Bug #4756
closedosmo-pcu: assert hit
90%
Description
$ osmo-pcu --version OsmoPCU version 0.8.0.199-2597
20200916182904116 DRLCMACMEAS gprs_rlcmac_meas.cpp:108 MS(TLLI=0x9b2a715a, IMSI=000, TA=0, 12/12, UL DL) UL RSSI: -11 dBm 20200916182904291 DRLCMACMEAS gprs_rlcmac_meas.cpp:186 DL Bandwitdh of IMSI=901700000015254 / TLLI=0xd0176e02: 1915 KBits/s 20200916182904457 DRLCMACMEAS gprs_rlcmac_meas.cpp:108 MS(TLLI=0xd0176e02, IMSI=901700000015254, TA=0, 12/12, UL DL) UL RSSI: -17 dBm 20200916182904656 DRLCMACMEAS gprs_rlcmac_meas.cpp:108 MS(TLLI=0x9b2a715a, IMSI=000, TA=0, 12/12, UL DL) UL RSSI: -11 dBm 20200916182904992 DRLCMACMEAS gprs_rlcmac_meas.cpp:186 DL Bandwitdh of IMSI=000 / TLLI=0x9b2a715a: 108 KBits/s 20200916182905215 DRLCMACMEAS gprs_rlcmac_meas.cpp:108 MS(TLLI=0x9b2a715a, IMSI=901700000015256, TA=0, 12/12, UL DL) UL RSSI: -11 dBm 20200916182905292 DRLCMACMEAS gprs_rlcmac_meas.cpp:186 DL Bandwitdh of IMSI=901700000015254 / TLLI=0xd0176e02: 1004 KBits/s 20200916182905374 DRLCMACMEAS gprs_rlcmac_meas.cpp:46 MS(TLLI=0xd0176e02, IMSI=901700000015254, TA=0, 12/12, UL DL) Rx Measurement Report: NC1 Serv -52 dbm 20200916182905477 DRLCMACMEAS gprs_rlcmac_meas.cpp:108 MS(TLLI=0xd0176e02, IMSI=901700000015254, TA=0, 12/12, UL DL) UL RSSI: -17 dBm 20200916182905734 DRLCMACMEAS gprs_rlcmac_meas.cpp:108 MS(TLLI=0xd0176e02, IMSI=901700000015254, TA=0, 12/12, UL DL) UL RSSI: -17 dBm 20200916182906055 DRLCMACMEAS gprs_rlcmac_meas.cpp:108 MS(TLLI=0x9b2a715a, IMSI=901700000015256, TA=0, 12/12, UL DL) UL RSSI: -11 dBm 20200916182906109 DRLCMACMEAS gprs_rlcmac_meas.cpp:186 DL Bandwitdh of IMSI=901700000015256 / TLLI=0x9b2a715a: 207 KBits/s 20200916182906492 DRLCMACMEAS gprs_rlcmac_meas.cpp:186 DL Bandwitdh of IMSI=901700000015254 / TLLI=0xd0176e02: 968 KBits/s 20200916182906574 DRLCMACMEAS gprs_rlcmac_meas.cpp:108 MS(TLLI=0xd0176e02, IMSI=901700000015254, TA=0, 12/12, UL DL) UL RSSI: -17 dBm 20200916182906618 DRLCMACMEAS gprs_rlcmac_meas.cpp:108 MS(TLLI=0xe7daadb8, IMSI=901700000015256, TA=0, 12/12, UL DL) UL RSSI: -11 dBm 20200916182907231 DRLCMACMEAS gprs_rlcmac_meas.cpp:186 DL Bandwitdh of IMSI=901700000015256 / TLLI=0xe7daadb8: 145 KBits/s 20200916182907516 DRLCMACMEAS gprs_rlcmac_meas.cpp:108 MS(TLLI=0xd0176e02, IMSI=901700000015254, TA=0, 12/12, UL DL) UL RSSI: -17 dBm 20200916182907753 DRLCMACMEAS gprs_rlcmac_meas.cpp:186 DL Bandwitdh of IMSI=901700000015254 / TLLI=0xd0176e02: 3270 KBits/s 20200916182908272 DRLCMACMEAS gprs_rlcmac_meas.cpp:108 MS(TLLI=0xd0176e02, IMSI=901700000015254, TA=0, 12/12, UL DL) UL RSSI: -17 dBm 20200916182908869 DRLCMACMEAS gprs_rlcmac_meas.cpp:186 DL Bandwitdh of IMSI=901700000015254 / TLLI=0xd0176e02: 728 KBits/s 20200916182909196 DRLCMACMEAS gprs_rlcmac_meas.cpp:46 MS(TLLI=0xd0176e02, IMSI=901700000015254, TA=0, 12/12, UL DL) Rx Measurement Report: NC1 Serv -51 dbm 20200916182909436 DRLCMACMEAS gprs_rlcmac_meas.cpp:108 MS(TLLI=0xd0176e02, IMSI=901700000015254, TA=0, 12/12, UL DL) UL RSSI: -17 dBm 20200916182909657 DTBF tbf.cpp:647 TBF(TFI=1 TLLI=0xe7daadb8 DIR=DL STATE=WAIT RELEASE EGPRS) T3193 timeout expired, freeing TBF 20200916182909673 DTBFDL tbf_dl.cpp:438 TBF(TFI=0 TLLI=0xd0176e02 DIR=DL STATE=FLOW EGPRS) Restarting at BSN 444, because the window is stalled. 20200916182909713 DRLCMACMEAS gprs_rlcmac_meas.cpp:108 MS(TLLI=0xd0176e02, IMSI=901700000015254, TA=0, 12/12, UL DL) UL RSSI: -17 dBm 20200916182909871 DRLCMACMEAS gprs_rlcmac_meas.cpp:186 DL Bandwitdh of IMSI=901700000015254 / TLLI=0xd0176e02: 7025 KBits/s 20200916182909949 DTBFDL tbf_dl.cpp:438 TBF(TFI=0 TLLI=0xd0176e02 DIR=DL STATE=FLOW EGPRS) Restarting at BSN 508, because the window is stalled. 20200916182910111 DTBFDL tbf_dl.cpp:438 TBF(TFI=0 TLLI=0xd0176e02 DIR=DL STATE=FLOW EGPRS) Restarting at BSN 508, because the window is stalled. 20200916182910158 DRLCMACMEAS gprs_rlcmac_meas.cpp:46 MS(TLLI=0xe7daadb8, IMSI=901700000015256, TA=0, 12/12,) Rx Measurement Report: NC1 Serv -48 dbm 20200916182910309 DTBFDL tbf_dl.cpp:438 TBF(TFI=0 TLLI=0xd0176e02 DIR=DL STATE=FLOW EGPRS) Restarting at BSN 580, because the window is stalled. 