grgsm_scanner Aborted (core dumped) #336

toombr · 2017-09-17T11:20:46Z

grgsm_scanner

Aborted (core dumped)
What is the problem&

loonydev · 2017-09-18T12:27:26Z

Try
sudo sysctl kernel.shmmni=32000

petterreinholdtsen · 2017-09-18T12:41:08Z

I experience the crash too, when using it with a HackrF One. I get a segfault. To see more about what is going wrong, I patched the latest git version like this:

--- /usr/bin/grgsm_scanner      2017-09-18 11:14:10.000000000 +0200
+++ /tmp/grgsm_scanner  2017-09-18 13:10:12.567799968 +0200
@@ -313,12 +313,12 @@
 
             # silence rtl_sdr output:
             # open 2 fds
-            null_fds = [os.open(os.devnull, os.O_RDWR) for x in xrange(2)]
+            #null_fds = [os.open(os.devnull, os.O_RDWR) for x in xrange(2)]
             # save the current file descriptors to a tuple
-            save = os.dup(1), os.dup(2)
+            #save = os.dup(1), os.dup(2)
             # put /dev/null fds on 1 and 2
-            os.dup2(null_fds[0], 1)
-            os.dup2(null_fds[1], 2)
+            #os.dup2(null_fds[0], 1)
+            #os.dup2(null_fds[1], 2)
 
             # instantiate scanner and processor
             scanner = wideband_scanner(rec_len=6 - speed,
@@ -360,11 +360,11 @@
             scanner = None
 
             # restore file descriptors so we can print the results
-            os.dup2(save[0], 1)
-            os.dup2(save[1], 2)
+            #os.dup2(save[0], 1)
+            #os.dup2(save[1], 2)
             # close the temporary fds
-            os.close(null_fds[0])
-            os.close(null_fds[1])
+            #os.close(null_fds[0])
+            #os.close(null_fds[1])
             if prn:
                 prn(found_list)
             signallist.extend(found_list)

After this patching I get this error:

% /tmp/grgsm_scanner 
linux; GNU C++ version 6.3.0 20170221; Boost_106200; UHD_003.009.005-0-unknown


Args= 
gr-osmosdr 0.1.4 (0.1.4) gnuradio 3.7.10
built-in source types: file osmosdr fcd rtl rtl_tcp uhd miri hackrf bladerf rfspace airspy soapy redpitaya 
Cannot connect to server socket err = No such file or directory
Cannot connect to server request channel
jack server is not running or cannot be started
JackShmReadWritePtr::~JackShmReadWritePtr - Init not done for 4294967295, skipping unlock
JackShmReadWritePtr::~JackShmReadWritePtr - Init not done for 4294967295, skipping unlock
Number of USB devices: 9
USB device 1d50:6089: 000000000000000014d463dc2f282be1 match
Using HackRF One with firmware 2017.02.1 
set_min_output_buffer on block 2 to 4000000
set_min_output_buffer on block 4 to 4000000
set_min_output_buffer on block 3 to 4000000
Segmentation fault
%

I tried the 'sysctl kernel.shmmni=32000' proposal, but it had no effect. Running in valgrind, the code crash like this in the scanner.start() call:

==491== Use of uninitialised value of size 8
==491==    at 0x1E0DB6EC: ??? (in /usr/lib/x86_64-linux-gnu/libgnuradio-osmosdr.so.0.1.4)
==491==    by 0x75BB766: gr::sync_block::general_work(int, std::vector<int, std::allocator<int> >&, std::vector<void const*, std::allocator<void const*> >&, std::vector<void*, std::allocator<void*> >&) (in /usr/lib/x86_64-linux-gnu/libgnuradio-runtime.so.3.7.10)
==491==    by 0x75707EF: gr::block_executor::run_one_iteration() (in /usr/lib/x86_64-linux-gnu/libgnuradio-runtime.so.3.7.10)
==491==    by 0x75C785B: gr::tpb_thread_body::tpb_thread_body(boost::shared_ptr<gr::block>, int) (in /usr/lib/x86_64-linux-gnu/libgnuradio-runtime.so.3.7.10)
==491==    by 0x75B8324: ??? (in /usr/lib/x86_64-linux-gnu/libgnuradio-runtime.so.3.7.10)
==491==    by 0x75548B1: ??? (in /usr/lib/x86_64-linux-gnu/libgnuradio-runtime.so.3.7.10)
==491==    by 0x8BB2115: ??? (in /usr/lib/x86_64-linux-gnu/libboost_thread.so.1.62.0)
==491==    by 0x4E3F493: start_thread (pthread_create.c:333)
==491== 
OOOOOOOOOOOOOOOOOOOOOOOOOOOOO==491== 
==491== Process terminating with default action of signal 11 (SIGSEGV)
==491==  Bad permissions for mapped region at address 0x30219000
==491==    at 0x1E0DB6F1: ??? (in /usr/lib/x86_64-linux-gnu/libgnuradio-osmosdr.so.0.1.4)
==491==    by 0x75BB766: gr::sync_block::general_work(int, std::vector<int, std::allocator<int> >&, std::vector<void const*, std::allocator<void const*> >&, std::vector<void*, std::allocator<void*> >&) (in /usr/lib/x86_64-linux-gnu/libgnuradio-runtime.so.3.7.10)
==491==    by 0x75707EF: gr::block_executor::run_one_iteration() (in /usr/lib/x86_64-linux-gnu/libgnuradio-runtime.so.3.7.10)
==491==    by 0x75C785B: gr::tpb_thread_body::tpb_thread_body(boost::shared_ptr<gr::block>, int) (in /usr/lib/x86_64-linux-gnu/libgnuradio-runtime.so.3.7.10)
==491==    by 0x75B8324: ??? (in /usr/lib/x86_64-linux-gnu/libgnuradio-runtime.so.3.7.10)
==491==    by 0x75548B1: ??? (in /usr/lib/x86_64-linux-gnu/libgnuradio-runtime.so.3.7.10)
==491==    by 0x8BB2115: ??? (in /usr/lib/x86_64-linux-gnu/libboost_thread.so.1.62.0)
==491==    by 0x4E3F493: start_thread (pthread_create.c:333)
==491== 
==491== HEAP SUMMARY:
==491==     in use at exit: 27,327,702 bytes in 36,071 blocks
==491==   total heap usage: 146,482 allocs, 110,411 frees, 98,327,241 bytes allocated
==491== 
==491== LEAK SUMMARY:
==491==    definitely lost: 786,736 bytes in 8 blocks
==491==    indirectly lost: 0 bytes in 0 blocks
==491==      possibly lost: 1,356,445 bytes in 1,634 blocks
==491==    still reachable: 25,184,521 bytes in 34,429 blocks
==491==         suppressed: 0 bytes in 0 blocks
==491== Rerun with --leak-check=full to see details of leaked memory
==491== 
==491== For counts of detected and suppressed errors, rerun with: -v
==491== Use --track-origins=yes to see where uninitialised values come from
==491== ERROR SUMMARY: 6769840 errors from 110 contexts (suppressed: 0 from 0)
Killed

