I have a new backtrace here, which includes also that
Garbage::remove_expired() function call, but the crash doesn't occur in
that function now.
Notice also the two 'garbage' variables in Garbage::remove_expired() and
Garbage::delete_object(), which have two different values, but are
defined in the exact same way, as:
Garbage *garbage = Garbage::garbage;
and those two functions are called directly one by the other.
bt full:
(gdb) bt full
#0 0xbfffe410 in __kernel_vsyscall ()
No symbol table info available.
#1 0xb70acfc0 in raise () from /lib/i686/libc.so.6
No symbol table info available.
#2 0xb70ae851 in abort () from /lib/i686/libc.so.6
No symbol table info available.
#3 0xb7966342 in signal_entry (signum=Variable "signum" is not
available.
) at bcsignals.C:182
No locals.
#4 <signal handler called>
No symbol table info available.
#5 0xb70e9ef9 in free () from /lib/i686/libc.so.6
No symbol table info available.
#6 0x081a9a63 in ~FileOGG (this=0x9ded5300) at fileogg.C:66
No locals.
#7 0x0819e531 in File::close_file (this=0x9df55930, ignore_thread=0) at
file.C:590
No locals.
#8 0x0819f35e in ~File (this=0x9df55930) at file.C:63
No locals.
#9 0x08144ee7 in ~CICacheItem (this=0x9ded6050) at cache.C:379
No locals.
#10 0x081d5ee9 in Garbage::remove_expired () at garbage.C:98
ptr = (GarbageObject *) 0x9ded6060
garbage = (Garbage *) 0x137
#11 0x081d5f33 in Garbage::delete_object (ptr=0x9ded6060) at
garbage.C:74
garbage = (Garbage *) 0x84eb178
#12 0x0814575b in CICache::delete_oldest (this=0xb0a3c88) at cache.C:288
current = Variable "current" is not available.
(gdb)
Thank you very much for any insights.
btw, I'm really working hard to dive into the code to find the problem,
I'm just afraid it's something way out of my understanding.
thanks
Alexandre Bourget
Le jeudi 01 mars 2007 à 14:24 -0500, Alexandre Bourget a écrit :
> I'm having plenty of crashes with Cinelerra r1004, same problem with
> r909 and r979, those two last packaged for Mandriva.
>
> glibc installed: 2.4
>
> My traces all point to the same function, Garbage::remove_expired() ..
> all in different contexts. It's not related to a specific video nor
> audio file.
>
> It seems to me that it crashed less while running in Valgrind, although
> awfully slow. View valgrind's memcheck report here:
> http://www.bourget.cc/dump/valgrind-cinelerra.txt
>
> In fact, it might be normal, because Valgrind seems to prevent those free()
> calls to actually crash the application.
>
> Running with "taskset -c 0" (uniprocessor mode) didn't fix things.
>
> I'm running on a laptop running:
> [EMAIL PROTECTED] cinelerra]$ uname -a
> Linux instrument 2.6.17-5mdv #1 SMP Wed Sep 13 14:32:31 EDT 2006 i686
> Intel(R) Pentium(R) 4 CPU 3.00GHz GNU/Linux
>
>
>
> Snippets of gdb, and cinelerra backtraces:
>
> *** glibc detected *** /usr/bin/cinelerra: free(): invalid pointer:
> 0x0a4bc7a0 ***
