Mike, just to bring you up to speed, we have repeated our tests with your version of the stack and the crash still happens. We'll gather more data just to confirm that it is still the same issue, but from what we've seen it seems to be. Thanks.
On Thu, Dec 10, 2009 at 13:48, Fabio Margarido <fabiomargar...@gmail.com> wrote: > I meant open a bug report in Sofia's sf.net project page... > I don't know if Pekka has been following this list closely these days. > > On Thu, Dec 10, 2009 at 13:45, Michael Jerris <m...@jerris.com> wrote: >> Depends if you see this issue using our code or not. >> >> Mike >> >> On Dec 10, 2009, at 8:07 AM, Fabio Margarido wrote: >> >>> Mike, >>> >>> thanks for your suggestions. >>> I'll try to implement all of them and see if anything has any effect >>> on our problem. >>> However, I still feel this is a little strange. We use an in-house ipc >>> library for inter-thread communication, and all of our application >>> threads' backtraces start with a particular signature, something like: >>> >>> ==8646== by 0x804AE68: PROC_BLABLA(TypePtrParamProcess*) (in >>> /bin/program) >>> ==8646== by 0x4295191: start_thread (in /lib/i686/libpthread-2.4.so) >>> ==8646== by 0x422B90D: clone (in /lib/i686/libc-2.4.so) >>> >>> I don't see this in any of the reports spit by valgrind, so I feel >>> it's unlikely that our multi-threaded code is causing the condition. >>> Do you think I should open a bug report for this? Would that be any help? >>> Thanks. >>> >>> On Wed, Dec 9, 2009 at 18:53, Michael Jerris <m...@jerris.com> wrote: >>>> Sure, we have talked at length with pekka about it but we never figured >>>> out what exactly was causing it. Try just throwing a recursive mutex >>>> around the meat of your event handler function so it unlocks at the end of >>>> every loop, and around anything that calls sofia functions from other >>>> threads and see if that does the trick. if it does we can probably >>>> experiment what exact calls are causing it. >>>> >>>> Mike >>>> >>>> On Dec 9, 2009, at 2:25 PM, Fabio Margarido wrote: >>>> >>>>> Hmmm... >>>>> Yes, we do call sofia routines from threads other than the one running >>>>> the event loop... But if the stack isn't threadsafe, how can extra >>>>> mutexes in my code guarantee that my other threads are in sync with >>>>> the innings of sofia? Changing all of the code to run from a single >>>>> thread isn't really feasible in a timely manner... >>>>> Have you tried talking to Pekka and analyse the effort needed to fix >>>>> the stack itself? >>>>> I feel bummed... :D >>>>> Thanks again >>>>> >>>>> >>>>> On Wed, Dec 9, 2009 at 17:16, Michael Jerris <m...@jerris.com> wrote: >>>>>> I know we don't see this issue in freeswitch, but we do have some extra >>>>>> mutexing around our use of nua. Because of this, I suspect that your >>>>>> issue is due to multi threaded actions in your code, not in sofia >>>>>> itself. While sofia claims to be threadsafe in all the commands you can >>>>>> run from your code, in practice we have found this to not be entirely >>>>>> true. Are you running any sofia code from outside the thread running >>>>>> your event loop? >>>>> >>>>>> >>>>>> Mike >>>>>> >>>>>> On Dec 9, 2009, at 1:47 PM, Fabio Margarido wrote: >>>>>> >>>>>>> Yes, they happen a few times a day... >>>>>>> I'll try to setup an environment to test this version and report back >>>>>>> any results. >>>>>>> I don't want to sound negative, but I have doubts that this issue >>>>>>> could be already fixed in darcs... Analysing the valgrind backtraces, >>>>>>> it seems to be related to concurrency. >>>>>>> For example, if you look at nua_server_request_destroy(), invoked from >>>>>>> nua_session.c:2573 in the first valgrind trace I sent, it sets >>>>>>> 'sr->sr_irq = NULL' in nua_stack.c:1492. Then, afterwards, when the >>>>>>> invalid read occurs, there's a test to check if 'sri == NULL' in >>>>>>> nua_session.c:2890, which fails, because the invalid read occurs in >>>>>>> line 2893. How many threads does sofia start internally? Doesn't it >>>>>>> look like there's a race condition in that piece of the code? >>>>>>> Thanks again. >>>>>>> >>>>>>> On Wed, Dec 9, 2009 at 11:47, Michael Jerris <m...@jerris.com> wrote: >>>>>>>> Are these crashes reliably reproducable? If so, could you try to use >>>>>>>> the sofia-sip lib in the svn trunk of the freeswitch tree >>>>>>>> (http://svn.freeswitch.org/svn/freeswitch/trunk/libs/sofia-sip >>>>>>>> >>>>>>>> This is mostly the current darcs of sofia-sip plus a couple other >>>>>>>> patches that I have not gotten merged back in yet and I know we are >>>>>>>> not seeing this issue. >>>>>>>> >>>>>>>> Mike >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> On Dec 9, 2009, at 5:14 AM, Fabio Margarido wrote: >>>>>>>> >>>>>>>>> Just an update, I've found a similar error in what looks to be a >>>>>>>>> different situation: >>>>>>>>> >>>>>>>>> ==2714== >>>>>>>>> ==2714== Thread 11: >>>>>>>>> ==2714== Invalid read of size 4 >>>>>>>>> ==2714== at 0x40A67D3: nua_server_request_destroy >>>>>>>>> (nua_stack.c:1488) >>>>>>>>> ==2714== by 0x40BE3AE: process_ack (nua_session.c:2573) >>>>>>>>> ==2714== by 0x40BDCBB: process_ack_or_cancel (nua_session.c:2477) >>>>>>>>> ==2714== by 0x408CE3C: incoming_call_callback (nta.c:6117) >>>>>>>>> ==2714== by 0x408CAD3: incoming_ack (nta.c:6009) >>>>>>>>> ==2714== by 0x40852BD: agent_recv_request (nta.c:2891) >>>>>>>>> ==2714== by 0x4084478: agent_recv_message (nta.c:2722) >>>>>>>>> ==2714== by 0x4111903: tport_base_deliver (tport.c:3013) >>>>>>>>> ==2714== by 0x4111896: tport_deliver (tport.c:3002) >>>>>>>>> ==2714== by 0x4111456: tport_parse (tport.c:2919) >>>>>>>>> ==2714== by 0x4111101: tport_recv_event (tport.c:2861) >>>>>>>>> ==2714== by 0x4110D7D: tport_base_wakeup (tport.c:2763) >>>>>>>>> ==2714== Address 0x5451cb4 is 68 bytes inside a block of size 72 >>>>>>>>> free'd >>>>>>>>> ==2714== at 0x401A61F: free >>>>>>>>> (m_replacemalloc/vg_replace_malloc.c:323) >>>>>>>>> ==2714== by 0x40F7464: su_free (su_alloc.c:838) >>>>>>>>> ==2714== by 0x40A688F: nua_server_request_destroy >>>>>>>>> (nua_stack.c:1504) >>>>>>>>> ==2714== by 0x40BB93A: nua_session_usage_shutdown >>>>>>>>> (nua_session.c:1575) >>>>>>>>> ==2714== by 0x40AC554: nua_dialog_usage_shutdown (nua_dialog.c:603) >>>>>>>>> ==2714== by 0x40AA6DA: nua_base_client_response (nua_stack.c:3257) >>>>>>>>> ==2714== by 0x40BA5BB: nua_session_client_response >>>>>>>>> (nua_session.c:1007) >>>>>>>>> ==2714== by 0x40B99FB: nua_invite_client_response >>>>>>>>> (nua_session.c:865) >>>>>>>>> ==2714== by 0x40A98D7: nua_client_response (nua_stack.c:2914) >>>>>>>>> ==2714== by 0x40A9646: nua_client_return (nua_stack.c:2835) >>>>>>>>> ==2714== by 0x40B931C: nua_invite_client_init (nua_session.c:745) >>>>>>>>> ==2714== by 0x40A87DE: nua_client_init_request0 (nua_stack.c:2448) >>>>>>>>> ==2714== >>>>>>>>> ==2714== Invalid read of size 4 >>>>>>>>> ==2714== at 0x40A67EE: nua_server_request_destroy >>>>>>>>> (nua_stack.c:1491) >>>>>>>>> ==2714== by 0x40BE3AE: process_ack (nua_session.c:2573) >>>>>>>>> ==2714== by 0x40BDCBB: process_ack_or_cancel (nua_session.c:2477) >>>>>>>>> ==2714== by 0x408CE3C: incoming_call_callback (nta.c:6117) >>>>>>>>> ==2714== by 0x408CAD3: incoming_ack (nta.c:6009) >>>>>>>>> ==2714== by 0x40852BD: agent_recv_request (nta.c:2891) >>>>>>>>> ==2714== by 0x4084478: agent_recv_message (nta.c:2722) >>>>>>>>> ==2714== by 0x4111903: tport_base_deliver (tport.c:3013) >>>>>>>>> ==2714== by 0x4111896: tport_deliver (tport.c:3002) >>>>>>>>> ==2714== by 0x4111456: tport_parse (tport.c:2919) >>>>>>>>> ==2714== by 0x4111101: tport_recv_event (tport.c:2861) >>>>>>>>> ==2714== by 0x4110D7D: tport_base_wakeup (tport.c:2763) >>>>>>>>> ==2714== Address 0x5451c84 is 20 bytes inside a block of size 72 >>>>>>>>> free'd >>>>>>>>> ==2714== at 0x401A61F: free >>>>>>>>> (m_replacemalloc/vg_replace_malloc.c:323) >>>>>>>>> ==2714== by 0x40F7464: su_free (su_alloc.c:838) >>>>>>>>> ==2714== by 0x40A688F: nua_server_request_destroy >>>>>>>>> (nua_stack.c:1504) >>>>>>>>> ==2714== by 0x40BB93A: nua_session_usage_shutdown >>>>>>>>> (nua_session.c:1575) >>>>>>>>> ==2714== by 0x40AC554: nua_dialog_usage_shutdown (nua_dialog.c:603) >>>>>>>>> ==2714== by 0x40AA6DA: nua_base_client_response (nua_stack.c:3257) >>>>>>>>> ==2714== by 0x40BA5BB: nua_session_client_response >>>>>>>>> (nua_session.c:1007) >>>>>>>>> ==2714== by 0x40B99FB: nua_invite_client_response >>>>>>>>> (nua_session.c:865) >>>>>>>>> ==2714== by 0x40A98D7: nua_client_response (nua_stack.c:2914) >>>>>>>>> ==2714== by 0x40A9646: nua_client_return (nua_stack.c:2835) >>>>>>>>> ==2714== by 0x40B931C: nua_invite_client_init (nua_session.c:745) >>>>>>>>> ==2714== by 0x40A87DE: nua_client_init_request0 (nua_stack.c:2448) >>>>>>>>> ==2714== >>>>>>>>> ==2714== Invalid read of size 4 >>>>>>>>> ==2714== at 0x40A6812: nua_server_request_destroy >>>>>>>>> (nua_stack.c:1494) >>>>>>>>> ==2714== by 0x40BE3AE: process_ack (nua_session.c:2573) >>>>>>>>> ==2714== by 0x40BDCBB: process_ack_or_cancel (nua_session.c:2477) >>>>>>>>> ==2714== by 0x408CE3C: incoming_call_callback (nta.c:6117) >>>>>>>>> ==2714== by 0x408CAD3: incoming_ack (nta.c:6009) >>>>>>>>> ==2714== by 0x40852BD: agent_recv_request (nta.c:2891) >>>>>>>>> ==2714== by 0x4084478: agent_recv_message (nta.c:2722) >>>>>>>>> ==2714== by 0x4111903: tport_base_deliver (tport.c:3013) >>>>>>>>> ==2714== by 0x4111896: tport_deliver (tport.c:3002) >>>>>>>>> ==2714== by 0x4111456: tport_parse (tport.c:2919) >>>>>>>>> ==2714== by 0x4111101: tport_recv_event (tport.c:2861) >>>>>>>>> ==2714== by 0x4110D7D: tport_base_wakeup (tport.c:2763) >>>>>>>>> ==2714== Address 0x5451c88 is 24 bytes inside a block of size 72 >>>>>>>>> free'd >>>>>>>>> ==2714== at 0x401A61F: