open5gs
[Bug][Sponsor: ng-voice]: MME crashes on normal VoLTE attachment
Open5GS Release, Revision, or Tag
v2.7.2
Steps to reproduce
- Attach the UE to the EPC
- Observe successful authentication and bearer creation
- Watch the MME crashing with core dump
MME_Crash_Coredump_04_10_2024.zip
Logs
mme | Deploying component: 'mme-1'
mme | Generating a RSA private key
mme | ..+++++
mme | ............+++++
mme | writing new private key to 'cakey.pem'
mme | -----
mme | Generating RSA private key, 1024 bit long modulus (2 primes)
mme | ......+++++
mme | .......+++++
mme | e is 65537 (0x010001)
mme | Using configuration from /usr/lib/ssl/openssl.cnf
mme | Check that the request matches the signature
mme | Signature ok
mme | Certificate Details:
mme | Serial Number: 1 (0x1)
mme | Validity
mme | Not Before: Oct 4 16:10:37 2024 GMT
mme | Not After : Oct 2 16:10:37 2034 GMT
mme | Subject:
mme | countryName = KO
mme | stateOrProvinceName = Seoul
mme | organizationName = Open5GS
mme | organizationalUnitName = Tests
mme | commonName = mme.ims.mnc001.mcc262.3gppnetwork.org
mme | X509v3 extensions:
mme | X509v3 Basic Constraints:
mme | CA:FALSE
mme | Netscape Comment:
mme | OpenSSL Generated Certificate
mme | X509v3 Subject Key Identifier:
mme | 0E:EE:5F:E6:73:DB:BC:1B:47:A4:95:2F:D0:AA:9E:36:41:BA:67:A2
mme | X509v3 Authority Key Identifier:
mme | keyid:BB:45:0F:84:7B:8E:E7:1C:5F:9C:E2:E5:98:C2:A0:76:4F:CF:57:DD
mme |
mme | Certificate is to be certified until Oct 2 16:10:37 2034 GMT (3650 days)
mme |
mme | Write out database with 1 new entries
mme | Data Base Updated
mme | Open5GS daemon v2.7.2
mme |
mme | [32m10/04 18:10:37.838[0m: [[33mapp[0m] [1;32mINFO[0m: Configuration: '/open5gs/install/etc/open5gs/mme.yaml' (../lib/app/ogs-init.c:133)
mme | [32m10/04 18:10:37.838[0m: [[33mapp[0m] [1;32mINFO[0m: File Logging: '/open5gs/install/var/log/open5gs/mme.log' (../lib/app/ogs-init.c:136)
mme | [32m10/04 18:10:37.838[0m: [[33mapp[0m] [1;32mINFO[0m: LOG-LEVEL: 'INFO' (../lib/app/ogs-init.c:139)
mme | [32m10/04 18:10:37.901[0m: [[33mgtp[0m] [1;32mINFO[0m: gtp_server() [172.25.0.9]:2123 (../lib/gtp/path.c:31)
mme | [32m10/04 18:10:37.902[0m: [[33mgtp[0m] [1;32mINFO[0m: gtp_server() [fd69:f21d:873c:fa::9]:2123 (../lib/gtp/path.c:31)
mme | [32m10/04 18:10:37.902[0m: [[33mgtp[0m] [1;32mINFO[0m: gtp_connect() [172.25.0.5]:2123 (../lib/gtp/path.c:61)
mme | [32m10/04 18:10:37.902[0m: [[33mgtp[0m] [1;32mINFO[0m: gtp_connect() [fd69:f21d:873c:fa::5]:2123 (../lib/gtp/path.c:61)
mme | [32m10/04 18:10:37.902[0m: [[33mmme[0m] [1;32mINFO[0m: s1ap_server() [172.25.0.9]:36412 (../src/mme/s1ap-sctp.c:63)
mme | [32m10/04 18:10:37.902[0m: [[33mmme[0m] [1;32mINFO[0m: s1ap_server() [fd69:f21d:873c:fa::9]:36412 (../src/mme/s1ap-sctp.c:63)