I have no idea how to get any further. :(

velichkov · 2017-09-20T18:32:19Z

Hi @petterreinholdtsen,

==491== Use of uninitialised value of size 8
==491== at 0x1E0DB6EC: ??? (in /usr/lib/x86_64-linux-gnu/libgnuradio-osmosdr.so.0.1.4)

==491== Process terminating with default action of signal 11 (SIGSEGV)
==491== Bad permissions for mapped region at address 0x30219000
==491== at 0x1E0DB6F1: ??? (in /usr/lib/x86_64-linux-gnu/libgnuradio-osmosdr.so.0.1.4)

At first glance the problem seems to be in the gr-osmosdr library, you could try to report this problem to them as well.

You could also try to install the debug info packages for gr-osmosdr and then run the grgsm_scanner under gdb and when it crashes take a backtrace

petterreinholdtsen · 2017-09-20T19:37:27Z

[Vasil Velichkov]

You could also try to install the debug info packages for gr-osmosdr and then run the `grgsm_scanner` under `gdb` and when it crashes take a `backtrace`

I installed libgnuradio-osmosdr0.1.4-dbgsym and ran 'valgrind grgsm_scanner --args=hackrf' to get the backtrace. This is the crash location: ==26239== Process terminating with default action of signal 11 (SIGSEGV) ==26239== Bad permissions for mapped region at address 0x220C9000 ==26239== at 0x1E2766E8: hackrf_source_c::work(int, std::vector<void const*, std::allocator<void const*> >&, std::vector<void*, std::allocator<void*> >&) (hackrf_source_c.cc:380) ==26239== by 0x7756766: gr::sync_block::general_work(int, std::vector<int, std::allocator<int> >&, std::vector<void const*, std::allocator<void const*> >&, std::vector<void*, std::allocator<void*> >&) (sync_block.cc:66) ==26239== by 0x770B7EF: gr::block_executor::run_one_iteration() (block_executor.cc:451) ==26239== by 0x776285B: gr::tpb_thread_body::tpb_thread_body(boost::shared_ptr<gr::block>, int) (tpb_thread_body.cc:122) ==26239== by 0x7753324: operator() (scheduler_tpb.cc:44) ==26239== by 0x7753324: operator() (thread_body_wrapper.h:51) ==26239== by 0x7753324: boost::detail::function::void_function_obj_invoker0<gr::thread::thread_body_wrapper<gr::tpb_container>, void>::invoke(boost::detail::function::function_buffer&) (function_template.hpp:159) ==26239== by 0x76EF8B1: operator() (function_template.hpp:771) ==26239== by 0x76EF8B1: boost::detail::thread_data<boost::function0<void> >::run() (thread.hpp:116) ==26239== by 0x8D4D115: ??? (in /usr/lib/x86_64-linux-gnu/libboost_thread.so.1.62.0) ==26239== by 0x4E3F493: start_thread (pthread_create.c:333) ==26239== ==26239== HEAP SUMMARY: ==26239== in use at exit: 26,020,241 bytes in 33,363 blocks ==26239== total heap usage: 100,026 allocs, 66,663 frees, 75,259,008 bytes allocated ==26239== ==26239== LEAK SUMMARY: ==26239== definitely lost: 144 bytes in 3 blocks ==26239== indirectly lost: 0 bytes in 0 blocks ==26239== possibly lost: 1,265,079 bytes in 221 blocks ==26239== still reachable: 24,755,018 bytes in 33,139 blocks ==26239== suppressed: 0 bytes in 0 blocks ==26239== Rerun with --leak-check=full to see details of leaked memory ==26239== ==26239== For counts of detected and suppressed errors, rerun with: -v ==26239== Use --track-origins=yes to see where uninitialised values come from ==26239== ERROR SUMMARY: 99350 errors from 111 contexts (suppressed: 0 from 0) Killed Note, this only happen with hackrf, not with the RTL2838.

