aMule Forum
English => Backtraces => Topic started by: sssnake on December 25, 2004, 09:23:24 PM
-
After some hours, amule crashes under os x sometimes. Although this is not a gdd report but the one apple wants to send all the time, i think by the name of the functions in the call hierarchy, a developer can make some sense out of this...
Date/Time: 2004-12-25 18:32:16 +0100
OS Version: 10.3.7 (Build 7S215)
Report Version: 2
Command: amule
Path: /Applications/aMule.app/Contents/MacOS/amule
Version: 0.1 (2.0.0)
PID: 557
Thread: 0
Exception: EXC_BAD_ACCESS (0x0001)
Codes: KERN_INVALID_ADDRESS (0x0001) at 0xffffffff
Thread 0 Crashed:
0 libwx_base_carbon-2.5.3.dylib 0x014084ec wxArrayString::Free() + 0x2c
1 libwx_base_carbon-2.5.3.dylib 0x014085e0 wxArrayString::~wxArrayString [unified]() + 0x18
2 libwx_mac_core-2.5.3.dylib 0x01781a44 wxImageRefData::~wxImageRefData [unified]() + 0x54
3 libwx_base_carbon-2.5.3.dylib 0x013fe674 wxObject::UnRef() + 0x50
4 libwx_mac_core-2.5.3.dylib 0x016e57e8 wxBitmap::CreateFromXpm(char const**) + 0xd0
5 libwx_mac_core-2.5.3.dylib 0x016e5874 wxBitmap::wxBitmap[unified](char const**) + 0x3c
6 com.amule 0x000ec09c dlStatusImages(unsigned long) + 0x108
7 com.amule 0x001805b8 CamuleDlg::ShowTransferRate() + 0x448
8 com.amule 0x00181c04 CamuleDlg::OnGUITimer(wxTimerEvent&) + 0x168
9 libwx_base_carbon-2.5.3.dylib 0x01427050 wxEvtHandler::ProcessEventIfMatches(wxEventTableEntryBase const&, wxEvtHandler*, wxEvent&) + 0x9c
10 libwx_base_carbon-2.5.3.dylib 0x014267ec wxEventHashTable::HandleEvent(wxEvent&, wxEvtHandler*) + 0xa0
11 libwx_base_carbon-2.5.3.dylib 0x014271fc wxEvtHandler::ProcessEvent(wxEvent&) + 0xcc
12 libwx_mac_core-2.5.3.dylib 0x017a75e8 wxTimerBase::Notify() + 0x88
13 com.apple.CoreFoundation 0x90194618 __CFRunLoopDoTimer + 0xf4
14 com.apple.CoreFoundation 0x90191978 __CFRunLoopRun + 0x5c8
15 com.apple.CoreFoundation 0x90195e8c CFRunLoopRunSpecific + 0x148
16 com.apple.HIToolbox 0x927d5f60 RunCurrentEventLoopInMode + 0xac
17 com.apple.HIToolbox 0x927dc64
0 ReceiveNextEventCommon + 0xf4
18 com.apple.HIToolbox 0x9284d7d4 ReceiveNextEventInMode + 0x48
19 libwx_mac_core-2.5.3.dylib 0x016e3854 wxApp::MacDoOneEvent() + 0x4c
20 libwx_mac_core-2.5.3.dylib 0x016e34e8 wxApp::MainLoop() + 0x24
21 libwx_base_carbon-2.5.3.dylib 0x013ef6e0 wxEntry(int&, char**) + 0x60
22 com.amule 0x0017ad28 main + 0x18
23 com.amule 0x00002258 _start + 0x188 (crt.c:267)
24 com.amule 0x000020cc start + 0x30
Thread 1:
0 libSystem.B.dylib 0x9000b20c select + 0xc
1 com.apple.CoreFoundation 0x90196b10 __CFSocketManager + 0x1fc
2 libSystem.B.dylib 0x900246e8 _pthread_body + 0x28
PPC Thread State:
srr0: 0x014084ec srr1: 0x0200f930 vrsave: 0x00000000
cr: 0x24024248 xer: 0x00000004 lr: 0x014085e0 ctr: 0x014085c0
r0: 0x0000ffff r1: 0xbffff010 r2: 0xffffffff r3: 0x1ab72c04
r4: 0x00000002 r5: 0x0000000a r6: 0x00000001 r7: 0x00000001
r8: 0x0000001f r9: 0x00000000 r10: 0x020001c8 r11: 0x01904b8c
r12: 0x014085c0 r13: 0x00000000 r14: 0x00000000 r15: 0x00000001
r16: 0x00000000 r17: 0x00000001 r18: 0xa01913c8 r19: 0x00000000
r20: 0x00000000 r21: 0x00000000 r22: 0x01c1dbf0 r23: 0x01c1dd08
r24: 0xa019452c r25: 0xa00011ac r26: 0x002b0180 r27: 0xbffff2f0
r28: 0xbffff1b0 r29: 0x1ab72c04 r30: 0x00000000 r31: 0x01781a00
Binary Images Description:
.. I'll leave that out...
-
I'm sure Ken can take something our of that.
-
Originally posted by Kry
I'm sure Ken can take something our of that.
Ha! You must think awfully highly of me if you think I can debug wxMac. :P
The wxWidgets coders seem to have gone to extraordinary lengths to circumvent C++'s type safety features and avoid useful idioms such as RAII (Resource Acquisition Is Initialization, especially as embodied by smart pointers) and pImpl. 8o X( It makes it very hard for me to wade through the code and understand what's being done where and to what type of object.
I'll take a look at it though and give it a shot.
-
Here's what too much time wading through the wxMac source code has revealed. Either, 1) aMule is tromping all over memory and corrupting data structures, or 2) it's a bug in wxMac. I'm voting for #2.
This part:
0 libwx_base_carbon-2.5.3.dylib 0x014084ec wxArrayString::Free() + 0x2c
1 libwx_base_carbon-2.5.3.dylib 0x014085e0 wxArrayString::~wxArrayString [unified]() + 0x18
2 libwx_mac_core-2.5.3.dylib 0x01781a44 wxImageRefData::~wxImageRefData [unified]() + 0x54
3 libwx_base_carbon-2.5.3.dylib 0x013fe674 wxObject::UnRef() + 0x50
4 libwx_mac_core-2.5.3.dylib 0x016e57e8 wxBitmap::CreateFromXpm(char const**) + 0xd0
5 libwx_mac_core-2.5.3.dylib 0x016e5874 wxBitmap::wxBitmap[unified](char const**) + 0x3c
6 com.amule 0x000ec09c dlStatusImages(unsigned long) + 0x108is entirely internal to wxMac with no opportunity for aMule to exert influence, unless a different thread is smashing memory. It looks like some wxMac class is improperly implementing object copying.
Thinking out loud (contribute if you see something I'm missing or getting wrong):
I'm going to assume that wxArrayString is implemented correctly. It is widely used and its implementation isn't Mac-specific (I think). More likely is that the wxImageRefData object that's being destructed either failed to initialize itself properly or isn't a valid object at all (e.g. wxImageRefData* uninitializedVariable; delete uninitializedVariable; ).
Frames 2 and 3 indicate that a wxImage object is being destructed from frame 4. The (inlined) wxImage destructor calls through to the (inlined) wxObject destructor, which calls UnRef. We know it's a wxImage because that's the only wxObject-derived type which holds a reference to a wxImageRefData.
Here's what led up to this point:
dlStatusImages is constructing a wxBitmap by passing a pointer to static XPM data.
wxBitmap::wxBitmap is passing that data to wxBitmap::CreateFromXpm
wxBitmap::CreateFromXpm calls wxXPMDecoder::ReadData to create a wxImage from the XPM data
wxImage objects contain pointers to wxImageRefData objects, which are reference counted
The temp wxImage object returned from ReadData is copied to a local (this could be optimized away so the wxImage is directly constructed in the local, but the assembly code indicates it isn't)
A temp wxBitmap is created from the local wxImage and the wxBitmap being constructed is copy-assigned from that temp wxBitmap
Then the wxImage objects (the temp returned from wxXPMDecoder::ReadData and the local) are destructed as they fall out of scope
Destruction of the wxImage invokes (inlined) ~wxObject, which invokes wxObject::UnRef
Presumably the reference count drops to zero, because that invokes ~wxImageRefData
What I haven't found yet is where/how the wxImageRefData becomes invalid. Which is a long-winded way of saying I haven't really made any progress. ?( ;)
-
Hi Ken, thanx for having a look... and what an impressive analysis (although I understand only half of it). if i can do something with my mac helping you, let me know...
cheers sssnake
-
sssnake, this happens regularly for you? Are the crash reports very similar each time (e.g. having wxImageRefData and wxBitmap::CreateFromXpm near the top)? If they differ, could you post one or two other examples? If they're the same, it's important to know that, too.
I assume you are using the official rc8 build, right?