20200916182910516 DRLCMACMEAS gprs_rlcmac_meas.cpp:108 MS(TLLI=0xd0176e02, IMSI=901700000015254, TA=0, 12/12, UL DL) UL RSSI: -15 dBm 20200916182910609 DTBFDL tbf_dl.cpp:438 TBF(TFI=0 TLLI=0xd0176e02 DIR=DL STATE=FLOW EGPRS) Restarting at BSN 660, because the window is stalled. 20200916182910849 DTBFDL tbf_dl.cpp:438 TBF(TFI=0 TLLI=0xd0176e02 DIR=DL STATE=FLOW EGPRS) Restarting at BSN 708, because the window is stalled. 20200916182910969 DRLCMACMEAS gprs_rlcmac_meas.cpp:186 DL Bandwitdh of IMSI=901700000015254 / TLLI=0xd0176e02: 15819 KBits/s 20200916182911150 DTBFDL tbf_dl.cpp:438 TBF(TFI=0 TLLI=0xd0176e02 DIR=DL STATE=FLOW EGPRS) Restarting at BSN 780, because the window is stalled. 20200916182911449 DTBFDL tbf_dl.cpp:438 TBF(TFI=0 TLLI=0xd0176e02 DIR=DL STATE=FLOW EGPRS) Restarting at BSN 860, because the window is stalled. 20200916182911573 DRLCMACMEAS gprs_rlcmac_meas.cpp:108 MS(TLLI=0xd0176e02, IMSI=901700000015254, TA=0, 12/12, UL DL) UL RSSI: -14 dBm 20200916182911731 DTBFDL tbf_dl.cpp:438 TBF(TFI=0 TLLI=0xd0176e02 DIR=DL STATE=FLOW EGPRS) Restarting at BSN 924, because the window is stalled. 20200916182911892 DTBFDL tbf_dl.cpp:438 TBF(TFI=0 TLLI=0xd0176e02 DIR=DL STATE=FLOW EGPRS) Restarting at BSN 924, because the window is stalled. 20200916182911971 DRLCMACMEAS gprs_rlcmac_meas.cpp:186 DL Bandwitdh of IMSI=901700000015254 / TLLI=0xd0176e02: 16733 KBits/s 20200916182912151 DTBFDL tbf_dl.cpp:438 TBF(TFI=0 TLLI=0xd0176e02 DIR=DL STATE=FLOW EGPRS) Restarting at BSN 1004, because the window is stalled. 20200916182912292 DRLCMACMEAS gprs_rlcmac_meas.cpp:108 MS(TLLI=0xd0176e02, IMSI=901700000015254, TA=0, 12/12, UL DL) UL RSSI: -15 dBm 20200916182912409 DTBFDL tbf_dl.cpp:438 TBF(TFI=0 TLLI=0xd0176e02 DIR=DL STATE=FLOW EGPRS) Restarting at BSN 1068, because the window is stalled. 20200916182912594 DRLCMACMEAS gprs_rlcmac_meas.cpp:108 MS(TLLI=0xe7daadb8, IMSI=000, TA=0, 12/12, UL DL) UL RSSI: -11 dBm 20200916182912672 DTBFDL tbf_dl.cpp:438 TBF(TFI=0 TLLI=0xd0176e02 DIR=DL STATE=FLOW EGPRS) Restarting at BSN 1132, because the window is stalled. 20200916182912972 DRLCMACMEAS gprs_rlcmac_meas.cpp:186 DL Bandwitdh of IMSI=901700000015254 / TLLI=0xd0176e02: 19606 KBits/s 20200916182912991 DTBFDL tbf_dl.cpp:438 TBF(TFI=0 TLLI=0xd0176e02 DIR=DL STATE=FLOW EGPRS) Restarting at BSN 1210, because the window is stalled. 20200916182913036 DRLCMACMEAS gprs_rlcmac_meas.cpp:46 MS(TLLI=0xd0176e02, IMSI=901700000015254, TA=0, 12/12, UL DL) Rx Measurement Report: NC1 Serv -51 dbm 20200916182913134 DRLCMACMEAS gprs_rlcmac_meas.cpp:108 MS(TLLI=0xe7daadb8, IMSI=000, TA=0, 12/12, UL DL) UL RSSI: -11 dBm 20200916182913215 DRLCMACMEAS gprs_rlcmac_meas.cpp:108 MS(TLLI=0xd0176e02, IMSI=901700000015254, TA=0, 12/12, UL DL) UL RSSI: -15 dBm 20200916182913249 DTBFDL tbf_dl.cpp:438 TBF(TFI=0 TLLI=0xd0176e02 DIR=DL STATE=FLOW EGPRS) Restarting at BSN 1274, because the window is stalled. 20200916182913411 DTBFDL tbf_dl.cpp:438 TBF(TFI=0 TLLI=0xd0176e02 DIR=DL STATE=FLOW EGPRS) Restarting at BSN 1274, because the window is stalled. 20200916182913453 DRLCMACMEAS gprs_rlcmac_meas.cpp:186 DL Bandwitdh of IMSI=000 / TLLI=0xe7daadb8: 231 KBits/s 20200916182913572 DTBFDL tbf_dl.cpp:438 TBF(TFI=0 TLLI=0xd0176e02 DIR=DL STATE=FLOW EGPRS) Restarting at BSN 1274, because the window is stalled. 20200916182913596 DTBF tbf.cpp:806 TBF(TFI=0 TLLI=0xd0176e02 DIR=DL STATE=FLOW EGPRS) poll timeout for FN=1155778, TS=3 (curr FN 1155843) 20200916182913596 DTBF tbf.cpp:877 TBF(TFI=0 TLLI=0xd0176e02 DIR=DL STATE=FLOW EGPRS) Timeout for polling PACKET DOWNLINK ACK. 20200916182913596 DTBF tbf.cpp:1177 TBF(TFI=0 TLLI=0xd0176e02 DIR=DL STATE=FLOW EGPRS) Assignment was on PACCH 20200916182913596 DTBF tbf.cpp:1183 TBF(TFI=0 TLLI=0xd0176e02 DIR=DL STATE=FLOW EGPRS) Downlink ACK was received 20200916182913698 DRLCMACMEAS gprs_rlcmac_meas.cpp:108 MS(TLLI=0xe7daadb8, IMSI=000, TA=0, 12/12, UL DL) UL RSSI: -11 dBm 20200916182913729 DTBFDL tbf_dl.cpp:438 TBF(TFI=0 TLLI=0xd0176e02 DIR=DL STATE=FLOW EGPRS) Restarting at BSN 1274, because the window is stalled. 