Bug #3957: ABORT from gprs_sndcp_comp_free() - OsmoSGSN - Open Source Mobile Communications

Actions

Copy link

Bug #3957

closed

ABORT from gprs_sndcp_comp_free()

Added by keith almost 5 years ago. Updated over 2 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Category:

Target version:

Start date:

04/24/2019

Due date:

% Done:

90%

Spec Reference:

Description

(gdb) bt
#0  signal_handler (signal=6) at sgsn_main.c:144
#1  <signal handler called>
#2  0x00007ffff5402067 in __GI_raise (sig=sig@entry=6)   at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#3  0x00007ffff5403448 in __GI_abort () at abort.c:89
#4  0x00007ffff59ae69c in ?? () from /usr/lib/x86_64-linux-gnu/libtalloc.so.2
#5  0x00007ffff59ada37 in _talloc_free ()   from /usr/lib/x86_64-linux-gnu/libtalloc.so.2
#6  0x0000555555567f9d in gprs_sndcp_comp_free (comp_entities=<optimized out>)  at gprs_sndcp_comp.c:176
#7  0x0000555555573658 in llme_free (llme=0x555555a1b800) at gprs_llc.c:577
#8  gprs_llgmm_assign (llme=llme@entry=0x555555a1b800, old_tlli=old_tlli@entry=2708627144, new_tlli=new_tlli@entry=4294967295) at gprs_llc.c:1064
#9  0x0000555555565485 in sgsn_mm_ctx_cleanup_free (mm=0x0) at gprs_sgsn.c:365
#10 0x00007ffff7308526 in osmo_timers_update () from /usr/lib/x86_64-linux-gnu/libosmocore.so.12
#11 0x00007ffff7308d9a in osmo_select_main () from /usr/lib/x86_64-linux-gnu/libosmocore.so.12
#12 0x000055555555b9e7 in main (argc=1, argv=0x7fffffffe668) at sgsn_main.c:524

llme in llme_free()

