Actions
Bug #3412
closedAddressSanitizer: heap-use-after-free in osmo_timer_del() after DEACTIVATE PDP CONTEXT ACK
Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
07/23/2018
Due date:
% Done:
0%
Spec Reference:
Description
while testing with 3G cell on latest master today:
20180723172153842 DRANAP INFO iu_client.c:482 Rx RAB Assignment Response for UE conn_id 1
Setup: (5/c0 a8 00 7c )20180723172153843 DRANAP DEBUG sgsn_libgtp.c:524 Updating TEID on RNC side from 0x00000002 to 0x00000015
20180723172153843 DGPRS INFO gprs_gmm.c:2243 PDP(901700000014701/0) <- ACTIVATE PDP CONTEXT ACK
20180723172153843 DRANAP INFO iu_client.c:431 Transmitting L3 Message as RANAP DT (SCCP conn_id 1)
20180723172153843 DLSCCP DEBUG sccp_scoc.c:1615 Received SCCP User Primitive N-DATA.request)
20180723172153843 DLSCCP DEBUG sccp_scoc.c:1657 SCCP-SCOC(1)[0x612000001420]{ACTIVE}: Received Event N-DATA.req
20180723172153843 DLSS7 DEBUG sccp_scrc.c:398 sccp_scrc_rx_scoc_conn_msg: HDR=(CO:CODT,V=0,LEN=0),
PART(T=Routing Context,L=4,D=00000000),
PART(T=Destination Reference,L=4,D=000003eb),
PART(T=Data,L=80,D=0014004c000002001040403f8a42030e23621f72993f3f1143ffff000000002b060121c0a82a02272280802110020000108106c0a80001830609090909000d04c0a80001000d0409090909003b400100)
20180723172153844 DLSS7 DEBUG osmo_ss7_hmrt.c:278 m3ua_hmdc_rx_from_l2(): dpc=189=0.23.5 not local, message is for routing
20180723172153844 DLSS7 DEBUG osmo_ss7_hmrt.c:227 Found route for dpc=189=0.23.5: pc=0=0.0.0 mask=0x0=0.0.0 via AS as-clnt-OsmoSGSN proto=m3ua
20180723172153844 DLSS7 DEBUG osmo_ss7_hmrt.c:233 rt->dest.as proto is M3UA for dpc=189=0.23.5
20180723172153844 DLSS7 DEBUG m3ua.c:507 XUA_AS(as-clnt-OsmoSGSN)[0x612000000820]{AS_ACTIVE}: Received Event AS-TRANSFER.req
20180723172153844 DGPRS DEBUG sgsn_libgtp.c:626 libgtp cb_conf(type=18, cause=128, pdp=0x7fbbe36b57c0, cbp=0x614000000ca0)
20180723172153844 DLINP DEBUG stream.c:279 connected write
20180723172153844 DLINP DEBUG stream.c:204 sending data
20180723172153845 DLINP DEBUG stream.c:279 connected write
20180723172153845 DLINP DEBUG stream.c:204 sending data
20180723172154554 DLINP DEBUG stream.c:275 connected read
20180723172154554 DLINP DEBUG stream.c:189 message received
20180723172154554 DLSS7 DEBUG osmo_ss7.c:1549 asp-asp-clnt-OsmoSGSN: xua_cli_read_cb(): sctp_recvmsg() returned 84 (flags=0x80)
20180723172154554 DLM3UA DEBUG m3ua.c:722 asp-asp-clnt-OsmoSGSN: Received M3UA Message (XFER:DATA)
20180723172154554 DLM3UA DEBUG m3ua.c:541 asp-asp-clnt-OsmoSGSN: m3ua_rx_xfer
20180723172154555 DLM3UA DEBUG m3ua.c:580 asp-asp-clnt-OsmoSGSN: m3ua_rx_xfer(): M3UA data header: opc=189=0.23.5 dpc=188=0.23.4
20180723172154555 DLSS7 DEBUG osmo_ss7_hmrt.c:274 m3ua_hmdc_rx_from_l2(): found dpc=188=0.23.4 as local
20180723172154555 DLSS7 DEBUG sccp_scrc.c:449 scrc_rx_mtp_xfer_ind_xua: HDR=(CO:CODT,V=0,LEN=0),
