Bugs item #2914940, was opened at 2009-12-15 15:57 Message generated for change (Tracker Item Submitted) made by fabiomargarido You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=756076&aid=2914940&group_id=143636
Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: None Status: Open Resolution: None Priority: 5 Private: No Submitted By: Fabio Margarido (fabiomargarido) Assigned to: Nobody/Anonymous (nobody) Summary: Crash in 1.12.10 Initial Comment: We've been observing recurring crashes in one of our clients' applications and after a bit of digging around and successfully setting up the client's environment to run valgrind, we were able to obtain the following backtrace for the problem: ==2608== ==2608== Thread 11: ==2608== Invalid read of size 4 ==2608== at 0x40BEE93: nua_prack_server_report (nua_session.c:2893) ==2608== by 0x40A74CE: nua_server_report (nua_stack.c:1827) ==2608== by 0x40A6AC3: nua_stack_respond (nua_stack.c:1633) ==2608== by 0x40A45BF: nua_stack_signal (nua_stack.c:650) ==2608== by 0x40FF0B3: su_base_port_execute_msgs (su_base_port.c:276) ==2608== by 0x40FEE1F: su_base_port_getmsgs (su_base_port.c:198) ==2608== by 0x40FF175: su_base_port_run (su_base_port.c:331) ==2608== by 0x40FCFCA: su_port_run (su_port.h:310) ==2608== by 0x40FC2BF: su_root_run (su_root.c:689) ==2608== by 0x40FFCF7: su_pthread_port_clone_main (su_pthread_port.c:321) ==2608== by 0x41B30CD: pthread_start_thread (manager.c:291) ==2608== by 0x4321739: clone (in /lib/libc-2.2.4.so) ==2608== Address 0x4c3d67c is 68 bytes inside a block of size 72 free'd ==2608== at 0x401A61F: free (m_replacemalloc/vg_replace_malloc.c:323) ==2608== by 0x40F7464: su_free (su_alloc.c:838) ==2608== by 0x40A688F: nua_server_request_destroy (nua_stack.c:1504) ==2608== by 0x40BE3AE: process_ack (nua_session.c:2573) ==2608== by 0x40BDCBB: process_ack_or_cancel (nua_session.c:2477) ==2608== by 0x408CE3C: incoming_call_callback (nta.c:6117) ==2608== by 0x408CAD3: incoming_ack (nta.c:6009) ==2608== by 0x40852BD: agent_recv_request (nta.c:2891) ==2608== by 0x4084478: agent_recv_message (nta.c:2722) ==2608== by 0x4111903: tport_base_deliver (tport.c:3013) ==2608== by 0x4111896: tport_deliver (tport.c:3002) ==2608== by 0x4111456: tport_parse (tport.c:2919) Further investigation showed other crashes in similar conditions, such as this one: ==2714== ==2714== Thread 11: ==2714== Invalid read of size 4 ==2714== at 0x40A67D3: nua_server_request_destroy (nua_stack.c:1488) ==2714== by 0x40BE3AE: process_ack (nua_session.c:2573) ==2714== by 0x40BDCBB: process_ack_or_cancel (nua_session.c:2477) ==2714== by 0x408CE3C: incoming_call_callback (nta.c:6117) ==2714== by 0x408CAD3: incoming_ack (nta.c:6009) ==2714== by 0x40852BD: agent_recv_request (nta.c:2891) ==2714== by 0x4084478: agent_recv_message (nta.c:2722) ==2714== by 0x4111903: tport_base_deliver (tport.c:3013) ==2714== by 0x4111896: tport_deliver (tport.c:3002) ==2714== by 0x4111456: tport_parse (tport.c:2919) ==2714== by 0x4111101: tport_recv_event (tport.c:2861) ==2714== by 0x4110D7D: tport_base_wakeup (tport.c:2763) ==2714== Address 0x5451cb4 is 68 bytes inside a block of size 72 free'd ==2714== at 0x401A61F: free (m_replacemalloc/vg_replace_malloc.c:323) ==2714== by 0x40F7464: su_free (su_alloc.c:838) ==2714== by 0x40A688F: nua_server_request_destroy (nua_stack.c:1504) ==2714== by 0x40BB93A: nua_session_usage_shutdown (nua_session.c:1575) ==2714== by 0x40AC554: nua_dialog_usage_shutdown (nua_dialog.c:603) ==2714== by 0x40AA6DA: nua_base_client_response (nua_stack.c:3257) ==2714== by 0x40BA5BB: nua_session_client_response (nua_session.c:1007) ==2714== by 0x40B99FB: nua_invite_client_response (nua_session.c:865) ==2714== by 0x40A98D7: nua_client_response (nua_stack.c:2914) ==2714== by 0x40A9646: nua_client_return (nua_stack.c:2835) ==2714== by 0x40B931C: nua_invite_client_init (nua_session.c:745) ==2714== by 0x40A87DE: nua_client_init_request0 (nua_stack.c:2448) ==2714== ==2714== Invalid read of size 4 ==2714== at 0x40A67EE: nua_server_request_destroy (nua_stack.c:1491) ==2714== by 0x40BE3AE: process_ack (nua_session.c:2573) ==2714== by 0x40BDCBB: process_ack_or_cancel (nua_session.c:2477) ==2714== by 0x408CE3C: incoming_call_callback (nta.c:6117) ==2714== by 0x408CAD3: incoming_ack (nta.c:6009) ==2714== by 0x40852BD: agent_recv_request (nta.c:2891) ==2714== by 0x4084478: agent_recv_message (nta.c:2722) ==2714== by 0x4111903: tport_base_deliver (tport.c:3013) ==2714== by 0x4111896: tport_deliver (tport.c:3002) ==2714== by 0x4111456: tport_parse (tport.c:2919) ==2714== by 0x4111101: tport_recv_event (tport.c:2861) ==2714== by 0x4110D7D: tport_base_wakeup (tport.c:2763) ==2714== Address 0x5451c84 is 20 bytes inside a block of size 72 free'd ==2714== at 0x401A61F: free (m_replacemalloc/vg_replace_malloc.c:323) ==2714== by 0x40F7464: su_free (su_alloc.c:838) ==2714== by 0x40A688F: nua_server_request_destroy (nua_stack.c:1504) ==2714== by 0x40BB93A: nua_session_usage_shutdown (nua_session.c:1575) ==2714== by 0x40AC554: nua_dialog_usage_shutdown (nua_dialog.c:603) ==2714== by 0x40AA6DA: nua_base_client_response (nua_stack.c:3257) ==2714== by 0x40BA5BB: nua_session_client_response (nua_session.c:1007) ==2714== by 0x40B99FB: nua_invite_client_response (nua_session.c:865) ==2714== by 0x40A98D7: nua_client_response (nua_stack.c:2914) ==2714== by 0x40A9646: nua_client_return (nua_stack.c:2835) ==2714== by 0x40B931C: nua_invite_client_init (nua_session.c:745) ==2714== by 0x40A87DE: nua_client_init_request0 (nua_stack.c:2448) ==2714== ==2714== Invalid read of size 4 ==2714== at 0x40A6812: nua_server_request_destroy (nua_stack.c:1494) ==2714== by 0x40BE3AE: process_ack (nua_session.c:2573) ==2714== by 0x40BDCBB: process_ack_or_cancel (nua_session.c:2477) ==2714== by 0x408CE3C: incoming_call_callback (nta.c:6117) ==2714== by 0x408CAD3: incoming_ack (nta.c:6009) ==2714== by 0x40852BD: agent_recv_request (nta.c:2891) ==2714== by 0x4084478: agent_recv_message (nta.c:2722) ==2714== by 0x4111903: tport_base_deliver (tport.c:3013) ==2714== by 0x4111896: tport_deliver (tport.c:3002) ==2714== by 0x4111456: tport_parse (tport.c:2919) ==2714== by 0x4111101: tport_recv_event (tport.c:2861) ==2714== by 0x4110D7D: tport_base_wakeup (tport.c:2763) ==2714== Address 0x5451c88 is 24 bytes inside a block of size 72 free'd ==2714== at 0x401A61F: free (m_replacemalloc/vg_replace_malloc.c:323) ==2714== by 0x40F7464: su_free (su_alloc.c:838) ==2714== by 0x40A688F: nua_server_request_destroy (nua_stack.c:1504) ==2714== by 0x40BB93A: nua_session_usage_shutdown (nua_session.c:1575) ==2714== by 0x40AC554: nua_dialog_usage_shutdown (nua_dialog.c:603) ==2714== by 0x40AA6DA: nua_base_client_response (nua_stack.c:3257) ==2714== by 0x40BA5BB: nua_session_client_response (nua_session.c:1007) ==2714== by 0x40B99FB: nua_invite_client_response (nua_session.c:865) ==2714== by 0x40A98D7: nua_client_response (nua_stack.c:2914) ==2714== by 0x40A9646: nua_client_return (nua_stack.c:2835) ==2714== by 0x40B931C: nua_invite_client_init (nua_session.c:745) ==2714== by 0x40A87DE: nua_client_init_request0 (nua_stack.c:2448) ==2714== ==2714== Invalid read of size 4 ==2714== at 0x40A6836: nua_server_request_destroy (nua_stack.c:1497) ==2714== by 0x40BE3AE: process_ack (nua_session.c:2573) ==2714== by 0x40BDCBB: process_ack_or_cancel (nua_session.c:2477) ==2714== by 0x408CE3C: incoming_call_callback (nta.c:6117) ==2714== by 0x408CAD3: incoming_ack (nta.c:6009) ==2714== by 0x40852BD: agent_recv_request (nta.c:2891) ==2714== by 0x4084478: agent_recv_message (nta.c:2722) ==2714== by 0x4111903: tport_base_deliver (tport.c:3013) ==2714== by 0x4111896: tport_deliver (tport.c:3002) ==2714== by 0x4111456: tport_parse (tport.c:2919) ==2714== by 0x4111101: tport_recv_event (tport.c:2861) ==2714== by 0x4110D7D: tport_base_wakeup (tport.c:2763) ==2714== Address 0x5451c90 is 32 bytes inside a block of size 72 free'd ==2714== at 0x401A61F: free (m_replacemalloc/vg_replace_malloc.c:323) ==2714== by 0x40F7464: su_free (su_alloc.c:838) ==2714== by 0x40A688F: nua_server_request_destroy (nua_stack.c:1504) ==2714== by 0x40BB93A: nua_session_usage_shutdown (nua_session.c:1575) ==2714== by 0x40AC554: nua_dialog_usage_shutdown (nua_dialog.c:603) ==2714== by 0x40AA6DA: nua_base_client_response (nua_stack.c:3257) ==2714== by 0x40BA5BB: nua_session_client_response (nua_session.c:1007) ==2714== by 0x40B99FB: nua_invite_client_response (nua_session.c:865) ==2714== by 0x40A98D7: nua_client_response (nua_stack.c:2914) ==2714== by 0x40A9646: nua_client_return (nua_stack.c:2835) ==2714== by 0x40B931C: nua_invite_client_init (nua_session.c:745) ==2714== by 0x40A87DE: nua_client_init_request0 (nua_stack.c:2448) ==2714== ==2714== Invalid read of size 4 ==2714== at 0x40A685A: nua_server_request_destroy (nua_stack.c:1500) ==2714== by 0x40BE3AE: process_ack (nua_session.c:2573) ==2714== by 0x40BDCBB: process_ack_or_cancel (nua_session.c:2477) ==2714== by 0x408CE3C: incoming_call_callback (nta.c:6117) ==2714== by 0x408CAD3: incoming_ack (nta.c:6009) ==2714== by 0x40852BD: agent_recv_request (nta.c:2891) ==2714== by 0x4084478: agent_recv_message (nta.c:2722) ==2714== by 0x4111903: tport_base_deliver (tport.c:3013) ==2714== by 0x4111896: tport_deliver (tport.c:3002) ==2714== by 0x4111456: tport_parse (tport.c:2919) ==2714== by 0x4111101: tport_recv_event (tport.c:2861) ==2714== by 0x4110D7D: tport_base_wakeup (tport.c:2763) ==2714== Address 0x5451c74 is 4 bytes inside a block of size 72 free'd ==2714== at 0x401A61F: free (m_replacemalloc/vg_replace_malloc.c:323) ==2714== by 0x40F7464: su_free (su_alloc.c:838) ==2714== by 0x40A688F: nua_server_request_destroy (nua_stack.c:1504) ==2714== by 0x40BB93A: nua_session_usage_shutdown (nua_session.c:1575) ==2714== by 0x40AC554: nua_dialog_usage_shutdown (nua_dialog.c:603) ==2714== by 0x40AA6DA: nua_base_client_response (nua_stack.c:3257) ==2714== by 0x40BA5BB: nua_session_client_response (nua_session.c:1007) ==2714== by 0x40B99FB: nua_invite_client_response (nua_session.c:865) ==2714== by 0x40A98D7: nua_client_response (nua_stack.c:2914) ==2714== by 0x40A9646: nua_client_return (nua_stack.c:2835) ==2714== by 0x40B931C: nua_invite_client_init (nua_session.c:745) ==2714== by 0x40A87DE: nua_client_init_request0 (nua_stack.c:2448) ==2714== ==2714== Invalid read of size 4 ==2714== at 0x40A6863: nua_server_request_destroy (nua_stack.c:1502) ==2714== by 0x40BE3AE: process_ack (nua_session.c:2573) ==2714== by 0x40BDCBB: process_ack_or_cancel (nua_session.c:2477) ==2714== by 0x408CE3C: incoming_call_callback (nta.c:6117) ==2714== by 0x408CAD3: incoming_ack (nta.c:6009) ==2714== by 0x40852BD: agent_recv_request (nta.c:2891) ==2714== by 0x4084478: agent_recv_message (nta.c:2722) ==2714== by 0x4111903: tport_base_deliver (tport.c:3013) ==2714== by 0x4111896: tport_deliver (tport.c:3002) ==2714== by 0x4111456: tport_parse (tport.c:2919) ==2714== by 0x4111101: tport_recv_event (tport.c:2861) ==2714== by 0x4110D7D: tport_base_wakeup (tport.c:2763) ==2714== Address 0x5451c74 is 4 bytes inside a block of size 72 free'd ==2714== at 0x401A61F: free (m_replacemalloc/vg_replace_malloc.c:323) ==2714== by 0x40F7464: su_free (su_alloc.c:838) ==2714== by 0x40A688F: nua_server_request_destroy (nua_stack.c:1504) ==2714== by 0x40BB93A: nua_session_usage_shutdown (nua_session.c:1575) ==2714== by 0x40AC554: nua_dialog_usage_shutdown (nua_dialog.c:603) ==2714== by 0x40AA6DA: nua_base_client_response (nua_stack.c:3257) ==2714== by 0x40BA5BB: nua_session_client_response (nua_session.c:1007) ==2714== by 0x40B99FB: nua_invite_client_response (nua_session.c:865) ==2714== by 0x40A98D7: nua_client_response (nua_stack.c:2914) ==2714== by 0x40A9646: nua_client_return (nua_stack.c:2835) ==2714== by 0x40B931C: nua_invite_client_init (nua_session.c:745) ==2714== by 0x40A87DE: nua_client_init_request0 (nua_stack.c:2448) ==2714== ==2714== Invalid read of size 4 ==2714== at 0x40A6869: nua_server_request_destroy (nua_stack.c:1502) ==2714== by 0x40BE3AE: process_ack (nua_session.c:2573) ==2714== by 0x40BDCBB: process_ack_or_cancel (nua_session.c:2477) ==2714== by 0x408CE3C: incoming_call_callback (nta.c:6117) ==2714== by 0x408CAD3: incoming_ack (nta.c:6009) ==2714== by 0x40852BD: agent_recv_request (nta.c:2891) ==2714== by 0x4084478: agent_recv_message (nta.c:2722) ==2714== by 0x4111903: tport_base_deliver (tport.c:3013) ==2714== by 0x4111896: tport_deliver (tport.c:3002) ==2714== by 0x4111456: tport_parse (tport.c:2919) ==2714== by 0x4111101: tport_recv_event (tport.c:2861) ==2714== by 0x4110D7D: tport_base_wakeup (tport.c:2763) ==2714== Address 0x5451c70 is 0 bytes inside a block of size 72 free'd ==2714== at 0x401A61F: free (m_replacemalloc/vg_replace_malloc.c:323) ==2714== by 0x40F7464: su_free (su_alloc.c:838) ==2714== by 0x40A688F: nua_server_request_destroy (nua_stack.c:1504) ==2714== by 0x40BB93A: nua_session_usage_shutdown (nua_session.c:1575) ==2714== by 0x40AC554: nua_dialog_usage_shutdown (nua_dialog.c:603) ==2714== by 0x40AA6DA: nua_base_client_response (nua_stack.c:3257) ==2714== by 0x40BA5BB: nua_session_client_response (nua_session.c:1007) ==2714== by 0x40B99FB: nua_invite_client_response (nua_session.c:865) ==2714== by 0x40A98D7: nua_client_response (nua_stack.c:2914) ==2714== by 0x40A9646: nua_client_return (nua_stack.c:2835) ==2714== by 0x40B931C: nua_invite_client_init (nua_session.c:745) ==2714== by 0x40A87DE: nua_client_init_request0 (nua_stack.c:2448) ==2714== ==2714== Invalid read of size 4 ==2714== at 0x40A6888: nua_server_request_destroy (nua_stack.c:1504) ==2714== by 