Project

General

Profile

Actions

Bug #3137

closed

osmo-bts crash during shutdown

Added by laforge almost 6 years ago. Updated almost 6 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
-
Target version:
-
Start date:
04/05/2018
Due date:
% Done:

0%

Spec Reference:

Description

After running BTS_Tests.TC_dyn_ipa_pdch_act_deact osmo-bts crashes during shutdown. I think it is unrelated to the specific test.

running it in valgrind shows:

DRSL <0000> rsl.c:632 (bts=0,trx=0,ts=7,ss=0) not sending REL ACK
DL1P <0007> scheduler.c:480 000818/00/12/02/50 (bts=0,trx=0,ts=0) BCCH: PH-RTS.ind: chan_nr=0x80 link_id=0x00
DL1P <0007> scheduler.c:418 000818/00/12/02/50 (bts=0,trx=0,ts=0) : PH-DATA.req: chan_nr=0x80 link_id=0x00
DTRX <000b> trx_if.c:450 Response message: 'RSP NOHANDOVER 0 7 0'
DLINP <0012> input/ipa.c:69 192.168.100.2:3003 connection closed with server
DABIS <000d> abis.c:140 Signalling link down
DOML <0001> bts.c:235 Shutting down BTS 0, Reason Abis close
DL1C <0006> scheduler.c:240 Exit scheduler for trx=0
DL1C <0006> scheduler.c:216 Init scheduler for trx=0
DTRX <000b> trx_if.c:240 Enqueuing TRX control command 'CMD POWEROFF'
DOML <0001> oml.c:344 OC=RADIO-CARRIER INST=(00,00,ff) AVAIL STATE OK -> Off line
DOML <0001> oml.c:351 OC=RADIO-CARRIER INST=(00,00,ff) OPER STATE Enabled -> Disabled
DPCU <0009> pcu_sock.c:124 Sending info
DPCU <0009> pcu_sock.c:139 BTS is up
DPCU <0009> pcu_sock.c:232 trx=0 ts=3: available (tsc=7 arfcn=871)
DPCU <0009> pcu_sock.c:232 trx=0 ts=7: available (tsc=7 arfcn=871)
DPCU <0009> pcu_sock.c:680 PCU socket not connected, dropping message
DOML <0001> oml.c:312 OC=RADIO-CARRIER INST=(00,00,ff) Tx STATE CHG REP
DOML <0001> oml.c:344 OC=BASEBAND-TRANSCEIVER INST=(00,00,ff) AVAIL STATE OK -> Off line
DOML <0001> oml.c:351 OC=BASEBAND-TRANSCEIVER INST=(00,00,ff) OPER STATE Enabled -> Disabled
DPCU <0009> pcu_sock.c:124 Sending info
DPCU <0009> pcu_sock.c:139 BTS is up
DPCU <0009> pcu_sock.c:232 trx=0 ts=3: available (tsc=7 arfcn=871)
DPCU <0009> pcu_sock.c:232 trx=0 ts=7: available (tsc=7 arfcn=871)
DPCU <0009> pcu_sock.c:680 PCU socket not connected, dropping message
DOML <0001> oml.c:312 OC=BASEBAND-TRANSCEIVER INST=(00,00,ff) Tx STATE CHG REP
DOML <0001> oml.c:344 OC=CHANNEL INST=(00,00,00) AVAIL STATE OK -> Off line
DOML <0001> oml.c:351 OC=CHANNEL INST=(00,00,00) OPER STATE Enabled -> Disabled
DPCU <0009> pcu_sock.c:124 Sending info
DPCU <0009> pcu_sock.c:139 BTS is up
DPCU <0009> pcu_sock.c:232 trx=0 ts=3: available (tsc=7 arfcn=871)
DPCU <0009> pcu_sock.c:232 trx=0 ts=7: available (tsc=7 arfcn=871)
DPCU <0009> pcu_sock.c:680 PCU socket not connected, dropping message
DOML <0001> oml.c:312 OC=CHANNEL INST=(00,00,00) Tx STATE CHG REP
DOML <0001> oml.c:344 OC=CHANNEL INST=(00,00,01) AVAIL STATE OK -> Off line
DOML <0001> oml.c:351 OC=CHANNEL INST=(00,00,01) OPER STATE Enabled -> Disabled
DPCU <0009> pcu_sock.c:124 Sending info
DPCU <0009> pcu_sock.c:139 BTS is up
