Project

General

Profile

Bug #3989

Updated by neels almost 5 years ago

I just upgraded to the recent OsmoMSC with the bomb refactoring "code bomb" patch merged. Both SMS and USSD seem to work just fine, but when I am trying to call, I am getting a segfault: 

 <pre> 
 DRR DEBUG ran_peer.c:551 ran_peer(GERAN-A:RI-SSN_PC:PC-0-23-3:SSN-BSSAP)[0x1539400]{READY}: Received Event RAN_PEER_EV_MSG_UP_CO_INITIAL 
 DRLL DEBUG msc_a.c:1147 msc_a(unknown:GERAN-A-1:NONE)[0x15577e0]{MSC_A_ST_VALIDATE_L3}: Dispatching 04.08 message: MM GSM48_MT_MM_CM_SERV_REQ 
 DMM DEBUG gsm_04_08.c:738 msc_a(TMSI-0x765C0CA7:GERAN-A-1:CM_SERVICE_REQ)[0x15577e0]{MSC_A_ST_VALIDATE_L3}: Rx CM SERVICE REQUEST cm_service_type=MO-Call 
 DRR DEBUG ran_conn.c:119 ran_peer(GERAN-A:RI-SSN_PC:PC-0-23-3:SSN-BSSAP)[0x1539400]{READY}: Received Event RAN_PEER_EV_MSG_DOWN_CO 
 DRR DEBUG ran_peer.c:551 ran_peer(GERAN-A:RI-SSN_PC:PC-0-23-3:SSN-BSSAP)[0x1539400]{READY}: Received Event RAN_PEER_EV_MSG_UP_CO 
 DRR DEBUG ran_peer.c:551 ran_peer(GERAN-A:RI-SSN_PC:PC-0-23-3:SSN-BSSAP)[0x1539400]{READY}: Received Event RAN_PEER_EV_MSG_UP_CO 
 DRLL DEBUG msc_a.c:1147 msc_a(IMSI-262073993158656:MSISDN-123456:TMSI-0x765C0CA7:GERAN-A-1:CM_SERVICE_REQ)[0x15577e0]{MSC_A_ST_AUTHENTICATED}: Dispatching 04.08 message: CC GSM48_MT_CC_SETUP 
 DCC DEBUG transaction.c:152 trans(CC IMSI-262073993158656:MSISDN-123456:TMSI-0x765C0CA7 callref-0x80000001 tid-8) New transaction 
 DCC DEBUG gsm_04_08_cc.c:2151 trans(CC IMSI-262073993158656:MSISDN-123456:TMSI-0x765C0CA7:GERAN-A-1:CM_SERVICE_REQ callref-0x80000001 tid-8) rx SETUP in state NULL 
 DCC DEBUG gsm_04_08_cc.c:119 trans(CC IMSI-262073993158656:MSISDN-123456:TMSI-0x765C0CA7:GERAN-A-1:CM_SERVICE_REQ callref-0x80000001 tid-8) starting guard timer with 180 seconds 
 DCC DEBUG gsm_04_08_cc.c:189 trans(CC IMSI-262073993158656:MSISDN-123456:TMSI-0x765C0CA7:GERAN-A-1:CM_SERVICE_REQ callref-0x80000001 tid-8) new state NULL -> INITIATED 
 DCC INFO gsm_04_08_cc.c:567 trans(CC IMSI-262073993158656:MSISDN-123456:TMSI-0x765C0CA7:GERAN-A-1:CM_SERVICE_REQ callref-0x80000001 tid-8) SETUP to 995 
 DMNCC DEBUG gsm_04_08_cc.c:233 trans(CC IMSI-262073993158656:MSISDN-123456:TMSI-0x765C0CA7:GERAN-A-1:CM_SERVICE_REQ callref-0x80000001 tid-8) tx MNCC_SETUP_IND 
 DMNCC DEBUG mncc_builtin.c:285 (call 80000001) Call created. 
 DMNCC DEBUG mncc_builtin.c:295 (call 80000001) Received message MNCC_SETUP_IND 
 DMNCC DEBUG mncc_builtin.c:110 (call 80000001, remote 1) Creating new remote instance. 
 DMNCC DEBUG mncc_builtin.c:119 (call 80000001, remote 1) Accepting call. 
 Assert failed msg_type == msg->msg_type gsm_04_08_cc.c:2017 
 </pre> 

 Some details: I am not running OsmoMGW, and using the built-in MNCC implementation. 

