/ipa.c:139 127.0.0.1:3002 connected write
Mon Aug 15 14:43:21 2022 <0011> input/ipa.c:139 127.0.0.1:3002 connected write
Mon Aug 15 14:43:21 2022 <0011> input/ipa.c:135 127.0.0.1:3002 connected read
Mon Aug 15 14:43:21 2022 <0011> input/ipa.c:56 127.0.0.1:3002 message received
Mon Aug 15 14:43:21 2022 <0001> oml.c:1017 OC=CHANNEL(03) INST=(00,00,07): Rx OPSTART
Mon Aug 15 14:43:21 2022 <0001> l1_if.c:588 NM_CHAN_OP(bts0-trx0-ts7)[0x555555770300]{DISABLED_OFFLINE}: Received Event OPSTART_ACK
Mon Aug 15 14:43:21 2022 <0001> oml.c:144 OC=CHANNEL(03) INST=(00,00,07): Tx Opstart Ack
Mon Aug 15 14:43:21 2022 <0001> nm_channel_fsm.c:152 NM_CHAN_OP(bts0-trx0-ts7)[0x555555770300]{DISABLED_OFFLINE}: state_chg to ENABLED
Mon Aug 15 14:43:21 2022 <0001> oml.c:354 OC=CHANNEL INST=(00,00,07) AVAIL STATE Off line -> OK
Mon Aug 15 14:43:21 2022 <0001> oml.c:362 OC=CHANNEL INST=(00,00,07) OPER STATE Disabled -> Enabled
Mon Aug 15 14:43:21 2022 <0009> pcu_sock.c:242 Sending info
Mon Aug 15 14:43:21 2022 <0009> pcu_sock.c:257 BTS is up
Mon Aug 15 14:43:21 2022 <0009> pcu_sock.c:221 (bts=0,trx=0) PDCH on ts=7 is available (tsc=6 hopping=no arfcn=868)
Mon Aug 15 14:43:21 2022 <0001> oml.c:144 OC=CHANNEL(03) INST=(00,00,07): Tx State Changed Event Report
Mon Aug 15 14:43:21 2022 <0011> input/ipa.c:139 127.0.0.1:3002 connected write
Mon Aug 15 14:43:21 2022 <0009> pcu_sock.c:863 Activate request received: TRX=0 TS=7
Mon Aug 15 14:43:21 2022 <0006> l1sap.c:1942 (bts=0,trx=0,ts=7,ss=0) Activating channel PDCH on TS7
Mon Aug 15 14:43:21 2022 <0006> scheduler.c:1099 (bts=0,trx=0,ts=7,ss=0) Activating PDTCH
Mon Aug 15 14:43:21 2022 <0006> scheduler.c:1099 (bts=0,trx=0,ts=7,ss=0) Activating PTCCH
Mon Aug 15 14:43:21 2022 <0006> lchan.c:271 (bts=0,trx=0,ts=7,ss=0) state NONE -> ACTIVE
Mon Aug 15 14:43:21 2022 <0006> l1sap.c:837 (bts=0,trx=0,ts=7,ss=0) activate confirm chan_nr=PDCH on TS7 trx=0
Mon Aug 15 14:43:21 2022 <0000> rsl.c:1389 (bts=0,trx=0,ts=7,ss=0) not sending CHAN ACT ACK
Mon Aug 15 14:43:21 2022 <0011> input/ipa.c:139 127.0.0.1:3002 connected write
Mon Aug 15 14:43:21 2022 <0009> pcu_sock.c:448 Sending rts request: is_ptcch=0 arfcn=868 block=11
Mon Aug 15 14:43:21 2022 <0009> pcu_sock.c:680 Data request received: sapi=PDTCH arfcn=868 block=11 data=
msgb(0x5555558a3a30): Not enough tailroom msgb_put (allocated 52904, head at 0, len 16, tailroom 53024 < want tailroom 1432604448)
backtrace() returned 22 addresses
/usr/local/lib/libosmocore.so.19(osmo_generate_backtrace+0x18) [0x7ffff7e15e23]
/usr/local/lib/libosmocore.so.19(+0x29b01) [0x7ffff7e15b01]
/usr/local/lib/libosmocore.so.19(osmo_panic+0xca) [0x7ffff7e15bd0]
/usr/local/lib/libosmocore.so.19(+0x28fd0) [0x7ffff7e14fd0]
/usr/local/lib/libosmocore.so.19(gsmtap_makemsg_ex+0x110) [0x7ffff7e1533f]
/usr/local/lib/libosmocore.so.19(gsmtap_send_ex+0x88) [0x7ffff7e1563e]
/usr/local/lib/libosmocore.so.19(gsmtap_send+0x79) [0x7ffff7e156fa]
/usr/local/bin/osmo-bts-trx(+0x51806) [0x5555555a5806]
/usr/local/bin/osmo-bts-trx(+0x56493) [0x5555555aa493]
/usr/local/bin/osmo-bts-trx(+0x566c4) [0x5555555aa6c4]
/usr/local/bin/osmo-bts-trx(+0x4998e) [0x55555559d98e]
/usr/local/bin/osmo-bts-trx(+0x4a740) [0x55555559e740]
/usr/local/bin/osmo-bts-trx(+0x4b174) [0x55555559f174]
/usr/local/bin/osmo-bts-trx(+0x4b3b9) [0x55555559f3b9]
/usr/local/lib/libosmocore.so.19(+0x1082c) [0x7ffff7dfc82c]
/usr/local/lib/libosmocore.so.19(+0x10939) [0x7ffff7dfc939]
/usr/local/lib/libosmocore.so.19(osmo_select_main+0x15) [0x7ffff7dfc955]
/usr/local/bin/osmo-bts-trx(+0x5a5f1) [0x5555555ae5f1]
/usr/local/bin/osmo-bts-trx(+0xd5ed) [0x5555555615ed]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xeb) [0x7ffff7c1309b]
/usr/local/bin/osmo-bts-trx(+0xd14a) [0x55555556114a]
Program received signal SIGABRT, Aborted.
__GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
50 ../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb)
</pre> OsmoBSCNAT - Bug #5597 (Resolved): fix uninitialized address CID 273006https://osmocom.org/issues/55972022-06-29T15:21:34Zdexter
<pre>
*** CID 273006: (UNINIT)
/source-Osmocom/osmo-bsc-nat/src/osmo-bsc-nat/bsc_nat_fsm.c: 136 in sccp_sap_up_cn()
130 break;
131
132 case OSMO_PRIM(OSMO_SCU_PRIM_N_DISCONNECT, PRIM_OP_INDICATION):
133 /* indication of disconnect */
134 subscr_conn = subscr_conn_get_by_id(prim->u.disconnect.conn_id, BSC_NAT_NET_CN);
135 if (!subscr_conn) {
>>> CID 273006: (UNINIT)
>>> Using uninitialized value "addr" when calling "bsc_nat_print_addr".
136 LOGP(DMAIN, LOGL_ERROR, "Unknown conn_id=%" PRIu32 " from %s\n", prim->u.disconnect.conn_id,
137 bsc_nat_print_addr_cn(addr));
138 goto error;
139 }
140
141 LOGP(DMAIN, LOGL_DEBUG, "Fwd via %s\n", talloc_get_name(subscr_conn));
/source-Osmocom/osmo-bsc-nat/src/osmo-bsc-nat/bsc_nat_fsm.c: 124 in sccp_sap_up_cn()
118 break;
119
120 case OSMO_PRIM(OSMO_SCU_PRIM_N_DATA, PRIM_OP_INDICATION):
121 /* connection-oriented data received */
122 subscr_conn = subscr_conn_get_by_id(prim->u.data.conn_id, BSC_NAT_NET_CN);
123 if (!subscr_conn) {
>>> CID 273006: (UNINIT)
>>> Using uninitialized value "addr" when calling "bsc_nat_print_addr".
124 LOGP(DMAIN, LOGL_ERROR, "Unknown conn_id=%" PRIu32 " from %s\n", prim->u.data.conn_id,
125 bsc_nat_print_addr_cn(addr));
126 goto error;
127 }
128
129 rc = bssap_handle_dt(BSC_NAT_NET_CN, subscr_conn, oph->msg, msgb_l2len(oph->msg));
** CID 273005: (UNINIT)
</pre>
<p>The address variable is uninitialized in case OSMO_PRIM(OSMO_SCU_PRIM_N_DATA, PRIM_OP_INDICATION) and OSMO_PRIM(OSMO_SCU_PRIM_N_DISCONNECT, PRIM_OP_INDICATION. Its only used to print it in the log, which means removing bsc_nat_print_addr_cn(addr) from the log statement would fix the problem. Unfortunately this also would make debugging more difficult, however there seems also to be no way to ask libosmo-sccp for the address of a particular conn_id.</p> Cellular Network Infrastructure - Bug #5030 (Resolved): jenkins ttcn3-bsc-test and ttcn3-bts-test...https://osmocom.org/issues/50302021-02-17T13:31:41Zdexter
<p>The following two TTCN3 testsuites fail in jenkins.</p>
<p><a class="external" href="https://jenkins.osmocom.org/jenkins/view/TTCN3/job/ttcn3-bsc-test/1285/">https://jenkins.osmocom.org/jenkins/view/TTCN3/job/ttcn3-bsc-test/1285/</a><br /><a class="external" href="https://jenkins.osmocom.org/jenkins/view/TTCN3/job/ttcn3-bts-test/1190/">https://jenkins.osmocom.org/jenkins/view/TTCN3/job/ttcn3-bts-test/1190/</a></p>
<p>building osmo-bts fails with the following errror message:<br />../../include/osmo-bts/gsm_data.h:326:29: error: field 'l1_info' has incomplete type</p>
<p>This is due to the following patch:<br /><a class="external" href="https://gerrit.osmocom.org/c/osmo-bts/+/22938">https://gerrit.osmocom.org/c/osmo-bts/+/22938</a></p>
<p>which depends on</p>
<p><a class="external" href="https://gerrit.osmocom.org/c/libosmocore/+/22932">https://gerrit.osmocom.org/c/libosmocore/+/22932</a></p>
<p>both are merged and were built without problems in gerrit. It might be that the libosmocore change is not propagated into the libosmocore package yet.</p> OsmoMSC - Bug #3934 (Resolved): TC_sgsap_expl_imsi_det_noneps crashes osmo-mschttps://osmocom.org/issues/39342019-04-16T07:59:23Zdexter
<p>This is presumably similar to <a class="issue tracker-1 status-3 priority-2 priority-default closed" title="Bug: TC_smpp_mt_sms crashes osmo-msc (Resolved)" href="https://osmocom.org/issues/3930">#3930</a>.</p>
<pre>
Tue Apr 16 09:56:08 2019 DMNCC <0004> mncc_sock.c:320 MNCC socket at /home/owner/mncc_sock
Tue Apr 16 09:56:08 2019 DLGLOBAL <0012> telnet_interface.c:104 Available via telnet 127.0.0.1 4254
Tue Apr 16 09:56:08 2019 DSMPP <000c> smpp_smsc.c:1017 SMPP at 0.0.0.0 2775
Tue Apr 16 09:56:08 2019 DLCTRL <0019> control_if.c:911 CTRL at 127.0.0.1 4255
Tue Apr 16 09:56:08 2019 DLGSUP <001c> gsup_client.c:73 GSUP connecting to 127.0.0.1:4222
Tue Apr 16 09:56:08 2019 DLMGCP <0022> mgcp_client.c:716 MGCP client: using endpoint domain '@mgw'
Tue Apr 16 09:56:08 2019 DLMGCP <0022> mgcp_client.c:791 MGCP GW connection: r=127.0.0.1:2427<->l=127.0.0.1:2727
Tue Apr 16 09:56:08 2019 DLSCCP <001f> sccp_user.c:397 OsmoMSC-A: Using SS7 instance 0, pc:0.23.1
Tue Apr 16 09:56:08 2019 DLSCCP <001f> sccp_user.c:415 OsmoMSC-A: Using AS instance as-clnt-OsmoMSC-A
Tue Apr 16 09:56:08 2019 DLSCCP <001f> sccp_user.c:420 OsmoMSC-A: Creating default route
Tue Apr 16 09:56:08 2019 DLSCCP <001f> sccp_user.c:476 OsmoMSC-A: Using ASP instance asp-clnt-OsmoMSC-A
Tue Apr 16 09:56:08 2019 DLSS7 <001e> osmo_ss7.c:471 0: Creating SCCP instance
Tue Apr 16 09:56:08 2019 DSGS <0011> sgs_server.c:185 SGs socket bound to r=NULL<->l=0.0.0.0:29118
Tue Apr 16 09:56:08 2019 DBSSAP <0010> a_iface.c:674 Initalizing SCCP connection to stp...