DPCU <0009> pcu_sock.c:232 trx=0 ts=3: available (tsc=7 arfcn=871)
DPCU <0009> pcu_sock.c:232 trx=0 ts=7: available (tsc=7 arfcn=871)
DPCU <0009> pcu_sock.c:680 PCU socket not connected, dropping message
DOML <0001> oml.c:312 OC=CHANNEL INST=(00,00,01) Tx STATE CHG REP
DOML <0001> oml.c:344 OC=CHANNEL INST=(00,00,02) AVAIL STATE OK -> Off line
DOML <0001> oml.c:351 OC=CHANNEL INST=(00,00,02) OPER STATE Enabled -> Disabled
DPCU <0009> pcu_sock.c:124 Sending info
DPCU <0009> pcu_sock.c:139 BTS is up
DPCU <0009> pcu_sock.c:232 trx=0 ts=3: available (tsc=7 arfcn=871)
DPCU <0009> pcu_sock.c:232 trx=0 ts=7: available (tsc=7 arfcn=871)
DPCU <0009> pcu_sock.c:680 PCU socket not connected, dropping message
DOML <0001> oml.c:312 OC=CHANNEL INST=(00,00,02) Tx STATE CHG REP
DOML <0001> oml.c:344 OC=CHANNEL INST=(00,00,03) AVAIL STATE OK -> Off line
DOML <0001> oml.c:351 OC=CHANNEL INST=(00,00,03) OPER STATE Enabled -> Disabled
DPCU <0009> pcu_sock.c:124 Sending info
DPCU <0009> pcu_sock.c:139 BTS is up
DPCU <0009> pcu_sock.c:232 trx=0 ts=7: available (tsc=7 arfcn=871)
DPCU <0009> pcu_sock.c:680 PCU socket not connected, dropping message
DOML <0001> oml.c:312 OC=CHANNEL INST=(00,00,03) Tx STATE CHG REP
DOML <0001> oml.c:344 OC=CHANNEL INST=(00,00,04) AVAIL STATE OK -> Off line
DOML <0001> oml.c:351 OC=CHANNEL INST=(00,00,04) OPER STATE Enabled -> Disabled
DPCU <0009> pcu_sock.c:124 Sending info
DPCU <0009> pcu_sock.c:139 BTS is up
DPCU <0009> pcu_sock.c:232 trx=0 ts=7: available (tsc=7 arfcn=871)
DPCU <0009> pcu_sock.c:680 PCU socket not connected, dropping message
DOML <0001> oml.c:312 OC=CHANNEL INST=(00,00,04) Tx STATE CHG REP
DOML <0001> oml.c:344 OC=CHANNEL INST=(00,00,05) AVAIL STATE OK -> Off line
DOML <0001> oml.c:351 OC=CHANNEL INST=(00,00,05) OPER STATE Enabled -> Disabled
DPCU <0009> pcu_sock.c:124 Sending info
DPCU <0009> pcu_sock.c:139 BTS is up
DPCU <0009> pcu_sock.c:232 trx=0 ts=7: available (tsc=7 arfcn=871)
DPCU <0009> pcu_sock.c:680 PCU socket not connected, dropping message
DOML <0001> oml.c:312 OC=CHANNEL INST=(00,00,05) Tx STATE CHG REP
DOML <0001> oml.c:344 OC=CHANNEL INST=(00,00,06) AVAIL STATE OK -> Off line
DOML <0001> oml.c:351 OC=CHANNEL INST=(00,00,06) OPER STATE Enabled -> Disabled
DPCU <0009> pcu_sock.c:124 Sending info
DPCU <0009> pcu_sock.c:139 BTS is up
DPCU <0009> pcu_sock.c:232 trx=0 ts=7: available (tsc=7 arfcn=871)
DPCU <0009> pcu_sock.c:680 PCU socket not connected, dropping message
DOML <0001> oml.c:312 OC=CHANNEL INST=(00,00,06) Tx STATE CHG REP
DOML <0001> oml.c:344 OC=CHANNEL INST=(00,00,07) AVAIL STATE OK -> Off line
DOML <0001> oml.c:351 OC=CHANNEL INST=(00,00,07) OPER STATE Enabled -> Disabled
DPCU <0009> pcu_sock.c:124 Sending info
DPCU <0009> pcu_sock.c:139 BTS is up
DPCU <0009> pcu_sock.c:680 PCU socket not connected, dropping message
DOML <0001> oml.c:312 OC=CHANNEL INST=(00,00,07) Tx STATE CHG REP
DL1C <0006> scheduler_trx.c:1501 FN timer expire_count=11: We missed 10 timers
DTRX <000b> trx_if.c:450 Response message: 'RSP POWEROFF 0'
