[SIPForum-discussion] Fwd: Crash in tsx_timer_callback after a call disconnection

Wed Jan 11 14:06:21 UTC 2017

Hello,

I have a simple SIP user agent application that only uses PJSIP (and not
PJSUA), on a Debian 8.2 Jessie release. The application uses PJSIP 2.5.5
version, and is able to receive and make calls.

When reaching a specific number of received calls, the application replies
future calls with BUSY (486). However, during a load testing, after some
BUSY replies, the application crashes while executing tsx_timer_callback
(sip_transaction.c), particularly  in pj_lock_acquire . The logs show a
disconnection of a refused call (which had a BUSY reply).
This is the debugger details :

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb6809b40 (LWP 2404)]
0x08285318 in pj_lock_acquire (lock=0x2e9420dc) at ../src/pj/lock.c:180
180         return (*lock->acquire)(lock->lock_object);

(gdb) bt full
#0  0x08285318 in pj_lock_acquire (lock=0x2e9420dc) at ../src/pj/lock.c:180
        __PRETTY_FUNCTION__ = "pj_lock_acquire"
#1  0x0828555a in grp_lock_acquire (p=0xb1fac124) at ../src/pj/lock.c:290
        glock = 0xb1fac124
        lck = 0xb1fac248
        __PRETTY_FUNCTION__ = "grp_lock_acquire"
#2  0x08285a28 in pj_grp_lock_acquire (grp_lock=0xb1fac124) at
../src/pj/lock.c:478
No locals.
#3  0x081fa8d0 in tsx_timer_callback (theap=0x83a5950, entry=0xb1fcce84) at
../src/pjsip/sip_transaction.c:1170
        event = {prev = 0x0, next = 0xb7c89000, type = PJSIP_EVENT_TIMER,
body = {timer = {entry = 0xb1fcce84}, tsx_state = {src = {rdata =
0xb1fcce84,
                tdata = 0xb1fcce84, timer = 0xb1fcce84, status =
-1308832124, data = 0xb1fcce84}, tsx = 0xb68091d8, prev_state =
-1211592704, type = 3061879272},
            tx_msg = {tdata = 0xb1fcce84}, tx_error = {tdata = 0xb1fcce84,
tsx = 0xb68091d8}, rx_msg = {rdata = 0xb1fcce84}, user = {user1 =
0xb1fcce84,
              user2 = 0xb68091d8, user3 = 0xb7c89000, user4 = 0xb68091e8}}}
        tsx = 0xb1fccd6c
#4  0x0828b8ed in pj_timer_heap_poll (ht=0x83a5950, next_delay=0xb6809268)
at ../src/pj/timer.c:643
        node = 0xb1fcce84
        grp_lock = 0xb1fac124
        now = {sec = 9713, msec = 334}
        count = 1
        __PRETTY_FUNCTION__ = "pj_timer_heap_poll"
#5  0x081e8920 in pjsip_endpt_handle_events2 (endpt=0x83a5794,
max_timeout=0xb68092a0, p_count=0xb68092a8) at ../src/pjsip/sip_endpoint.c:
712
        timeout = {sec = 0, msec = 0}
        count = 0
        net_event_count = 0
        c = 0
        __PRETTY_FUNCTION__ = "pjsip_endpt_handle_events2"
#6  0x08086dcc in SIPManager::stv_handle_events (msec_timeout=10) at
include/SIPManager.hxx:236
        count = 0
        tv = {sec = 0, msec = 10}
        status = 0
#7  0x08086df6 in SIPManager::worker_thread (arg=0x0) at
include/SIPManager.hxx:254
        count = 0
#8  0x0827ef53 in thread_main (param=0x83a2594) at
../src/pj/os_core_unix.c:541
        rec = 0x83a2594
        result = 0x0
        rc = 0
        __PRETTY_FUNCTION__ = "thread_main"
#9  0xb7c76efb in start_thread (arg=0xb6809b40) at pthread_create.c:309
        __res = <optimized out>
        pd = 0xb6809b40
        now = <optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {-1211592704,
-1233085632, 4001536, -1233087512, -435160207, 1777601395}, mask_was_saved
= 0}}, priv = {pad = {
              0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0,
canceltype = 0}}}
        not_first_call = <optimized out>
        pagesize_m1 = <optimized out>
        sp = <optimized out>
        freesize = <optimized out>
        __PRETTY_FUNCTION__ = "start_thread"
#10 0xb753ad0e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:129
No locals.

Can anyone help me please ?? What to do ? is it a bug in PJSIP and is there
any thing to do to avoid this situation ??

Thanks a lot !

Nabila Salmi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://sipforum.org/pipermail/discussion/attachments/20170111/c64ece74/attachment-0002.html>