Tue Apr 16 09:56:09 2019 DLGSUP <001c> gsup_client.c:73 GSUP connecting to 127.0.0.1:4222
Tue Apr 16 09:56:10 2019 DLGSUP <001c> gsup_client.c:73 GSUP connecting to 127.0.0.1:4222
Tue Apr 16 09:56:10 2019 DLM3UA <0021> m3ua.c:634 asp-asp-clnt-OsmoMSC-A: Received NOTIFY Type State Change:AS Inactive ()
Tue Apr 16 09:56:10 2019 DLSS7 <001e> xua_default_lm_fsm.c:353 xua_default_lm(asp-clnt-OsmoMSC-A)[0x5607406a6fe0]{ACTIVE}: Ignoring primitive M-ASP_ACTIVE.confirm
Tue Apr 16 09:56:10 2019 DLM3UA <0021> m3ua.c:634 asp-asp-clnt-OsmoMSC-A: Received NOTIFY Type State Change:AS Active ()
Tue Apr 16 09:56:11 2019 DLGSUP <001c> gsup_client.c:73 GSUP connecting to 127.0.0.1:4222
Tue Apr 16 09:56:12 2019 DLGSUP <001c> gsup_client.c:73 GSUP connecting to 127.0.0.1:4222
Tue Apr 16 09:56:13 2019 DLGSUP <001c> gsup_client.c:73 GSUP connecting to 127.0.0.1:4222
Tue Apr 16 09:56:13 2019 DLCTRL <0019> control_if.c:554 accept()ed new CTRL connection from (r=127.0.0.1:38313<->l=127.0.0.1:4255)
Tue Apr 16 09:56:13 2019 DMNCC <0004> mncc_sock.c:275 MNCC Socket has connection with external call control application
Tue Apr 16 09:56:14 2019 DLGSUP <001c> gsup_client.c:73 GSUP connecting to 127.0.0.1:4222
Tue Apr 16 09:56:14 2019 DLINP <0014> input/ipa.c:128 127.0.0.1:4222 connection done
Tue Apr 16 09:56:14 2019 DLINP <0014> input/ipaccess.c:705 received ID get from 0/0/0
Tue Apr 16 09:56:14 2019 DBSSAP <0010> a_iface.c:140 The calling BSC (RI=SSN_PC,PC=0.24.1,SSN=BSSAP) is unknown to this MSC ...
Tue Apr 16 09:56:14 2019 DBSSAP <0010> a_iface.c:490 Adding new BSC connection for BSC RI=SSN_PC,PC=0.24.1,SSN=BSSAP...
Tue Apr 16 09:56:14 2019 DBSSAP <0010> a_iface_bssap.c:112 Rx BSSMAP RESET from BSC RI=SSN_PC,PC=0.24.1,SSN=BSSAP, sending RESET ACK
Tue Apr 16 09:56:14 2019 DSMPP <000c> smpp_smsc.c:753 [] smpp_pdu_rx(00 00 00 32 00 00 00 09 00 00 00 00 00 00 00 01 6d 73 63 5f 74 65 73 74 65 72 00 6f 73 6d 6f 63 6f 6d 31 00 4d 53 43 5f 54 65 73 74 73 00 34 00 00 00 )
Tue Apr 16 09:56:14 2019 DSMPP <000c> smpp_smsc.c:546 [msc_tester] Rx BIND Trx (Version 34)
Tue Apr 16 09:56:14 2019 DSGS <0011> sgs_server.c:123 r=127.0.0.1:9999<->l=127.0.0.1:29118: Accepted new SGs connection
Tue Apr 16 09:56:14 2019 DLCTRL <0019> control_if.c:554 accept()ed new CTRL connection from (r=127.0.0.1:45709<->l=127.0.0.1:4255)
Tue Apr 16 09:56:14 2019 DSGS <0011> fsm.c:423 SGs-VLR-RESET(901-70-0001-01)[0x5607406ac120]{unknown 0}: Allocated
Tue Apr 16 09:56:14 2019 DSGS <0011> fsm.c:423 SGs-UE(num:0)[0x5607406aca20]{SGs-NULL}: Allocated
Tue Apr 16 09:56:14 2019 DSGS <0011> vlr_sgs_fsm.c:359 SGs-UE(num:0)[0x5607406aca20]{SGs-NULL}: state_chg to SGs-NULL
Tue Apr 16 09:56:14 2019 DREF <000a> vlr_sgs.c:83 VLR subscr unknown + SGs: now used by 1 (SGs)
Tue Apr 16 09:56:14 2019 DVLR <000e> vlr.c:446 set IMSI on subscriber; IMSI=262420000011815 id=262420000011815
Tue Apr 16 09:56:14 2019 DVLR <000e> vlr.c:397 New subscr, IMSI: 262420000011815
Tue Apr 16 09:56:14 2019 DVLR <000e> vlr.c:446 set IMSI on subscriber; IMSI=262420000011815 id=262420000011815
Tue Apr 16 09:56:14 2019 DSGS <0011> vlr_sgs.c:96 SGs-UE(num:0)[0x5607406aca20]{SGs-NULL}: Received Event RX_LU_FROM_MME
Tue Apr 16 09:56:14 2019 DSGS <0011> vlr_sgs_fsm.c:55 SGs-UE(num:0)[0x5607406aca20]{SGs-NULL}: state_chg to SGs-LA-UPDATE-PRESENT
Tue Apr 16 09:56:14 2019 DVLR <000e> gsm_04_08.c:1772 SUBSCR(IMSI-262420000011815:TMSInew-0x25E218F7) VLR: update for IMSI=262420000011815 (MSISDN=)
Tue Apr 16 09:56:14 2019 DVLR <000e> vlr.c:197 GSUP tx: 04010862420200001118f5280102
Tue Apr 16 09:56:14 2019 DVLR <000e> vlr.c:1092 GSUP rx 20: 10010862420200001118f5080706942103108151
Tue Apr 16 09:56:14 2019 DREF <000a> vlr.c:1113 VLR subscr IMSI-262420000011815:TMSInew-0x25E218F7 + vlr_gsupc_read_cb: now used by 2 (SGs,vlr_gsupc_read_cb)
Tue Apr 16 09:56:14 2019 DVLR <000e> vlr.c:800 IMSI:262420000011815 has MSISDN:491230011815
Tue Apr 16 09:56:14 2019 DVLR <000e> gsm_04_08.c:1772 SUBSCR(IMSI-262420000011815:MSISDN-491230011815:TMSInew-0x25E218F7) VLR: update for IMSI=262420000011815 (MSISDN=491230011815)
Tue Apr 16 09:56:14 2019 DVLR <000e> vlr.c:197 GSUP tx: 12010862420200001118f5
Tue Apr 16 09:56:14 2019 DREF <000a> vlr.c:1161 VLR subscr IMSI-262420000011815:MSISDN-491230011815:TMSInew-0x25E218F7 - vlr_gsupc_read_cb: now used by 1 (SGs)
Tue Apr 16 09:56:14 2019 DVLR <000e> vlr.c:1092 GSUP rx 11: 06010862420200001118f5
Tue Apr 16 09:56:14 2019 DREF <000a> vlr.c:1113 VLR subscr IMSI-262420000011815:MSISDN-491230011815:TMSInew-0x25E218F7 + vlr_gsupc_read_cb: now used by 2 (SGs,vlr_gsupc_read_cb)
Tue Apr 16 09:56:14 2019 DSGS <0011> vlr_sgs.c:116 SGs-UE(num:0)[0x5607406aca20]{SGs-LA-UPDATE-PRESENT}: Received Event TX_LU_ACCEPT
Tue Apr 16 09:56:14 2019 DSGS <0011> vlr_sgs_fsm.c:141 SGs-UE(imsi:262420000011815)[0x5607406aca20]{SGs-LA-UPDATE-PRESENT}: state_chg to SGs-ASSOCIATED
Tue Apr 16 09:56:14 2019 DREF <000a> vlr.c:1161 VLR subscr IMSI-262420000011815:MSISDN-491230011815:TMSInew-0x25E218F7 - vlr_gsupc_read_cb: now used by 1 (SGs)
Tue Apr 16 09:56:14 2019 DREF <000a> vlr_sgs.c:223 VLR subscr IMSI-262420000011815:MSISDN-491230011815:TMSInew-0x25E218F7 + vlr_sgs_tmsi_reall_compl: now used by 2 (SGs,vlr_sgs_tmsi_reall_compl)
Tue Apr 16 09:56:14 2019 DSGS <0011> vlr_sgs.c:227 SGs-UE(imsi:262420000011815)[0x5607406aca20]{SGs-ASSOCIATED}: Received Event RX_TMSI_REALLOC
Tue Apr 16 09:56:14 2019 DSGS <0011> vlr_sgs_fsm.c:206 SGs-UE(imsi:262420000011815)[0x5607406aca20]{SGs-ASSOCIATED}: state_chg to SGs-ASSOCIATED
Tue Apr 16 09:56:14 2019 DREF <000a> vlr_sgs.c:228 VLR subscr IMSI-262420000011815:MSISDN-491230011815:TMSI-0x25E218F7 - vlr_sgs_tmsi_reall_compl: now used by 1 (SGs)
Tue Apr 16 09:56:17 2019 DREF <000a> vlr_sgs.c:140 VLR subscr IMSI-262420000011815:MSISDN-491230011815:TMSI-0x25E218F7 + vlr_sgs_imsi_detach: now used by 2 (SGs,vlr_sgs_imsi_detach)
Tue Apr 16 09:56:17 2019 DSGS <0011> vlr_sgs.c:166 SGs-UE(imsi:262420000011815)[0x5607406aca20]{SGs-ASSOCIATED}: Received Event RX_DETACH_IND_FROM_MME
Tue Apr 16 09:56:17 2019 DSGS <0011> vlr_sgs_fsm.c:72 SGs-UE(imsi:262420000011815)[0x5607406aca20]{SGs-ASSOCIATED}: state_chg to SGs-NULL
Tue Apr 16 09:56:17 2019 DREF <000a> vlr.c:1254 VLR subscr IMSI-262420000011815:MSISDN-491230011815:TMSI-0x25E218F7 - attached: now used by 1 (SGs,vlr_sgs_imsi_detach,-1*attached)
Assert failed _osmo_use_count_get_put(&(vsub)->use_count, "attached", -1, "vlr.c", 1254) == 0 vlr.c:1254
backtrace() returned 11 addresses
/usr/local/lib/libosmocore.so.12(osmo_panic+0xbb) [0x7f0dbf83a8db]
osmo-msc(+0x3dfc1) [0x56073f346fc1]
osmo-msc(+0x446ee) [0x56073f34d6ee]
osmo-msc(+0x3637b) [0x56073f33f37b]
osmo-msc(+0x36ccb) [0x56073f33fccb]
/usr/local/lib/libosmonetif.so.6(+0xa7e3) [0x7f0dbf4037e3]
/usr/local/lib/libosmocore.so.12(osmo_select_main+0x1f1) [0x7f0dbf82fbc1]
osmo-msc(+0xd44f) [0x56073f31644f]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf1) [0x7f0dbe3c52b1]
osmo-msc(+0xd5ea) [0x56073f3165ea]
signal 6 received
backtrace() returned 15 addresses
osmo-msc(+0xd81d) [0x56073f31681d]
/lib/x86_64-linux-gnu/libc.so.6(+0x33030) [0x7f0dbe3d8030]
/lib/x86_64-linux-gnu/libc.so.6(gsignal+0xcf) [0x7f0dbe3d7fcf]
/lib/x86_64-linux-gnu/libc.so.6(abort+0x16a) [0x7f0dbe3d93fa]
/usr/local/lib/libosmocore.so.12(osmo_set_panic_handler+0) [0x7f0dbf83a8e0]
osmo-msc(+0x3dfc1) [0x56073f346fc1]
osmo-msc(+0x446ee) [0x56073f34d6ee]
osmo-msc(+0x3637b) [0x56073f33f37b]
osmo-msc(+0x36ccb) [0x56073f33fccb]
/usr/local/lib/libosmonetif.so.6(+0xa7e3) [0x7f0dbf4037e3]
/usr/local/lib/libosmocore.so.12(osmo_select_main+0x1f1) [0x7f0dbf82fbc1]
osmo-msc(+0xd44f) [0x56073f31644f]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf1) [0x7f0dbe3c52b1]
osmo-msc(+0xd5ea) [0x56073f3165ea]
talloc report on 'vty' (total 174968 bytes in 9344 blocks)
struct vty contains 863 bytes in 4 blocks (ref 0) 0x5607406ab440
struct vty contains 1004 bytes in 16 blocks (ref 0) 0x5607406a7450
Configure SCCP timer values, see ITU-T Q.714
Waiting for connection confirm message, 1 to 2 minutes (default: 60)
Send keep-alive: on an idle connection, delay before sending an Idle Timer message, 5 to 10 minutes (default: 420)
Receive keep-alive: on an idle connection, delay until considering a connection as stale, 11 to 21 minutes (default: 900)
Waiting for release complete message, 10 to 20 seconds (default: 10)
Waiting for release complete message; or to repeat sending released message after the initial expiry, 10 to 20 seconds (default: 10)
Waiting for release complete message; or to release connection resources, freeze the LRN and alert a maintenance function after the initial expiry, extending to 1 minute (default: 60)
Waiting to resume normal procedure for temporary connection sections during the restart procedure, 23 to 25 minutes (default: 1380)
