Actions
Bug #3412
closedAddressSanitizer: heap-use-after-free in osmo_timer_del() after DEACTIVATE PDP CONTEXT ACK
Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
07/23/2018
Due date:
% Done:
0%
Spec Reference:
Description
while testing with 3G cell on latest master today:
20180723172153842 DRANAP INFO iu_client.c:482 Rx RAB Assignment Response for UE conn_id 1 Setup: (5/c0 a8 00 7c )20180723172153843 DRANAP DEBUG sgsn_libgtp.c:524 Updating TEID on RNC side from 0x00000002 to 0x00000015 20180723172153843 DGPRS INFO gprs_gmm.c:2243 PDP(901700000014701/0) <- ACTIVATE PDP CONTEXT ACK 20180723172153843 DRANAP INFO iu_client.c:431 Transmitting L3 Message as RANAP DT (SCCP conn_id 1) 20180723172153843 DLSCCP DEBUG sccp_scoc.c:1615 Received SCCP User Primitive N-DATA.request) 20180723172153843 DLSCCP DEBUG sccp_scoc.c:1657 SCCP-SCOC(1)[0x612000001420]{ACTIVE}: Received Event N-DATA.req 20180723172153843 DLSS7 DEBUG sccp_scrc.c:398 sccp_scrc_rx_scoc_conn_msg: HDR=(CO:CODT,V=0,LEN=0), PART(T=Routing Context,L=4,D=00000000), PART(T=Destination Reference,L=4,D=000003eb), PART(T=Data,L=80,D=0014004c000002001040403f8a42030e23621f72993f3f1143ffff000000002b060121c0a82a02272280802110020000108106c0a80001830609090909000d04c0a80001000d0409090909003b400100) 20180723172153844 DLSS7 DEBUG osmo_ss7_hmrt.c:278 m3ua_hmdc_rx_from_l2(): dpc=189=0.23.5 not local, message is for routing 20180723172153844 DLSS7 DEBUG osmo_ss7_hmrt.c:227 Found route for dpc=189=0.23.5: pc=0=0.0.0 mask=0x0=0.0.0 via AS as-clnt-OsmoSGSN proto=m3ua 20180723172153844 DLSS7 DEBUG osmo_ss7_hmrt.c:233 rt->dest.as proto is M3UA for dpc=189=0.23.5 20180723172153844 DLSS7 DEBUG m3ua.c:507 XUA_AS(as-clnt-OsmoSGSN)[0x612000000820]{AS_ACTIVE}: Received Event AS-TRANSFER.req 20180723172153844 DGPRS DEBUG sgsn_libgtp.c:626 libgtp cb_conf(type=18, cause=128, pdp=0x7fbbe36b57c0, cbp=0x614000000ca0) 20180723172153844 DLINP DEBUG stream.c:279 connected write 20180723172153844 DLINP DEBUG stream.c:204 sending data 20180723172153845 DLINP DEBUG stream.c:279 connected write 20180723172153845 DLINP DEBUG stream.c:204 sending data 20180723172154554 DLINP DEBUG stream.c:275 connected read 20180723172154554 DLINP DEBUG stream.c:189 message received 20180723172154554 DLSS7 DEBUG osmo_ss7.c:1549 asp-asp-clnt-OsmoSGSN: xua_cli_read_cb(): sctp_recvmsg() returned 84 (flags=0x80) 20180723172154554 DLM3UA DEBUG m3ua.c:722 asp-asp-clnt-OsmoSGSN: Received M3UA Message (XFER:DATA) 20180723172154554 DLM3UA DEBUG m3ua.c:541 asp-asp-clnt-OsmoSGSN: m3ua_rx_xfer 20180723172154555 DLM3UA DEBUG m3ua.c:580 asp-asp-clnt-OsmoSGSN: m3ua_rx_xfer(): M3UA data header: opc=189=0.23.5 dpc=188=0.23.4 20180723172154555 DLSS7 DEBUG osmo_ss7_hmrt.c:274 m3ua_hmdc_rx_from_l2(): found dpc=188=0.23.4 as local 20180723172154555 DLSS7 DEBUG sccp_scrc.c:449 scrc_rx_mtp_xfer_ind_xua: HDR=(CO:CODT,V=0,LEN=0), PART(T=Destination Reference,L=4,D=00000001), PART(T=Segmentation,L=4,D=00000000), PART(T=Data,L=43,D=0014402700000400104005040a462491000f40060009f1073815003740010b003a40080009f10700010001) 20180723172154555 DLSCCP DEBUG sccp_scoc.c:1548 Received CO:CODT for local reference 1 20180723172154555 DLSCCP DEBUG sccp_scoc.c:1581 SCCP-SCOC(1)[0x612000001420]{ACTIVE}: Received Event RCOC-DT1.ind 20180723172154555 DLSCCP DEBUG sccp_user.c:156 Delivering N-DATA.indication to SCCP User 'OsmoSGSN-IuPS' 20180723172154555 DRANAP DEBUG iu_client.c:755 sccp_sap_up(N-DATA.indication) 20180723172154555 DRANAP DEBUG iu_client.c:789 N-DATA.ind(1, 00 14 40 27 00 00 04 00 10 40 05 04 0a 46 24 91 00 0f 40 06 00 09 f1 07 38 15 00 37 40 01 0b 00 3a 40 08 00 09 f1 07 00 01 00 01 ) 20180723172154556 DRANAP NOTICE iu_client.c:530 handle_co(dir=1, proc=20) 20180723172154556 DMM INFO gprs_gmm.c:2677 MM(901700000014701/ef665d56) -> DEACTIVATE PDP CONTEXT REQ (cause: Regular deactivation) 20180723172154556 DGPRS ERROR sgsn_libgtp.c:317 PDP(901700000014701/0) Delete PDP Context 20180723172154556 DGPRS INFO sgsn_libgtp.c:651 PDP(901700000014701:5): Context 0x7fbbe36b57c0 was deleted 20180723172154556 DMM INFO gprs_gmm.c:2313 MM(901700000014701/ef665d56) <- DEACTIVATE PDP CONTEXT REQ 20180723172154556 DRANAP INFO iu_client.c:431 Transmitting L3 Message as RANAP DT (SCCP conn_id 1) 20180723172154557 DLSCCP DEBUG sccp_scoc.c:1615 Received SCCP User Primitive N-DATA.request) 20180723172154557 DLSCCP DEBUG sccp_scoc.c:1657 SCCP-SCOC(1)[0x612000001420]{ACTIVE}: Received Event N-DATA.req 20180723172154557 DLSS7 DEBUG sccp_scrc.c:398 sccp_scrc_rx_scoc_conn_msg: HDR=(CO:CODT,V=0,LEN=0), PART(T=Routing Context,L=4,D=00000000), PART(T=Destination Reference,L=4,D=000003eb), PART(T=Data,L=21,D=0014001100000200104005048a462691003b400100) 20180723172154557 DLSS7 DEBUG osmo_ss7_hmrt.c:278 m3ua_hmdc_rx_from_l2(): dpc=189=0.23.5 not local, message is for routing 20180723172154557 DLSS7 DEBUG osmo_ss7_hmrt.c:227 Found route for dpc=189=0.23.5: pc=0=0.0.0 mask=0x0=0.0.0 via AS as-clnt-OsmoSGSN proto=m3ua 20180723172154557 DLSS7 DEBUG osmo_ss7_hmrt.c:233 rt->dest.as proto is M3UA for dpc=189=0.23.5 20180723172154557 DLSS7 DEBUG m3ua.c:507 XUA_AS(as-clnt-OsmoSGSN)[0x612000000820]{AS_ACTIVE}: Received Event AS-TRANSFER.req 20180723172154558 DLGTP DEBUG pdp.c:255 Begin pdp_tiddel tid = 5107410000007109 20180723172154558 DLGTP DEBUG pdp.c:262 End pdp_tiddel: PDP found 20180723172154558 DLGTP NOTICE gtp.c:2608 Packet from 192.168.0.42:2123, length: 14 content: 32 15 00 06 00 00 00 02 78 05 00 00 01 80 : Unknown PDP context: 2 (expected if gtp_delete_context_req is used) 20180723172154558 DGPRS DEBUG sgsn_libgtp.c:626 libgtp cb_conf(type=20, cause=-1, pdp=(nil), cbp=0x614000000ca0) 20180723172154558 DGPRS ERROR sgsn_libgtp.c:630 