I have a problem using Google V8 in linux. If I create a V8 instance in my shared library, I get a segfault. The same code works fine in a Windows DLL and in a linux executable.
My code:
extern "C" void InitV8ExtensionInterFace(){
v8::V8::InitializeICU();
v8::V8::Initialize();
v8::Isolate* isolate = v8::Isolate::New(); **//error occur**
threadfunc(argc, args);
}
gdb stack trace:
#0 0x0000000000000000 in ?? ()
#1 0x00007ffff3cb86d5 in v8::internal::Builtins::SetUp (this=0x7fffffffb9e0, isolate=0x235abb0, create_heap_objects=false) at ../src/builtins.cc:1567
#2 0x00007ffff3e271cf in v8::internal::Isolate::Init (this=0x235abb0, des=0x0) at ../src/isolate.cc:2115
#3 0x00007ffff3c96049 in v8::Isolate::New (params=...) at ../src/api.cc:6861
#4 0x00007ffff3b78d40 in InitV8ExtensionInterFace () at ../Framework/ExPublic.cpp:107
#5 0x00000000004729db in myTest1 () at arangod/RestServer/arangod.cpp:106
#6 0x0000000000472a50 in main (argc=1, argv=0x7fffffffe118) at arangod/RestServer/arangod.cpp:126
It appears that in the V8 function void Builtins::SetUp(Isolate* isolate, bool create_heap_objects), the array functions is empty. If I initialize v8::Platform, the error will occur in code V8::InitializePlatform(platform):
extern "C" void InitV8ExtensionInterFace(){
v8::V8::InitializeICU();
v8::Platform* platform = v8::platform::CreateDefaultPlatform();
v8::V8::InitializePlatform(platform); **//error occur**
v8::V8::Initialize();
v8::Isolate* isolate = v8::Isolate::New();
threadfunc(argc, args);
}
gdb stack trace:
1: V8_Fatal
2: v8::internal::V8::InitializePlatform(v8::Platform*)
3: InitV8ExtensionInterFace
4: 0x4aab60
5: 0x4aacf1
6: 0x5f4532
7: 0x47c32b
8: 0x474498
9: 0x472ae1
10: __libc_start_main
11: 0x4726f9
Thread 1 received signal SIGABRT, Aborted.
0x00007ffff66595e5 in raise () from /lib64/libc.so.6
(gdb) where
#0 0x00007ffff66595e5 in raise () from /lib64/libc.so.6
#1 0x00007ffff665adc5 in abort () from /lib64/libc.so.6
#2 0x00007fffc6e7d9c9 in v8::base::OS::Abort () at ../src/base/platform/platform-posix.cc:233
#3 0x00007fffc6e7b586 in V8_Fatal (file=0x7fffc703f535 "../src/v8.cc", line=107, format=0x7fffc6ffe77a "Check failed: %s.") at ../src/base/logging.cc:116
#4 0x00007fffc6cbd909 in v8::internal::V8::InitializePlatform (platform=0x267d840) at ../src/v8.cc:107
#5 0x00007fffc690bc8b in InitV8ExtensionInterFace () at ../Framework/ExPublic.cpp:98
#6 0x00000000004aab60 in myTest () at arangod/V8Server/ApplicationV8.cpp:1068
#7 0x00000000004aacf1 in triagens::arango::ApplicationV8::prepare2 (this=0x2378310) at arangod/V8Server/ApplicationV8.cpp:1093
#8 0x00000000005f4532 in triagens::rest::ApplicationServer::prepare2 (this=0x2377000) at arangod/ApplicationServer/ApplicationServer.cpp:525
#9 0x000000000047c32b in triagens::arango::ArangoServer::startupServer (this=0x2375330) at arangod/RestServer/ArangoServer.cpp:1009
#10 0x0000000000474498 in triagens::rest::AnyServer::start (this=0x2375330) at arangod/Rest/AnyServer.cpp:347
#11 0x0000000000472ae1 in main (argc=1, argv=0x7fffffffe118) at arangod/RestServer/arangod.cpp:139
I get "4.3.61" at runtime with v8::V8::GetVersion.
This problem has troubled me for several days, Very much hope that someone will give me help, thank you.
You're missing a call to V8::InitializeExternalStartupData(), see the Get Started tutorials.
int main(int argc, char* argv[])
{
// Initialize V8.
V8::InitializeICU();
V8::InitializeExternalStartupData(argv[0]);
Platform* platform = platform::CreateDefaultPlatform();
V8::InitializePlatform(platform);
V8::Initialize();
// ...
