Crashes in malloc() are generally due to overwriting some buffers
somewhere, i.e. allocate 100 bytes and write 105. I have not seen
that with PJSIP, however, and I use it rather heavily.
I noticed that I can reduce the occurrences of my crashing by having
a separate pool for each object, which is never reused (released
after a recorder is done, for example.)
-Norman
On Dec 4, 2007, at 3:20 PM, <tloginbr-pjsip at yahoo.com.br> <tloginbr-
pjsip at yahoo.com.br> wrote:
> I'm also having problems with the pool. I didn't send
> anything to the list because I'm trying to make a
> small sample application to show the problem. But,
> since the subject came up, this is whats happening:
>
> I am playing a wav from the EOF CallBack, creating the
> wav players with PJMedia API and not with pjsua. Just
> to test and see if it was something in my code I tryed
> playing the wav from a timer with 0 ms so it is done
> from teh thead "pjsua" and not "clock" as the EOF
> Callback and it works with no problems. I had the
> following stack when the problem came up:
>
> Thread [3] (Suspended: Signal 'SIGABRT' received.
> Description: Aborted.)
> 28 <symbol is not available> 0xb7f32410
> 27 <symbol is not available> 0xb546dbb0
> 26 <symbol is not available> 0x00000006
> 25 <symbol is not available> 0x00005e3d
> 24 raise() 0xb7abf811
> 23 abort() 0xb7ac0fb9
> 22 __fsetlocking() 0xb7af4e0a
> 21 free() 0xb7afd1d6
> 20 malloc() 0xb7afe9ff
> 19 default_block_alloc() 0x080efbd4
> 18 pj_pool_create_int() 0x080f2c05
> 17 cpool_create_pool() 0x080f3344
> 16 pjsip_endpt_create_pool() 0x0807f6c8
> 15 tsx_create() 0x0808db4b
> 14 pjsip_tsx_create_uas() 0x0808e404
> 13 pjsip_dlg_on_rx_request() 0x080909d0
> 12 mod_ua_on_rx_request() 0x080923e7
> 11 endpt_on_rx_msg() 0x0807f8e3
> 10 pjsip_tpmgr_receive_packet() 0x080837fc
> 9 udp_on_read_complete() 0x08085cb3
> 8 ioqueue_dispatch_read_event() 0x080ee5e0
> 7 pj_ioqueue_poll() 0x080ef3f6
> 6 pjsip_endpt_handle_events2() 0x0807f5ba
> 5 pjsua_handle_events() 0x0806041e
> 4 worker_thread() 0x08060ee4
> 3 thread_main() 0x080ecde7
> 2 start_thread() 0xb7ed0240
> 1 clone() 0xb7b624ae
>
> and this other one also:
>
> Thread [3] (Suspended: Signal 'SIGABRT' received.
> Description: Aborted.)
> 28 <symbol is not available> 0xb7f2a410
> 27 <symbol is not available> 0xb5465bb0
> 26 <symbol is not available> 0x00000006
> 25 <symbol is not available> 0x00005ca2
> 24 raise() 0xb7ab7811
> 23 abort() 0xb7ab8fb9
> 22 __fsetlocking() 0xb7aece0a
> 21 free() 0xb7af51d6
> 20 malloc() 0xb7af69ff
> 19 default_block_alloc() 0x080efbd4
> 18 pj_pool_create_int() 0x080f2c05
> 17 cpool_create_pool() 0x080f3344
> 16 pjsip_endpt_create_pool() 0x0807f6c8
> 15 tsx_create() 0x0808db4b
> 14 pjsip_tsx_create_uas() 0x0808e404
> 13 pjsip_dlg_on_rx_request() 0x080909d0
> 12 mod_ua_on_rx_request() 0x080923e7
> 11 endpt_on_rx_msg() 0x0807f8e3
> 10 pjsip_tpmgr_receive_packet() 0x080837fc
> 9 udp_on_read_complete() 0x08085cb3
> 8 ioqueue_dispatch_read_event() 0x080ee5e0
> 7 pj_ioqueue_poll() 0x080ef3f6
> 6 pjsip_endpt_handle_events2() 0x0807f5ba
> 5 pjsua_handle_events() 0x0806041e
> 4 worker_thread() 0x08060ee4
> 3 thread_main() 0x080ecde7
> 2 start_thread() 0xb7ec8240
> 1 clone() 0xb7b5a4ae
>
> in all cases I get the following message after the
> crash:
>
> *** glibc detected *** malloc(): memory corruption:
> 0x09ea27c0 ***
>
> changing just the hex number in the end. It always
> happens just after the call to the function that
> creates the wav players in my application, when called
> from the "clock" thread. It happens after a large
> number of calls (between 500 and 5000) and if I have
> many concurrent calls at a time (I used sipp to test
> with 20 call/sec and around 100 concurrent calls). I
> know there is a problem with playing wavs form the eof
> callback that can lead to a deadlock, but I am
> avoiding this by saving the media port in my
> application and updating it only when a media event
> occurs. I tested my code with API 0.8.0 and 0.7.0 and
> in both cases the problem rises, and when I used the
> timer trick there was no problem. I'm writing a small
> sample code to reproduce the error (in case it is
> really there...) and will make it available.