20200916182913891 DTBFDL tbf_dl.cpp:438 TBF(TFI=0 TLLI=0xd0176e02 DIR=DL STATE=FLOW EGPRS) Restarting at BSN 1274, because the window is stalled. 20200916182913974 DTBF tbf.cpp:806 TBF(TFI=0 TLLI=0xd0176e02 DIR=DL STATE=FLOW EGPRS) poll timeout for FN=1155864, TS=3 (curr FN 1155925) 20200916182913974 DTBF tbf.cpp:877 TBF(TFI=0 TLLI=0xd0176e02 DIR=DL STATE=FLOW EGPRS) Timeout for polling PACKET DOWNLINK ACK. 20200916182913974 DTBF tbf.cpp:1177 TBF(TFI=0 TLLI=0xd0176e02 DIR=DL STATE=FLOW EGPRS) Assignment was on PACCH 20200916182913974 DTBF tbf.cpp:1183 TBF(TFI=0 TLLI=0xd0176e02 DIR=DL STATE=FLOW EGPRS) Downlink ACK was received 20200916182914052 DTBFDL tbf_dl.cpp:438 TBF(TFI=0 TLLI=0xd0176e02 DIR=DL STATE=FLOW EGPRS) Restarting at BSN 1274, because the window is stalled. 20200916182914137 DBSSGP gprs_bssgp_bss.c:64 BSSGP (BVCI=0) Tx SUSPEND (TLLI=0xd0176e02) 20200916182914209 DTBFDL tbf_dl.cpp:438 TBF(TFI=0 TLLI=0xd0176e02 DIR=DL STATE=FLOW EGPRS) Restarting at BSN 1274, because the window is stalled. 20200916182914371 DTBFDL tbf_dl.cpp:438 TBF(TFI=0 TLLI=0xd0176e02 DIR=DL STATE=FLOW EGPRS) Restarting at BSN 1274, because the window is stalled. 20200916182914375 DTBF tbf.cpp:806 TBF(TFI=0 TLLI=0xd0176e02 DIR=DL STATE=FLOW EGPRS) poll timeout for FN=1155947, TS=3 (curr FN 1156012) 20200916182914375 DTBF tbf.cpp:877 TBF(TFI=0 TLLI=0xd0176e02 DIR=DL STATE=FLOW EGPRS) Timeout for polling PACKET DOWNLINK ACK. 20200916182914375 DTBF tbf.cpp:1177 TBF(TFI=0 TLLI=0xd0176e02 DIR=DL STATE=FLOW EGPRS) Assignment was on PACCH 20200916182914375 DTBF tbf.cpp:1183 TBF(TFI=0 TLLI=0xd0176e02 DIR=DL STATE=FLOW EGPRS) Downlink ACK was received 20200916182914533 DTBFDL tbf_dl.cpp:438 TBF(TFI=0 TLLI=0xd0176e02 DIR=DL STATE=FLOW EGPRS) Restarting at BSN 1274, because the window is stalled. 20200916182914592 DRLCMACMEAS gprs_rlcmac_meas.cpp:186 DL Bandwitdh of IMSI=000 / TLLI=0xe7daadb8: 254 KBits/s 20200916182914689 DTBFDL tbf_dl.cpp:438 TBF(TFI=0 TLLI=0xd0176e02 DIR=DL STATE=FLOW EGPRS) Restarting at BSN 1274, because the window is stalled. 20200916182914719 DRLCMAC pdch.cpp:480 EGPRS PACKET DOWNLINK ACK with unknown FN=1156077 TFI=1 (TRX 0 TS 6) 20200916182914754 DTBF tbf.cpp:806 TBF(TFI=0 TLLI=0xd0176e02 DIR=DL STATE=FLOW EGPRS) poll timeout for FN=1156033, TS=3 (curr FN 1156094) 20200916182914754 DTBF tbf.cpp:877 TBF(TFI=0 TLLI=0xd0176e02 DIR=DL STATE=FLOW EGPRS) Timeout for polling PACKET DOWNLINK ACK. 20200916182914754 DTBF tbf.cpp:1177 TBF(TFI=0 TLLI=0xd0176e02 DIR=DL STATE=FLOW EGPRS) Assignment was on PACCH 20200916182914754 DTBF tbf.cpp:1183 TBF(TFI=0 TLLI=0xd0176e02 DIR=DL STATE=FLOW EGPRS) Downlink ACK was received 20200916182914851 DTBFDL tbf_dl.cpp:438 TBF(TFI=0 TLLI=0xd0176e02 DIR=DL STATE=FLOW EGPRS) Restarting at BSN 1274, because the window is stalled. 20200916182915012 DTBFDL tbf_dl.cpp:438 TBF(TFI=0 TLLI=0xd0176e02 DIR=DL STATE=FLOW EGPRS) Restarting at BSN 1274, because the window is stalled. 20200916182915156 DTBF tbf.cpp:806 TBF(TFI=0 TLLI=0xd0176e02 DIR=DL STATE=FLOW EGPRS) poll timeout for FN=1156116, TS=3 (curr FN 1156181) 20200916182915156 DTBF tbf.cpp:877 TBF(TFI=0 TLLI=0xd0176e02 DIR=DL STATE=FLOW EGPRS) Timeout for polling PACKET DOWNLINK ACK. 20200916182915156 DTBF tbf.cpp:1177 TBF(TFI=0 TLLI=0xd0176e02 DIR=DL STATE=FLOW EGPRS) Assignment was on PACCH 20200916182915156 DTBF tbf.cpp:1183 TBF(TFI=0 TLLI=0xd0176e02 DIR=DL STATE=FLOW EGPRS) Downlink ACK was received 20200916182915169 DTBFDL tbf_dl.cpp:438 TBF(TFI=0 TLLI=0xd0176e02 DIR=DL STATE=FLOW EGPRS) Restarting at BSN 1274, because the window is stalled. 20200916182915331 DTBFDL tbf_dl.cpp:438 TBF(TFI=0 TLLI=0xd0176e02 DIR=DL STATE=FLOW EGPRS) Restarting at BSN 1274, because the window is stalled. 20200916182915492 DTBFDL tbf_dl.cpp:438 TBF(TFI=0 TLLI=0xd0176e02 DIR=DL STATE=FLOW EGPRS) Restarting at BSN 1274, because the window is stalled. 