}
You will need to copy natives_blob.bin and snapshot_blob.bin alongside your executable. They should be somewhere with the V8 binaries.
Looking at your edits with a better stack trace, you're running into two very different problems. Your first crash (the empty functions array) is because you're not calling CreateDefaultPlatform(), which is mandatory.
The second crash is inside InitializePlatform() on this line:
void V8::InitializePlatform(v8::Platform* platform) {
CHECK(!platform_); // <- here
CHECK(platform);
platform_ = platform;
}
This check is to make sure the default platform is only created once. It appears that you're calling InitializePlatform() twice. You can try putting a breakpoint in it to figure out where it gets called from.
Related
I'm building a simple utility program that queries a mysql database, and uses regex to isolate strings in the table data.
I'm using MariaDB c++/connector, and the latest versions of MariaDB. The code was copied from the MariaDB website. I have simplified the software to illustrate the problem. See below:
// g++ -o mariadb_connect mariadb_connect.cpp -lmariadbcpp
// From https://mariadb.com/docs/clients/connector-cpp/
// with three additional lines that cause segfault
#include <iostream>
#include <mariadb/conncpp.hpp>
#include <regex> // <-- Added to the example
int main()
{
try
{
// Instantiate Driver
sql::Driver* driver = sql::mariadb::get_driver_instance();
// Configure Connection
// The URL or TCP connection string format is
// ``jdbc:mariadb://host:port/database``.
sql::SQLString url("jdbc:mariadb://localhost:3306/??????");
// Use a properties map for the user name and password
sql::Properties properties({
{"user", "???????"},
{"password", "????????"}
});
// Establish Connection
// Use a smart pointer for extra safety
std::unique_ptr<sql::Connection> conn(driver->connect(url, properties));
// Use Connection
std::cout << "Using the connection" << std::endl; // <-- Added
std::regex regexp("(faststatic.com)(.*)"); // <-- Added (Causes segfault)
// Close Connection
conn->close();
}
// Catch Exceptions
catch (sql::SQLException& e)
{
std::cout << "Error Connecting to MariaDB Platform: "
<< e.what() << std::endl;
// Exit (Failed)
return 1;
}
// Exit (Success)
return 0;
}
(???? used for private data)
Compiled with g++ on an AWS EC2 instance running Amazon Linux 2 AMI.
Compiles fine and runs fine until I added the std::regex regexp(...)
line. It still compiles fine with the addition, but on execution calls
a segfault.
I have used gdb which provides the following output with breakpoint set
to main.
(gdb) b main
Breakpoint 1 at 0x40404b: file mariadb_connect.cpp, line 15.
(gdb) run
Starting program: /home/msellers/proj/preload_images/spike/mariadb_connect
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Program received signal SIGSEGV, Segmentation fault.
0x000000000064a588 in ?? ()
Here is the output of the gdb bt command after the segfault:
(gdb) bt
#0 0x000000000064a588 in ?? ()
#1 0x0000000000409155 in std::__detail::_Scanner<char>::_M_scan_normal (this=0x7fffffffe018) at /usr/include/c++/7/bits/regex_scanner.tcc:119
#2 0x00000000004084a1 in std::__detail::_Scanner<char>::_M_advance (this=0x7fffffffe018) at /usr/include/c++/7/bits/regex_scanner.tcc:80
#3 0x00007ffff7c3e060 in std::__detail::_Compiler<std::regex_traits<char> >::_M_match_token (this=this#entry=0x7fffffffe000, token=std::__detail::_ScannerBase::_S_token_subexpr_begin) at /usr/local/include/c++/4.9.4/bits/regex_compiler.tcc:541
#4 0x00007ffff7c513a2 in std::__detail::_Compiler<std::regex_traits<char> >::_M_match_token (token=std::__detail::_ScannerBase::_S_token_subexpr_begin, this=0x7fffffffe000) at /usr/local/include/c++/4.9.4/bits/regex_compiler.tcc:316