>
> Thanks for all support that I am getting,
>
> Thiago
>
> --- Norman Franke <norman at myasd.com> escreveu:
>
>> I've been experiencing a large number of crashes in
>> PJSIP of late
>> (using the latest SVN head.) I never seemed to have
>> these issues with
>> 0.6. All crashes seem all revolve around using the
>> pools. The latest
>> is here:
>>
>> #0 0x002556cc in pj_link_node at list_i.h:24
>> #1 0x002558c4 in pj_list_erase at list_i.h:77
>> #2 0x002891b0 in reset_pool at pool.c:239
>> #3 0x002892b4 in pj_pool_destroy_int at pool.c:275
>> #4 0x002c7510 in cpool_release_pool at
>> pool_caching.c:233
>> #5 0x00288b68 in pj_pool_release at pool_i.h:91
>> #6 0x0025bfe0 in pjsip_endpt_release_pool at
>> sip_endpoint.c:641
>> #7 0x002adb34 in destroy_dialog at sip_dialog.c:115
>> #8 0x002af820 in unregister_and_destroy_dialog at
>> sip_dialog.c:700
>> #9 0x002afd98 in pjsip_dlg_dec_lock at
>> sip_dialog.c:831
>> #10 0x002b2718 in pjsip_dlg_on_tsx_state at
>> sip_dialog.c:1804
>> #11 0x00263058 in mod_ua_on_tsx_state at
>> sip_ua_layer.c:177
>> #12 0x002b858c in tsx_set_state at
>> sip_transaction.c:1081
>> #13 0x002bc238 in tsx_on_state_completed_uac at
>> sip_transaction.c:2780
>> #14 0x002b830c in tsx_timer_callback at
>> sip_transaction.c:1028
>> #15 0x002a47b4 in pj_timer_heap_poll at timer.c:517
>> #16 0x0025c070 in pjsip_endpt_handle_events2 at
>> sip_endpoint.c:665
>> #17 0x0026c93c in pjsua_handle_events at
>> pjsua_core.c:1131
>> #18 0x0026ad20 in worker_thread at pjsua_core.c:494
>> #19 0x002584f4 in thread_main at os_core_unix.c:382
>> #20 0x9002bd08 in _pthread_body
>>
>> Another (non-debug build, sadly. Seems to be about
>> the same thing.)
>>
>> #0 0x00264fdc in pj_list_erase
>> #1 0x00288940 in reset_pool
>> #2 0x002889f0 in pj_pool_destroy_int
>> #3 0x002a97c8 in cpool_release_pool
>> #4 0x0029c008 in unregister_and_destroy_dialog
>> #5 0x0029c140 in pjsip_dlg_dec_lock
>> #6 0x002a1328 in tsx_set_state
>> #7 0x002a2cb8 in tsx_on_state_completed_uac
>> #8 0x002a11b4 in tsx_timer_callback
>> #9 0x00297224 in pj_timer_heap_poll
>> #10 0x0026820c in pjsip_endpt_handle_events2
>> #11 0x0027082c in pjsua_handle_events
>> #12 0x00270888 in worker_thread
>> #13 0x00266e8c in thread_main
>> #14 0x9002b508 in _pthread_body
>>
>> From the first one:
>>
>> /* Internal */
>> PJ_INLINE(void) pj_link_node(pj_list_type *prev,
>> pj_list_type *next)
>> {
>> ((pj_list*)prev)->next = next;
>> ((pj_list*)next)->prev = prev;
>> }
>>
>> In this case, prev is null. My code never uses
>> dialog pools.
>>
>> Any ideas?
>>
>> -Norman
>>
>>> _______________________________________________
>> Visit our blog: http://blog.pjsip.org
>>
>> pjsip mailing list
>> pjsip at lists.pjsip.org
>>
> http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org
>>
>
>
>
> Abra sua conta no Yahoo! Mail, o ?nico sem limite de espa?o
> para armazenamento!
> http://br.mail.yahoo.com/
>
> _______________________________________________
> Visit our blog: http://blog.pjsip.org
>
> pjsip mailing list
> pjsip at lists.pjsip.org
> http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org