Waiting to release temporary connection section or alert maintenance function after reset request message is sent, 10 to 20 seconds (default: 10)
Waiting to receive all the segments of the remaining segments, single segmented message after receiving the first segment, 10 to 20 seconds (default: 10)
Timer value, in seconds
contains 1194 bytes in 1 blocks (ref 0) 0x5607405c5830
sccp-timer (conn_est|ias|iar|rel|repeat_rel|int|guard|reset|reassembly) <1-999999> contains 83 bytes in 1 blocks (ref 0) 0x5607405c56c0
save_cwd contains 37 bytes in 1 blocks (ref 0) 0x560740587960
vty_command contains 105253 bytes in 5615 blocks (ref 0) 0x560740574c20
vty_vector contains 66534 bytes in 3705 blocks (ref 0) 0x560740574bb0
full talloc report on 'osmo_msc' (total 18143 bytes in 98 blocks)
telnet_connection contains 177 bytes in 3 blocks (ref 0) 0x56074069e0f0
struct telnet_connection contains 88 bytes in 1 blocks (ref 0) 0x5607406ab380
struct telnet_connection contains 88 bytes in 1 blocks (ref 0) 0x5607406aa590
struct osmo_ss7_instance contains 2478 bytes in 29 blocks (ref 0) 0x56074069e650
struct osmo_sccp_instance contains 266 bytes in 3 blocks (ref 0) 0x5607406a6570
struct osmo_sccp_user contains 90 bytes in 2 blocks (ref 0) 0x5607406a7110
OsmoMSC-A contains 10 bytes in 1 blocks (ref 0) 0x56074069ebd0
struct osmo_ss7_as contains 624 bytes in 7 blocks (ref 0) 0x56074069ee70
as-clnt-OsmoMSC-A contains 18 bytes in 1 blocks (ref 0) 0x56074069f360
struct osmo_fsm_inst contains 364 bytes in 4 blocks (ref 0) 0x56074069f040
struct xua_as_fsm_priv contains 104 bytes in 1 blocks (ref 0) 0x56074069f290
XUA_AS(as-clnt-OsmoMSC-A)[0x56074069f040] contains 42 bytes in 1 blocks (ref 0) 0x56074069f1f0
as-clnt-OsmoMSC-A contains 18 bytes in 1 blocks (ref 0) 0x56074069f170
as-clnt-OsmoMSC-A contains 18 bytes in 1 blocks (ref 0) 0x56074069efc0
struct osmo_ss7_asp contains 1147 bytes in 14 blocks (ref 0) 0x56074069eaa0
(r=127.0.0.1:2905<->l=127.0.0.1:41915) contains 39 bytes in 1 blocks (ref 0) 0x56074069ed70
struct osmo_fsm_inst contains 367 bytes in 4 blocks (ref 0) 0x5607406a5de0
struct xua_asp_fsm_priv contains 104 bytes in 1 blocks (ref 0) 0x5607406a64a0
XUA_ASP(asp-clnt-OsmoMSC-A)[0x5607406a5de0] contains 44 bytes in 1 blocks (ref 0) 0x5607406a5f10
asp-clnt-OsmoMSC-A contains 19 bytes in 1 blocks (ref 0) 0x56074069e1d0
struct osmo_stream_cli contains 242 bytes in 2 blocks (ref 0) 0x5607406a4a00
127.0.0.1 contains 10 bytes in 1 blocks (ref 0) 0x5607406a4b50
struct osmo_fsm_inst contains 278 bytes in 4 blocks (ref 0) 0x5607406a6fe0
struct lm_fsm_priv contains 8 bytes in 1 blocks (ref 0) 0x5607406a7b00
xua_default_lm(asp-clnt-OsmoMSC-A)[0x5607406a6fe0] contains 51 bytes in 1 blocks (ref 0) 0x5607406a57b0
asp-clnt-OsmoMSC-A contains 19 bytes in 1 blocks (ref 0) 0x5607406a5860
127.0.0.1 contains 10 bytes in 1 blocks (ref 0) 0x56074069e2c0
asp-clnt-OsmoMSC-A contains 19 bytes in 1 blocks (ref 0) 0x56074069e540
struct osmo_ss7_route_table contains 145 bytes in 4 blocks (ref 0) 0x56074069e7e0
struct osmo_ss7_route contains 82 bytes in 2 blocks (ref 0) 0x5607406a59f0
as-clnt-OsmoMSC-A contains 18 bytes in 1 blocks (ref 0) 0x5607406a7a80
system contains 7 bytes in 1 blocks (ref 0) 0x56074069e4d0
struct osmo_stream_srv_link contains 352 bytes in 4 blocks (ref 0) 0x56074069c870
struct sgs_connection contains 256 bytes in 2 blocks (ref 0) 0x5607406a6c90
struct osmo_stream_srv contains 104 bytes in 1 blocks (ref 0) 0x5607406a9d20
0.0.0.0 contains 8 bytes in 1 blocks (ref 0) 0x56074069c930
struct sgs_state contains 741 bytes in 5 blocks (ref 0) 0x56074069c690
struct sgs_mme_ctx contains 365 bytes in 4 blocks (ref 0) 0x5607406ac050
struct osmo_fsm_inst contains 261 bytes in 3 blocks (ref 0) 0x5607406ac120
SGs-VLR-RESET(901-70-0001-01)[0x5607406ac120] contains 46 bytes in 1 blocks (ref 0) 0x5607406ac250
901-70-0001-01 contains 15 bytes in 1 blocks (ref 0) 0x5607406ab760
struct smsc contains 600 bytes in 3 blocks (ref 0) 0x560740689f20
struct osmo_esme contains 336 bytes in 1 blocks (ref 0) 0x5607406a6ad0
struct osmo_smpp_acl contains 112 bytes in 1 blocks (ref 0) 0x56074069f460
struct gsm_network contains 7961 bytes in 31 blocks (ref 0) 0x5607405c7580
struct bsc_context contains 441 bytes in 5 blocks (ref 0) 0x5607406aa3f0
struct osmo_fsm_inst contains 241 bytes in 3 blocks (ref 0) 0x5607406a7290
A-RESET(bsc-193)[0x5607406a7290] contains 33 bytes in 1 blocks (ref 0) 0x5607406a73c0
bsc-193 contains 8 bytes in 1 blocks (ref 0) 0x5607406a6d90
struct reset_ctx contains 16 bytes in 1 blocks (ref 0) 0x5607406aa510
struct mgcp_client contains 688 bytes in 1 blocks (ref 0) 0x5607406a4ff0
struct gsm_sms_queue contains 216 bytes in 1 blocks (ref 0) 0x5607406a4830
struct ctrl_handle contains 478 bytes in 5 blocks (ref 0) 0x56074069cfa0
struct ctrl_connection contains 199 bytes in 2 blocks (ref 0) 0x5607406ab1e0
(r=127.0.0.1:45709<->l=127.0.0.1:4255) contains 39 bytes in 1 blocks (ref 0) 0x5607406ab2f0
struct ctrl_connection contains 199 bytes in 2 blocks (ref 0) 0x5607406a9b80
(r=127.0.0.1:38313<->l=127.0.0.1:4255) contains 39 bytes in 1 blocks (ref 0) 0x5607406a9c90
struct mncc_sock_state contains 104 bytes in 1 blocks (ref 0) 0x56074069e880
127.0.0.1 contains 10 bytes in 1 blocks (ref 0) 0x5607405c8440
/home/owner/mncc_sock contains 22 bytes in 1 blocks (ref 0) 0x56074069e450
112 contains 4 bytes in 1 blocks (ref 0) 0x56074069e160
127.0.0.1 contains 10 bytes in 1 blocks (ref 0) 0x56074069e3d0
OsmoMSC contains 8 bytes in 1 blocks (ref 0) 0x5607405c8360
OsmoMSC contains 8 bytes in 1 blocks (ref 0) 0x5607405c83d0
struct vlr_instance contains 2804 bytes in 10 blocks (ref 0) 0x5607405c84c0
struct vlr_subscr contains 1994 bytes in 4 blocks (ref 0) 0x5607406ac2f0
struct osmo_fsm_inst contains 266 bytes in 3 blocks (ref 0) 0x5607406aca20
SGs-UE(imsi:262420000011815)[0x5607406aca20] contains 45 bytes in 1 blocks (ref 0) 0x5607406ad210
imsi:262420000011815 contains 21 bytes in 1 blocks (ref 0) 0x5607406ad190
struct osmo_gsup_client contains 490 bytes in 4 blocks (ref 0) 0x5607406a4340
struct osmo_fd contains 48 bytes in 1 blocks (ref 0) 0x5607406a45d0
struct ipa_client_conn contains 186 bytes in 2 blocks (ref 0) 0x5607406a44b0
127.0.0.1 contains 10 bytes in 1 blocks (ref 0) 0x5607406a4670
struct ipaccess_unit contains 64 bytes in 1 blocks (ref 0) 0x5607406a4290
rate_ctr.c:234 contains 2352 bytes in 1 blocks (ref 0) 0x5607405c7920
logging contains 4393 bytes in 9 blocks (ref 0) 0x560740574360
Configure logging
Set the log level for a specified category
A-bis Radio Link Layer (RLL)
Layer3 Call Control (CC)
Layer3 Mobility Management (MM)
Layer3 Radio Resource (RR)
MNCC API for Call Control application
Paging Subsystem
Mobile Switching Center
Media Gateway Control Protocol
Hand-Over
Database Layer
Reference Counting
Control interface
SMPP interface for external SMS apps
Radio Access Network Application Part Protocol
Visitor Location Register
Iu-CS Protocol
BSSAP Protocol (A Interface)
SGs Interface (SGsAP)
Library-internal global log family
LAPD in libosmogsm
A-bis Intput Subsystem
A-bis B-Subchannel TRAU Frame Multiplex
A-bis Input Driver for Signalling
A-bis Input Driver for B-Channels (voice)
Layer3 Short Message Service (SMS)
Control Interface
GPRS GTP library
Statistics messages and logging
Generic Subscriber Update Protocol
Osmocom Authentication Protocol
libosmo-sigtran Signalling System 7
libosmo-sigtran SCCP Implementation
libosmo-sigtran SCCP User Adaptation
libosmo-sigtran MTP3 User Adaptation
libosmo-mgcp Media Gateway Control Protocol
libosmo-netif Jitter Buffer
Remote SIM protocol
Deprecated alias for 'no logging level force-all'
contains 1173 bytes in 1 blocks (ref 0) 0x5607405dcf70
logging level (rll|cc|mm|rr|mncc|pag|msc|mgcp|ho|db|ref|ctrl|smpp|ranap|vlr|iucs|bssap|sgs|lglobal|llapd|linp|lmux|lmi|lmib|lsms|lctrl|lgtp|lstats|lgsup|loap|lss7|lsccp|lsua|lm3ua|lmgcp|ljibuf|lrspro) everything contains 212 bytes in 1 blocks (ref 0) 0x5607405dcd80
Configure logging
Set the log level for a specified category
A-bis Radio Link Layer (RLL)
Layer3 Call Control (CC)
Layer3 Mobility Management (MM)
Layer3 Radio Resource (RR)
MNCC API for Call Control application
Paging Subsystem
Mobile Switching Center
Media Gateway Control Protocol
Hand-Over
Database Layer
Reference Counting
Control interface
SMPP interface for external SMS apps
Radio Access Network Application Part Protocol
Visitor Location Register
Iu-CS Protocol
BSSAP Protocol (A Interface)
SGs Interface (SGsAP)
Library-internal global log family
LAPD in libosmogsm
A-bis Intput Subsystem
A-bis B-Subchannel TRAU Frame Multiplex
A-bis Input Driver for Signalling
A-bis Input Driver for B-Channels (voice)
Layer3 Short Message Service (SMS)