DL1C <0006> scheduler_trx.c:1501 FN timer expire_count=2: We missed 1 timers
==29657== Invalid read of size 8
==29657==    at 0x5F13AD0: rate_ctr_group_intv (rate_ctr.c:295)
==29657==    by 0x5F13AD0: rate_ctr_timer_cb (rate_ctr.c:317)
==29657==    by 0x5F0B5E5: osmo_timers_update (timer.c:257)
==29657==    by 0x5F0BD44: osmo_select_main (select.c:253)
==29657==    by 0x133E8B: bts_main (main.c:364)
==29657==    by 0x6996A86: (below main) (libc-start.c:310)
==29657==  Address 0x8cb9430 is 112 bytes inside a block of size 528 free'd
==29657==    at 0x4C2DDBB: free (vg_replace_malloc.c:530)
==29657==    by 0x589E3C2: ??? (in /usr/lib/x86_64-linux-gnu/libtalloc.so.2.1.10)
==29657==    by 0x5896CF7: _talloc_free (in /usr/lib/x86_64-linux-gnu/libtalloc.so.2.1.10)
==29657==    by 0x567C7F4: e1inp_sign_link_destroy (e1_input.c:524)
==29657==    by 0x135855: sign_link_down (abis.c:150)
==29657==    by 0x5681E35: ipa_client_read (ipa.c:72)
==29657==    by 0x5681E35: ipa_client_fd_cb (ipa.c:139)
==29657==    by 0x5F0BD90: osmo_fd_disp_fds (select.c:216)
==29657==    by 0x5F0BD90: osmo_select_main (select.c:256)
==29657==    by 0x133E8B: bts_main (main.c:364)
==29657==    by 0x6996A86: (below main) (libc-start.c:310)
==29657==  Block was alloc'd at
==29657==    at 0x4C2CB8F: malloc (vg_replace_malloc.c:299)
==29657==    by 0x5899150: _talloc_zero (in /usr/lib/x86_64-linux-gnu/libtalloc.so.2.1.10)
==29657==    by 0x5F13DCC: rate_ctr_group_alloc (rate_ctr.c:228)
==29657==    by 0x567D0EE: e1inp_line_create (e1_input.c:368)
==29657==    by 0x567D65B: cfg_e1line_driver (e1_input_vty.c:66)
==29657==    by 0x525EA23: cmd_execute_command_strict (command.c:2420)
==29657==    by 0x525EC0F: config_from_file (command.c:2532)
==29657==    by 0x5261B01: vty_read_file (vty.c:1476)
==29657==    by 0x5261B01: vty_read_config_file (vty.c:1820)
==29657==    by 0x133D27: bts_main (main.c:294)
==29657==    by 0x6996A86: (below main) (libc-start.c:310)
==29657== 
==29657== Invalid read of size 4
==29657==    at 0x5F13AD4: rate_ctr_group_intv (rate_ctr.c:295)
==29657==    by 0x5F13AD4: rate_ctr_timer_cb (rate_ctr.c:317)
==29657==    by 0x5F0B5E5: osmo_timers_update (timer.c:257)
==29657==    by 0x5F0BD44: osmo_select_main (select.c:253)
==29657==    by 0x133E8B: bts_main (main.c:364)
==29657==    by 0x6996A86: (below main) (libc-start.c:310)
==29657==  Address 0x8cb9684 is 116 bytes inside a block of size 128 free'd
==29657==    at 0x4C2DDBB: free (vg_replace_malloc.c:530)
==29657==    by 0x589E3C2: ??? (in /usr/lib/x86_64-linux-gnu/libtalloc.so.2.1.10)
==29657==    by 0x589E23F: ??? (in /usr/lib/x86_64-linux-gnu/libtalloc.so.2.1.10)
==29657==    by 0x5896CF7: _talloc_free (in /usr/lib/x86_64-linux-gnu/libtalloc.so.2.1.10)
==29657==    by 0x567C7F4: e1inp_sign_link_destroy (e1_input.c:524)
==29657==    by 0x135855: sign_link_down (abis.c:150)
==29657==    by 0x5681E35: ipa_client_read (ipa.c:72)
==29657==    by 0x5681E35: ipa_client_fd_cb (ipa.c:139)