20200916182915535 DTBF tbf.cpp:806 TBF(TFI=0 TLLI=0xd0176e02 DIR=DL STATE=FLOW EGPRS) poll timeout for FN=1156202, TS=3 (curr FN 1156263) 20200916182915535 DTBF tbf.cpp:877 TBF(TFI=0 TLLI=0xd0176e02 DIR=DL STATE=FLOW EGPRS) Timeout for polling PACKET DOWNLINK ACK. 20200916182915535 DTBF tbf.cpp:1177 TBF(TFI=0 TLLI=0xd0176e02 DIR=DL STATE=FLOW EGPRS) Assignment was on PACCH 20200916182915535 DTBF tbf.cpp:1183 TBF(TFI=0 TLLI=0xd0176e02 DIR=DL STATE=FLOW EGPRS) Downlink ACK was received 20200916182915650 DTBFDL tbf_dl.cpp:438 TBF(TFI=0 TLLI=0xd0176e02 DIR=DL STATE=FLOW EGPRS) Restarting at BSN 1274, because the window is stalled. 20200916182915811 DTBFDL tbf_dl.cpp:438 TBF(TFI=0 TLLI=0xd0176e02 DIR=DL STATE=FLOW EGPRS) Restarting at BSN 1274, because the window is stalled. 20200916182915936 DTBF tbf.cpp:806 TBF(TFI=0 TLLI=0xd0176e02 DIR=DL STATE=FLOW EGPRS) poll timeout for FN=1156285, TS=3 (curr FN 1156350) 20200916182915936 DTBF tbf.cpp:877 TBF(TFI=0 TLLI=0xd0176e02 DIR=DL STATE=FLOW EGPRS) Timeout for polling PACKET DOWNLINK ACK. 20200916182915936 DTBF tbf.cpp:1177 TBF(TFI=0 TLLI=0xd0176e02 DIR=DL STATE=FLOW EGPRS) Assignment was on PACCH 20200916182915936 DTBF tbf.cpp:1183 TBF(TFI=0 TLLI=0xd0176e02 DIR=DL STATE=FLOW EGPRS) Downlink ACK was received 20200916182915973 DTBFDL tbf_dl.cpp:438 TBF(TFI=0 TLLI=0xd0176e02 DIR=DL STATE=FLOW EGPRS) Restarting at BSN 1274, because the window is stalled. 20200916182916152 DTBFDL tbf_dl.cpp:438 TBF(TFI=0 TLLI=0xd0176e02 DIR=DL STATE=FLOW EGPRS) Restarting at BSN 1274, because the window is stalled. 20200916182916309 DTBFDL tbf_dl.cpp:438 TBF(TFI=0 TLLI=0xd0176e02 DIR=DL STATE=FLOW EGPRS) Restarting at BSN 1274, because the window is stalled. 20200916182916315 DTBF tbf.cpp:806 TBF(TFI=0 TLLI=0xd0176e02 DIR=DL STATE=FLOW EGPRS) poll timeout for FN=1156371, TS=3 (curr FN 1156432) 20200916182916315 DTBF tbf.cpp:877 TBF(TFI=0 TLLI=0xd0176e02 DIR=DL STATE=FLOW EGPRS) Timeout for polling PACKET DOWNLINK ACK. 20200916182916315 DTBF tbf.cpp:1177 TBF(TFI=0 TLLI=0xd0176e02 DIR=DL STATE=FLOW EGPRS) Assignment was on PACCH 20200916182916315 DTBF tbf.cpp:1183 TBF(TFI=0 TLLI=0xd0176e02 DIR=DL STATE=FLOW EGPRS) Downlink ACK was received 20200916182916315 DTBF tbf.cpp:598 TBF(TFI=0 TLLI=0xd0176e02 DIR=DL STATE=FLOW EGPRS) N3105 exceeded MAX (8) 20200916182920155 DRLCMACMEAS gprs_rlcmac_meas.cpp:46 MS(TLLI=0xe7daadb8, IMSI=000, TA=0, 12/12,) Rx Measurement Report: NC1 Serv -47 dbm 20200916182920777 DRLCMAC pdch.cpp:480 EGPRS PACKET DOWNLINK ACK with unknown FN=1156077 TFI=1 (TRX 0 TS 6) 20200916182921315 DTBF tbf.cpp:647 TBF(TFI=0 TLLI=0xd0176e02 DIR=DL STATE=RELEASING EGPRS) T3195 timeout expired, freeing TBF 20200916182921315 DTBF tbf.cpp:1177 TBF(TFI=0 TLLI=0xd0176e02 DIR=DL STATE=RELEASING EGPRS) Assignment was on PACCH 20200916182921316 DTBF tbf.cpp:1183 TBF(TFI=0 TLLI=0xd0176e02 DIR=DL STATE=RELEASING EGPRS) Downlink ACK was received 20200916182921434 DBSSGP gprs_bssgp_bss.c:64 BSSGP (BVCI=0) Tx SUSPEND (TLLI=0xe7daadb8) Assert failed pdch != NULL /git/osmo-pcu/src/encoding.cpp:562 backtrace() returned 21 addresses /build/new/out/lib/libosmocore.so.16(+0x146c2e) [0x7ffff6a01c2e] /build/new/out/lib/libosmocore.so.16(osmo_generate_backtrace+0x18) [0x7ffff6a01ffd] /build/new/out/lib/libosmocore.so.16(+0x1469b8) [0x7ffff6a019b8] /build/new/out/lib/libosmocore.so.16(osmo_panic+0x13c) [0x7ffff6a01afe] /build/new/out/bin/osmo-pcu(+0x29eda5) [0x5555557f2da5] /build/new/out/bin/osmo-pcu(_ZN8Encoding30write_packet_uplink_assignmentEP16RlcMacDownlink_thhjhPK18gprs_rlcmac_ul_tbfhhhhab+0x1428) [0x5555557f4d04] /build/new/out/bin/osmo-pcu(_ZN15gprs_rlcmac_tbf13create_ul_assEjh+0xa54) [0x5555557ac19c] /build/new/out/bin/osmo-pcu(+0x2d3153) [0x555555827153] /build/new/out/bin/osmo-pcu(_Z25gprs_rlcmac_rcv_rts_blockP15gprs_rlcmac_btshhjh+0x832) [0x555555829267] /build/new/out/bin/osmo-pcu(pcu_rx_rts_req_pdtch+0x5d) [0x55555577bd63] /build/new/out/bin/osmo-pcu(+0x228756) [0x55555577c756] /build/new/out/bin/osmo-pcu(_Z6pcu_rxhP10gsm_pcu_if+0x176) [0x555555785b86] /build/new/out/bin/osmo-pcu(+0x2c537f) [0x55555581937f] /build/new/out/bin/osmo-pcu(+0x2c5a6c) [0x555555819a6c] /build/new/out/lib/libosmocore.so.16(osmo_fd_disp_fds+0xdb2) [0x7ffff69b901a] /build/new/out/lib/libosmocore.so.16(+0xfe654) [0x7ffff69b9654] /build/new/out/lib/libosmocore.so.16(osmo_select_main+0x16) [0x7ffff69b9741] /build/new/out/bin/osmo-pcu(main+0x2bb6) [0x555555748196] /usr/lib/libc.so.6(__libc_start_main+0xf2) [0x7ffff5a31152] /build/new/out/bin/osmo-pcu(_start+0x2e) [0x555555744d7e] Program