#5 std::__detail::_Compiler<std::regex_traits<char> >::_M_atom (this=this#entry=0x7fffffffe000) at /usr/local/include/c++/4.9.4/bits/regex_compiler.tcc:326
#6 0x00007ffff7c515b0 in std::__detail::_Compiler<std::regex_traits<char> >::_M_term (this=0x7fffffffe000) at /usr/local/include/c++/4.9.4/bits/regex_compiler.tcc:136
#7 std::__detail::_Compiler<std::regex_traits<char> >::_M_alternative (this=0x7fffffffe000) at /usr/local/include/c++/4.9.4/bits/regex_compiler.tcc:118
#8 0x00007ffff7c51809 in std::__detail::_Compiler<std::regex_traits<char> >::_M_disjunction (this=this#entry=0x7fffffffe000) at /usr/local/include/c++/4.9.4/bits/regex_compiler.tcc:97
#9 0x00007ffff7c51e18 in std::__detail::_Compiler<std::regex_traits<char> >::_Compiler (this=0x7fffffffe000, __b=<optimized out>, __e=<optimized out>, __traits=..., __flags=<optimized out>)
at /usr/local/include/c++/4.9.4/bits/regex_compiler.tcc:82
#10 0x00007ffff7c5222d in std::__detail::__compile_nfa<std::regex_traits<char> > (__first=<optimized out>, __last=<optimized out>, __traits=..., __flags=<optimized out>) at /usr/local/include/c++/4.9.4/bits/regex_compiler.h:158
#11 0x00007ffff7c524da in std::basic_regex<char, std::regex_traits<char> >::basic_regex<char const*> (__f=<optimized out>, __last=<optimized out>, __first=<optimized out>, this=0x7ffff7dc2a40 <sql::mariadb::UrlParser::URL_PARAMETER>)
at /usr/local/include/c++/4.9.4/bits/regex.h:540
#12 std::basic_regex<char, std::regex_traits<char> >::basic_regex (this=0x7ffff7dc2a40 <sql::mariadb::UrlParser::URL_PARAMETER>, __p=<optimized out>, __f=<optimized out>) at /usr/local/include/c++/4.9.4/bits/regex.h:452
#13 0x00007ffff7c331ee in __static_initialization_and_destruction_0 (__initialize_p=1, __priority=65535) at /home/buildbot/src/src/UrlParser.cpp:34
#14 _GLOBAL__sub_I_UrlParser.cpp(void) () at /home/buildbot/src/src/UrlParser.cpp:444
#15 0x00007ffff7de7dc2 in call_init (l=<optimized out>, argc=argc#entry=1, argv=argv#entry=0x7fffffffe2b8, env=env#entry=0x7fffffffe2c8) at dl-init.c:72
#16 0x00007ffff7de7eb6 in call_init (env=0x7fffffffe2c8, argv=0x7fffffffe2b8, argc=1, l=<optimized out>) at dl-init.c:119
#17 _dl_init (main_map=0x7ffff7ffe130, argc=1, argv=0x7fffffffe2b8, env=0x7fffffffe2c8) at dl-init.c:120
#18 0x00007ffff7dd9f2a in _dl_start_user () from /lib64/ld-linux-x86-64.so.2
#19 0x0000000000000001 in ?? ()
#20 0x00007fffffffe520 in ?? ()
#21 0x0000000000000000 in ?? ()
(gdb)
Does this help?
Mark
GCC version 7.3.1
In the backtrace, we see that the crash is happening in the GCC-7 regexp implementation:
#1 0x0000000000409155 in std::__detail::_Scanner<char>::_M_scan_normal (this=0x7fffffffe018) at /usr/include/c++/7/bits/regex_scanner.tcc:119
We also see that this crash is happening while some global inside (presumably1) MariaDB connector is being initialized, while using GCC-4.9.4 version of libstdc++:
#12 std::basic_regex<char, std::regex_traits<char> >::basic_regex (this=0x7ffff7dc2a40 <sql::mariadb::UrlParser::URL_PARAMETER>, __p=<optimized out>, __f=<optimized out>) at /usr/local/include/c++/4.9.4/bits/regex.h:452
#13 0x00007ffff7c331ee in __static_initialization_and_destruction_0 (__initialize_p=1, __priority=65535) at /home/buildbot/src/src/UrlParser.cpp:34
It is exceedingly likely that this 4.9.4 vs. 7.3.1 mismatch is the cause of the crash, and that either building the app with g++-4.9.4 or building the MariaDB with g++-7.3.1 will fix the problem.
In theory GCC version of libstdc++ should be backwards compatible, but verifying ABI compatibility in C++ is quite hard, and many mistakes have been made. Also, g++4.9.4 is ancient.
Another possible solution is to build the application with clang using libc++ -- this will avoid any possibility of symbol conflicts2.
1 You can verify whether frame #13 is really coming from the MariaDB by executing these GDB commands: frame 13, info symbol $pc.