$85 = {list = {next = 0x100100, prev = 0x200200}, state = GPRS_LLMS_UNASSIGNED, 
  tlli = 0, old_tlli = 0, algo = GPRS_ALGO_GEA0, kc = '\000' <repeats 15 times>, 
  cksn = 7 '\a', iov_ui = 3547929860, bvci = 4, nsei = 4, lle = {{list = {
        next = 0x0, prev = 0x0}, sapi = 0, llme = 0x555555a1b800, 
      state = GPRS_LLES_UNASSIGNED, t200 = {node = {rb_parent_color = 0, 
          rb_right = 0x0, rb_left = 0x0}, list = {next = 0x0, prev = 0x0}, 
        timeout = {tv_sec = 0, tv_usec = 0}, active = 0, cb = 0x0, data = 0x0}, 
      t201 = {node = {rb_parent_color = 0, rb_right = 0x0, rb_left = 0x0}, list = {
          next = 0x0, prev = 0x0}, timeout = {tv_sec = 0, tv_usec = 0}, 
        active = 0, cb = 0x0, data = 0x0}, v_sent = 0, v_ack = 0, v_recv = 0, 
      vu_send = 0, vu_recv = 0, vu_recv_last = 0, vu_recv_duplicates = 0, 
      oc_i_send = 0, oc_i_recv = 0, oc_ui_send = 0, oc_ui_recv = 0, 
      retrans_ctr = 0, params = {iov_i_exp = 0, t200_201 = 0, n200 = 0, 
        n201_u = 0, n201_i = 0, mD = 0, mU = 0, kD = 0, kU = 0}}, {list = {
        next = 0x0, prev = 0x0}, sapi = 1, llme = 0x555555a1b800, 
      state = GPRS_LLES_UNASSIGNED, t200 = {node = {rb_parent_color = 0, 
          rb_right = 0x0, rb_left = 0x0}, list = {next = 0x0, prev = 0x0}, 
        timeout = {tv_sec = 0, tv_usec = 0}, active = 0, cb = 0x0, data = 0x0}, 
      t201 = {node = {rb_parent_color = 0, rb_right = 0x0, rb_left = 0x0}, list = {
          next = 0x0, prev = 0x0}, timeout = {tv_sec = 0, tv_usec = 0}, 
        active = 0, cb = 0x0, data = 0x0}, v_sent = 0, v_ack = 0, v_recv = 0, 
      vu_send = 1, vu_recv = 0, vu_recv_last = 0, vu_recv_duplicates = 0, 
      oc_i_send = 0, oc_i_recv = 0, oc_ui_send = 0, oc_ui_recv = 0, 
      retrans_ctr = 0, params = {iov_i_exp = 0, t200_201 = 5, n200 = 3, 
        n201_u = 400, n201_i = 0, mD = 0, mU = 0, kD = 0, kU = 0}}, {list = {
        next = 0x0, prev = 0x0}, sapi = 2, llme = 0x555555a1b800, 
      state = GPRS_LLES_UNASSIGNED, t200 = {node = {rb_parent_color = 0, 
          rb_right = 0x0, rb_left = 0x0}, list = {next = 0x0, prev = 0x0}, 
        timeout = {tv_sec = 0, tv_usec = 0}, active = 0, cb = 0x0, data = 0x0}, 
      t201 = {node = {rb_parent_color = 0, rb_right = 0x0, rb_left = 0x0}, list = {
          next = 0x0, prev = 0x0}, timeout = {tv_sec = 0, tv_usec = 0}, 
        active = 0, cb = 0x0, data = 0x0}, v_sent = 0, v_ack = 0, v_recv = 0, 
      vu_send = 0, vu_recv = 0, vu_recv_last = 0, vu_recv_duplicates = 0, 
      oc_i_send = 0, oc_i_recv = 0, oc_ui_send = 0, oc_ui_recv = 0, 
      retrans_ctr = 0, params = {iov_i_exp = 0, t200_201 = 5, n200 = 3, 
        n201_u = 270, n201_i = 0, mD = 0, mU = 0, kD = 0, kU = 0}}, {list = {
        next = 0x0, prev = 0x0}, sapi = 3, llme = 0x555555a1b800, 
      state = GPRS_LLES_UNASSIGNED, t200 = {node = {rb_parent_color = 0, 
          rb_right = 0x0, rb_left = 0x0}, list = {next = 0x0, prev = 0x0}, 
