sgsn: Remove MM from the list before gprs_subscr_delete is called
Modify sgsn_mm_ctx_free to remove the entry from the
list as otherwise we might double free the context from
within gprs_subscriber_delete.
diff --git a/openbsc/src/gprs/gprs_sgsn.c b/openbsc/src/gprs/gprs_sgsn.c
index 2b78d31..acf37a2 100644
--- a/openbsc/src/gprs/gprs_sgsn.c
+++ b/openbsc/src/gprs/gprs_sgsn.c
@@ -191,6 +191,9 @@
osmo_timer_del(&mm->timer);
}
+ /* Unlink from global list of MM contexts */
+ llist_del(&mm->list);
+
/* Detach from subscriber which is possibly freed then */
if (mm->subscr) {
struct gsm_subscriber *subscr = mm->subscr;
@@ -199,9 +202,6 @@
gprs_subscr_delete(subscr);
}
- /* Unlink from global list of MM contexts */
- llist_del(&mm->list);
-
/* Free all PDP contexts */
llist_for_each_entry_safe(pdp, pdp2, &mm->pdp_list, list)
sgsn_pdp_ctx_free(pdp);