free >>>>>>>>> (m_replacemalloc/vg_replace_malloc.c:323) >>>>>>>>> ==2714== by 0x40F7464: su_free (su_alloc.c:838) >>>>>>>>> ==2714== by 0x40A688F: nua_server_request_destroy >>>>>>>>> (nua_stack.c:1504) >>>>>>>>> ==2714== by 0x40BB93A: nua_session_usage_shutdown >>>>>>>>> (nua_session.c:1575) >>>>>>>>> ==2714== by 0x40AC554: nua_dialog_usage_shutdown (nua_dialog.c:603) >>>>>>>>> ==2714== by 0x40AA6DA: nua_base_client_response (nua_stack.c:3257) >>>>>>>>> ==2714== by 0x40BA5BB: nua_session_client_response >>>>>>>>> (nua_session.c:1007) >>>>>>>>> ==2714== by 0x40B99FB: nua_invite_client_response >>>>>>>>> (nua_session.c:865) >>>>>>>>> ==2714== by 0x40A98D7: nua_client_response (nua_stack.c:2914) >>>>>>>>> ==2714== by 0x40A9646: nua_client_return (nua_stack.c:2835) >>>>>>>>> ==2714== by 0x40B931C: nua_invite_client_init (nua_session.c:745) >>>>>>>>> ==2714== by 0x40A87DE: nua_client_init_request0 (nua_stack.c:2448) >>>>>>>>> ==2714== >>>>>>>>> ==2714== Invalid read of size 4 >>>>>>>>> ==2714== at 0x40A6836: nua_server_request_destroy >>>>>>>>> (nua_stack.c:1497) >>>>>>>>> ==2714== by 0x40BE3AE: process_ack (nua_session.c:2573) >>>>>>>>> ==2714== by 0x40BDCBB: process_ack_or_cancel (nua_session.c:2477) >>>>>>>>> ==2714== by 0x408CE3C: incoming_call_callback (nta.c:6117) >>>>>>>>> ==2714== by 0x408CAD3: incoming_ack (nta.c:6009) >>>>>>>>> ==2714== by 0x40852BD: agent_recv_request (nta.c:2891) >>>>>>>>> ==2714== by 0x4084478: agent_recv_message (nta.c:2722) >>>>>>>>> ==2714== by 0x4111903: tport_base_deliver (tport.c:3013) >>>>>>>>> ==2714== by 0x4111896: tport_deliver (tport.c:3002) >>>>>>>>> ==2714== by 0x4111456: tport_parse (tport.c:2919) >>>>>>>>> ==2714== by 0x4111101: tport_recv_event (tport.c:2861) >>>>>>>>> ==2714== by 0x4110D7D: tport_base_wakeup (tport.c:2763) >>>>>>>>> ==2714== Address 0x5451c90 is 32 bytes inside a block of size 72 >>>>>>>>> free'd >>>>>>>>> ==2714== at 0x401A61F: free >>>>>>>>> (m_replacemalloc/vg_replace_malloc.c:323) >>>>>>>>> ==2714== by 0x40F7464: su_free (su_alloc.c:838) >>>>>>>>> ==2714== by 0x40A688F: nua_server_request_destroy >>>>>>>>> (nua_stack.c:1504) >>>>>>>>> ==2714== by 0x40BB93A: nua_session_usage_shutdown >>>>>>>>> (nua_session.c:1575) >>>>>>>>> ==2714== by 0x40AC554: nua_dialog_usage_shutdown (nua_dialog.c:603) >>>>>>>>> ==2714== by 0x40AA6DA: nua_base_client_response (nua_stack.c:3257) >>>>>>>>> ==2714== by 0x40BA5BB: nua_session_client_response >>>>>>>>> (nua_session.c:1007) >>>>>>>>> ==2714== by 0x40B99FB: nua_invite_client_response >>>>>>>>> (nua_session.c:865) >>>>>>>>> ==2714== by 0x40A98D7: nua_client_response (nua_stack.c:2914) >>>>>>>>> ==2714== by 0x40A9646: nua_client_return (nua_stack.c:2835) >>>>>>>>> ==2714== by 0x40B931C: nua_invite_client_init (nua_session.c:745) >>>>>>>>> ==2714== by 0x40A87DE: nua_client_init_request0 (nua_stack.c:2448) >>>>>>>>> ==2714== >>>>>>>>> ==2714== Invalid read of size 4 >>>>>>>>> ==2714== at 0x40A685A: nua_server_request_destroy >>>>>>>>> (nua_stack.c:1500) >>>>>>>>> ==2714== by 0x40BE3AE: process_ack (nua_session.c:2573) >>>>>>>>> ==2714== by 0x40BDCBB: process_ack_or_cancel (nua_session.c:2477) >>>>>>>>> ==2714== by 0x408CE3C: incoming_call_callback (nta.c:6117) >>>>>>>>> ==2714== by 0x408CAD3: incoming_ack (nta.c:6009) >>>>>>>>> ==2714== by 0x40852BD: agent_recv_request (nta.c:2891) >>>>>>>>> ==2714== by 0x4084478: agent_recv_message (nta.c:2722) >>>>>>>>> ==2714== by 0x4111903: tport_base_deliver (tport.c:3013) >>>>>>>>> ==2714== by 0x4111896: tport_deliver (tport.c:3002) >>>>>>>>> ==2714== by 0x4111456: tport_parse (tport.c:2919) >>>>>>>>> ==2714== by 0x4111101: tport_recv_event (tport.c:2861) >>>>>>>>> ==2714== by 0x4110D7D: tport_base_wakeup (tport.c:2763) >>>>>>>>> ==2714== Address 0x5451c74 is 4 bytes inside a block of size 72 >>>>>>>>> free'd >>>>>>>>> ==2714== at 0x401A61F: free >>>>>>>>> (m_replacemalloc/vg_replace_malloc.c:323) >>>>>>>>> ==2714== by 0x40F7464: su_free (su_alloc.c:838) >>>>>>>>> ==2714== by 0x40A688F: nua_server_request_destroy >>>>>>>>> (nua_stack.c:1504) >>>>>>>>> ==2714== by 0x40BB93A: nua_session_usage_shutdown >>>>>>>>> (nua_session.c:1575) >>>>>>>>> ==2714== by 0x40AC554: nua_dialog_usage_shutdown (nua_dialog.c:603) >>>>>>>>> ==2714== by 0x40AA6DA: nua_base_client_response (nua_stack.c:3257) >>>>>>>>> ==2714== by 0x40BA5BB: nua_session_client_response >>>>>>>>> (nua_session.c:1007) >>>>>>>>> ==2714== by 0x40B99FB: nua_invite_client_response >>>>>>>>> (nua_session.c:865) >>>>>>>>> ==2714== by 0x40A98D7: nua_client_response (nua_stack.c:2914) >>>>>>>>> ==2714== by 0x40A9646: nua_client_return (nua_stack.c:2835) >>>>>>>>> ==2714== by 0x40B931C: nua_invite_client_init (nua_session.c:745) >>>>>>>>> ==2714== by 0x40A87DE: nua_client_init_request0 (nua_stack.c:2448) >>>>>>>>> ==2714== >>>>>>>>> ==2714== Invalid read of size 4 >>>>>>>>> ==2714== at 0x40A6863: nua_server_request_destroy >>>>>>>>> (nua_stack.c:1502) >>>>>>>>> ==2714== by 0x40BE3AE: process_ack (nua_session.c:2573) >>>>>>>>> ==2714== by 0x40BDCBB: process_ack_or_cancel (nua_session.c:2477) >>>>>>>>> ==2714== by 0x408CE3C: incoming_call_callback (nta.c:6117) >>>>>>>>> ==2714== by 0x408CAD3: incoming_ack (nta.c:6009) >>>>>>>>> ==2714== by 0x40852BD: agent_recv_request (nta.c:2891) >>>>>>>>> ==2714== by 0x4084478: agent_recv_message (nta.c:2722) >>>>>>>>> ==2714== by 0x4111903: tport_base_deliver (tport.c:3013) >>>>>>>>> ==2714== by 0x4111896: tport_deliver (tport.c:3002) >>>>>>>>> ==2714== by 0x4111456: tport_parse (tport.c:2919) >>>>>>>>> ==2714== by 0x4111101: tport_recv_event (tport.c:2861) >>>>>>>>> ==2714== by 0x4110D7D: tport_base_wakeup (tport.c:2763) >>>>>>>>> ==2714== Address 0x5451c74 is 4 bytes inside a block of size 72 >>>>>>>>> free'd >>>>>>>>> ==2714== at 0x401A61F: free >>>>>>>>> (m_replacemalloc/vg_replace_malloc.c:323) >>>>>>>>> ==2714== by 0x40F7464: su_free (su_alloc.c:838) >>>>>>>>> ==2714== by 0x40A688F: nua_server_request_destroy >>>>>>>>> (nua_stack.c:1504) >>>>>>>>> ==2714== by 0x40BB93A: nua_session_usage_shutdown >>>>>>>>> (nua_session.c:1575) >>>>>>>>> ==2714== by 0x40AC554: nua_dialog_usage_shutdown (nua_dialog.c:603) >>>>>>>>> ==2714== by 0x40AA6DA: nua_base_client_response (nua_stack.c:3257) >>>>>>>>> ==2714== by 0x40BA5BB: nua_session_client_response >>>>>>>>> (nua_session.c:1007) >>>>>>>>> ==2714== by 0x40B99FB: nua_invite_client_response >>>>>>>>> (nua_session.c:865) >>>>>>>>> ==2714== by 0x40A98D7: nua_client_response (nua_stack.c:2914) >>>>>>>>> ==2714== by 0x40A9646: nua_client_return (nua_stack.c:2835) >>>>>>>>> ==2714== by 0x40B931C: nua_invite_client_init (nua_session.c:745) >>>>>>>>> ==2714== by 0x40A87DE: nua_client_init_request0 (nua_stack.c:2448) >>>>>>>>> ==2714== >>>>>>>>> ==2714== Invalid read of size 4 >>>>>>>>> ==2714== at 0x40A6869: nua_server_request_destroy >>>>>>>>> (nua_stack.c:1502) >>>>>>>>> ==2714== by 0x40BE3AE: process_ack (nua_session.c:2573) >>>>>>>>> ==2714== by 0x40BDCBB: process_ack_or_cancel (nua_session.c:2477) >>>>>>>>> ==2714== by 0x408CE3C: incoming_call_callback (nta.c:6117) >>>>>>>>> ==2714== by 0x408CAD3: incoming_ack (nta.c:6009) >>>>>>>>> ==2714== by 0x40852BD: agent_recv_request (nta.c:2891) >>>>>>>>> ==2714== by 0x4084478: agent_recv_message (nta.c:2722) >>>>>>>>> ==2714== by 0x4111903: tport_base_deliver (tport.c:3013) >>>>>>>>> ==2714== by 0x4111896: tport_deliver (tport.c:3002) >>>>>>>>> ==2714== by 0x4111456: tport_parse (tport.c:2919) >>>>>>>>> ==2714== by 0x4111101: tport_recv_event (tport.c:2861) >>>>>>>>> ==2714== by 0x4110D7D: tport_base_wakeup (tport.c:2763) >>>>>>>>> ==2714== Address 0x5451c70 is 0 bytes inside a block of size 72 >>>>>>>>> free'd >>>>>>>>> ==2714== at 0x401A61F: free >>>>>>>>> (m_replacemalloc/vg_replace_malloc.c:323) >>>>>>>>> ==2714== by 0x40F7464: su_free (su_alloc.c:838) >>>>>>>>> ==2714== by 0x40A688F: nua_server_request_destroy >>>>>>>>> (nua_stack.c:1504) >>>>>>>>> ==2714== by 0x40BB93A: nua_session_usage_shutdown >>>>>>>>> (nua_session.c:1575) >>>>>>>>> ==2714== by 0x40AC554: nua_dialog_usage_shutdown (nua_dialog.c:603) >>>>>>>>> ==2714== by 0x40AA6DA: nua_base_client_response (nua_stack.c:3257) >>>>>>>>> ==2714== by 0x40BA5BB: nua_session_client_response >>>>>>>>> (nua_session.c:1007) >>>>>>>>> ==2714== by 0x40B99FB: nua_invite_client_response >>>>>>>>> (nua_session.c:865) >>>>>>>>> ==2714== by 0x40A98D7: nua_client_response (nua_stack.c:2914) >>>>>>>>> ==2714== by 0x40A9646: nua_client_return (nua_stack.c:2835) >>>>>>>>> ==2714== by 0x40B931C: nua_invite_client_init (nua_session.c:745) >>>>>>>>> ==2714== by 0x40A87DE: nua_client_init_request0 (nua_stack.c:2448) >>>>>>>>> ==2714== >>>>>>>>> ==2714== Invalid read of size 4 >>>>>>>>> ==2714== at 0x40A6888: nua_server_request_destroy >>>>>>>>> (nua_stack.c:1504) >>>>>>>>> ==2714== by 0x40BE3AE: process_ack (nua_session.c:2573) >>>>>>>>> ==2714== by 0x40BDCBB: process_ack_or_cancel (nua_session.c:2477) >>>>>>>>> ==2714== by 0x408CE3C: incoming_call_callback (nta.c:6117) >>>>>>>>> ==2714== by 0x408CAD3: incoming_ack (nta.c:6009) >>>>>>>>> ==2714== by 0x40852BD: agent_recv_request (nta.c:2891) >>>>>>>>> ==2714== by 0x4084478: agent_recv_message (nta.c:2722) >>>>>>>>> ==2714== by 0x4111903: tport_base_deliver (tport.c:3013) >>>>>>>>> ==2714== by 0x4111896: tport_deliver (tport.c:3002) >>>>>>>>> ==2714== by 0x4111456: tport_parse (tport.c:2919) >>>>>>>>> ==2714== by 0x4111101: tport_recv_event (tport.c:2861) >>>>>>>>> ==2714== by 0x4110D7D: tport_base_wakeup (tport.c:2763) >>>>>>>>> ==2714== Address 0x5451c7c is 12 bytes inside a block of size 72 >>>>>>>>> free'd >>>>>>>>> ==2714== at 0x401A61F: free >>>>>>>>> (m_replacemalloc/vg_replace_malloc.c:323) >>>>>>>>> ==2714== by 0x40F7464: su_free (su_alloc.c:838) >>>>>>>>> ==2714== by 0x40A688F: nua_server_request_destroy >>>>>>>>> (nua_stack.c:1504) >>>>>>>>> ==2714== by 0x40BB93A: nua_session_usage_shutdown >>>>>>>>> (nua_session.c:1575) >>>>>>>>> ==2714== by 0x40AC554: nua_dialog_usage_shutdown (nua_dialog.c:603) >>>>>>>>> ==2714== by 0x40AA6DA: nua_base_client_response (nua_stack.c:3257) >>>>>>>>> ==2714== by 0x40BA5BB: nua_session_client_response >>>>>>>>> (nua_session.c:1007) >>>>>>>>> ==2714== by 0x40B99FB: nua_invite_client_response >>>>>>>>> (nua_session.c:865) >>>>>>>>> ==2714== by 0x40A98D7: nua_client_response (nua_stack.c:2914) >>>>>>>>> ==2714== by 0x40A9646: nua_client_return (nua_stack.c:2835) >>>>>>>>> ==2714== by 0x40B931C: nua_invite_client_init (nua_session.c:745) >>>>>>>>> ==2714== by 0x40A87DE: nua_client_init_request0 (nua_stack.c:2448) >>>>>>>>> ==2714== >>>>>>>>> ==2714== Invalid free() / delete / delete[] >>>>>>>>> ==2714== at 0x401A61F: free >>>>>>>>> (m_replacemalloc/vg_replace_malloc.c:323) >>>>>>>>> ==2714== by 0x40F7464: su_free (su_alloc.c:838) >>>>>>>>> ==2714== by 0x40A688F: nua_server_request_destroy >>>>>>>>> (nua_stack.c:1504) >>>>>>>>> ==2714== by 0x40BE3AE: process_ack (nua_session.c:2573) >>>>>>>>> ==2714== by 0x40BDCBB: process_ack_or_cancel (nua_session.c:2477) >>>>>>>>> ==2714== by 0x408CE3C: incoming_call_callback (nta.c:6117) >>>>>>>>> ==2714== by 0x408CAD3: incoming_ack (nta.c:6009) >>>>>>>>> ==2714== by 0x40852BD: agent_recv_request (nta.c:2891) >>>>>>>>> ==2714== by 0x4084478: agent_recv_message (nta.c:2722) >>>>>>>>> ==2714== by 0x4111903: tport_base_deliver (tport.c:3013) >>>>>>>>> ==2714== by 0x4111896: tport_deliver (tport.c:3002) >>>>>>>>> ==2714== by 0x4111456: tport_parse (tport.c:2919) >>>>>>>>> ==2714== Address 0x5451c70 is 0 bytes inside a block of size 72 >>>>>>>>> free'd >>>>>>>>> ==2714== at 0x401A61F: free >>>>>>>>> (m_replacemalloc/vg_replace_malloc.c:323) >>>>>>>>> ==2714== by 0x40F7464: su_free (su_alloc.c:838) >>>>>>>>> ==2714== by 0x40A688F: nua_server_request_destroy >>>>>>>>> (nua_stack.c:1504) >>>>>>>>> ==2714== by 0x40BB93A: nua_session_usage_shutdown >>>>>>>>> (nua_session.c:1575) >>>>>>>>> ==2714== by 0x40AC554: nua_dialog_usage_shutdown (nua_dialog.c:603) >>>>>>>>> ==2714== by 0x40AA6DA: nua_base_client_response (nua_stack.c:3257) >>>>>>>>> ==2714== by 0x40BA5BB: nua_session_client_response >>>>>>>>> (nua_session.c:1007) >>>>>>>>> ==2714== by 0x40B99FB: nua_invite_client_response >>>>>>>>> (nua_session.c:865) >>>>>>>>> ==2714== by 0x40A98D7: nua_client_response (nua_stack.c:2914) >>>>>>>>> ==2714== by 0x40A9646: nua_client_return (nua_stack.c:2835) >>>>>>>>> ==2714== by 0x40B931C: nua_invite_client_init (nua_session.c:745) >>>>>>>>> ==2714== by 0x40A87DE: nua_client_init_request0 (nua_stack.c:2448) >>>>>>>>> >>>>>>>>> Help is much appreciated. >>>>>>>>> Thanks. >>>>>>>>> >>>>>>>>> On Thu, Dec 3, 2009 at 09:41, Fabio Margarido >>>>>>>>> <fabiomargar...