Mantis Bugtracker

Viewing Issue Simple Details Jump to Notes ] View Advanced ] Issue History ] Print ]
ID Category Severity Reproducibility Date Submitted Last Update
0000418 [Yate - Yet Another Telephony Engine] engine crash always 2017-07-14 14:20 2017-08-08 14:44
Reporter smarek View Status public  
Assigned To
Priority normal Resolution open  
Status new   Product Version SVN
Summary 0000418: Crash (SIGBUS, core dumped) occurs every time on Raspberry Pi (ARM, Raspbian Jessie)
Description Running current yate svn trunk and yatebts svn trunk (reproducible with our git snapshots https://github.com/itds-consulting/yatebts [^] and https://github.com/itds-consulting/yate) [^]

Using bladeRF (Firmware 1.8.0, FPGA 0.1.2)

Yate, standalone, runs fine, with YateBTS crash occurs every time

End of the log states:
"""
Release 5.0.1 formal build date Jul 14 2017 rev
Starting MBTS...
Yate engine is initialized and starting up on raspberrypi
Bus error (core dumped)
"""

dmesg -T states
"""
[Fri Jul 14 13:00:16 2017] usb 1-1.5: reset high-speed USB device number 5 using dwc_otg
[Fri Jul 14 13:00:17 2017] Alignment trap: not handling instruction e1930f9f at [<76e6d1b8>]
[Fri Jul 14 13:00:17 2017] Unhandled fault: alignment exception (0x001) at 0x0000003d
[Fri Jul 14 13:00:17 2017] pgd = b6ae4000
[Fri Jul 14 13:00:17 2017] [0000003d] *pgd=372f3835, *pte=00000000, *ppte=00000000
[Fri Jul 14 13:06:15 2017] usb 1-1.5: reset high-speed USB device number 5 using dwc_otg
"""

Coredump in attachment, backtrace as states from "gdb /usr/local/bin/yate core":
"""
Core was generated by `yate -C'.
Program terminated with signal SIGBUS, Bus error.
#0 0x76e6d1bc in TelEngine::NamedCounter::dec() () from /usr/local/lib/libyate.so.5.5.1
(gdb) bt
#0 0x76e6d1bc in TelEngine::NamedCounter::dec() () from /usr/local/lib/libyate.so.5.5.1
0000001 0x76e6d270 in TelEngine::GenObject::setObjCounter(TelEngine::NamedCounter*) () from /usr/local/lib/libyate.so.5.5.1
Backtrace stopped: previous frame identical to this frame (corrupt stack?)
"""

Same setup when run on intel core no issues, 3 different boards were tested, not a hardware issue
Additional Information Standard image of Raspbian Jessie
Raspberry Pi 2 and 3 reproducibility 100%
bladeRF x115
Both Yate and YateBTS sources configured in default state (no manual switches)
Build/Config outputs can provide at request
Tags No tags attached.
Attached Files

- Relationships

-  Notes
(0000615)
smarek (reporter)
2017-07-14 14:25

coredump is too large to upload into mantis (21M), you can find it here:

http://46.249.37.143/yate.coredump.bin [^]

SHA256SUM: 3f72bd2a0b85bd31d2861dbe2aef9ae087c95f0e8c2d3e96cdf8497275a9a2ca
(0000616)
smarek (reporter)
2017-07-15 22:45

Ok, investigating further,
in yate/engine/TelEngine.cpp, line 923 (function "NamedCounter* GenObject::setObjCounter(NamedCounter* counter)" )

oldCounter->dec();

triggers NULL dereference (oldCounter is NULL), which is something that must be platform dependent.
Commenting out this line ensures the instance of Yate keeps running, but at cost of instability.

Correct solution might not be fixing just this function.
I don't see anything else we could provide to this issue, to be fixed by Yate developers, if i'm wrong, let me know.
(0000617)
smarek (reporter)
2017-07-17 13:53

Given that we've tested out on several kernels, linux distributions and gcc versions (as well as dependencies versions), and the problem remains the same, we suspect the problem is in compatibility/support of 32-bit architecture.

On 64-bit platform (RPi 3 x64 kernel, AMD64 and Intel64) this mentioned bug disappears, given we apply patches for gcc6 and aarch64 support (0000412 and 0000416)
(0000618)
smarek (reporter)
2017-07-23 21:16

Ok, per instructions on wiki, adding "useful backtrace", see here. https://pastebin.com/raw/KPmw5zBG [^]
(0000619)
robho (reporter)
2017-08-08 14:44
edited on: 2017-08-08 14:44

You could try to apply the fix for 0000409. The backtrace of your crash doesn't quite look like the one in 0000409, but I think 0000409 can trigger in different scenarios.


- Issue History
Date Modified Username Field Change
2017-07-14 14:20 smarek New Issue
2017-07-14 14:25 smarek Note Added: 0000615
2017-07-15 22:45 smarek Note Added: 0000616
2017-07-17 13:53 smarek Note Added: 0000617
2017-07-23 21:16 smarek Note Added: 0000618
2017-08-08 14:44 robho Note Added: 0000619
2017-08-08 14:44 robho Note Edited: 0000619
2017-08-08 14:44 robho Note Edited: 0000619


Copyright © 2000 - 2008 Mantis Group
Powered by Mantis Bugtracker