> ======= Backtrace: =========
> /lib/i686/libc.so.6[0xb70cfdad]
> /lib/i686/libc.so.6(__libc_free+0x83)[0xb70cff33]
> /usr/lib/libstdc++.so.6(_ZdlPv+0x21)[0xb726ed91]
> /usr/bin/cinelerra(_ZN7Garbage14remove_expiredEv+0x59)[0x81d5ee9]
> /usr/bin/cinelerra(_ZN13GarbageObject11remove_userEv+0x33)[0x81d6193]
> /usr/bin/cinelerra(_ZN7CICache8check_inEP5Asset+0x5f)[0x8145adf]
> /usr/bin/cinelerra(_ZN7VRender14get_colormodelERP4Editii
> +0xbf)[0x82d1c7f]
> /usr/bin/cinelerra(_ZN7VRender14process_bufferEx+0xdd)[0x82d237d]
> /usr/bin/cinelerra(_ZN7VRender3runEv+0x105)[0x82d2815]
> /usr/lib/libguicast.so.1(_ZN6Thread10entrypointEPv+0x53)[0xb7975243]
> /lib/i686/libpthread.so.0[0xb72a6540]
> /lib/i686/libc.so.6(__clone+0x5e)[0xb713555e]
> ======= Memory map: ========
> 08048000-08393000 r-xp 00000000 03:01 171 /usr/bin/cinelerra
> 08393000-0840c000 rwxp 0034b000 03:01 171 /usr/bin/cinelerra
> 0840c000-0a7e3000 rwxp 0840c000 00:00 0 [heap]
> 88be8000-88be9000 ---p 88be8000 00:00 0
> 88be9000-894ea000 rwxp 88be9000 00:00 0
> 894ea000-894eb000 ---p 894ea000 00:00 0
> 894eb000-89ceb000 rwxp 894eb000 00:00 0
> 89ceb000-89cec000 ---p 89ceb000 00:00 0
> 89cec000-8a4ec000 rwxp 89cec000 00:00 0
> 8a4ec000-8a4ed000 ---p 8a4ec000 00:00 0
> 8a4ed000-8aced000 rwxp 8a4ed000 00:00 0
> 8aced000-8acee000 ---p 8aced000 00:00 0
> 8acee000-8b4ee000 rwxp 8acee000 00:00 0
> 8b4ee000-8b4ef000 ---p 8b4ee000 00:00 0
> 8b4ef000-8bcef000 rwxp 8b4ef000 00:00 0
> 8bcef000-8bcf0000 ---p 8bcef000 00:00 0
> 8bcf0000-8c4f0000 rwxp 8bcf0000 00:00 0
> 8c4f0000-8c4f1000 ---p 8c4f0000 00:00 0
> 8c4f1000-8ccf1000 rwxp 8c4f1000 00:00 0
> 8ccf1000-8ccf2000 ---p 8ccf1000 00:00 0
> 8ccf2000-8d4f2000 rwxp 8ccf2000 00:00 0
> 8d4f2000-8d4f3000 ---p 8d4f2000 00:00 0
> 8d4f3000-8dcf3000 rwxp 8d4f3000 00:00 0
> 8dcf3000-8dcf4000 ---p 8dcf3000 00:00 0
> 8dcf4000-8e4f4000 rwxp 8dcf4000 00:00 0
> 8e4f4000-8e4f5000 ---p 8e4f4000 00:00 0
> 8e4f5000-8ecf5000 rwxp 8e4f5000 00:00 0
> 8ecf5000-8ecf6000 ---p 8ecf5000 00:00 0
> 8ecf6000-8f4f6000 rwxp 8ecf6000 00:00 0
> 8f4f6000-8f4f7000 ---p 8f4f6000 00:00 0
> 8f4f7000-8fcf7000 rwxp 8f4f7000 00:00 0
> 8fcf7000-8fcf8000 ---p 8fcf7000 00:00 0
> 8fcf8000-904f8000 rwxp 8fcf8000 00:00 0
> 904f8000-904f9000 ---p 904f8000 00:00 0
> 904f9000-90cf9000 rwxp 904f9000 00:00 0
> 90cf9000-90cfa000 ---p 90cf9000 00:00 0
> 90cfa000-914fa000 rwxp 90cfa000 00:00 0
> 914fa000-914fb000 ---p 914fa000 00:00 0
> 914fb000-91cfb000 rwxp 914fb000 00:00 0
> 91cfb000-91cfc000 ---p 91cfb000 00:00 0
> 91cfc000-924fc000 rwxp 91cfc000 00:00 0
> 924fc000-924fd000 ---p 924fc000 00:00 0
> 924fd000-92cfd000 rwxp 924fd000 00:00 0
> 92d4e000-93051000 rwxp 92d4e000 00:00 0
> 93051000-93052000 ---p 93051000 00:00 0
> 93052000-94054000 rwxp 93052000 00:00 0
> 94054000-94055000 ---p 94054000 00:00 0
> 94055000-94855000 rwxp 94055000 00:00 0
> 94855000-94856000 ---p 94855000 00:00 0
