Project

General

Profile

Support #3625

Assert failed scl->len >= 1 gsm0808_utils.c:353

Added by Armin 2 months ago. Updated about 2 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
-
Target version:
-
Start date:
10/03/2018
Due date:
% Done:

100%

Spec Reference:

Description

When I try to register on my network, osmo-bsc stops working and error happen (Assert failed).

<0003> abis_rsl.c:1359 (bts=0) CHAN RQD: reason: Location updating (ra=0x07, neci=0x01, chreq_reason=0x03)
<0007> fsm.c:299 SUBSCR_CONN[0x150d160]{INIT}: Allocated
<000f> fsm.c:299 LCLS[0x150d310]{NO_LCLS}: Allocated
<000f> fsm.c:329 LCLS[0x150d310]{NO_LCLS}: is child of SUBSCR_CONN[0x150d160]
<0007> osmo_bsc_sigtran.c:286 Initializing resources for new SIGTRAN connection to MSC: RI=SSN_PC,PC=0.23.1,SSN=BSSAP...
Assert failed scl->len >= 1 gsm0808_utils.c:353
backtrace() returned 13 addresses
/usr/local/lib/libosmocore.so.11(osmo_panic+0xcb) [0x7f9a4d7bbd3b]
/usr/local/lib/libosmogsm.so.10(gsm0808_enc_speech_codec_list+0x15d) [0x7f9a4da015fd]
/usr/local/lib/libosmogsm.so.10(gsm0808_create_layer3_2+0x160) [0x7f9a4d9ebc00]
osmo-bsc() [0x45c245]
osmo-bsc() [0x45c51d]
osmo-bsc() [0x43a563]
osmo-bsc() [0x41c0c2]
/usr/local/lib/libosmoabis.so.6(ipaccess_fd_cb+0x131) [0x7f9a4d598f01]
/usr/local/lib/libosmocore.so.11(osmo_select_main+0x242) [0x7f9a4d7b2852]
osmo-bsc() [0x4088cf]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf0) [0x7f9a4cd9f830]
osmo-bsc() [0x408919]
signal 6 received
......
...
Aborted (core dumped)
vue@vue:~$

I started everything: osmo-trx-lms, osmo-bts-trx, osmo-bsc, osmo-msc, osmo-hlr, osmo-mgw, osmo-stp.
What can be wrong and why assert failed occurs?

History

#1 Updated by dexter 2 months ago

  • Assignee changed from Armin to dexter

Hello Armin,

By your back-trace I can see that osmo-bsc tried to encode a speech codec list that is empty. By definition that shouln't happen. The fact that the assert() is hit is clearly a bug, if the codec negotiation fails, it should fail gracefully and not crash of course.

To investigate this I need some more information:

  • A trace and a full log so I can better locate where the codec negotiation fails. I also need to see what codecs MSC and the MS are advertising
  • The osmo-bsc config file, so I can see which are allowed/configured
  • (a backtrace with debug symbols would also help a lot)