If this keeps happening, let us know. I'll try to write up some instructions for you to use to gather more debugging information.
-
Hi Ken,
yes, this happens regularly, some nights amule "survives" but most of the morning, amule has crashed. And yes, it's the official rc8 release. And no, it seems, the crashes are not always the same (see below for this morning), although this one is grafic related too. But I must confess, before posting the first one, I didn't had a look at them before:
Date/Time: 2004-12-27 07:05:53 +0100
OS Version: 10.3.7 (Build 7S215)
Report Version: 2
Command: amule
Path: /Applications/aMule.app/Contents/MacOS/amule
Version: 0.1 (2.0.0)
PID: 1416
Thread: 0
Exception: EXC_BAD_ACCESS (0x0001)
Codes: KERN_PROTECTION_FAILURE (0x0002) at 0x00000018
Thread 0 Crashed:
0 com.apple.CoreGraphics 0x935eff80 CGGStateSetPatternPhase + 0x20
1 com.apple.HIToolbox 0x927d9958 TilePixMapListCG + 0x1a8
2 com.apple.HIToolbox 0x927db764 DrawPartCG(TTheme*, CGRect const&, CGRect const&, ThemePart*, ThemeStateData*, ThemeStateData*, float, CGContext*) + 0x388
3 com.apple.HIToolbox 0x927db3a4 DrawLayoutCG(TTheme*, LayoutCache*, long, CGRect const&, unsigned short, unsigned long, CGRect const&, unsigned long const*, unsigned long const*, float, CGContext*) + 0x29c
4 com.apple.HIToolbox 0x927e6dac LayoutEngine::DrawLayoutWithClipComposited(TTheme*, long, CGRect const&, unsigned short, long const*, unsigned long, short, unsigned long const*, unsigned long const*, float, CGContext*, short) + 0x9c
5 com.apple.HIToolbox 0x927faf60 LayoutEngine::DrawLayoutWithClip(TTheme*, long, CGRect const&, unsigned short, long const*, unsigned long, short, unsigned long const*, CGContext*, short) + 0x3c
6 com.apple.HIToolbox 0x927faf14 LayoutEngine::DrawLayout(TTheme*, long, CGRect const&, unsigned short, long const*, unsigned long, unsigned long const*, CGContext*, short) + 0x24
7 com.apple.HIToolbox 0x92855840 DrawMiscLayoutCommon(CGRect const&, TThemeDrawState const&, unsigned short, CGContext*, long) + 0x12c
8 com.apple.HIToolbox 0x9289090c DataEngine::DrawThemeFrame(CGRect const&, unsigned long, TThemeDrawState const&, unsigned char, CGContext*) + 0xf0
9 com.apple.HIToolbox 0x9282db7c HIThemeDrawFrame + 0x360
10 com.apple.HIToolbox 0x928bccd0 DrawThemeEditTextFrame + 0x60
11 libwx_mac_core-2.5.3.dylib 0x0172bed0 wxWindow::MacPaintBorders(int, int) + 0x170
12 libwx_mac_core-2.5.3.dylib 0x0172d4b0 wxWindow::MacDoRedraw(void*, long) + 0x4d8
13 libwx_mac_core-2.5.3.dylib 0x0172749c wxMacWindowControlEventHandler(OpaqueEventHandlerCallRef*, OpaqueEventRef*, void*) + 0x1c4
14 libwx_mac_core-2.5.3.dylib 0x01727d34 wxMacWindowEventHandler(OpaqueEventHandlerCallRef*, OpaqueEventRef*, void*) + 0x80
15 com.apple.HIToolbox 0x927d1fa0 DispatchEventToHandlers + 0x150
16 com.apple.HIToolbox 0x927d2214 SendEventToEventTargetInternal + 0x174
17 com.apple.HIToolbox 0x927d6694 SendEventToEventTargetWithOptions + 0x28
18 com.apple.HIToolbox 0x927ddd34 SendControlDefDraw(HIView*, short, OpaqueGrafPtr*, OpaqueRgnHandle*, CGContext*) + 0x120
19 com.apple.HIToolbox 0x927d7e54 HIView::DrawComposited(OpaqueRgnHandle*, unsigned long, HIView*, CGContext*) + 0x20c
20 com.apple.HIToolbox 0x927d7f5c HIView::DrawComposited(OpaqueRgnHandle*, unsigned long, HIView*, CGContext*) + 0x314
21 com.apple.HIToolbox 0x927d7f5c HIView::DrawComposited(OpaqueRgnHandle*, unsigned long, HIView*, CGContext*) + 0x314
22 com.apple.HIToolbox 0x927d7f5c HIView::DrawComposited(OpaqueRgnHandle*, unsigned long, HIView*, CGContext*) + 0x314
23 com.apple.HIToolbox 0x927d7f5c HIView::DrawComposited(OpaqueRgnHandle*, unsigned long, HIView*, CGContext*) + 0x314
24 com.apple.HIToolbox 0x927d7f5c HIView::DrawComposited(OpaqueRgnHandle*, unsigned long, HIView*, CGContext*) + 0x314
25 com.apple.HIToolbox 0x927dcb5c HIView::Draw(short, OpaqueGrafPtr*, OpaqueRgnHandle*, unsigned long, HIView*, CGContext*) + 0x284
26 com.apple.HIToolbox 0x9280aa70 _HIViewRender + 0x6c
27 com.apple.HIToolbox 0x927d1a70 _FlushWindow + 0xfc
28 com.apple.HIToolbox 0x927d2ad0 FlushAllWindows + 0x24
29 com.apple.HIToolbox 0x927d3f10 FlushAllBuffers(__CFRunLoopObserver*, CFRunLoopActivity, void*) + 0x34
30 com.apple.CoreFoundation 0x90191ca0 __CFRunLoopDoObservers + 0x194
31 com.apple.CoreFoundation 0x90195e74 CFRunLoopRunSpecific + 0x130
32 com.apple.HIToolbox 0x927d5f60 RunCurrentEventLoopInMode + 0xac
33 com.apple.HIToolbox 0x927dc640 ReceiveNextEventCommon + 0xf4
34 com.apple.HIToolbox 0x9284d7d4 ReceiveNextEventInMode + 0x48
35 libwx_mac_core-2.5.3.dylib 0x016e3854 wxApp::MacDoOneEvent() + 0x4c
36 libwx_mac_core-2.5.3.dylib 0x016e34e8 wxApp::MainLoop() + 0x24
37 libwx_base_carbon-2.5.3.dylib 0x013ef6e0 wxEntry(int&, char**) + 0x60
38 com.amule 0x0017ad28 main + 0x18
39 com.amule 0x00002258 _start + 0x188 (crt.c:267)
40 com.amule 0x000020cc start + 0x30
Thread 1:
0 libSystem.B.dylib 0x9000b20c select + 0xc
1 com.apple.CoreFoundation 0x90196b10 __CFSocketManager + 0x1fc
2 libSystem.B.dylib 0x900246e8 _pthread_body + 0x28
PPC Thread State:
srr0: 0x935eff80 srr1: 0x0200f930 vrsave: 0x00000000
cr: 0x44022222 xer: 0x00000004 lr: 0x927d9958 ctr: 0x93608090
r0: 0x927d9958 r1: 0xbfffe600 r2: 0x00000000 r3: 0x503b4f30
r4: 0x00000000 r5: 0xcf000000 r6: 0x00000000 r7: 0x027fffff
r8: 0xff000000 r9: 0x05fdffff r10: 0x9360809c r11: 0xa27d1734
r12: 0x93608090 r13: 0x00000000 r14: 0x0455d7f0 r15: 0xa27f7e98
r16: 0xbfffeb60 r17: 0x00000000 r18: 0x503b4b00 r19: 0x00000000
r20: 0x00000100 r21: 0x00000000 r22: 0x00000914 r23: 0x00000000
r24: 0x00000000 r25: 0x503b4b00 r26: 0xbfffe6d0 r27: 0xbfffe798
r28: 0xbfffe6c0 r29: 0x057f4d00 r30: 0x503b4f30 r31: 0x927d97c8
Binary Images Description:...
About writing instructions: I used to compile amule myself from CVS and cvs-tarballs some time ago with wxWidget 2.5.2, but i lost track, when it was nessecary to compile wx 2.5.3 from CVS. So if you just need me to make a build with debug-symbols and attach gdb to it while running, I can do that myself, but i need some hints for compiling wxWidgets (CVS?, debuging symbols?, carbon?)
Cheers sssnake
-
OK. Since the crashes are different, this makes it more likely that something is writing all over memory. That's a very difficult king of bug to debug. Here's something you might try to help us:
Instead of launching aMule the normal way, launch it in gdb. In Terminal:
gdb /path/to/aMule.app/Contents/MacOS/amule
(Instead of typing "/path/to/aMule.app", you can just drag and drop the aMule icon into the Terminal window. Delete the space it adds at the end before typing the rest of the line.)