==29657==    by 0x5F0BD90: osmo_fd_disp_fds (select.c:216)
==29657==    by 0x5F0BD90: osmo_select_main (select.c:256)
==29657==    by 0x133E8B: bts_main (main.c:364)
==29657==    by 0x6996A86: (below main) (libc-start.c:310)
==29657==  Block was alloc'd at
==29657==    at 0x4C2CB8F: malloc (vg_replace_malloc.c:299)
==29657==    by 0x5899150: _talloc_zero (in /usr/lib/x86_64-linux-gnu/libtalloc.so.2.1.10)
==29657==    by 0x5F13E3B: rate_ctr_group_desc_mangle (rate_ctr.c:137)
==29657==    by 0x5F13E3B: rate_ctr_group_alloc (rate_ctr.c:234)
==29657==    by 0x567D0EE: e1inp_line_create (e1_input.c:368)
==29657==    by 0x567D65B: cfg_e1line_driver (e1_input_vty.c:66)
==29657==    by 0x525EA23: cmd_execute_command_strict (command.c:2420)
==29657==    by 0x525EC0F: config_from_file (command.c:2532)
==29657==    by 0x5261B01: vty_read_file (vty.c:1476)
==29657==    by 0x5261B01: vty_read_config_file (vty.c:1820)
==29657==    by 0x133D27: bts_main (main.c:294)
==29657==    by 0x6996A86: (below main) (libc-start.c:310)
==29657== 
==29657== Invalid read of size 8
==29657==    at 0x5F13AF0: interval_expired (rate_ctr.c:277)
==29657==    by 0x5F13AF0: rate_ctr_group_intv (rate_ctr.c:298)
==29657==    by 0x5F13AF0: rate_ctr_timer_cb (rate_ctr.c:317)
==29657==    by 0x5F0B5E5: osmo_timers_update (timer.c:257)
==29657==    by 0x5F0BD44: osmo_select_main (select.c:253)
==29657==    by 0x133E8B: bts_main (main.c:364)
==29657==    by 0x6996A86: (below main) (libc-start.c:310)
==29657==  Address 0x8cb9440 is 128 bytes inside a block of size 528 free'd
==29657==    at 0x4C2DDBB: free (vg_replace_malloc.c:530)
==29657==    by 0x589E3C2: ??? (in /usr/lib/x86_64-linux-gnu/libtalloc.so.2.1.10)
==29657==    by 0x5896CF7: _talloc_free (in /usr/lib/x86_64-linux-gnu/libtalloc.so.2.1.10)
==29657==    by 0x567C7F4: e1inp_sign_link_destroy (e1_input.c:524)
==29657==    by 0x135855: sign_link_down (abis.c:150)
==29657==    by 0x5681E35: ipa_client_read (ipa.c:72)
==29657==    by 0x5681E35: ipa_client_fd_cb (ipa.c:139)
==29657==    by 0x5F0BD90: osmo_fd_disp_fds (select.c:216)
==29657==    by 0x5F0BD90: osmo_select_main (select.c:256)
==29657==    by 0x133E8B: bts_main (main.c:364)
==29657==    by 0x6996A86: (below main) (libc-start.c:310)
==29657==  Block was alloc'd at
==29657==    at 0x4C2CB8F: malloc (vg_replace_malloc.c:299)
==29657==    by 0x5899150: _talloc_zero (in /usr/lib/x86_64-linux-gnu/libtalloc.so.2.1.10)
==29657==    by 0x5F13DCC: rate_ctr_group_alloc (rate_ctr.c:228)
==29657==    by 0x567D0EE: e1inp_line_create (e1_input.c:368)
==29657==    by 0x567D65B: cfg_e1line_driver (e1_input_vty.c:66)
==29657==    by 0x525EA23: cmd_execute_command_strict (command.c:2420)
==29657==    by 0x525EC0F: config_from_file (command.c:2532)
==29657==    by 0x5261B01: vty_read_file (vty.c:1476)
==29657==    by 0x5261B01: vty_read_config_file (vty.c:1820)
==29657==    by 0x133D27: bts_main (main.c:294)
==29657==    by 0x6996A86: (below main) (libc-start.c:310)