2 To achieve this, you may need to explicitly tell clang to use libc++, as it may default to using libstdc++. Use clang++ -stdlib=libc++ ... to be sure. Documentation here.
I'm debugging a process that runs really slow when is executed from gdb on Windows (mingw32), so I decided to run it until it crash without gdb, and then to attach the debugger. I've installed a signal handler for sigsegv that shows its pid and waits, so when I see the message I load gdb and use the "attach" command with that pid. The problem is that gdb shows me an useless backtrace at that point. Here's an example:
void my_sigsegv_handler(int) {
std::cerr << "Segmentation fault! pid=" << GetCurrentProcessId();
std::cin.get(); // wait for gdb
}
int main() {
signal(SIGSEGV,my_sigsegv_handler);
int *p = 0;
std::cout << *p; // boom!
}
Compiled with "mingw32-g++ -g -O0", output from gdb's command "bt" (after selecting the proper thread) is:
#0 0x764e73ea in ?? ()
#1 0x7646f489 in ?? ()
#2 0x75edc3b3 in ?? ()
#3 0x75edc2bc in ?? ()
#4 0x75edc472 in ?? ()
#5 0x00415502 in __gnu_cxx::stdio_sync_filebuf<char, std::char_traits<char> >::uflow() ()
#6 0x00434f32 in std::istream::get() ()
#7 0x004016d5 in my_sigsegv_handler () at C:\Users\usuario\zinjai\sin_titulo.cpp:8
#8 0x004010f9 in _gnu_exception_handler (exception_data=0x28fa88) at ../mingwrt-4.0.3-1-mingw32-src/src/libcrt/crt/crt1.c:137
#9 0x76469d57 in ?? ()
#10 0x77100727 in ?? ()
#11 0x770c9d45 in ?? ()
#12 0x00000000 in ?? ()
Notice that this example does not corrupt stack when generating the segfault. Actualy, I can debug it anyway, just continuing execution. If I press enter the signal handler finishes, returns to the place where it was generated (main function), and the problem is not solved, but this time gdb is there to catch it. But I'd like to now how does it really works.
If I use the same method in gnu/linux I can see what I want to see here:
#5 0x00007f6809bf349e in std::istream::get() () from /usr/lib64/libstdc++.so.6
#6 0x00000000004008cd in my_signal_handler () at /home/zaskar/.zinjai/sin_titulo.cpp:6
#7 <signal handler called>
#8 0x00000000004008f9 in main (argc=1, argv=0x7fffa0613108) at /home/zaskar/.zinjai/sin_titulo.cpp:11
So the question is, why gdb cannot show me the correct backtrace from withing the signal handler? Or what am I doing wrong? Is there any better way to solve it?
Runnning my application I get a Segmentation fault. I ran gdb to check where my code was failing but I get the following output:
Program received signal SIGSEGV, Segmentation fault.
0x39ca8000 in ?? ()
(gdb) bt
#0 0x39ca8000 in ?? ()
#1 0xb7d5df9a in sc_core::sc_port_base::complete_binding() () from /opt/systemc-2.2-rel/lib/libsystemc.so.2.2
#2 0xb7d5e104 in sc_core::sc_port_registry::complete_binding() () from /opt/systemc-2.2-rel/lib/libsystemc.so.2.2
#3 0xb7d5e13e in sc_core::sc_port_registry::elaboration_done() () from /opt/systemc-2.2-rel/lib/libsystemc.so.2.2
#4 0xb7dc669d in sc_core::sc_simcontext::elaborate() () from /opt/systemc-2.2-rel/lib/libsystemc.so.2.2
#5 0xb7dc8567 in sc_core::sc_simcontext::initialize(bool) () from /opt/systemc-2.2-rel/lib/libsystemc.so.2.2
#6 0xb7dc8b19 in sc_core::sc_simcontext::simulate(sc_core::sc_time const&) () from /opt/systemc-2.2-rel/lib/libsystemc.so.2.2
#7 0xb7dc9708 in sc_core::sc_start(sc_core::sc_time const&) () from /opt/systemc-2.2-rel/lib/libsystemc.so.2.2
#8 0x080555a8 in sc_core::sc_start (duration=40000, time_unit=sc_core::SC_MS) at /opt/systemc-2.2-rel/include/sysc/kernel/sc_simcontext.h:608
#9 0x08055119 in sc_main (argc=1, argv=0xbffff524) at module_pfn.cpp:49
#10 0xb7dbc698 in sc_elab_and_sim () from /opt/systemc-2.2-rel/lib/libsystemc.so.2.2
#11 0xb7d522e7 in main () from /opt/systemc-2.2-rel/lib/libsystemc.so.2.2
#12 0xb7a2e4d3 in __libc_start_main () from /lib/i386-linux-gnu/libc.so.6
#13 0x08054da1 in _start ()
As you can see, everything comes from a library, except the 'main' call and 'start',where I set breakpoints, but they fail immediately there. I mean:
#8 0x080555a8 in sc_core::sc_start (duration=40000, time_unit=sc_core::SC_MS) at /opt/systemc-2.2-rel/include/sysc/kernel/sc_simcontext.h:608
#9 0x08055119 in sc_main (argc=1, argv=0xbffff524) at module_pfn.cpp:49
...
