search

epics-modules / Dante

EPICS module for support of Dante digital pulse processors
1 stars 4 forks source link

EPICS driver is crashing when reading mapping data #15

Closed MarkRivers closed 3 years ago

MarkRivers commented 3 years ago

The EPICS driver is crashing when calling getAllData for the third mca.

This is the code:

    // Now read the same number of spectra from each board
    for (board=0; board<numBoards_; board++) {
        pMappingMCAData_   [board] = (uint16_t *)       malloc(numAvailable * numMCAChannels * sizeof(uint16_t));
        pMappingSpectrumId_[board] = (uint32_t *)       malloc(numAvailable * sizeof(uint32_t));
        pMappingStats_     [board] = (mappingStats *)   malloc(numAvailable * sizeof(mappingStats));
        pMappingAdvStats_  [board] = (mappingAdvStats *)malloc(numAvailable * sizeof(mappingAdvStats));
asynPrint(pasynUserSelf, ASYN_TRACE_ERROR, "%s::%s calling getAllData board=%d, spectra_size=%d, data_number=%d\n", 
driverName, functionName, board, (int)spectraSize, numAvailable);
        if (!getAllData(danteIdentifier_, board, pMappingMCAData_[board], pMappingSpectrumId_[board], 
                        (double *)pMappingStats_[board], (uint64_t*)pMappingAdvStats_[board], spectraSize, numAvailable)) {
            asynPrint(pasynUserSelf, ASYN_TRACE_ERROR, "%s::%s error calling getAllData\n", driverName, functionName);
            status = asynError;
            goto done;
        }
    }

This is the output when it crashes:

2021/04/07 13:31:32.019 Dante::pollMCAMappingMode calling getAllData board=0, spectra_size=2048, data_number=1
2021/04/07 13:31:32.019 Dante::pollMCAMappingMode calling getAllData board=1, spectra_size=2048, data_number=1
*** Error in `../../bin/linux-x86_64/mcaDanteApp': free(): invalid pointer: 0x00007fe574002c50 ***
======= Backtrace: =========
/lib64/libc.so.6(+0x81499)[0x7fe68d135499]
/home/epics/devel/dante-1-0/lib/linux-x86_64/libXGL_DPP.so.1(+0x2bd247)[0x7fe68e9cf247]
../../bin/linux-x86_64/mcaDanteApp(_ZN5Dante18pollMCAMappingModeEv+0x224)[0x59d5d4]
../../bin/linux-x86_64/mcaDanteApp(_ZN5Dante15acquisitionTaskEv+0x378)[0x59eef8]
../../bin/linux-x86_64/mcaDanteApp[0xeb423c]
/lib64/libpthread.so.0(+0x7e25)[0x7fe68e2f9e25]
/lib64/libc.so.6(clone+0x6d)[0x7fe68d1b2bad]

This is the stack trace from gdb:

(gdb) bt
#0  0x00007fe68d0ea277 in raise () from /lib64/libc.so.6
#1  0x00007fe68d0eb968 in abort () from /lib64/libc.so.6
#2  0x00007fe68d12cd37 in __libc_message () from /lib64/libc.so.6
#3  0x00007fe68d135499 in _int_free () from /lib64/libc.so.6
#4  0x00007fe68e9cf247 in int_getAllData(char const*, unsigned short, unsigned short*, unsigned int*, double*, unsigned long*, unsigned int&, unsigned int&) ()
   from /home/epics/devel/dante-1-0/lib/linux-x86_64/libXGL_DPP.so.1
#5  0x000000000059d5d4 in Dante::pollMCAMappingMode (this=this@entry=0x1a305f0) at ../dante.cpp:1298
#6  0x000000000059eef8 in Dante::acquisitionTask (this=0x1a305f0) at ../dante.cpp:1206
#7  0x0000000000eb423c in start_routine (arg=0x1a56010) at ../osi/os/posix/osdThread.c:412
#8  0x00007fe68e2f9e25 in start_thread () from /lib64/libpthread.so.0
#9  0x00007fe68d1b2bad in clone () from /lib64/libc.so.6

It appears that getAllData() in the libXGL_DPP.so library is calling _int_free(), and that is crashing. I don't understand this, and why does it only crash on the third spectrum?

MarkRivers commented 3 years ago

This problem is easily reproduced in a version of DPP_Test.cpp which does a mapping run with 2048 channel spectra. Closing this issue and creating a new one.