Just an update, I've found a similar error in what looks to be a different situation:
==2714== ==2714== Thread 11: ==2714== Invalid read of size 4 ==2714== at 0x40A67D3: nua_server_request_destroy (nua_stack.c:1488) ==2714== by 0x40BE3AE: process_ack (nua_session.c:2573) ==2714== by 0x40BDCBB: process_ack_or_cancel (nua_session.c:2477) ==2714== by 0x408CE3C: incoming_call_callback (nta.c:6117) ==2714== by 0x408CAD3: incoming_ack (nta.c:6009) ==2714== by 0x40852BD: agent_recv_request (nta.c:2891) ==2714== by 0x4084478: agent_recv_message (nta.c:2722) ==2714== by 0x4111903: tport_base_deliver (tport.c:3013) ==2714== by 0x4111896: tport_deliver (tport.c:3002) ==2714== by 0x4111456: tport_parse (tport.c:2919) ==2714== by 0x4111101: tport_recv_event (tport.c:2861) ==2714== by 0x4110D7D: tport_base_wakeup (tport.c:2763) ==2714== Address 0x5451cb4 is 68 bytes inside a block of size 72 free'd ==2714== at 0x401A61F: free (m_replacemalloc/vg_replace_malloc.c:323) ==2714== by 0x40F7464: su_free (su_alloc.c:838) ==2714== by 0x40A688F: nua_server_request_destroy (nua_stack.c:1504) ==2714== by 0x40BB93A: nua_session_usage_shutdown (nua_session.c:1575) ==2714== by 0x40AC554: nua_dialog_usage_shutdown (nua_dialog.c:603) ==2714== by 0x40AA6DA: nua_base_client_response (nua_stack.c:3257) ==2714== by 0x40BA5BB: nua_session_client_response (nua_session.c:1007) ==2714== by 0x40B99FB: nua_invite_client_response (nua_session.c:865) ==2714== by 0x40A98D7: nua_client_response (nua_stack.c:2914) ==2714== by 0x40A9646: nua_client_return (nua_stack.c:2835) ==2714== by 0x40B931C: nua_invite_client_init (nua_session.c:745) ==2714== by 0x40A87DE: nua_client_init_request0 (nua_stack.c:2448) ==2714== ==2714== Invalid read of size 4 ==2714== at 0x40A67EE: nua_server_request_destroy (nua_stack.c:1491) ==2714== by 0x40BE3AE: process_ack (nua_session.c:2573) ==2714== by 0x40BDCBB: process_ack_or_cancel (nua_session.c:2477) ==2714== by 0x408CE3C: incoming_call_callback (nta.c:6117) ==2714== by 0x408CAD3: incoming_ack (nta.c:6009) ==2714== by 0x40852BD: agent_recv_request (nta.c:2891) ==2714== by 0x4084478: agent_recv_message (nta.c:2722) ==2714== by 0x4111903: tport_base_deliver (tport.c:3013) ==2714== by 0x4111896: tport_deliver (tport.c:3002) ==2714== by 0x4111456: tport_parse (tport.c:2919) ==2714== by 0x4111101: tport_recv_event (tport.c:2861) ==2714== by 0x4110D7D: tport_base_wakeup (tport.c:2763) ==2714== Address 0x5451c84 is 20 bytes inside a block of size 72 free'd ==2714== at 0x401A61F: free (m_replacemalloc/vg_replace_malloc.c:323) ==2714== by 0x40F7464: su_free (su_alloc.c:838) ==2714== by 0x40A688F: nua_server_request_destroy (nua_stack.c:1504) ==2714== by 0x40BB93A: nua_session_usage_shutdown (nua_session.c:1575) ==2714== by 0x40AC554: nua_dialog_usage_shutdown (nua_dialog.c:603) ==2714== by 0x40AA6DA: nua_base_client_response (nua_stack.c:3257) ==2714== by 0x40BA5BB: nua_session_client_response (nua_session.c:1007) ==2714== by 0x40B99FB: nua_invite_client_response (nua_session.c:865) ==2714== by 0x40A98D7: nua_client_response (nua_stack.c:2914) ==2714== by 0x40A9646: nua_client_return (nua_stack.c:2835) ==2714== by 0x40B931C: nua_invite_client_init (nua_session.c:745) ==2714== by 0x40A87DE: nua_client_init_request0 (nua_stack.c:2448) ==2714== ==2714== Invalid read of size 4 ==2714== at 0x40A6812: nua_server_request_destroy (nua_stack.c:1494) ==2714== by 0x40BE3AE: process_ack (nua_session.c:2573) ==2714== by 