new sanitizer breakage: SIGSEGV in sgsn_create_pdp_ctx()

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/OpenBSC@lists.osmocom.org/.

Neels Hofmeyr nhofmeyr at sysmocom.de
Tue Dec 13 12:08:32 UTC 2016


The sanitizer build used to get through to testing the PCU,
now it already fails at openbsc's sgsn test. This happens in the recently added
test_pdp_deactivation_with_pdp_ctx:

http://jenkins.osmocom.org/jenkins/job/Osmocom_Sanitizer/388/consoleFull

commit 1611df5226199da2bf2fba3d22d93cc1a6c6c777
Commit:     Pravin Kumarvel <pmanohar at radisys.com>
CommitDate: Mon Dec 12 17:20:39 2016 +0530

    Support Deactivate PDP Context Request from network

https://gerrit.osmocom.org/1262


I can reproduce the segmentation fault locally, but only when the sanitizer is
enabled. When stepping up to the failure and checking the parameters, all seems
to be in order; immediately when trying to step into sgsn_create_pdp_ctx(), the
SIGSEGV is fired. So far the actual failure is not clear to me, I haven't found
the 0x02 pointer yet that asan complains about:

==21897==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000002


I found a use-after-free which isn't the cause for above asan failure:

  gsm0408_gprs_access_cancelled(mm, GMM_CAUSE_GPRS_NOTALLOWED);
  LOGMMCTXP(LOGL_NOTICE, mm, "No PDP context to deactivate\n");

gsm0408_gprs_access_cancelled() calls mm_ctx_cleanup_free(), and after that the
local mm is non-NULL but freed. Change the order to:

  LOGMMCTXP(LOGL_NOTICE, mm, "No PDP context to deactivate\n");
  gsm0408_gprs_access_cancelled(mm, GMM_CAUSE_GPRS_NOTALLOWED);

(This second issue is shown when removing test_pdp_deactivation_with_pdp_ctx()
from test_pdp_deactivation())


The cause for the asan failure shown above and in jenkins still evades me. But
I'm afraid we have to revert the patch. Please run the asan build on this patch
and re-submit when the cause is clear.

How to asan build has been discussed recently:
http://lists.osmocom.org/pipermail/openbsc/2016-November/009901.html

~N

-- 
- Neels Hofmeyr <nhofmeyr at sysmocom.de>          http://www.sysmocom.de/
=======================================================================
* sysmocom - systems for mobile communications GmbH
* Alt-Moabit 93
* 10559 Berlin, Germany
* Sitz / Registered office: Berlin, HRB 134158 B
* Geschäftsführer / Managing Directors: Harald Welte
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.osmocom.org/pipermail/openbsc/attachments/20161213/5fbf2c84/attachment.bin>


More information about the OpenBSC mailing list