Search code examples
androidsipfatal-errorpjsipmarmalade

A/libc Fatal signal 11 (SIGSEGV) - PJSIP, Android & Marmalade


I'm building an application that runs on Android using Marmalade that can make video calls to another application on mobile devices. The video calls are handled by the PJSIP library. When connecting the video feed I get this error:

A/libc: Fatal signal 11 (SIGSEGV) at 0x00000000 (code=1), thread 7813 (Thread-146)

Which causes the application to crash. What is the cause of this?

I think it may have something to do with Marmalade causing a null pointer reference with PJSIP at some point, but I'm stuck here as this PJSIP build works perfectly in the PJSUA sample application.

I have tested this without video and it runs as expected. I have tested the PJSUA sample application on my device and it works with video as expected.

This is part of the tombstone trace:

01-02 12:04:11.580 1228-1228/? I/DEBUG: Revision: '0'
01-02 12:04:11.580 1228-1228/? I/DEBUG: pid: 7657, tid: 7813, name: Thread-146  >>> com.x.x<<<
01-02 12:04:11.580 1228-1228/? I/DEBUG: signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 00000000
01-02 12:04:11.590 1233-1635/? W/V4L2CameraDevice: GetPreviewFrame: VIDIOC_DQBUF Failed, Invalid argument
01-02 12:04:11.590 1233-1635/? D/V4L2CameraDevice: preview_num: 6, picture_num: 0
01-02 12:04:11.740 1228-1228/? I/DEBUG:     r0 00000000  r1 00000001  r2 00000000  r3 00000000
01-02 12:04:11.740 1228-1228/? I/DEBUG:     r4 623a2c64  r5 5ddcefb0  r6 62327098  r7 5e1d4a98
01-02 12:04:11.740 1228-1228/? I/DEBUG:     r8 62327098  r9 00100000  sl 5e1d4a98  fp 627c3904
01-02 12:04:11.740 1228-1228/? I/DEBUG:     ip 00004000  sp 627c3060  lr 62328310  pc 621141e0  cpsr 000f0010
01-02 12:04:11.740 1228-1228/? I/DEBUG:     d0  0000000300000004  d1  0000000100000001
01-02 12:04:11.740 1228-1228/? I/DEBUG:     d2  3164626130316330  d3  3836312e32393140
01-02 12:04:11.740 1228-1228/? I/DEBUG:     d4  a20f000200000000  d5  00000000d201a8c0
01-02 12:04:11.740 1228-1228/? I/DEBUG:     d6  0000000000000000  d7  0000000000000000
01-02 12:04:11.740 1228-1228/? I/DEBUG:     d8  0000000000000000  d9  0000000000000000
01-02 12:04:11.740 1228-1228/? I/DEBUG:     d10 0000000000000000  d11 0000000000000000
01-02 12:04:11.740 1228-1228/? I/DEBUG:     d12 0000000000000000  d13 0000000000000000
01-02 12:04:11.740 1228-1228/? I/DEBUG:     d14 0000000000000000  d15 0000000000000000
01-02 12:04:11.740 1228-1228/? I/DEBUG:     d16 40f5180800000000  d17 3fe0000000000000
01-02 12:04:11.740 1228-1228/? I/DEBUG:     d18 3fdffffffffffe48  d19 0000000000000000
01-02 12:04:11.740 1228-1228/? I/DEBUG:     d20 3fe00000000000dc  d21 3ff0000000000000
01-02 12:04:11.740 1228-1228/? I/DEBUG:     d22 8000000000000000  d23 0000000000000000
01-02 12:04:11.740 1228-1228/? I/DEBUG:     d24 0000000000000000  d25 8000000000000000
01-02 12:04:11.740 1228-1228/? I/DEBUG:     d26 3ff0000000000000  d27 0000000000000000
01-02 12:04:11.740 1228-1228/? I/DEBUG:     d28 0000000000000000  d29 0000000000000000