0x40BDCBB: process_ack_or_cancel (nua_session.c:2477) ==2714== by 0x408CE3C: incoming_call_callback (nta.c:6117) ==2714== by 0x408CAD3: incoming_ack (nta.c:6009) ==2714== by 0x40852BD: agent_recv_request (nta.c:2891) ==2714== by 0x4084478: agent_recv_message (nta.c:2722) ==2714== by 0x4111903: tport_base_deliver (tport.c:3013) ==2714== by 0x4111896: tport_deliver (tport.c:3002) ==2714== by 0x4111456: tport_parse (tport.c:2919) ==2714== by 0x4111101: tport_recv_event (tport.c:2861) ==2714== by 0x4110D7D: tport_base_wakeup (tport.c:2763) ==2714== Address 0x5451c88 is 24 bytes inside a block of size 72 free'd ==2714== at 0x401A61F: free (m_replacemalloc/vg_replace_malloc.c:323) ==2714== by 0x40F7464: su_free (su_alloc.c:838) ==2714== by 0x40A688F: nua_server_request_destroy (nua_stack.c:1504) ==2714== by 0x40BB93A: nua_session_usage_shutdown (nua_session.c:1575) ==2714== by 0x40AC554: nua_dialog_usage_shutdown (nua_dialog.c:603) ==2714== by 0x40AA6DA: nua_base_client_response (nua_stack.c:3257) ==2714== by 0x40BA5BB: nua_session_client_response (nua_session.c:1007) ==2714== by 0x40B99FB: nua_invite_client_response (nua_session.c:865) ==2714== by 0x40A98D7: nua_client_response (nua_stack.c:2914) ==2714== by 0x40A9646: nua_client_return (nua_stack.c:2835) ==2714== by 0x40B931C: nua_invite_client_init (nua_session.c:745) ==2714== by 0x40A87DE: nua_client_init_request0 (nua_stack.c:2448) ==2714== ==2714== Invalid read of size 4 ==2714== at 0x40A6836: nua_server_request_destroy (nua_stack.c:1497) ==2714== by 0x40BE3AE: process_ack (nua_session.c:2573) ==2714== by 0x40BDCBB: process_ack_or_cancel (nua_session.c:2477) ==2714== by 0x408CE3C: incoming_call_callback (nta.c:6117) ==2714== by 0x408CAD3: incoming_ack (nta.c:6009) ==2714== by 0x40852BD: agent_recv_request (nta.c:2891) ==2714== by 0x4084478: agent_recv_message (nta.c:2722) ==2714== by 0x4111903: tport_base_deliver (tport.c:3013) ==2714== by 0x4111896: tport_deliver (tport.c:3002) ==2714== by 0x4111456: tport_parse (tport.c:2919) ==2714== by 0x4111101: tport_recv_event (tport.c:2861) ==2714== by 0x4110D7D: tport_base_wakeup (tport.c:2763) ==2714== Address 0x5451c90 is 32 bytes inside a block of size 72 free'd ==2714== at 0x401A61F: free (m_replacemalloc/vg_replace_malloc.c:323) ==2714== by 0x40F7464: su_free (su_alloc.c:838) ==2714== by 0x40A688F: nua_server_request_destroy (nua_stack.c:1504) ==2714== by 0x40BB93A: nua_session_usage_shutdown (nua_session.c:1575) ==2714== by 0x40AC554: nua_dialog_usage_shutdown (nua_dialog.c:603) ==2714== by 0x40AA6DA: nua_base_client_response (nua_stack.c:3257) ==2714== by 0x40BA5BB: nua_session_client_response (nua_session.c:1007) ==2714== by 0x40B99FB: nua_invite_client_response (nua_session.c:865) ==2714== by 0x40A98D7: nua_client_response (nua_stack.c:2914) ==2714== by 0x40A9646: nua_client_return (nua_stack.c:2835) ==2714== by 0x40B931C: nua_invite_client_init (nua_session.c:745) ==2714== by 0x40A87DE: nua_client_init_request0 (nua_stack.c:2448) ==2714== ==2714== Invalid read of size 4 ==2714== at 0x40A685A: nua_server_request_destroy (nua_stack.c:1500) ==2714== by 0x40BE3AE: process_ack (nua_session.c:2573) ==2714== by 0x40BDCBB: process_ack_or_cancel (nua_session.c:2477) ==2714== by 0x408CE3C: incoming_call_callback (nta.c:6117) ==2714== by 0x408CAD3: incoming_ack (nta.c:6009) ==2714== by 0x40852BD: agent_recv_request (nta.c:2891) ==2714== by 0x4084478: agent_recv_message (nta.c:2722) ==2714== by 