[h323plus] Ptlib issue
Tamas
jalsot at gmail.com
Wed Mar 26 08:12:00 EDT 2008
Hello,
We have found probably a bug in ptlib during testing the t38modem
application (ptlib+h323plus+t38modem).
We got this backtrace:
root at maxi:/tmp# gdb /usr/sbin/t38modem core.6382.104
GNU gdb 6.4-debian
Copyright 2005 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you
are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu"...Using host libthread_db
library "/lib/libthread_db.so.1".
Failed to read a valid object file image from memory.
Core was generated by `/usr/sbin/t38modem -p
ttyc0,ttyc1,ttyc2,ttyc3,ttyc4,ttyc5,ttyc6,ttyc7,ttyc8,tty'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /lib/libresolv.so.2...done.
Loaded symbols for /lib/libresolv.so.2
Reading symbols from /usr/lib/libldap_r.so.2...done.
Loaded symbols for /usr/lib/libldap_r.so.2
Reading symbols from /usr/lib/liblber.so.2...done.
Loaded symbols for /usr/lib/liblber.so.2
Reading symbols from /lib/libpthread.so.0...done.
Loaded symbols for /lib/libpthread.so.0
Reading symbols from /usr/lib/libsasl2.so.2...done.
Loaded symbols for /usr/lib/libsasl2.so.2
Reading symbols from /usr/lib/libssl.so.0.9.8...done.
Loaded symbols for /usr/lib/libssl.so.0.9.8
Reading symbols from /usr/lib/libcrypto.so.0.9.8...done.
Loaded symbols for /usr/lib/libcrypto.so.0.9.8
Reading symbols from /usr/lib/libexpat.so.1...done.
Loaded symbols for /usr/lib/libexpat.so.1
Reading symbols from /usr/lib/libSDL-1.2.so.0...done.
Loaded symbols for /usr/lib/libSDL-1.2.so.0
Reading symbols from /lib/libdl.so.2...done.
Loaded symbols for /lib/libdl.so.2
Reading symbols from /usr/lib/libstdc++.so.6...done.
Loaded symbols for /usr/lib/libstdc++.so.6
Reading symbols from /lib/libm.so.6...done.
Loaded symbols for /lib/libm.so.6
Reading symbols from /lib/libgcc_s.so.1...done.
Loaded symbols for /lib/libgcc_s.so.1
Reading symbols from /lib/libc.so.6...done.
Loaded symbols for /lib/libc.so.6
Reading symbols from /lib/libcrypt.so.1...done.
Loaded symbols for /lib/libcrypt.so.1
Reading symbols from /usr/lib/libgnutls.so.12...done.
Loaded symbols for /usr/lib/libgnutls.so.12
Reading symbols from /lib/ld-linux-x86-64.so.2...done.
Loaded symbols for /lib64/ld-linux-x86-64.so.2
Reading symbols from /usr/lib/libz.so.1...done.
Loaded symbols for /usr/lib/libz.so.1
Reading symbols from /usr/lib/libasound.so.2...done.
Loaded symbols for /usr/lib/libasound.so.2
Reading symbols from /usr/lib/libX11.so.6...done.
Loaded symbols for /usr/lib/libX11.so.6
Reading symbols from /usr/lib/libXext.so.6...done.
Loaded symbols for /usr/lib/libXext.so.6
Reading symbols from /usr/lib/libtasn1.so.2...done.
Loaded symbols for /usr/lib/libtasn1.so.2
Reading symbols from /usr/lib/libgcrypt.so.11...done.
Loaded symbols for /usr/lib/libgcrypt.so.11
Reading symbols from /usr/lib/libgpg-error.so.0...done.
Loaded symbols for /usr/lib/libgpg-error.so.0
Reading symbols from /usr/lib/libXau.so.6...done.
Loaded symbols for /usr/lib/libXau.so.6
Reading symbols from /lib/libnsl.so.1...done.
Loaded symbols for /lib/libnsl.so.1
Reading symbols from /lib/libnss_compat.so.2...done.
Loaded symbols for /lib/libnss_compat.so.2
Reading symbols from /lib/libnss_nis.so.2...done.
Loaded symbols for /lib/libnss_nis.so.2
Reading symbols from /lib/libnss_files.so.2...done.