Within gdb, enter:
set env DYLD_INSERT_LIBRARIES /usr/lib/libgmalloc.dylib
set env DYLD_FORCE_FLAT_NAMESPACE 1
set env MALLOC_FILL_SPACE 1
run
This causes aMule to run with a debugging malloc library that makes it more likely that memory smashing bugs will causes crashes at their source instead of at some arbitrary later time.
This will cause aMule to run _much_ more slowly. It will probably also cause the rest of your system to be slow and thrash virtual memory (constantly swapping pages of memory out to disk and back). So, you may only want to do this just before leaving the computer for the night.
When aMule crashes, issue the commands
bt
bt full
and paste the output here. Use the "quit" command to get out of gdb.
-
Well, I posted the above before actually trying it myself. You'd need the patience of Job to get anywhere with that. After an hour or more it still hadn't finished reading my ipfilter.dat, let alone brought up the GUI.
Here's an alternative to try:
Instead ofset env DYLD_INSERT_LIBRARIES /usr/lib/libgmalloc.dylib
set env DYLD_FORCE_FLAT_NAMESPACE 1
set env MALLOC_FILL_SPACE 1
try
set env MallocGuardEdges 1
set env MallocScribble 1
That uses a less-aggressive debugging malloc library that doesn't slow down the program as much. I've tested it this time and aMule brings up the GUI in finite time.
-
OK, I'll try that while having another one:
Date/Time: 2004-12-28 07:14:17 +0100
OS Version: 10.3.7 (Build 7S215)
Report Version: 2
Command: amule
Path: /Applications/aMule.app/Contents/MacOS/amule
Version: 0.1 (2.0.0)
PID: 386
Thread: 0
Exception: EXC_BAD_ACCESS (0x0001)
Codes: KERN_PROTECTION_FAILURE (0x0002) at 0x00000000
Thread 0 Crashed:
0 <<00000000>> 0x00000000 0 + 0
1 libwx_base_carbon-2.5.3.dylib 0x013bef1c wxAppConsole::ProcessPendingEvents() + 0x74
2 libwx_mac_core-2.5.3.dylib 0x016e3930 wxApp::MacHandleOneEvent(void*) + 0x50
3 libwx_mac_core-2.5.3.dylib 0x016e38a4 wxApp::MacDoOneEvent() + 0x9c
4 libwx_mac_core-2.5.3.dylib 0x016e34e8 wxApp::MainLoop() + 0x24
5 libwx_base_carbon-2.5.3.dylib 0x013ef6e0 wxEntry(int&, char**) + 0x60
6 com.amule 0x0017ad28 main + 0x18
7 com.amule 0x00002258 _start + 0x188 (crt.c:267)
8 com.amule 0x000020cc start + 0x30
Thread 1:
0 libSystem.B.dylib 0x9000b20c select + 0xc
1 com.apple.CoreFoundation 0x90196b10 __CFSocketManager + 0x1fc
2 libSystem.B.dylib 0x900246e8 _pthread_body + 0x28
PPC Thread State:
srr0: 0x00000000 srr1: 0x4200f930 vrsave: 0x00000000
cr: 0x24000244 xer: 0x20000004 lr: 0x01426f6c ctr: 0x00000000
r0: 0x01426f50 r1: 0xbffffb70 r2: 0x00e9d01b r3: 0x38926830
r4: 0x38926830 r5: 0x01c19a80 r6: 0x00000000 r7: 0x00000001
r8: 0x00000001 r9: 0x00022e60 r10: 0x0017ac50 r11: 0x02059000
r12: 0x00000000 r13: 0x00000000 r14: 0x00000000 r15: 0x00000000
r16: 0x00000000 r17: 0x00000000 r18: 0x00000000 r19: 0x00000000
r20: 0x00000000 r21: 0x00000000 r22: 0x00000000 r23: 0x00000000
r24: 0x00000000 r25: 0x00000000 r26: 0xbffffe9c r27: 0x0145eeb0
r28: 0x01458350 r29: 0x37918510 r30: 0x38926830 r31: 0x013beeb0
Binary Images Description:
...
This time, there's nothing grafic related, as i see it... The next post will be with output from gdb, I promise.
cheers and thanx
-
Hi Ken,
here we go:
malloc[738]: protecting edges
malloc[738]: enabling scribbling to detect mods to free blocks
Initialising aMule
... (bla bla)
Reading symbols for shared libraries . done
*** malloc[738]: Deallocation of a pointer not malloced: 0x5f6c65b; This could be a double free(), or free() called with the middle of an allocated block; Try setting environment variable MallocHelp to see tools to help debug
... this repeats a lot, then:
*** malloc[738]: Deallocation of a pointer not malloced: 0x55555555; This could be a double free(), or free() called with the middle of an allocated block; Try setting environment variable MallocHelp to see tools to help debug
Program received signal EXC_BAD_ACCESS, Could not access memory.
0x90002e18 in szone_malloc ()
(gdb)then, bt gives me
#0 0x90002e18 in szone_malloc ()
#1 0x90001054 in malloc_zone_malloc ()
#2 0x90191ecc in _CFRuntimeCreateInstance ()
#3 0x901948f4 in __CFArrayInit ()
#4 0x90191b98 in __CFRunLoopDoObservers ()
#5 0x90195e74 in CFRunLoopRunSpecific ()
#6 0x927d5f60 in RunCurrentEventLoopInMode ()
#7 0x927dc640 in ReceiveNextEventCommon ()
#8 0x9284d7d4 in ReceiveNextEventInMode ()
#9 0x016e3854 in wxApp::MacDoOneEvent() ()
#10 0x016e34e8 in wxApp::MainLoop() ()
#11 0x013ef6e0 in wxEntry(int&, char**) ()
#12 0x0017ad28 in main ()
#13 0x00002258 in _start (argc=1, argv=0xbffffc0c, envp=0xbffffc14) at /SourceCache/Csu/Csu-46/crt.c:267
#14 0x000020cc in start ()and bt full
#0 0x90002e18 in szone_malloc ()
No symbol table info available.
#1 0x90001054 in malloc_zone_malloc ()
No symbol table info available.
#2 0x90191ecc in _CFRuntimeCreateInstance ()
No symbol table info available.
#3 0x901948f4 in __CFArrayInit ()
No symbol table info available.
#4 0x90191b98 in __CFRunLoopDoObservers ()
No symbol table info available.
#5 0x90195e74 in CFRunLoopRunSpecific ()
No symbol table info available.
#6 0x927d5f60 in RunCurrentEventLoopInMode ()
No symbol table info available.
#7 0x927dc640 in ReceiveNextEventCommon ()
No symbol table info available.
#8 0x9284d7d4 in ReceiveNextEventInMode ()
No symbol table info available.
#9 0x016e3854 in wxApp::MacDoOneEvent() ()
No symbol table info available.
#10 0x016e34e8 in wxApp::MainLoop() ()
No symbol table info available.
#11 0x013ef6e0 in wxEntry(int&, char**) ()
No symbol table info available.
#12 0x0017ad28 in main ()
No symbol table info available.
#13 0x00002258 in _start (argc=1, argv=0xbffffc0c, envp=0xbffffc14) at /SourceCache/Csu/Csu-46/crt.c:267
i = 33554516
p = 0x4
q = (char **) 0x5
term = (void (*)()) 0x8fe17d50 <__dyld__dyld_mod_term_funcs>
#14 0x000020cc in start ()
No locals.
(gdb)Does that help? Doesn't seem to be very informative, this one. Maybe I should compile the whole stuff includeing wx with debug symbols?
cheers sssnake
-
I just compiled wxMac 2.5.3 from source an amule rc 8 with --enable-debug --disable-optimise but when I start it with your two flags set in gdb, thats all I get right after starting amule:
malloc[28701]: protecting edges
malloc[28701]: enabling scribbling to detect mods to free blocks
Initialising aMule
Userhash loaded:
...
AICH Thread: Thread terminated.
Program received signal EXC_BAD_ACCESS, Could not access memory.