 <pre> 
 gdb# bt 
 #0    0x00007ffff60b9c37 in __GI_raise (sig=sig@entry=0x6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56 
 #1    0x00007ffff60bd028 in __GI_abort () at abort.c:89 
 #2    0x00007ffff7321f75 in osmo_panic_default (args=0x7fffffffa378, fmt=<optimized out>) at panic.c:49 
 #3    osmo_panic (fmt=<optimized out>) at panic.c:84 
 #4    0x00000000004656cd in mncc_tx_to_cc (net=0x760ee0, msg_type=0x108, arg=0x7fffffffa4f0) at gsm_04_08_cc.c:2017 
 #5    0x000000000041d32e in mncc_setup_ind (call=0x86b8e0, msg_type=0x102, setup=0x86e2f8) at mncc_builtin.c:120 
 #6    0x000000000041ddea in int_mncc_recv (net=0x760ee0, msg=0x86e270) at mncc_builtin.c:299 
 #7    0x000000000045d90d in cc_tx_to_mncc (net=0x760ee0, msg=0x86e270) at gsm_04_08_cc.c:129 
 #8    0x000000000045dff7 in mncc_recvmsg (net=0x760ee0, trans=0x86dd60, msg_type=0x102, mncc=0x7fffffffbd60) at gsm_04_08_cc.c:244 
 #9    0x000000000045fec5 in gsm48_cc_rx_setup (trans=0x86dd60, msg=0x868930) at gsm_04_08_cc.c:572 
 #10 0x0000000000466473 in gsm0408_rcv_cc (msc_a=0x868e20, msg=0x868930) at gsm_04_08_cc.c:2173 
 #11 0x000000000042834e in msc_a_up_l3 (msc_a=0x868e20, msg=0x868930) at msc_a.c:1195 
 #12 0x0000000000429001 in msc_a_ran_dec_from_msc_i (msc_a=0x868e20, d=0x7fffffffca10) at msc_a.c:1343 
 #13 0x0000000000429bba in msc_a_ran_decode_cb (msc_a_fi=0x86dc30, data=0x7fffffffca10, msg=0x7fffffffc390) at msc_a.c:1490 
 #14 0x000000000043cf31 in ran_decoded (ran_dec=0x7fffffffc9a0, ran_msg=0x7fffffffc390) at ran_msg.c:159 
 #15 0x0000000000441e2d in ran_a_decode_l3 (ran_dec=0x7fffffffc9a0, l3=0x868930) at ran_msg_a.c:854 
 #16 0x00000000004420a7 in ran_a_decode_l2 (ran_dec=0x7fffffffc9a0, bssap=0x868930) at ran_msg_a.c:878 
 #17 0x0000000000423812 in msc_role_ran_decode (fi=0x86dc30, an_apdu=0x7fffffffd390, decode_cb=0x429a2c <msc_a_ran_decode_cb>,  
     decode_cb_data=0x7fffffffca10) at msub.c:589 
 #18 0x0000000000423dd4 in msc_a_ran_dec (msc_a=0x868e20, an_apdu=0x7fffffffd390, from_role=MSC_ROLE_I) at msc_a.c:171 
 #19 0x0000000000425798 in msc_a_fsm_authenticated (fi=0x86dc30, event=0xa, data=0x7fffffffd390) at msc_a.c:460 
 #20 0x00007ffff731b560 in _osmo_fsm_inst_dispatch (fi=0x86dc30, event=0xa, data=0x7fffffffd390, file=0x48e5c6 "msc_i.c", line=0x55) 
     at fsm.c:818 
 #21 0x0000000000422e37 in _msub_role_dispatch (msub=0x869d40, to_role=MSC_ROLE_A, to_role_event=0xa, an_apdu=0x7fffffffd390,  
     file=0x48e5c6 "msc_i.c", line=0x55) at msub.c:449 
 #22 0x000000000042bb94 in msc_i_ready_decode_cb (msc_i_fi=0x86da60, data=0x7fffffffd390, msg=0x7fffffffcc00) at msc_i.c:85 
 #23 0x000000000043cf31 in ran_decoded (ran_dec=0x7fffffffd210, ran_msg=0x7fffffffcc00) at ran_msg.c:159 