==29657== 
==29657== Invalid read of size 8
==29657==    at 0x5F13AF6: interval_expired (rate_ctr.c:277)
==29657==    by 0x5F13AF6: rate_ctr_group_intv (rate_ctr.c:298)
==29657==    by 0x5F13AF6: rate_ctr_timer_cb (rate_ctr.c:317)
==29657==    by 0x5F0B5E5: osmo_timers_update (timer.c:257)
==29657==    by 0x5F0BD44: osmo_select_main (select.c:253)
==29657==    by 0x133E8B: bts_main (main.c:364)
==29657==    by 0x6996A86: (below main) (libc-start.c:310)
==29657==  Address 0x8cb9450 is 144 bytes inside a block of size 528 free'd
==29657==    at 0x4C2DDBB: free (vg_replace_malloc.c:530)
==29657==    by 0x589E3C2: ??? (in /usr/lib/x86_64-linux-gnu/libtalloc.so.2.1.10)
==29657==    by 0x5896CF7: _talloc_free (in /usr/lib/x86_64-linux-gnu/libtalloc.so.2.1.10)
==29657==    by 0x567C7F4: e1inp_sign_link_destroy (e1_input.c:524)
==29657==    by 0x135855: sign_link_down (abis.c:150)
==29657==    by 0x5681E35: ipa_client_read (ipa.c:72)
==29657==    by 0x5681E35: ipa_client_fd_cb (ipa.c:139)
==29657==    by 0x5F0BD90: osmo_fd_disp_fds (select.c:216)
==29657==    by 0x5F0BD90: osmo_select_main (select.c:256)
==29657==    by 0x133E8B: bts_main (main.c:364)
==29657==    by 0x6996A86: (below main) (libc-start.c:310)
==29657==  Block was alloc'd at
==29657==    at 0x4C2CB8F: malloc (vg_replace_malloc.c:299)
==29657==    by 0x5899150: _talloc_zero (in /usr/lib/x86_64-linux-gnu/libtalloc.so.2.1.10)
==29657==    by 0x5F13DCC: rate_ctr_group_alloc (rate_ctr.c:228)
==29657==    by 0x567D0EE: e1inp_line_create (e1_input.c:368)
==29657==    by 0x567D65B: cfg_e1line_driver (e1_input_vty.c:66)
==29657==    by 0x525EA23: cmd_execute_command_strict (command.c:2420)
==29657==    by 0x525EC0F: config_from_file (command.c:2532)
==29657==    by 0x5261B01: vty_read_file (vty.c:1476)
==29657==    by 0x5261B01: vty_read_config_file (vty.c:1820)
==29657==    by 0x133D27: bts_main (main.c:294)
==29657==    by 0x6996A86: (below main) (libc-start.c:310)
==29657== 
==29657== Invalid write of size 8
==29657==    at 0x5F13AFA: interval_expired (rate_ctr.c:279)
==29657==    by 0x5F13AFA: rate_ctr_group_intv (rate_ctr.c:298)
==29657==    by 0x5F13AFA: rate_ctr_timer_cb (rate_ctr.c:317)
==29657==    by 0x5F0B5E5: osmo_timers_update (timer.c:257)
==29657==    by 0x5F0BD44: osmo_select_main (select.c:253)
==29657==    by 0x133E8B: bts_main (main.c:364)
==29657==    by 0x6996A86: (below main) (libc-start.c:310)
==29657==  Address 0x8cb9450 is 144 bytes inside a block of size 528 free'd
==29657==    at 0x4C2DDBB: free (vg_replace_malloc.c:530)
==29657==    by 0x589E3C2: ??? (in /usr/lib/x86_64-linux-gnu/libtalloc.so.2.1.10)
==29657==    by 0x5896CF7: _talloc_free (in /usr/lib/x86_64-linux-gnu/libtalloc.so.2.1.10)
==29657==    by 0x567C7F4: e1inp_sign_link_destroy (e1_input.c:524)
==29657==    by 0x135855: sign_link_down (abis.c:150)
==29657==    by 0x5681E35: ipa_client_read (ipa.c:72)
==29657==    by 0x5681E35: ipa_client_fd_cb (ipa.c:139)
