Fix deadlock in PJSIP channel creation with endpoint variables#181
Draft
Fix deadlock in PJSIP channel creation with endpoint variables#181
Conversation
…nnel var
Move endpoint channel_vars loop after ast_channel_unlock() in
chan_pjsip_new() to prevent deadlock when variables invoke dialplan
functions (e.g., PJSIP_HEADER) that block on PJSIP serializer tasks
while the channel lock is held.
Deadlock cycle with ao2_legacy (default) storage backend:
1. Thread A (chan_pjsip_new): holds channel_lock → calls
pbx_builtin_setvar_helper("PJSIP_HEADER(add,...)") → dispatches to
func_write_header() → ast_sip_push_task_wait_serializer() → blocks
waiting for serializer to complete the task
2. Serializer thread: already processing a prior task that iterates
channels → ao2_callback on channels container → acquires whole-
container lock → by_name_cb tries ast_channel_lock on the channel
held by Thread A → BLOCKED
3. Thread C (channel hangup): needs container lock for ao2_unlink →
BLOCKED (serializer holds it)
This is a classic ABBA inversion: Thread A holds channel_lock and
(transitively via serializer) needs container_lock; serializer holds
container_lock and needs channel_lock.
The race window widened in 22.6.0 due to added channel locking in
res_musiconhold.c (moh_files_alloc, local_ast_moh_start) and new CEL
event publishing, increasing contention enough to trigger reliably
under high call volume.
Moving the loop after unlock is safe because pbx_builtin_setvar_helper()
acquires its own channel lock internally.
https://claude.ai/code/session_017gxrJFgjWNAVm25sYc76DP
Contributor
|
Build failed. ❌ debian-packaging-bookworm FAILURE in 1m 57s |
The patch was hand-written with spaces instead of tabs, causing dpkg-source to reject it as malformed. Regenerated from a real unified diff of the source file to preserve exact whitespace. https://claude.ai/code/session_017gxrJFgjWNAVm25sYc76DP
Contributor
|
Build failed. ❌ debian-packaging-bookworm FAILURE in 9m 27s |
DrPyser
reviewed
Mar 5, 2026
and into header; to minimize patch changes and avoid upstream conflicts
Contributor
|
Build failed. ❌ debian-packaging-bookworm FAILURE in 9m 20s |
Contributor
|
Build succeeded. ✔️ debian-packaging-bookworm SUCCESS in 11m 57s |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This patch fixes a deadlock that occurs during PJSIP channel creation when endpoint channel variables are set while the channel lock is held.
Key Changes
chan_pjsip.cast_channel_unlock(chan)instead of before, preventing deadlock scenariosImplementation Details
The deadlock occurred because setting endpoint channel variables can trigger dialplan functions (such as
PJSIP_HEADER) that may block on serializer tasks. When these operations occur while the channel lock is held, it creates a deadlock condition.By deferring the variable assignment until after the channel is unlocked, the channel lock is no longer held when these potentially-blocking operations execute, eliminating the deadlock while maintaining the same functional behavior.
https://claude.ai/code/session_017gxrJFgjWNAVm25sYc76DP