mme | [32m10/04 18:10:37.903[0m: [[33msctp[0m] [1;32mINFO[0m: MME initialize...done (../src/mme/app-init.c:33)
mme | [32m10/04 18:10:37.907[0m: [[33mdiam[0m] [1;32mINFO[0m: CONNECTED TO 'dra-0.c1.ims.mnc001.mcc262.3gppnetwork.org' (SCTP,soc#16): (../lib/diameter/common/logger.c:108)
mme | [32m10/04 18:10:37.907[0m: [[33mdiam[0m] [1;32mINFO[0m: CONNECTED TO 'dra-1.c1.ims.mnc001.mcc262.3gppnetwork.org' (SCTP,soc#18): (../lib/diameter/common/logger.c:108)
mme | [32m10/04 18:10:47.246[0m: [[33mmme[0m] [1;32mINFO[0m: eNB-S1 accepted[192.168.0.161]:3223 in s1_path module (../src/mme/s1ap-sctp.c:115)
mme | [32m10/04 18:10:47.246[0m: [[33mmme[0m] [1;32mINFO[0m: eNB-S1 accepted[192.168.0.161] in master_sm module (../src/mme/mme-sm.c:109)
mme | [32m10/04 18:10:47.246[0m: [[33mmme[0m] [1;32mINFO[0m: [Added] Number of eNBs is now 1 (../src/mme/mme-context.c:2843)
mme | [32m10/04 18:10:47.246[0m: [[33mmme[0m] [1;32mINFO[0m: eNB-S1[192.168.0.161] max_num_of_ostreams : 2 (../src/mme/mme-sm.c:158)
mme | [32m10/04 18:10:47.740[0m: [[33mmme[0m] [1;32mINFO[0m: InitialUEMessage (../src/mme/s1ap-handler.c:426)
mme | [32m10/04 18:10:47.740[0m: [[33mmme[0m] [1;32mINFO[0m: [Added] Number of eNB-UEs is now 1 (../src/mme/mme-context.c:4800)
mme | [32m10/04 18:10:47.740[0m: [[33mmme[0m] [1;32mINFO[0m: ENB_UE_S1AP_ID[0] MME_UE_S1AP_ID[1] TAC[1] CellID[0x5ee0000] (../src/mme/s1ap-handler.c:605)
mme | [32m10/04 18:10:47.740[0m: [[33mmme[0m] [1;32mINFO[0m: [262010021031152] Unknown UE by IMSI (../src/mme/mme-context.c:3592)
mme | [32m10/04 18:10:47.741[0m: [[33mmme[0m] [1;32mINFO[0m: [Added] Number of MME-UEs is now 1 (../src/mme/mme-context.c:3404)
mme | [32m10/04 18:10:47.741[0m: [[33memm[0m] [1;32mINFO[0m: [] Attach request (../src/mme/emm-sm.c:434)
mme | [32m10/04 18:10:47.741[0m: [[33memm[0m] [1;32mINFO[0m: IMSI[262010021031152] (../src/mme/emm-handler.c:224)
mme | [32m10/04 18:10:47.951[0m: [[33mmme[0m] [1;32mINFO[0m: [Added] Number of MME-Sessions is now 1 (../src/mme/mme-context.c:4814)
mme | [32m10/04 18:10:48.022[0m: [[33memm[0m] [1;36mWARNING[0m: Requested EPS_ATTACH_TYPE[2, COMBINED_EPS_IMSI_ATTACH] (../src/mme/emm-build.c:98)
mme | [32m10/04 18:10:48.022[0m: [[33memm[0m] [1;36mWARNING[0m: Permitted EPS_ATTACH_TYPE[1, EPS_ATTACH] (../src/mme/emm-build.c:107)
mme | [32m10/04 18:10:48.022[0m: [[33memm[0m] [1;31mFATAL[0m: emm_build_attach_accept: Assertion `served_tai_index >= 0 && served_tai_index < OGS_MAX_NUM_OF_SUPPORTED_TA' failed. (../src/mme/emm-build.c:156)
mme | [32m10/04 18:10:48.022[0m: [[33mcore[0m] [1;31mFATAL[0m: backtrace() returned 10 addresses (../lib/core/ogs-abort.c:37)
mme | ./open5gs-mmed(+0x69595) [0x5b186d069595]
mme | ./open5gs-mmed(+0x55460) [0x5b186d055460]
mme | ./open5gs-mmed(+0x9fb80) [0x5b186d09fb80]