received signal SIGABRT, Aborted. 0x00007ffff5a46615 in raise () from /usr/lib/libc.so.6 (gdb) bt #0 0x00007ffff5a46615 in raise () from /usr/lib/libc.so.6 #1 0x00007ffff5a2f862 in abort () from /usr/lib/libc.so.6 #2 0x00007ffff6a019c2 in osmo_panic_default ( fmt=0x5555558a3940 "Assert failed %s %s:%d\n", args=0x7fffffffd340) at /git/libosmocore/src/panic.c:49 #3 0x00007ffff6a01afe in osmo_panic ( fmt=0x5555558a3940 "Assert failed %s %s:%d\n") at /git/libosmocore/src/panic.c:84 #4 0x00005555557f2da5 in gen_freq_params (freq_params=0x6340005408cc, tbf=0x7ffff1ee9860) at /git/osmo-pcu/src/encoding.cpp:562 #5 0x00005555557f4d04 in Encoding::write_packet_uplink_assignment ( block=0x634000540860, old_tfi=1 '\001', old_downlink=0 '\000', tlli=3491196418, use_tlli=1 '\001', tbf=0x7ffff1ee9860, poll=1 '\001', rrbp=0 '\000', alpha=0 '\000', gamma=0 '\000', ta_idx=-1 '\377', use_egprs=true) at /git/osmo-pcu/src/encoding.cpp:678 #6 0x00005555557ac19c in gprs_rlcmac_tbf::create_ul_ass (this=0x7ffff1ee9860, fn=1164080, ts=7 '\a') at /git/osmo-pcu/src/tbf.cpp:1372 #7 0x0000555555827153 in sched_select_ctrl_msg (trx=0 '\000', ts=7 '\a', fn=1164080, block_nr=2 '\002', pdch=0x555555b11800 <s_bts+4320>, ul_ass_tbf=0x7ffff1ee9860, dl_ass_tbf=0x0, ul_ack_tbf=0x0) --Type <RET> for more, q to quit, c to continue without paging-- at /git/osmo-pcu/src/gprs_rlcmac_sched.cpp:215 #8 0x0000555555829267 in gprs_rlcmac_rcv_rts_block ( bts=0x555555b10728 <s_bts+8>, trx=0 '\000', ts=7 '\a', fn=1164080, block_nr=2 '\002') at /git/osmo-pcu/src/gprs_rlcmac_sched.cpp:427 #9 0x000055555577bd63 in pcu_rx_rts_req_pdtch (trx=0 '\000', ts=7 '\a', fn=1164080, block_nr=2 '\002') at /git/osmo-pcu/src/pcu_l1_if.cpp:386 #10 0x000055555577c756 in pcu_rx_rts_req (rts_req=0x7fffffffdaf4) at /git/osmo-pcu/src/pcu_l1_if.cpp:420 #11 0x0000555555785b86 in pcu_rx (msg_type=16 '\020', pcu_prim=0x7fffffffdaf0) at /git/osmo-pcu/src/pcu_l1_if.cpp:765 #12 0x000055555581937f in pcu_sock_read (bfd=0x555555b1a3e0 <pcu_sock_state>) at /git/osmo-pcu/src/osmobts_sock.cpp:141 #13 0x0000555555819a6c in pcu_sock_cb (bfd=0x555555b1a3e0 <pcu_sock_state>, flags=1) at /git/osmo-pcu/src/osmobts_sock.cpp:196 #14 0x00007ffff69b901a in osmo_fd_disp_fds (_rset=0x7fffffffddc0, _wset=0x7fffffffde60, _eset=0x7fffffffdf00) at /git/libosmocore/src/select.c:227 #15 0x00007ffff69b9654 in _osmo_select_main (polling=0) at /git/libosmocore/src/select.c:265 #16 0x00007ffff69b9741 in osmo_select_main (polling=0) at /git/libosmocore/src/select.c:274 --Type <RET> for more, q to quit, c to continue without paging-- #17 0x0000555555748196 in main (argc=7, argv=0x7fffffffe1f8) at /git/osmo-pcu/src/pcu_main.cpp:357
The assert failing:
/* Prepare to be encoded Frequency Parameters IE (see Table 12.8.1) */ static void gen_freq_params(Frequency_Parameters_t *freq_params, const struct gprs_rlcmac_tbf *tbf) { const struct gprs_rlcmac_pdch *pdch; Direct_encoding_1_t fh_params; /* Check one PDCH, if it's hopping then all other should too */ pdch = tbf->pdch[tbf->first_ts]; OSMO_ASSERT(pdch != NULL);
It happened a few seconds after stopping osmo-bts-trx with gdb.
(gdb) print tbf->first_ts $2 = 2 '\002' (gdb) print tbf->pdch $3 = {0x0, 0x0, 0x0, 0x555555b10ea0 <s_bts+1920>, 0x0, 0x0, 0x0, 0x0}
Updated by pespin over 3 years ago
Happened again, during a call, probably because the PDCH TS where the MS was laying was deleted (because I have all TS set as dynamic TCH_H/TCH_F/PDCH).