Loaded symbols for /lib/libnss_files.so.2
#0 0x00002b3e71de4312 in __gnu_cxx::__exchange_and_add () from
/usr/lib/libstdc++.so.6
(gdb) bt full
#0 0x00002b3e71de4312 in __gnu_cxx::__exchange_and_add () from
/usr/lib/libstdc++.so.6
No symbol table info available.
#1 0x00000000005c4ee1 in PAtomicInteger::operator++ (this=0x4) at
critsec.h:243
No locals.
#2 0x000000000077cf8a in PContainer (this=0x40cf2080, cont=@0xafc3c0)
at ../common/contain.cxx:739
No locals.
#3 0x000000000046fdbd in PAbstractArray (this=0x40cf2080, c=@0xafc3c0)
at array.h:183
No locals.
#4 0x000000000047a19b in PBaseArray (this=0x40cf2080) at array.h:390
No locals.
#5 0x0000000000789315 in PCharArray (this=0x40cf2080) at array.h:733
No locals.
#6 0x000000000077d571 in PString (this=0x40cf2080, str=@0xafc3c0) at
contain.inl:241
No locals.
#7 0x000000000075c559 in PThread::PX_ThreadEnd (arg=0xafc3b0) at
tlibthrd.cxx:1402
threadName = {<PCharArray> = {<PBaseArray<char>> =
{<PAbstractArray> = {<PContainer> = {<PObject> = {_vptr.PObject =
0x870d90}, reference = 0xf0}, elementSize = 0,
theArray = 0x100000000 <Address 0x100000000 out of bounds>,
allocatedDynamically = 1}, <No data fields>}, <No data fields>}, <No
data fields>}
process = (class PProcess &) @0xabc420: {<PThread> = {<PObject> =
{_vptr.PObject = 0x7bfad0}, autoDelete = 0,
threadName = {<PCharArray> = {<PBaseArray<char>> = {<PAbstractArray>
= {<PContainer> = {<PObject> = {_vptr.PObject = 0x8710b0}, reference =
0xabaf90}, elementSize = 1, theArray = 0xabc970 "",
allocatedDynamically = 1}, <No data fields>}, <No data
fields>}, <No data fields>},
traceStream = {<PString> = {<PCharArray> = {<PBaseArray<char>> =
{<PAbstractArray> = {<PContainer> = {<PObject> = {_vptr.PObject =
0x871458}, reference = 0xac2530}, elementSize = 1,
theArray = 0xabc990 "", allocatedDynamically = 1}, <No data
fields>}, <No data fields>}, <No data fields>}, <> = {<No data fields>},
<No data fields>}, traceLevel = 0,
traceBlockIndentLevel = 0, PX_origStackSize = 0, PX_priority =
PThread::NormalPriority, PX_threadId = 47547219615632, PX_suspendMutex =
{__data = {__lock = 0, __count = 0, __owner = 0, __nusers = 0,
__kind = 0, __spins = 0}, __size = '\0' <repeats 39 times>,
__align = 0}, PX_suspendCount = 0, PX_firstTimeStart = 0, ending = 0,
unblockPipe = {3, 4}}, static p_argc = 21,
static p_argv = 0x7fff39b8a398, static p_envp = 0x7fff39b8a448,
terminationValue = 0, manufacturer = {<PCharArray> = {<PBaseArray<char>>
= {<PAbstractArray> = {<PContainer> = {<PObject> = {
_vptr.PObject = 0x8710b0}, reference = 0xabc9b0},
elementSize = 1, theArray = 0xabcb40 "OpenH323 Project",
allocatedDynamically = 1}, <No data fields>}, <No data fields>}, <No
data fields>},
productName = {<PCharArray> = {<PBaseArray<char>> = {<PAbstractArray> =
{<PContainer> = {<PObject> = {_vptr.PObject = 0x8710b0}, reference =
0xabcb60}, elementSize = 1, theArray = 0xabcb80 "T38Modem",
allocatedDynamically = 1}, <No data fields>}, <No data
fields>}, <No data fields>}, majorVersion = 1, minorVersion = 0, status
= PProcess::ReleaseCode, buildNumber = 0,
executableFile = {<PString> = {<PCharArray> = {<PBaseArray<char>> =
{<PAbstractArray> = {<PContainer> = {<PObject> = {_vptr.PObject =
0x8691d0}, reference = 0xabcba0}, elementSize = 1,
theArray = 0xabcbc0 "", allocatedDynamically = 1}, <No data
fields>}, <No data fields>}, <No data fields>}, <No data fields>},
