Actions
Bug #4669
closedmutex fix related use after free
Start date:
07/17/2020
Due date:
% Done:
100%
Spec Reference:
Description
13:07:49: Debugging starts Fri Jul 17 13:07:50 2020 DLSTATS <0010> stats.c:189 Stats timer started with interval 5 sec Fri Jul 17 13:07:50 2020 DLGLOBAL <0007> telnet_interface.c:104 Available via telnet 127.0.0.1 4237 Fri Jul 17 13:07:50 2020 DLCTRL <000e> control_if.c:911 CTRL at 127.0.0.1 4236 Fri Jul 17 13:07:50 2020 DMAIN <0000> osmo-trx.cpp:484 [tid=140737316968384] Config Settings Log Level............... 0 Device args............. ipc_msock=/tmp/ipc_sock0 TRX Base Port........... 5700 TRX Address............. 127.0.0.1 GSM BTS Address......... 127.0.0.1 Channels................ 2 Tx Samples-per-Symbol... 4 Rx Samples-per-Symbol... 4 EDGE support............ 1 Extended RACH support... 0 Reference............... 1 Filler Burst Type....... Empty bursts Filler Burst TSC........ 0 Filler Burst RACH Delay. 0 Multi-Carrier........... 0 Tuning offset........... 0 RSSI to dBm offset...... 28 Swap channels........... 0 Tx Antennas............. 'TX/RX' 'TX/RX' Rx Antennas............. 'RX2' 'RX2' [INFO] [UHD] linux; Clang version 10.0.0 ; Boost_107100; UHD_4.0.0.0-0-3b59529e Fri Jul 17 13:07:50 2020 DDEV <0005> UHDDevice.cpp:543 [tid=140737316968384] Using discovered UHD device type=b200,name=MyB210,serial=blabla,product=B210 Fri Jul 17 13:07:50 2020 DDEVDRV <0006> /xx/uhd/host/lib/usrp/b200/b200_impl.cpp:419 [tid=140737260812032] [B200] Detected Device: B210 Fri Jul 17 13:07:50 2020 DDEVDRV <0006> /xx/uhd/host/lib/usrp/b200/b200_impl.cpp:466 [tid=140737260812032] [B200] Operating over USB 3. Fri Jul 17 13:07:50 2020 DDEVDRV <0006> /xx/uhd/host/lib/usrp/b200/b200_impl.cpp:616 [tid=140737260812032] [B200] Initialize CODEC control... Fri Jul 17 13:07:50 2020 DDEVDRV <0006> /xx/uhd/host/lib/usrp/b200/b200_impl.cpp:685 [tid=140737260812032] [B200] Initialize Radio control... Fri Jul 17 13:07:50 2020 DDEVDRV <0006> /xx/uhd/host/lib/usrp/b200/b200_impl.cpp:1023 [tid=140737260812032] [B200] Performing register loopback test... Fri Jul 17 13:07:50 2020 DDEVDRV <0006> /xx/uhd/host/lib/usrp/b200/b200_impl.cpp:1032 [tid=140737260812032] [B200] Register loopback test passed Fri Jul 17 13:07:50 2020 DDEVDRV <0006> /xx/uhd/host/lib/usrp/b200/b200_impl.cpp:1023 [tid=140737260812032] [B200] Performing register loopback test... Fri Jul 17 13:07:50 2020 DDEVDRV <0006> /xx/uhd/host/lib/usrp/b200/b200_impl.cpp:1032 [tid=140737260812032] [B200] Register loopback test passed Fri Jul 17 13:07:50 2020 DDEVDRV <0006> /xx/uhd/host/lib/usrp/b200/b200_impl.cpp:813 [tid=140737260812032] [B200] Setting master clock rate selection to 'automatic'. Fri Jul 17 13:07:50 2020 DDEVDRV <0006> /xx/uhd/host/lib/usrp/b200/b200_impl.cpp:1073 [tid=140737260812032] [B200] Asking for clock rate 16.000000 MHz... Fri Jul 17 13:07:51 2020 DDEVDRV <0006> /xx/uhd/host/lib/usrp/b200/b200_impl.cpp:1086 [tid=140737260812032] [B200] Actually got clock rate 16.000000 MHz. Fri Jul 17 13:07:51 2020 DMAIN <0000> UHDDevice.cpp:205 [tid=140737316968384] Antennas configured successfully Fri Jul 17 