Change in osmo-sgsn[master]: gmm: Fix assertion hit during RA UPD REQ before completting gmm attach

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.

pespin gerrit-no-reply at lists.osmocom.org
Fri Nov 8 18:24:51 UTC 2019


pespin has uploaded this change for review. ( https://gerrit.osmocom.org/c/osmo-sgsn/+/16015 )


Change subject: gmm: Fix assertion hit during RA UPD REQ before completting gmm attach
......................................................................

gmm: Fix assertion hit during RA UPD REQ before completting gmm attach

Output:
20191107021548500 DMM <0002> gprs_gb.c:40 MM_STATE_Gb(2596296189)[0x6120000084a0]{Idle}: Received Event E_MM_PDU_RECEPTION
20191107021548500 DMM <0002> gprs_gmm.c:1531 MM(/d4b6d7af) -> GMM RA UPDATE REQUEST type="RA updating"
20191107021548501 DMM <0002> gprs_gmm.c:1615 MM(/d4b6d7af) The MM context cannot be used, RA: 901-70-2758-208
Assert failed mmctx->gb.llme == NULL gprs_gmm.c:1620

Scenario reproducing the crash can be triggered with TTCN3
SGSN_Tests.TC_attach_req_id_req_ra_update.

Basically, SGSN first receives an ATTACH REQ with a given RA ID, then
SGSN switches to state CommonProcedureInitiated and sends GMM ID REQ,
and MS/PCU answers immediatelly with a RA Update instead with a new RA
ID.

Related: OS#3957, OS#4245
Change-Id: I64fa5cf1b427d3abb99e553e584897261a827ce6
---
M src/sgsn/gprs_gmm.c
1 file changed, 2 insertions(+), 2 deletions(-)



  git pull ssh://gerrit.osmocom.org:29418/osmo-sgsn refs/changes/15/16015/1

diff --git a/src/sgsn/gprs_gmm.c b/src/sgsn/gprs_gmm.c
index b6b1685..17daa7d 100644
--- a/src/sgsn/gprs_gmm.c
+++ b/src/sgsn/gprs_gmm.c
@@ -1615,9 +1615,9 @@
 			osmo_rai_name(&mmctx->ra));
 		/* mmctx is set to NULL and gprs_llgmm_unassign(llme) will be
 		   called below, let's make sure we don't keep dangling llme
-		   pointers in mmctx (OS#3957). */
+		   pointers in mmctx (OS#3957, OS#4245). */
 		if (mmctx->ran_type == MM_CTX_T_GERAN_Gb)
-			OSMO_ASSERT(mmctx->gb.llme == NULL);
+			mmctx->gb.llme = NULL;
 		mmctx = NULL;
 	}
 

-- 
To view, visit https://gerrit.osmocom.org/c/osmo-sgsn/+/16015
To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings

Gerrit-Project: osmo-sgsn
Gerrit-Branch: master
Gerrit-Change-Id: I64fa5cf1b427d3abb99e553e584897261a827ce6
Gerrit-Change-Number: 16015
Gerrit-PatchSet: 1
Gerrit-Owner: pespin <pespin at sysmocom.de>
Gerrit-MessageType: newchange
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osmocom.org/pipermail/gerrit-log/attachments/20191108/559efe76/attachment.htm>


More information about the gerrit-log mailing list