I think this situation will repeat itself over and over again until we make sanitizer tests part of our jenkins setup.
On 13.12.2016 13:08, Neels Hofmeyr wrote:
The sanitizer build used to get through to testing the PCU, now it already fails at openbsc's sgsn test. This happens in the recently added test_pdp_deactivation_with_pdp_ctx:
http://jenkins.osmocom.org/jenkins/job/Osmocom_Sanitizer/388/consoleFull
commit 1611df5226199da2bf2fba3d22d93cc1a6c6c777 Commit: Pravin Kumarvel pmanohar@radisys.com CommitDate: Mon Dec 12 17:20:39 2016 +0530
Support Deactivate PDP Context Request from networkhttps://gerrit.osmocom.org/1262
I can reproduce the segmentation fault locally, but only when the sanitizer is enabled. When stepping up to the failure and checking the parameters, all seems to be in order; immediately when trying to step into sgsn_create_pdp_ctx(), the SIGSEGV is fired. So far the actual failure is not clear to me, I haven't found the 0x02 pointer yet that asan complains about:
==21897==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000002
I found a use-after-free which isn't the cause for above asan failure:
gsm0408_gprs_access_cancelled(mm, GMM_CAUSE_GPRS_NOTALLOWED); LOGMMCTXP(LOGL_NOTICE, mm, "No PDP context to deactivate\n");
gsm0408_gprs_access_cancelled() calls mm_ctx_cleanup_free(), and after that the local mm is non-NULL but freed. Change the order to:
LOGMMCTXP(LOGL_NOTICE, mm, "No PDP context to deactivate\n"); gsm0408_gprs_access_cancelled(mm, GMM_CAUSE_GPRS_NOTALLOWED);
(This second issue is shown when removing test_pdp_deactivation_with_pdp_ctx() from test_pdp_deactivation())
The cause for the asan failure shown above and in jenkins still evades me. But I'm afraid we have to revert the patch. Please run the asan build on this patch and re-submit when the cause is clear.
How to asan build has been discussed recently: http://lists.osmocom.org/pipermail/openbsc/2016-November/009901.html
~N