From 36b604181c1473df79cd8d56f0c01a4f6dce047c Mon Sep 17 00:00:00 2001
From: Neels Hofmeyr <neels@hofmeyr.de>
Date: Wed, 19 Aug 2020 13:40:33 +0000
Subject: [PATCH] fix crash for unknown MI during Paging Response

Related: OS#4724
Related: I40496bbccbbd9c496cfa57df49e26f124a2b1554 (osmo-ttcn3-hacks)
Change-Id: Ia2c8fa745cfab17ed7114d433f625ddc02ae7b11
---
 src/libmsc/gsm_04_08.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/libmsc/gsm_04_08.c b/src/libmsc/gsm_04_08.c
index b284ccd7a..3594bfc79 100644
--- a/src/libmsc/gsm_04_08.c
+++ b/src/libmsc/gsm_04_08.c
@@ -1185,7 +1185,12 @@ static int gsm48_rx_rr_pag_resp(struct msc_a *msc_a, struct msgb *msg)
 	vsub = msc_a_vsub(msc_a);
 	if (!vsub) {
 		LOG_MSC_A(msc_a, LOGL_ERROR, "subscriber not allowed to do a Paging Response\n");
-		msc_a_put(msc_a, MSC_A_USE_PAGING_RESPONSE);
+
+		/* Above MSC_A_USE_PAGING_RESPONSE may already have been removed by a forced release, put that use only
+		 * if it still exists. (see msc_a_fsm_releasing_onenter()) */
+		if (osmo_use_count_by(&msc_a->use_count, MSC_A_USE_PAGING_RESPONSE))
+			msc_a_put(msc_a, MSC_A_USE_PAGING_RESPONSE);
+
 		return -EIO;
 	}