search

projectM-visualizer / frontend-sdl2

Standalone application based on SDL2 that turns your desktop audio into awesome visuals. Available on most platforms supported by both libprojectM and libSDL2.
GNU General Public License v3.0
57 stars 32 forks source link

Several crashes (free(): corrupted unsorted chunks, etc) #65

Closed tux3 closed 8 months ago

tux3 commented 8 months ago

Hello,

I was running the SDL frontend and got this SIGABRT

free(): corrupted unsorted chunks
zsh: IOT instruction (core dumped)  ./src/projectMSDL -d0 -p ~/Downloads/creamofthecrop_20200216/Presets

Looking at coredumpctl, it seems to crash frequently:

TIME                           PID  UID  GID SIG     COREFILE EXE                                             SIZE
Sun 2023-11-05 11:40:22 CET 600546 1000 1000 SIGABRT present  /code/build/frontend-sdl2/build/src/projectMSDL 6.9M
Sun 2023-11-05 11:43:12 CET 602748 1000 1000 SIGABRT present  /code/build/frontend-sdl2/build/src/projectMSDL 6.6M
Sun 2023-11-05 11:49:01 CET 603495 1000 1000 SIGABRT present  /code/build/frontend-sdl2/build/src/projectMSDL 6.8M
Sun 2023-11-05 11:50:44 CET 604802 1000 1000 SIGABRT present  /code/build/frontend-sdl2/build/src/projectMSDL 6.8M
Sun 2023-11-05 12:09:22 CET 605217 1000 1000 SIGABRT present  /code/build/frontend-sdl2/build/src/projectMSDL 7.7M
Sun 2023-11-05 12:21:05 CET 609514 1000 1000 SIGABRT present  /code/build/frontend-sdl2/build/src/projectMSDL 8.0M

I build projectM and the sdl frontend from source today, so both are up-to-date.

Here's all the coredumps I have (in two zip files, because Github upload limits): crashes.zip crashes2.zip

And here's the coredump info and backtrace from one of them, if that helps:

           PID: 609514 (projectMSDL)
           UID: 1000 (tux3)
           GID: 1000 (tux3)
        Signal: 6 (ABRT)
     Timestamp: Sun 2023-11-05 12:21:05 CET (41min ago)
  Command Line: ./src/projectMSDL -d0 -p /home/tux3/Downloads/creamofthecrop_20200216/Presets --beatSensitivity=3 --texturePath=~/Downloads/creamofthecrop_20200216/Textures
    Executable: /code/build/frontend-sdl2/build/src/projectMSDL
 Control Group: /user.slice/user-1000.slice/user@1000.service/app.slice/app-org.kde.konsole-1c5a8f74c6fb42e1bcd69ea582adb4aa.scope
          Unit: user@1000.service
     User Unit: app-org.kde.konsole-1c5a8f74c6fb42e1bcd69ea582adb4aa.scope
         Slice: user-1000.slice
     Owner UID: 1000 (tux3)
       Boot ID: 3fe8b43996fc434b8747bc4e7ec4b4cc
    Machine ID: 213125c76a0040c1b8508d5c7f35567a
      Hostname: home
       Storage: /var/lib/systemd/coredump/core.projectMSDL.1000.3fe8b43996fc434b8747bc4e7ec4b4cc.609514.1699183265000000.zst (present)
  Size on Disk: 8.0M
       Message: Process 609514 (projectMSDL) of user 1000 dumped core.

                Module libzstd.so.1 from deb libzstd-1.5.5+dfsg2-2.amd64
                Module libsystemd.so.0 from deb systemd-254.5-1.amd64
                Stack trace of thread 609514:
                #0  0x00007f22d66a80fc __pthread_kill_implementation (libc.so.6 + 0x8a0fc)
                #1  0x00007f22d665a472 __GI_raise (libc.so.6 + 0x3c472)
                #2  0x00007f22d66444b2 __GI_abort (libc.so.6 + 0x264b2)
                #3  0x00007f22d66451ed __libc_message (libc.so.6 + 0x271ed)
                #4  0x00007f22d66b1a75 malloc_printerr (libc.so.6 + 0x93a75)
                #5  0x00007f22d66b3b5c _int_free (libc.so.6 + 0x95b5c)
                #6  0x00007f22d66b616f __GI___libc_free (libc.so.6 + 0x9816f)
                #7  0x00007f22d7128232 _ZN4Poco4Util11ApplicationD1Ev (libPocoUtil.so.80 + 0x41232)
                #8  0x000055b60f097c7f _ZN22ProjectMSDLApplicationD0Ev (projectMSDL + 0xdc7f)
                #9  0x000055b60f09213e main (projectMSDL + 0x813e)
                #10 0x00007f22d66456ca __libc_start_call_main (libc.so.6 + 0x276ca)
                #11 0x00007f22d6645785 __libc_start_main_impl (libc.so.6 + 0x27785)
                #12 0x000055b60f0921a1 _start (projectMSDL + 0x81a1)