0x90190b2c in CFRelease ()
(gdb) bt
#0 0x90190b2c in CFRelease ()
#1 0x03d8b794 in GSocketGUIFunctionsTableConcrete::Destroy_Socket(GSocket*) ()
#2 0x03d8b794 in GSocketGUIFunctionsTableConcrete::Destroy_Socket(GSocket*) ()
#3 0x02dc6804 in GSocket::~GSocket() ()
#4 0x02dc6dfc in GSocket::WaitConnection() ()
#5 0x02dc4210 in wxSocketServer::AcceptWith(wxSocketBase&, bool) ()
#6 0x00018738 in CListenSocket::OnAccept(int) (this=0x81bdef0, nErrorCode=0) at ListenSocket.cpp:2362
#7 0x0014f8fc in CamuleGuiApp::ListenSocketHandler(wxSocketEvent&) (this=0x3c18c20, event=@0x81bcc50) at amule-gui.cpp:351
#8 0x03aa7104 in wxEvtHandler::ProcessEventIfMatches(wxEventTableEntryBase const&, wxEvtHandler*, wxEvent&) ()
#9 0x03aa68a0 in wxEventHashTable::HandleEvent(wxEvent&, wxEvtHandler*) ()
#10 0x03aa72b0 in wxEvtHandler::ProcessEvent(wxEvent&) ()
#11 0x03aa7004 in wxEvtHandler::ProcessPendingEvents() ()
#12 0x03a4af1c in wxAppConsole::ProcessPendingEvents() ()
#13 0x03d6c1bc in wxApp::MacHandleOneEvent(void*) ()
#14 0x03d6c130 in wxApp::MacDoOneEvent() ()
#15 0x03d6bd74 in wxApp::MainLoop() ()
#16 0x03a7ac58 in wxEntry(int&, char**) ()
#17 0x0014f27c in main (argc=1, argv=0xbffffbf8) at amule-gui.cpp:161
[/CODE|
bt full gives me
[CODE]#0 0x90190b2c in CFRelease ()
No symbol table info available.
#1 0x03d8b794 in GSocketGUIFunctionsTableConcrete::Destroy_Socket(GSocket*) ()
No symbol table info available.
#2 0x03d8b794 in GSocketGUIFunctionsTableConcrete::Destroy_Socket(GSocket*) ()
No symbol table info available.
#3 0x02dc6804 in GSocket::~GSocket() ()
No symbol table info available.
#4 0x02dc6dfc in GSocket::WaitConnection() ()
No symbol table info available.
#5 0x02dc4210 in wxSocketServer::AcceptWith(wxSocketBase&, bool) ()
No symbol table info available.
#6 0x00018738 in CListenSocket::OnAccept(int) (this=0x7ca07f0, nErrorCode=0) at ListenSocket.cpp:2362
newclient = (CClientReqSocket *) 0x7c49b50
#7 0x0014f8fc in CamuleGuiApp::ListenSocketHandler(wxSocketEvent&) (this=0x3c18c20, event=@0x7aafef0) at amule-gui.cpp:351
socket = (CListenSocket *) 0x7ca07f0
#8 0x03aa7104 in wxEvtHandler::ProcessEventIfMatches(wxEventTableEntryBase const&, wxEvtHandler*, wxEvent&) ()
No symbol table info available.
#9 0x03aa68a0 in wxEventHashTable::HandleEvent(wxEvent&, wxEvtHandler*) ()
No symbol table info available.
#10 0x03aa72b0 in wxEvtHandler::ProcessEvent(wxEvent&) ()
No symbol table info available.
#11 0x03aa7004 in wxEvtHandler::ProcessPendingEvents() ()
No symbol table info available.
#12 0x03a4af1c in wxAppConsole::ProcessPendingEvents() ()
No symbol table info available.
#13 0x03d6c1bc in wxApp::MacHandleOneEvent(void*) ()
No symbol table info available.
#14 0x03d6c130 in wxApp::MacDoOneEvent() ()
No symbol table info available.
#15 0x03d6bd74 in wxApp::MainLoop() ()
No symbol table info available.
#16 0x03a7ac58 in wxEntry(int&, char**) ()
No symbol table info available.
#17 0x0014f27c in main (argc=1, argv=0xbffffbf8) at amule-gui.cpp:161
No locals.It's kinda strange, because with the official amule rc 8 binary it gets further... Let me know what I can do next or what I've done wrong.
sssnake
-
Our binnary has a patch on sockets that avoids that. You ahve to use wxCVS.
-
Hi Kry (and Ken),
ups, I did it again... right, that was an issue some time ago, I forgot. So I downloaded wxWidgets from cvs yesterday (and updated the wiki for others not to do the same mistake) and compiled the src of amule 2rc8 against it (amule cvs tarball from 29.12. failed). It's been running since for 16.5 h without a crash now :-).
If I don't write anymore, the problem must have been somewhere within changes between wxWidgets from your version you used to compile the official amule 2rc8 binary for mac and the current version... or something with optimisation (hope not!). The only output I have from gdb for now is:
*** malloc[4863]: Deallocation of a pointer not malloced: 0x7fbfda0; This could be a double free(), or free() called with the middle of an allocated block; Try setting environment variable MallocHelp to see tools to help debugCheers and thanx for all the fish
sssnake
-
By the way, you can use gdb to find where those "Deallocation of a pointer not malloced" messages are coming from.
Put these lines before the "run" command:
set $bt_count=0
break malloc_printf
commands
silent
if $bt_count < 5
bt full
set $bt_count = $bt_count + 1
else
delete breakpoint 1 # use the proper number here, as reported after the break command, above
end
cont
end
This should print a full backtrace for the first five times that Deallocation message is printed. I haven't tested this, so apologies if it makes a mess for you. If it spews way too much data, you can always press ctrl-C to interrupt the program and delete the breakpoint manually. Then use the "cont" command to continue the program's execution.
-
Hi Ken,
I will try that and post the outcome in the OS X forum. Sadly, amule crashed just a minute ago. Here we go:
...
*** malloc[4863]: Deallocation of a pointer not malloced: 0x55555555; This could be a double free(), or free() called with the middle of an allocated block; Try setting environment variable MallocHelp to see tools to help debug
Program received signal EXC_BAD_ACCESS, Could not access memory.
0x9000239c in szone_calloc ()bt gives:
#0 0x9000239c in szone_calloc ()
#1 0x90002ce4 in malloc_zone_calloc ()
#2 0x900036ac in calloc ()
#3 0x9361388c in deviceStateCreate ()
#4 0x935fa080 in CGGStateDeviceReset ()
#5 0x935e46f4 in CGGStateReset ()
#6 0x9360a174 in CGGStateCreate ()
#7 0x9360a0d4 in CGGStackCreate ()
#8 0x91b8a99c in ripc_BeginContent ()
#9 0x91b86474 in ripc_GetPattern ()
#10 0x91b82fd0 in ripc_GetColor ()
#11 0x91b84514 in ripc_Render ()
#12 0x91b87a0c in ripc_DrawRects ()
#13 0x935f016c in __CGContextDrawRects ()
#14 0x93602e70 in CGContextFillRects ()
#15 0x93607764 in CGContextFillRect ()
#16 0x927d9990 in TilePixMapListCG ()
#17 0x927db764 in DrawPartCG(TTheme*, CGRect const&, CGRect const&, ThemePart*, ThemeStateData*, ThemeStateData*, float, CGContext*) ()
#18 0x927db3a4 in DrawLayoutCG(TTheme*, LayoutCache*, long, CGRect const&, unsigned short, unsigned long, CGRect const&, unsigned long const*, unsigned long const*, float, CGContext*) ()
#19 0x927e6dac in LayoutEngine::DrawLayoutWithClipComposited(TTheme*, long, CGRect const&, unsigned short, long const*, unsigned long, short, unsigned long const*, unsigned long const*, float, CGContext*, short) ()
#20 0x927faf60 in LayoutEngine::DrawLayoutWithClip(TTheme*, long, CGRect const&, unsigned short, long const*, unsigned long, short, unsigned long const*, CGContext*, short) ()
#21 0x927faf14 in LayoutEngine::DrawLayout(TTheme*, long, CGRect const&, unsigned short, long const*, unsigned long, unsigned long const*, CGContext*, short) ()
#22 0x927eb488 in DataEngine::DrawThemeTrack(HIThemeTrackDrawInfo const*, CGRect const*, ThemeEraseXUPP*, unsigned long, CGContext*) ()
#23 0x92808a10 in _HIThemeDrawTrack(HIThemeTrackDrawInfo const*, CGRect const*, ThemeEraseXUPP*, unsigned long, CGContext*, unsigned long) ()