0x4111903: tport_base_deliver (tport.c:3013) ==2714== by 0x4111896: tport_deliver (tport.c:3002) ==2714== by 0x4111456: tport_parse (tport.c:2919) ==2714== by 0x4111101: tport_recv_event (tport.c:2861) ==2714== by 0x4110D7D: tport_base_wakeup (tport.c:2763) ==2714== Address 0x5451c74 is 4 bytes inside a block of size 72 free'd ==2714== at 0x401A61F: free (m_replacemalloc/vg_replace_malloc.c:323) ==2714== by 0x40F7464: su_free (su_alloc.c:838) ==2714== by 0x40A688F: nua_server_request_destroy (nua_stack.c:1504) ==2714== by 0x40BB93A: nua_session_usage_shutdown (nua_session.c:1575) ==2714== by 0x40AC554: nua_dialog_usage_shutdown (nua_dialog.c:603) ==2714== by 0x40AA6DA: nua_base_client_response (nua_stack.c:3257) ==2714== by 0x40BA5BB: nua_session_client_response (nua_session.c:1007) ==2714== by 0x40B99FB: nua_invite_client_response (nua_session.c:865) ==2714== by 0x40A98D7: nua_client_response (nua_stack.c:2914) ==2714== by 0x40A9646: nua_client_return (nua_stack.c:2835) ==2714== by 0x40B931C: nua_invite_client_init (nua_session.c:745) ==2714== by 0x40A87DE: nua_client_init_request0 (nua_stack.c:2448) ==2714== ==2714== Invalid read of size 4 ==2714== at 0x40A6863: nua_server_request_destroy (nua_stack.c:1502) ==2714== by 0x40BE3AE: process_ack (nua_session.c:2573) ==2714== by 0x40BDCBB: process_ack_or_cancel (nua_session.c:2477) ==2714== by 0x408CE3C: incoming_call_callback (nta.c:6117) ==2714== by 0x408CAD3: incoming_ack (nta.c:6009) ==2714== by 0x40852BD: agent_recv_request (nta.c:2891) ==2714== by 0x4084478: agent_recv_message (nta.c:2722) ==2714== by 0x4111903: tport_base_deliver (tport.c:3013) ==2714== by 0x4111896: tport_deliver (tport.c:3002) ==2714== by 0x4111456: tport_parse (tport.c:2919) ==2714== by 0x4111101: tport_recv_event (tport.c:2861) ==2714== by 0x4110D7D: tport_base_wakeup (tport.c:2763) ==2714== Address 0x5451c74 is 4 bytes inside a block of size 72 free'd ==2714== at 0x401A61F: free (m_replacemalloc/vg_replace_malloc.c:323) ==2714== by 0x40F7464: su_free (su_alloc.c:838) ==2714== by 0x40A688F: nua_server_request_destroy (nua_stack.c:1504) ==2714== by 0x40BB93A: nua_session_usage_shutdown (nua_session.c:1575) ==2714== by 0x40AC554: nua_dialog_usage_shutdown (nua_dialog.c:603) ==2714== by 0x40AA6DA: nua_base_client_response (nua_stack.c:3257) ==2714== by 0x40BA5BB: nua_session_client_response (nua_session.c:1007) ==2714== by 0x40B99FB: nua_invite_client_response (nua_session.c:865) ==2714== by 0x40A98D7: nua_client_response (nua_stack.c:2914) ==2714== by 0x40A9646: nua_client_return (nua_stack.c:2835) ==2714== by 0x40B931C: nua_invite_client_init (nua_session.c:745) ==2714== by 0x40A87DE: nua_client_init_request0 (nua_stack.c:2448) ==2714== ==2714== Invalid read of size 4 ==2714== at 0x40A6869: nua_server_request_destroy (nua_stack.c:1502) ==2714== by 0x40BE3AE: process_ack (nua_session.c:2573) ==2714== by 0x40BDCBB: process_ack_or_cancel (nua_session.c:2477) ==2714== by 0x408CE3C: incoming_call_callback (nta.c:6117) ==2714== by 0x408CAD3: incoming_ack (nta.c:6009) ==2714== by 0x40852BD: agent_recv_request (nta.c:2891) ==2714== by 0x4084478: agent_recv_message (nta.c:2722) ==2714== by 0x4111903: tport_base_deliver (tport.c:3013) ==2714== by 0x4111896: tport_deliver (tport.c:3002) ==2714== by 0x4111456: tport_parse (tport.c:2919) ==2714== by 0x4111101: tport_recv_event (tport.c:2861) ==2714== by 0x4110D7D: tport_base_wakeup (tport.c:2763) ==2714== Address 0x5451c70 is 