==29657==    by 0x5F0BD90: osmo_fd_disp_fds (select.c:216)
==29657==    by 0x5F0BD90: osmo_select_main (select.c:256)
==29657==    by 0x133E8B: bts_main (main.c:364)
==29657==    by 0x6996A86: (below main) (libc-start.c:310)
==29657==  Block was alloc'd at
==29657==    at 0x4C2CB8F: malloc (vg_replace_malloc.c:299)
==29657==    by 0x5899150: _talloc_zero (in /usr/lib/x86_64-linux-gnu/libtalloc.so.2.1.10)
==29657==    by 0x5F13DCC: rate_ctr_group_alloc (rate_ctr.c:228)
==29657==    by 0x567D0EE: e1inp_line_create (e1_input.c:368)
==29657==    by 0x567D65B: cfg_e1line_driver (e1_input_vty.c:66)
==29657==    by 0x525EA23: cmd_execute_command_strict (command.c:2420)
==29657==    by 0x525EC0F: config_from_file (command.c:2532)
==29657==    by 0x5261B01: vty_read_file (vty.c:1476)
==29657==    by 0x5261B01: vty_read_config_file (vty.c:1820)
==29657==    by 0x133D27: bts_main (main.c:294)
==29657==    by 0x6996A86: (below main) (libc-start.c:310)
==29657== 
==29657== Invalid read of size 8
==29657==    at 0x5F13AFE: interval_expired (rate_ctr.c:284)
==29657==    by 0x5F13AFE: rate_ctr_group_intv (rate_ctr.c:298)
==29657==    by 0x5F13AFE: rate_ctr_timer_cb (rate_ctr.c:317)
==29657==    by 0x5F0B5E5: osmo_timers_update (timer.c:257)
==29657==    by 0x5F0BD44: osmo_select_main (select.c:253)
==29657==    by 0x133E8B: bts_main (main.c:364)
==29657==    by 0x6996A86: (below main) (libc-start.c:310)
==29657==  Address 0x8cb9468 is 168 bytes inside a block of size 528 free'd
==29657==    at 0x4C2DDBB: free (vg_replace_malloc.c:530)
==29657==    by 0x589E3C2: ??? (in /usr/lib/x86_64-linux-gnu/libtalloc.so.2.1.10)
==29657==    by 0x5896CF7: _talloc_free (in /usr/lib/x86_64-linux-gnu/libtalloc.so.2.1.10)
==29657==    by 0x567C7F4: e1inp_sign_link_destroy (e1_input.c:524)
==29657==    by 0x135855: sign_link_down (abis.c:150)
==29657==    by 0x5681E35: ipa_client_read (ipa.c:72)
==29657==    by 0x5681E35: ipa_client_fd_cb (ipa.c:139)
==29657==    by 0x5F0BD90: osmo_fd_disp_fds (select.c:216)
==29657==    by 0x5F0BD90: osmo_select_main (select.c:256)
==29657==    by 0x133E8B: bts_main (main.c:364)
==29657==    by 0x6996A86: (below main) (libc-start.c:310)
==29657==  Block was alloc'd at
==29657==    at 0x4C2CB8F: malloc (vg_replace_malloc.c:299)
==29657==    by 0x5899150: _talloc_zero (in /usr/lib/x86_64-linux-gnu/libtalloc.so.2.1.10)
==29657==    by 0x5F13DCC: rate_ctr_group_alloc (rate_ctr.c:228)
==29657==    by 0x567D0EE: e1inp_line_create (e1_input.c:368)
==29657==    by 0x567D65B: cfg_e1line_driver (e1_input_vty.c:66)
==29657==    by 0x525EA23: cmd_execute_command_strict (command.c:2420)
==29657==    by 0x525EC0F: config_from_file (command.c:2532)
==29657==    by 0x5261B01: vty_read_file (vty.c:1476)
==29657==    by 0x5261B01: vty_read_config_file (vty.c:1820)
==29657==    by 0x133D27: bts_main (main.c:294)
==29657==    by 0x6996A86: (below main) (libc-start.c:310)
==29657== 
==29657== Invalid write of size 8
==29657==    at 0x5F13B05: interval_expired (rate_ctr.c:277)