PART(T=Destination Reference,L=4,D=00000001),
PART(T=Segmentation,L=4,D=00000000),
PART(T=Data,L=43,D=0014402700000400104005040a462491000f40060009f1073815003740010b003a40080009f10700010001)
20180723172154555 DLSCCP DEBUG sccp_scoc.c:1548 Received CO:CODT for local reference 1
20180723172154555 DLSCCP DEBUG sccp_scoc.c:1581 SCCP-SCOC(1)[0x612000001420]{ACTIVE}: Received Event RCOC-DT1.ind
20180723172154555 DLSCCP DEBUG sccp_user.c:156 Delivering N-DATA.indication to SCCP User 'OsmoSGSN-IuPS'
20180723172154555 DRANAP DEBUG iu_client.c:755 sccp_sap_up(N-DATA.indication)
20180723172154555 DRANAP DEBUG iu_client.c:789 N-DATA.ind(1, 00 14 40 27 00 00 04 00 10 40 05 04 0a 46 24 91 00 0f 40 06 00 09 f1 07 38 15 00 37 40 01 0b 00 3a 40 08 00 09 f1 07 00 01 00 01 )
20180723172154556 DRANAP NOTICE iu_client.c:530 handle_co(dir=1, proc=20)
20180723172154556 DMM INFO gprs_gmm.c:2677 MM(901700000014701/ef665d56) -> DEACTIVATE PDP CONTEXT REQ (cause: Regular deactivation)
20180723172154556 DGPRS ERROR sgsn_libgtp.c:317 PDP(901700000014701/0) Delete PDP Context
20180723172154556 DGPRS INFO sgsn_libgtp.c:651 PDP(901700000014701:5): Context 0x7fbbe36b57c0 was deleted
20180723172154556 DMM INFO gprs_gmm.c:2313 MM(901700000014701/ef665d56) <- DEACTIVATE PDP CONTEXT REQ
20180723172154556 DRANAP INFO iu_client.c:431 Transmitting L3 Message as RANAP DT (SCCP conn_id 1)
20180723172154557 DLSCCP DEBUG sccp_scoc.c:1615 Received SCCP User Primitive N-DATA.request)
20180723172154557 DLSCCP DEBUG sccp_scoc.c:1657 SCCP-SCOC(1)[0x612000001420]{ACTIVE}: Received Event N-DATA.req
20180723172154557 DLSS7 DEBUG sccp_scrc.c:398 sccp_scrc_rx_scoc_conn_msg: HDR=(CO:CODT,V=0,LEN=0),
PART(T=Routing Context,L=4,D=00000000),
PART(T=Destination Reference,L=4,D=000003eb),
PART(T=Data,L=21,D=0014001100000200104005048a462691003b400100)
20180723172154557 DLSS7 DEBUG osmo_ss7_hmrt.c:278 m3ua_hmdc_rx_from_l2(): dpc=189=0.23.5 not local, message is for routing
20180723172154557 DLSS7 DEBUG osmo_ss7_hmrt.c:227 Found route for dpc=189=0.23.5: pc=0=0.0.0 mask=0x0=0.0.0 via AS as-clnt-OsmoSGSN proto=m3ua
20180723172154557 DLSS7 DEBUG osmo_ss7_hmrt.c:233 rt->dest.as proto is M3UA for dpc=189=0.23.5
20180723172154557 DLSS7 DEBUG m3ua.c:507 XUA_AS(as-clnt-OsmoSGSN)[0x612000000820]{AS_ACTIVE}: Received Event AS-TRANSFER.req
20180723172154558 DLGTP DEBUG pdp.c:255 Begin pdp_tiddel tid = 5107410000007109
20180723172154558 DLGTP DEBUG pdp.c:262 End pdp_tiddel: PDP found
20180723172154558 DLGTP NOTICE gtp.c:2608 Packet from 192.168.0.42:2123, length: 14 content: 32 15 00 06 00 00 00 02 78 05 00 00 01 80 : Unknown PDP context: 2 (expected if gtp_delete_context_req is used)
20180723172154558 DGPRS DEBUG sgsn_libgtp.c:626 libgtp cb_conf(type=20, cause=-1, pdp=(nil), cbp=0x614000000ca0)