#24 0x9280f5e8 in HIScrollBar::DrawSelf(short, OpaqueRgnHandle*, CGContext*) ()
#25 0x927f5a94 in HIView::DrawCacheOrSelf(short, OpaqueRgnHandle*, CGContext*) ()
#26 0x927d54d8 in HIView::EventHandler(OpaqueEventHandlerCallRef*, OpaqueEventRef*, void*) ()
#27 0x927d1fa0 in DispatchEventToHandlers ()
#28 0x927d2214 in SendEventToEventTargetInternal ()
#29 0x92828ac8 in CallNextEventHandler ()
#30 0x03dd95a8 in wxWindow::MacDoRedraw(void*, long) ()
#31 0x03dd3720 in wxMacWindowControlEventHandler(OpaqueEventHandlerCallRef*, OpaqueEventRef*, void*) ()
#32 0x03dd3fb8 in wxMacWindowEventHandler(OpaqueEventHandlerCallRef*, OpaqueEventRef*, void*) ()
#33 0x927d1fa0 in DispatchEventToHandlers ()
#34 0x927d2214 in SendEventToEventTargetInternal ()
#35 0x927d6694 in SendEventToEventTargetWithOptions ()
#36 0x927ddd34 in SendControlDefDraw(HIView*, short, OpaqueGrafPtr*, OpaqueRgnHandle*, CGContext*) ()
#37 0x927d7e54 in HIView::DrawComposited(OpaqueRgnHandle*, unsigned long, HIView*, CGContext*) ()
#38 0x927d7f5c in HIView::DrawComposited(OpaqueRgnHandle*, unsigned long, HIView*, CGContext*) ()
#39 0x927d7f5c in HIView::DrawComposited(OpaqueRgnHandle*, unsigned long, HIView*, CGContext*) ()
#40 0x927d7f5c in HIView::DrawComposited(OpaqueRgnHandle*, unsigned long, HIView*, CGContext*) ()
#41 0x927d7f5c in HIView::DrawComposited(OpaqueRgnHandle*, unsigned long, HIView*, CGContext*) ()
#42 0x927d7f5c in HIView::DrawComposited(OpaqueRgnHandle*, unsigned long, HIView*, CGContext*) ()
#43 0x927d7f5c in HIView::DrawComposited(OpaqueRgnHandle*, unsigned long, HIView*, CGContext*) ()
#44 0x927d7f5c in HIView::DrawComposited(OpaqueRgnHandle*, unsigned long, HIView*, CGContext*) ()
#45 0x927dcb5c in HIView::Draw(short, OpaqueGrafPtr*, OpaqueRgnHandle*, unsigned long, HIView*, CGContext*) ()
#46 0x9280aa70 in _HIViewRender ()
#47 0x927d1a70 in _FlushWindow ()
#48 0x927d2ad0 in FlushAllWindows ()
#49 0x927d3f10 in FlushAllBuffers(__CFRunLoopObserver*, CFRunLoopActivity, void*) ()
#50 0x90191ca0 in __CFRunLoopDoObservers ()
#51 0x90195e74 in CFRunLoopRunSpecific ()
#52 0x927d5f60 in RunCurrentEventLoopInMode ()
#53 0x927dc640 in ReceiveNextEventCommon ()
#54 0x9284d7d4 in ReceiveNextEventInMode ()
#55 0x03d8f8b0 in wxApp::MacDoOneEvent() ()
#56 0x03d8f544 in wxApp::MainLoop() ()
#57 0x03a98728 in wxEntry(int&, char**) ()
#58 0x0014fbd4 in main (argc=1, argv=0xbffffc0c) at amule-gui.cpp:161bt full gives:
#0 0x9000239c in szone_calloc ()
#1 0x90002ce4 in malloc_zone_calloc ()
#2 0x900036ac in calloc ()
#3 0x9361388c in deviceStateCreate ()
#4 0x935fa080 in CGGStateDeviceReset ()
#5 0x935e46f4 in CGGStateReset ()
#6 0x9360a174 in CGGStateCreate ()
#7 0x9360a0d4 in CGGStackCreate ()
#8 0x91b8a99c in ripc_BeginContent ()
#9 0x91b86474 in ripc_GetPattern ()
#10 0x91b82fd0 in ripc_GetColor ()
#11 0x91b84514 in ripc_Render ()
#12 0x91b87a0c in ripc_DrawRects ()
#13 0x935f016c in __CGContextDrawRects ()
#14 0x93602e70 in CGContextFillRects ()
#15 0x93607764 in CGContextFillRect ()
#16 0x927d9990 in TilePixMapListCG ()
#17 0x927db764 in DrawPartCG(TTheme*, CGRect const&, CGRect const&, ThemePart*, ThemeStateData*, ThemeStateData*, float, CGContext*) ()
#18 0x927db3a4 in DrawLayoutCG(TTheme*, LayoutCache*, long, CGRect const&, unsigned short, unsigned long, CGRect const&, unsigned long const*, unsigned long const*, float, CGContext*) ()
#19 0x927e6dac in LayoutEngine::DrawLayoutWithClipComposited(TTheme*, long, CGRect const&, unsigned short, long const*, unsigned long, short, unsigned long const*, unsigned long const*, float, CGContext*, short) ()
#20 0x927faf60 in LayoutEngine::DrawLayoutWithClip(TTheme*, long, CGRect const&, unsigned short, long const*, unsigned long, short, unsigned long const*, CGContext*, short) ()
#21 0x927faf14 in LayoutEngine::DrawLayout(TTheme*, long, CGRect const&, unsigned short, long const*, unsigned long, unsigned long const*, CGContext*, short) ()
#22 0x927eb488 in DataEngine::DrawThemeTrack(HIThemeTrackDrawInfo const*, CGRect const*, ThemeEraseXUPP*, unsigned long, CGContext*) ()
#23 0x92808a10 in _HIThemeDrawTrack(HIThemeTrackDrawInfo const*, CGRect const*, ThemeEraseXUPP*, unsigned long, CGContext*, unsigned long) ()
#24 0x9280f5e8 in HIScrollBar::DrawSelf(short, OpaqueRgnHandle*, CGContext*) ()
#25 0x927f5a94 in HIView::DrawCacheOrSelf(short, OpaqueRgnHandle*, CGContext*) ()
#26 0x927d54d8 in HIView::EventHandler(OpaqueEventHandlerCallRef*, OpaqueEventRef*, void*) ()
#27 0x927d1fa0 in DispatchEventToHandlers ()
#28 0x927d2214 in SendEventToEventTargetInternal ()
#29 0x92828ac8 in CallNextEventHandler ()
#30 0x03dd95a8 in wxWindow::MacDoRedraw(void*, long) ()
#31 0x03dd3720 in wxMacWindowControlEventHandler(OpaqueEventHandlerCallRef*, OpaqueEventRef*, void*) ()
#32 0x03dd3fb8 in wxMacWindowEventHandler(OpaqueEventHandlerCallRef*, OpaqueEventRef*, void*) ()
#33 0x927d1fa0 in DispatchEventToHandlers ()
#34 0x927d2214 in SendEventToEventTargetInternal ()
#35 0x927d6694 in SendEventToEventTargetWithOptions ()
#36 0x927ddd34 in SendControlDefDraw(HIView*, short, OpaqueGrafPtr*, OpaqueRgnHandle*, CGContext*) ()
#37 0x927d7e54 in HIView::DrawComposited(OpaqueRgnHandle*, unsigned long, HIView*, CGContext*) ()
#38 0x927d7f5c in HIView::DrawComposited(OpaqueRgnHandle*, unsigned long, HIView*, CGContext*) ()
#39 0x927d7f5c in HIView::DrawComposited(OpaqueRgnHandle*, unsigned long, HIView*, CGContext*) ()
#40 0x927d7f5c in HIView::DrawComposited(OpaqueRgnHandle*, unsigned long, HIView*, CGContext*) ()
#41 0x927d7f5c in HIView::DrawComposited(OpaqueRgnHandle*, unsigned long, HIView*, CGContext*) ()
#42 0x927d7f5c in HIView::DrawComposited(OpaqueRgnHandle*, unsigned long, HIView*, CGContext*) ()
#43 0x927d7f5c in HIView::DrawComposited(OpaqueRgnHandle*, unsigned long, HIView*, CGContext*) ()
#44 0x927d7f5c in HIView::DrawComposited(OpaqueRgnHandle*, unsigned long, HIView*, CGContext*) ()
#45 0x927dcb5c in HIView::Draw(short, OpaqueGrafPtr*, OpaqueRgnHandle*, unsigned long, HIView*, CGContext*) ()
#46 0x9280aa70 in _HIViewRender ()
#47 0x927d1a70 in _FlushWindow ()
#48 0x927d2ad0 in FlushAllWindows ()
#49 0x927d3f10 in FlushAllBuffers(__CFRunLoopObserver*, CFRunLoopActivity, void*) ()
#50 0x90191ca0 in __CFRunLoopDoObservers ()
#51 0x90195e74 in CFRunLoopRunSpecific ()
#52 0x927d5f60 in RunCurrentEventLoopInMode ()
#53 0x927dc640 in ReceiveNextEventCommon ()
#54 0x9284d7d4 in ReceiveNextEventInMode ()
#55 0x03d8f8b0 in wxApp::MacDoOneEvent() ()
#56 0x03d8f544 in wxApp::MainLoop() ()
#57 0x03a98728 in wxEntry(int&, char**) ()
#58 0x0014fbd4 in main (argc=1, argv=0xbffffc0c) at amule-gui.cpp:161
(gdb) bt full
#0 0x9000239c in szone_calloc ()
No symbol table info available.
#1 0x90002ce4 in malloc_zone_calloc ()
No symbol table info available.
#2 0x900036ac in calloc ()
No symbol table info available.
#3 0x9361388c in deviceStateCreate ()
No symbol table info available.
#4 0x935fa080 in CGGStateDeviceReset ()
No symbol table info available.
#5 0x935e46f4 in CGGStateReset ()
No symbol table info available.