==29657==    by 0x5F13B05: rate_ctr_group_intv (rate_ctr.c:298)
==29657==    by 0x5F13B05: rate_ctr_timer_cb (rate_ctr.c:317)
==29657==    by 0x5F0B5E5: osmo_timers_update (timer.c:257)
==29657==    by 0x5F0BD44: osmo_select_main (select.c:253)
==29657==    by 0x133E8B: bts_main (main.c:364)
==29657==    by 0x6996A86: (below main) (libc-start.c:310)
==29657==  Address 0x8cb9458 is 152 bytes inside a block of size 528 free'd
==29657==    at 0x4C2DDBB: free (vg_replace_malloc.c:530)
==29657==    by 0x589E3C2: ??? (in /usr/lib/x86_64-linux-gnu/libtalloc.so.2.1.10)
==29657==    by 0x5896CF7: _talloc_free (in /usr/lib/x86_64-linux-gnu/libtalloc.so.2.1.10)
==29657==    by 0x567C7F4: e1inp_sign_link_destroy (e1_input.c:524)
==29657==    by 0x135855: sign_link_down (abis.c:150)
==29657==    by 0x5681E35: ipa_client_read (ipa.c:72)
==29657==    by 0x5681E35: ipa_client_fd_cb (ipa.c:139)
==29657==    by 0x5F0BD90: osmo_fd_disp_fds (select.c:216)
==29657==    by 0x5F0BD90: osmo_select_main (select.c:256)
==29657==    by 0x133E8B: bts_main (main.c:364)
==29657==    by 0x6996A86: (below main) (libc-start.c:310)
==29657==  Block was alloc'd at
==29657==    at 0x4C2CB8F: malloc (vg_replace_malloc.c:299)
==29657==    by 0x5899150: _talloc_zero (in /usr/lib/x86_64-linux-gnu/libtalloc.so.2.1.10)
==29657==    by 0x5F13DCC: rate_ctr_group_alloc (rate_ctr.c:228)
==29657==    by 0x567D0EE: e1inp_line_create (e1_input.c:368)
==29657==    by 0x567D65B: cfg_e1line_driver (e1_input_vty.c:66)
==29657==    by 0x525EA23: cmd_execute_command_strict (command.c:2420)
==29657==    by 0x525EC0F: config_from_file (command.c:2532)
==29657==    by 0x5261B01: vty_read_file (vty.c:1476)
==29657==    by 0x5261B01: vty_read_config_file (vty.c:1820)
==29657==    by 0x133D27: bts_main (main.c:294)
==29657==    by 0x6996A86: (below main) (libc-start.c:310)
==29657== 
==29657== Invalid read of size 8
==29657==    at 0x5F13B53: rate_ctr_timer_cb (rate_ctr.c:316)
==29657==    by 0x5F0B5E5: osmo_timers_update (timer.c:257)
==29657==    by 0x5F0BD44: osmo_select_main (select.c:253)
==29657==    by 0x133E8B: bts_main (main.c:364)
==29657==    by 0x6996A86: (below main) (libc-start.c:310)
==29657==  Address 0x8cb9420 is 96 bytes inside a block of size 528 free'd
==29657==    at 0x4C2DDBB: free (vg_replace_malloc.c:530)
==29657==    by 0x589E3C2: ??? (in /usr/lib/x86_64-linux-gnu/libtalloc.so.2.1.10)
==29657==    by 0x5896CF7: _talloc_free (in /usr/lib/x86_64-linux-gnu/libtalloc.so.2.1.10)
==29657==    by 0x567C7F4: e1inp_sign_link_destroy (e1_input.c:524)
==29657==    by 0x135855: sign_link_down (abis.c:150)
==29657==    by 0x5681E35: ipa_client_read (ipa.c:72)
==29657==    by 0x5681E35: ipa_client_fd_cb (ipa.c:139)
==29657==    by 0x5F0BD90: osmo_fd_disp_fds (select.c:216)
==29657==    by 0x5F0BD90: osmo_select_main (select.c:256)
==29657==    by 0x133E8B: bts_main (main.c:364)
==29657==    by 0x6996A86: (below main) (libc-start.c:310)
==29657==  Block was alloc'd at