13:07:51 2020 DDEVDRV <0006> /xx/uhd/host/lib/usrp/multi_usrp.cpp:526 [tid=140737260812032] [MULTI_USRP] Setting master clock rate selection to 'manual'. Fri Jul 17 13:07:51 2020 DDEVDRV <0006> /xx/uhd/host/lib/usrp/b200/b200_impl.cpp:1073 [tid=140737260812032] [B200] Asking for clock rate 26.000000 MHz... Fri Jul 17 13:07:51 2020 DDEVDRV <0006> /xx/uhd/host/lib/usrp/b200/b200_impl.cpp:1086 [tid=140737260812032] [B200] Actually got clock rate 26.000000 MHz. Fri Jul 17 13:07:52 2020 DDEV <0005> UHDDevice.cpp:332 [tid=140737316968384] Rates configured for B210 4 SPS Fri Jul 17 13:07:52 2020 DDEV <0005> UHDDevice.cpp:292 [tid=140737316968384] Supported Tx gain range [0; 89.75] Fri Jul 17 13:07:52 2020 DDEV <0005> UHDDevice.cpp:297 [tid=140737316968384] Supported Rx gain range [0; 76] Fri Jul 17 13:07:52 2020 DDEV <0005> UHDDevice.cpp:301 [tid=140737316968384] Default setting Tx gain for channel 0 to 44.875 Fri Jul 17 13:07:52 2020 DDEV <0005> UHDDevice.cpp:301 [tid=140737316968384] Default setting Tx gain for channel 1 to 44.875 Fri Jul 17 13:07:52 2020 DDEV <0005> UHDDevice.cpp:308 [tid=140737316968384] Default setting Rx gain for channel 0 to 38 Fri Jul 17 13:07:52 2020 DDEV <0005> UHDDevice.cpp:308 [tid=140737316968384] Default setting Rx gain for channel 1 to 38 Fri Jul 17 13:07:52 2020 DDEV <0005> UHDDevice.cpp:642 [tid=140737316968384] Device configuration: Single USRP: Device: B-Series Device Mboard 0: B210 RX Channel: 0 RX DSP: 0 RX Dboard: A RX Subdev: FE-RX2 RX Channel: 1 RX DSP: 1 RX Dboard: A RX Subdev: FE-RX1 TX Channel: 0 TX DSP: 0 TX Dboard: A TX Subdev: FE-TX2 TX Channel: 1 TX DSP: 1 TX Dboard: A TX Subdev: FE-TX1 Fri Jul 17 13:07:52 2020 DMAIN <0000> osmo-trx.cpp:532 [tid=140737316968384] -- Transceiver active with 2 channel(s) Fri Jul 17 13:08:01 2020 DTRXCTRL <0002> Transceiver.cpp:832 [tid=140737316968384][chan=0] command is 'POWEROFF' Fri Jul 17 13:08:01 2020 DTRXCTRL <0002> Transceiver.cpp:980 [tid=140737316968384][chan=0] response is 'RSP POWEROFF 0' Fri Jul 17 13:08:01 2020 DTRXCTRL <0002> Transceiver.cpp:832 [tid=140737316968384][chan=0] command is 'RXTUNE 881000' Fri Jul 17 13:08:01 2020 DDEV <0005> UHDDevice.cpp:1004 [tid=140737316968384][chan=0] set_freq(8.81e+08, Rx): Tune Result: Target RF Freq: 881.000000 (MHz) Actual RF Freq: 881.000000 (MHz) Target DSP Freq: -0.000000 (MHz) Actual DSP Freq: -0.000000 (MHz) Fri Jul 17 13:08:01 2020 DTRXCTRL <0002> Transceiver.cpp:980 [tid=140737316968384][chan=0] response is 'RSP RXTUNE 0 881000' Fri Jul 17 13:08:01 2020 DTRXCTRL <0002> Transceiver.cpp:832 [tid=140737316968384][chan=1] command is 'RXTUNE 880800' Fri Jul 17 13:08:01 2020 DDEV <0005> UHDDevice.cpp:1004 [tid=140737316968384][chan=1] set_freq(8.808e+08, Rx): Tune Result: Target RF Freq: 880.900000 (MHz) Actual RF Freq: 880.900000 (MHz) Target DSP Freq: 0.100000 (MHz) Actual DSP Freq: 0.100000 (MHz) Fri Jul 17 13:08:01 2020 DDEV <0005> UHDDevice.cpp:1024 [tid=140737316968384][chan=1] set_freq(8.808e+08, Rx): Tune Result: Target RF Freq: 880.900000 (MHz) Actual RF Freq: 880.900000 (MHz) Target DSP Freq: -0.100000 (MHz) Actual DSP Freq: -0.100000 (MHz) Fri Jul 17 13:08:01 2020 DTRXCTRL <0002> Transceiver.cpp:980 [tid=140737316968384][chan=1] response is 'RSP RXTUNE 0 880800' Fri Jul 17 13:08:01 2020 DTRXCTRL <0002> Transceiver.cpp:832 [tid=140737316968384][chan=0] command is 'TXTUNE 926000' Fri Jul 17 13:08:01 2020 DDEV <0005> UHDDevice.cpp:1004 [tid=140737316968384][chan=0] set_freq(9.26e+08, Tx): Tune Result: Target RF Freq: 926.000000 (MHz) Actual RF Freq: 925.999999 (MHz) Target DSP Freq: 0.000001 (MHz) Actual DSP Freq: 0.000001 (MHz) Fri Jul 17 13:08:01 2020 DTRXCTRL <0002> Transceiver.cpp:980 [tid=140737316968384][chan=0] response is 'RSP TXTUNE 0 926000' Fri Jul 17 13:08:01 2020 DTRXCTRL <0002> Transceiver.cpp:832 [tid=140737316968384][chan=1] command is 'TXTUNE 925800' Fri Jul 17 13:08:01 2020 DDEV <0005> UHDDevice.cpp:1004 [tid=140737316968384][chan=1] set_freq(9.258e+08, Tx): Tune Result: Target RF Freq: 925.900000 (MHz) Actual RF Freq: 925.899999 (MHz) Target DSP Freq: -0.099999 (MHz) Actual DSP Freq: -0.099999 (MHz) Fri Jul 17 13:08:01 2020 DDEV <0005> UHDDevice.cpp:1024 [tid=140737316968384][chan=1] set_freq(9.258e+08, Tx): Tune Result: Target RF Freq: 925.900000 (MHz) Actual RF Freq: 925.899999 (MHz) Target DSP Freq: 0.100001 (MHz) Actual DSP Freq: 0.100001 (MHz) Fri Jul 17 13:08:01 2020 DTRXCTRL <0002> Transceiver.cpp:980 [tid=140737316968384][chan=1] response is 'RSP TXTUNE 0 925800' Fri Jul 17 13:08:01 2020 DTRXCTRL <0002> Transceiver.cpp:832 [tid=140737316968384][chan=0] command is 'NOMTXPOWER' Fri Jul 17 13:08:01 2020 DTRXCTRL <0002> Transceiver.cpp:980 [tid=140737316968384][chan=0] response is 'RSP NOMTXPOWER 0 13' Fri Jul 17 13:08:01 2020 DTRXCTRL <0002> Transceiver.cpp:832 [tid=140737316968384][chan=1] command is 'NOMTXPOWER' Fri Jul 17 13:08:01 2020 DTRXCTRL <0002> Transceiver.cpp:980 [tid=140737316968384][chan=1] response is 'RSP NOMTXPOWER 0 13' Fri Jul 17 13:08:01 2020 DTRXCTRL <0002> Transceiver.cpp:832 [tid=140737316968384][chan=0] command is 'SETTSC 7' Fri Jul 17 13:08:01 2020 DTRXCTRL <0002> Transceiver.cpp:937 [tid=140737316968384] Changing TSC from 0 to 7 Fri Jul 17 13:08:01 2020 DTRXCTRL <0002> Transceiver.cpp:980 [tid=140737316968384][chan=0] response is 'RSP SETTSC 0 7' Fri Jul 17 13:08:01 2020 DTRXCTRL <0002> Transceiver.cpp:832 [tid=140737316968384][chan=1] command is 'SETTSC 7' Fri Jul 17 13:08:01 2020 DTRXCTRL <0002> Transceiver.cpp:937 [tid=140737316968384] Changing TSC from 7 to 7 Fri Jul 17 13:08:01 2020 DTRXCTRL <0002> Transceiver.cpp:980 [tid=140737316968384][chan=1] response is 'RSP SETTSC 0 7' Fri Jul 17 13:08:01 2020 DTRXCTRL <0002> Transceiver.cpp:832 [tid=140737316968384][chan=0] command is 'SETFORMAT 1' Fri Jul 17 13:08:01 2020 DTRXCTRL <0002> Transceiver.cpp:958 [tid=140737316968384][chan=0] BTS requests TRXD version switch: 1 Fri Jul 17 13:08:01 2020 DTRXCTRL <0002> Transceiver.cpp:964 [tid=140737316968384][chan=0] switching to TRXD version 1 Fri Jul 17 13:08:01 2020 DTRXCTRL <0002> Transceiver.cpp:980 [tid=140737316968384][chan=0] response is 'RSP SETFORMAT 1 1' Fri Jul 17 13:08:01 2020 DTRXCTRL <0002> Transceiver.cpp:832 [tid=140737316968384][chan=1] command