Control Interface
GPRS GTP library
Statistics messages and logging
Generic Subscriber Update Protocol
Osmocom Authentication Protocol
libosmo-sigtran Signalling System 7
libosmo-sigtran SCCP Implementation
libosmo-sigtran SCCP User Adaptation
libosmo-sigtran MTP3 User Adaptation
libosmo-mgcp Media Gateway Control Protocol
libosmo-netif Jitter Buffer
Remote SIM protocol
Log debug messages and higher levels
Log informational messages and higher levels
Log noticeable messages and higher levels
Log error messages and higher levels
Log only fatal messages
contains 1308 bytes in 1 blocks (ref 0) 0x5607405dc7f0
logging level (rll|cc|mm|rr|mncc|pag|msc|mgcp|ho|db|ref|ctrl|smpp|ranap|vlr|iucs|bssap|sgs|lglobal|llapd|linp|lmux|lmi|lmib|lsms|lctrl|lgtp|lstats|lgsup|loap|lss7|lsccp|lsua|lm3ua|lmgcp|ljibuf|lrspro) (debug|info|notice|error|fatal) contains 233 bytes in 1 blocks (ref 0) 0x5607405dc600
struct log_target contains 242 bytes in 2 blocks (ref 0) 0x560740574970
struct log_category contains 74 bytes in 1 blocks (ref 0) 0x560740574a80
struct log_info contains 1224 bytes in 2 blocks (ref 0) 0x5607405743d0
struct log_info_cat contains 1184 bytes in 1 blocks (ref 0) 0x560740574460
transaction contains 0 bytes in 1 blocks (ref 0) 0x5607405742f0
gsm_call contains 0 bytes in 1 blocks (ref 0) 0x560740574280
sms contains 0 bytes in 1 blocks (ref 0) 0x560740574210
osmo_signal contains 280 bytes in 8 blocks (ref 0) 0x5607405741a0
struct signal_handler contains 40 bytes in 1 blocks (ref 0) 0x56074069ece0
struct signal_handler contains 40 bytes in 1 blocks (ref 0) 0x56074069ec50
struct signal_handler contains 40 bytes in 1 blocks (ref 0) 0x5607406aa840
struct signal_handler contains 40 bytes in 1 blocks (ref 0) 0x5607406a9690
struct signal_handler contains 40 bytes in 1 blocks (ref 0) 0x56074069e5c0
struct signal_handler contains 40 bytes in 1 blocks (ref 0) 0x56074069e340
struct signal_handler contains 40 bytes in 1 blocks (ref 0) 0x560740652e60
msgb contains 1160 bytes in 2 blocks (ref 0) 0x560740574130
SGsAP contains 1160 bytes in 1 blocks (ref 0) 0x5607406abb60
./start_msc.sh: line 6: 25552 Aborted osmo-msc -c ./osmo-msc.cfg
$
</pre>
<p>This time it was possible to reproduce the issue with gdb:</p>
<pre>
Tue Apr 16 09:58:30 2019 DSGS <0011> vlr_sgs_fsm.c:206 SGs-UE(imsi:262420000011815)[0x55555591b320]{SGs-ASSOCIATED}: state_chg to SGs-ASSOCIATED
Tue Apr 16 09:58:30 2019 DREF <000a> vlr_sgs.c:228 VLR subscr IMSI-262420000011815:MSISDN-491230011815:TMSI-0x3A4902EF - vlr_sgs_tmsi_reall_compl: now used by 1 (SGs)
Tue Apr 16 09:58:33 2019 DREF <000a> vlr_sgs.c:140 VLR subscr IMSI-262420000011815:MSISDN-491230011815:TMSI-0x3A4902EF + vlr_sgs_imsi_detach: now used by 2 (SGs,vlr_sgs_imsi_detach)
Tue Apr 16 09:58:33 2019 DSGS <0011> vlr_sgs.c:166 SGs-UE(imsi:262420000011815)[0x55555591b320]{SGs-ASSOCIATED}: Received Event RX_DETACH_IND_FROM_MME
Tue Apr 16 09:58:33 2019 DSGS <0011> vlr_sgs_fsm.c:72 SGs-UE(imsi:262420000011815)[0x55555591b320]{SGs-ASSOCIATED}: state_chg to SGs-NULL
Tue Apr 16 09:58:33 2019 DREF <000a> vlr.c:1254 VLR subscr IMSI-262420000011815:MSISDN-491230011815:TMSI-0x3A4902EF - attached: now used by 1 (SGs,vlr_sgs_imsi_detach,-1*attached)
Assert failed _osmo_use_count_get_put(&(vsub)->use_count, "attached", -1, "vlr.c", 1254) == 0 vlr.c:1254
backtrace() returned 11 addresses
/usr/local/lib/libosmocore.so.12(osmo_panic+0xbb) [0x7ffff731e8db]
/usr/local/bin/osmo-msc(+0x3dfc1) [0x555555591fc1]
/usr/local/bin/osmo-msc(+0x446ee) [0x5555555986ee]
/usr/local/bin/osmo-msc(+0x3637b) [0x55555558a37b]
/usr/local/bin/osmo-msc(+0x36ccb) [0x55555558accb]
/usr/local/lib/libosmonetif.so.6(+0xa7e3) [0x7ffff6ee77e3]
/usr/local/lib/libosmocore.so.12(osmo_select_main+0x1f1) [0x7ffff7313bc1]
/usr/local/bin/osmo-msc(+0xd44f) [0x55555556144f]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf1) [0x7ffff5ea92b1]
/usr/local/bin/osmo-msc(+0xd5ea) [0x5555555615ea]
Program received signal SIGABRT, Aborted.
__GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
51 ../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) bt
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1 0x00007ffff5ebd3fa in __GI_abort () at abort.c:89
#2 0x00007ffff731e8e0 in osmo_panic_default (args=0x7fffffffcb68, fmt=0x55555559a28c "Assert failed %s %s:%d\n") at panic.c:49
#3 osmo_panic (fmt=fmt@entry=0x55555559a28c "Assert failed %s %s:%d\n") at panic.c:84
#4 0x0000555555591fc1 in vlr_subscr_expire (vsub=vsub@entry=0x55555591abf0) at vlr.c:1254
#5 0x00005555555986ee in vlr_sgs_imsi_detach (vlr=<optimized out>, imsi=imsi@entry=0x7fffffffcca0 "262420000011815", type=SGSAP_ID_NONEPS_T_COMBINED_UE_EPS_NONEPS) at vlr_sgs.c:171
#6 0x000055555558a37b in sgs_rx_imsi_det_ind (tp=0x7fffffffce40, tp=0x7fffffffce40, imsi=0x7fffffffcca0 "262420000011815", msg=0x55555591a530, sgc=0x555555918650) at sgs_iface.c:634
#7 sgs_iface_rx (sgc=sgc@entry=0x555555918650, msg=msg@entry=0x55555591a530) at sgs_iface.c:985
#8 0x000055555558accb in sgs_conn_readable_cb (conn=0x555555913810) at sgs_server.c:87
#9 0x00007ffff6ee77e3 in osmo_stream_srv_read (conn=0x555555913810) at stream.c:894
#10 osmo_stream_srv_cb (ofd=<optimized out>, what=1) at stream.c:949
#11 0x00007ffff7313bc1 in osmo_fd_disp_fds (_eset=0x7fffffffe050, _wset=0x7fffffffdfd0, _rset=0x7fffffffdf50) at select.c:223
#12 osmo_select_main (polling=<optimized out>) at select.c:263
#13 0x000055555556144f in main (argc=3, argv=0x7fffffffe218) at msc_main.c:724
(gdb)
</pre> OsmoMSC - Bug #3930 (Resolved): TC_smpp_mt_sms crashes osmo-msc https://osmocom.org/issues/39302019-04-15T09:37:33Zdexter
<p>It seems that there were problems introduced with <a class="external" href="https://gerrit.osmocom.org/#/c/osmo-msc/+/13136/">https://gerrit.osmocom.org/#/c/osmo-msc/+/13136/</a>, which now cause osmo-msc to crash.</p>
<pre>
Mon Apr 15 11:32:52 2019 DVLR <000e> fsm.c:535 lu_compl_vlr_fsm(IMSI-262420000000045:MSISDN-491230000045:GERAN-A-0:LU)[0x561d3f9224f0]{LU_COMPL_VLR_S_DONE}: Deallocated
Mon Apr 15 11:32:52 2019 DVLR <000e> vlr_lu_fsm.c:749 vlr_lu_fsm(IMSI-262420000000045:MSISDN-491230000045:TMSI-0x14A42776:GERAN-A-0:LU)[0x561d3f9255d0]{VLR_ULA_S_WAIT_LU_COMPL}: state_chg to VLR_ULA_S_DONE
Mon Apr 15 11:32:52 2019 DMM <0002> vlr_lu_fsm.c:741 RAN_conn(IMSI-262420000000045:MSISDN-491230000045:TMSI-0x14A42776:GERAN-A-0:LU)[0x561d3f926090]{RAN_CONN_S_AUTH_CIPH}: Received Event RAN_CONN_E_ACCEPTED
Mon Apr 15 11:32:52 2019 DSMPP <000c> smpp_smsc.c:656 [msc_tester] Tx ALERT_NOTIFICATION (491230000045/3/1): Available
Mon Apr 15 11:32:52 2019 DMM <0002> ran_conn.c:146 RAN_conn(IMSI-262420000000045:MSISDN-491230000045:TMSI-0x14A42776:GERAN-A-0:LU)[0x561d3f926090]{RAN_CONN_S_AUTH_CIPH}: state_chg to RAN_CONN_S_ACCEPTED
Mon Apr 15 11:32:52 2019 DMM <0002> ran_conn.c:276 RAN_conn(IMSI-262420000000045:MSISDN-491230000045:TMSI-0x14A42776:GERAN-A-0:LU)[0x561d3f926090]{RAN_CONN_S_ACCEPTED}: Received Event RAN_CONN_E_UNUSED
Mon Apr 15 11:32:52 2019 DMM <0002> ran_conn.c:297 RAN_conn(IMSI-262420000000045:MSISDN-491230000045:TMSI-0x14A42776:GERAN-A-0:LU)[0x561d3f926090]{RAN_CONN_S_ACCEPTED}: state_chg to RAN_CONN_S_RELEASING
Mon Apr 15 11:32:52 2019 DMM <0002> ran_conn.c:906 RAN_conn(IMSI-262420000000045:MSISDN-491230000045:TMSI-0x14A42776:GERAN-A-0:LU)[0x561d3f926090]{RAN_CONN_S_RELEASING}: Received Event RAN_CONN_E_UNUSED
Mon Apr 15 11:32:52 2019 DMM <0002> ran_conn.c:408 RAN_conn(IMSI-262420000000045:MSISDN-491230000045:TMSI-0x14A42776:GERAN-A-0:LU)[0x561d3f926090]{RAN_CONN_S_RELEASING}: state_chg to RAN_CONN_S_RELEASED
Mon Apr 15 11:32:52 2019 DMM <0002> ran_conn.c:415 RAN_conn(IMSI-262420000000045:MSISDN-491230000045:TMSI-0x14A42776:GERAN-A-0:LU)[0x561d3f926090]{RAN_CONN_S_RELEASED}: Terminating (cause = OSMO_FSM_TERM_REGULAR)
Mon Apr 15 11:32:52 2019 DVLR <000e> ran_conn.c:415 vlr_lu_fsm(IMSI-262420000000045:MSISDN-491230000045:TMSI-0x14A42776:GERAN-A-0:LU)[0x561d3f9255d0]{VLR_ULA_S_DONE}: Terminating in cascade, depth 2 (cause = OSMO_FSM_TERM_PARENT, caused by: RAN_conn(IMSI-262420000000045:MSISDN-491230000045:TMSI-0x14A42776:GERAN-A-0:LU)[0x561d3f926090])
Mon Apr 15 11:32:52 2019 DVLR <000e> ran_conn.c:415 vlr_lu_fsm(IMSI-262420000000045:MSISDN-491230000045:TMSI-0x14A42776:GERAN-A-0:LU)[0x561d3f9255d0]{VLR_ULA_S_DONE}: Removing from parent RAN_conn(IMSI-262420000000045:MSISDN-491230000045:TMSI-0x14A42776:GERAN-A-0:LU)[0x561d3f926090]
Mon Apr 15 11:32:52 2019 DVLR <000e> vlr_lu_fsm.c:1415 vlr_lu_fsm(IMSI-262420000000045:MSISDN-491230000045:TMSI-0x14A42776:GERAN-A-0:LU)[0x561d3f9255d0]{VLR_ULA_S_DONE}: fsm_lu_cleanup called with cause OSMO_FSM_TERM_PARENT