…

-- Happy hacking Petter Reinholdtsen

velichkov · 2017-09-20T19:57:04Z

Note, this only happen with hackrf, not with the RTL2838.

I don't have hackrf so I can't reproduce this.
Could you check whether the /usr/bin/osmocom_fft and /usr/bin/osmocom_spectrum_sense are working with hackrf

==26239== at 0x1E2766E8: hackrf_source_c::work(int, std::vector<void const*, std::allocator<void const*> >&, std::vector<void*, std::allocator<void*> >&) (hackrf_source_c.cc:380)
==26239== Bad permissions for mapped region at address 0x220C9000

From lib/hackrf/hackrf_source_c.cc

379     for (int i = 0; i < remaining; ++i)
380       *out++ = _lut[ *(buf + i) ];

It would be useful to run it through gdb and check if the two pointers are valid and which one points to mapped region at address 0x220C9000

(gdb) p out
(gdb) p *out
(gdb) p buf
(gdb) p *(buf + i)

and what the value of i and remaining is when it crashed

(gdb) p i
(gdb) p remaining

And again consider reporting this to the gr-osmosdr mailing list https://lists.osmocom.org/mailman/listinfo/osmocom-sdr

petterreinholdtsen · 2017-09-20T20:18:34Z

[Vasil Velichkov]

I don't have hackrf so I can't reproduce this. Could you check whether the `/usr/bin/osmocom_fft` and `/usr/bin/osmocom_spectrum_sense` are working with hackrf

Both seem to be working. I'm testing on a remote machine via ssh, so I am a bit unsure how well it is working.

It would be useful to run it through `gdb` and check if the two pointers are valid and which one points to `mapped region at address 0x220C9000`

Thread 35 "hackrf_source_c" received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7fff4affd700 (LWP 27507)] hackrf_source_c::work (this=0x555555bc1ba0, noutput_items=2000127, input_items=..., output_items=...) at ./lib/hackrf/hackrf_source_c.cc:380 380 ./lib/hackrf/hackrf_source_c.cc: Ingen slik fil eller filkatalog. (gdb) p out $1 = (gr_complex *) 0x7fffd64e2908 (gdb) p *out $2 = {_M_value = -0.0234375 + 0.015625 * I} (gdb) p buf $3 = (unsigned short *) 0x555556ce63c0 (gdb) p *(buf+i) Cannot access memory at address 0x555557191000 (gdb) p i $4 = 2446880 (gdb) p remaining $5 = 3738111 (gdb)

…

-- Happy hacking Petter Reinholdtsen

velichkov · 2017-09-20T20:55:00Z

(gdb) p *(buf+i)
Cannot access memory at address 0x555557191000
(gdb) p i
$4 = 2446880

Now either buf pointer is not valid or i is too big

In your first valgrind output there was this error ==491== Use of uninitialised value of size 8 and most probably this is when the pointer or i gets invalid value. Could you run it again with valgrind and provide the first error, now after debug info symbols are installed the error should be more verbose

petterreinholdtsen · 2017-09-20T21:15:56Z

[Vasil Velichkov]

In your first valgrind output there was this error `==491== Use of uninitialised value of size 8` and most probably this is when the pointer or `i` gets invalid value. Could you run it again with `valgrind` and provide the first error, now after debug info symbols are installed the error should be more verbose

