Review at

trans_free: safeguard against a still running CC timer on free

Make sure to deactivate when freeing a CC transaction.
Log an error if should be necessary.

This prevents a segfault when we receive a BSSMAP Clear Request from BSC during
an ongoing CC operation. The BSSMAP Clear Request currently triggers immediate
freeing of the conn, while we should still do a graceful release first. While
this patch does not fix the underlying error, it does prevent the MSC from
crashing due to a stale timer, whatever the cause might be.

Related: OS#3062
Change-Id: I86b666f23402a6d94af2d903e514770d1fd5157f
M src/libmsc/transaction.c
1 file changed, 9 insertions(+), 0 deletions(-)

  git pull ssh:// refs/changes/73/7273/1

diff --git a/src/libmsc/transaction.c b/src/libmsc/transaction.c
index f500326..cdaba9c 100644
--- a/src/libmsc/transaction.c
+++ b/src/libmsc/transaction.c
@@ -121,6 +121,15 @@
        switch (trans->protocol) {
        case GSM48_PDISC_CC:
+               if (osmo_timer_pending(&trans->cc.timer)) {
+                       LOGP(DCC, LOGL_ERROR,
+                            "%s Timer 0x%x is still running while discarding 
+                            " -- this is a bug: we were still expecting a 
response but"
+                            " are freeing the transaction anyway\n",
+                            vlr_subscr_name(trans->conn->vsub), 
+                       osmo_timer_del(&trans->cc.timer);
+                       trans->cc.Tcurrent = 0;
+               }
                conn_usage_token = MSC_CONN_USE_TRANS_CC;
        case GSM48_PDISC_SMS:

To view, visit
To unsubscribe, visit

Gerrit-MessageType: newchange
Gerrit-Change-Id: I86b666f23402a6d94af2d903e514770d1fd5157f
Gerrit-PatchSet: 1
Gerrit-Project: osmo-msc
Gerrit-Branch: master
Gerrit-Owner: Neels Hofmeyr <>

Reply via email to