is 'SETFORMAT 1' Fri Jul 17 13:08:01 2020 DTRXCTRL <0002> Transceiver.cpp:958 [tid=140737316968384][chan=1] BTS requests TRXD version switch: 1 Fri Jul 17 13:08:01 2020 DTRXCTRL <0002> Transceiver.cpp:964 [tid=140737316968384][chan=1] switching to TRXD version 1 Fri Jul 17 13:08:01 2020 DTRXCTRL <0002> Transceiver.cpp:980 [tid=140737316968384][chan=1] response is 'RSP SETFORMAT 1 1' Fri Jul 17 13:08:01 2020 DTRXCTRL <0002> Transceiver.cpp:832 [tid=140737316968384][chan=0] command is 'POWERON' Fri Jul 17 13:08:01 2020 DMAIN <0000> Transceiver.cpp:286 [tid=140737316968384] Starting the transceiver Fri Jul 17 13:08:01 2020 DMAIN <0000> radioInterface.cpp:191 [tid=140737316968384] Starting radio device Fri Jul 17 13:08:01 2020 DDEV <0005> UHDDevice.cpp:713 [tid=140737316968384] Starting USRP... Fri Jul 17 13:08:01 2020 DMAIN <0000> Threads.cpp:119 [tid=140737235633920] Thread 140737235633920 (task 19931) set name: UHDAsyncEvent Fri Jul 17 13:08:01 2020 DDEV <0005> UHDDevice.cpp:688 [tid=140737316968384] Initial timestamp 11485391 Fri Jul 17 13:08:01 2020 DDEV <0005> UHDDevice.cpp:730 [tid=140737316968384] The current time is 10.6041 seconds Fri Jul 17 13:08:01 2020 DMAIN <0000> radioInterface.cpp:212 [tid=140737316968384] Radio started Fri Jul 17 13:08:01 2020 DMAIN <0000> Threads.cpp:119 [tid=140737190344448] Thread 140737190344448 (task 19932) set name: TxLower Fri Jul 17 13:08:01 2020 DMAIN <0000> Threads.cpp:119 [tid=140737205016320] Thread 140737205016320 (task 19933) set name: RxLower Fri Jul 17 13:08:01 2020 DMAIN <0000> Threads.cpp:119 [tid=140737165166336] Thread 140737165166336 (task 19934) set name: RxUpper0 Fri Jul 17 13:08:01 2020 DMAIN <0000> Threads.cpp:119 [tid=140737156773632] Thread 140737156773632 (task 19935) set name: TxUpper0 Fri Jul 17 13:08:01 2020 DMAIN <0000> Threads.cpp:119 [tid=140737148380928] Thread 140737148380928 (task 19936) set name: RxUpper1 Fri Jul 17 13:08:01 2020 DTRXCTRL <0002> Transceiver.cpp:980 [tid=140737316968384][chan=0] response is 'RSP POWERON 0' Fri Jul 17 13:08:01 2020 DMAIN <0000> Threads.cpp:119 [tid=140737139988224] Thread 140737139988224 (task 19937) set name: TxUpper1 Fri Jul 17 13:08:01 2020 DTRXCTRL <0002> Transceiver.cpp:832 [tid=140737316968384][chan=1] command is 'SETRXGAIN 10' Fri Jul 17 13:08:01 2020 DDEV <0005> UHDDevice.cpp:345 [tid=140737316968384] Set RX gain to 10dB (asked for 10dB) Fri Jul 17 13:08:01 2020 DTRXCTRL <0002> Transceiver.cpp:980 [tid=140737316968384][chan=1] response is 'RSP SETRXGAIN 0 10' Fri Jul 17 13:08:01 2020 DTRXCTRL <0002> Transceiver.cpp:832 [tid=140737316968384][chan=0] command is 'SETRXGAIN 10' Fri Jul 17 13:08:01 2020 DDEV <0005> UHDDevice.cpp:345 [tid=140737316968384] Set RX gain to 10dB (asked for 10dB) Fri Jul 17 13:08:01 2020 DTRXCTRL <0002> Transceiver.cpp:980 [tid=140737316968384][chan=0] response is 'RSP SETRXGAIN 0 10' Info: SSE3 support compiled in and supported by CPU Info: SSE4.1 support compiled in and supported by CPU LLLLFri Jul 17 13:08:01 2020 DTRXCTRL <0002> Transceiver.cpp:832 [tid=140737316968384][chan=1] command is 'SETSLOT 0 7' Fri Jul 17 13:08:01 2020 