> 94856000-95056000 rwxp 94856000 00:00 0
> 95056000-95057000 ---p 95056000 00:00 0
> 95057000-95857000 rwxp 95057000 00:00 0
> 95857000-95858000 ---p 95857000 00:00 0
> 95858000-96058000 rwxp 95858000 00:00 0
> 96058000-96059000 ---p 96058000 00:00 0
> 96059000-96859000 rwxp 96059000 00:00 0
> 96859000-9685a000 ---p 96859000 00:00 0
> 9685a000-9705a000 rwxp 9685a000 00:00 0
> 9705a000-9705b000 ---p 9705a000 00:00 0
> 9705b000-9785b000 rwxp 9705b000 00:00 0
> 9785b000-9785c000 ---p 9785b000 00:00 0
> 9785c000-9805c000 rwxp 9785c000 00:00 0
> 98060000-9817d000 rwxp 98060000 00:00 0
> 9817d000-9817e000 ---p 9817d000 00:00 0
> 9817e000-9897e000 rwxp 9817e000 00:00 0
> 9897e000-9897f000 ---p 9897e000 00:00 0
> 9897f000-9917f000 rwxp 9897f000 00:00 0
> 9918e000-9989f000 rwxp 9918e000 00:00 0
> 99aab000-99b56000 rwxp 99aab000 00:00 0
> 99ba5000-99ba6000 ---p 99ba5000 00:00 0
> 99ba6000-9a3df000 rwxp 99ba6000 00:00 0
> 9a500000-9a593000 rwxp 9a500000 00:00 0
> 9a593000-9a600000 ---p 9a593000 00:00 0
> 9a61a000-9a6fe000 rwxp 9a61a000 00:00 0
> 9a7ff000-9a800000 ---p 9a7ff000 00:00 0
> 9a800000-9b100000 rwxp 9a800000 00:00 0
>
> Abandon (core dumped)
>
>
>
>
>
> gdb for that crash:
>
>
> (gdb) bt full
> #0 0xbfffe410 in __kernel_vsyscall ()
> No symbol table info available.
> #1 0xb7092fc0 in raise () from /lib/i686/libc.so.6
> No symbol table info available.
> #2 0xb7094851 in abort () from /lib/i686/libc.so.6
> No symbol table info available.
> #3 0xb70c841b in __fsetlocking () from /lib/i686/libc.so.6
> No symbol table info available.
> #4 0xb70cfdad in mallopt () from /lib/i686/libc.so.6
> No symbol table info available.
> #5 0xb70cff33 in free () from /lib/i686/libc.so.6
> No symbol table info available.
> #6 0xb726ed91 in operator delete () from /usr/lib/libstdc++.so.6
> No symbol table info available.
> #7 0x081d5ee9 in Garbage::remove_expired () at garbage.C:98
> ptr = (GarbageObject *) 0xa4bc7a0
> garbage = (Garbage *) 0x34
> #8 0x081d6193 in GarbageObject::remove_user (this=0xa5d98d0) at
> garbage.C:40
> No locals.
> #9 0x08145adf in CICache::check_in (this=0x9aa06f8, asset=0xa7dc6510)
> at cache.C:124
> current = (CICacheItem *) 0xa5d98c0
> #10 0x082d1c7f in VRender::get_colormodel (this=0x9d7b5b70,
> [EMAIL PROTECTED], use_vconsole=0, use_brender=0)
> at vrender.C:358
> driver = 14
> file = Variable "file" is not available.
>
>
>
>
> garbage is a static Garbage::garbage pointer, that is changed and must
> be changed only *once*.
>
> Here we see it's now 0x34.
>
> What leads me to think it's a threading problem is that the value of
> that Garbage::garbage is different in the function:
>
> Garbage::remove_user() (or sometimes delete_object())
>
> than in :
>
> Garbage::remove_expired()
>
> which is called *by* those two very functions. So the value of
> Garbage::garbage differs and shouldn't.