20200916184620436 DRLCMACMEAS gprs_rlcmac_meas.cpp:46 MS(TLLI=0xe37fcdf2, IMSI=901700000015256, TA=0, 12/12,) Rx Measurement Report: NC1 Serv -50 dbm 20200916184620598 DRLCMACMEAS gprs_rlcmac_meas.cpp:46 MS(TLLI=0xd90756fa, IMSI=901700000015254, TA=0, 12/12,) Rx Measurement Report: NC1 Serv -49 dbm 20200916184621657 DRLCMACMEAS gprs_rlcmac_meas.cpp:108 MS(TLLI=0xe37fcdf2, IMSI=901700000015256, TA=0, 12/12, UL) UL RSSI: -12 dBm 20200916184625518 DRLCMACMEAS gprs_rlcmac_meas.cpp:46 MS(TLLI=0xe37fcdf2, IMSI=901700000015256, TA=0, 12/12,) Rx Measurement Report: NC1 Serv -50 dbm 20200916184629354 DBSSGP gprs_bssgp_bss.c:64 BSSGP (BVCI=0) Tx SUSPEND (TLLI=0xd90756fa) 20200916184631961 DBSSGP gprs_bssgp_bss.c:64 BSSGP (BVCI=0) Tx SUSPEND (TLLI=0xe37fcdf2) 20200916184638476 DTBF tbf.cpp:806 TBF(TFI=0 TLLI=0xd90756fa DIR=DL STATE=ASSIGN EGPRS) poll timeout for FN=549952, TS=2 (curr FN 550017) 20200916184638476 DTBF tbf.cpp:856 TBF(TFI=0 TLLI=0xd90756fa DIR=DL STATE=ASSIGN EGPRS) Timeout for polling PACKET CONTROL ACK for PACKET DOWNLINK ASSIGNMENT. 20200916184638476 DTBF tbf.cpp:1177 TBF(TFI=0 TLLI=0xd90756fa DIR=DL STATE=ASSIGN EGPRS) Assignment was on PACCH 20200916184638476 DTBF tbf.cpp:1185 TBF(TFI=0 TLLI=0xd90756fa DIR=DL STATE=ASSIGN EGPRS) No downlink ACK received yet 20200916184638854 DTBF tbf.cpp:806 TBF(TFI=0 TLLI=0xd90756fa DIR=DL STATE=ASSIGN EGPRS) poll timeout for FN=550038, TS=2 (curr FN 550099) 20200916184639256 DTBF tbf.cpp:806 TBF(TFI=0 TLLI=0xd90756fa DIR=DL STATE=ASSIGN EGPRS) poll timeout for FN=550121, TS=2 (curr FN 550186) 20200916184639634 DTBF tbf.cpp:806 TBF(TFI=0 TLLI=0xd90756fa DIR=DL STATE=ASSIGN EGPRS) poll timeout for FN=550207, TS=2 (curr FN 550268) 20200916184640036 DTBF tbf.cpp:806 TBF(TFI=0 TLLI=0xd90756fa DIR=DL STATE=ASSIGN EGPRS) poll timeout for FN=550290, TS=2 (curr FN 550355) 20200916184640085 DTBF tbf.cpp:1136 TBF(TFI=0 TLLI=0xd90756fa DIR=DL STATE=ASSIGN EGPRS) releasing due to PACCH assignment timeout. 20200916184640085 DTBF tbf.h:516 TBF(TFI=0 TLLI=0xd90756fa DIR=DL STATE=RELEASING EGPRS) FIXME: Software error: Pending downlink assignment in state GPRS_RLCMAC_DL_ASS_WAIT_ACK. This may not happen, because the assignment message never gets transmitted. Please be sure not to free in this state. PLEASE FIX! 20200916184643396 DTBF tbf.cpp:806 TBF(TFI=0 TLLI=0xe37fcdf2 DIR=DL STATE=ASSIGN EGPRS) poll timeout for FN=551022, TS=2 (curr FN 551083) 20200916184643396 DTBF tbf.cpp:856 TBF(TFI=0 TLLI=0xe37fcdf2 DIR=DL STATE=ASSIGN EGPRS) Timeout for polling PACKET CONTROL ACK for PACKET DOWNLINK ASSIGNMENT. 20200916184643396 DTBF tbf.cpp:1177 TBF(TFI=0 TLLI=0xe37fcdf2 DIR=DL STATE=ASSIGN EGPRS) Assignment was on PACCH 20200916184643396 DTBF tbf.cpp:1185 TBF(TFI=0 TLLI=0xe37fcdf2 DIR=DL STATE=ASSIGN EGPRS) No downlink ACK received yet 20200916184643775 DTBF tbf.cpp:806 TBF(TFI=0 TLLI=0xe37fcdf2 DIR=DL STATE=ASSIGN EGPRS) poll timeout for FN=551104, TS=2 (curr FN 551165) 20200916184644176 DTBF tbf.cpp:806 TBF(TFI=0 TLLI=0xe37fcdf2 DIR=DL STATE=ASSIGN EGPRS) poll timeout for FN=551187, TS=2 (curr FN 551252) 20200916184644556 DTBF tbf.cpp:806 TBF(TFI=0 TLLI=0xe37fcdf2 DIR=DL STATE=ASSIGN EGPRS) poll timeout for FN=551273, TS=2 (curr FN 551334) 20200916184644956 DTBF tbf.cpp:806 TBF(TFI=0 TLLI=0xe37fcdf2 DIR=DL STATE=ASSIGN EGPRS) poll timeout for FN=551356, TS=2 (curr FN 551421) 20200916184645029 DTBF tbf.cpp:1136 TBF(TFI=0 TLLI=0xe37fcdf2 DIR=DL STATE=ASSIGN EGPRS) releasing due to PACCH assignment timeout. 20200916184645029 DTBF tbf.h:516 TBF(TFI=0 TLLI=0xe37fcdf2 DIR=DL STATE=RELEASING EGPRS) FIXME: Software error: Pending downlink assignment in state GPRS_RLCMAC_DL_ASS_WAIT_ACK. This may not happen, because the assignment message never gets transmitted. Please be sure not to free in this state. PLEASE FIX! Assert failed pdch != NULL /git/osmo-pcu/src/encoding.cpp:562 backtrace() returned 21 addresses /build/new/out/lib/libosmocore.so.16(+0x146c2e) [0x7ffff6a01c2e] /build/new/out/lib/libosmocore.so.16(osmo_generate_backtrace+0x18) [0x7ffff6a01ffd] /build/new/out/lib/libosmocore.so.16(+0x1469b8) [0x7ffff6a019b8] /build/new/out/lib/libosmocore.so.16(osmo_panic+0x13c) [0x7ffff6a01afe] /build/new/out/bin/osmo-pcu(+0x29eda5) [0x5555557f2da5] /build/new/out/bin/osmo-pcu(_ZN8Encoding30write_packet_uplink_assignmentEP16RlcMacDownlink_thhjhPK18gprs_rlcmac_ul_tbfhhhhab+0x1428) [0x5555557f4d04] /build/new/out/bin/osmo-pcu(_ZN15gprs_rlcmac_tbf13create_ul_assEjh+0xa54) [0x5555557ac19c] /build/new/out/bin/osmo-pcu(+0x2d3153) [0x555555827153] /build/new/out/bin/osmo-pcu(_Z25gprs_rlcmac_rcv_rts_blockP15gprs_rlcmac_btshhjh+0x832) [0x555555829267] /build/new/out/bin/osmo-pcu(pcu_rx_rts_req_pdtch+0x5d) [0x55555577bd63] /build/new/out/bin/osmo-pcu(+0x228756) [0x55555577c756] /build/new/out/bin/osmo-pcu(_Z6pcu_rxhP10gsm_pcu_if+0x176) [0x555555785b86] /build/new/out/bin/osmo-pcu(+0x2c537f) [0x55555581937f] /build/new/out/bin/osmo-pcu(+0x2c5a6c) [0x555555819a6c] /build/new/out/lib/libosmocore.so.16(osmo_fd_disp_fds+0xdb2) [0x7ffff69b901a] /build/new/out/lib/libosmocore.so.16(+0xfe654) [0x7ffff69b9654] /build/new/out/lib/libosmocore.so.16(osmo_select_main+0x16) [0x7ffff69b9741] /build/new/out/bin/osmo-pcu(main+0x2bb6) [0x555555748196] /usr/lib/libc.so.6(__libc_start_main+0xf2) [0x7ffff5a31152] /build/new/out/bin/osmo-pcu(_start+0x2e) [0x555555744d7e] Program received signal SIGABRT, Aborted. 