        timeout = {tv_sec = 0, tv_usec = 0}, active = 0, cb = 0x0, data = 0x0}, 
      t201 = {node = {rb_parent_color = 0, rb_right = 0x0, rb_left = 0x0}, list = {
          next = 0x0, prev = 0x0}, timeout = {tv_sec = 0, tv_usec = 0}, 
        active = 0, cb = 0x0, data = 0x0}, v_sent = 0, v_ack = 0, v_recv = 0, 
      vu_send = 0, vu_recv = 0, vu_recv_last = 0, vu_recv_duplicates = 0, 
      oc_i_send = 0, oc_i_recv = 0, oc_ui_send = 0, oc_ui_recv = 0, 
      retrans_ctr = 0, params = {iov_i_exp = 27, t200_201 = 5, n200 = 3, 
        n201_u = 500, n201_i = 1503, mD = 1520, mU = 1520, kD = 16, kU = 16}}, {
      list = {next = 0x0, prev = 0x0}, sapi = 4, llme = 0x555555a1b800, 
      state = GPRS_LLES_UNASSIGNED, t200 = {node = {rb_parent_color = 0, 
          rb_right = 0x0, rb_left = 0x0}, list = {next = 0x0, prev = 0x0}, 
        timeout = {tv_sec = 0, tv_usec = 0}, active = 0, cb = 0x0, data = 0x0}, 
      t201 = {node = {rb_parent_color = 0, rb_right = 0x0, rb_left = 0x0}, list = {
          next = 0x0, prev = 0x0}, timeout = {tv_sec = 0, tv_usec = 0}, 
        active = 0, cb = 0x0, data = 0x0}, v_sent = 0, v_ack = 0, v_recv = 0, 
      vu_send = 0, vu_recv = 0, vu_recv_last = 0, vu_recv_duplicates = 0, 
      oc_i_send = 0, oc_i_recv = 0, oc_ui_send = 0, oc_ui_recv = 0, 
      retrans_ctr = 0, params = {iov_i_exp = 0, t200_201 = 0, n200 = 0, 
        n201_u = 0, n201_i = 0, mD = 0, mU = 0, kD = 0, kU = 0}}, {list = {
        next = 0x0, prev = 0x0}, sapi = 5, llme = 0x555555a1b800, 
      state = GPRS_LLES_UNASSIGNED, t200 = {node = {rb_parent_color = 0, 
          rb_right = 0x0, rb_left = 0x0}, list = {next = 0x0, prev = 0x0}, 
        timeout = {tv_sec = 0, tv_usec = 0}, active = 0, cb = 0x0, data = 0x0}, 
      t201 = {node = {rb_parent_color = 0, rb_right = 0x0, rb_left = 0x0}, list = {
          next = 0x0, prev = 0x0}, timeout = {tv_sec = 0, tv_usec = 0}, 
        active = 0, cb = 0x0, data = 0x0}, v_sent = 0, v_ack = 0, v_recv = 0, 
      vu_send = 0, vu_recv = 0, vu_recv_last = 0, vu_recv_duplicates = 0, 
      oc_i_send = 0, oc_i_recv = 0, oc_ui_send = 0, oc_ui_recv = 0, 
      retrans_ctr = 0, params = {iov_i_exp = 27, t200_201 = 10, n200 = 3, 
        n201_u = 500, n201_i = 1503, mD = 760, mU = 760, kD = 8, kU = 8}}, {
      list = {next = 0x0, prev = 0x0}, sapi = 6, llme = 0x555555a1b800, 
      state = GPRS_LLES_UNASSIGNED, t200 = {node = {rb_parent_color = 0, 
          rb_right = 0x0, rb_left = 0x0}, list = {next = 0x0, prev = 0x0}, 
        timeout = {tv_sec = 0, tv_usec = 0}, active = 0, cb = 0x0, data = 0x0}, 
      t201 = {node = {rb_parent_color = 0, rb_right = 0x0, rb_left = 0x0}, list = {
          next = 0x0, prev = 0x0}, timeout = {tv_sec = 0, tv_usec = 0}, 
        active = 0, cb = 0x0, data = 0x0}, v_sent = 0, v_ack = 0, v_recv = 0, 
      vu_send = 0, vu_recv = 0, vu_recv_last = 0, vu_recv_duplicates = 0, 