#6 0x9360a174 in CGGStateCreate ()
No symbol table info available.
#7 0x9360a0d4 in CGGStackCreate ()
No symbol table info available.
#8 0x91b8a99c in ripc_BeginContent ()
No symbol table info available.
#9 0x91b86474 in ripc_GetPattern ()
No symbol table info available.
#10 0x91b82fd0 in ripc_GetColor ()
No symbol table info available.
#11 0x91b84514 in ripc_Render ()
No symbol table info available.
#12 0x91b87a0c in ripc_DrawRects ()
No symbol table info available.
#13 0x935f016c in __CGContextDrawRects ()
No symbol table info available.
#14 0x93602e70 in CGContextFillRects ()
No symbol table info available.
#15 0x93607764 in CGContextFillRect ()
No symbol table info available.
#16 0x927d9990 in TilePixMapListCG ()
No symbol table info available.
#17 0x927db764 in DrawPartCG(TTheme*, CGRect const&, CGRect const&, ThemePart*, ThemeStateData*, ThemeStateData*, float, CGContext*) ()
No symbol table info available.
#18 0x927db3a4 in DrawLayoutCG(TTheme*, LayoutCache*, long, CGRect const&, unsigned short, unsigned long, CGRect const&, unsigned long const*, unsigned long const*, float, CGContext*) ()
No symbol table info available.
#19 0x927e6dac in LayoutEngine::DrawLayoutWithClipComposited(TTheme*, long, CGRect const&, unsigned short, long const*, unsigned long, short, unsigned long const*, unsigned long const*, float, CGContext*, short) ()
No symbol table info available.
#20 0x927faf60 in LayoutEngine::DrawLayoutWithClip(TTheme*, long, CGRect const&, unsigned short, long const*, unsigned long, short, unsigned long const*, CGContext*, short) ()
No symbol table info available.
#21 0x927faf14 in LayoutEngine::DrawLayout(TTheme*, long, CGRect const&, unsigned short, long const*, unsigned long, unsigned long const*, CGContext*, short) ()
No symbol table info available.
#22 0x927eb488 in DataEngine::DrawThemeTrack(HIThemeTrackDrawInfo const*, CGRect const*, ThemeEraseXUPP*, unsigned long, CGContext*) ()
No symbol table info available.
#23 0x92808a10 in _HIThemeDrawTrack(HIThemeTrackDrawInfo const*, CGRect const*, ThemeEraseXUPP*, unsigned long, CGContext*, unsigned long) ()
No symbol table info available.
#24 0x9280f5e8 in HIScrollBar::DrawSelf(short, OpaqueRgnHandle*, CGContext*) ()
No symbol table info available.
#25 0x927f5a94 in HIView::DrawCacheOrSelf(short, OpaqueRgnHandle*, CGContext*) ()
No symbol table info available.
#26 0x927d54d8 in HIView::EventHandler(OpaqueEventHandlerCallRef*, OpaqueEventRef*, void*) ()
No symbol table info available.
#27 0x927d1fa0 in DispatchEventToHandlers ()
No symbol table info available.
#28 0x927d2214 in SendEventToEventTargetInternal ()
No symbol table info available.
#29 0x92828ac8 in CallNextEventHandler ()
No symbol table info available.
#30 0x03dd95a8 in wxWindow::MacDoRedraw(void*, long) ()
No symbol table info available.
#31 0x03dd3720 in wxMacWindowControlEventHandler(OpaqueEventHandlerCallRef*, OpaqueEventRef*, void*) ()
No symbol table info available.
#32 0x03dd3fb8 in wxMacWindowEventHandler(OpaqueEventHandlerCallRef*, OpaqueEventRef*, void*) ()
No symbol table info available.
#33 0x927d1fa0 in DispatchEventToHandlers ()
No symbol table info available.
#34 0x927d2214 in SendEventToEventTargetInternal ()
No symbol table info available.
#35 0x927d6694 in SendEventToEventTargetWithOptions ()
No symbol table info available.
#36 0x927ddd34 in SendControlDefDraw(HIView*, short, OpaqueGrafPtr*, OpaqueRgnHandle*, CGContext*) ()
No symbol table info available.
#37 0x927d7e54 in HIView::DrawComposited(OpaqueRgnHandle*, unsigned long, HIView*, CGContext*) ()
No symbol table info available.
#38 0x927d7f5c in HIView::DrawComposited(OpaqueRgnHandle*, unsigned long, HIView*, CGContext*) ()
No symbol table info available.
#39 0x927d7f5c in HIView::DrawComposited(OpaqueRgnHandle*, unsigned long, HIView*, CGContext*) ()
No symbol table info available.
#40 0x927d7f5c in HIView::DrawComposited(OpaqueRgnHandle*, unsigned long, HIView*, CGContext*) ()
No symbol table info available.
#41 0x927d7f5c in HIView::DrawComposited(OpaqueRgnHandle*, unsigned long, HIView*, CGContext*) ()
No symbol table info available.
#42 0x927d7f5c in HIView::DrawComposited(OpaqueRgnHandle*, unsigned long, HIView*, CGContext*) ()
No symbol table info available.
#43 0x927d7f5c in HIView::DrawComposited(OpaqueRgnHandle*, unsigned long, HIView*, CGContext*) ()
No symbol table info available.
#44 0x927d7f5c in HIView::DrawComposited(OpaqueRgnHandle*, unsigned long, HIView*, CGContext*) ()
No symbol table info available.
#45 0x927dcb5c in HIView::Draw(short, OpaqueGrafPtr*, OpaqueRgnHandle*, unsigned long, HIView*, CGContext*) ()
No symbol table info available.
#46 0x9280aa70 in _HIViewRender ()
No symbol table info available.
#47 0x927d1a70 in _FlushWindow ()
No symbol table info available.
#48 0x927d2ad0 in FlushAllWindows ()
No symbol table info available.
#49 0x927d3f10 in FlushAllBuffers(__CFRunLoopObserver*, CFRunLoopActivity, void*) ()
No symbol table info available.
#50 0x90191ca0 in __CFRunLoopDoObservers ()
No symbol table info available.
#51 0x90195e74 in CFRunLoopRunSpecific ()
No symbol table info available.
#52 0x927d5f60 in RunCurrentEventLoopInMode ()
No symbol table info available.
#53 0x927dc640 in ReceiveNextEventCommon ()
No symbol table info available.
#54 0x9284d7d4 in ReceiveNextEventInMode ()
No symbol table info available.
#55 0x03d8f8b0 in wxApp::MacDoOneEvent() ()
No symbol table info available.
#56 0x03d8f544 in wxApp::MainLoop() ()
No symbol table info available.
#57 0x03a98728 in wxEntry(int&, char**) ()
No symbol table info available.
#58 0x0014fbd4 in main (argc=1, argv=0xbffffc0c) at amule-gui.cpp:161
No locals.Hope it helps.
thanx sssnake
-
Thanks for keeping with it sssnake.
Unfortunately, that last crash again looks like the result of something trashing random memory. It crashed deep inside the Mac OS X libraries. The value 0x55555555 in the message just before the crash is somewhat revealing. That's the value that MallocScribble causes to be written into freed blocks. So, to see it come up here means a block was freed, overwritten with 0x55555555, but then some code was still referring to its contents and using the data as a pointer.
At this point, I'm hoping that tracking down the source(s) of the "Deallocation" messages may be our best bet at finding what is trashing memory.
Or, if you are willing to give the really slow libgmalloc technique a try (if you are leaving your machine unattended and not doing anything else for several days), you could try that.
-
Ah, I understand the scribble-stuff now. I tried your gdb script (didn't knew that gdb was scriptable!), I hope I found the relevant part in the output. First before any normal output of amule, I got
Starting program: /Applications/aMule.app/Contents/MacOS/amule
malloc[6061]: protecting edges
malloc[6061]: enabling scribbling to detect mods to free blocks
...
#0 0x9009e258 in malloc_printf ()
No symbol table info available.
#1 0x9009e6c8 in set_flags_from_environment ()
No symbol table info available.
#2 0x9001f67c in malloc_create_zone ()
No symbol table info available.
#3 0x9002bda4 in _malloc_initialize ()
No symbol table info available.
#4 0x90003694 in calloc ()
No symbol table info available.
#5 0x90012838 in dwarf2_unwind_dyld_add_image_hook ()
No symbol table info available.
#6 0x8fe18148 in __dyld_register_func_for_add_image ()
No symbol table info available.
#7 0x8fe1359c in __dyld__dyld_register_func_for_add_image ()
No symbol table info available.
#8 0x9002b7f4 in _dyld_register_func_for_add_image ()
No symbol table info available.
#9 0x9002ed04 in __keymgr_dwarf2_register_sections ()
No symbol table info available.