20180723172154558 DGPRS ERROR sgsn_libgtp.c:630 libgtp EOF (type=20, pdp=(nil), cbp=0x614000000ca0)
20180723172154558 DGPRS INFO sgsn_libgtp.c:549 PDP(901700000014701/0) Received DELETE PDP CTX CONF, cause=-1(unknown 0xffffffff)
20180723172154558 DMM INFO gprs_gmm.c:2341 MM(901700000014701/ef665d56) <- DEACTIVATE PDP CONTEXT ACK
20180723172154558 DRANAP INFO iu_client.c:431 Transmitting L3 Message as RANAP DT (SCCP conn_id 1)
20180723172154559 DLSCCP DEBUG sccp_scoc.c:1615 Received SCCP User Primitive N-DATA.request)
20180723172154559 DLSCCP DEBUG sccp_scoc.c:1657 SCCP-SCOC(1)[0x612000001420]{ACTIVE}: Received Event N-DATA.req
20180723172154559 DLSS7 DEBUG sccp_scrc.c:398 sccp_scrc_rx_scoc_conn_msg: HDR=(CO:CODT,V=0,LEN=0),
PART(T=Routing Context,L=4,D=00000000),
PART(T=Destination Reference,L=4,D=000003eb),
PART(T=Data,L=19,D=0014000f00000200104003028a47003b400100)
20180723172154559 DLSS7 DEBUG osmo_ss7_hmrt.c:278 m3ua_hmdc_rx_from_l2(): dpc=189=0.23.5 not local, message is for routing
20180723172154559 DLSS7 DEBUG osmo_ss7_hmrt.c:227 Found route for dpc=189=0.23.5: pc=0=0.0.0 mask=0x0=0.0.0 via AS as-clnt-OsmoSGSN proto=m3ua
20180723172154559 DLSS7 DEBUG osmo_ss7_hmrt.c:233 rt->dest.as proto is M3UA for dpc=189=0.23.5
20180723172154559 DLSS7 DEBUG m3ua.c:507 XUA_AS(as-clnt-OsmoSGSN)[0x612000000820]{AS_ACTIVE}: Received Event AS-TRANSFER.req
20180723172154559 DLINP DEBUG stream.c:279 connected write
20180723172154560 DLINP DEBUG stream.c:204 sending data
20180723172154560 DLINP DEBUG stream.c:279 connected write
20180723172154560 DLINP DEBUG stream.c:204 sending data
20180723172154560 DLINP DEBUG stream.c:279 connected write
20180723172154560 DLINP DEBUG stream.c:204 sending data
20180723172154815 DLINP DEBUG stream.c:275 connected read
20180723172154815 DLINP DEBUG stream.c:189 message received
20180723172154815 DLSS7 DEBUG osmo_ss7.c:1549 asp-asp-clnt-OsmoSGSN: xua_cli_read_cb(): sctp_recvmsg() returned 80 (flags=0x80)
20180723172154815 DLM3UA DEBUG m3ua.c:722 asp-asp-clnt-OsmoSGSN: Received M3UA Message (XFER:DATA)
20180723172154815 DLM3UA DEBUG m3ua.c:541 asp-asp-clnt-OsmoSGSN: m3ua_rx_xfer
20180723172154816 DLM3UA DEBUG m3ua.c:580 asp-asp-clnt-OsmoSGSN: m3ua_rx_xfer(): M3UA data header: opc=189=0.23.5 dpc=188=0.23.4
20180723172154816 DLSS7 DEBUG osmo_ss7_hmrt.c:274 m3ua_hmdc_rx_from_l2(): found dpc=188=0.23.4 as local
20180723172154816 DLSS7 DEBUG sccp_scrc.c:449 scrc_rx_mtp_xfer_ind_xua: HDR=(CO:CODT,V=0,LEN=0),
PART(T=Destination Reference,L=4,D=00000001),
PART(T=Segmentation,L=4,D=00000000),
PART(T=Data,L=41,D=0014402500000400104003020a47000f40060009f1073815003740010b003a40080009f10700010001)
20180723172154816 DLSCCP DEBUG sccp_scoc.c:1548 Received CO:CODT for local reference 1
20180723172154816 DLSCCP DEBUG sccp_scoc.c:1581 SCCP-SCOC(1)[0x612000001420]{ACTIVE}: Received Event RCOC-DT1.ind
