[pjsip] timer thread-safe problem

Gergely Kovacs gergo at iptel.org
Tue Feb 26 06:15:06 EST 2008


Hi,

I developed an User Agent application based on pjsip-perf.c. If I use it 
as UAC, with thread-count > 1 and there are approximately more than 1000 
calls waiting to be finished (at the end of client_thread() function), 
then it will segmentation fault. I use the latest SVN version of PJSIP.

Here's the backtrace:

#0  0x080cd05f in pop_freelist (ht=0x810365c) at ../src/pj/timer.c:136
#1  0x080cd6c3 in schedule_entry (ht=0x810365c, entry=0x8630150, 
future_time=0xa7bcd1fc) at ../src/pj/timer.c:300
#2  0x080cdb81 in pj_timer_heap_schedule (ht=0x810365c, entry=0x8630150, 
delay=0x80f1b28) at ../src/pj/timer.c:472
#3  0x080606c6 in pjsip_endpt_schedule_timer (endpt=0x8103474, 
entry=0x8630150, delay=0x80f1b28) at ../src/pjsip/sip_endpoint.c:733
#4  0x08072978 in tsx_on_state_null (tsx=0x8630064, event=0xa7bcd284) at 
../src/pjsip/sip_transaction.c:2013
#5  0x080719b8 in pjsip_tsx_send_msg (tsx=0x8630064, tdata=0x88d12fc) at 
../src/pjsip/sip_transaction.c:1528
#6  0x0807688b in pjsip_dlg_send_request (dlg=0x84d346c, 
tdata=0x88d12fc, mod_data_id=5, mod_data=0x87a9ffc) at 
../src/pjsip/sip_dialog.c:1139
#7  0x08050f5f in pjsip_inv_send_msg (inv=0x84d3a6c, tdata=0x88d12fc) at 
../src/pjsip-ua/sip_inv.c:2078
#8  0x0804b838 in call_duration_callback (timer_heap=0x810365c, 
entry=0x80fb9a0) at stx.c:922
#9  0x080cdd38 in pj_timer_heap_poll (ht=0x810365c, 
next_delay=0xa7bcd3a4) at ../src/pj/timer.c:518
#10 0x08060560 in pjsip_endpt_handle_events2 (endpt=0x8103474, 
max_timeout=0xa7bcd3e0, p_count=0xa7bcd3dc) at 
../src/pjsip/sip_endpoint.c:665
#11 0x0804c99d in client_thread (arg=0x0) at stx.c:1461

(gdb) frame 0
#0  0x080cd05f in pop_freelist (ht=0x810365c) at ../src/pj/timer.c:136
136         ht->timer_ids_freelist =
(gdb) l
131
132         PJ_CHECK_STACK();
133
134         // The freelist values in the <timer_ids_> are negative, so 
we need
135         // to negate them to get the next freelist "pointer."
136         ht->timer_ids_freelist =
137             -ht->timer_ids[ht->timer_ids_freelist];
138
139         return new_id;
140
(gdb) p ht->timer_ids[ht->timer_ids_freelist]
Cannot access memory at address 0xa8c5901c
(gdb) p ht->timer_ids_freelist
$1 = 4325376

I can reproduce it any time.

Cheers:
    Gergo

-- 
Gergely Kovacs
http://www.iptel.org/~gergo






More information about the pjsip mailing list