#10 0x0000a698 in _start (argc=1, argv=0xbffffc0c, envp=0xbffffc14) at /SourceCache/Csu/Csu-46/crt.c:202
i = -1610597156
p = 0xbffffc14 "¿ÿüå¿ÿý=¿ÿýY¿ÿýj¿ÿýz¿ÿý\212¿ÿý\233¿ÿý²¿ÿýÏ¿ÿýâ¿ÿý÷¿ÿþ\037¿ÿþ'¿ÿþ5¿ÿþW¿ÿþÛ¿ÿÿ\001¿ÿÿ\017¿ÿÿ,¿ÿÿG¿ÿÿO¿ÿÿ^¿ÿÿk¿ÿÿ¦¿ÿÿ±¿ÿÿâ"
q = (char **) 0x8fe5322c
term = (void (*)(void)) 0
#11 0x0000a618 in start ()
No locals.
then later
malloc[6061]: enabling scribbling to detect mods to free blocks
Initialising aMule
...
AICH Thread: Thread terminated.
#0 0x9009e258 in malloc_printf ()
No symbol table info available.
#1 0x90000f8c in free ()
No symbol table info available.
#2 0x02fa68b0 in GAddress_destroy ()
No symbol table info available.
#3 0x02fa4f48 in GSocket::~GSocket() ()
No symbol table info available.
#4 0x02fa5588 in GSocket::WaitConnection() ()
No symbol table info available.
#5 0x02fa331c in wxSocketServer::AcceptWith(wxSocketBase&, bool) ()
No symbol table info available.
#6 0x00018738 in CListenSocket::OnAccept(int) (this=0x7da4530, nErrorCode=0) at ListenSocket.cpp:2362
newclient = (CClientReqSocket *) 0x7f34610
#7 0x00150254 in CamuleGuiApp::ListenSocketHandler(wxSocketEvent&) (this=0x3c19a50, event=@0x7f375c0) at amule-gui.cpp:351
socket = (CListenSocket *) 0x7da4530
#8 0x03ad0260 in wxEvtHandler::ProcessEventIfMatches(wxEventTableEntryBase const&, wxEvtHandler*, wxEvent&) ()
No symbol table info available.
#9 0x03acf9ec in wxEventHashTable::HandleEvent(wxEvent&, wxEvtHandler*) ()
No symbol table info available.
#10 0x03ad040c in wxEvtHandler::ProcessEvent(wxEvent&) ()
No symbol table info available.
#11 0x03ad0154 in wxEvtHandler::ProcessPendingEvents() ()
No symbol table info available.
#12 0x03a67f1c in wxAppConsole::ProcessPendingEvents() ()
No symbol table info available.
#13 0x03d8f98c in wxApp::MacHandleOneEvent(void*) ()
No symbol table info available.
#14 0x03d8f900 in wxApp::MacDoOneEvent() ()
No symbol table info available.
#15 0x03d8f544 in wxApp::MainLoop() ()
No symbol table info available.
#16 0x03a98728 in wxEntry(int&, char**) ()
No symbol table info available.
#17 0x0014fbd4 in main (argc=1, argv=0xbffffc0c) at amule-gui.cpp:161
No locals.
*** malloc[6061]: Deallocation of a pointer not malloced: 0x7d8c80b; This could be a double free(), or free() called with the middle of an allocated block; Try setting environment variable MallocHelp to see tools to help debug
#0 0x9009e258 in malloc_printf ()
No symbol table info available.
#1 0x90001aac in szone_free ()
No symbol table info available.
#2 0x02fa4f48 in GSocket::~GSocket() ()
No symbol table info available.
#3 0x02fa5588 in GSocket::WaitConnection() ()
No symbol table info available.
#4 0x02fa331c in wxSocketServer::AcceptWith(wxSocketBase&, bool) ()
No symbol table info available.
#5 0x00018738 in CListenSocket::OnAccept(int) (this=0x7da4530, nErrorCode=0) at ListenSocket.cpp:2362
newclient = (CClientReqSocket *) 0x7f34610
#6 0x00150254 in CamuleGuiApp::ListenSocketHandler(wxSocketEvent&) (this=0x3c19a50, event=@0x7f375c0) at amule-gui.cpp:351
socket = (CListenSocket *) 0x7da4530
#7 0x03ad0260 in wxEvtHandler::ProcessEventIfMatches(wxEventTableEntryBase const&, wxEvtHandler*, wxEvent&) ()
No symbol table info available.
#8 0x03acf9ec in wxEventHashTable::HandleEvent(wxEvent&, wxEvtHandler*) ()
No symbol table info available.
#9 0x03ad040c in wxEvtHandler::ProcessEvent(wxEvent&) ()
No symbol table info available.
#10 0x03ad0154 in wxEvtHandler::ProcessPendingEvents() ()
No symbol table info available.
#11 0x03a67f1c in wxAppConsole::ProcessPendingEvents() ()
No symbol table info available.
#12 0x03d8f98c in wxApp::MacHandleOneEvent(void*) ()
No symbol table info available.
#13 0x03d8f900 in wxApp::MacDoOneEvent() ()
No symbol table info available.
#14 0x03d8f544 in wxApp::MainLoop() ()
No symbol table info available.
#15 0x03a98728 in wxEntry(int&, char**) ()
No symbol table info available.
#16 0x0014fbd4 in main (argc=1, argv=0xbffffc0c) at amule-gui.cpp:161
No locals.
*** malloc[6061]: error for object 0x7f00640: Double free
#0 0x9009e258 in malloc_printf ()
No symbol table info available.
#1 0x90000f8c in free ()
No symbol table info available.
#2 0x02fa68b0 in GAddress_destroy ()
No symbol table info available.
#3 0x02fa4f48 in GSocket::~GSocket() ()
No symbol table info available.
#4 0x02fa5588 in GSocket::WaitConnection() ()
No symbol table info available.
#5 0x02fa331c in wxSocketServer::AcceptWith(wxSocketBase&, bool) ()
No symbol table info available.
#6 0x00018738 in CListenSocket::OnAccept(int) (this=0x7da4530, nErrorCode=0) at ListenSocket.cpp:2362
newclient = (CClientReqSocket *) 0x7f10930
#7 0x00150254 in CamuleGuiApp::ListenSocketHandler(wxSocketEvent&) (this=0x3c19a50, event=@0x7dfdea0) at amule-gui.cpp:351
socket = (CListenSocket *) 0x7da4530
#8 0x03ad0260 in wxEvtHandler::ProcessEventIfMatches(wxEventTableEntryBase const&, wxEvtHandler*, wxEvent&) ()
No symbol table info available.
#9 0x03acf9ec in wxEventHashTable::HandleEvent(wxEvent&, wxEvtHandler*) ()
No symbol table info available.
#10 0x03ad040c in wxEvtHandler::ProcessEvent(wxEvent&) ()
No symbol table info available.
#11 0x03ad0154 in wxEvtHandler::ProcessPendingEvents() ()
No symbol table info available.
#12 0x03a67f1c in wxAppConsole::ProcessPendingEvents() ()
No symbol table info available.
#13 0x03d8f98c in wxApp::MacHandleOneEvent(void*) ()
No symbol table info available.
#14 0x03d8f900 in wxApp::MacDoOneEvent() ()
No symbol table info available.
#15 0x03d8f544 in wxApp::MainLoop() ()
No symbol table info available.
#16 0x03a98728 in wxEntry(int&, char**) ()
No symbol table info available.
#17 0x0014fbd4 in main (argc=1, argv=0xbffffc0c) at amule-gui.cpp:161
No locals.
The rest is the normal
*** malloc[6061]: Deallocation of a pointer not malloced: 0x7f1783b; This could be a double free(), or free() called with the middle of an allocated block; Try setting environment variable MallocHelp to see tools to help debugwithout further output.
I will try the libgmalloc now, this is very educateing for me hehe.
cheers sssnake
-
Unfortunately, I did not have libgmalloc on my mac. Googleing around, I found, that: "Guard Malloc (aka. libgmalloc)" ... and ... "Guard Malloc is part of
Xcode 1.5, so you'll want to install that first if you haven't already.
You can download it from ", OS X 10.3 is needed. Had to make a Apple Developer Connection Membership to download... argh!, and am currently downloading the 372.4 MB disk image!!
In a year or so: sssnake
-
And here is the really slow libgmalloc tecnique:
(gdb) set env DYLD_INSERT_LIBRARIES /usr/lib/libgmalloc.dylib
(gdb) set env DYLD_FORCE_FLAT_NAMESPACE 1
(gdb) set env MALLOC_FILL_SPACE 1
(gdb) run
Starting program: /Applications/aMule.app/Contents/MacOS/amule
...
AICH Thread: Thread terminated.
Program received signal EXC_BAD_ACCESS, Could not access memory.