Mon Apr 15 11:32:52 2019 DVLR <000e> fsm.c:514 vlr_lu_fsm(IMSI-262420000000045:MSISDN-491230000045:TMSI-0x14A42776:GERAN-A-0:LU)[0x561d3f9255d0]{VLR_ULA_S_DONE}: Deferring: will deallocate with RAN_conn(IMSI-262420000000045:MSISDN-491230000045:TMSI-0x14A42776:GERAN-A-0:LU)[0x561d3f926090]
Mon Apr 15 11:32:52 2019 DMM <0002> fsm.c:530 RAN_conn(IMSI-262420000000045:MSISDN-491230000045:TMSI-0x14A42776:GERAN-A-0:LU)[0x561d3f926090]{RAN_CONN_S_RELEASED}: Deallocated, including all deferred deallocations
Mon Apr 15 11:32:52 2019 DSMPP <000c> smpp_smsc.c:753 [msc_tester] smpp_pdu_rx(00 00 00 36 00 00 00 04 00 00 00 00 00 00 00 02 43 4d 54 00 00 00 31 32 33 34 35 00 01 01 34 39 31 32 33 30 30 30 30 30 34 35 00 01 00 00 00 00 00 00 01 00 01 00 )
Mon Apr 15 11:32:52 2019 DSMPP <000c> smpp_smsc.c:735 [msc_tester] Rx SUBMIT-SM (491230000045/1/1)
Assert failed _osmo_use_count_get_put(&(sms->receiver)->use_count, "SMS-receiver", -1, "gsm_04_11.c", 74) == 0 gsm_04_11.c:74
backtrace() returned 11 addresses
/usr/local/lib/libosmocore.so.12(osmo_panic+0xbb) [0x7f2a78ab58db]
osmo-msc(+0x231f5) [0x561d3f3391f5]
osmo-msc(+0x3a192) [0x561d3f350192]
osmo-msc(+0x37d52) [0x561d3f34dd52]
osmo-msc(+0x382a4) [0x561d3f34e2a4]
/usr/local/lib/libosmocore.so.12(osmo_wqueue_bfd_cb+0x73) [0x7f2a78aaff53]
/usr/local/lib/libosmocore.so.12(osmo_select_main+0x1f1) [0x7f2a78aaabc1]
osmo-msc(+0xd44f) [0x561d3f32344f]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf1) [0x7f2a776402b1]
osmo-msc(+0xd5ea) [0x561d3f3235ea]
signal 6 received
backtrace() returned 15 addresses
osmo-msc(+0xd81d) [0x561d3f32381d]
/lib/x86_64-linux-gnu/libc.so.6(+0x33030) [0x7f2a77653030]
/lib/x86_64-linux-gnu/libc.so.6(gsignal+0xcf) [0x7f2a77652fcf]
/lib/x86_64-linux-gnu/libc.so.6(abort+0x16a) [0x7f2a776543fa]
/usr/local/lib/libosmocore.so.12(osmo_set_panic_handler+0) [0x7f2a78ab58e0]
osmo-msc(+0x231f5) [0x561d3f3391f5]
osmo-msc(+0x3a192) [0x561d3f350192]
osmo-msc(+0x37d52) [0x561d3f34dd52]
osmo-msc(+0x382a4) [0x561d3f34e2a4]
/usr/local/lib/libosmocore.so.12(osmo_wqueue_bfd_cb+0x73) [0x7f2a78aaff53]
/usr/local/lib/libosmocore.so.12(osmo_select_main+0x1f1) [0x7f2a78aaabc1]
osmo-msc(+0xd44f) [0x561d3f32344f]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf1) [0x7f2a776402b1]
osmo-msc(+0xd5ea) [0x561d3f3235ea]
talloc report on 'vty' (total 174968 bytes in 9344 blocks)
struct vty contains 863 bytes in 4 blocks (ref 0) 0x561d3f921d80
struct vty contains 1004 bytes in 16 blocks (ref 0) 0x561d3f91dad0
Configure SCCP timer values, see ITU-T Q.714
Waiting for connection confirm message, 1 to 2 minutes (default: 60)
Send keep-alive: on an idle connection, delay before sending an Idle Timer message, 5 to 10 minutes (default: 420)
Receive keep-alive: on an idle connection, delay until considering a connection as stale, 11 to 21 minutes (default: 900)
Waiting for release complete message, 10 to 20 seconds (default: 10)
Waiting for release complete message; or to repeat sending released message after the initial expiry, 10 to 20 seconds (default: 10)
Waiting for release complete message; or to release connection resources, freeze the LRN and alert a maintenance function after the initial expiry, extending to 1 minute (default: 60)
Waiting to resume normal procedure for temporary connection sections during the restart procedure, 23 to 25 minutes (default: 1380)
Waiting to release temporary connection section or alert maintenance function after reset request message is sent, 10 to 20 seconds (default: 10)
Waiting to receive all the segments of the remaining segments, single segmented message after receiving the first segment, 10 to 20 seconds (default: 10)
Timer value, in seconds
contains 1194 bytes in 1 blocks (ref 0) 0x561d3f83c830
sccp-timer (conn_est|ias|iar|rel|repeat_rel|int|guard|reset|reassembly) <1-999999> contains 83 bytes in 1 blocks (ref 0) 0x561d3f83c6c0
save_cwd contains 37 bytes in 1 blocks (ref 0) 0x561d3f7fe960
vty_command contains 105253 bytes in 5615 blocks (ref 0) 0x561d3f7ebc20
vty_vector contains 66534 bytes in 3705 blocks (ref 0) 0x561d3f7ebbb0
full talloc report on 'osmo_msc' (total 17200 bytes in 93 blocks)
telnet_connection contains 177 bytes in 3 blocks (ref 0) 0x561d3f9150f0
struct telnet_connection contains 88 bytes in 1 blocks (ref 0) 0x561d3f921cc0
struct telnet_connection contains 88 bytes in 1 blocks (ref 0) 0x561d3f920d20
struct osmo_ss7_instance contains 2478 bytes in 29 blocks (ref 0) 0x561d3f915650
struct osmo_sccp_instance contains 266 bytes in 3 blocks (ref 0) 0x561d3f91d570
struct osmo_sccp_user contains 90 bytes in 2 blocks (ref 0) 0x561d3f91e110
OsmoMSC-A contains 10 bytes in 1 blocks (ref 0) 0x561d3f915bd0
struct osmo_ss7_as contains 624 bytes in 7 blocks (ref 0) 0x561d3f915e70
as-clnt-OsmoMSC-A contains 18 bytes in 1 blocks (ref 0) 0x561d3f916360
struct osmo_fsm_inst contains 364 bytes in 4 blocks (ref 0) 0x561d3f916040
struct xua_as_fsm_priv contains 104 bytes in 1 blocks (ref 0) 0x561d3f916290
XUA_AS(as-clnt-OsmoMSC-A)[0x561d3f916040] contains 42 bytes in 1 blocks (ref 0) 0x561d3f9161f0
as-clnt-OsmoMSC-A contains 18 bytes in 1 blocks (ref 0) 0x561d3f916170
as-clnt-OsmoMSC-A contains 18 bytes in 1 blocks (ref 0) 0x561d3f915fc0
struct osmo_ss7_asp contains 1147 bytes in 14 blocks (ref 0) 0x561d3f915aa0
(r=127.0.0.1:2905<->l=127.0.0.1:52054) contains 39 bytes in 1 blocks (ref 0) 0x561d3f915d70
struct osmo_fsm_inst contains 367 bytes in 4 blocks (ref 0) 0x561d3f91cde0
struct xua_asp_fsm_priv contains 104 bytes in 1 blocks (ref 0) 0x561d3f91d4a0
XUA_ASP(asp-clnt-OsmoMSC-A)[0x561d3f91cde0] contains 44 bytes in 1 blocks (ref 0) 0x561d3f91cf10
asp-clnt-OsmoMSC-A contains 19 bytes in 1 blocks (ref 0) 0x561d3f9151d0
struct osmo_stream_cli contains 242 bytes in 2 blocks (ref 0) 0x561d3f91ba00
127.0.0.1 contains 10 bytes in 1 blocks (ref 0) 0x561d3f91bb50
struct osmo_fsm_inst contains 278 bytes in 4 blocks (ref 0) 0x561d3f91dfe0
struct lm_fsm_priv contains 8 bytes in 1 blocks (ref 0) 0x561d3f91eb00
xua_default_lm(asp-clnt-OsmoMSC-A)[0x561d3f91dfe0] contains 51 bytes in 1 blocks (ref 0) 0x561d3f91c7b0
asp-clnt-OsmoMSC-A contains 19 bytes in 1 blocks (ref 0) 0x561d3f91c860
127.0.0.1 contains 10 bytes in 1 blocks (ref 0) 0x561d3f9152c0
asp-clnt-OsmoMSC-A contains 19 bytes in 1 blocks (ref 0) 0x561d3f915540
struct osmo_ss7_route_table contains 145 bytes in 4 blocks (ref 0) 0x561d3f9157e0
struct osmo_ss7_route contains 82 bytes in 2 blocks (ref 0) 0x561d3f91c9f0
as-clnt-OsmoMSC-A contains 18 bytes in 1 blocks (ref 0) 0x561d3f91ea80
system contains 7 bytes in 1 blocks (ref 0) 0x561d3f9154d0
struct osmo_stream_srv_link contains 96 bytes in 2 blocks (ref 0) 0x561d3f913870
0.0.0.0 contains 8 bytes in 1 blocks (ref 0) 0x561d3f913930
struct sgs_state contains 376 bytes in 1 blocks (ref 0) 0x561d3f913690
struct smsc contains 600 bytes in 3 blocks (ref 0) 0x561d3f900f20
struct osmo_esme contains 336 bytes in 1 blocks (ref 0) 0x561d3f91dd00
struct osmo_smpp_acl contains 112 bytes in 1 blocks (ref 0) 0x561d3f916460
struct gsm_network contains 7961 bytes in 31 blocks (ref 0) 0x561d3f83e580
struct bsc_context contains 441 bytes in 5 blocks (ref 0) 0x561d3f924bc0
struct osmo_fsm_inst contains 241 bytes in 3 blocks (ref 0) 0x561d3f924d60
A-RESET(bsc-193)[0x561d3f924d60] contains 33 bytes in 1 blocks (ref 0) 0x561d3f924e90
bsc-193 contains 8 bytes in 1 blocks (ref 0) 0x561d3f923fd0
struct reset_ctx contains 16 bytes in 1 blocks (ref 0) 0x561d3f924ce0
struct mgcp_client contains 688 bytes in 1 blocks (ref 0) 0x561d3f91bff0
struct gsm_sms_queue contains 216 bytes in 1 blocks (ref 0) 0x561d3f91b830
struct ctrl_handle contains 478 bytes in 5 blocks (ref 0) 0x561d3f913fa0
struct ctrl_connection contains 199 bytes in 2 blocks (ref 0) 0x561d3f921bb0
(r=127.0.0.1:32793<->l=127.0.0.1:4255) contains 39 bytes in 1 blocks (ref 0) 0x561d3f91e650
struct ctrl_connection contains 199 bytes in 2 blocks (ref 0) 0x561d3f920b80
(r=127.0.0.1:39451<->l=127.0.0.1:4255) contains 39 bytes in 1 blocks (ref 0) 0x561d3f920c90
struct mncc_sock_state contains 104 bytes in 1 blocks (ref 0) 0x561d3f915880
127.0.0.1 contains 10 bytes in 1 blocks (ref 0) 0x561d3f83f440
/home/owner/mncc_sock contains 22 bytes in 1 blocks (ref 0) 0x561d3f915450
112 contains 4 bytes in 1 blocks (ref 0) 0x561d3f915160
127.0.0.1 contains 10 bytes in 1 blocks (ref 0) 0x561d3f9153d0
OsmoMSC contains 8 bytes in 1 blocks (ref 0) 0x561d3f83f360
OsmoMSC contains 8 bytes in 1 blocks (ref 0) 0x561d3f83f3d0
struct vlr_instance contains 2804 bytes in 10 blocks (ref 0) 0x561d3f83f4c0
struct vlr_subscr contains 1994 bytes in 4 blocks (ref 0) 0x561d3f925890
struct osmo_fsm_inst contains 266 bytes in 3 blocks (ref 0) 0x561d3f923bd0
SGs-UE(imsi:262420000000045)[0x561d3f923bd0] contains 45 bytes in 1 blocks (ref 0) 0x561d3f925700
imsi:262420000000045 contains 21 bytes in 1 blocks (ref 0) 0x561d3f925230