mme | ./open5gs-mmed(+0x83b50) [0x5b186d083b50]
mme | /open5gs/install/lib/x86_64-linux-gnu/libogscore.so.2(ogs_fsm_dispatch+0x10f) [0x7f22ed74635a]
mme | ./open5gs-mmed(+0x8544) [0x5b186d008544]
mme | /open5gs/install/lib/x86_64-linux-gnu/libogscore.so.2(+0x1061d) [0x7f22ed73761d]
mme | /lib/x86_64-linux-gnu/libpthread.so.0(+0x76db) [0x7f22eaff76db]
mme | /lib/x86_64-linux-gnu/libc.so.6(clone+0x3f) [0x7f22ead2061f]
mme | /open5gs_init.sh: line 96: 54 Aborted (core dumped) ./open5gs-mmed
**From the coredumpctl output**
PID: 166198 (open5gs-mmed)
UID: 0 (root)
GID: 0 (root)
Signal: 6 (ABRT)
Timestamp: Fri 2024-10-04 18:10:59 CEST (4min 37s ago)
Command Line: ./open5gs-mmed
Executable: /open5gs/install/bin/open5gs-mmed
Control Group: /system.slice/docker-678dbbb8a0c825a32c32f0a6b5ed02c5d8a39755fd0f080b6e405cbb5fe93199.scope
Unit: docker-678dbbb8a0c825a32c32f0a6b5ed02c5d8a39755fd0f080b6e405cbb5fe93199.scope
Slice: system.slice
Boot ID: fa69fa641b1c4d08827ab93a7bb34b6b
Machine ID: 9ac46422a0276f5af5ddd63166e2c775
Hostname: 678dbbb8a0c8
Storage: /var/lib/systemd/coredump/core.open5gs-mmed.0.fa69fa641b1c4d08827ab93a7bb34b6b.166198.1728058259000000.zst (present)
Disk Size: 712.0K
Message: Process 166198 (open5gs-mmed) of user 0 dumped core.
Found module /open5gs/install/bin/open5gs-mmed with build-id: f06ea39a5da6ae01cc20bf4802bc6f84b8c21d99
Found module /lib/x86_64-linux-gnu/libgcc_s.so.1 with build-id: 679f3ae11120ec7c483bc9295345d836f5c104f7
Found module /lib/x86_64-linux-gnu/libresolv-2.27.so with build-id: 0f375714358902a9cc97b6255860e804e2027f0c
Found module /lib/x86_64-linux-gnu/libnss_dns-2.27.so with build-id: cb584ac59d1c74510f75cb97424f126d4f1e5d1f
Found module /lib/x86_64-linux-gnu/libnss_files-2.27.so with build-id: 750621afd5bfadacf938de551b3654e7c5868570
Found module /open5gs/install/lib/x86_64-linux-gnu/freeDiameter/dict_dcca_3gpp.fdx with build-id: 9c4354910455c446dcba2d624a063502c9e92d95
Found module /open5gs/install/lib/x86_64-linux-gnu/freeDiameter/dict_dcca.fdx with build-id: ed1e373c33bb31ba7faad77d3f10fa3494ec6cd9
Found module /open5gs/install/lib/x86_64-linux-gnu/freeDiameter/dict_nas_mipv6.fdx with build-id: 04eccea6aecf73396223e484a891243dfdd1937e
Found module /open5gs/install/lib/x86_64-linux-gnu/freeDiameter/dict_nasreq.fdx with build-id: a402f7e91a5dd42b47d0eed5ab456b40548b234e
Found module /open5gs/install/lib/x86_64-linux-gnu/freeDiameter/dict_mip6i.fdx with build-id: b633eb19a50e4096946645f62ef6ebd6ad3409f3
Found module /open5gs/install/lib/x86_64-linux-gnu/freeDiameter/dict_rfc5777.fdx with build-id: 55a176c9dd4dc1079afb1f92981a4950805fab84
Found module /open5gs/install/lib/x86_64-linux-gnu/freeDiameter/rt_default.fdx with build-id: 0af7baca224335d213af135e095ed21c05ec1bd5
