ASTERISK-10130: Segfault when answering ringing mobile while monitoring call with mixmonitor

[Home]

Summary: ASTERISK-10130: Segfault when answering ringing mobile while monitoring call with mixmonitor

Reporter: Josef Liska (phokz) Labels:

Date Opened: 2007-08-21 03:50:22 Date Closed: 2011-06-07 14:00:35

Priority: Critical Regression? No

Status: Closed/Complete Components: Addons/chan_mobile

Versions: Frequency of
Occurrence

Related
Issues:

Environment: Attachments: ( 0) slinfactory_check_remain_bounds.patch

Description: When I try to answer call and playback welcome message before forwarding
to sip extension, asterisk crashes.

Note that call is monitored by mixmonitor.

Asterisk is trunk r. 80129
chan_mobile is addons trunk r. 426
System is openSUSE 10.2. Mobile is Nokia6230i.

gdb backtrace follows:

Core was generated by `asterisk -vvvc'.
Program terminated with signal 11, Segmentation fault.
#0 0x080fb4b9 in ast_slinfactory_read (sf=0x8226178, buf=0xb62550c0, samples=160) at slinfactory.c:134
134 memcpy(sf->hold, frame_data, remain * sizeof(*offset));
(gdb) bt
#0 0x080fb4b9 in ast_slinfactory_read (sf=0x8226178, buf=0xb62550c0, samples=160) at slinfactory.c:134
#1 0x08073903 in audiohook_read_frame_both (audiohook=0x8226120, samples=160) at audiohook.c:192
#2 0x08073d08 in ast_audiohook_read_frame (audiohook=0x8226120, samples=160, direction=AST_AUDIOHOOK_DIRECTION_BOTH, format=64)
at audiohook.c:256
#3 0xb651f376 in mixmonitor_thread (obj=0x8226120) at app_mixmonitor.c:165
#4 0x08108635 in dummy_start (data=0x8225ee0) at utils.c:789
ASTERISK-1 0xb7d86112 in start_thread () from /lib/libpthread.so.0
ASTERISK-2 0xb7ba12ee in clone () from /lib/libc.so.6

Without call monitoring it seems to work. This might be an issue in asterisk itself, not chan_mobile.

Comments: By: Joshua C. Colp (jcolp) 2007-08-22 11:11:09

Does this happen at all when chan_mobile is not in use?
By: Josef Liska (phokz) 2007-08-22 15:22:25

AFAIK no.

I had the same problem on another server running 1.4.10.1. When I disabled chan_mobile, it worked great (about 300 calls IAX, SIP, ISDN CAPI) in one day
of testing without problem.

When I deleted mixmonitor from all macros and re-enabled chan_mobile, it works there.

When I tried to trace this issue I found following:
- It seems that only incoming calls are affected. But I need to double-check it.
- When I used Nokia6230i, it crashed just after answer, but with Nokia6234 it crashed on next priority in dialplan. Sometimes I was able to reach priority 7 (dialing SIP extension).

My dialplan:

[incoming-mobile]
exten => sms,1,Verbose(Incoming SMS from ${SMSSRC} ${SMSTXT})
exten => sms,n,Hangup()

exten => s,1,Wait(1)
exten => s,2,Answer
exten => s,3,MixMonitor(rec${TIMESTAMP}-${UNIQUEID}.wav)
exten => s,4,Playback(letters/c)
exten => s,5,Playback(letters/h)
exten => s,6,Playback(letters/l)
exten => s,7,Dial(SIP/666)
exten => s,8,Hangup()

gdb backtrace seems to be identical in both cases (N6230i, N6234 which crashes later).

There might be also some problem with audio format conversion, since playback letters in example above are in gsm format, and mixmonitor is requested to use wav format. However, when I change .wav to .gsm nothing changes.
By: Josef Liska (phokz) 2007-08-22 16:01:10

I tried to load asterisk in kdbg and found that for some reasons
remain variable at asterisk/main/slinfactory.c is less than zero.

I tried attached dirty hack, which adds range checking.

I do not understand the code. It isn't commented very well, and I am not a programmer. But it seems that some combination of input variables is able to trigger this.
By: Dave Bowerman (dbowerman) 2007-09-07 20:55:49

addons trunk rev 447 changes the audio handling methodology of chan_mobile.
could you retest please?

By: Dave Bowerman (dbowerman) 2007-09-28 19:45:25

phokz: could you retest this please? i believe its fixed in trunk
By: Josef Liska (phokz) 2007-10-01 08:11:36

dbowerman: thanks for info, I'll retest it and give feedback as soon as I get back my N6230i, probably during next weekend.
By: Josef Liska (phokz) 2007-10-17 08:07:45

Sorry for delay in reporting back, I finally retested this issue.

But unfortunatelly, it still crashes.

Current versions:
asterisk SVN-trunk-r82029
chan_mobile from addons-trunk-471

(gdb) bt
#0 0xb7c4746e in fread () from /lib/libc.so.6
#1 0xb662ea8d in gsm_read (s=0x8234388, whennext=0xb6393c6c) at format_gsm.c:72
#2 0x080a4c80 in ast_readaudio_callback (s=0x8234388) at file.c:624
#3 0x080a7033 in ast_streamfile (chan=0x82299f0, filename=0xb6393de0 "letters/c",
preflang=0x82297ef "en") at file.c:714
#4 0xb71935e6 in playback_exec (chan=0x82299f0, data=0xb6397f38) at app_playback.c:450
ASTERISK-1 0x080ca715 in pbx_exec (c=0x82299f0, app=0x81bb488, data=0xb6397f38) at pbx.c:596
ASTERISK-2 0x080d2c6d in pbx_extension_helper (c=0x82299f0, con=<value optimized out>,
context=0x8229b78 "default", exten=0x8229bc8 "s", priority=4, label=0x0,
callerid=0x8229370 "+420776026526", action=E_SPAWN) at pbx.c:1907
ASTERISK-3 0x080d4a81 in __ast_pbx_run (c=0x82299f0) at pbx.c:2398
ASTERISK-4 0x080d5e7e in pbx_thread (data=0x82299f0) at pbx.c:2753
ASTERISK-5 0x0810c43b in dummy_start (data=0x8229160) at utils.c:845
ASTERISK-6 0xb7da5112 in start_thread () from /lib/libpthread.so.0
ASTERISK-7 0xb7cb02ee in clone () from /lib/libc.so.6
By: Josef Liska (phokz) 2007-12-29 08:19:00.000-0600

With my current setup (asterisk 1.4.16.2, chan_mobile r499 patched to work with asterisk stable) this seems to be working. I think this issue could be closed, I'll try to make some more test and reopen it in case I find something important.
By: Michiel van Baak (mvanbaak) 2007-12-29 08:25:43.000-0600

Closed on reporters request