best regards,
Philipp

#2 Updated by Armin 2 months ago

The Osmo-bsc config

!
! OsmoBSC (1.3.0.97-a82f) configuration saved from vty
!!
!
log stderr
logging filter all 1
logging color 1
logging print category 0
logging timestamp 0
logging print file 1
logging level rll notice
logging level mm notice
logging level rr notice
logging level rsl notice
logging level nm info
logging level pag notice
logging level meas notice
logging level msc notice
logging level ho notice
logging level hodec notice
logging level ref notice
logging level nat notice
logging level ctrl notice
logging level filter debug
logging level pcu debug
logging level lcls notice
logging level chan notice
logging level ts notice
logging level as notice
logging level lglobal notice
logging level llapd notice
logging level linp notice
logging level lmux notice
logging level lmi notice
logging level lmib notice
logging level lsms notice
logging level lctrl notice
logging level lgtp notice
logging level lstats notice
logging level lgsup notice
logging level loap notice
logging level lss7 notice
logging level lsccp notice
logging level lsua notice
logging level lm3ua notice
logging level lmgcp notice
logging level ljibuf notice
!
stats interval 5
!
line vty
no login
!
e1_input
e1_line 0 driver ipa
e1_line 0 port 0
no e1_line 0 keepalive
cs7 instance 0
point-code 0.23.3
asp asp-clnt-msc-0 2905 0 m3ua
as as-clnt-msc-0 m3ua
asp asp-clnt-msc-0
routing-key 0 0.23.3
network
network country code 001
mobile network code 01
encryption a5 0
neci 1
paging any use tch 0
handover 0
handover algorithm 1
handover1 window rxlev averaging 10
handover1 window rxqual averaging 1
handover1 window rxlev neighbor averaging 10
handover1 power budget interval 6
handover1 power budget hysteresis 3
handover1 maximum distance 9999
dyn_ts_allow_tch_f 0
bts 0
type sysmobts
band GSM900
cell_identity 0
location_area_code 1
base_station_id_code 63
ms max power 15
cell reselection hysteresis 4
rxlev access min 0
radio-link-timeout 32
channel allocator ascending
rach tx integer 9
rach max transmission 7
channel-descrption attach 1
channel-descrption bs-pa-mfrms 5
channel-descrption bs-ag-blks-res 1
no access-control-class-ramping
access-control-class-ramping-step-interval dynamic
access-control-class-ramping-step-size 1
early-classmark-sending forbidden
early-classmark-sending-3g allowed
ip.access unit_id 6969 0
oml ip.access stream_id 255 line 0
neighbor-list mode manual-si5
neighbor-list add arfcn 100
neighbor-list add arfcn 200
si5 neighbor-list add arfcn 10
si5 neighbor-list add arfcn 20
codec-support fr
amr tch-f modes 1 2 6 7
amr tch-f threshold ms 0 0 0
amr tch-f hysteresis ms 0 0 0
amr tch-f threshold bts 0 0 0
amr tch-f hysteresis bts 0 0 0
amr tch-f start-mode auto
amr tch-h modes 1 2 4 5
amr tch-h threshold ms 0 0 0
amr tch-h hysteresis ms 0 0 0
amr tch-h threshold bts 0 0 0
amr tch-h hysteresis bts 0 0 0
amr tch-h start-mode auto
gprs mode none
no force-combined-si
trx 0
rf_locked 0
arfcn 0
nominal power 12
max_power_red 20
rsl e1 tei 0
timeslot 0
phys_chan_config CCCH+SDCCH4+CBCH
hopping enabled 0
timeslot 1
phys_chan_config SDCCH8
hopping enabled 0
timeslot 2
phys_chan_config TCH/F
hopping enabled 0
timeslot 3
phys_chan_config TCH/F
hopping enabled 0
timeslot 4
phys_chan_config TCH/F
hopping enabled 0
timeslot 5
phys_chan_config TCH/F
hopping enabled 0
timeslot 6
phys_chan_config TCH/F
hopping enabled 0
timeslot 7
phys_chan_config TCH/F
hopping enabled 0
msc 0
ip.access rtp-base 4000
no bsc-welcome-text
no bsc-msc-lost-text
no bsc-grace-text
type normal
allow-emergency allow
amr-config 12_2k forbidden
amr-config 10_2k forbidden
amr-config 7_95k forbidden
amr-config 7_40k forbidden
amr-config 6_70k forbidden
amr-config 5_90k allowed
amr-config 5_15k forbidden
amr-config 4_75k forbidden
asp-protocol m3ua
lcls-mode disabled
lcls-codec-mismatch forbidden
mgw local-port 2727
mgw remote-ip 127.0.0.1
mgw remote-port 2427
mgw endpoint-range 1 31
bsc
mid-call-timeout 0
no missing-msc-text

If I understand right, there is only amr codecs configured in the config.

Please explain, how can I enable debug symbols in backtrace.
And I cannot understand, how to get full log. Do I need enable it in config file through vty (like logging level set-all)?
I will prepare all necessary information and send it tomorrow.

#3 Updated by dexter 2 months ago

  • Status changed from New to In Progress
  • % Done changed from 0 to 90

Hello Armin,

thanks for posting your configuration. I was able to reproduce the problem. Your configuration lacks a codec-list setting. 3GPP 48.008 requires a Codec List (BSS Supported) in the COMPLETE LAYER 3 INFORMATION message. When no codecs are configured this list will be empty and the code that generates the Codec List (BSS Supported) does not accept empty lists. There is now a check added that prevents the coded running into the assert, but the registration will still fail when no codecs are set. To also prevent this as well I have added a reasonable codec default. Once the following two patches are merged your setup should work again, but only if your MSC is configured to accept GSM-FR1.

https://gerrit.osmocom.org/#/c/osmo-bsc/+/11236 gsm_08_08: abort complete L3 3 msg gen when no codecs are set
https://gerrit.osmocom.org/#/c/osmo-bsc/+/11237 osmo_bsc_msc: Set reasonable codec list defaults

For now you can fix the problem by just configuring a codec list that matches your operating conditions:

Example:

msc 0
 codec-list fr1

(For generating a backtrace with debug symbols you can just use gdb --args [commandline], type "r" to run and then once it crashed just type "bt" to generate the backtrace. It should contain debug symbols when you compiled your the code yourself from current master. I am not sure how the situation is with the debian packages, but I think there the debug symbols will be stripped.)

best regards,
Philipp

#4 Updated by Armin 2 months ago

Hi dexter,

Thank you for you help and explanation.
I mentioned the "codec-list fr1" in osmo-bsc.cfg, everything is working perfectly now.
I will continue to help improve the software and test its features as much as my knowledge allow.

#5 Updated by dexter 2 months ago

Note: There is one patch still in review. Basically this is now about avoiding/preventing problematic configurations: https://gerrit.osmocom.org/#/c/osmo-bsc/+/11243/

#6 Updated by laforge 2 months ago

On Mon, Oct 08, 2018 at 07:56:46AM +0000, dexter [REDMINE] wrote:

Note: There is one patch still in review. Basically this is now about avoiding/preventing problematic configurations: https://gerrit.osmocom.org/#/c/osmo-bsc/+/11243/

now merged.

#7 Updated by dexter about 2 months ago

  • Status changed from In Progress to Resolved
  • % Done changed from 90 to 100

The problem is now fixed (see also #3657), so I think we can close this now.

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 48.8 MB)