Found module /open5gs/install/lib/x86_64-linux-gnu/freeDiameter/dbg_msg_dumps.fdx with build-id: 90a0b5dccdb44316fd83a3e89ae64b6b9546dab6
Found module /usr/lib/x86_64-linux-gnu/libffi.so.6.0.4 with build-id: 3555b5f599c9787dfddbf9e8df6f706b9044d985
Found module /usr/lib/x86_64-linux-gnu/libgmp.so.10.3.2 with build-id: 7e9921b1e9c87b3a1515701b77f62bb80abff856
Found module /usr/lib/x86_64-linux-gnu/libhogweed.so.4.5 with build-id: 372ee4a2e4bb08f1a2b01ae486f88e7466add389
Found module /usr/lib/x86_64-linux-gnu/libnettle.so.6.5 with build-id: 433053b348a412f5cf22d07f699d412ad753fbe5
Found module /usr/lib/x86_64-linux-gnu/libtasn1.so.6.5.5 with build-id: 6036b89a3bb671b32e01464c0c82bfa016186352
Found module /usr/lib/x86_64-linux-gnu/libunistring.so.2.1.0 with build-id: 0e2784298e7d3f4d894fe130acefa77c3e624f72
Found module /usr/lib/x86_64-linux-gnu/libidn2.so.0.3.3 with build-id: ee6e9462ba2491f4ee8c4e52c3323274a9366614
Found module /usr/lib/x86_64-linux-gnu/libp11-kit.so.0.3.0 with build-id: 8cff559d91e3376842a1ba41ccf74eb9decd159b
Found module /lib/x86_64-linux-gnu/libz.so.1.2.11 with build-id: 614e18d8736ce01233c6087d430696bc88a72d0b
Found module /lib/x86_64-linux-gnu/libidn.so.11.6.16 with build-id: 53b5b0d58136af09c9b0ecb4787f4d6238d9ecee
Found module /lib/x86_64-linux-gnu/libdl-2.27.so with build-id: 4c0610fa7b0706d9abc26de5e7940d2e2578eec5
Found module /usr/lib/x86_64-linux-gnu/libgnutls.so.30.14.10 with build-id: 9620150f4f107a7545866a007cbbb09c53f10ad4
Found module /usr/lib/x86_64-linux-gnu/libsctp.so.1.0.17 with build-id: 491495e1543687ad2f4119571ab41017d390d52c
Found module /lib/x86_64-linux-gnu/libc-2.27.so with build-id: f7307432a8b162377e77a182b6cc2e53d771ec4b
Found module /lib/x86_64-linux-gnu/libpthread-2.27.so with build-id: 1f06001733b9be9478b105faf0dac6bdf36c85de
Found module /usr/lib/x86_64-linux-gnu/libyaml-0.so.2.0.5 with build-id: 2f53244f0361bad43490b29562f5376f1d6ad1b4
Found module /usr/lib/x86_64-linux-gnu/libtalloc.so.2.1.10 with build-id: d75d210d2d70f6e414b961ad1d95006e718e2d7a
Found module /open5gs/install/lib/x86_64-linux-gnu/libogsgtp.so.2.7.2 with build-id: d5a680b360841d88ff345a96ff62a8a24c3644dc
Found module /open5gs/install/lib/x86_64-linux-gnu/libfdproto.so.1.5.0 with build-id: 89cefda04e1be15c8439ad16e547c15f1b74b558
Found module /open5gs/install/lib/x86_64-linux-gnu/libfdcore.so.1.5.0 with build-id: 397fcbdd21c92aa2839d3261c1ed25da82271d28
Found module /open5gs/install/lib/x86_64-linux-gnu/libogsdiameter-common.so.2.7.2 with build-id: 5283c0c56bea2ba94aff26b7df71493e3185aa14
Found module /open5gs/install/lib/x86_64-linux-gnu/libogsdiameter-s6a.so.2.7.2 with build-id: 0b70645e7c7daeac4620d0e67e71454adf3bc7f9
Found module /open5gs/install/lib/x86_64-linux-gnu/libogscrypt.so.2.7.2 with build-id: 283555b286d04413a407feccbe8d023ab8690d78