struct osmo_gsup_client contains 490 bytes in 4 blocks (ref 0) 0x561d3f91b340
struct osmo_fd contains 48 bytes in 1 blocks (ref 0) 0x561d3f91b5d0
struct ipa_client_conn contains 186 bytes in 2 blocks (ref 0) 0x561d3f91b4b0
127.0.0.1 contains 10 bytes in 1 blocks (ref 0) 0x561d3f91b670
struct ipaccess_unit contains 64 bytes in 1 blocks (ref 0) 0x561d3f91b290
rate_ctr.c:234 contains 2352 bytes in 1 blocks (ref 0) 0x561d3f83e920
logging contains 4393 bytes in 9 blocks (ref 0) 0x561d3f7eb360
Configure logging
Set the log level for a specified category
A-bis Radio Link Layer (RLL)
Layer3 Call Control (CC)
Layer3 Mobility Management (MM)
Layer3 Radio Resource (RR)
MNCC API for Call Control application
Paging Subsystem
Mobile Switching Center
Media Gateway Control Protocol
Hand-Over
Database Layer
Reference Counting
Control interface
SMPP interface for external SMS apps
Radio Access Network Application Part Protocol
Visitor Location Register
Iu-CS Protocol
BSSAP Protocol (A Interface)
SGs Interface (SGsAP)
Library-internal global log family
LAPD in libosmogsm
A-bis Intput Subsystem
A-bis B-Subchannel TRAU Frame Multiplex
A-bis Input Driver for Signalling
A-bis Input Driver for B-Channels (voice)
Layer3 Short Message Service (SMS)
Control Interface
GPRS GTP library
Statistics messages and logging
Generic Subscriber Update Protocol
Osmocom Authentication Protocol
libosmo-sigtran Signalling System 7
libosmo-sigtran SCCP Implementation
libosmo-sigtran SCCP User Adaptation
libosmo-sigtran MTP3 User Adaptation
libosmo-mgcp Media Gateway Control Protocol
libosmo-netif Jitter Buffer
Remote SIM protocol
Deprecated alias for 'no logging level force-all'
contains 1173 bytes in 1 blocks (ref 0) 0x561d3f853f70
logging level (rll|cc|mm|rr|mncc|pag|msc|mgcp|ho|db|ref|ctrl|smpp|ranap|vlr|iucs|bssap|sgs|lglobal|llapd|linp|lmux|lmi|lmib|lsms|lctrl|lgtp|lstats|lgsup|loap|lss7|lsccp|lsua|lm3ua|lmgcp|ljibuf|lrspro) everything contains 212 bytes in 1 blocks (ref 0) 0x561d3f853d80
Configure logging
Set the log level for a specified category
A-bis Radio Link Layer (RLL)
Layer3 Call Control (CC)
Layer3 Mobility Management (MM)
Layer3 Radio Resource (RR)
MNCC API for Call Control application
Paging Subsystem
Mobile Switching Center
Media Gateway Control Protocol
Hand-Over
Database Layer
Reference Counting
Control interface
SMPP interface for external SMS apps
Radio Access Network Application Part Protocol
Visitor Location Register
Iu-CS Protocol
BSSAP Protocol (A Interface)
SGs Interface (SGsAP)
Library-internal global log family
LAPD in libosmogsm
A-bis Intput Subsystem
A-bis B-Subchannel TRAU Frame Multiplex
A-bis Input Driver for Signalling
A-bis Input Driver for B-Channels (voice)
Layer3 Short Message Service (SMS)
Control Interface
GPRS GTP library
Statistics messages and logging
Generic Subscriber Update Protocol
Osmocom Authentication Protocol
libosmo-sigtran Signalling System 7
libosmo-sigtran SCCP Implementation
libosmo-sigtran SCCP User Adaptation
libosmo-sigtran MTP3 User Adaptation
libosmo-mgcp Media Gateway Control Protocol
libosmo-netif Jitter Buffer
Remote SIM protocol
Log debug messages and higher levels
Log informational messages and higher levels
Log noticeable messages and higher levels
Log error messages and higher levels
Log only fatal messages
contains 1308 bytes in 1 blocks (ref 0) 0x561d3f8537f0
logging level (rll|cc|mm|rr|mncc|pag|msc|mgcp|ho|db|ref|ctrl|smpp|ranap|vlr|iucs|bssap|sgs|lglobal|llapd|linp|lmux|lmi|lmib|lsms|lctrl|lgtp|lstats|lgsup|loap|lss7|lsccp|lsua|lm3ua|lmgcp|ljibuf|lrspro) (debug|info|notice|error|fatal) contains 233 bytes in 1 blocks (ref 0) 0x561d3f853600
struct log_target contains 242 bytes in 2 blocks (ref 0) 0x561d3f7eb970
struct log_category contains 74 bytes in 1 blocks (ref 0) 0x561d3f7eba80
struct log_info contains 1224 bytes in 2 blocks (ref 0) 0x561d3f7eb3d0
struct log_info_cat contains 1184 bytes in 1 blocks (ref 0) 0x561d3f7eb460
transaction contains 0 bytes in 1 blocks (ref 0) 0x561d3f7eb2f0
gsm_call contains 0 bytes in 1 blocks (ref 0) 0x561d3f7eb280
sms contains 648 bytes in 2 blocks (ref 0) 0x561d3f7eb210
struct gsm_sms contains 648 bytes in 1 blocks (ref 0) 0x561d3f924f20
osmo_signal contains 280 bytes in 8 blocks (ref 0) 0x561d3f7eb1a0
struct signal_handler contains 40 bytes in 1 blocks (ref 0) 0x561d3f915ce0
struct signal_handler contains 40 bytes in 1 blocks (ref 0) 0x561d3f915c50
struct signal_handler contains 40 bytes in 1 blocks (ref 0) 0x561d3f921840
struct signal_handler contains 40 bytes in 1 blocks (ref 0) 0x561d3f920690
struct signal_handler contains 40 bytes in 1 blocks (ref 0) 0x561d3f9155c0
struct signal_handler contains 40 bytes in 1 blocks (ref 0) 0x561d3f915340
struct signal_handler contains 40 bytes in 1 blocks (ref 0) 0x561d3f8c9e60
msgb contains 190 bytes in 2 blocks (ref 0) 0x561d3f7eb130
SMPP Rx contains 190 bytes in 1 blocks (ref 0) 0x561d3f923d00
./start_msc.sh: line 6: 21718 Aborted osmo-msc -c ./osmo-msc.cfg
</pre> OsmoGSMTester - Feature #3916 (Rejected): Format TTCN3 log output https://osmocom.org/issues/39162019-04-11T08:16:02Zdexter
<p>The TTCN3 log output that the tester currently delivers is not formatted. This means one has to format it manually before it can be viewed. Since we already do the logmerge directly on jenkins we could do the formatting as well. Then inspection of the build artifacts would be a lot easier.</p>
<p>Example commandline:<br />ttcn3_logformat ./MSC_Tests.TC_lu_and_mt_call.merged > formatted.log</p>
<p>(Attached one finds the two files from the example)</p> OsmoBSC - Bug #3833 (Resolved): Fix storage location of AMR S15-S0 bitshttps://osmocom.org/issues/38332019-03-11T17:44:34Zdexter
<p>The current storage location of s15_s0 (lchan->activate.info.s15_s0) is incorrect by the current memory model. This should be fixed by finding a proper storage location that fits into the current memory model.</p>
<p>See also:<br /><a class="external" href="https://gerrit.osmocom.org/#/c/osmo-bsc/+/13200/">https://gerrit.osmocom.org/#/c/osmo-bsc/+/13200/</a><br /><a class="external" href="https://gerrit.osmocom.org/#/c/osmo-bsc/+/13039/">https://gerrit.osmocom.org/#/c/osmo-bsc/+/13039/</a></p> OpenBSC - Bug #3657 (Resolved): fix support for non voice configurationhttps://osmocom.org/issues/36572018-10-16T13:32:46Zdexter
<p>At the moment osmo-bsc does not permit non voice configurations. A valid voice codec configuration must be in place, otherwise the COMPLETE LAYER 3 INFORMATION message generation will fail because the SPEECH CODEC LIST (BSS supported) IE can not be generated. The speech codec list is a mandatory IE, but only if the network supports an IP based user plane interface. In networks that intentionally do not support voice, it could be garmented that those networks do not have such an interface and therefore the inclusion of the speech codec list is not needed. Also a speech codec list with 0 elements is indeed permitted by the spec. We could also include a speech codec list with 0 elements for the non-voice configurations.</p> OsmoBTS - Bug #3497 (Resolved): udp/gsmtap multicast is broken osmo-bts-virtual and virtphyhttps://osmocom.org/issues/34972018-08-23T18:08:37Zdexter
<p>Unfortunately libosmocore change I4a8ffb8d598aca88801a4a0322944d7cdd8d4047 introduced than SO_REUSEADDR should be disabled when IPPROTO_UDP is used. Under normal conditions this makes sense and is also necessary to detect when two processes try to use the same port but for multicast situations like we have them with osmo-bts-virtual, virtphy and gsmtap in general this becomes a problem.</p> OsmoBSC - Bug #3413 (Resolved): TC_lcls_connect_clear does not pass anymore.https://osmocom.org/issues/34132018-07-23T19:39:02Zdexter
<p>After we increased the test coverage in <a class="issue tracker-1 status-3 priority-3 priority-high3 closed" title="Bug: BSC_Tests.ttcn is too tolerant in MGCP validation (Resolved)" href="https://osmocom.org/issues/3292">#3292</a> we observed problems with the LCLS tests. (TC_ho_int is a real regression) Those were then fixed, but now TC_lcls_connect_clear indicates problems again. It is not clear yet what causes the failure, but it the location of the problems seems to be in the second interleave after the clear command is sent. The testcase seems to have problems with receiving/matching the tr_RSL_RF_CHAN_REL() template. The test case passes when CONN_A.receive(tr_RSL_RF_CHAN_REL(?)) is removed from the interleave.</p>
<p>When the interactions are traced using wirshark, the RSL CHANNEL RELEASE message can be seen, so it must be somewhere in the template/interleave processing.</p> OsmoGGSN (former OpenGGSN) - Bug #3319 (Resolved): also handle PCOs that contain primary and seco...https://osmocom.org/issues/33192018-06-04T20:25:53Zdexter