0x00007ffff5a46615 in raise () from /usr/lib/libc.so.6 (gdb) bt #0 0x00007ffff5a46615 in raise () from /usr/lib/libc.so.6 #1 0x00007ffff5a2f862 in abort () from /usr/lib/libc.so.6 #2 0x00007ffff6a019c2 in osmo_panic_default ( fmt=0x5555558a3940 "Assert failed %s %s:%d\n", args=0x7fffffffd340) at /git/libosmocore/src/panic.c:49 #3 0x00007ffff6a01afe in osmo_panic ( fmt=0x5555558a3940 "Assert failed %s %s:%d\n") at /git/libosmocore/src/panic.c:84 #4 0x00005555557f2da5 in gen_freq_params (freq_params=0x6340003608cc, tbf=0x7ffff21bb860) at /git/osmo-pcu/src/encoding.cpp:562 #5 0x00005555557f4d04 in Encoding::write_packet_uplink_assignment ( block=0x634000360860, old_tfi=1 '\001', old_downlink=0 '\000', tlli=3641136890, use_tlli=1 '\001', tbf=0x7ffff21bb860, poll=1 '\001', rrbp=0 '\000', alpha=0 '\000', gamma=0 '\000', ta_idx=-1 '\377', use_egprs=true) at /git/osmo-pcu/src/encoding.cpp:678 #6 0x00005555557ac19c in gprs_rlcmac_tbf::create_ul_ass (this=0x7ffff21bb860, fn=561734, ts=7 '\a') at /git/osmo-pcu/src/tbf.cpp:1372 #7 0x0000555555827153 in sched_select_ctrl_msg (trx=0 '\000', ts=7 '\a', fn=561734, block_nr=7 '\a', pdch=0x555555b11800 <s_bts+4320>, ul_ass_tbf=0x7ffff21bb860, dl_ass_tbf=0x0, ul_ack_tbf=0x0) --Type <RET> for more, q to quit, c to continue without paging-- at /git/osmo-pcu/src/gprs_rlcmac_sched.cpp:215 #8 0x0000555555829267 in gprs_rlcmac_rcv_rts_block ( bts=0x555555b10728 <s_bts+8>, trx=0 '\000', ts=7 '\a', fn=561734, block_nr=7 '\a') at /git/osmo-pcu/src/gprs_rlcmac_sched.cpp:427 #9 0x000055555577bd63 in pcu_rx_rts_req_pdtch (trx=0 '\000', ts=7 '\a', fn=561734, block_nr=7 '\a') at /git/osmo-pcu/src/pcu_l1_if.cpp:386 #10 0x000055555577c756 in pcu_rx_rts_req (rts_req=0x7fffffffdaf4) at /git/osmo-pcu/src/pcu_l1_if.cpp:420 #11 0x0000555555785b86 in pcu_rx (msg_type=16 '\020', pcu_prim=0x7fffffffdaf0) at /git/osmo-pcu/src/pcu_l1_if.cpp:765 #12 0x000055555581937f in pcu_sock_read (bfd=0x555555b1a3e0 <pcu_sock_state>) at /git/osmo-pcu/src/osmobts_sock.cpp:141 #13 0x0000555555819a6c in pcu_sock_cb (bfd=0x555555b1a3e0 <pcu_sock_state>, flags=1) at /git/osmo-pcu/src/osmobts_sock.cpp:196 #14 0x00007ffff69b901a in osmo_fd_disp_fds (_rset=0x7fffffffddc0, _wset=0x7fffffffde60, _eset=0x7fffffffdf00) at /git/libosmocore/src/select.c:227 #15 0x00007ffff69b9654 in _osmo_select_main (polling=0) at /git/libosmocore/src/select.c:265 #16 0x00007ffff69b9741 in osmo_select_main (polling=0) at /git/libosmocore/src/select.c:274 --Type <RET> for more, q to quit, c to continue without paging-- #17 0x0000555555748196 in main (argc=7, argv=0x7fffffffe1f8) at /git/osmo-pcu/src/pcu_main.cpp:357
Updated by pespin over 3 years ago
I confirm I can reproduce this by placing a call between 2 MS whenever all timeslots are set to TCH/F_TCH/H_PDCH.
1- MS are GPRS attached to the network, probably doing data transfers
2- call MO_MT between them
3- Take the call, leave it for a few seconds and hang the call
4- pcu crashes.
Updated by fixeria over 3 years ago
- Status changed from New to In Progress
- Priority changed from Normal to High
Updated by fixeria over 3 years ago
This is very interesting, because we used to dereference that pointer without any checks before my hopping patches:
void Encoding::write_packet_uplink_assignment(...)
{
// ...
/* Frequency Parameters IE */
fp->TSC = tbf->tsc(); // Training Sequence Code (TSC)
fp->UnionType = 0x00; // Single ARFCN
fp->u.ARFCN = tbf->trx->arfcn;
}
here is the definition of tbf->tsc():
uint8_t gprs_rlcmac_tbf::tsc() const
{
return trx->pdch[first_ts].tsc;
}
so I am pretty sure we had this bug, but never noticed it?
Updated by fixeria over 3 years ago
so I am pretty sure we had this bug, but never noticed it?
I'll try to implement a TTCN-3 test case, so we can see if the problem does exist in the 'latest'.
Updated by fixeria over 3 years ago
- Status changed from In Progress to Feedback
- Assignee changed from fixeria to pespin
Unfortunately, I was not able to reproduce the problem, neither in GPRS nor in EGPRS mode.