Note, it is not the first error, it is the second to last error. Here is the tail of the valgrind run, with a bit more included than last time: ==28953== Invalid read of size 4 ==28953== at 0x1E2B2E: PyObject_Free (in /usr/bin/python2.7) ==28953== by 0x1F3C27: ??? (in /usr/bin/python2.7) ==28953== by 0x208D17: PyEval_EvalFrameEx (in /usr/bin/python2.7) ==28953== by 0x201534: PyEval_EvalCodeEx (in /usr/bin/python2.7) ==28953== by 0x21DEA7: ??? (in /usr/bin/python2.7) ==28953== by 0x1EF672: PyObject_Call (in /usr/bin/python2.7) ==28953== by 0x233FED: ??? (in /usr/bin/python2.7) ==28953== by 0x1EF672: PyObject_Call (in /usr/bin/python2.7) ==28953== by 0x233D26: ??? (in /usr/bin/python2.7) ==28953== by 0x1F5193: ??? (in /usr/bin/python2.7) ==28953== by 0x1EF672: PyObject_Call (in /usr/bin/python2.7) ==28953== by 0x208E2E: PyEval_EvalFrameEx (in /usr/bin/python2.7) ==28953== Address 0xe95e020 is 18,640 bytes inside an unallocated block of size 19,248 in arena "client" ==28953== ==28953== Thread 35 hackrf_source_c2: ==28953== Invalid read of size 2 ==28953== at 0x1E2766E8: hackrf_source_c::work(int, std::vector<void const*, std::allocator<void const*> >&, std::vector<void*, std::allocator<void*> >&) (hackrf_source_c.cc:380) ==28953== by 0x7756766: gr::sync_block::general_work(int, std::vector<int, std::allocator<int> >&, std::vector<void const*, std::allocator<void const*> >&, std::vector<void*, std::allocator<void*> >&) (sync_block.cc:66) ==28953== by 0x770B7EF: gr::block_executor::run_one_iteration() (block_executor.cc:451) ==28953== by 0x776285B: gr::tpb_thread_body::tpb_thread_body(boost::shared_ptr<gr::block>, int) (tpb_thread_body.cc:122) ==28953== by 0x7753324: operator() (scheduler_tpb.cc:44) ==28953== by 0x7753324: operator() (thread_body_wrapper.h:51) ==28953== by 0x7753324: boost::detail::function::void_function_obj_invoker0<gr::thread::thread_body_wrapper<gr::tpb_container>, void>::invoke(boost::detail::function::function_buffer&) (function_template.hpp:159) ==28953== by 0x76EF8B1: operator() (function_template.hpp:771) ==28953== by 0x76EF8B1: boost::detail::thread_data<boost::function0<void> >::run() (thread.hpp:116) ==28953== by 0x8D4D115: ??? (in /usr/lib/x86_64-linux-gnu/libboost_thread.so.1.62.0) ==28953== by 0x4E3F493: start_thread (pthread_create.c:333) ==28953== Address 0x22009300 is 0 bytes after a block of size 262,144 alloc'd ==28953== at 0x4C2BBAF: malloc (vg_replace_malloc.c:299) ==28953== by 0x1E27A88B: hackrf_source_c::hackrf_source_c(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) (hackrf_source_c.cc:229) ==28953== by 0x1E27B7B5: make_hackrf_source_c(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) (hackrf_source_c.cc:69) ==28953== by 0x1E22B6EC: source_impl::source_impl(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) (source_impl.cc:323) ==28953== by 0x1E22D9C5: osmosdr::source::make(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) (source_impl.cc:105) ==28953== by 0x1DF728BF: _wrap_source_make (osmosdr_swigPYTHON_wrap.cxx:16803) ==28953== by 0x20A735: PyEval_EvalFrameEx (in /usr/bin/python2.7) ==28953== by 0x201534: PyEval_EvalCodeEx (in /usr/bin/python2.7) ==28953== by 0x209697: PyEval_EvalFrameEx (in /usr/bin/python2.7) ==28953== by 0x201534: PyEval_EvalCodeEx (in /usr/bin/python2.7) ==28953== by 0x21DEA7: ??? (in /usr/bin/python2.7) ==28953== by 0x1EF672: PyObject_Call (in /usr/bin/python2.7) ==28953== ==28953== Use of uninitialised value of size 8 ==28953== at 0x1E2766EC: hackrf_source_c::work(int, std::vector<void const*, std::allocator<void const*> >&, std::vector<void*, std::allocator<void*> >&) (hackrf_source_c.cc:380) ==28953== by 0x7756766: gr::sync_block::general_work(int, std::vector<int, std::allocator<int> >&, std::vector<void const*, std::allocator<void const*> >&, std::vector<void*, std::allocator<void*> >&) (sync_block.cc:66) ==28953== by 0x770B7EF: gr::block_executor::run_one_iteration() (block_executor.cc:451) ==28953== by 0x776285B: gr::tpb_thread_body::tpb_thread_body(boost::shared_ptr<gr::block>, int) (tpb_thread_body.cc:122) ==28953== by 0x7753324: operator() (scheduler_tpb.cc:44) ==28953== by 0x7753324: operator() (thread_body_wrapper.h:51) ==28953== by 0x7753324: boost::detail::function::void_function_obj_invoker0<gr::thread::thread_body_wrapper<gr::tpb_container>, void>::invoke(boost::detail::function::function_buffer&) (function_template.hpp:159) ==28953== by 0x76EF8B1: operator() (function_template.hpp:771) ==28953== by 0x76EF8B1: boost::detail::thread_data<boost::function0<void> >::run() (thread.hpp:116) ==28953== by 0x8D4D115: ??? (in /usr/lib/x86_64-linux-gnu/libboost_thread.so.1.62.0) ==28953== by 0x4E3F493: start_thread (pthread_create.c:333) ==28953== ==28953== ==28953== Process terminating with default action of signal 11 (SIGSEGV) ==28953== Bad permissions for mapped region at address 0x220C9000 ==28953== at 0x1E2766E8: hackrf_source_c::work(int, std::vector<void const*, std::allocator<void const*> >&, std::vector<void*, std::allocator<void*> >&) (hackrf_source_c.cc:380) ==28953== by 0x7756766: gr::sync_block::general_work(int, std::vector<int, std::allocator<int> >&, std::vector<void const*, std::allocator<void const*> >&, std::vector<void*, std::allocator<void*> >&) (sync_block.cc:66) ==28953== by 0x770B7EF: gr::block_executor::run_one_iteration() (block_executor.cc:451) ==28953== by 0x776285B: gr::tpb_thread_body::tpb_thread_body(boost::shared_ptr<gr::block>, int) (tpb_thread_body.cc:122) ==28953== by 0x7753324: operator() (scheduler_tpb.cc:44) ==28953== by 0x7753324: operator() (thread_body_wrapper.h:51) ==28953== by 0x7753324: boost::detail::function::void_function_obj_invoker0<gr::thread::thread_body_wrapper<gr::tpb_container>, void>::invoke(boost::detail::function::function_buffer&) (function_template.hpp:159) ==28953== by 0x76EF8B1: operator() (function_template.hpp:771) ==28953== by 0x76EF8B1: boost::detail::thread_data<boost::function0<void> >::run() (thread.hpp:116) ==28953== by 0x8D4D115: ??? (in /usr/lib/x86_64-linux-gnu/libboost_thread.so.1.62.0) ==28953== by 0x4E3F493: start_thread (pthread_create.c:333) ==28953== ==28953== HEAP SUMMARY: ==28953== in use at exit: 26,019,684 bytes in 33,354 blocks ==28953== total heap usage: 100,088 allocs, 66,734 frees, 80,356,781 bytes allocated ==28953== ==28953== LEAK SUMMARY: ==28953== definitely lost: 144 bytes in 3 blocks ==28953== indirectly lost: 0 bytes in 0 blocks ==28953== possibly lost: 1,265,079 bytes in 221 blocks ==28953== still reachable: 24,754,461 bytes in 33,130 blocks ==28953== suppressed: 0 bytes in 0 blocks ==28953== Rerun with --leak-check=full to see details of leaked memory ==28953== ==28953== For counts of detected and suppressed errors, rerun with: -v ==28953== Use --track-origins=yes to see where uninitialised values come from ==28953== ERROR SUMMARY: 104116 errors from 113 contexts (suppressed: 0 from 0) Killed