01-02 12:04:11.740 1228-1228/? I/DEBUG:     d30 0000000000000000  d31 0000000000000000
01-02 12:04:11.740 1228-1228/? I/DEBUG:     scr 80000010
01-02 12:04:11.740 1228-1228/? I/DEBUG: backtrace:
01-02 12:04:11.740 1228-1228/? I/DEBUG:     #00  pc 000301e0  /data/app-lib/com.x.x-1/libpjsua.so (on_call_media_state(int)+180)
01-02 12:04:11.740 1228-1228/? I/DEBUG:     #01  pc 0024430c  /data/app-lib/com.x.x-1/libpjsua.so (pj_mutex_unlock+224)
01-02 12:04:11.740 1228-1228/? I/DEBUG: stack:
01-02 12:04:11.740 1228-1228/? I/DEBUG:          627c3020  6235c590  /data/app-lib/com.x.x-1/libpjsua.so
01-02 12:04:11.740 1228-1228/? I/DEBUG:          627c3024  00000008  
01-02 12:04:11.740 1228-1228/? I/DEBUG:          627c3028  627c306c  [stack:7813]
01-02 12:04:11.740 1228-1228/? I/DEBUG:          627c302c  00000000  
01-02 12:04:11.740 1228-1228/? I/DEBUG:          627c3030  623b8e70  
01-02 12:04:11.740 1228-1228/? I/DEBUG:          627c3034  623b8568  
01-02 12:04:11.740 1228-1228/? I/DEBUG:          627c3038  63164fa4  
01-02 12:04:11.740 1228-1228/? I/DEBUG:          627c303c  623b8470  
01-02 12:04:11.740 1228-1228/? I/DEBUG:          627c3040  00000001  
01-02 12:04:11.740 1228-1228/? I/DEBUG:          627c3044  00000001  
01-02 12:04:11.740 1228-1228/? I/DEBUG:          627c3048  0000001b  
01-02 12:04:11.740 1228-1228/? I/DEBUG:          627c304c  00000002  
01-02 12:04:11.740 1228-1228/? I/DEBUG:          627c3050  00000000  
01-02 12:04:11.740 1228-1228/? I/DEBUG:          627c3054  623a2c64  /data/app-lib/com.x.x-1/libpjsua.so
01-02 12:04:11.740 1228-1228/? I/DEBUG:          627c3058  df0027ad  
01-02 12:04:11.740 1228-1228/? I/DEBUG:          627c305c  00000000  
01-02 12:04:11.740 1228-1228/? I/DEBUG:     #00  627c3060  00000000  
01-02 12:04:11.740 1228-1228/? I/DEBUG:          ........  ........
01-02 12:04:11.740 1228-1228/? I/DEBUG:     #01  627c3060  00000000  
01-02 12:04:11.740 1228-1228/? I/DEBUG:          627c3064  00000000  
01-02 12:04:11.740 1228-1228/? I/DEBUG:          627c3068  00000000  
01-02 12:04:11.740 1228-1228/? I/DEBUG:          627c306c  00000000  
01-02 12:04:11.740 1228-1228/? I/DEBUG:          627c3070  00000001  
01-02 12:04:11.740 1228-1228/? I/DEBUG:          627c3074  00000000  
01-02 12:04:11.740 1228-1228/? I/DEBUG:          627c3078  627c33f8  [stack:7813]
01-02 12:04:11.740 1228-1228/? I/DEBUG:          627c307c  00000019  
01-02 12:04:11.740 1228-1228/? I/DEBUG:          627c3080  627c34f8  [stack:7813]
01-02 12:04:11.740 1228-1228/? I/DEBUG:          627c3084  00000018  
01-02 12:04:11.740 1228-1228/? I/DEBUG:          627c3088  627c35f8  [stack:7813]
01-02 12:04:11.740 1228-1228/? I/DEBUG:          627c308c  0000001b  
01-02 12:04:11.740 1228-1228/? I/DEBUG:          627c3090  627c36f8  [stack:7813]
01-02 12:04:11.740 1228-1228/? I/DEBUG:          627c3094  0000001b  
01-02 12:04:11.740 1228-1228/? I/DEBUG:          627c3098  627c37f8  [stack:7813]
01-02 12:04:11.740 1228-1228/? I/DEBUG:          627c309c  00000033 

When I check the Telnet it all looks normal, it just stops when the application crashes:

