On Mar 20, 2009, at 12:51 AM, Nick Leverton wrote:
Thanks for the backtraces. I was wondering whether dbg packages
might help, your idea was sound.
The first backtrace you give points to thread-based event handling
(possibly including task disposal) and the second backtrace points
towards the expiry of a mapping (definitely involving thread
disposal code). I've been suspicious of that area for some time but
didn't follow upstream's code well enough to change it.
If you can afford to run with debug_level=3 in upnpd.conf and with a
debug-level entry in syslog for a while, it might help to tie the
corruptions and crashes down to particular events. There are hints
on debug logging in /usr/share/doc/linux-igd/README.Debian but mail
me back if you need help setting it up.
I'll consider your suggestion, however what I had started to do was to
run upnpd under valgrind. I will need to reboot soon to install the
new kernel security update, but here is what valgrind has reported so
far:
==9510== Thread 12:
==9510== Invalid write of size 4
==9510== at 0x804A0A0: free_expiration_event (gatedevice.c:770)
==9510== by 0x804A42F: ExpireMapping (gatedevice.c:797)
==9510== by 0x404871B: WorkerThread (ThreadPool.c:573)
==9510== by 0x4197F3A: start_thread (pthread_create.c:297)
==9510== by 0x411EBED: clone (in /usr/lib/debug/libc-2.7.so)
==9510== Address 0x434c01c is 108 bytes inside a block of size 124
free'd
==9510== at 0x4021B8A: free (vg_replace_malloc.c:323)
==9510== by 0x804C62A: pmlist_Delete (pmlist.c:206)
==9510== by 0x804A3A4: ExpireMapping (gatedevice.c:788)
==9510== by 0x404871B: WorkerThread (ThreadPool.c:573)
==9510== by 0x4197F3A: start_thread (pthread_create.c:297)
==9510== by 0x411EBED: clone (in /usr/lib/debug/libc-2.7.so)
More as I discover it...
--
Rob Leslie
r...@mars.org
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