Found module /open5gs/install/lib/x86_64-linux-gnu/libogsnas-common.so.2.7.2 with build-id: f76574c50f96059b45ebabd32badc2d6db856e13
Found module /open5gs/install/lib/x86_64-linux-gnu/libogsnas-eps.so.2.7.2 with build-id: 2e5a9355e6c9a731843d39e04cff74bc8590f770
Found module /open5gs/install/lib/x86_64-linux-gnu/libogsasn1c-util.so.2.7.2 with build-id: b75da6232e7ff1a55f4080419216c3151b43dfe5
Found module /open5gs/install/lib/x86_64-linux-gnu/libogsasn1c-common.so.2.7.2 with build-id: bd6d7312ee5107a557a9e7bcf5000e4275a5c45f
Found module /open5gs/install/lib/x86_64-linux-gnu/libogsasn1c-s1ap.so.2.7.2 with build-id: d384afd653a2088e76ca1fae944e32f0bef5d74a
Found module /open5gs/install/lib/x86_64-linux-gnu/libogss1ap.so.2.7.2 with build-id: 60ebc5781bd319a72b0fff0d47e195913cb7f803
Found module /open5gs/install/lib/x86_64-linux-gnu/libogssctp.so.2.7.2 with build-id: f5b6d94885822310e672ce92dc630abf6a6d8bab
Found module /open5gs/install/lib/x86_64-linux-gnu/libvoid_prom.so.2.7.2 with build-id: 5bf9d55e122da29c3dbcec498cf872153b9c6a56
Found module /open5gs/install/lib/x86_64-linux-gnu/libogscore.so.2.7.2 with build-id: 713208d541de40cd08445e1c6eef31113afb1315
Found module /open5gs/install/lib/x86_64-linux-gnu/libogsproto.so.2.7.2 with build-id: 2aa9c3767369c390c73e47b9dd60b8e2acca6e18
Found module /open5gs/install/lib/x86_64-linux-gnu/libogsapp.so.2.7.2 with build-id: b9b34c867336aa2a92290772d7625ee229bc0a27
Found module /open5gs/install/lib/x86_64-linux-gnu/libogsmetrics.so.2.7.2 with build-id: 056b12be85ba88cae9524166afccc7de4e647094
Found module /lib/x86_64-linux-gnu/ld-2.27.so with build-id: 9ea8014cf02021a29e57aa3e0512e9bb6e30541d
Found module linux-vdso.so.1 with build-id: bcf11dcd6dd2f76c832fcd017faeceae4b3c9ffc
Stack trace of thread 93:
#0 0x0000735cc32cbe87 n/a (/lib/x86_64-linux-gnu/libc-2.27.so + 0x3ee87)
#1 0x00005d7862e69595 n/a (/open5gs/install/bin/open5gs-mmed + 0x69595)
#2 0x00005d7862e55460 n/a (/open5gs/install/bin/open5gs-mmed + 0x55460)
#3 0x00005d7862e9fb80 n/a (/open5gs/install/bin/open5gs-mmed + 0x9fb80)
#4 0x00005d7862e83b50 n/a (/open5gs/install/bin/open5gs-mmed + 0x83b50)
#5 0x0000735cc5dd435a n/a (/open5gs/install/lib/x86_64-linux-gnu/libogscore.so.2.7.2 + 0x1f35a)
#6 0x00005d7862e08544 n/a (/open5gs/install/bin/open5gs-mmed + 0x8544)
#7 0x0000735cc5dc561d n/a (/open5gs/install/lib/x86_64-linux-gnu/libogscore.so.2.7.2 + 0x1061d)
#8 0x0000735cc36856db n/a (/lib/x86_64-linux-gnu/libpthread-2.27.so + 0x76db)
Expected behaviour
The MME accepts the UE attachment and serves the UE after authentication
Observed Behaviour
The MME accepts the UE attachment and authentication but crashes after creating the resources with a core dump and error logs.