DTRXCTRL <0002> Transceiver.cpp:980 [tid=140737316968384][chan=1] response is 'RSP SETSLOT 0 0 7' Fri Jul 17 13:08:01 2020 DTRXCTRL <0002> Transceiver.cpp:832 [tid=140737316968384][chan=0] command is 'SETSLOT 0 5' Fri Jul 17 13:08:01 2020 DTRXCTRL <0002> Transceiver.cpp:980 [tid=140737316968384][chan=0] response is 'RSP SETSLOT 0 0 5' Fri Jul 17 13:08:01 2020 DTRXCTRL <0002> Transceiver.cpp:832 [tid=140737316968384][chan=1] command is 'SETSLOT 1 1' Fri Jul 17 13:08:01 2020 DTRXCTRL <0002> Transceiver.cpp:980 [tid=140737316968384][chan=1] response is 'RSP SETSLOT 0 1 1' Fri Jul 17 13:08:01 2020 DTRXCTRL <0002> Transceiver.cpp:832 [tid=140737316968384][chan=0] command is 'SETSLOT 1 7' Fri Jul 17 13:08:01 2020 DTRXCTRL <0002> Transceiver.cpp:980 [tid=140737316968384][chan=0] response is 'RSP SETSLOT 0 1 7' Fri Jul 17 13:08:01 2020 DTRXCLK <0001> Transceiver.cpp:1060 [tid=140737205016320] Sending CLOCK indications Fri Jul 17 13:08:01 2020 DTRXCLK <0001> Transceiver.cpp:1177 [tid=140737205016320] sending IND CLOCK 67954 Fri Jul 17 13:08:01 2020 DTRXCTRL <0002> Transceiver.cpp:832 [tid=140737316968384][chan=1] command is 'SETSLOT 2 1' Fri Jul 17 13:08:01 2020 DTRXCTRL <0002> Transceiver.cpp:980 [tid=140737316968384][chan=1] response is 'RSP SETSLOT 0 2 1' Fri Jul 17 13:08:01 2020 DTRXCTRL <0002> Transceiver.cpp:832 [tid=140737316968384][chan=0] command is 'SETSLOT 2 1' Fri Jul 17 13:08:01 2020 DTRXCTRL <0002> Transceiver.cpp:980 [tid=140737316968384][chan=0] response is 'RSP SETSLOT 0 2 1' Fri Jul 17 13:08:01 2020 DTRXCTRL <0002> Transceiver.cpp:832 [tid=140737316968384][chan=1] command is 'SETSLOT 3 3' Fri Jul 17 13:08:01 2020 DTRXCTRL <0002> Transceiver.cpp:980 [tid=140737316968384][chan=1] response is 'RSP SETSLOT 0 3 3' Fri Jul 17 13:08:01 2020 DTRXCTRL <0002> Transceiver.cpp:832 [tid=140737316968384][chan=0] command is 'SETSLOT 3 1' Fri Jul 17 13:08:01 2020 DTRXCTRL <0002> Transceiver.cpp:980 [tid=140737316968384][chan=0] response is 'RSP SETSLOT 0 3 1' Fri Jul 17 13:08:01 2020 DTRXCTRL <0002> Transceiver.cpp:832 [tid=140737316968384][chan=1] command is 'SETSLOT 4 13' Fri Jul 17 13:08:01 2020 DTRXCTRL <0002> Transceiver.cpp:980 [tid=140737316968384][chan=1] response is 'RSP SETSLOT 0 4 13' Fri Jul 17 13:08:01 2020 DTRXCTRL <0002> Transceiver.cpp:832 [tid=140737316968384][chan=0] command is 'SETSLOT 4 1' Fri Jul 17 13:08:01 2020 DTRXCTRL <0002> Transceiver.cpp:980 [tid=140737316968384][chan=0] response is 'RSP SETSLOT 0 4 1' Fri Jul 17 13:08:01 2020 DTRXCTRL <0002> Transceiver.cpp:832 [tid=140737316968384][chan=1] command is 'SETSLOT 5 13' Fri Jul 17 13:08:01 2020 DTRXCTRL <0002> Transceiver.cpp:980 [tid=140737316968384][chan=1] response is 'RSP SETSLOT 0 5 13' Fri Jul 17 13:08:01 2020 DTRXCTRL <0002> Transceiver.cpp:832 [tid=140737316968384][chan=0] command is 'SETSLOT 5 3' Fri Jul 17 13:08:01 2020 DTRXCTRL <0002> Transceiver.cpp:980 [tid=140737316968384][chan=0] response is 'RSP SETSLOT 0 5 3' Fri Jul 17 13:08:01 2020 DTRXCTRL <0002> Transceiver.cpp:832 [tid=140737316968384][chan=1] command is 'SETSLOT 6 13' Fri Jul 17 13:08:01 2020 DTRXCTRL <0002> Transceiver.cpp:980 [tid=140737316968384][chan=1] response is 'RSP SETSLOT 0 6 13' Fri Jul 17 13:08:01 2020 DTRXCTRL <0002> Transceiver.cpp:832 [tid=140737316968384][chan=0] command is 'SETSLOT 6 3' Fri Jul 17 13:08:01 2020 DTRXCTRL <0002> Transceiver.cpp:980 [tid=140737316968384][chan=0] response is 'RSP SETSLOT 0 6 3' Fri Jul 17 13:08:01 2020 DTRXCTRL <0002> Transceiver.cpp:832 [tid=140737316968384][chan=1] command is 'SETSLOT 7 13' Fri Jul 17 13:08:01 2020 DTRXCTRL <0002> Transceiver.cpp:980 [tid=140737316968384][chan=1] response is 'RSP SETSLOT 0 7 13' Fri Jul 17 13:08:01 2020 DTRXCTRL <0002> Transceiver.cpp:832 [tid=140737316968384][chan=0] command is 'SETSLOT 7 3' Fri Jul 17 13:08:01 2020 DTRXCTRL <0002> Transceiver.cpp:980 [tid=140737316968384][chan=0] response is 'RSP SETSLOT 0 7 3' ================================================================= ==19826==ERROR: AddressSanitizer: heap-use-after-free on address 0x6030000ca9d8 at pc 0x00000026b8f2 bp 0x7fffee3c7280 sp 0x7fffee3c7278 READ of size 4 at 0x6030000ca9d8 thread T21 (TxLower) #0 0x26b8f1 in GSM::Time::operator>(GSM::Time const&) const /xx/osmo-trx/Transceiver52M/../GSM/GSMCommon.h:192:18 #1 0x26b8f1 in radioVector::operator>(radioVector const&) const /xx/osmo-trx/Transceiver52M/radioVector.cpp:58:15 #2 0x26b8f1 in PointerCompare<radioVector>::operator()(radioVector const*, radioVector const*) /xx/osmo-trx/Transceiver52M/../CommonLibs/Interthread.h:567:17 #3 0x26b8f1 in bool __gnu_cxx::__ops::_Iter_comp_val<PointerCompare<radioVector> >::operator()<__gnu_cxx::__normal_iterator<radioVector**, std::vector<radioVector*, std::allocator<radioVector*> > >, radioVector*>(__gnu_cxx::__normal_iterator<radioVector**, std::vector<radioVector*, std::allocator<radioVector*> > >, radioVector*&) /usr/bin/../lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/bits/predefined_ops.h:177:16 #4 0x26b8f1 in void std::__push_heap<__gnu_cxx::__normal_iterator<radioVector**, std::vector<radioVector*, std::allocator<radioVector*> > >, long, radioVector*, __gnu_cxx::__ops::_Iter_comp_val<PointerCompare<radioVector> > >(__gnu_cxx::__normal_iterator<radioVector**, std::vector<radioVector*, std::allocator<radioVector*> > >, long, long, radioVector*, __gnu_cxx::__ops::_Iter_comp_val<PointerCompare<radioVector> >&) /usr/bin/../lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/bits/stl_heap.h:133:42 #5 0x26b8f1 in void std::__adjust_heap<__gnu_cxx::__normal_iterator<radioVector**, std::vector<radioVector*, std::allocator<radioVector*> > >, long, radioVector*, __gnu_cxx::__ops::_Iter_comp_iter<PointerCompare<radioVector> > >(__gnu_cxx::__normal_iterator<radioVector**, std::vector<radioVector*, std::allocator<radioVector*> > >, long, long, radioVector*, __gnu_cxx::__ops::_Iter_comp_iter<PointerCompare<radioVector> >) /usr/bin/../lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/bits/stl_heap.h:237:7 #6 0x26b3c9 in void