Issue647

Title game freezes after stepping over map label
Priority critical Status resolved
Assigned To Keywords
Linked issues warning stepping over map label
View: 643
Watchers tomreyn

Submitted on 2013-02-09 15h42 by matthiaskrgr, last changed by matthiaskrgr.

Files
File name Uploaded Type Edit Remove
valgrind.tar.gz matthiaskrgr, 2013-03-31.07:17:14 application/gzip
Messages
Author: matthiaskrgr Date: 2013-02-09   15h42
go to levle 40 and enter level 35 using the hidden entry.
talk to SADD, get the dilithium quest and solve it.
then go through the corridor which will trigger the guns and break the walls,
enter through the walls and talk to tania  ( there will be a start_chat with
sadd involved)
(probably you have to talk to tania again here)
if you then go back to sadd triggering the map label, the game should freeze
giving you something like

*** Error in `./src': double free or corruption (!prev): 0x000000000301c680 ***
Author: matthiaskrgr Date: 2013-02-09   15h48
Now it just appeared as I entered the menu from a savegame
Author: tomreyn Date: 2013-02-09   15h55
My traces, created, by the time the game has frozen, using:
LANG=C sudo gdb -q -n -ex 'bt' -batch ./freedroidRPG `pgrep freedroid` >
/tmp/freedroid 2>&1

(1)
[New LWP 18220]
[New LWP 18218]
[New LWP 18217]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
__lll_lock_wait_private () at
../nptl/sysdeps/unix/sysv/linux/x86_64/lowlevellock.S:93
93	../nptl/sysdeps/unix/sysv/linux/x86_64/lowlevellock.S: No such file or directory.
#0  __lll_lock_wait_private () at
../nptl/sysdeps/unix/sysv/linux/x86_64/lowlevellock.S:93
#1  0x00007fd650aa2231 in _L_lock_10656 () at malloc.c:5220
#2  0x00007fd650a9ffb7 in __GI___libc_malloc (bytes=140558456411968) at
malloc.c:2921
#3  0x00007fd6522bb910 in _dl_map_object_deps (map=0x3e7b820,
preloads=<optimized out>, npreloads=<optimized out>, trace_mode=0,
open_mode=-2147483648) at dl-deps.c:517
#4  0x00007fd6522c18b9 in dl_open_worker (a=0x7fff812763f0) at dl-open.c:262
#5  0x00007fd6522bd186 in _dl_catch_error (objname=0x7fff81276438,
errstring=0x7fff81276440, mallocedp=0x7fff8127644f, operate=0x7fd6522c1710
<dl_open_worker>, args=0x7fff812763f0) at dl-error.c:178
#6  0x00007fd6522c132a in _dl_open (file=0x7fd650b962b8 "libgcc_s.so.1",
mode=-2147483647, caller_dlopen=0x7fd650b27925 <init+21>, nsid=-2, argc=1,
argv=<optimized out>, env=0x3e4f8c0) at dl-open.c:639
#7  0x00007fd650b4d632 in do_dlopen (ptr=0x7fff812765f0) at dl-libc.c:89
#8  0x00007fd6522bd186 in _dl_catch_error (objname=0x7fff81276620,
errstring=0x7fff81276610, mallocedp=0x7fff8127662f, operate=0x7fd650b4d5f0
<do_dlopen>, args=0x7fff812765f0) at dl-error.c:178
#9  0x00007fd650b4d6f4 in dlerror_run (args=0x7fff812765f0,
operate=0x7fd650b4d5f0 <do_dlopen>) at dl-libc.c:48
#10 __GI___libc_dlopen_mode (name=<optimized out>, mode=<optimized out>) at
dl-libc.c:165
#11 0x00007fd650b27925 in init () at ../sysdeps/x86_64/../ia64/backtrace.c:53
#12 0x00007fd650de9400 in pthread_once () at
../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_once.S:104
#13 0x00007fd650b27a44 in __GI___backtrace (array=<optimized out>, size=64) at
../sysdeps/x86_64/../ia64/backtrace.c:104
#14 0x00007fd650a913af in __libc_message (do_abort=2, fmt=0x7fd650b9b028 "***
glibc detected *** %s: %s: 0x%s ***\n") at
../sysdeps/unix/sysv/linux/libc_fatal.c:180
#15 0x00007fd650a9bb96 in malloc_printerr (action=3, str=0x7fd650b97916
"corrupted double-linked list", ptr=<optimized out>) at malloc.c:5018
#16 0x00007fd650a9e650 in _int_malloc (av=0x7fd650dd5740 <main_arena>,
bytes=1024) at malloc.c:3806
#17 0x00007fd650a9ffc5 in __GI___libc_malloc (bytes=bytes@entry=1024) at
malloc.c:2924
#18 0x00000000004189ba in RunSubMenu (startup=startup@entry=0,
menu_id=menu_id@entry=1) at menu.c:727
#19 0x0000000000419c8e in RunMenu (is_startup=0) at menu.c:764
#20 EscapeMenu () at menu.c:775
#21 0x000000000044c988 in input_key (keynum=keynum@entry=40, value=1) at
keyboard.c:678
#22 0x000000000044c9e7 in input_key_event (mod=KMOD_NONE, key=SDLK_ESCAPE,
value=<optimized out>) at keyboard.c:812
#23 input_key_press (event=event@entry=0x7fff812778e0) at keyboard.c:820
#24 0x000000000044ab08 in input_handle () at input.c:119
#25 0x000000000044d3e9 in Game () at main.c:89
#26 0x000000000041642a in main (argc=1, argv=<optimized out>) at main.c:182