=================================================================
==31349==ERROR: AddressSanitizer: heap-use-after-free on address 0x614000000d28 at pc 0x7fbbe3eb17d8 bp 0x7ffc9d3b72d0 sp 0x7ffc9d3b72c8
READ of size 8 at 0x614000000d28 thread T0
#0 0x7fbbe3eb17d7 in __rb_erase_color ../../../src/libosmocore/src/rbtree.c:190
#1 0x7fbbe3eb17d7 in rb_erase ../../../src/libosmocore/src/rbtree.c:283
#2 0x7fbbe3e76231 in osmo_timer_del ../../../src/libosmocore/src/timer.c:124
#3 0x7fbbe3e76415 in osmo_timer_add ../../../src/libosmocore/src/timer.c:86
#4 0x7fbbe3e76c46 in osmo_timer_schedule ../../../src/libosmocore/src/timer.c:111
#5 0x7fbbe333b972 in conn_restart_rx_inact_timer ../../../src/libosmo-sccp/src/sccp_scoc.c:289
#6 0x7fbbe333b972 in scoc_fsm_active ../../../src/libosmo-sccp/src/sccp_scoc.c:1013
#7 0x7fbbe3e8fd8c in _osmo_fsm_inst_dispatch ../../../src/libosmocore/src/fsm.c:591
#8 0x7fbbe333d51b in sccp_scoc_rx_from_scrc ../../../src/libosmo-sccp/src/sccp_scoc.c:1581
#9 0x7fbbe33325f3 in scrc_rx_mtp_xfer_ind_xua ../../../src/libosmo-sccp/src/sccp_scrc.c:456
#10 0x7fbbe333fff8 in mtp_user_prim_cb ../../../src/libosmo-sccp/src/sccp_user.c:176
#11 0x7fbbe3314ad9 in m3ua_rx_xfer ../../../src/libosmo-sccp/src/m3ua.c:586
#12 0x7fbbe3314ad9 in m3ua_rx_msg ../../../src/libosmo-sccp/src/m3ua.c:739
#13 0x7fbbe33590aa in xua_cli_read_cb ../../../src/libosmo-sccp/src/osmo_ss7.c:1590
#14 0x7fbbe169d712 in osmo_stream_cli_read ../../../src/libosmo-netif/src/stream.c:192
#15 0x7fbbe169d712 in osmo_stream_cli_fd_cb ../../../src/libosmo-netif/src/stream.c:276
#16 0x7fbbe3e7b04f in osmo_fd_disp_fds ../../../src/libosmocore/src/select.c:217
#17 0x7fbbe3e7b04f in osmo_select_main ../../../src/libosmocore/src/select.c:257
#18 0x5632ae9c6af6 in main ../../../../src/osmo-sgsn/src/gprs/sgsn_main.c:531
#19 0x7fbbe1c37b16 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x22b16)
#20 0x5632ae9c7399 in _start (/usr/local/bin/osmo-sgsn+0xdf399)
0x614000000d28 is located 232 bytes inside of 440-byte region [0x614000000c40,0x614000000df8)
freed by thread T0 here:
#0 0x7fbbe46627a8 in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xda7a8)
#1 0x7fbbe2b30a92 in _talloc_free (/usr/lib/x86_64-linux-gnu/libtalloc.so.2+0x4a92)
previously allocated by thread T0 here:
#0 0x7fbbe4662b00 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdab00)
#1 0x7fbbe2b32ae0 in _talloc_zero (/usr/lib/x86_64-linux-gnu/libtalloc.so.2+0x6ae0)
SUMMARY: AddressSanitizer: heap-use-after-free ../../../src/libosmocore/src/rbtree.c:190 in __rb_erase_color
Shadow bytes around the buggy address:
0x0c287fff8150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c287fff8160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c287fff8170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c287fff8180: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