<p>On GTP level in the CREATE PDP CONTEXT message, one finds a field Protocol Configuration Options. This field contains among other info the primary and secondary DNS server address inside an IPCP container. Usually primary and secondary DNS are packed into on IPCP container. However it seems also to be legal to have primary and secondary DNS server in two separate IPCP container. At the moment the parser can only handle one IPCP container so we will loose the secondary DNS in the two-container case. We now have to extend the parser so that it handles IPCP containers flexible.</p>
<p>Attached one finds an example packet where primary and secondary DNS are in two separate IPCP containers.</p> OsmoBSC - Bug #2939 (Resolved): TTCN3: Fix broken paging testshttps://osmocom.org/issues/29392018-02-13T11:11:23Zdexter
<p>Many of the paging tests still fail. The result is the same for pmaier/fsm and for current master. Also the jenkins shows a very similar picture.</p>
<pre>
#BSC_Tests.TC_paging_imsi_nochan # Pass
#BSC_Tests.TC_paging_tmsi_nochan # Fail
#BSC_Tests.TC_paging_tmsi_any # Fail
#BSC_Tests.TC_paging_tmsi_sdcch # Fail
#BSC_Tests.TC_paging_tmsi_tch_f # Fail
#BSC_Tests.TC_paging_tmsi_tch_hf # Fail
#BSC_Tests.TC_paging_imsi_nochan_cgi # Pass
#BSC_Tests.TC_paging_imsi_nochan_lac_ci # Pass
#BSC_Tests.TC_paging_imsi_nochan_ci # Pass
#BSC_Tests.TC_paging_imsi_nochan_lai # Fail
#BSC_Tests.TC_paging_imsi_nochan_lac # Fail
#BSC_Tests.TC_paging_imsi_nochan_all # Pass
#BSC_Tests.TC_paging_imsi_a_reset # Fail
#BSC_Tests.TC_paging_imsi_load # Fail
#BSC_Tests.TC_paging_counter # Fail
#BSC_Tests.TC_rsl_drop_counter # Pass
</pre> OsmoBSC - Bug #2936 (Resolved): Fix TTCN3 Test BSC_Tests.TC_assignment_signhttps://osmocom.org/issues/29362018-02-12T20:23:55Zdexter
<p>The Testcase BSC_Tests.TC_assignment_sign seems to behave incorrectly. It sends an Assignment Request where it requests a signaling only channel SDCCH. Osmo-bsc then decides that is already active is compatible and sends a Channel Mode Modify via RSL, which is never answered. The T10 timeout expires and the assignment fails.</p>
<p>From what I can see, the decision osmo-bsc makes is correct. Also the TTCN3 function f_channel_compatible(ass_cmd.pdu.bssmap.assignmentRequest.channelType, g_chan_nr) that is called from f_establish_fully() comes to the conclusion that the channel is compatible. I am currently lost in the altstep in at the end. I would expect it to continue with as_modify(st) but there I can see none of the steps processed.</p>
<p>From my understanding the behavior of osmo-bsc is correct and the TTCN3 testcase has some malfunction. Attached one finds a trace of the current behavior. See also branch: pmaier/fsm</p> OsmoMGW - Bug #2863 (Resolved): osmo-mgw segfaults on DLCX (use-after-free in mgcp_network.c)https://osmocom.org/issues/28632018-01-23T19:23:47Zdexter
<p>In mgcp_network.c in mgcp_dispatch_rtp_bridge_cb() we use conn->priv to store the pointer to the opposite connection so we do not need to iterate through the connection list once more. When someone frees the opposite connection using a DLCX, then the pointer points to already freed memory. We need some mechanism to invalidate that information on DLCX, so that the callback function can know and prevent the use-after-free.</p> OsmoBSC - Bug #2823 (Resolved): Use bsc_subscr_conn_fsm in BSChttps://osmocom.org/issues/28232018-01-08T22:28:12Zdexter
<p>On laforge/fsm a draft FSM implementation can be found to make the handling of the subscriber connection safer and stateful.</p> OsmoMSC - Bug #2745 (Resolved): UMTS ciphering on GSM does not work when both 2G and 3G keys are ...https://osmocom.org/issues/27452017-12-13T16:20:57Zdexter
<p>When populating the hlr database with 3G keys (auc_3g), then 2G authentication stops working, while 3G authentication on nano3G still works fine. When the 3G keys are removed, then 2G authentication works again. At the moment we suspect that osmo-msc trys to perform 3G authentication on 2G (specified) and fails because it does not work.</p>
<p>In the attached archive one finds a trace from the connection between MSC and BSC and the complete network configuration, hlr database logs and start scripts.</p> libosmocore - Bug #2613 (Closed): vty crashes on tab-completionhttps://osmocom.org/issues/26132017-11-02T16:11:14Zdexter
<p>The problem is located in libosmocore, so it exists in all our products. It<br />looks like it is somehow liked to the tab-completion. The problem can be<br />triggered for example by logging into a vty and try to tab-complete some<br />items of the help menu, it seems to bail at the second level of tab completion.</p>
<pre>
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
Welcome to the osmo-stp control interface
Copyright (C) 2015-2017 by Harald Welte <laforge@gnumonks.org>
Contributions by Holger Freyther, Neels Hofmeyr
License GPLv2+: GNU GPL Version 2 or later <http://gnu.org/licenses/gpl-2.0.html>
This is free software: you are free ot change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Free Software lives by contribution. If you use this, please contribute!
osmo-stp>
show Show running system information
list Print command list
exit Exit current mode and down to previous mode
help Description of the interactive help system
enable Turn on privileged mode command
terminal Set terminal line parameters
who Display who is on vty
logging Configure log message to this terminal
osmo-stp> h
osmo-stp> help
</pre>
<p>Attached the logtext including backtrace.</p> OsmoMSC - Bug #2573 (Closed): segfault in osmo-msc when subscriber silently vanisheshttps://osmocom.org/issues/25732017-10-12T16:56:16Zdexter
<p>Experiment: Use two mobiles, make a call from one to the other. While the call is running, remove the battery of the called mobile. After some time a segfault should occur on the MSC.</p>
<pre>
Thu Oct 12 18:50:29 2017 <000a> a_iface.c:527 N-DATA.ind(9, 00 04 22 04 01 01 )
Thu Oct 12 18:50:29 2017 <000a> a_iface_bssap.c:695 Rx BSC DT: 00 04 22 04 01 01
Thu Oct 12 18:50:29 2017 <000a> a_iface_bssap.c:625 Rx MSC DT1 BSSMAP CLEAR REQUEST
Thu Oct 12 18:50:29 2017 <000a> a_iface_bssap.c:225 BSC requested to clear connection (conn_id=9)
Thu Oct 12 18:50:29 2017 <000a> a_iface_bssap.c:79 Looking for A subscriber: conn_id 9
Thu Oct 12 18:50:29 2017 <001f> a_iface_bssap.c:87 Found A subscriber for conn_id 9
Thu Oct 12 18:50:29 2017 <0002> osmo_msc.c:340 Subscr_Conn(27736205)[0x5555558b39c0]{SUBSCR_CONN_S_COMMUNICATING}: Received Event SUBSCR_CONN_E_CN_CLOSE
Thu Oct 12 18:50:29 2017 <0002> subscr_conn.c:215 Subscr_Conn(27736205)[0x5555558b39c0]{SUBSCR_CONN_S_COMMUNICATING}: state_chg to SUBSCR_CONN_S_RELEASED
Thu Oct 12 18:50:29 2017 <0002> subscr_conn.c:242 Subscr_Conn(27736205)[0x5555558b39c0]{SUBSCR_CONN_S_RELEASED}: Terminating (cause = OSMO_FSM_TERM_REGULAR)
Thu Oct 12 18:50:29 2017 <001e> subscr_conn.c:242 Process_Access_Request_VLR(27736205)[0x5555558b23e0]{PR_ARQ_S_DONE}: Terminating (cause = OSMO_FSM_TERM_PARENT)
Thu Oct 12 18:50:29 2017 <001e> subscr_conn.c:242 Process_Access_Request_VLR(27736205)[0x5555558b23e0]{PR_ARQ_S_DONE}: Removing from parent Subscr_Conn(27736205)[0x5555558b39c0]
Thu Oct 12 18:50:29 2017 <001e> subscr_conn.c:242 Process_Access_Request_VLR(27736205)[0x5555558b23e0]{PR_ARQ_S_DONE}: Freeing instance
Thu Oct 12 18:50:29 2017 <001e> fsm.c:273 Process_Access_Request_VLR(27736205)[0x5555558b23e0]{PR_ARQ_S_DONE}: Deallocated
Thu Oct 12 18:50:29 2017 <0002> osmo_msc.c:328 msc_subscr_conn_close(vsub=MSISDN:23006, cause=2): no conn fsm, releasing directly without release event.
Thu Oct 12 18:50:29 2017 <0006> gsm_04_08.c:1270 transmit message MNCC_REL_IND
Thu Oct 12 18:50:29 2017 <0001> gsm_04_08.c:1293 Sending 'MNCC_REL_IND' to MNCC.
Thu Oct 12 18:50:29 2017 <0006> mncc_builtin.c:312 (call 5) Received message MNCC_REL_IND
Thu Oct 12 18:50:29 2017 <0006> mncc_builtin.c:242 (call 5) Releasing remote with cause 47
Thu Oct 12 18:50:29 2017 <0006> mncc_builtin.c:52 (call 5) Call removed.
Thu Oct 12 18:50:29 2017 <0006> gsm_04_08.c:2839 receive message MNCC_REL_REQ
Thu Oct 12 18:50:29 2017 <0001> gsm_04_08.c:3014 (ti 08 sub 23001) Received 'MNCC_REL_REQ' from MNCC in state 10 (ACTIVE)
Thu Oct 12 18:50:29 2017 <0001> gsm_04_08.c:1525 starting timer T308 with 10 seconds
Thu Oct 12 18:50:29 2017 <0001> gsm_04_08.c:1218 new state ACTIVE -> RELEASE_REQ
Thu Oct 12 18:50:29 2017 <000a> msc_ifaces.c:55 msc_tx 6 bytes to MSISDN:23001 via RAN_GERAN_A
Thu Oct 12 18:50:29 2017 <000a> a_iface.c:143 Passing DTAP message from MSC to BSC (conn_id=8)
Thu Oct 12 18:50:29 2017 <000a> a_iface.c:156 Message will be sent as BSSMAP DTAP message!