                Stack trace of thread 609519:
                #0  0x00007f22d66a3156 __futex_abstimed_wait_common64 (libc.so.6 + 0x85156)
                #1  0x00007f22d66a5818 __pthread_cond_wait_common (libc.so.6 + 0x87818)
                #2  0x00007f22d6ca9adb _ZN4Poco9EventImpl8waitImplEv (libPocoFoundation.so.80 + 0xdcadb)
                #3  0x00007f22d6cd7ccb _ZN4Poco17NotificationQueue23waitDequeueNotificationEv (libPocoFoundation.so.80 + 0x10accb)
                #4  0x00007f22d6c8ff4d _ZN4Poco12AsyncChannel3runEv (libPocoFoundation.so.80 + 0xc2f4d)
                #5  0x00007f22d6d0d68a _ZN4Poco10ThreadImpl13runnableEntryEPv (libPocoFoundation.so.80 + 0x14068a)
                #6  0x00007f22d66a63ec start_thread (libc.so.6 + 0x883ec)
                #7  0x00007f22d6726a4c __clone3 (libc.so.6 + 0x108a4c)
                ELF object binary architecture: AMD x86-64
Core was generated by `./src/projectMSDL -d0 -p /home/tux3/Downloads/creamofthecrop_20200216/Presets -'.
Program terminated with signal SIGABRT, Aborted.
#0  __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at ./nptl/pthread_kill.c:44
Download failed: Invalid argument.  Continuing without source file ./nptl/./nptl/pthread_kill.c.                                                                                                                                                                               
44      ./nptl/pthread_kill.c: No such file or directory.
[Current thread is 1 (Thread 0x7f22d5506840 (LWP 609514))]
#0  __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at ./nptl/pthread_kill.c:44
        tid = <optimized out>
        ret = 0
        pd = <optimized out>
        old_mask = {__val = {11}}
        ret = <optimized out>
#1  0x00007f22d66a815f in __pthread_kill_internal (signo=6, threadid=<optimized out>) at ./nptl/pthread_kill.c:78
No locals.
#2  0x00007f22d665a472 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
        ret = <optimized out>
#3  0x00007f22d66444b2 in __GI_abort () at ./stdlib/abort.c:79
--Type <RET> for more, q to quit, c to continue without paging--
        save_stage = 1
        act = {__sigaction_handler = {sa_handler = 0x20, sa_sigaction = 0x20}, sa_mask = {__val = {11, 18446744073709551464, 11, 7, 94240438427680, 2464, 140732829262160, 139787612069952, 94240438288368, 1065353216, 0, 4652220339219070976, 0, 1082130432, 0, 
              3292528640}}, sa_flags = 0, sa_restorer = 0x0}
#4  0x00007f22d66451ed in __libc_message (fmt=fmt@entry=0x7f22d67b778c "%s\n") at ../sysdeps/posix/libc_fatal.c:150
        ap = {{gp_offset = 16, fp_offset = 0, overflow_arg_area = 0x7ffeea4be310, reg_save_area = 0x7ffeea4be2a0}}
        fd = <optimized out>
        list = <optimized out>
        nlist = <optimized out>
        cp = <optimized out>
#5  0x00007f22d66b1a75 in malloc_printerr (str=str@entry=0x7f22d67ba6e0 "free(): corrupted unsorted chunks") at ./malloc/malloc.c:5658
No locals.
#6  0x00007f22d66b3b5c in _int_free (av=0x7f22d67f1c80 <main_arena>, p=0x55b60fd8ce40, have_lock=<optimized out>, have_lock@entry=0) at ./malloc/malloc.c:4623
        size = <optimized out>
        fb = <optimized out>
        nextchunk = 0x55b60fd8eb50
        nextsize = 112
        nextinuse = <optimized out>
        prevsize = <optimized out>
        bck = 0x7f22d67f1ce0 <main_arena+96>
        fwd = <optimized out>
        __PRETTY_FUNCTION__ = "_int_free"
#7  0x00007f22d66b616f in __GI___libc_free (mem=<optimized out>) at ./malloc/malloc.c:3367
        ar_ptr = <optimized out>
        p = <optimized out>
        err = 11
#8  0x00007f22d7128232 in Poco::Util::Application::~Application (this=0x55b60fd88d50, __in_chrg=<optimized out>) at /usr/include/c++/11/ext/new_allocator.h:89
No locals.
#9  0x000055b60f097c7f in ProjectMSDLApplication::~ProjectMSDLApplication() ()
No symbol table info available.
#10 0x000055b60f09213e in main ()
No symbol table info available.

I think this one might actually have crashed on exit (not while playing), but if it's a memory corruption that free() only detects on exit, I supposed it might have happened earlier (might be worth checking with Valgrind?).

Cheers

kblaschke commented 8 months ago

Thanks for the report!

Which Poco library version are you using to build the application? There was a bug in a few Poco releases (1.10 to 1.11.1, inclusive) which I reported upstream, causing issues with freeing the command line options too early during parsing and then crashing the application in the destructor, which is what I can see in your crash report as well. Due to the nature of the issue, there's also a possibility of use-after-free which can lead to further heap corruption, crashing the application randomly.

If you're using one of the affected Poco versions, please either downgrade to Poco 1.9.x or upgrade to 1.11.2 or later, all of them don't have the issue. Some Linux distros still have the broken versions, so you'd need to either link Poco statically or set RPATH accordingly so your application always uses your self-built .so files.

tux3 commented 8 months ago

I have Poco 1.11.0-3+b1 from Debian sid.

So that's probably it, thank you! =)