(gdb) br /opt/systemc-2.2-rel/include/sysc/kernel/sc_simcontext.h:608
Breakpoint 2 at 0x8055584: file /opt/systemc-2.2-rel/include/sysc/kernel/sc_simcontext.h, line 608.
(gdb) r
Starting program: /home/guest/Solutions/eln/systemc-ams/module_pfn
...
Breakpoint 2, sc_core::sc_start (duration=40000, time_unit=sc_core::SC_MS) at /opt/systemc-2.2-rel/include/sysc/kernel/sc_simcontext.h:608
608 sc_start( sc_time( duration, time_unit ) );
(gdb) s
Program received signal SIGSEGV, Segmentation fault.
0x39ca8000 in ?? ()
And we go back to the start.
I am not able to understand where this is failing. I see there is the name of the place in which this is failing: sc_core::sc_port_base::complete_binding() and I have access to the cpp where this function can be found, but only in the source files (not the library). The problem is that I would really like to go step by step through that code, is it possible?
Thanks :)
Thanks guys!
I used a library with debug info and now I can go through the library code.
Here is the backtrace of gdb,
Program terminated with signal 11, Segmentation fault.
#0 0xb7e78830 in Gtk::Widget::get_width () from /usr/lib/libgtkmm-2.4.so.1
(gdb) bt
#0 0xb7e78830 in Gtk::Widget::get_width () from /usr/lib/libgtkmm-2.4.so.1
#1 0x08221d5d in sigc::bound_mem_functor0<bool, videoScreen>::operator() (this=0xb1c04714)
at /usr/include/sigc++-2.0/sigc++/functors/mem_fun.h:1787`enter code here`
#2 0x08221d76 in sigc::adaptor_functor<sigc::bound_mem_functor0<bool, videoScreen> >::operator() (this=0xb1c04710)
at /usr/include/sigc++-2.0/sigc++/adaptors/adaptor_trait.h:251
#3 0x08221d96 in sigc::internal::slot_call0<sigc::bound_mem_functor0<bool, videoScreen>, bool>::call_it (rep=0xb1c046f8)
at /usr/include/sigc++-2.0/sigc++/functors/slot.h:103
#4 0xb7b1ed35 in ?? () from /usr/lib/libglibmm-2.4.so.1
#5 0xb73c6bb6 in ?? () from /usr/lib/libglib-2.0.so.0
#6 0xb28ff1f8 in ?? ()
#7 0xb647479c in __pthread_mutex_unlock_usercnt () from /lib/libpthread.so.0
#8 0xb73c6446 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#9 0xb73c97e2 in ?? () from /usr/lib/libglib-2.0.so.0
#10 0xb3d11af8 in ?? ()
#11 0x00000000 in ?? ()
I figured out the line of crash,here is the code around that line.
1:currPicLoaded = 1;
2:int status = -1;
3:zoomedPicWidth = drawVideo1->get_width();
I figured out that above line is 3 is the cause of crash, but this line execute 5 times before crash.So I do not know why it does crash at 6th time.
PS : Above line of code is with in a thread which run continuously.
Any help is more than welcome :)
how should I proceed
Your very first step should be to find out which instruction caused the SIGSEGV. Do this:
(gdb) x/i $pc
The most likely cause is that your drawVideo1 object is either dangling (has been deleted), or is corrupt in some other way.
Since you are apparently on Linux (you didn't say, but you should always say), the first tool to reach for for debugging "strange" problems like this is Valgrind.
I'm having trouble figuring out the problem with my code...I'm in the early stages of prototyping a game (my first serious project). It frequently, but not always, crashes with a segmentation fault. Here's the flow of the program...
title screen - press z to start new game
player and enemy on screen...enemy takes a life when collided with, there are 4 lives.
when character's life is 0, game goes back to title screen - press z to start new game
The last step is where the crash occurs...The crash only seems to happen after the player dies and is brought back to the title screen and the player presses z to start another game, but it doesn't always crash. Through gdb, I've determined that it happens when the deconstructor for Title is called...