==29657==    at 0x4C2CB8F: malloc (vg_replace_malloc.c:299)
==29657==    by 0x5899150: _talloc_zero (in /usr/lib/x86_64-linux-gnu/libtalloc.so.2.1.10)
==29657==    by 0x5F13DCC: rate_ctr_group_alloc (rate_ctr.c:228)
==29657==    by 0x567D0EE: e1inp_line_create (e1_input.c:368)
==29657==    by 0x567D65B: cfg_e1line_driver (e1_input_vty.c:66)
==29657==    by 0x525EA23: cmd_execute_command_strict (command.c:2420)
==29657==    by 0x525EC0F: config_from_file (command.c:2532)
==29657==    by 0x5261B01: vty_read_file (vty.c:1476)
==29657==    by 0x5261B01: vty_read_config_file (vty.c:1820)
==29657==    by 0x133D27: bts_main (main.c:294)
==29657==    by 0x6996A86: (below main) (libc-start.c:310)
==29657== 
DL1C <0006> scheduler_trx.c:1501 FN timer expire_count=3: We missed 2 timers
DLINP <0012> e1_input.c:235 abis_sendmsg: msg->dst == NULL: 0c 12 01 90 0f ff ff 
DL1C <0006> scheduler_trx.c:1506 No more clock from transceiver
DOML <0001> bts.c:230 BTS is already being shutdown.
DLINP <0012> e1_input.c:235 abis_sendmsg: msg->dst == NULL: 0c 12 01 90 0f ff ff 
DLINP <0012> e1_input.c:235 abis_sendmsg: msg->dst == NULL: 0c 12 01 90 0f ff ff 
Shutdown timer expired
==29657== 
==29657== HEAP SUMMARY:
==29657==     in use at exit: 2,105,440 bytes in 5,156 blocks
==29657==   total heap usage: 7,830 allocs, 2,674 frees, 2,451,859 bytes allocated
==29657== 
==29657== LEAK SUMMARY:
==29657==    definitely lost: 0 bytes in 0 blocks
==29657==    indirectly lost: 0 bytes in 0 blocks
==29657==      possibly lost: 2,105,440 bytes in 5,156 blocks
==29657==    still reachable: 0 bytes in 0 blocks
==29657==         suppressed: 0 bytes in 0 blocks
==29657== Rerun with --leak-check=full to see details of leaked memory
==29657== 
==29657== For counts of detected and suppressed errors, rerun with: -v
==29657== Use --track-origins=yes to see where uninitialised values come from
==29657== ERROR SUMMARY: 101 errors from 9 contexts (suppressed: 0 from 0)

Related issues

Related to OsmoBTS - Bug #3011: osmo-bts segfaults when osmo-bsc connection goes downResolvedstsp02/27/2018

Actions
Actions #1

Updated by neels almost 6 years ago

  • Subject changed from osm-bts crash during shutdown to osmo-bts crash during shutdown
Actions #2

Updated by neels almost 6 years ago

  • Project changed from OsmoBSC to OsmoBTS
Actions #3

Updated by neels almost 6 years ago

  • Related to Bug #3011: osmo-bts segfaults when osmo-bsc connection goes down added
Actions #4

Updated by neels almost 6 years ago

not sure if a duplicate of #3011

Actions #5

Updated by laforge almost 6 years ago

  • Assignee changed from 4368 to stsp
Actions #6

Updated by stsp almost 6 years ago

  • Status changed from New to In Progress
Actions #7

Updated by stsp almost 6 years ago

Actions #8

Updated by stsp almost 6 years ago

  • Status changed from In Progress to Resolved

Above patch has been merged.

Actions

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 48.8 MB)