@gmail.com> wrote: >>>>>>>>>> Hi there, >>>>>>>>>> >>>>>>>>>> we've been observing recurring crashes in one of our clients' >>>>>>>>>> applications and all the information we could gather pointed to >>>>>>>>>> Sofia's address space, but we couldn't pinpoint exactly where. >>>>>>>>>> Yesterday, after a bit of digging around and successfully setting up >>>>>>>>>> the client's environment to run valgrind, we were able to obtain the >>>>>>>>>> following backtrace for the problem: >>>>>>>>>> >>>>>>>>>> ==2608== >>>>>>>>>> ==2608== Thread 11: >>>>>>>>>> ==2608== Invalid read of size 4 >>>>>>>>>> ==2608== at 0x40BEE93: nua_prack_server_report >>>>>>>>>> (nua_session.c:2893) >>>>>>>>>> ==2608== by 0x40A74CE: nua_server_report (nua_stack.c:1827) >>>>>>>>>> ==2608== by 0x40A6AC3: nua_stack_respond (nua_stack.c:1633) >>>>>>>>>> ==2608== by 0x40A45BF: nua_stack_signal (nua_stack.c:650) >>>>>>>>>> ==2608== by 0x40FF0B3: su_base_port_execute_msgs >>>>>>>>>> (su_base_port.c:276) >>>>>>>>>> ==2608== by 0x40FEE1F: su_base_port_getmsgs (su_base_port.c:198) >>>>>>>>>> ==2608== by 0x40FF175: su_base_port_run (su_base_port.c:331) >>>>>>>>>> ==2608== by 0x40FCFCA: su_port_run (su_port.h:310) >>>>>>>>>> ==2608== by 0x40FC2BF: su_root_run (su_root.c:689) >>>>>>>>>> ==2608== by 0x40FFCF7: su_pthread_port_clone_main >>>>>>>>>> (su_pthread_port.c:321) >>>>>>>>>> ==2608== by 0x41B30CD: pthread_start_thread (manager.c:291) >>>>>>>>>> ==2608== by 0x4321739: clone (in /lib/libc-2.2.4.so) >>>>>>>>>> ==2608== Address 0x4c3d67c is 68 bytes inside a block of size 72 >>>>>>>>>> free'd >>>>>>>>>> ==2608== at 0x401A61F: free >>>>>>>>>> (m_replacemalloc/vg_replace_malloc.c:323) >>>>>>>>>> ==2608== by 0x40F7464: su_free (su_alloc.c:838) >>>>>>>>>> ==2608== by 0x40A688F: nua_server_request_destroy >>>>>>>>>> (nua_stack.c:1504) >>>>>>>>>> ==2608== by 0x40BE3AE: process_ack (nua_session.c:2573) >>>>>>>>>> ==2608== by 0x40BDCBB: process_ack_or_cancel (nua_session.c:2477) >>>>>>>>>> ==2608== by 0x408CE3C: incoming_call_callback (nta.c:6117) >>>>>>>>>> ==2608== by 0x408CAD3: incoming_ack (nta.c:6009) >>>>>>>>>> ==2608== by 0x40852BD: agent_recv_request (nta.c:2891) >>>>>>>>>> ==2608== by 0x4084478: agent_recv_message (nta.c:2722) >>>>>>>>>> ==2608== by 0x4111903: tport_base_deliver (tport.c:3013) >>>>>>>>>> ==2608== by 0x4111896: tport_deliver (tport.c:3002) >>>>>>>>>> ==2608== by 0x4111456: tport_parse (tport.c:2919) >>>>>>>>>> >>>>>>>>>> If I'm reading this correctly, it seems the application is trying to >>>>>>>>>> do something strange (send a PRACK after receiving and ACK, is that >>>>>>>>>> what it is?). Nevertheless, I believe the stack should detect this >>>>>>>>>> situation and be protected from the crash. >>>>>>>>>> Could anybody please help me figure out how to correct this? Is this >>>>>>>>>> by any chance already caught and corrected in the latest darcs? >>>>>>>>>> Thanks in advance. >>>>>>>>>> >>>>>>>>>> Fabio >>>>>>>>>> >>>>>>>>> >>>>>>>>> ------------------------------------------------------------------------------ >>>>>>>>> Return on Information: >>>>>>>>> Google Enterprise Search pays you back >>>>>>>>> Get the facts. >>>>>>>>> http://p.sf.net/sfu/google-dev2dev >>>>>>>>> _______________________________________________ >>>>>>>>> Sofia-sip-devel mailing list >>>>>>>>> Sofia-sip-devel@lists.sourceforge.net >>>>>>>>> https://lists.sourceforge.net/lists/listinfo/sofia-sip-devel >>>>>>>> >>>>>>>> >>>>>> >>>>>> >>>> >>>> >> >> > ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________ Sofia-sip-devel mailing list Sofia-sip-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sofia-sip-devel