0 bytes inside a block of size 72 free'd ==2714== at 0x401A61F: free (m_replacemalloc/vg_replace_malloc.c:323) ==2714== by 0x40F7464: su_free (su_alloc.c:838) ==2714== by 0x40A688F: nua_server_request_destroy (nua_stack.c:1504) ==2714== by 0x40BB93A: nua_session_usage_shutdown (nua_session.c:1575) ==2714== by 0x40AC554: nua_dialog_usage_shutdown (nua_dialog.c:603) ==2714== by 0x40AA6DA: nua_base_client_response (nua_stack.c:3257) ==2714== by 0x40BA5BB: nua_session_client_response (nua_session.c:1007) ==2714== by 0x40B99FB: nua_invite_client_response (nua_session.c:865) ==2714== by 0x40A98D7: nua_client_response (nua_stack.c:2914) ==2714== by 0x40A9646: nua_client_return (nua_stack.c:2835) ==2714== by 0x40B931C: nua_invite_client_init (nua_session.c:745) ==2714== by 0x40A87DE: nua_client_init_request0 (nua_stack.c:2448) ==2714== ==2714== Invalid read of size 4 ==2714== at 0x40A6888: nua_server_request_destroy (nua_stack.c:1504) ==2714== by 0x40BE3AE: process_ack (nua_session.c:2573) ==2714== by 0x40BDCBB: process_ack_or_cancel (nua_session.c:2477) ==2714== by 0x408CE3C: incoming_call_callback (nta.c:6117) ==2714== by 0x408CAD3: incoming_ack (nta.c:6009) ==2714== by 0x40852BD: agent_recv_request (nta.c:2891) ==2714== by 0x4084478: agent_recv_message (nta.c:2722) ==2714== by 0x4111903: tport_base_deliver (tport.c:3013) ==2714== by 0x4111896: tport_deliver (tport.c:3002) ==2714== by 0x4111456: tport_parse (tport.c:2919) ==2714== by 0x4111101: tport_recv_event (tport.c:2861) ==2714== by 0x4110D7D: tport_base_wakeup (tport.c:2763) ==2714== Address 0x5451c7c is 12 bytes inside a block of size 72 free'd ==2714== at 0x401A61F: free (m_replacemalloc/vg_replace_malloc.c:323) ==2714== by 0x40F7464: su_free (su_alloc.c:838) ==2714== by 0x40A688F: nua_server_request_destroy (nua_stack.c:1504) ==2714== by 0x40BB93A: nua_session_usage_shutdown (nua_session.c:1575) ==2714== by 0x40AC554: nua_dialog_usage_shutdown (nua_dialog.c:603) ==2714== by 0x40AA6DA: nua_base_client_response (nua_stack.c:3257) ==2714== by 0x40BA5BB: nua_session_client_response (nua_session.c:1007) ==2714== by 0x40B99FB: nua_invite_client_response (nua_session.c:865) ==2714== by 0x40A98D7: nua_client_response (nua_stack.c:2914) ==2714== by 0x40A9646: nua_client_return (nua_stack.c:2835) ==2714== by 0x40B931C: nua_invite_client_init (nua_session.c:745) ==2714== by 0x40A87DE: nua_client_init_request0 (nua_stack.c:2448) ==2714== ==2714== Invalid free() / delete / delete[] ==2714== at 0x401A61F: free (m_replacemalloc/vg_replace_malloc.c:323) ==2714== by 0x40F7464: su_free (su_alloc.c:838) ==2714== by 0x40A688F: nua_server_request_destroy (nua_stack.c:1504) ==2714== by 0x40BE3AE: process_ack (nua_session.c:2573) ==2714== by 0x40BDCBB: process_ack_or_cancel (nua_session.c:2477) ==2714== by 0x408CE3C: incoming_call_callback (nta.c:6117) ==2714== by 0x408CAD3: incoming_ack (nta.c:6009) ==2714== by 0x40852BD: agent_recv_request (nta.c:2891) ==2714== by 0x4084478: agent_recv_message (nta.c:2722) ==2714== by 0x4111903: tport_base_deliver (tport.c:3013) ==2714== by 0x4111896: tport_deliver (tport.c:3002) ==2714== by 0x4111456: tport_parse (tport.c:2919) ==2714== Address 0x5451c70 is 0 bytes inside a block of size 72 free'd ==2714== at 0x401A61F: free (m_replacemalloc/vg_replace_malloc.c:323) ==2714== by 0x40F7464: su_free (su_alloc.c:838) ==2714== by 0x40A688F: nua_server_request_destroy (nua_stack.c:1504) ==2714== by 0x40BB93A: nua_session_usage_shutdown (nua_session.c:1575) ==2714== by 0x40AC554: nua_dialog_usage_shutdown (nua_dialog.c:603) ==2714== by 0x40AA6DA: nua_base_client_response (nua_stack.c:3257) ==2714== by 0x40BA5BB: nua_session_client_response (nua_session.c:1007) ==2714== by 0x40B99FB: nua_invite_client_response (nua_session.c:865) ==2714== by 0x40A98D7: nua_client_response (nua_stack.c:2914) ==2714== by 0x40A9646: nua_client_return (nua_stack.c:2835) ==2714== by 0x40B931C: nua_invite_client_init (nua_session.c:745) ==2714== by 0x40A87DE: nua_client_init_request0 (nua_stack.c:2448) Help is much appreciated. Thanks. On Thu, Dec 3, 2009 at 09:41, Fabio Margarido <fabiomargar...@gmail.com> wrote: > Hi there, > > we've been observing recurring crashes in one of our clients' > applications and all the information we could gather pointed to > Sofia's address space, but we couldn't pinpoint exactly where. > Yesterday, after a bit of digging around and successfully setting up > the client's environment to run valgrind, we were able to obtain the > following backtrace for the problem: > > ==2608== > ==2608== Thread 11: > ==2608== Invalid read of size 4 > ==2608== at 0x40BEE93: nua_prack_server_report (nua_session.c:2893) > ==2608== by 0x40A74CE: nua_server_report (nua_stack.c:1827) > ==2608== by 0x40A6AC3: nua_stack_respond (nua_stack.c:1633) > ==2608== by 0x40A45BF: nua_stack_signal (nua_stack.c:650) > ==2608== by 0x40FF0B3: su_base_port_execute_msgs (su_base_port.c:276) > ==2608== by 0x40FEE1F: su_base_port_getmsgs (su_base_port.c:198) > ==2608== by 0x40FF175: su_base_port_run (su_base_port.c:331) > ==2608== by 0x40FCFCA: su_port_run (su_port.h:310) > ==2608== by 0x40FC2BF: su_root_run (su_root.c:689) > ==2608== by 0x40FFCF7: su_pthread_port_clone_main (su_pthread_port.c:321) > ==2608== by 0x41B30CD: pthread_start_thread (manager.c:291) > ==2608== by 0x4321739: clone (in /lib/libc-2.2.4.so) > ==2608== Address 0x4c3d67c is 68 bytes inside a block of size 72 free'd > ==2608== at 0x401A61F: free (m_replacemalloc/vg_replace_malloc.c:323) > ==2608== by 0x40F7464: su_free (su_alloc.c:838) > ==2608== by 0x40A688F: nua_server_request_destroy (nua_stack.c:1504) > ==2608== by 0x40BE3AE: process_ack (nua_session.c:2573) > ==2608== by 0x40BDCBB: process_ack_or_cancel (nua_session.c:2477) > ==2608== by 0x408CE3C: incoming_call_callback (nta.c:6117) > ==2608== by 0x408CAD3: incoming_ack (nta.c:6009) > ==2608== by 0x40852BD: agent_recv_request (nta.c:2891) > ==2608== by 0x4084478: agent_recv_message (nta.c:2722) > ==2608== by 0x4111903: tport_base_deliver (tport.c:3013) > ==2608== by 0x4111896: tport_deliver (tport.c:3002) > ==2608== by 0x4111456: tport_parse (tport.c:2919) > > If I'm reading this correctly, it seems the application is trying to > do something strange (send a PRACK after receiving and ACK, is that > what it is?). Nevertheless, I believe the stack should detect this > situation and be protected from the crash. > Could anybody please help me figure out how to correct this? Is this > by any chance already caught and corrected in the latest darcs? > Thanks in advance. > > Fabio > ------------------------------------------------------------------------------ Return on Information: Google Enterprise Search pays you back Get the facts. http://p.sf.net/sfu/google-dev2dev _______________________________________________ Sofia-sip-devel mailing list Sofia-sip-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sofia-sip-devel