…

-- Happy hacking Petter Reinholdtsen

velichkov · 2017-09-20T21:23:03Z

Note, it is not the first error, it is the second to last error. Here is the tail of the valgrind run, with a bit more included than last time:

Could you upload the full log somewhere - pastbin, dropbox, google drive ... and provide the link

Also under gdb after it crashes execute

(gdb) set print pretty on
(gdb) info locals
(gdb) info args
(gdb) p *buf
(gdb) p *this

petterreinholdtsen · 2017-09-20T21:45:24Z

[Vasil Velichkov]

Could you upload the full log somewhere - pastbin, dropbox, google drive ... and provide the link

Yes, see <URL: https://0bin.link/paste/DfquG-aQ#RlQfLwEUw8JKjY8IVaHN1VmlolrjafQzW+zIE8K01WV >. Will be available for a day.

Also under `gdb` after it crashes execute

Sure. Here it is. (gdb) set print pretty on (gdb) info locals i = 2410000 remaining = 3738111 out = 0x7fffd649a888 running = true buf = 0x555556ce63e0 (gdb) info args this = 0x555555bc1b30 noutput_items = 2000127 input_items = <optimized out> output_items = <optimized out> (gdb) p *buf $1 = 257 (gdb) p *this $2 = { <gr::sync_block> = { <gr::block> = { <gr::basic_block> = { <gr::msg_accepter> = { <gr::messages::msg_accepter> = { _vptr.msg_accepter = 0x7fffe0ef7508 <vtable for hackrf_source_c+16> }, <No data fields>}, <boost::enable_shared_from_this<gr::basic_block>> = { weak_this_ = { px = 0x555555bc1b30, pn = { pi_ = 0x555556ac9630 } } }, members of gr::basic_block: d_msg_handlers = { _M_t = { _M_impl = { <std::allocator<std::_Rb_tree_node<std::pair<const boost::intrusive_ptr<pmt::pmt_base>, boost::function---Type <return> to continue, or q <return> to quit--- <void(boost::intrusive_ptr<pmt::pmt_base>)> > > >> = { <__gnu_cxx::new_allocator<std::_Rb_tree_node<std::pair<const boost::intrusive_ptr<pmt::pmt_base>, boost::function<void(boost::intrusive_ptr<pmt::pmt_base>)> > > >> = {<No data fields>}, <No data fields>}, members of std::_Rb_tree<boost::intrusive_ptr<pmt::pmt_base>, std::pair<const boost::intrusive_ptr<pmt::pmt_base>, boost::function<void(boost::intrusive_ptr<pmt::pmt_base>)> >, std::_Select1st<std::pair<const boost::intrusive_ptr<pmt::pmt_base>, boost::function<void(boost::intrusive_ptr<pmt::pmt_base>)> > >, pmt::comparator, std::allocator<std::pair<const boost::intrusive_ptr<pmt::pmt_base>, boost::function<void(boost::intrusive_ptr<pmt::pmt_base>)> > > >::_Rb_tree_impl<pmt::comparator, true>: _M_key_compare = {<No data fields>}, _M_header = { _M_color = std::_S_red, _M_parent = 0x555555bc15a0, _M_left = 0x555555bc15a0, _M_right = 0x555555bc15a0 }, _M_node_count = 1 } } }, msg_queue_ready = { _M_t = { _M_impl = { <std::allocator<std::_Rb_tree_node<std::pair<boost::intrusive_ptr<pmt::pmt_base> const, boost::shared_ptr<boost::condition_variable> > > >> = { <__gnu_cxx::new_allocator<std::_Rb_tree_node<std::pair<boost::intrusive_ptr<pmt::pmt_base> const, boost::shared_ptr<boost::condition_variable> > > >> = {<No data fields>}, <No data fields>}, members of std::_Rb_tree<boost::intrusive_ptr<pmt::pmt_base>, std::pair<boost::intrusive_ptr<pmt::pmt_base> const, boost::shared_ptr<boost::condition_variable> >, std::_Select1st<std::pair<boost::intrusive_ptr<pmt::pmt_base> const, boost::shared_ptr<boost::condition_variable> > >, pmt::comparator, std::allocator<std::pair<boost::intrusive_ptr<pmt::pmt_base> const, boost::shared_ptr<boost::condition_variable> > > >::_Rb_tree_impl<pmt::comparator, true>: _M_key_compare = {<No data fields>}, _M_header = { _M_color = std::_S_red, _M_parent = 0x555555bc1650, _M_left = 0x555555bc1650, _M_right = 0x555555bc1650 }, _M_node_count = 1 } } }, mutex = { m = { __data = { __lock = 0, __count = 0, __owner = 0, __nusers = 0, __kind = 0, __spins = 0, __elision = 0, __list = { __prev = 0x0, __next = 0x0 } }, __size = '\000' <repeats 39 times>, __align = 0 } }, d_name = { static npos = 18446744073709551615, _M_dataplus = { <std::allocator<char>> = { <__gnu_cxx::new_allocator<char>> = {<No data fields>}, <No data fields>}, members of std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_Alloc_hider: _M_p = 0x555555bc1be0 "hackrf_source_c" }, _M_string_length = 15, { _M_local_buf = "hackrf_source_c", _M_allocated_capacity = 8313476078763204968 } }, d_input_signature = { px = 0x555555bc1ec0, pn = { pi_ = 0x555555bc1f10 } }, d_output_signature = { px = 0x5555564df940, pn = { pi_ = 0x555555bc1ea0 } }, d_unique_id = 2, d_symbolic_id = 0, d_symbol_name = { static npos = 18446744073709551615, _M_dataplus = { <std::allocator<char>> = { <__gnu_cxx::new_allocator<char>> = {<No data fields>}, <No data fields>}, members of std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_Alloc_hider: _M_p = 0x555555bed4a0 "hackrf_source_c0" }, _M_string_length = 16, { _M_local_buf = "\036\000\000\000\000\000\000\000\004d\000\000\002\000\000", _M_allocated_capacity = 30 } }, d_symbol_alias = { static npos = 18446744073709551615, _M_dataplus = { <std::allocator<char>> = { <__gnu_cxx::new_allocator<char>> = {<No data fields>}, <No data fields>}, members of std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_Alloc_hider: _M_p = 0x555555bc1c50 "" }, _M_string_length = 0, { _M_local_buf = "\000l", '\000' <repeats 13 times>, _M_allocated_capacity = 27648 } }, d_color = gr::basic_block::BLACK, d_rpc_set = false, msg_queue = { _M_t = { _M_impl = { <std::allocator<std::_Rb_tree_node<std::pair<boost::intrusive_ptr<pmt::pmt_base> const, std::deque<boos---Type <return> to continue, or q <return> to quit--- t::intrusive_ptr<pmt::pmt_base>, std::allocator<boost::intrusive_ptr<pmt::pmt_base> > > > > >> = { <__gnu_cxx::new_allocator<std::_Rb_tree_node<std::pair<boost::intrusive_ptr<pmt::pmt_base> const, std::deque<boost::intrusive_ptr<pmt::pmt_base>, std::allocator<boost::intrusive_ptr<pmt::pmt_base> > > > > >> = {<No data fields>}, <No data fields>}, members of std::_Rb_tree<boost::intrusive_ptr<pmt::pmt_base>, std::pair<boost::intrusive_ptr<pmt::pmt_base> const, std::deque<boost::intrusive_ptr<pmt::pmt_base>, std::allocator<boost::intrusive_ptr<pmt::pmt_base> > > >, std::_Select1st<std::pair<boost::intrusive_ptr<pmt::pmt_base> const, std::deque<boost::intrusive_ptr<pmt::pmt_base>, std::allocator<boost::intrusive_ptr<pmt::pmt_base> > > > >, pmt::comparator, std::allocator<std::pair<boost::intrusive_ptr<pmt::pmt_base> const, std::deque<boost::intrusive_ptr<pmt::pmt_base>, std::allocator<boost::intrusive_ptr<pmt::pmt_base> > > > > >::_Rb_tree_impl<pmt::comparator, true>: _M_key_compare = {<No data fields>}, _M_header = { _M_color = std::_S_red, _M_parent = 0x555555bdba20, _M_left = 0x555555bdba20, _M_right = 0x555555bdba20 }, _M_node_count = 1 } } }, d_rpc_vars = { <std::_Vector_base<boost::any, std::allocator<boost::any> >> = { _M_impl = { <std::allocator<boost::any>> = { <__gnu_cxx::new_allocator<boost::any>> = {<No data fields>}, <No data fields>}, members of std::_Vector_base<boost::any, std::allocator<boost::any> >::_Vector_impl: _M_start = 0x0, _M_finish = 0x0, _M_end_of_storage = 0x0 } }, <No data fields>}, d_message_subscribers = { px = 0x555555bc6610 } }, members of gr::block: d_output_multiple = 1, d_output_multiple_set = false, d_unaligned = 0, d_is_unaligned = false, d_relative_rate = 1, d_detail = { px = 0x555557148300, pn = { pi_ = 0x555557148570 } }, d_history = 1, d_attr_delay = 0, d_fixed_rate = true, d_max_noutput_items_set = true, d_max_noutput_items = 4000000, d_min_noutput_items = 0, d_tag_propagation_policy = gr::block::TPP_ALL_TO_ALL, d_affinity = { <std::_Vector_base<int, std::allocator<int> >> = { _M_impl = { <std::allocator<int>> = { <__gnu_cxx::new_allocator<int>> = {<No data fields>}, <No data fields>}, members of std::_Vector_base<int, std::allocator<int> >::_Vector_impl: _M_start = 0x0, _M_finish = 0x0, _M_end_of_storage = 0x0 } }, <No data fields>}, d_priority = -1, d_pc_rpc_set = false, d_update_rate = false, d_finished = false, d_max_output_buffer = { <std::_Vector_base<long, std::allocator<long> >> = { _M_impl = { <std::allocator<long>> = { <__gnu_cxx::new_allocator<long>> = {<No data fields>}, <No data fields>}, members of std::_Vector_base<long, std::allocator<long> >::_Vector_impl: _M_start = 0x555555bed510, _M_finish = 0x555555bed518, _M_end_of_storage = 0x555555bed518 } }, <No data fields>}, d_min_output_buffer = { <std::_Vector_base<long, std::allocator<long> >> = { _M_impl = { <std::allocator<long>> = { <__gnu_cxx::new_allocator<long>> = {<No data fields>}, <No data fields>}, members of std::_Vector_base<long, std::allocator<long> >::_Vector_impl: _M_start = 0x555556795ef0, _M_finish = 0x555556795ef8, _M_end_of_storage = 0x555556795ef8 } }, <No data fields>}, d_setlock = { m = { __data = { __lock = 0, __count = 0, __owner = 0, __nusers = 0, __kind = 0, __spins = 0, __elision = 0, __list = { __prev = 0x0, __next = 0x0 } }, __size = '\000' <repeats 39 times>, __align = 0 } }, d_logger = 0x5555564779c0, d_debug_logger = 0x555555bdbd00 }, <No data fields>}, <source_iface> = { _vptr.source_iface = 0x7fffe0ef7690 <vtable for hackrf_source_c+408> }, members of hackrf_source_c: static _usage = 1, static _usage_mutex = { m = { __data = { __lock = 0, __count = 0, __owner = 0, __nusers = 0, __kind = 0, __spins = 0, __elision = 0, __list = { __prev = 0x0, __next = 0x0 } }, __size = '\000' <repeats 39 times>, __align = 0 } }, _lut = { <std::_Vector_base<std::complex<float>, std::allocator<std::complex<float> > >> = { _M_impl = { <std::allocator<std::complex<float> >> = { <__gnu_cxx::new_allocator<std::complex<float> >> = {<No data fields>}, <No data fields>}, members of std::_Vector_base<std::complex<float>, std::allocator<std::complex<float> > >::_Vector_impl: _M_start = 0x555556b26380, _M_finish = 0x555556ba6380, _M_end_of_storage = 0x555556ba6380 } }, <No data fields>}, _dev = 0x555556aba620, _thread = { thread_info = { px = 0x0, pn = { pi_ = 0x0 } } }, _buf = 0x555556ac95b0, _buf_num = 15, _buf_len = 262144, _buf_head = 2, _buf_used = 6, _buf_mutex = { m = { __data = { __lock = 0, __count = 0, __owner = 0, __nusers = 0, __kind = 0, __spins = 0, __elision = 0, __list = { __prev = 0x0, __next = 0x0 } }, __size = '\000' <repeats 39 times>, __align = 0 } }, _buf_cond = { internal_mutex = { __data = { __lock = 0, __count = 0, __owner = 0, __nusers = 0, __kind = 0, __spins = 0, __elision = 0, __list = { __prev = 0x0, __next = 0x0 } }, __size = '\000' <repeats 39 times>, __align = 0 }, cond = { __data = { __lock = 0, __futex = 0, __total_seq = 0, __wakeup_seq = 0, __woken_seq = 0, __mutex = 0x0, __nwaiters = 0, __broadcast_seq = 0 }, __size = '\000' <repeats 47 times>, __align = 0 } }, _buf_offset = 1869056, _samp_avail = -1737984, _sample_rate = 2000000, _center_freq = 925900000, _freq_corr = 0, _auto_gain = true, _amp_gain = 14, _lna_gain = 32, _vga_gain = 30, _bandwidth = 1750000 } (gdb)