eNodeB/gNodeB
BaiCells eNodeB
UE Models and versions
iPhone (iOS 16.5.1) / Nokia (unknown version)
@acetcom Hey there, it is Lukas from ng-voice :wave: We have recently updated to v2.7.2 of Open5GS but cannot get VoLTE attachments running anymore due to the error above. I checked the configs but cannot relate the issue to it. Would be great if you could give an initial feedback on this as this is currently blocking us. Happy to provide any further details if needed. Thanks for your support :) !
@oktavlachs
Based on the wireshark pcap and the core dump you've shared, it appears that the problem may be occurring due to a mismatch of PLMN-IDs between the UE, eNodeB, and MME. Specifically, in the S1AP packets, the PLMN-IDs of id-EUTRAN-CGI and id-TAI do not match. This mismatch can often lead to attachment failures or unexpected behavior in the MME.
However, we believe this might not be the primary cause of the crash you're experiencing. To accurately diagnose the issue, we plan to simulate your scenario in our environment. We'll attempt to reproduce the problem over the next 1-2 weeks to identify the root cause.
In the meantime, could you please verify that the PLMN-IDs are consistent across your UE, eNodeB, and MME configurations? Ensuring they match can sometimes resolve such issues.
Thanks for your support and understanding!
Best Regards, Sukchan
@acetcom thanks a lot, that sounds like a good plan. 👍
You are right, there could be conflicting PLMNID values in the setup. I will check that on Monday and give you an update here.
Cheers, Lukas
@oktavlachs
I realized that I missed mentioning something important in my previous email. To accurately simulate the issue and identify the root cause, I will need all configuration files including mme.yaml. If you could share those files when you have time on Monday, it would greatly assist in resolving the problem.
I appreciate your cooperation and look forward to your update. Sukchan
@oktavlachs @acetcom
I met the same problem and had resolved it.
The cause is the plmn id in e_cgi is different with the plmd id in tai in attach request.
The modification is sample in s1ap-handler.c ,
in s1ap_handle_initial_ue_message():
pLMNidentity = &TAI->pLMNidentity;
ogs_assert(pLMNidentity && pLMNidentity->size == sizeof(ogs_plmn_id_t));
tAC = &TAI->tAC;
ogs_assert(tAC && tAC->size == sizeof(uint16_t));
/* plmn id may be different, to use plmn of TAI */
memcpy(&enb_ue->saved.tai.plmn_id, TAI->pLMNidentity.buf,
sizeof(enb_ue->saved.tai.plmn_id));
memcpy(&enb_ue->saved.tai.tac, tAC->buf, sizeof(enb_ue->saved.tai.tac));
enb_ue->saved.tai.tac = be16toh(enb_ue->saved.tai.tac);
pLMNidentity = &EUTRAN_CGI->pLMNidentity;
ogs_assert(pLMNidentity && pLMNidentity->size == sizeof(ogs_plmn_id_t));
cell_ID = &EUTRAN_CGI->cell_ID;
ogs_assert(cell_ID);
/* plmn id may be different. to use plmn of EUTRAN_CGI */
memcpy(&enb_ue->saved.e_cgi.plmn_id, EUTRAN_CGI->pLMNidentity.buf,
sizeof(enb_ue->saved.e_cgi.plmn_id));
memcpy(&enb_ue->saved.e_cgi.cell_id, cell_ID->buf,
sizeof(enb_ue->saved.e_cgi.cell_id));
enb_ue->saved.e_cgi.cell_id = (be32toh(enb_ue->saved.e_cgi.cell_id) >> 4);
And we should modify other two functions refer to the foregoing , s1ap_handle_uplink_nas_transport() and s1ap_handle_path_switch_request() .