std::__pop_heap<__gnu_cxx::__normal_iterator<radioVector**, std::vector<radioVector*, std::allocator<radioVector*> > >, __gnu_cxx::__ops::_Iter_comp_iter<PointerCompare<radioVector> > >(__gnu_cxx::__normal_iterator<radioVector**, std::vector<radioVector*, std::allocator<radioVector*> > >, __gnu_cxx::__normal_iterator<radioVector**, std::vector<radioVector*, std::allocator<radioVector*> > >, __gnu_cxx::__normal_iterator<radioVector**, std::vector<radioVector*, std::allocator<radioVector*> > >, __gnu_cxx::__ops::_Iter_comp_iter<PointerCompare<radioVector> >&) /usr/bin/../lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/bits/stl_heap.h:253:7 #7 0x26b3c9 in void std::pop_heap<__gnu_cxx::__normal_iterator<radioVector**, std::vector<radioVector*, std::allocator<radioVector*> > >, PointerCompare<radioVector> >(__gnu_cxx::__normal_iterator<radioVector**, std::vector<radioVector*, std::allocator<radioVector*> > >, __gnu_cxx::__normal_iterator<radioVector**, std::vector<radioVector*, std::allocator<radioVector*> > >, PointerCompare<radioVector>) /usr/bin/../lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/bits/stl_heap.h:320:4 #8 0x26b3c9 in std::priority_queue<radioVector*, std::vector<radioVector*, std::allocator<radioVector*> >, PointerCompare<radioVector> >::pop() /usr/bin/../lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/bits/stl_queue.h:665:2 #9 0x26b3c9 in VectorQueue::getCurrentBurst(GSM::Time const&) /xx/osmo-trx/Transceiver52M/radioVector.cpp:141:6 #10 0x27e15e in Transceiver::pushRadioVector(GSM::Time&) /xx/osmo-trx/Transceiver52M/Transceiver.cpp:441:39 #11 0x28551f in Transceiver::driveTxFIFO() /xx/osmo-trx/Transceiver52M/Transceiver.cpp:1160:7 #12 0x27c067 in TxLowerLoopAdapter(Transceiver*) /xx/osmo-trx/Transceiver52M/Transceiver.cpp:1231:18 #13 0x7ffff7559608 in start_thread /build/glibc-YYA7BZ/glibc-2.31/nptl/pthread_create.c:477:8 #14 0x7ffff641c102 in clone /build/glibc-YYA7BZ/glibc-2.31/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:95 0x6030000ca9d8 is located 24 bytes inside of 32-byte region [0x6030000ca9c0,0x6030000ca9e0) freed by thread T21 (TxLower) here: #0 0x7ffff76698cd in operator delete(void*) (/usr/lib/llvm-10/lib/clang/10.0.1/lib/linux/libclang_rt.asan-x86_64.so+0xc68cd) #1 0x27e228 in Transceiver::pushRadioVector(GSM::Time&) /xx/osmo-trx/Transceiver52M/Transceiver.cpp:451:7 #2 0x28551f in Transceiver::driveTxFIFO() /xx/osmo-trx/Transceiver52M/Transceiver.cpp:1160:7 #3 0x27c067 in TxLowerLoopAdapter(Transceiver*) /xx/osmo-trx/Transceiver52M/Transceiver.cpp:1231:18 #4 0x7ffff7559608 in start_thread /build/glibc-YYA7BZ/glibc-2.31/nptl/pthread_create.c:477:8 previously allocated by thread T24 (TxUpper0) here: #0 0x7ffff766906d in operator new(unsigned long) (/usr/lib/llvm-10/lib/clang/10.0.1/lib/linux/libclang_rt.asan-x86_64.so+0xc606d) #1 0x27d2c2 in Transceiver::addRadioVector(unsigned long, BitVector&, int, GSM::Time&) /xx/osmo-trx/Transceiver52M/Transceiver.cpp:397:17 #2 0x281fe2 in Transceiver::driveTxPriorityQueue(unsigned long) /xx/osmo-trx/Transceiver52M/Transceiver.cpp:1043:3 #3 0x27c98a in TxUpperLoopAdapter(TrxChanThParams*) /xx/osmo-trx/Transceiver52M/Transceiver.cpp:1249:15 #4 0x7ffff7559608 in start_thread /build/glibc-YYA7BZ/glibc-2.31/nptl/pthread_create.c:477:8 Thread T21 (TxLower) created by T0 here: #0 0x7ffff764794a