configurationPaths = {<PList<PString>> = {<PAbstractList> =
{<PCollection> = {<PContainer> = {<PObject> = {_vptr.PObject =
0x871670}, reference = 0xabcbe0}, <No data fields>},
info = 0xabcc00}, <No data fields>}, <No data fields>}, arguments
= {<PObject> = {_vptr.PObject = 0x86f190},
argumentArray = {<PArray<PString>> = {<PArrayObjects> =
{<PCollection> = {<PContainer> = {<PObject> = {_vptr.PObject =
0x871590}, reference = 0xabcee0}, <No data fields>},
theArray = 0xabcf00}, <No data fields>}, <No data fields>},
optionLetters = {<PCharArray> = {<PBaseArray<char>> = {<PAbstractArray>
= {<PContainer> = {<PObject> = {_vptr.PObject = 0x8710b0},
reference = 0xabcc30}, elementSize = 1, theArray = 0xabcc80
"", allocatedDynamically = 1}, <No data fields>}, <No data fields>}, <No
data fields>},
optionNames = {<PArray<PString>> = {<PArrayObjects> = {<PCollection>
= {<PContainer> = {<PObject> = {_vptr.PObject = 0x871590}, reference =
0xabcce0}, <No data fields>},
theArray = 0xabcd00}, <No data fields>}, <No data fields>},
optionCount = {<PBaseArray<int>> = {<PAbstractArray> = {<PContainer> =
{<PObject> = {_vptr.PObject = 0x7bfbf0}, reference = 0xabcd50},
elementSize = 4, theArray = 0x0, allocatedDynamically = 1}, <No
data fields>}, <No data fields>},
optionString = {<PArray<PString>> = {<PArrayObjects> = {<PCollection>
= {<PContainer> = {<PObject> = {_vptr.PObject = 0x871590}, reference =
0xabcd70}, <No data fields>},
theArray = 0xabcd90}, <No data fields>}, <No data fields>},
parameterIndex = {<PBaseArray<int>> = {<PAbstractArray> = {<PContainer>
= {<PObject> = {_vptr.PObject = 0x7bfbf0},
reference = 0xabcde0}, elementSize = 4, theArray = 0xabd960
"", allocatedDynamically = 1}, <No data fields>}, <No data fields>},
shift = 0},
timers = {<PList<PTimer>> = {<PAbstractList> = {<PCollection> =
{<PContainer> = {<PObject> = {_vptr.PObject = 0x86a0b0}, reference =
0xabce00}, <No data fields>}, info = 0xabce20}, <No data fields>},
listMutex = {<PSync> = {<PObject> = {_vptr.PObject = 0x869d90},
lockerId = 1092376928}, mutex = {__data = {__lock = 0, __count = 0,
__owner = 0, __nusers = 0, __kind = 1, __spins = 0},
__size = '\0' <repeats 16 times>, "\001", '\0' <repeats 22
times>, __align = 0}}, processingMutex = {<PSync> = {<PObject> =
{_vptr.PObject = 0x869d90}, lockerId = 1092376928}, mutex = {__data = {
__lock = 0, __count = 0, __owner = 0, __nusers = 0, __kind = 1,
__spins = 0}, __size = '\0' <repeats 16 times>, "\001", '\0' <repeats 22
times>, __align = 0}},
inTimeoutMutex = {<PSync> = {<PObject> = {_vptr.PObject = 0x869d90},
lockerId = 1092376928}, mutex = {__data = {__lock = 0, __count = 0,
__owner = 0, __nusers = 0, __kind = 1, __spins = 0},
__size = '\0' <repeats 16 times>, "\001", '\0' <repeats 22
times>, __align = 0}}, lastSample = {<PObject> = {_vptr.PObject =
0x868990}, milliseconds = 1203507183364}, currentTimer = 0x0},
programStartTime = {<PObject> = {_vptr.PObject = 0x868a10}, theTime =
1203506350, microseconds = 785187}, maxHandles = 2048, pxSignals = 0,
configFiles = 0xabdab0,
activeThreads = {<PAbstractDictionary> = {<PHashTable> = {<PCollection>
= {<PContainer> = {<PObject> = {_vptr.PObject = 0x869f10}, reference =
0xabce50}, <No data fields>},
hashTable = 0xabce70}, <No data fields>}, <No data fields>},
threadMutex = {<PSync> = {<PObject> = {_vptr.PObject = 0x869d90},
lockerId = 1087318368}, mutex = {__data = {__lock = 2, __count = 1,