0x0c287fff8190: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
=>0x0c287fff81a0: fd fd fd fd fd[fd]fd fd fd fd fd fd fd fd fd fd
0x0c287fff81b0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fa
0x0c287fff81c0: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
0x0c287fff81d0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c287fff81e0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c287fff81f0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==31349==ABORTING
Files
Updated by neels over 5 years ago
I have a network trace for this if anyone is interested, but no time right now...
Updated by neels over 5 years ago
another one
20180723181842819 DRANAP NOTICE iu_client.c:530 handle_co(dir=1, proc=20)
20180723181842819 DMM INFO gprs_gmm.c:2698 MM(901700000014701/c3f92ba7) -> DEACTIVATE PDP CONTEXT ACK
20180723181842819 DMM NOTICE gprs_gmm.c:2705 MM(901700000014701/c3f92ba7) Deactivate PDP Context Accept for non-existing PDP Context (IMSI=901700000014701, TI=0)
20180723181843238 DLINP DEBUG stream.c:275 connected read
20180723181843238 DLINP DEBUG stream.c:189 message received
20180723181843238 DLSS7 DEBUG osmo_ss7.c:1549 asp-asp-clnt-OsmoSGSN: xua_cli_read_cb(): sctp_recvmsg() returned 84 (flags=0x80)
20180723181843238 DLM3UA DEBUG m3ua.c:722 asp-asp-clnt-OsmoSGSN: Received M3UA Message (XFER:DATA)
20180723181843239 DLM3UA DEBUG m3ua.c:541 asp-asp-clnt-OsmoSGSN: m3ua_rx_xfer
20180723181843239 DLM3UA DEBUG m3ua.c:580 asp-asp-clnt-OsmoSGSN: m3ua_rx_xfer(): M3UA data header: opc=189=0.23.5 dpc=188=0.23.4
20180723181843239 DLSS7 DEBUG osmo_ss7_hmrt.c:274 m3ua_hmdc_rx_from_l2(): found dpc=188=0.23.4 as local
20180723181843239 DLSS7 DEBUG sccp_scrc.c:449 scrc_rx_mtp_xfer_ind_xua: HDR=(CO:CODT,V=0,LEN=0),
PART(T=Destination Reference,L=4,D=00000000),
PART(T=Segmentation,L=4,D=00000000),
PART(T=Data,L=42,D=0014402600000400104004030a5551000f40060009f1073815003740010b003a40080009f10700010001)
20180723181843239 DLSCCP DEBUG sccp_scoc.c:1548 Received CO:CODT for local reference 0
20180723181843239 DLSCCP DEBUG sccp_scoc.c:1581 SCCP-SCOC(0)[0x612000001120]{ACTIVE}: Received Event RCOC-DT1.ind
20180723181843239 DLSCCP DEBUG sccp_user.c:156 Delivering N-DATA.indication to SCCP User 'OsmoSGSN-IuPS'
20180723181843239 DRANAP DEBUG iu_client.c:755 sccp_sap_up(N-DATA.indication)
20180723181843239 DRANAP DEBUG iu_client.c:789 N-DATA.ind(0, 00 14 40 26 00 00 04 00 10 40 04 03 0a 55 51 00 0f 40 06 00 09 f1 07 38 15 00 37 40 01 0b 00 3a 40 08 00 09 f1 07 00 01 00 01 )
20180723181843239 DRANAP NOTICE iu_client.c:530 handle_co(dir=1, proc=20)
20180723181843240 DMM INFO gprs_gmm.c:2722 MM(901700000014701/c3f92ba7) -> GPRS SM STATUS (cause: Invalid transaction identifier)
=================================================================