@acetcom If I can help, it would be my pleasure.
Best Regards,
@lglhust
Thank you for sharing your solution to the issue.
I noticed in your code modifications that under the comment:
/* plmn id may be different. to use plmn of TAI */
memcpy(&enb_ue->saved.tai.plmn_id, TAI->pLMNidentity.buf, sizeof(enb_ue->saved.tai.plmn_id));
You replaced pLMNidentity->buf with TAI->pLMNidentity.buf. Similarly, under:
/* plmn id may be different. to use plmn of EUTRAN_CGI */
memcpy(&enb_ue->saved.e_cgi.plmn_id, EUTRAN_CGI->pLMNidentity.buf, sizeof(enb_ue->saved.e_cgi.plmn_id));
ou changed pLMNidentity->buf to EUTRAN_CGI->pLMNidentity.buf.
Given that the variables are assigned just above with:
pLMNidentity = &TAI->pLMNidentity;
pLMNidentity = &EUTRAN_CGI->pLMNidentity;
I was wondering if there is any difference between using pLMNidentity->buf and TAI->pLMNidentity.buf (or EUTRAN_CGI->pLMNidentity.buf). Since pLMNidentity is assigned to &TAI->pLMNidentity or &EUTRAN_CGI->pLMNidentity, wouldn't they reference the same data?
Could you please explain in more detail how you modified the code to resolve the issue? I'd like to understand the exact changes you made and how they address the problem.
Thank you for your assistance. Sukchan
@acetcom v2.7.2, In s1ap_handle_uplink_nas_transport() : Ln 766: pLMNidentity = &EUTRAN_CGI->pLMNidentity; Ln 776: memcpy(&enb_ue->saved.tai.plmn_id, pLMNidentity->buf, sizeof(enb_ue->saved.tai.plmn_id));
enb_ue->saved.tai is covered by EUTRAN_CGI->pLMNidentity, but the plmn id may be different.
So if plmn id in EUTRAN_CGI from attach request is not configured in mme.yaml, "emm_build_attach_accept: Assertion `served_tai_index >= 0 && served_tai_index < OGS_MAX_NUM_OF_SUPPORTED_TA' failed. (../src/mme/emm-build.c:156)" maybe occured.
In s1ap_handle_initial_ue_message(),the modification is unnecessary. But the s1ap_handle_uplink_nas_transport() function should be modified to avoid the previous question.
To remind myself, i changed the three functions mentioned above all in same way.
Best Regards,
@acetcom
You were right, the issue was a misconfiguration in the eNodeB of MNC / MCC. The only thing I would ask for is if there could be a better logging approach regarding this error indicating the mismatch.
You can decide yourself whether you would like to keep that open as an improvement intiative for logging.
I have a new issue I will report in a separate ticket though. For now, thanks for your support!
@lglhust and @oktavlachs
Thanks to your input, we've identified the exact cause of the problem and have applied a patch to the main branch.
The issue was that the PLMN-ID of the TAI was incorrectly being retrieved from the PLMN-ID of the EUTRAN_CGI. As a result, when the PLMN-IDs of the TAI and EUTRAN_CGI were improperly set, the MME would crash.
The incorrect logs that appeared during the crash were also due to this bug.
All issues have now been resolved.
Thank you for your assistance. Sukchan
This issue has been closed automatically due to lack of activity. This has been done to try and reduce the amount of noise. Please do not comment any further. The Open5GS Team may choose to re-open this issue if necessary.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}