12:04:11.410   pjsua_call.c !Answering call 0: code=200
12:04:11.411  pjsua_media.c  ...Call 0: updating media..
12:04:11.412  pjsua_media.c  .....Media stream call00:0 is destroyed
12:04:11.412    pjsua_aud.c  ....Audio channel update..
12:04:11.412 strm0x5e1cf4f4  .....VAD temporarily disabled
12:04:11.413 strm0x5e1cf4f4  .....Encoder stream started
12:04:11.413 strm0x5e1cf4f4  .....Decoder stream started
12:04:11.414  pjsua_media.c  ....Audio updated, stream #0: PCMU (sendrecv)
12:04:11.414  pjsua_media.c  .....Media stream call00:1 is destroyed
12:04:11.415    pjsua_vid.c  ....Video channel update..
12:04:11.475 vstenc0x632ef4  .....Encoder stream started
12:04:11.475 vstdec0x632ef4  .....Decoder stream started
12:04:11.475    pjsua_vid.c  .....Setting up RX..
12:04:11.475    pjsua_vid.c  ......Creating video window: type=stream, cap_id=-1, rend_id=0
12:04:11.475     vid_port.c  .......Opening device OpenGL renderer [OpenGL] for render: format=I420, size=656x656 @22:1 fps
12:04:11.476 android_opengl  .......Re-initializing OpenGL due to format change
12:04:11.476 android_opengl  .......Android OpenGL ES renderer successfully created
12:04:11.476     vid_port.c  .......Device OpenGL renderer [OpenGL] opened: format=I420, size=656x656 @22:1 fps
12:04:11.476    pjsua_vid.c  .......stream window id 0 created for cap_dev=-1 rend_dev=0
12:04:11.477    pjsua_vid.c  .......Window 0 created
12:04:11.477 android_opengl  ......Starting Android opengl stream
12:04:11.478    pjsua_vid.c  .....Setting up TX..
12:04:11.478    pjsua_vid.c  ......Creating video window: type=preview, cap_id=1, rend_id=0
12:04:11.478     vid_port.c  .......Opening device Colorbar generator [Colorbar] for capture: format=I420, size=352x288 @15:1 fps
12:04:11.478     vid_port.c  .......Device Colorbar generator [Colorbar] opened: format=I420, size=352x288 @15:1 fps
12:04:11.479     vid_port.c  .......Opening device OpenGL renderer [OpenGL] for render: format=I420, size=352x288 @15:1 fps
12:04:11.479 android_opengl  .......Re-initializing OpenGL due to format change
12:04:11.479 android_opengl  .......Android OpenGL ES renderer successfully created
12:04:11.479     vid_port.c  .......Device OpenGL renderer [OpenGL] opened: format=I420, size=352x288 @15:1 fps
12:04:11.480    pjsua_vid.c  .......preview window id 1 created for cap_dev=1 rend_dev=0
12:04:11.480    pjsua_vid.c  .......Window 1 created
12:04:11.480 colorbar_dev.c  ......Starting cbar video stream
12:04:11.480  pjsua_media.c  ....Video updated, stream #1: H264 (sendrecv)

Solution

  • I solved this issue by adding some logging into the PJSIP source files to narrow down where this was occurring.

    In the pjsua_app_callback.cpp file it had a method on_call_media_state which was mentioned in my trace.

    static void on_call_media_state(pjsua_call_id call_id)
    {
    #if PJMEDIA_HAS_VIDEO
        pjsua_call_info call_info;
        unsigned mi;
    
       pjsua_call_get_info(call_id, &call_info);
    
       for (mi=0; mi<call_info.media_cnt; ++mi) {
            pjsua_call_media_info *med_info = &call_info.media[mi];
        if (med_info->type == PJMEDIA_TYPE_VIDEO &&
            med_info->status == PJSUA_CALL_MEDIA_ACTIVE &&
            med_info->stream.vid.win_in != PJSUA_INVALID_ID)
        {
            winId = med_info->stream.vid.win_in;
            registeredCallbackObject->onCallVideoStart();
            break;
        }
        }
    #endif
    
       /* Forward to original callback */
        if (pjsua_cb_orig.on_call_media_state)
        (*pjsua_cb_orig.on_call_media_state)(call_id);
    }
    

    The error was occurring in the for loop as the call_info being passed in was null.

    I edited this code to fit my situation and now it is working fine. This is probably a very specific issue and may not help others with there Fatal signal 11 (SIGSEGV).