libgtp EOF (type=20, pdp=(nil), cbp=0x614000000ca0) 20180723172154558 DGPRS INFO sgsn_libgtp.c:549 PDP(901700000014701/0) Received DELETE PDP CTX CONF, cause=-1(unknown 0xffffffff) 20180723172154558 DMM INFO gprs_gmm.c:2341 MM(901700000014701/ef665d56) <- DEACTIVATE PDP CONTEXT ACK 20180723172154558 DRANAP INFO iu_client.c:431 Transmitting L3 Message as RANAP DT (SCCP conn_id 1) 20180723172154559 DLSCCP DEBUG sccp_scoc.c:1615 Received SCCP User Primitive N-DATA.request) 20180723172154559 DLSCCP DEBUG sccp_scoc.c:1657 SCCP-SCOC(1)[0x612000001420]{ACTIVE}: Received Event N-DATA.req 20180723172154559 DLSS7 DEBUG sccp_scrc.c:398 sccp_scrc_rx_scoc_conn_msg: HDR=(CO:CODT,V=0,LEN=0), PART(T=Routing Context,L=4,D=00000000), PART(T=Destination Reference,L=4,D=000003eb), PART(T=Data,L=19,D=0014000f00000200104003028a47003b400100) 20180723172154559 DLSS7 DEBUG osmo_ss7_hmrt.c:278 m3ua_hmdc_rx_from_l2(): dpc=189=0.23.5 not local, message is for routing 20180723172154559 DLSS7 DEBUG osmo_ss7_hmrt.c:227 Found route for dpc=189=0.23.5: pc=0=0.0.0 mask=0x0=0.0.0 via AS as-clnt-OsmoSGSN proto=m3ua 20180723172154559 DLSS7 DEBUG osmo_ss7_hmrt.c:233 rt->dest.as proto is M3UA for dpc=189=0.23.5 20180723172154559 DLSS7 DEBUG m3ua.c:507 XUA_AS(as-clnt-OsmoSGSN)[0x612000000820]{AS_ACTIVE}: Received Event AS-TRANSFER.req 20180723172154559 DLINP DEBUG stream.c:279 connected write 20180723172154560 DLINP DEBUG stream.c:204 sending data 20180723172154560 DLINP DEBUG stream.c:279 connected write 20180723172154560 DLINP DEBUG stream.c:204 sending data 20180723172154560 DLINP DEBUG stream.c:279 connected write 20180723172154560 DLINP DEBUG stream.c:204 sending data 20180723172154815 DLINP DEBUG stream.c:275 connected read 20180723172154815 DLINP DEBUG stream.c:189 message received 20180723172154815 DLSS7 DEBUG osmo_ss7.c:1549 asp-asp-clnt-OsmoSGSN: xua_cli_read_cb(): sctp_recvmsg() returned 80 (flags=0x80) 20180723172154815 DLM3UA DEBUG m3ua.c:722 asp-asp-clnt-OsmoSGSN: Received M3UA Message (XFER:DATA) 20180723172154815 DLM3UA DEBUG m3ua.c:541 asp-asp-clnt-OsmoSGSN: m3ua_rx_xfer 20180723172154816 DLM3UA DEBUG m3ua.c:580 asp-asp-clnt-OsmoSGSN: m3ua_rx_xfer(): M3UA data header: opc=189=0.23.5 dpc=188=0.23.4 20180723172154816 DLSS7 DEBUG osmo_ss7_hmrt.c:274 m3ua_hmdc_rx_from_l2(): found dpc=188=0.23.4 as local 20180723172154816 DLSS7 DEBUG sccp_scrc.c:449 scrc_rx_mtp_xfer_ind_xua: HDR=(CO:CODT,V=0,LEN=0), PART(T=Destination Reference,L=4,D=00000001), PART(T=Segmentation,L=4,D=00000000), PART(T=Data,L=41,D=0014402500000400104003020a47000f40060009f1073815003740010b003a40080009f10700010001) 20180723172154816 DLSCCP DEBUG sccp_scoc.c:1548 Received CO:CODT for local reference 1 20180723172154816 DLSCCP DEBUG sccp_scoc.c:1581 SCCP-SCOC(1)[0x612000001420]{ACTIVE}: Received Event RCOC-DT1.ind ================================================================= ==31349==ERROR: AddressSanitizer: heap-use-after-free on address 0x614000000d28 at pc 0x7fbbe3eb17d8 bp 0x7ffc9d3b72d0 sp 0x7ffc9d3b72c8 READ of size 8 at 0x614000000d28 thread T0 #0 0x7fbbe3eb17d7 in __rb_erase_color ../../../src/libosmocore/src/rbtree.c:190 #1 0x7fbbe3eb17d7 in rb_erase ../../../src/libosmocore/src/rbtree.c:283 #2 0x7fbbe3e76231 in osmo_timer_del ../../../src/libosmocore/src/timer.c:124 #3 0x7fbbe3e76415 in osmo_timer_add ../../../src/libosmocore/src/timer.c:86 #4 0x7fbbe3e76c46 in osmo_timer_schedule ../../../src/libosmocore/src/timer.c:111 #5 0x7fbbe333b972 in conn_restart_rx_inact_timer ../../../src/libosmo-sccp/src/sccp_scoc.c:289 #6 0x7fbbe333b972 in scoc_fsm_active ../../../src/libosmo-sccp/src/sccp_scoc.c:1013 #7 0x7fbbe3e8fd8c in _osmo_fsm_inst_dispatch ../../../src/libosmocore/src/fsm.c:591 #8 0x7fbbe333d51b in sccp_scoc_rx_from_scrc ../../../src/libosmo-sccp/src/sccp_scoc.c:1581 #9 0x7fbbe33325f3 in scrc_rx_mtp_xfer_ind_xua ../../../src/libosmo-sccp/src/sccp_scrc.c:456 #10 0x7fbbe333fff8 in mtp_user_prim_cb ../../../src/libosmo-sccp/src/sccp_user.c:176 #11 0x7fbbe3314ad9 in m3ua_rx_xfer ../../../src/libosmo-sccp/src/m3ua.c:586 #12 0x7fbbe3314ad9 in m3ua_rx_msg ../../../src/libosmo-sccp/src/m3ua.c:739 #13 0x7fbbe33590aa in xua_cli_read_cb ../../../src/libosmo-sccp/src/osmo_ss7.c:1590 #14 0x7fbbe169d712 in osmo_stream_cli_read ../../../src/libosmo-netif/src/stream.c:192 #15 0x7fbbe169d712 in osmo_stream_cli_fd_cb ../../../src/libosmo-netif/src/stream.c:276 #16 0x7fbbe3e7b04f in osmo_fd_disp_fds ../../../src/libosmocore/src/select.c:217 #17 0x7fbbe3e7b04f in osmo_select_main ../../../src/libosmocore/src/select.c:257 #18 0x5632ae9c6af6 in main ../../../../src/osmo-sgsn/src/gprs/sgsn_main.c:531 #19 0x7fbbe1c37b16 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x22b16) #20 0x5632ae9c7399 in _start (/usr/local/bin/osmo-sgsn+0xdf399) 0x614000000d28 is located 232 bytes inside of 440-byte region [0x614000000c40,0x614000000df8) freed by thread T0 here: #0 0x7fbbe46627a8 in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xda7a8) #1 0x7fbbe2b30a92 in _talloc_free (/usr/lib/x86_64-linux-gnu/libtalloc.so.2+0x4a92) previously allocated by thread T0 here: #0 0x7fbbe4662b00 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdab00) #1 0x7fbbe2b32ae0 in _talloc_zero (/usr/lib/x86_64-linux-gnu/libtalloc.so.2+0x6ae0) SUMMARY: AddressSanitizer: heap-use-after-free ../../../src/libosmocore/src/rbtree.c:190 in __rb_erase_color Shadow bytes around the buggy address: 0x0c287fff8150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c287fff8160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c287fff8170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c287fff8180: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd 0x0c287fff8190: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd =>0x0c287fff81a0: fd fd fd fd fd[fd]fd fd fd fd fd fd fd fd fd fd 0x0c287fff81b0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fa 0x0c287fff81c0: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd 0x0c287fff81d0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c287fff81e0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c287fff81f0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==31349==ABORTING
Files
Updated by neels almost 6 years ago
I have a network trace for this if anyone is interested, but no time right now...
Updated by neels almost 6 years ago
another one
20180723181842819 DRANAP NOTICE iu_client.c:530 handle_co(dir=1, proc=20) 20180723181842819 DMM INFO gprs_gmm.c:2698 MM(901700000014701/c3f92ba7) -> DEACTIVATE PDP CONTEXT ACK 20180723181842819 DMM NOTICE gprs_gmm.c:2705 MM(901700000014701/c3f92ba7) Deactivate PDP Context Accept for non-existing PDP Context (IMSI=901700000014701, TI=0) 20180723181843238 DLINP DEBUG stream.c:275 connected read 20180723181843238 DLINP DEBUG stream.c:189 message received 20180723181843238 DLSS7 DEBUG osmo_ss7.c:1549 asp-asp-clnt-OsmoSGSN: xua_cli_read_cb(): sctp_recvmsg() returned 84 (flags=0x80) 20180723181843238 DLM3UA DEBUG m3ua.c:722 asp-asp-clnt-OsmoSGSN: Received M3UA Message (XFER:DATA) 20180723181843239 DLM3UA DEBUG m3ua.c:541 asp-asp-clnt-OsmoSGSN: m3ua_rx_xfer 20180723181843239 DLM3UA DEBUG m3ua.c:580 asp-asp-clnt-OsmoSGSN: m3ua_rx_xfer(): M3UA data header: opc=189=0.23.5 dpc=188=0.23.4 20180723181843239 DLSS7 DEBUG osmo_ss7_hmrt.c:274 m3ua_hmdc_rx_from_l2(): found dpc=188=0.23.4 as local 20180723181843239 DLSS7 DEBUG sccp_scrc.c:449 scrc_rx_mtp_xfer_ind_xua: HDR=(CO:CODT,V=0,LEN=0), PART(T=Destination Reference,L=4,D=00000000), PART(T=Segmentation,L=4,D=00000000), PART(T=Data,L=42,D=0014402600000400104004030a5551000f40060009f1073815003740010b003a40080009f10700010001) 20180723181843239 DLSCCP DEBUG sccp_scoc.c:1548 Received CO:CODT for local reference 0 20180723181843239 DLSCCP DEBUG sccp_scoc.c:1581 SCCP-SCOC(0)[0x612000001120]{ACTIVE}: Received Event RCOC-DT1.ind 20180723181843239 DLSCCP DEBUG sccp_user.c:156 Delivering N-DATA.indication to SCCP User 'OsmoSGSN-IuPS' 20180723181843239 DRANAP DEBUG iu_client.c:755 sccp_sap_up(N-DATA.indication) 20180723181843239 DRANAP DEBUG iu_client.c:789 N-DATA.ind(0, 00 14 40 26 00 00 04 00 10 40 04 03 0a 55 51 00 0f 40 06 00 09 f1 07 38 15 00 37 40 01 0b 00 3a 40 08 00 09 f1 07 00 01 00 01 ) 20180723181843239 DRANAP NOTICE iu_client.c:530 handle_co(dir=1, proc=20) 20180723181843240 DMM INFO gprs_gmm.c:2722 MM(901700000014701/c3f92ba7) -> GPRS SM STATUS (cause: Invalid transaction identifier) ================================================================= ==27498==ERROR: AddressSanitizer: heap-use-after-free on