Potential deadlock between sip_transaction and sip_reg

[ming]

A potential deadlock between sip_transaction and sip_reg.
This issue is found using Helgrind.

Although not exactly similar, but this is related to ticket #1247.

In that ticket, the fix in was to release the lock before calling pjsip_endpt_send_request(), which worked because as the stack trace showed, the flow was: regc_refresh_timer_cb(), which doesn't lock->pjsip_regc_send()->pjsip_endpt_send_request().

But if the lock is held more than once, then deadlock can still occur (for example: regc_tsx_callback(), which holds regc lock->pjsip_regc_send()->pjsip_endpt_send_request()).

For complete stack trace reported by Helgrind, refer to below:

Thread #4: lock order "0x64DD5A8 before 0x64E80C8" violated

Observed (incorrect) order is: acquisition of lock at 0x64E80C8
   by 0x5A1533: pj_grp_lock_acquire (lock.c:478)
   by 0x4978DC: pjsip_tsx_recv_msg (sip_transaction.c:1831)
   by 0x495CA5: mod_tsx_layer_on_rx_response (sip_transaction.c:893)
   by 0x47A11C: pjsip_endpt_process_rx_data (sip_endpoint.c:938)
   by 0x47A406: endpt_on_rx_msg (sip_endpoint.c:1080)
   by 0x484620: pjsip_tpmgr_receive_packet (sip_transport.c:2182)
   by 0x48A3F8: on_data_read (sip_transport_tcp.c:1430)
   by 0x59CD3C: ioqueue_on_read_complete (activesock.c:504)

 followed by a later acquisition of lock at 0x64DD5A8
   by 0x5A0D31: pj_lock_acquire (lock.c:180)
   by 0x459127: regc_tsx_callback (sip_reg.c:1071)
   by 0x49A71C: mod_util_on_tsx_state (sip_util_statefull.c:81)
   by 0x496816: tsx_set_state (sip_transaction.c:1272)
   by 0x499D58: tsx_on_state_proceeding_uac (sip_transaction.c:3016)
   by 0x4991D4: tsx_on_state_calling (sip_transaction.c:2599)
   by 0x4978F7: pjsip_tsx_recv_msg (sip_transaction.c:1832)
   by 0x495CA5: mod_tsx_layer_on_rx_response (sip_transaction.c:893)
   by 0x47A11C: pjsip_endpt_process_rx_data (sip_endpoint.c:938)
   by 0x47A406: endpt_on_rx_msg (sip_endpoint.c:1080)

Required order was established by acquisition of lock at 0x64DD5A8
   by 0x5A0D31: pj_lock_acquire (lock.c:180)
   by 0x4592FD: regc_tsx_callback (sip_reg.c:1105)
   by 0x49A71C: mod_util_on_tsx_state (sip_util_statefull.c:81)
   by 0x496816: tsx_set_state (sip_transaction.c:1272)
   by 0x499EBC: tsx_on_state_proceeding_uac (sip_transaction.c:3115)
   by 0x4991D4: tsx_on_state_calling (sip_transaction.c:2599)
   by 0x4978F7: pjsip_tsx_recv_msg (sip_transaction.c:1832)
   by 0x495CA5: mod_tsx_layer_on_rx_response (sip_transaction.c:893)
   by 0x47A11C: pjsip_endpt_process_rx_data (sip_endpoint.c:938)
   by 0x47A406: endpt_on_rx_msg (sip_endpoint.c:1080)

 followed by a later acquisition of lock at 0x64E80C8
   by 0x5A1533: pj_grp_lock_acquire (lock.c:478)
   by 0x497314: pjsip_tsx_set_transport (sip_transaction.c:1636)
   by 0x49A815: pjsip_endpt_send_request (sip_util_statefull.c:109)
   by 0x459D65: pjsip_regc_send (sip_reg.c:1434)
   by 0x459636: regc_tsx_callback (sip_reg.c:1193)
   by 0x49A71C: mod_util_on_tsx_state (sip_util_statefull.c:81)
   by 0x496816: tsx_set_state (sip_transaction.c:1272)
   by 0x499EBC: tsx_on_state_proceeding_uac (sip_transaction.c:3115)

 Lock at 0x64DD5A8 was first observed
   by 0x5A0BA7: pj_lock_create_recursive_mutex (lock.c:96)
   by 0x456F4E: pjsip_regc_create (sip_reg.c:140)

 Lock at 0x64E80C8 was first observed
   by 0x5A14D2: pj_grp_lock_create_w_handler (lock.c:463)
   by 0x4960FF: tsx_create (sip_transaction.c:1035)
   by 0x496ADD: pjsip_tsx_create_uac2 (sip_transaction.c:1365)
   by 0x496975: pjsip_tsx_create_uac (sip_transaction.c:1329)
   by 0x49A7DE: pjsip_endpt_send_request (sip_util_statefull.c:103)
   by 0x459D65: pjsip_regc_send (sip_reg.c:1434)

[ming]

In 6134:

Fixed #2260: Potential deadlock between sip_transaction and sip_reg