>
> Now, maybe it's some memory overwriting that comes from elsewhere, for I
> don't know what reason, but still, quite annoying :P
>
>
>
>
>
> Here is a second trace, for your information (please tell me if the
> 'memory map' is a useful thing):
>
> *** glibc detected *** /usr/bin/cinelerra: double free or corruption
> (out): 0x96da7c70 ***
> ======= Backtrace: =========
> /lib/i686/libc.so.6[0xb717edad]
> /lib/i686/libc.so.6(__libc_free+0x83)[0xb717ef33]
> /usr/lib/libstdc++.so.6(_ZdlPv+0x21)[0xb731dd91]
> /usr/lib/libstdc++.so.6(_ZdaPv+0x1d)[0xb731dded]
> /usr/bin/cinelerra(_ZN13GarbageObjectD0Ev+0x26)[0x81d61e6]
> /usr/bin/cinelerra(_ZN7Garbage14remove_expiredEv+0x59)[0x81d5ee9]
> /usr/bin/cinelerra(_ZN13GarbageObject11remove_userEv+0x33)[0x81d6193]
> /usr/bin/cinelerra(_ZN7CICache8check_inEP5Asset+0x5f)[0x8145adf]
> /usr/bin/cinelerra(_ZN14ResourceThread8do_videoEP19VResourceThreadItem
> +0x41c)[0x829674c]
> /usr/bin/cinelerra(_ZN14ResourceThread3runEv+0xa2)[0x8296972]
> /usr/lib/libguicast.so.1(_ZN6Thread10entrypointEPv+0x53)[0xb7a24243]
> /lib/i686/libpthread.so.0[0xb7355540]
> /lib/i686/libc.so.6(__clone+0x5e)[0xb71e455e]
>
>
>
> >From inside gdb:
>
>
> (gdb) bt full
> #0 0xbfffe410 in __kernel_vsyscall ()
> No symbol table info available.
> #1 0xb7141fc0 in raise () from /lib/i686/libc.so.6
> No symbol table info available.
> #2 0xb7143851 in abort () from /lib/i686/libc.so.6
> No symbol table info available.
> #3 0xb717741b in __fsetlocking () from /lib/i686/libc.so.6
> No symbol table info available.
> #4 0xb717edad in mallopt () from /lib/i686/libc.so.6
> No symbol table info available.
> #5 0xb717ef33 in free () from /lib/i686/libc.so.6
> No symbol table info available.
> #6 0xb731dd91 in operator delete () from /usr/lib/libstdc++.so.6
> No symbol table info available.
> #7 0xb731dded in operator delete[] () from /usr/lib/libstdc++.so.6
> No symbol table info available.
> #8 0x081d61e6 in ~GarbageObject (this=0xa80fe1b0) at garbage.C:24
> No locals.
> #9 0x081d5ee9 in Garbage::remove_expired () at garbage.C:98
> ptr = (GarbageObject *) 0xa80fe1b0
> garbage = (Garbage *) 0x27
> #10 0x081d6193 in GarbageObject::remove_user (this=0xa7815aa8) at
> garbage.C:40
> No locals.
> #11 0x08145adf in CICache::check_in (this=0x8c32a28, asset=0xa7b4a5e8)
> at cache.C:124
> current = (CICacheItem *) 0xa7815a98
> #12 0x0829674c in ResourceThread::do_video (this=0x8c985a8,
> item=0x9b78788) at resourcethread.C:372
> source = Variable "source" is not available.
>
>
> (gdb) frame 9
> #9 0x081d5ee9 in Garbage::remove_expired () at garbage.C:98
> 98 delete ptr;
> (gdb) list
> 93 {
> 94 // Must remove pointer to prevent recursive deletion of the same
> object.
> 95 // But i is still invalid.
> 96
> 97 garbage->objects.remove_number(i);
> 98 delete ptr;
> 99 i--;
> 100 }
> 101 }
> 102 }
>
>
>
>
>
> For a couple of crashes I've analysed, I saw access to those functions
> too in *other threads*, which led me to think there was a threading
> problem. I'm not very knowledgeable about threads, so I hope someone can
> shed light on that.
>
>
> If you think that can be useful (backtraces of the other threads), just
> ask and I'll provide.
>
>
> thank you very much, for all the efforts you put in that great software!
>
>
> Alexandre Bourget
>
>
>
>
> _______________________________________________
> Cinelerra mailing list
> [email protected]
> https://init.linpro.no/mailman/skolelinux.no/listinfo/cinelerra
>
>
_______________________________________________
Cinelerra mailing list
[email protected]
https://init.linpro.no/mailman/skolelinux.no/listinfo/cinelerra