address 0x614000000950 at pc 0x7f3c293ed8e8 bp 0x7ffc0b9593c0 sp 0x7ffc0b9593b8 READ of size 8 at 0x614000000950 thread T0 #0 0x7f3c293ed8e7 in __add_timer ../../../src/libosmocore/src/timer.c:59 #1 0x7f3c293ed8e7 in osmo_timer_add ../../../src/libosmocore/src/timer.c:89 #2 0x7f3c293edc46 in osmo_timer_schedule ../../../src/libosmocore/src/timer.c:111 #3 0x7f3c293eec33 in osmo_timers_update ../../../src/libosmocore/src/timer.c:257 #4 0x7f3c293f1cc9 in osmo_select_main ../../../src/libosmocore/src/select.c:254 #5 0x55a3c8de0af6 in main ../../../../src/osmo-sgsn/src/gprs/sgsn_main.c:531 #6 0x7f3c271aeb16 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x22b16) #7 0x55a3c8de1399 in _start (/usr/local/bin/osmo-sgsn+0xdf399) 0x614000000950 is located 272 bytes inside of 440-byte region [0x614000000840,0x6140000009f8) freed by thread T0 here: #0 0x7f3c29bd97a8 in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xda7a8) #1 0x7f3c280a7a92 in _talloc_free (/usr/lib/x86_64-linux-gnu/libtalloc.so.2+0x4a92) previously allocated by thread T0 here: #0 0x7f3c29bd9b00 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdab00) #1 0x7f3c280a9ae0 in _talloc_zero (/usr/lib/x86_64-linux-gnu/libtalloc.so.2+0x6ae0) SUMMARY: AddressSanitizer: heap-use-after-free ../../../src/libosmocore/src/timer.c:59 in __add_timer Shadow bytes around the buggy address: 0x0c287fff80d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c287fff80e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c287fff80f0: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa 0x0c287fff8100: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd 0x0c287fff8110: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd =>0x0c287fff8120: fd fd fd fd fd fd fd fd fd fd[fd]fd fd fd fd fd 0x0c287fff8130: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fa 0x0c287fff8140: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd 0x0c287fff8150: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c287fff8160: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c287fff8170: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==27498==ABORTING
Updated by neels over 5 years ago
- File os3412.pcapng os3412.pcapng added
- File osmo-sgsn.cfg osmo-sgsn.cfg added
- File osmo-sgsn.log osmo-sgsn.log added
Updated by neels over 5 years ago
- Status changed from New to Resolved
can no longer reproduce this issue. It used to fail reliably just from using 3G, now I don't see any SGSN crashes after DEACTIVATE PDP CONTEXT ACK.
Resolved for unknown reason.
Updated by pespin over 5 years ago
Most probably you tested it while my last batch of patches 80d407fc3f407898de3c62d6265665d08a830280..ef6d78ff7f96ce898e976f1c2bc638ff5d2d29fb was half merged (it was like that for several days). Some related issues were known to appear in the middle of the commit list.
Actions