__owner = 21470, __nusers = 1, __kind = 1, __spins = 0}, __size =
"\002\000\000\000\001\000\000\000�S\000\000\001\000\000\000\001", '\0'
<repeats 22 times>, __align = 4294967298}},
breakBlock = {<PSemaphore> = {<PSync> = {<PObject> = {_vptr.PObject =
0x869e10}, lockerId = 18446744073709551615}, initialVar = 0, maxCountVar
= 0, pxClass = PSemaphore::PXSyncPoint, mutex = {__data = {
__lock = 0, __count = 0, __owner = 0, __nusers = 1, __kind = 0,
__spins = 0}, __size = '\0' <repeats 12 times>, "\001", '\0' <repeats 26
times>, __align = 0}, condVar = {__data = {__lock = 0,
__futex = 1659, __total_seq = 830, __wakeup_seq = 829,
__woken_seq = 829, __mutex = 0xabc8d8, __nwaiters = 2, __broadcast_seq =
0},
__size =
"\000\000\000\000{\006\000\000>\003\000\000\000\000\000\000=\003\000\000\000\000\000\000=\003\000\000\000\000\000\000�ȫ\000\000\000\000\000\002\000\000\000\000\000\000",
__align = 7125350744064}, semId = {__size = '\0' <repeats 31
times>, __align = 0}}, signalCount = 0}, housekeepingThread = 0xaedfc0}
thread = (PThread *) 0xafc3b0
id = 1087318368
#8 0x000000000075c35e in PThread::PX_ThreadStart (arg=0xafc3b0) at
tlibthrd.cxx:1364
__cancel_buf = {__cancel_jmp_buf = {{__cancel_jmp_buf = {7805982,
1087316448, 47547187568752, 1091568592, 0, 1091568592, 1087316224,
7717523}, __mask_was_saved = 0}}, __pad = {0x40cf2200, 0x0, 0x1,
0x2b3e714a46c0}}
---Type <return> to continue, or q <return> to quit---
__cancel_routine = (void (*)(void *)) 0x75c36e
<PThread::PX_ThreadEnd(void*)>
__cancel_arg = (void *) 0xafc3b0
not_first_call = 0
thread = (PThread *) 0xafc3b0
#9 0x00002b3e7139a0fa in start_thread () from /lib/libpthread.so.0
No symbol table info available.
#10 0x00002b3e72287ce2 in clone () from /lib/libc.so.6
No symbol table info available.
#11 0x0000000000000000 in ?? ()
No symbol table info available.
(gdb)
After long debugging we have found that the issue is in ptlib and the
following patch fixes it:
--- ptlib_v2_0_1/src/ptlib/unix/tlibthrd.cxx.orig 2008-03-19
22:13:56.000000000 +0100
+++ ptlib_v2_0_1/src/ptlib/unix/tlibthrd.cxx 2008-03-20
09:25:41.000000000 +0100
@@ -1387,10 +1387,11 @@
// delete the thread if required, note this is done this way to avoid
// a race condition, the thread ID cannot be zeroed before the if!
+ PString threadName = thread->threadName;
if (thread->autoDelete) {
thread->PX_threadId = 0; // Prevent terminating terminated thread
process.threadMutex.Signal();
- PTRACE(5, "PWLib\tEnded thread " << thread << ' ' <<
thread->threadName);
+ PTRACE(5, "PWLib\tEnded thread " << thread << ' ' << threadName);
/* It is now safe to delete this thread. Note that this thread
is deleted after the process.threadMutex.Signal(), which means
@@ -1399,7 +1400,6 @@
}
else {
thread->PX_threadId = 0;
- PString threadName = thread->threadName;
process.threadMutex.Signal();
PTRACE(5, "PWLib\tEnded thread " << thread << ' ' << threadName);
}
It seems to be a race condition similar to what have been resolved
earlier (see the comments and cvs history).
After testing the patched version the issue seems to be over.
I would like thank Simon for helping with the debugging and taking care
of t38modem for h323plus.
Kind regards,
Tamas
ps: system info:
ptlib-2.0.1, h323plus-1.20.2, t38modem from h323plus contrib. Ubuntu
Dapper Drake LTS (6.06), x86_64,
Linux maxi 2.6.23.9 #1 SMP PREEMPT Thu Dec 6 11:32:16 CET 2007 x86_64
GNU/Linux
More information about the h323plus
mailing list