      oc_i_send = 0, oc_i_recv = 0, oc_ui_send = 0, oc_ui_recv = 0, 
      retrans_ctr = 0, params = {iov_i_exp = 0, t200_201 = 0, n200 = 0, 
        n201_u = 0, n201_i = 0, mD = 0, mU = 0, kD = 0, kU = 0}}, {list = {
        next = 0x0, prev = 0x0}, sapi = 7, llme = 0x555555a1b800, 
      state = GPRS_LLES_UNASSIGNED, t200 = {node = {rb_parent_color = 0, 
          rb_right = 0x0, rb_left = 0x0}, list = {next = 0x0, prev = 0x0}, 
        timeout = {tv_sec = 0, tv_usec = 0}, active = 0, cb = 0x0, data = 0x0}, 
      t201 = {node = {rb_parent_color = 0, rb_right = 0x0, rb_left = 0x0}, list = {
          next = 0x0, prev = 0x0}, timeout = {tv_sec = 0, tv_usec = 0}, 
        active = 0, cb = 0x0, data = 0x0}, v_sent = 0, v_ack = 0, v_recv = 0, 
      vu_send = 0, vu_recv = 0, vu_recv_last = 0, vu_recv_duplicates = 0, 
      oc_i_send = 0, oc_i_recv = 0, oc_ui_send = 0, oc_ui_recv = 0, 
      retrans_ctr = 0, params = {iov_i_exp = 0, t200_201 = 20, n200 = 3, 
        n201_u = 270, n201_i = 0, mD = 0, mU = 0, kD = 0, kU = 0}}, {list = {
        next = 0x0, prev = 0x0}, sapi = 8, llme = 0x555555a1b800, 
      state = GPRS_LLES_UNASSIGNED, t200 = {node = {rb_parent_color = 0, 
          rb_right = 0x0, rb_left = 0x0}, list = {next = 0x0, prev = 0x0}, 
        timeout = {tv_sec = 0, tv_usec = 0}, active = 0, cb = 0x0, data = 0x0}, 
      t201 = {node = {rb_parent_color = 0, rb_right = 0x0, rb_left = 0x0}, list = {
          next = 0x0, prev = 0x0}, timeout = {tv_sec = 0, tv_usec = 0}, 
        active = 0, cb = 0x0, data = 0x0}, v_sent = 0, v_ack = 0, v_recv = 0, 
      vu_send = 0, vu_recv = 0, vu_recv_last = 0, vu_recv_duplicates = 0, 
      oc_i_send = 0, oc_i_recv = 0, oc_ui_send = 0, oc_ui_recv = 0, 
      retrans_ctr = 0, params = {iov_i_exp = 0, t200_201 = 20, n200 = 3, 
        n201_u = 270, n201_i = 0, mD = 0, mU = 0, kD = 0, kU = 0}}, {list = {
        next = 0x0, prev = 0x0}, sapi = 9, llme = 0x555555a1b800, 
      state = GPRS_LLES_UNASSIGNED, t200 = {node = {rb_parent_color = 0, 
          rb_right = 0x0, rb_left = 0x0}, list = {next = 0x0, prev = 0x0}, 
        timeout = {tv_sec = 0, tv_usec = 0}, active = 0, cb = 0x0, data = 0x0}, 
      t201 = {node = {rb_parent_color = 0, rb_right = 0x0, rb_left = 0x0}, list = {
          next = 0x0, prev = 0x0}, timeout = {tv_sec = 0, tv_usec = 0}, 
        active = 0, cb = 0x0, data = 0x0}, v_sent = 0, v_ack = 0, v_recv = 0, 
      vu_send = 0, vu_recv = 0, vu_recv_last = 0, vu_recv_duplicates = 0, 
      oc_i_send = 0, oc_i_recv = 0, oc_ui_send = 0, oc_ui_recv = 0, 
      retrans_ctr = 0, params = {iov_i_exp = 27, t200_201 = 20, n200 = 3, 
        n201_u = 500, n201_i = 1503, mD = 380, mU = 380, kD = 4, kU = 4}}, {
      list = {next = 0x0, prev = 0x0}, sapi = 10, llme = 0x555555a1b800, 
      state = GPRS_LLES_UNASSIGNED, t200 = {node = {rb_parent_color = 0, 
          rb_right = 0x0, rb_left = 0x0}, list = {next = 0x0, prev = 0x0}, 