0x40BE3AE: process_ack (nua_session.c:2573) ==2714== by 0x40BDCBB: process_ack_or_cancel (nua_session.c:2477) ==2714== by 0x408CE3C: incoming_call_callback (nta.c:6117) ==2714== by 0x408CAD3: incoming_ack (nta.c:6009) ==2714== by 0x40852BD: agent_recv_request (nta.c:2891) ==2714== by 0x4084478: agent_recv_message (nta.c:2722) ==2714== by 0x4111903: tport_base_deliver (tport.c:3013) ==2714== by 0x4111896: tport_deliver (tport.c:3002) ==2714== by 0x4111456: tport_parse (tport.c:2919) ==2714== by 0x4111101: tport_recv_event (tport.c:2861) ==2714== by 0x4110D7D: tport_base_wakeup (tport.c:2763) ==2714== Address 0x5451c7c is 12 bytes inside a block of size 72 free'd ==2714== at 0x401A61F: free (m_replacemalloc/vg_replace_malloc.c:323) ==2714== by 0x40F7464: su_free (su_alloc.c:838) ==2714== by 0x40A688F: nua_server_request_destroy (nua_stack.c:1504) ==2714== by 0x40BB93A: nua_session_usage_shutdown (nua_session.c:1575) ==2714== by 0x40AC554: nua_dialog_usage_shutdown (nua_dialog.c:603) ==2714== by 0x40AA6DA: nua_base_client_response (nua_stack.c:3257) ==2714== by 0x40BA5BB: nua_session_client_response (nua_session.c:1007) ==2714== by 0x40B99FB: nua_invite_client_response (nua_session.c:865) ==2714== by 0x40A98D7: nua_client_response (nua_stack.c:2914) ==2714== by 0x40A9646: nua_client_return (nua_stack.c:2835) ==2714== by 0x40B931C: nua_invite_client_init (nua_session.c:745) ==2714== by 0x40A87DE: nua_client_init_request0 (nua_stack.c:2448) ==2714== ==2714== Invalid free() / delete / delete[] ==2714== at 0x401A61F: free (m_replacemalloc/vg_replace_malloc.c:323) ==2714== by 0x40F7464: su_free (su_alloc.c:838) ==2714== by 0x40A688F: nua_server_request_destroy (nua_stack.c:1504) ==2714== by 0x40BE3AE: process_ack (nua_session.c:2573) ==2714== by 0x40BDCBB: process_ack_or_cancel (nua_session.c:2477) ==2714== by 0x408CE3C: incoming_call_callback (nta.c:6117) ==2714== by 0x408CAD3: incoming_ack (nta.c:6009) ==2714== by 0x40852BD: agent_recv_request (nta.c:2891) ==2714== by 0x4084478: agent_recv_message (nta.c:2722) ==2714== by 0x4111903: tport_base_deliver (tport.c:3013) ==2714== by 0x4111896: tport_deliver (tport.c:3002) ==2714== by 0x4111456: tport_parse (tport.c:2919) ==2714== Address 0x5451c70 is 0 bytes inside a block of size 72 free'd ==2714== at 0x401A61F: free (m_replacemalloc/vg_replace_malloc.c:323) ==2714== by 0x40F7464: su_free (su_alloc.c:838) ==2714== by 0x40A688F: nua_server_request_destroy (nua_stack.c:1504) ==2714== by 0x40BB93A: nua_session_usage_shutdown (nua_session.c:1575) ==2714== by 0x40AC554: nua_dialog_usage_shutdown (nua_dialog.c:603) ==2714== by 0x40AA6DA: nua_base_client_response (nua_stack.c:3257) ==2714== by 0x40BA5BB: nua_session_client_response (nua_session.c:1007) ==2714== by 0x40B99FB: nua_invite_client_response (nua_session.c:865) ==2714== by 0x40A98D7: nua_client_response (nua_stack.c:2914) ==2714== by 0x40A9646: nua_client_return (nua_stack.c:2835) ==2714== by 0x40B931C: nua_invite_client_init (nua_session.c:745) ==2714== by 0x40A87DE: nua_client_init_request0 (nua_stack.c:2448) Apparently, there is a race condition causing these. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=756076&aid=2914940&group_id=143636 ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________ Sofia-sip-devel mailing list Sofia-sip-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sofia-sip-devel