Here's the debug info and relevant code...I'll provide any other code/info if requested.
*** glibc detected *** /home/rzrscm/code/demogamething/game: free(): invalid pointer: 0x080c6b98 ***
//memory map info omitted
0xb7c54537 in raise () from /lib/libc.so.6
(gdb) where
#0 0xb7c54537 in raise () from /lib/libc.so.6
#1 0xb7c57922 in abort () from /lib/libc.so.6
#2 0xb7c8afbd in ?? () from /lib/libc.so.6
#3 0xb7c950ca in ?? () from /lib/libc.so.6
#4 0xb7c96918 in ?? () from /lib/libc.so.6
#5 0xb7c99a5d in free () from /lib/libc.so.6
#6 0xb7f4e776 in SDL_FreeSurface () from /usr/lib/libSDL-1.2.so.0
#7 0x0804ac7f in ~Title (this=0x80b4250, __in_chrg=<value optimized out>) at title.cpp:13
#8 0x08049d3a in GameState::load (this=0x804e368, loadState=LEVEL) at gamestate.cpp:39
#9 0x08049c5c in GameState::change (this=0x804e368, changeTo=LEVEL) at gamestate.cpp:26
#10 0x08049753 in Player::handleEvent (this=0x804e300) at player.cpp:102
#11 0x080490c8 in main () at main.cpp:27
So, what I know is that the crash occurs when it's changing states from TITLE to LEVEL...Here's the class function that unloads and loads the states...currentState is a private vector in the GameState class...
std::vector<GameState *> currentState;
void GameState::load(STATE loadState) {
if(state == TITLE) {
while(!currentState.empty()) {
delete currentState.back();
currentState.pop_back();
}
currentState.push_back(new Title());
}
else if(state == LEVEL) {
while(!currentState.empty()) {
delete currentState.back();
currentState.pop_back();
}
currentState.push_back(new Level(currentLevel));
}
}
The crash happens when the deconstructor for the Title class is called...It happens whether it's freeing the music or the image...Whichever one is the first function is the one it crashes on.
Title::~Title() {
SDL_FreeSurface(background);
Mix_FreeMusic(music);
background = NULL;
music = NULL;
}
Here's the code for the image loading function...
SDL_Surface *loadImage(std::string imageFile) {
SDL_Surface *loadedImage;
SDL_Surface *newImage;
loadedImage = IMG_Load(imageFile.c_str());
newImage = SDL_DisplayFormatAlpha(loadedImage);
SDL_FreeSurface(loadedImage);
return newImage;
}
[edit] I ran it through the debugger a couple more times without making changes to the code since I still can't find what's wrong...And each time the crash occurred while trying to free the music...
0xb7c54537 in raise () from /lib/libc.so.6
(gdb) backtrace
#0 0xb7c54537 in raise () from /lib/libc.so.6
#1 0xb7c57922 in abort () from /lib/libc.so.6
#2 0xb7c8afbd in ?? () from /lib/libc.so.6
#3 0xb7c950ca in ?? () from /lib/libc.so.6
#4 0xb7c9633e in ?? () from /lib/libc.so.6
#5 0xb79974e2 in ?? () from /usr/lib/libmikmod.so.2
#6 0xb7997640 in Player_Free () from /usr/lib/libmikmod.so.2
#7 0xb7ebb6e3 in Mix_FreeMusic () from /usr/lib/libSDL_mixer-1.2.so.0
#8 0x0804ac8d in ~Title (this=0x80c6bc0, __in_chrg=<value optimized out>) at title.cpp:14
#9 0x08049d3a in GameState::load (this=0x804e368, loadState=LEVEL) at gamestate.cpp:39
#10 0x08049c5c in GameState::change (this=0x804e368, changeTo=LEVEL) at gamestate.cpp:26
#11 0x08049753 in Player::handleEvent (this=0x804e300) at player.cpp:102
#12 0x080490c8 in main () at main.cpp:27
#5 0xb7c99a5d in free () from /lib/libc.so.6
#6 0xb7f4e776 in SDL_FreeSurface () from /usr/lib/libSDL-1.2.so.
You are probably freeing a pointer which is invalid. Now I read
free(): invalid pointer: 0x080c6b98
You might be trying to free an object which was not allocated dynamically. How does background get his value?