in pthread_create (/usr/lib/llvm-10/lib/clang/10.0.1/lib/linux/libclang_rt.asan-x86_64.so+0xa494a) #1 0x2bf753 in Thread::start(void* (*)(void*), void*) /xx/osmo-trx/CommonLibs/Threads.cpp:145:8 #2 0x27b7dd in Transceiver::start() /xx/osmo-trx/Transceiver52M/Transceiver.cpp:301:23 #3 0x276589 in Transceiver::ctrl_sock_handle_rx(int) /xx/osmo-trx/Transceiver52M/Transceiver.cpp:838:10 #4 0x27565d in Transceiver::ctrl_sock_cb(osmo_fd*, unsigned int) /xx/osmo-trx/Transceiver52M/Transceiver.cpp:168:23 #5 0x7ffff6ebb7bb in osmo_fd_disp_fds /xx/libosmocore/src/select.c:227:4 #6 0x7ffff6ebb7bb in _osmo_select_main /xx/libosmocore/src/select.c:265:9 #7 0x7ffff6ebb2fa in osmo_select_main /xx/libosmocore/src/select.c:274:11 #8 0x22e3c6 in main /xx/osmo-trx/Transceiver52M/osmo-trx.cpp:649:3 #9 0x7ffff63210b2 in __libc_start_main /build/glibc-YYA7BZ/glibc-2.31/csu/../csu/libc-start.c:308:16 Thread T24 (TxUpper0) created by T0 here: #0 0x7ffff764794a in pthread_create (/usr/lib/llvm-10/lib/clang/10.0.1/lib/linux/libclang_rt.asan-x86_64.so+0xa494a) #1 0x2bf753 in Thread::start(void* (*)(void*), void*) /xx/osmo-trx/CommonLibs/Threads.cpp:145:8 #2 0x27baa0 in Transceiver::start() /xx/osmo-trx/Transceiver52M/Transceiver.cpp:319:44 #3 0x276589 in Transceiver::ctrl_sock_handle_rx(int) /xx/osmo-trx/Transceiver52M/Transceiver.cpp:838:10 #4 0x27565d in Transceiver::ctrl_sock_cb(osmo_fd*, unsigned int) /xx/osmo-trx/Transceiver52M/Transceiver.cpp:168:23 #5 0x7ffff6ebb7bb in osmo_fd_disp_fds /xx/libosmocore/src/select.c:227:4 #6 0x7ffff6ebb7bb in _osmo_select_main /xx/libosmocore/src/select.c:265:9 #7 0x7ffff6ebb2fa in osmo_select_main /xx/libosmocore/src/select.c:274:11 #8 0x22e3c6 in main /xx/osmo-trx/Transceiver52M/osmo-trx.cpp:649:3 #9 0x7ffff63210b2 in __libc_start_main /build/glibc-YYA7BZ/glibc-2.31/csu/../csu/libc-start.c:308:16 SUMMARY: AddressSanitizer: heap-use-after-free /xx/osmo-trx/Transceiver52M/../GSM/GSMCommon.h:192:18 in GSM::Time::operator>(GSM::Time const&) const Shadow bytes around the buggy address: 0x0c06800114e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c06800114f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c0680011500: fa fa fd fd fd fd fa fa fd fd fd fd fa fa fd fd 0x0c0680011510: fd fd fa fa fd fd fd fd fa fa fd fd fd fd fa fa 0x0c0680011520: fd fd fd fd fa fa fd fd fd fd fa fa fd fd fd fd =>0x0c0680011530: fa fa fd fd fd fd fa fa fd fd fd[fd]fa fa 00 00 0x0c0680011540: 00 00 fa fa 00 00 00 00 fa fa 00 00 00 00 fa fa 0x0c0680011550: 00 00 00 00 fa fa 00 00 00 00 fa fa 00 00 00 00 0x0c0680011560: fa fa 00 00 00 00 fa fa 00 00 00 00 fa fa 00 00 0x0c0680011570: 00 00 fa fa 00 00 00 00 fa fa 00 00 00 00 fa fa 0x0c0680011580: 00 00 00 00 fa fa 00 00 00 00 fa fa 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==19826==ABORTING
Updated by Hoernchen almost 4 years ago
- Status changed from New to Rejected
- Priority changed from Urgent to Normal
- % Done changed from 0 to 100
Caused by messing up unrelated changes that broke everything and were therefore dropped to make it work at all which in turn left osmo-trx with half broken mutex changes.
Actions