 #24 0x0000000000441e2d in ran_a_decode_l3 (ran_dec=0x7fffffffd210, l3=0x868930) at ran_msg_a.c:854 
 #25 0x00000000004420a7 in ran_a_decode_l2 (ran_dec=0x7fffffffd210, bssap=0x868930) at ran_msg_a.c:878 
 #26 0x0000000000423812 in msc_role_ran_decode (fi=0x86da60, an_apdu=0x7fffffffd390, decode_cb=0x42bb01 <msc_i_ready_decode_cb>,  
     decode_cb_data=0x7fffffffd390) at msub.c:589 
 #27 0x000000000042bd4f in msc_i_fsm_ready (fi=0x86da60, event=0xa, data=0x7fffffffd390) at msc_i.c:110 
 #28 0x00007ffff731b560 in _osmo_fsm_inst_dispatch (fi=0x86da60, event=0xa, data=0x7fffffffd390, file=0x497d49 "ran_peer.c", line=0x170) 
     at fsm.c:818 
 #29 0x000000000044597f in ran_peer_st_ready (fi=0x86b7b0, event=0x2, data=0x7fffffffd4d0) at ran_peer.c:368 
 #30 0x00007ffff731b560 in _osmo_fsm_inst_dispatch (fi=0x86b7b0, event=0x2, data=0x7fffffffd4d0, file=0x497d49 "ran_peer.c", line=0x227) 
     at fsm.c:818 
 --Type <RET> for more, q to quit, c to continue without paging-- 
 #31 0x000000000044615e in ran_peer_up_l2 (sri=0x853640, calling_addr=0x0, co=0x1, conn_id=0x2, l2=0x868930) at ran_peer.c:551 
 #32 0x000000000040ae31 in sccp_ran_sap_up (oph=0x8689b8, _scu=0x853740) at sccp_ran.c:110 
 #33 0x00007ffff731b560 in _osmo_fsm_inst_dispatch (fi=0x86cf90, event=0xb, data=data@entry=0x850430,  
     file=file@entry=0x7ffff6c97697 "sccp_scoc.c", line=line@entry=0x68d) at fsm.c:818 
 #34 0x00007ffff6c871c1 in sccp_scoc_rx_from_scrc (inst=inst@entry=0x853520, xua=xua@entry=0x850430) at sccp_scoc.c:1677 
 #35 0x00007ffff6c84c30 in scrc_rx_mtp_xfer_ind_xua (inst=inst@entry=0x853520, xua=0x850430) at sccp_scrc.c:457 
 #36 0x00007ffff6c87e15 in mtp_user_prim_cb (oph=0x86aab8, ctx=0x853520) at sccp_user.c:176 
 #37 0x00007ffff6c7fd74 in m3ua_rx_xfer (xua=0x86d940, asp=0x84d3b0) at m3ua.c:586 
 #38 m3ua_rx_msg (asp=asp@entry=0x84d3b0, msg=msg@entry=0x86c4a0) at m3ua.c:739 
 #39 0x00007ffff6c8e67b in xua_cli_read_cb (conn=0x853350) at osmo_ss7.c:1650 
 #40 0x00007ffff7104d63 in osmo_stream_cli_read (cli=0x853350) at stream.c:213 
 #41 osmo_stream_cli_fd_cb (ofd=0x853350, what=0x1) at stream.c:297 
 #42 0x00007ffff7316cb4 in osmo_fd_disp_fds (_eset=0x7fffffffda40, _wset=0x7fffffffd9c0, _rset=0x7fffffffd940) at select.c:223 
 #43 osmo_select_main (polling=0x0) at select.c:263 
 #44 0x00000000004098dc in main (argc=0x3, argv=0x7fffffffdc48) at msc_main.c:744 
 #45 0x00007ffff60a4f45 in __libc_start_main (main=0x4090dc <main>, argc=0x3, argv=0x7fffffffdc48, init=<optimized out>, fini=<optimized out>,  
     rtld_fini=<optimized out>, stack_end=0x7fffffffdc38) at libc-start.c:287 
 #46 0x0000000000408979 in _start () 
 </pre>

Back

Add picture from clipboard (Maximum size: 48.8 MB)