==27498==ERROR: AddressSanitizer: heap-use-after-free on address 0x614000000950 at pc 0x7f3c293ed8e8 bp 0x7ffc0b9593c0 sp 0x7ffc0b9593b8
READ of size 8 at 0x614000000950 thread T0
#0 0x7f3c293ed8e7 in __add_timer ../../../src/libosmocore/src/timer.c:59
#1 0x7f3c293ed8e7 in osmo_timer_add ../../../src/libosmocore/src/timer.c:89
#2 0x7f3c293edc46 in osmo_timer_schedule ../../../src/libosmocore/src/timer.c:111
#3 0x7f3c293eec33 in osmo_timers_update ../../../src/libosmocore/src/timer.c:257
#4 0x7f3c293f1cc9 in osmo_select_main ../../../src/libosmocore/src/select.c:254
#5 0x55a3c8de0af6 in main ../../../../src/osmo-sgsn/src/gprs/sgsn_main.c:531
#6 0x7f3c271aeb16 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x22b16)
#7 0x55a3c8de1399 in _start (/usr/local/bin/osmo-sgsn+0xdf399)
0x614000000950 is located 272 bytes inside of 440-byte region [0x614000000840,0x6140000009f8)
freed by thread T0 here:
#0 0x7f3c29bd97a8 in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xda7a8)
#1 0x7f3c280a7a92 in _talloc_free (/usr/lib/x86_64-linux-gnu/libtalloc.so.2+0x4a92)
previously allocated by thread T0 here:
#0 0x7f3c29bd9b00 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdab00)
#1 0x7f3c280a9ae0 in _talloc_zero (/usr/lib/x86_64-linux-gnu/libtalloc.so.2+0x6ae0)
SUMMARY: AddressSanitizer: heap-use-after-free ../../../src/libosmocore/src/timer.c:59 in __add_timer
Shadow bytes around the buggy address:
0x0c287fff80d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c287fff80e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c287fff80f0: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa
0x0c287fff8100: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
0x0c287fff8110: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
=>0x0c287fff8120: fd fd fd fd fd fd fd fd fd fd[fd]fd fd fd fd fd
0x0c287fff8130: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fa
0x0c287fff8140: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
0x0c287fff8150: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c287fff8160: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c287fff8170: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==27498==ABORTING
Updated by neels over 5 years ago
- File os3412.pcapng os3412.pcapng added
- File osmo-sgsn.cfg osmo-sgsn.cfg added
- File osmo-sgsn.log osmo-sgsn.log added
Updated by neels over 5 years ago
- Status changed from New to Resolved
can no longer reproduce this issue. It used to fail reliably just from using 3G, now I don't see any SGSN crashes after DEACTIVATE PDP CONTEXT ACK.
Resolved for unknown reason.
Updated by pespin over 5 years ago
Most probably you tested it while my last batch of patches 80d407fc3f407898de3c62d6265665d08a830280..ef6d78ff7f96ce898e976f1c2bc638ff5d2d29fb was half merged (it was like that for several days). Some related issues were known to appear in the middle of the commit list.
Actions