…

-- Happy hacking Petter Reinholdtsen

velichkov · 2017-09-21T01:37:41Z

noutput_items = 2000127
_samp_avail = -1 737 984,
remaining = 3738111
_buf_len = 262144,

Something is wrong with the buffer management, the _samp_avail has become negative, initially it it set to _samp_avail = _buf_len / BYTES_PER_SAMPLE; which is 131072

229       _buf[i] = (unsigned short *) malloc(_buf_len);

375     buf = _buf[_buf_head];
376 
377     int remaining = noutput_items - _samp_avail;
378 
379     for (int i = 0; i < remaining; ++i)
380       *out++ = _lut[ *(buf + i) ];
381 
382     _buf_offset = remaining;
383     _samp_avail = (_buf_len / BYTES_PER_SAMPLE) - remaining;

then on the first run the remaining should be 2000127 - 131072 = 1869055 and the for loop will read way past the buffer end. I really don't understand how this code is supposed to work and not having hacrf makes debugging it really hard.

Try to run grgsm_scanner with smaller sample rate -s 0.8e6 or -s 0x1.2e6 and osmocom_fft with the default grgsm_scanner sample rate -s 2e6

petterreinholdtsen · 2017-09-21T04:53:36Z

[Vasil Velichkov]

Try to run `grgsm_scanner` with smaller sample rate `-s 0.8e6` or `-s 0x1.2e6` and osmocom_fft with the default grgsm_scanner sample rate `-s 2e6`

I did, and grgsm_scanner still segfaults, while osmocom_fft did not.

