On 2/26/08, Gergely Kovacs <gergo at iptel.org> wrote: > Hi, > > I developed an User Agent application based on pjsip-perf.c. If I use it > as UAC, with thread-count > 1 and there are approximately more than 1000 > calls waiting to be finished (at the end of client_thread() function), > then it will segmentation fault. I use the latest SVN version of PJSIP. > Hi Gergo, Thanks for the report. Can you tell me what you have in config_site.h, and the command line options to invoke pjsip-perf? cheers, -benny > Here's the backtrace: > > #0 0x080cd05f in pop_freelist (ht=0x810365c) at ../src/pj/timer.c:136 > #1 0x080cd6c3 in schedule_entry (ht=0x810365c, entry=0x8630150, > future_time=0xa7bcd1fc) at ../src/pj/timer.c:300 > #2 0x080cdb81 in pj_timer_heap_schedule (ht=0x810365c, entry=0x8630150, > delay=0x80f1b28) at ../src/pj/timer.c:472 > #3 0x080606c6 in pjsip_endpt_schedule_timer (endpt=0x8103474, > entry=0x8630150, delay=0x80f1b28) at ../src/pjsip/sip_endpoint.c:733 > #4 0x08072978 in tsx_on_state_null (tsx=0x8630064, event=0xa7bcd284) at > ../src/pjsip/sip_transaction.c:2013 > #5 0x080719b8 in pjsip_tsx_send_msg (tsx=0x8630064, tdata=0x88d12fc) at > ../src/pjsip/sip_transaction.c:1528 > #6 0x0807688b in pjsip_dlg_send_request (dlg=0x84d346c, > tdata=0x88d12fc, mod_data_id=5, mod_data=0x87a9ffc) at > ../src/pjsip/sip_dialog.c:1139 > #7 0x08050f5f in pjsip_inv_send_msg (inv=0x84d3a6c, tdata=0x88d12fc) at > ../src/pjsip-ua/sip_inv.c:2078 > #8 0x0804b838 in call_duration_callback (timer_heap=0x810365c, > entry=0x80fb9a0) at stx.c:922 > #9 0x080cdd38 in pj_timer_heap_poll (ht=0x810365c, > next_delay=0xa7bcd3a4) at ../src/pj/timer.c:518 > #10 0x08060560 in pjsip_endpt_handle_events2 (endpt=0x8103474, > max_timeout=0xa7bcd3e0, p_count=0xa7bcd3dc) at > ../src/pjsip/sip_endpoint.c:665 > #11 0x0804c99d in client_thread (arg=0x0) at stx.c:1461 > > (gdb) frame 0 > #0 0x080cd05f in pop_freelist (ht=0x810365c) at ../src/pj/timer.c:136 > 136 ht->timer_ids_freelist = > (gdb) l > 131 > 132 PJ_CHECK_STACK(); > 133 > 134 // The freelist values in the <timer_ids_> are negative, so > we need > 135 // to negate them to get the next freelist "pointer." > 136 ht->timer_ids_freelist = > 137 -ht->timer_ids[ht->timer_ids_freelist]; > 138 > 139 return new_id; > 140 > (gdb) p ht->timer_ids[ht->timer_ids_freelist] > Cannot access memory at address 0xa8c5901c > (gdb) p ht->timer_ids_freelist > $1 = 4325376 > > I can reproduce it any time. > > Cheers: > Gergo > > -- > Gergely Kovacs > http://www.iptel.org/~gergo > > > > _______________________________________________ > Visit our blog: http://blog.pjsip.org > > pjsip mailing list > pjsip at lists.pjsip.org > http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org >