Updated by pespin over 3 years ago
I have been looking at this for a while and there's definetly a bug with TS allocation producing a later crash, but I'm still unsure at what's exactly the issue.
So as a reminder, I have TS=CCCH+SDCCH4, TS1..5=TCH/F_TCH/H_PDCH, TS6..7=PDCH. I also have "channel allocator descending", which means TS 4 and 5 are switched to TCH to handle the call, which means they get deactivated in PCU. That's working fine. I also added a VTY command to verify during the call the TS are marked as disabled in PCU.
20200922184508812 DL1IF pcu_l1_if.cpp:523 BTS available 20200922184508813 DL1IF pcu_l1_if.cpp:679 PDCH (trx=0, ts=1): tsc=7, hopping=no 20200922184508813 DL1IF pcu_l1_if.cpp:679 PDCH (trx=0, ts=2): tsc=7, hopping=no 20200922184508813 DL1IF pcu_l1_if.cpp:679 PDCH (trx=0, ts=3): tsc=7, hopping=no 20200922184508813 DL1IF pcu_l1_if.cpp:679 PDCH (trx=0, ts=4): tsc=7, hopping=no 20200922184508813 DL1IF pcu_l1_if.cpp:151 Sending deactivate request: trx=0 ts=5 20200922184508813 DL1IF pcu_l1_if.cpp:679 PDCH (trx=0, ts=6): tsc=7, hopping=no 20200922184508813 DL1IF pcu_l1_if.cpp:679 PDCH (trx=0, ts=7): tsc=7, hopping=no 20200922184511181 DL1IF pcu_l1_if.cpp:744 GPRS Suspend request received: TLLI=0xc35fc59c RAI=234-70-5-0 20200922184511181 DBSSGP gprs_bssgp_bss.c:64 BSSGP (BVCI=0) Tx SUSPEND (TLLI=0xc35fc59c) 20200922184511656 DL1IF pcu_l1_if.cpp:523 BTS available 20200922184511656 DL1IF pcu_l1_if.cpp:679 PDCH (trx=0, ts=1): tsc=7, hopping=no 20200922184511656 DL1IF pcu_l1_if.cpp:679 PDCH (trx=0, ts=2): tsc=7, hopping=no 20200922184511656 DL1IF pcu_l1_if.cpp:679 PDCH (trx=0, ts=3): tsc=7, hopping=no 20200922184511656 DL1IF pcu_l1_if.cpp:151 Sending deactivate request: trx=0 ts=4 20200922184511656 DL1IF pcu_l1_if.cpp:679 PDCH (trx=0, ts=6): tsc=7, hopping=no 20200922184511656 DL1IF pcu_l1_if.cpp:679 PDCH (trx=0, ts=7): tsc=7, hopping=no
Now, I added some more debugging during chan allocation:
20200922184517883 DTBF tbf.cpp:997 Allocating UL TBF: MS_CLASS=12/12 20200922184517883 DTBF tbf.cpp:1009 TBF(TFI=0 TLLI=0x00000000 DIR=UL STATE=NULL EGPRS) Enabled EGPRS, mode EGPRS 20200922184517883 DRLCMAC gprs_rlcmac_ts_alloc.cpp:895 [UL] algo B <multi> (suggested TRX: 0): reserved slots: ul=0x0c dl=0x0e, first_comon_ts=ffffffff 20200922184517883 DRLCMAC gprs_rlcmac_ts_alloc.cpp:904 [UL] algo B <multi> (suggested TRX: 0): first_ts=2 20200922184517883 DRLCMAC gprs_rlcmac_ts_alloc.cpp:929 [UL] algo B <multi> (suggested TRX: 0): first_common_ts=3 20200922184517883 DRLCMAC gprs_rlcmac_ts_alloc.cpp:941 [UL] algo B <multi> (suggested TRX: 0): using 1/1 slots (0x08) 20200922184517883 DL1IF bts.cpp:1071 TRX reserve mask dir=0: 0x0e 20200922184517884 DL1IF bts.cpp:1071 TRX reserve mask dir=1: 0x08 20200922184517884 DRLCMAC gprs_rlcmac_ts_alloc.cpp:807 - Assigning UL TS 3 20200922184517884 DRLCMAC gprs_rlcmac_ts_alloc.cpp:225 Attaching TBF tbf->pdch[3] = 0x555555b1e360 20200922184517884 DTBF tbf.cpp:539 TBF(TFI=1 TLLI=0x00000000 DIR=UL STATE=NULL EGPRS) Setting Control TS 3 20200922184517884 DTBF tbf.cpp:952 TBF(TFI=1 TLLI=0xf99b124d DIR=UL STATE=NULL EGPRS) Allocated: trx = 0, ul_slots = 08, dl_slots = 00 20200922184517884 DTBFUL tbf_ul.cpp:613 TBF(TFI=1 TLLI=0xf99b124d DIR=UL STATE=NULL EGPRS) setting EGPRS UL window size to 64, base(64) slots(1) ws_pdch(0) 20200922184517893 DTBF tbf.cpp:1379 TBF(TFI=1 TLLI=0xf99b124d DIR=UL STATE=ASSIGN EGPRS) start Packet Uplink Assignment (PACCH) Assert failed pdch != NULL /home/pespin/dev/sysmocom/git/osmo-pcu/src/encoding.cpp:562
Not seen in the text above, but in the pcap file in debug I see (so available TS in C are correct: 1,2,3,7,8:
63499 18:45:17.883736890 127.0.0.1 34946 127.0.0.1 4729 GSMTAP 189 - Possible DL/UL slots: (TS=0)".CCC..CC"(TS=7)
Then, after doing the calculations it decides the available slots are: reserved slots: ul=0x0c dl=0x0e so 00001100 and 00001110.
From there, it selects fn_first=2, and (only seen in debug pcap), afterwards it says "- Skipping TS 2, because num TBFs 1 > 0" and immediatelly after sets fn_common_first=3.
Later it calculates the amount of slots to 1.
So if you sum all the points above, there's only 1 TS being selected for this PDCH, yet fn_first and fn_common_first differ, which makes no sense to me. The issue seems to come from UL TBF branch calling allocate_usf() in alloc_algorithm_b(), which updates "reserved_ul_slots" and "ul_slots" later passed to update_ms_reserved_slots and assign_ul_tbf_slots, but forgets to update first_ts accordingly.
Updated by pespin over 3 years ago
- % Done changed from 0 to 90
Should be fixed by:
https://gerrit.osmocom.org/c/osmo-pcu/+/20254 Fix crash accessing NULL tbf->pdch[first_ts]
AFAICT this bug has been there since Jan 31 2018.