        timeout = {tv_sec = 0, tv_usec = 0}, active = 0, cb = 0x0, data = 0x0}, 
      t201 = {node = {rb_parent_color = 0, rb_right = 0x0, rb_left = 0x0}, list = {
          next = 0x0, prev = 0x0}, timeout = {tv_sec = 0, tv_usec = 0}, 
        active = 0, cb = 0x0, data = 0x0}, v_sent = 0, v_ack = 0, v_recv = 0, 
      vu_send = 0, vu_recv = 0, vu_recv_last = 0, vu_recv_duplicates = 0, 
      oc_i_send = 0, oc_i_recv = 0, oc_ui_send = 0, oc_ui_recv = 0, 
      retrans_ctr = 0, params = {iov_i_exp = 0, t200_201 = 0, n200 = 0, 
        n201_u = 0, n201_i = 0, mD = 0, mU = 0, kD = 0, kU = 0}}, {list = {
        next = 0x0, prev = 0x0}, sapi = 11, llme = 0x555555a1b800, 
      state = GPRS_LLES_UNASSIGNED, t200 = {node = {rb_parent_color = 0, 
          rb_right = 0x0, rb_left = 0x0}, list = {next = 0x0, prev = 0x0}, 
        timeout = {tv_sec = 0, tv_usec = 0}, active = 0, cb = 0x0, data = 0x0}, 
      t201 = {node = {rb_parent_color = 0, rb_right = 0x0, rb_left = 0x0}, list = {
          next = 0x0, prev = 0x0}, timeout = {tv_sec = 0, tv_usec = 0}, 
        active = 0, cb = 0x0, data = 0x0}, v_sent = 0, v_ack = 0, v_recv = 0, 
      vu_send = 0, vu_recv = 0, vu_recv_last = 0, vu_recv_duplicates = 0, 
      oc_i_send = 0, oc_i_recv = 0, oc_ui_send = 0, oc_ui_recv = 0, 
      retrans_ctr = 0, params = {iov_i_exp = 27, t200_201 = 40, n200 = 3, 
        n201_u = 500, n201_i = 1503, mD = 190, mU = 190, kD = 2, kU = 2}}, {
      list = {next = 0x0, prev = 0x0}, sapi = 12, llme = 0x555555a1b800, 
      state = GPRS_LLES_UNASSIGNED, t200 = {node = {rb_parent_color = 0, 
          rb_right = 0x0, rb_left = 0x0}, list = {next = 0x0, prev = 0x0}, 
        timeout = {tv_sec = 0, tv_usec = 0}, active = 0, cb = 0x0, data = 0x0}, 
      t201 = {node = {rb_parent_color = 0, rb_right = 0x0, rb_left = 0x0}, list = {
          next = 0x0, prev = 0x0}, timeout = {tv_sec = 0, tv_usec = 0}, 
        active = 0, cb = 0x0, data = 0x0}, v_sent = 0, v_ack = 0, v_recv = 0, 
      vu_send = 0, vu_recv = 0, vu_recv_last = 0, vu_recv_duplicates = 0, 
      oc_i_send = 0, oc_i_recv = 0, oc_ui_send = 0, oc_ui_recv = 0, 
      retrans_ctr = 0, params = {iov_i_exp = 0, t200_201 = 0, n200 = 0, 
        n201_u = 0, n201_i = 0, mD = 0, mU = 0, kD = 0, kU = 0}}, {list = {
        next = 0x0, prev = 0x0}, sapi = 13, llme = 0x555555a1b800, 
      state = GPRS_LLES_UNASSIGNED, t200 = {node = {rb_parent_color = 0, 
          rb_right = 0x0, rb_left = 0x0}, list = {next = 0x0, prev = 0x0}, 
        timeout = {tv_sec = 0, tv_usec = 0}, active = 0, cb = 0x0, data = 0x0}, 
      t201 = {node = {rb_parent_color = 0, rb_right = 0x0, rb_left = 0x0}, list = {
          next = 0x0, prev = 0x0}, timeout = {tv_sec = 0, tv_usec = 0}, 
        active = 0, cb = 0x0, data = 0x0}, v_sent = 0, v_ack = 0, v_recv = 0, 
      vu_send = 0, vu_recv = 0, vu_recv_last = 0, vu_recv_duplicates = 0, 
      oc_i_send = 0, oc_i_recv = 0, oc_ui_send = 0, oc_ui_recv = 0, 
