Hi all,
I've seen some segfaults recently that occur at random times, but every
time at the same spot. I've not been able to correlate it to specific SIP
messages. From the backtrace it seems some timer is trying to access
some memory that has already been reused. That would indicate i (or pjsip)
forgot to increase some refcount.
With the very little information i have at hand it's probably very hard to
find the cause, but maybe someone can give me a hint on what may be
happening from the below backtrace:
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `/usr/sbin/asterisk -g -f -U asterisk'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 copy_node (ht=0x7f33e831bd90, ht=0x7f33e831bd90, moved_node=<optimized out>, slot=60) at ../src/pj/timer.c:137
137 ../src/pj/timer.c: No such file or directory.
[Current thread is 1 (Thread 0x7f344d46c700 (LWP 17018))]
(gdb) bt full
#0 copy_node (ht=0x7f33e831bd90, ht=0x7f33e831bd90, moved_node=<optimized out>, slot=60) at ../src/pj/timer.c:137
No locals.
#1 reheap_down (child=121, slot=60, moved_node=0x7f33e831bd90, ht=0x7f33e831bd90) at ../src/pj/timer.c:185
No locals.
#2 remove_node (ht=ht@entry=0x55c82246a350, slot=slot@entry=0) at ../src/pj/timer.c:252
parent = <optimized out>
moved_node = 0x7f33e831bd90
removed_node = 0x7f33a88940b0
#3 0x00007f3455eed261 in pj_timer_heap_poll (ht=0x55c82246a350, next_delay=next_delay@entry=0x7f344d46bcc0) at ../src/pj/timer.c:643
node = <optimized out>
grp_lock = <optimized out>
now = {sec = 18760889, msec = 90}
count = 0
#4 0x00007f3455e54712 in pjsip_endpt_handle_events2 (endpt=0x55c82246a068, max_timeout=0x7f344d46bd10, p_count=0x0) at ../src/pjsip/sip_endpoint.c:715
timeout = {sec = 0, msec = 0}
count = 0
net_event_count = 0
c = <optimized out>
#5 0x00007f344da0b4e8 in ?? () from /usr/lib/asterisk/modules/res_pjsip.so
No symbol table info available.
#6 0x00007f3455ed7680 in thread_main (param=0x55c822467e08) at ../src/pj/os_core_unix.c:541
rec = 0x55c822467e08
result = <optimized out>
#7 0x00007f3453f4b494 in start_thread () from /lib/x86_64-linux-gnu/libpthread.so.0
No symbol table info available.
#8 0x00007f34531ffacf in clone () from /lib/x86_64-linux-gnu/libc.so.6
No symbol table info available.
(gdb) f 1
#1 reheap_down (child=121, slot=60, moved_node=0x7f33e831bd90, ht=0x7f33e831bd90) at ../src/pj/timer.c:185
185 in ../src/pj/timer.c
(gdb) p *ht
$2 = {pool = 0x7f33e831bbd8, max_size = 2, cur_size = 139862756213392, max_entries_per_poll = 331, lock = 0x11e44bd, auto_delete_lock = 989, heap = 0x7f33d41161f8, timer_ids = 0x0, timer_ids_freelist = 0, callback = 0x0}
--
Alex Hermann
_______________________________________________
Visit our blog: http://blog.pjsip.org
pjsip mailing list
pjsip@xxxxxxxxxxxxxxx
http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org
