[pjsip] timer thread-safe problem

Benny Prijono bennylp at pjsip.org
Tue Feb 26 06:33:51 EST 2008


On 2/26/08, Gergely Kovacs <gergo at iptel.org> wrote:
> Hi,
>
>  I developed an User Agent application based on pjsip-perf.c. If I use it
>  as UAC, with thread-count > 1 and there are approximately more than 1000
>  calls waiting to be finished (at the end of client_thread() function),
>  then it will segmentation fault. I use the latest SVN version of PJSIP.
>

Hi Gergo,

Thanks for the report. Can you tell me what you have in config_site.h,
and the command line options to invoke pjsip-perf?

cheers,
 -benny



>  Here's the backtrace:
>
>  #0  0x080cd05f in pop_freelist (ht=0x810365c) at ../src/pj/timer.c:136
>  #1  0x080cd6c3 in schedule_entry (ht=0x810365c, entry=0x8630150,
>  future_time=0xa7bcd1fc) at ../src/pj/timer.c:300
>  #2  0x080cdb81 in pj_timer_heap_schedule (ht=0x810365c, entry=0x8630150,
>  delay=0x80f1b28) at ../src/pj/timer.c:472
>  #3  0x080606c6 in pjsip_endpt_schedule_timer (endpt=0x8103474,
>  entry=0x8630150, delay=0x80f1b28) at ../src/pjsip/sip_endpoint.c:733
>  #4  0x08072978 in tsx_on_state_null (tsx=0x8630064, event=0xa7bcd284) at
>  ../src/pjsip/sip_transaction.c:2013
>  #5  0x080719b8 in pjsip_tsx_send_msg (tsx=0x8630064, tdata=0x88d12fc) at
>  ../src/pjsip/sip_transaction.c:1528
>  #6  0x0807688b in pjsip_dlg_send_request (dlg=0x84d346c,
>  tdata=0x88d12fc, mod_data_id=5, mod_data=0x87a9ffc) at
>  ../src/pjsip/sip_dialog.c:1139
>  #7  0x08050f5f in pjsip_inv_send_msg (inv=0x84d3a6c, tdata=0x88d12fc) at
>  ../src/pjsip-ua/sip_inv.c:2078
>  #8  0x0804b838 in call_duration_callback (timer_heap=0x810365c,
>  entry=0x80fb9a0) at stx.c:922
>  #9  0x080cdd38 in pj_timer_heap_poll (ht=0x810365c,
>  next_delay=0xa7bcd3a4) at ../src/pj/timer.c:518
>  #10 0x08060560 in pjsip_endpt_handle_events2 (endpt=0x8103474,
>  max_timeout=0xa7bcd3e0, p_count=0xa7bcd3dc) at
>  ../src/pjsip/sip_endpoint.c:665
>  #11 0x0804c99d in client_thread (arg=0x0) at stx.c:1461
>
>  (gdb) frame 0
>  #0  0x080cd05f in pop_freelist (ht=0x810365c) at ../src/pj/timer.c:136
>  136         ht->timer_ids_freelist =
>  (gdb) l
>  131
>  132         PJ_CHECK_STACK();
>  133
>  134         // The freelist values in the <timer_ids_> are negative, so
>  we need
>  135         // to negate them to get the next freelist "pointer."
>  136         ht->timer_ids_freelist =
>  137             -ht->timer_ids[ht->timer_ids_freelist];
>  138
>  139         return new_id;
>  140
>  (gdb) p ht->timer_ids[ht->timer_ids_freelist]
>  Cannot access memory at address 0xa8c5901c
>  (gdb) p ht->timer_ids_freelist
>  $1 = 4325376
>
>  I can reproduce it any time.
>
>  Cheers:
>     Gergo
>
>  --
>  Gergely Kovacs
>  http://www.iptel.org/~gergo
>
>
>
>  _______________________________________________
>  Visit our blog: http://blog.pjsip.org
>
>  pjsip mailing list
>  pjsip at lists.pjsip.org
>  http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org
>




More information about the pjsip mailing list