| Summary: | ASTERISK-27230: PJSIP Destroyed timer being called causing segfault | ||||
| Reporter: | Ross Beer (rossbeer) | Labels: | pjsip | ||
| Date Opened: | 2017-08-30 05:17:06 | Date Closed: | 2019-02-07 04:54:08.000-0600 | ||
| Priority: | Major | Regression? | |||
| Status: | Closed/Complete | Components: | Channels/chan_pjsip | ||
| Versions: | GIT | Frequency of Occurrence | |||
| Related Issues: |
| ||||
| Environment: | Fedora 23 | Attachments: | ( 0) core.thread1.txt ( 1) core-asterisk-103311-Asterisk7-1504005395-thread1.txt ( 2) core-asterisk-119854-Asterisk6-1508764500-thread1.txt ( 3) core-asterisk-158440-Asterisk5-1504033325-thread1.txt ( 4) core-asterisk-172816-Asterisk7-1507310948-thread1.txt ( 5) core-asterisk-25632-1520508424-thread1.txt ( 6) core-asterisk-40920-Asterisk7-1507023780-thread1.txt ( 7) core-asterisk-46551-Asterisk7-1508841302-thread1.txt ( 8) core-asterisk-5713-1507134548-thread1.txt | ||
| Description: | PJPROJECT segfaults when cancelling timer and reheaping.
{noformat} Thread 1 (Thread 0x7fe2c6bdf700 (LWP 11308)): #0 0x00007fe2cbf5d1b9 in copy_node (ht=0x20d4ee0, slot=312, moved_node=0x7fe25040b928) at ../src/pj/timer.c:137 No locals. #1 0x00007fe2cbf5d5e9 in reheap_up (ht=0x20d4ee0, moved_node=0x7fe1802740c8, slot=312, parent=155) at ../src/pj/timer.c:208 No locals. #2 0x00007fe2cbf5d7fc in remove_node (ht=0x20d4ee0, slot=312) at ../src/pj/timer.c:254 parent = 155 moved_node = 0x7fe1802740c8 removed_node = 0x7fdfdc25ea98 #3 0x00007fe2cbf5daea in cancel (ht=0x20d4ee0, entry=0x7fdfdc25ea98, flags=7) at ../src/pj/timer.c:353 timer_node_slot = 312 #4 0x00007fe2cbf5e00e in cancel_timer (ht=0x20d4ee0, entry=0x7fdfdc25ea98, flags=6, id_val=0) at ../src/pj/timer.c:594 count = 32738 #5 0x00007fe2cbf5e0cd in pj_timer_heap_cancel_if_active (ht=0x20d4ee0, entry=0x7fdfdc25ea98, id_val=0) at ../src/pj/timer.c:618 No locals. #6 0x00007fe2cbead7b6 in pjsip_endpt_cancel_timer (endpt=0x20d4bf8, entry=0x7fdfdc25ea98) at ../src/pjsip/sip_endpoint.c:814 No locals. #7 0x00007fe2cbe92656 in stop_timer (inv=0x7fdfdc0d7d58) at ../src/pjsip-ua/sip_timer.c:535 No locals. #8 0x00007fe2cbe93953 in pjsip_timer_end_session (inv=0x7fdfdc0d7d58) at ../src/pjsip-ua/sip_timer.c:1229 {noformat} | ||||
| Comments: | By: Asterisk Team (asteriskteam) 2017-08-30 05:17:07.614-0500 Thanks for creating a report! The issue has entered the triage process. That means the issue will wait in this status until a Bug Marshal has an opportunity to review the issue. Once the issue has been reviewed you will receive comments regarding the next steps towards resolution. A good first step is for you to review the [Asterisk Issue Guidelines|https://wiki.asterisk.org/wiki/display/AST/Asterisk+Issue+Guidelines] if you haven't already. The guidelines detail what is expected from an Asterisk issue report. Then, if you are submitting a patch, please review the [Patch Contribution Process|https://wiki.asterisk.org/wiki/display/AST/Patch+Contribution+Process]. By: Ross Beer (rossbeer) 2017-10-04 03:47:38.329-0500 This issue is happening multiple times a day. Please see further backtraces. By: Ross Beer (rossbeer) 2017-10-10 16:53:24.160-0500 Can anyone assist with this, please? By: Richard Mudgett (rmudgett) 2017-10-20 13:09:15.637-0500 There were two patches in PJPROJECT 2.7 that dealt with timers left running. They may fix this crash. The https://gerrit.asterisk.org/#/c/6854/ review upgrades v13 to use PJPROJECT 2.7. By: Ross Beer (rossbeer) 2017-10-23 11:39:14.217-0500 The PJPROJECT 2.7 patch does not resolve this issue. By: Ross Beer (rossbeer) 2017-10-24 05:45:09.940-0500 Another timer crash, please see latest backtrace By: Ross Beer (rossbeer) 2018-03-08 06:17:09.393-0600 This issue is still causing frequent crashes. Is there anything we can to do to resolve it? | ||||