      retrans_ctr = 0, params = {iov_i_exp = 0, t200_201 = 0, n200 = 0, 
        n201_u = 0, n201_i = 0, mD = 0, mU = 0, kD = 0, kU = 0}}, {list = {
        next = 0x0, prev = 0x0}, sapi = 14, llme = 0x555555a1b800, 
      state = GPRS_LLES_UNASSIGNED, t200 = {node = {rb_parent_color = 0, 
          rb_right = 0x0, rb_left = 0x0}, list = {next = 0x0, prev = 0x0}, 
        timeout = {tv_sec = 0, tv_usec = 0}, active = 0, cb = 0x0, data = 0x0}, 
      t201 = {node = {rb_parent_color = 0, rb_right = 0x0, rb_left = 0x0}, list = {
          next = 0x0, prev = 0x0}, timeout = {tv_sec = 0, tv_usec = 0}, 
        active = 0, cb = 0x0, data = 0x0}, v_sent = 0, v_ack = 0, v_recv = 0, 
      vu_send = 0, vu_recv = 0, vu_recv_last = 0, vu_recv_duplicates = 0, 
      oc_i_send = 0, oc_i_recv = 0, oc_ui_send = 0, oc_ui_recv = 0, 
      retrans_ctr = 0, params = {iov_i_exp = 0, t200_201 = 0, n200 = 0, 
        n201_u = 0, n201_i = 0, mD = 0, mU = 0, kD = 0, kU = 0}}, {list = {
        next = 0x0, prev = 0x0}, sapi = 15, llme = 0x555555a1b800, 
      state = GPRS_LLES_UNASSIGNED, t200 = {node = {rb_parent_color = 0, 
          rb_right = 0x0, rb_left = 0x0}, list = {next = 0x0, prev = 0x0}, 
        timeout = {tv_sec = 0, tv_usec = 0}, active = 0, cb = 0x0, data = 0x0}, 
      t201 = {node = {rb_parent_color = 0, rb_right = 0x0, rb_left = 0x0}, list = {
          next = 0x0, prev = 0x0}, timeout = {tv_sec = 0, tv_usec = 0}, 
        active = 0, cb = 0x0, data = 0x0}, v_sent = 0, v_ack = 0, v_recv = 0, 
      vu_send = 0, vu_recv = 0, vu_recv_last = 0, vu_recv_duplicates = 0, 
      oc_i_send = 0, oc_i_recv = 0, oc_ui_send = 0, oc_ui_recv = 0, 
      retrans_ctr = 0, params = {iov_i_exp = 0, t200_201 = 0, n200 = 0, 
        n201_u = 0, n201_i = 0, mD = 0, mU = 0, kD = 0, kU = 0}}}, 
  xid = 0x555555c6d200, comp = {proto = 0x5555559b2e10, data = 0x5555559f9b90}, 
  age_timestamp = 0}

Files

core_bin.tgz

970 KB

Core + binary used.

keith, 04/27/2019 10:59 AM

Related issues

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Cellular Network Infrastructure » Core Network (CN) » OsmoSGSN

Custom queries

Bug #3957

ABORT from gprs_sndcp_comp_free()

Updated by keith almost 5 years ago

Updated by laforge almost 5 years ago

Updated by keith almost 5 years ago

Updated by pespin almost 5 years ago

Updated by keith almost 5 years ago

Updated by keith almost 5 years ago

Updated by keith almost 5 years ago

Updated by laforge almost 5 years ago

Updated by keith almost 5 years ago

Updated by keith almost 5 years ago

Updated by laforge almost 5 years ago

Updated by keith almost 5 years ago

Updated by keith almost 5 years ago

Updated by keith almost 5 years ago

Updated by pespin over 4 years ago

Updated by pespin over 4 years ago

Updated by pespin over 4 years ago

Updated by pespin over 4 years ago

Updated by pespin over 4 years ago

Updated by keith over 2 years ago