Thu Oct 12 18:50:29 2017 <000a> a_iface.c:158 N-DATA.req(8, 01 00 06 83 2d 08 02 81 af )
Thu Oct 12 18:50:29 2017 <0001> gsm_04_08.c:1218 new state ACTIVE -> NULL
Thu Oct 12 18:50:29 2017 <000e> transaction.c:134 VLR subscr MSISDN:23006 usage decreases to: 2
Thu Oct 12 18:50:29 2017 <000e> transaction.c:141 MSISDN:23006: MSC conn use - 1 == 0
Thu Oct 12 18:50:29 2017 <0000> osmo_msc.c:230 subscr MSISDN:23006: Freeing subscriber connection
Thu Oct 12 18:50:29 2017 <000e> osmo_msc.c:232 VLR subscr MSISDN:23006 usage decreases to: 1
Thu Oct 12 18:50:29 2017 <000a> a_iface.c:426 Sending clear command to BSC (conn_id=9)
Program received signal SIGSEGV, Segmentation fault.
vlr_subscr_name (vsub=0x90) at gsm_subscriber_base.c:45
45 if (vsub->msisdn[0])
(gdb) bt
#0 vlr_subscr_name (vsub=0x90) at gsm_subscriber_base.c:45
#1 0x0000555555574c72 in _msc_subscr_conn_put (conn=0x5555558b3ee0, file=0x55555558a6a9 "subscr_conn.c", line=228) at osmo_msc.c:375
#2 0x00007ffff733aef5 in _osmo_fsm_inst_term (fi=0x5555558b39c0, cause=OSMO_FSM_TERM_REGULAR, data=0x0, file=0x55555558a6a9 "subscr_conn.c", line=242) at fsm.c:479
#3 0x00007ffff733a77c in _osmo_fsm_inst_state_chg (fi=0x5555558b39c0, new_state=<optimized out>, timeout_secs=0, T=0, file=<optimized out>, line=<optimized out>) at fsm.c:382
#4 0x00007ffff733aa0d in _osmo_fsm_inst_dispatch (fi=0x5555558b39c0, event=event@entry=6, data=data@entry=0x7fffffffcb5c, file=file@entry=0x55555558a513 "osmo_msc.c", line=line@entry=340) at fsm.c:436
#5 0x0000555555574987 in msc_subscr_conn_close (conn=0x5555558b3ee0, cause=<optimized out>, cause@entry=1) at osmo_msc.c:340
#6 0x0000555555574b19 in msc_clear_request (conn=<optimized out>, cause=cause@entry=1) at osmo_msc.c:262
#7 0x000055555556115c in bssmap_rx_clear_rqst (scu=scu@entry=0x5555558974c0, msg=0x5555558b52b0, a_conn_info=<optimized out>, a_conn_info=<optimized out>) at a_iface_bssap.c:242
#8 0x00005555555621a3 in rx_bssmap (msg=<optimized out>, a_conn_info=0x7fffffffdbc8, scu=0x5555558974c0) at a_iface_bssap.c:629
#9 sccp_rx_dt (scu=scu@entry=0x7ffff6c7b880 <sccp_scoc_states>, a_conn_info=a_conn_info@entry=0x7fffffffdbd0, msg=<optimized out>) at a_iface_bssap.c:706
#10 0x000055555555f6b4 in sccp_sap_up (oph=0x7ffff6c7e5a0 <sccp_scoc_fsm>, _scu=0x7ffff6c7b880 <sccp_scoc_states>) at a_iface.c:528
#11 0x00007ffff733aa0d in _osmo_fsm_inst_dispatch (fi=0x5555558b1be0, event=11, data=data@entry=0x5555558b4f20, file=file@entry=0x7ffff6a6c4bd "sccp_scoc.c", line=line@entry=1579) at fsm.c:436
#12 0x00007ffff6a5d5cc in sccp_scoc_rx_from_scrc (inst=inst@entry=0x5555558973f0, xua=xua@entry=0x5555558b4f20) at sccp_scoc.c:1579
#13 0x00007ffff6a5b220 in scrc_rx_mtp_xfer_ind_xua (inst=inst@entry=0x5555558973f0, xua=0x5555558b4f20) at sccp_scrc.c:447
#14 0x00007ffff6a5e0f5 in mtp_user_prim_cb (oph=0x5555558a1c68, ctx=0x5555558973f0) at sccp_user.c:174
#15 0x00007ffff6a561c2 in m3ua_rx_xfer (xua=0x5555558a9580, asp=0x555555873230) at m3ua.c:584
#16 m3ua_rx_msg (asp=asp@entry=0x555555873230, msg=msg@entry=0x5555558a2ec0) at m3ua.c:736
#17 0x00007ffff6a6103b in xua_cli_read_cb (conn=<optimized out>) at osmo_ss7.c:1552
#18 0x00007ffff5c6c39b in osmo_stream_cli_read (cli=0x555555896e30) at stream.c:166
#19 osmo_stream_cli_fd_cb (ofd=<optimized out>, what=1) at stream.c:250
#20 0x00007ffff73376ee in osmo_fd_disp_fds (_eset=0x7fffffffdff0, _wset=0x7fffffffdf70, _rset=0x7fffffffdef0) at select.c:213
#21 osmo_select_main (polling=<optimized out>) at select.c:253
#22 0x000055555555ed6c in main (argc=3, argv=0x7fffffffe1d8) at msc_main.c:587
(gdb)
</pre> OsmoMGW - Feature #2516 (Resolved): automatic testing of osmo-mgw / jenkins integrationhttps://osmocom.org/issues/25162017-09-18T21:45:01Zdexter
<p>Currently we test osmo-mgw with unit tests. It might make sense to run some more realistic tests. The idea is to start osmo-mgw in a testrig that then makes test connections and sends test data. The testrig could be a python program or even a TTCN3 test.</p>
Some ideas:
<ul>
<li>Send command (e.g. CRCX) and inspect resulting internal states via VTY also check response for plausibility</li>
<li>Send odd command sequences, check if the expected error codes are generated.</li>
<li>Send malformed messages or incomplete messages, check if the expected error codes are generated</li>
<li>Create a full connection, send RTP packets through, check if the RTP packets take the right path</li>
<li>Create a loopback connection, send RTP packets, check if the packets are reflected correctly</li>
</ul> OpenBSC - Feature #2515 (Closed): integrate osmo-mgw in osmo-bschttps://osmocom.org/issues/25152017-09-18T15:48:17Zdexter
<p>osmo-mgw has reached a development state, where it makes sens to try out how it performs in a real life situation. Osmo-bsc seems like a good test target for that and requires mgcp features anyway to support handover. The complexity can be limited by leaving osmo-msc on the legacy mgcp, while performing changes only to osmo-bsc. When done, osmo-bsc should not behave any different on the A-Interface.</p> OsmoSGSN - Bug #2501 (In Progress): suspected problem with unanswered neighbor solicitationhttps://osmocom.org/issues/25012017-09-07T12:20:44Zdexter
<p>getting and using an IPV6 pdp context has been tested successfully using a<br />samsung galaxy S2, but tests with a Getnord ONYX fail.</p>
<p>In the failure case, the PDP-Context is opened successfully, also the following<br />interactions look good. Except that the pdp context is closed by the phone a<br />shortly after it had been established. The dactivation cause is a regular<br />deactivation.</p>
<p>When comparing the two traces it is distinctive, that the trace from the<br />getnord does contain a neighbor solicitation request. This request seems to be<br />ignored by the GGSN. It is likely that the getnord mobile interprets this as<br />a failure and then closes the pdp context.</p>
<p>The traces of the two cases are attached to this ticket.</p> libosmo-sccp + libosmo-sigtran - Bug #2441 (Closed): chopped-off pointcodeshttps://osmocom.org/issues/24412017-08-15T11:16:54Zdexter
<p>It seems that that the pointcode data is chopped off when receiving unittdata.</p>
<p>When looking at the attached trace.pcapng file, one can see that the RESET<br />command is correctly transmitted, but the response, the RESET ACK is always<br />sent to the wrong destination address. (187 instead of 2235). When converting<br />those to numbers one can see that the addresses seem to be chopped off,<br />presumably at the 8th bit:</p>
<pre>
2235 = 100010111011
187 = 10111011
</pre>
<p>When investigating further it turns out that the pointcode is already chopped<br />off when the RESET is received:</p>
<pre>
Tue Aug 15 11:35:20 2017 <000a> a_iface.c:531 N-UNITDATA.ind(00 04 30 04 01 20 )
Tue Aug 15 11:35:20 2017 <000a> a_iface_bssap.c:184 Rx BSC UDT: 00 04 30 04 01 20
Tue Aug 15 11:35:20 2017 <000a> a_iface_bssap.c:157 Rx BSC UDT BSSMAP RESET
Tue Aug 15 11:35:20 2017 <000a> a_iface_bssap.c:110 Rx RESET from BSC RI=SSN_PC,PC=0.23.3,SSN=unknown 0xfe,GTI=NO_GT, sending RESET ACK
Tue Aug 15 11:35:20 2017 <000a> fsm.c:176 FSM RESET(FSM RESET INST)[0x55555589b7a0]{DISC}: Timeout of T0
Tue Aug 15 11:35:20 2017 <000a> a_reset.c:102 (RI=SSN_PC,PC=0.23.3,SSN=unknown 0xfe,GTI=NO_GT) reset-ack timeout (T0) in state ST_DISC (disconnected), resending...
Tue Aug 15 11:35:20 2017 <000a> a_iface.c:443 Sending RESET to BSC RI=SSN_PC,PC=0.23.3,SSN=unknown 0xfe,GTI=NO_GT
</pre>
<p>Presumably the upcoming primitive already contains the chopped pointcode.</p> OsmoMSC - Feature #2397 (Resolved): let osmo-msc record location area from location update for LA...https://osmocom.org/issues/23972017-07-24T20:13:10Zdexter
<p>The MSC is responsible to issue the paging commands to the BSS (BSC), it should know which BSC has which location area under its control in order to support LAC wide paging at some point. Since we automatically discover the BSCs we also need to discover automatically which location are is behind which MSC. The location area becomes known with the first location update a random phone is doing. We could just update a list with location areas we have got location area updates from. This list can than be used to find out which BSC, handles which location area.</p> OsmoMSC - Bug #2322 (Resolved): Make osmo-msc work with external mncchttps://osmocom.org/issues/23222017-06-12T17:06:27Zdexter
<p>In its current state, osmo-msc does not work with the external mncc. This needs to be fixed.</p> libosmo-sccp + libosmo-sigtran - Bug #2259 (New): problem with local referencehttps://osmocom.org/issues/22592017-05-16T13:05:55Zdexter
<p>When a connection attemt (local reference = 2) is made, libosmo-sccp complains with "<000d> sccp_scoc.c:1528 Cannot find connection for local reference 2". Current master is at 872c6b2a8e309ca6739ef295f1fc468c189e4ec9. The problem seems to be introduced with commit 5527df78adc08b76df07c4b682263b5bdd6181d4 (libosmo-sccp.git). When the commit is reverted, the correct functionality of libosmo-sccp seems to be restored.</p>
<p>The problem can be demonstrated by using the client/server example that is shipped with libosmo-sccp. The following VTY-Commands were used to trigger the problem:</p>
<pre>
enable
sccp-user
called-addr-ssn 202
connect-req 2 hello
</pre>
<p>Note: In the good case I can see the normal CR with payload attached and the CC that with the payload that is echoed by the the echo subsystem. The bad case results in an CREF message, which contains an refusal cause code 0x0F (unqalified)</p> libosmo-sccp + libosmo-sigtran - Bug #2004 (Closed): Problem sending CR without datahttps://osmocom.org/issues/20042017-04-10T12:03:00Zdexter
<p>When attempting to send a connection response (CR) without any data using:</p>
<pre>
osmo_sccp_tx_conn_resp(scu, scu_prim->u.connect.conn_id,
&scu_prim->u.connect.called_addr,
NULL, 0);
</pre>
<p>Wireshark displays a malformed packet. To me it looks like if there is an optional parameter (the data part) announced, but the data is (of course) not there. However. CR seems to work fine when no data is attached.</p> libosmo-sccp + libosmo-sigtran - Bug #1995 (Closed): Segfault when callin osmo_sccp_tx_unitdata()...https://osmocom.org/issues/19952017-04-07T08:44:51Zdexter
<p>The problem occurs when a peer (server role) tries to send unitdata to a remote peer (client) that is not connected.</p>
<p>The attached code contains the source code snippets I used for experimentation.</p>
<p>Good case:<br />fist start dummy_msc (client), then dummy_bsc (server). The client will connect and when the timer at the server expires unitdata is sent from the server to the client.</p>
<p>Bad case:<br />start dummy_bsc, when the timer expires, the segfault occurs.</p>
<p>Note: The scheme is a bit odd and not covered by the examples, since there, the server never actively sends data without being stimulated through an existing connection. It is questionable if a server should send unsolicited data at all. In this test, the server role has been chosen for one side because of the lack of an STP.</p>