…

-- Happy hacking Petter Reinholdtsen

petterreinholdtsen · 2017-09-28T20:41:08Z

Piotr was able to debug the hackrf crash, and discovered that this patch avoided the segfault:

diff --git a/apps/grgsm_scanner b/apps/grgsm_scanner
index 1bff63a..c816814 100755
--- a/apps/grgsm_scanner
+++ b/apps/grgsm_scanner
@@ -209,7 +209,6 @@ class wideband_scanner(gr.top_block):
         # if no file name is given process data from rtl_sdr source
         print "Args=", args
         self.rtlsdr_source = osmosdr.source(args="numchan=" + str(1) + " " + args)
-        self.rtlsdr_source.set_min_output_buffer(int(sample_rate*rec_len))
         self.rtlsdr_source.set_sample_rate(sample_rate)
 
         # capture half of GSM channel lower than channel center (-0.1MHz)

I'm not sure why, but perhaps it solve your problem too?

petterreinholdtsen · 2017-10-10T11:54:48Z

Hi. Any hope to have a new gr-gsm release soon with this fixed included?

pbraun9 · 2018-04-15T15:55:49Z

This one-line patch also avoids the segfault here, on Debian systems against HackRF host code git-b4a452c and 2017.02.1.

mazen-bassiouny · 2018-05-20T08:58:32Z

i am sorry but i do not understand ? where is the patch ? how can i execute it ?what does that mean (ode git-b4a452c and 2017.02.1.) these line of code are already there in my code !

velichkov · 2018-05-20T17:29:50Z

Hi @mazen-bassiouny,

where is the patch ?

It's part of the comment #336 (comment)

how can i execute it ?

https://unix.stackexchange.com/questions/232879/applying-a-diff-patch
https://www.thegeekstuff.com/2014/12/patch-command-examples/

what does that mean (ode git-b4a452c and 2017.02.1.)

Two versions of hackrf he has tested with: greatscottgadgets/hackrf@b4a452c and
https://github.com/mossmann/hackrf/releases/tag/v2017.02.1

mazen-bassiouny · 2018-05-21T10:23:26Z

so this patch just to comment this line ?:
(self.rtlsdr_source.set_min_output_buffer(int(sample_rate*rec_len))
as i did before but the segfault still exists.
Is there any other action after commenting the line that i can do ? how can i rebuild again if i installed with PyBOMBS

velichkov · 2018-05-21T14:23:31Z

so this patch just to comment this line ?:
(self.rtlsdr_source.set_min_output_buffer(int(sample_rate*rec_len))

Correct.

as i did before but the segfault still exists.
Is there any other action after commenting the line that i can do ?

After applying the patch you need to install the modified version, run make install

how can i rebuild again if i installed with PyBOMBS

Try pybombs rebuild gr-gsm. See also pybombs --help

mazen-bassiouny · 2018-05-21T15:09:56Z

It worked with me ,, thanks alot

ptrkrysik · 2018-06-02T17:42:11Z

I just commented out that line so hackrf shouldn't crash.

velichkov mentioned this issue Jan 10, 2018

got this error : AttributeError: 'module' object has no attribute 'QWidget' #355

Closed

velichkov mentioned this issue May 1, 2018

grgsm_scanner does not show any output #273

Open

velichkov mentioned this issue May 19, 2018

grgsm_scanner - segfault #397

Closed

ptrkrysik closed this as completed Jun 2, 2018

velichkov mentioned this issue Sep 5, 2018

i have problem in grgsm_scanner #432

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

grgsm_scanner Aborted (core dumped) #336

grgsm_scanner Aborted (core dumped) #336

toombr commented Sep 17, 2017

loonydev commented Sep 18, 2017

petterreinholdtsen commented Sep 18, 2017

velichkov commented Sep 20, 2017

petterreinholdtsen commented Sep 20, 2017 via email

velichkov commented Sep 20, 2017

petterreinholdtsen commented Sep 20, 2017 via email

velichkov commented Sep 20, 2017

petterreinholdtsen commented Sep 20, 2017 via email

velichkov commented Sep 20, 2017

petterreinholdtsen commented Sep 20, 2017 via email

velichkov commented Sep 21, 2017 •

edited

Loading

petterreinholdtsen commented Sep 21, 2017 via email

petterreinholdtsen commented Sep 28, 2017

petterreinholdtsen commented Oct 10, 2017

pbraun9 commented Apr 15, 2018

mazen-bassiouny commented May 20, 2018 •

edited

Loading

velichkov commented May 20, 2018

mazen-bassiouny commented May 21, 2018 •

edited

Loading

velichkov commented May 21, 2018

mazen-bassiouny commented May 21, 2018

ptrkrysik commented Jun 2, 2018

grgsm_scanner Aborted (core dumped) #336

grgsm_scanner Aborted (core dumped) #336

Comments

toombr commented Sep 17, 2017

grgsm_scanner

loonydev commented Sep 18, 2017

petterreinholdtsen commented Sep 18, 2017

velichkov commented Sep 20, 2017

petterreinholdtsen commented Sep 20, 2017 via email

velichkov commented Sep 20, 2017

petterreinholdtsen commented Sep 20, 2017 via email

velichkov commented Sep 20, 2017

petterreinholdtsen commented Sep 20, 2017 via email

velichkov commented Sep 20, 2017

petterreinholdtsen commented Sep 20, 2017 via email

velichkov commented Sep 21, 2017 • edited Loading

petterreinholdtsen commented Sep 21, 2017 via email

petterreinholdtsen commented Sep 28, 2017

petterreinholdtsen commented Oct 10, 2017

pbraun9 commented Apr 15, 2018

mazen-bassiouny commented May 20, 2018 • edited Loading

velichkov commented May 20, 2018

mazen-bassiouny commented May 21, 2018 • edited Loading

velichkov commented May 21, 2018

mazen-bassiouny commented May 21, 2018

ptrkrysik commented Jun 2, 2018

velichkov commented Sep 21, 2017 •

edited

Loading

mazen-bassiouny commented May 20, 2018 •

edited

Loading

mazen-bassiouny commented May 21, 2018 •

edited

Loading