0x02fa68a0 in GAddress_destroy ()bt gives
#0 0x02fa68a0 in GAddress_destroy ()
#1 0x02fa4f48 in GSocket::~GSocket() ()
#2 0x02fa5588 in GSocket::WaitConnection() ()
#3 0x02fa331c in wxSocketServer::AcceptWith(wxSocketBase&, bool) ()
#4 0x00018738 in CListenSocket::OnAccept(int) (this=0x5f7d8f48, nErrorCode=0) at ListenSocket.cpp:2362
#5 0x00150254 in CamuleGuiApp::ListenSocketHandler(wxSocketEvent&) (this=0xb263ce90, event=@0xc0dcfd0) at amule-gui.cpp:351
#6 0x03c27260 in wxEvtHandler::ProcessEventIfMatches(wxEventTableEntryBase const&, wxEvtHandler*, wxEvent&) ()
#7 0x03c269ec in wxEventHashTable::HandleEvent(wxEvent&, wxEvtHandler*) ()
#8 0x03c2740c in wxEvtHandler::ProcessEvent(wxEvent&) ()
#9 0x03c27154 in wxEvtHandler::ProcessPendingEvents() ()
#10 0x03bbef1c in wxAppConsole::ProcessPendingEvents() ()
#11 0x0481398c in wxApp::MacHandleOneEvent(void*) ()
#12 0x04813900 in wxApp::MacDoOneEvent() ()
#13 0x04813544 in wxApp::MainLoop() ()
#14 0x03bef728 in wxEntry(int&, char**) ()
#15 0x0014fbd4 in main (argc=1, argv=0xbffffbcc) at amule-gui.cpp:161bt full gives
#0 0x02fa68a0 in GAddress_destroy ()
No symbol table info available.
#1 0x02fa4f48 in GSocket::~GSocket() ()
No symbol table info available.
#2 0x02fa5588 in GSocket::WaitConnection() ()
No symbol table info available.
#3 0x02fa331c in wxSocketServer::AcceptWith(wxSocketBase&, bool) ()
No symbol table info available.
#4 0x00018738 in CListenSocket::OnAccept(int) (this=0x5f7d8f48, nErrorCode=0) at ListenSocket.cpp:2362
newclient = (CClientReqSocket *) 0xc13ef18
#5 0x00150254 in CamuleGuiApp::ListenSocketHandler(wxSocketEvent&) (this=0xb263ce90, event=@0xc0dcfd0) at amule-gui.cpp:351
socket = (CListenSocket *) 0x5f7d8f48
#6 0x03c27260 in wxEvtHandler::ProcessEventIfMatches(wxEventTableEntryBase const&, wxEvtHandler*, wxEvent&) ()
No symbol table info available.
#7 0x03c269ec in wxEventHashTable::HandleEvent(wxEvent&, wxEvtHandler*) ()
No symbol table info available.
#8 0x03c2740c in wxEvtHandler::ProcessEvent(wxEvent&) ()
No symbol table info available.
#9 0x03c27154 in wxEvtHandler::ProcessPendingEvents() ()
No symbol table info available.
#10 0x03bbef1c in wxAppConsole::ProcessPendingEvents() ()
No symbol table info available.
#11 0x0481398c in wxApp::MacHandleOneEvent(void*) ()
No symbol table info available.
#12 0x04813900 in wxApp::MacDoOneEvent() ()
No symbol table info available.
#13 0x04813544 in wxApp::MainLoop() ()
No symbol table info available.
#14 0x03bef728 in wxEntry(int&, char**) ()
No symbol table info available.
#15 0x0014fbd4 in main (argc=1, argv=0xbffffbcc) at amule-gui.cpp:161
No locals.This just happens after short time, although with this tecnique, I'm glad it's like that. I guess, this looks like the report with the other tecnique...
sssnake
PS: It looks like the bug you have with wxWidget 2.3.5, but its useing wx from CVS, I swear :-)!
-
Oh, I didn't realize that you would have to download a new version of Xcode. Sorry about the hassle, but glad you did it. Thanks. :)
Yes, it crashes right away. That's the purpose and benefit of libgmalloc. Which is good, as you say, because it is so slow.
OK, I found the double-free in wxWidgets. In src/unix/gsocket.cpp, line 583 is the following: GAddress_destroy(connection->m_peer);
delete connection;Since connection->m_peer is part of connection, it is cleaned up by the destructor as part of the delete statement. But it was already cleaned up by GAddress_destroy statement immediately above. So, double-free.
So, sssnake, to test this fix you can comment out the GAddress_destroy line. Add "//" at the beginning so it becomes: // GAddress_destroy(connection->m_peer);
delete connection;Rebuild wxMac and amule. You may need to delete the amule executable (/src/amule) to force it to be relinked because make won't know that the library has changed.
Unfortunately, this error is mostly benign and is probably not the source of the crashes. It is a source (probably not the only one) of the "Deallocation of a pointer not malloced" message. It is enough to cause libgmalloc to crash the program, so solving it will allow the program to get further and hopefully find the real source of the crashes. You may have to endure a bit more of this stop-and-go debugging before we get to the real bug. Thanks for being so patient.
-
Hi Ken, happy new year!
I hope you will commit your fix to wxWidgets :-)
I let amule run with the libgmalloc tecnique, until now no results after the changes. that certanly means, you corrected the first bug this way. My problem is, that I have with libgmalloc no high-id and no download and an upload with maximum of 0.1 kb/s. that means, my computer is just too slow for this. as i recall, you haven't had my errors (OS X) and you have low id, because your behind a firewall. that means to me, that the error probably only occures with high id :-(. so: is there a way to start amule with gdb "normally" and later to initiate a break after having a high id to insert libgmalloc?
what i do now is run the app with gdb and "set env MallocGuardEdges 1" and "set env MallocScribble 1" because i want to see, if the double free bug is still here. until, i haven't seen it on the output... I'll keep you informed if the error is really gone or not.
cheers sssnake
-
That did it. The "Deallocation of a pointer not malloced" is gone with your fix! amule runs for 12 hours and no similar message until now! Thank you: :baby:
sssnake
-
Wow, I'm pleasantly surprised that my fix for the double-free fixed your crashing problem altogether. I'm glad it's working for you now. :D
I submitted the patch to wxWidgets shortly after suggesting it to you, but it has to be reviewed by one of their developers before it is accepted. Understandably, they seem to be taking time off for the holidays. So, it may be a while before the patch is reviewed and accepted.
As to your questionis there a way to start amule with gdb "normally" and later to initiate a break after having a high id to insert libgmalloc?
Unfortunately, no. Or at least, not any reasonable way. But, I see what you mean: if the bug is high-id only and libgmalloc prevents you from getting high-id, then libgmalloc can't be used to diagnose the bug. Well, in any case, we seem to have gotten far enough. :)
Thanks again for your work and your patience in helping to track this down. You deserve to share the credit for this fix.
-
Hi,
One Italian Mac user have this problems:
amule(184,0x244f800) malloc: *** Deallocation of a pointer not malloced: 0xf007f71d; This could be a double free(), or free() called with the middle of an allocated block; Try setting environment variable MallocHelp to see tools to help debug
amule(184,0x244f800) malloc: *** Deallocation of a pointer not malloced: 0xf007f719; This could be a double free(), or free() called with the middle of an allocated block; Try setting environment variable MallocHelp to see tools to help debug
The thread is this (http://forum.amule.org/thread.php?postid=53561#post53561), the problem is on aMule or the permission settings? ?(
Best regards,
Truzzone :)
-
Problem is on aMule or wx. We'll need more diagnose...
-
Hi,
thanks for your reply.
Another Italian user (http://forum.amule.org/thread.php?threadid=9763) with the same problem? ?(
amule(330,0x202ae00) malloc: *** Deallocation of a pointer not malloced: 0xf007f75d; This could be a double free(), or free() called with the middle of an allocated block; Try setting environment variable MallocHelp to see tools to help debug
amule(330,0x202ae00) malloc: *** Deallocation of a pointer not malloced: 0xf007f759; This could be a double free(), or free() called with the middle of an allocated block; Try setting environment variable MallocHelp to see tools to help debug
It's available gdb for Mac OS X?
What is the method of debugging on Mac OS X, I know little Mac OS X :)) ? ?(
Best regards,
Truzzone :)
-
I was seeing those malloc errors, too. But the issue seems to have been fixed in CVS now, as I don't get them anymore.
If you are interested in debugging on OS X, I wrote up some instructions here (http://forum.amule.org/thread.php?threadid=7670&sid=).
-
Originally posted by lionel77
I was seeing those malloc errors, too. But the issue seems to have been fixed in CVS now, as I don't get them anymore.
Thanks for the work :D.
Have you planned an update of aMule CVS Binaries? ?(
Originally posted by lionel77
If you are interested in debugging on OS X, I wrote up some instructions here (http://forum.amule.org/thread.php?threadid=7670&sid=).
Sorry I haven't see the sticky on Mac Section :))
Best regards,
Truzzone :)
-
And see this post (http://forum.amule.org/thread.php?postid=24295#post24295) earlier in the thread for a way to diagnose the "Deallocation of a pointer not malloced" messages using gdb.