Hi Ross, - Is there any steps or specific scenario to reproduce the issue? - Which PJSIP version are you using? You mentioned ticket #2176, which additional patches do you apply to the base version you're using? - Our latest fix with regard to the timer is ticket #2191 (https://trac.pjsip.org/repos/ticket/2191). Please let us know if the problem still persists after this patch. Another ticket which may be relevant is ticket #2172 (https://trac.pjsip.org/repos/ticket/2172). - For the stack trace which you provided, the crash seems to be caused when accessing the node 0x7fa9c4c04c50. So, you will need to check the PJSIP log, with PJ_TIMER_DEBUG on, and see to which component the timer entry belongs, and when&how the pool which allocates the entry gets destroyed, and why isn't the timer cancelled first before the deallocation. Regards, Ming On Tue, Apr 9, 2019 at 9:04 PM Ross Beer <ross.beer@xxxxxxxxxxx> wrote: > > Hello, > > The previous segfault was with issue #2176 (https://trac.pjsip.org/repos/changeset/5934) patch applied, this patch appears to increase the frequency of segfaults in the 'pj_timer_heap_poll' process instead of mitigating them. > > Can anyone offer assistance in getting this resolved? > > Regards, > > Ross > > ________________________________ > From: pjsip <pjsip-bounces@xxxxxxxxxxxxxxx> on behalf of Ross Beer <ross.beer@xxxxxxxxxxx> > Sent: 08 April 2019 17:05 > To: pjsip@xxxxxxxxxxxxxxx > Subject: Segfault in timer.c > > Hi, > > We are seeing multiple segfaults while copying nodes: > > Thread 1 (Thread 0x7fa977fff700 (LWP 36699)): > #0 0x00007fac956676fe in copy_node (ht=0x16d0410, slot=430, moved_node=0x7fa9c4c04c50) at ../src/pj/timer.c:137 > #1 0x00007fac956679d9 in reheap_down (ht=0x16d0410, moved_node=0x7fab60031970, slot=430, child=862) at ../src/pj/timer.c:185 > #2 0x00007fac95667d1d in remove_node (ht=0x16d0410, slot=0) at ../src/pj/timer.c:252 > parent = 0 > moved_node = 0x7fab60031970 > removed_node = 0x7fa9b5978ae0 > #3 0x00007fac95668634 in pj_timer_heap_poll (ht=0x16d0410, next_delay=0x7fa977ffecd0) at ../src/pj/timer.c:634 > node = 0x100000002 > grp_lock = 0x31dc8c88 > now = {sec = 8157205, msec = 523} > count = 0 > #4 0x00007fac955b6b06 in pjsip_endpt_handle_events2 (endpt=0x16d0128, max_timeout=0x7fa977ffed40, p_count=0x0) at ../src/pjsip/sip_endpoint.c:715 > timeout = {sec = 0, msec = 0} > count = 0 > net_event_count = 0 > c = 0 > #5 0x00007fac955b6c4b in pjsip_endpt_handle_events (endpt=0x16d0128, max_timeout=0x7fa977ffed40) at ../src/pjsip/sip_endpoint.c:776 > #6 0x00007faac8024bcf in monitor_thread_exec (endpt=0x0) at res_pjsip.c:4512 > delay = {sec = 0, msec = 10} > #7 0x00007fac9564fcb0 in thread_main (param=0x1815b28) at ../src/pj/os_core_unix.c:541 > rec = 0x1815b28 > result = 0x0 > rc = 0 > #8 0x00007fac9342ddd5 in start_thread () at /usr/lib64/libpthread.so.0 > #9 0x00007fac927cfead in clone () at /usr/lib64/libc.so.6 > > > Can anyone assist in resolving the issue? > > Regards, > > Ross > _______________________________________________ > Visit our blog: http://blog.pjsip.org > > pjsip mailing list > pjsip@xxxxxxxxxxxxxxx > http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org _______________________________________________ Visit our blog: http://blog.pjsip.org pjsip mailing list pjsip@xxxxxxxxxxxxxxx http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org