(2)
[New LWP 26944]
[New LWP 26942]
[New LWP 26941]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
__lll_lock_wait_private () at
../nptl/sysdeps/unix/sysv/linux/x86_64/lowlevellock.S:93
93	../nptl/sysdeps/unix/sysv/linux/x86_64/lowlevellock.S: No such file or directory.
#0  __lll_lock_wait_private () at
../nptl/sysdeps/unix/sysv/linux/x86_64/lowlevellock.S:93
#1  0x00007f6ed02e2231 in _L_lock_10656 () at malloc.c:5220
#2  0x00007f6ed02dffb7 in __GI___libc_malloc (bytes=140113919170368) at
malloc.c:2921
#3  0x00007f6ed1afb910 in _dl_map_object_deps (map=0x41c1810,
preloads=<optimized out>, npreloads=<optimized out>, trace_mode=0,
open_mode=-2147483648) at dl-deps.c:517
#4  0x00007f6ed1b018b9 in dl_open_worker (a=0x7fff1c1e3a40) at dl-open.c:262
#5  0x00007f6ed1afd186 in _dl_catch_error (objname=0x7fff1c1e3a88,
errstring=0x7fff1c1e3a90, mallocedp=0x7fff1c1e3a9f, operate=0x7f6ed1b01710
<dl_open_worker>, args=0x7fff1c1e3a40) at dl-error.c:178
#6  0x00007f6ed1b0132a in _dl_open (file=0x7f6ed03d62b8 "libgcc_s.so.1",
mode=-2147483647, caller_dlopen=0x7f6ed0367925 <init+21>, nsid=-2, argc=1,
argv=<optimized out>, env=0x41958b0) at dl-open.c:639
#7  0x00007f6ed038d632 in do_dlopen (ptr=0x7fff1c1e3c40) at dl-libc.c:89
#8  0x00007f6ed1afd186 in _dl_catch_error (objname=0x7fff1c1e3c70,
errstring=0x7fff1c1e3c60, mallocedp=0x7fff1c1e3c7f, operate=0x7f6ed038d5f0
<do_dlopen>, args=0x7fff1c1e3c40) at dl-error.c:178
#9  0x00007f6ed038d6f4 in dlerror_run (args=0x7fff1c1e3c40,
operate=0x7f6ed038d5f0 <do_dlopen>) at dl-libc.c:48
#10 __GI___libc_dlopen_mode (name=<optimized out>, mode=<optimized out>) at
dl-libc.c:165
#11 0x00007f6ed0367925 in init () at ../sysdeps/x86_64/../ia64/backtrace.c:53
#12 0x00007f6ed0629400 in pthread_once () at
../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_once.S:104
#13 0x00007f6ed0367a44 in __GI___backtrace (array=<optimized out>, size=64) at
../sysdeps/x86_64/../ia64/backtrace.c:104
#14 0x00007f6ed02d13af in __libc_message (do_abort=2, fmt=0x7f6ed03db028 "***
glibc detected *** %s: %s: 0x%s ***\n") at
../sysdeps/unix/sysv/linux/libc_fatal.c:180
#15 0x00007f6ed02dbb96 in malloc_printerr (action=3, str=0x7f6ed03d7916
"corrupted double-linked list", ptr=<optimized out>) at malloc.c:5018
#16 0x00007f6ed02de650 in _int_malloc (av=0x7f6ed0615740 <main_arena>,
bytes=5120) at malloc.c:3806
#17 0x00007f6ed02dffc5 in __GI___libc_malloc (bytes=5120) at malloc.c:2924
#18 0x0000000000492381 in luaM_realloc_ ()
#19 0x000000000049769e in luaH_resize ()
#20 0x0000000000497a9e in luaH_newkey ()
#21 0x000000000049ef1a in luaX_newstring ()
#22 0x000000000049fcc7 in llex ()
#23 0x000000000049fe19 in luaX_next ()
#24 0x0000000000493853 in str_checkname ()
#25 0x0000000000493943 in singlevar ()
#26 0x0000000000494365 in suffixedexp ()
#27 0x00000000004951c0 in subexpr ()
#28 0x00000000004959b4 in explist ()
#29 0x00000000004940fa in funcargs ()
#30 0x0000000000494359 in suffixedexp ()
#31 0x000000000049440c in statement ()
#32 0x0000000000494e77 in statlist ()
#33 0x0000000000495fbc in test_then_block ()
#34 0x00000000004947ad in statement ()
#35 0x0000000000494e77 in statlist ()
#36 0x0000000000495fbc in test_then_block ()
#37 0x00000000004947ad in statement ()
#38 0x0000000000494e77 in statlist ()
#39 0x0000000000495fbc in test_then_block ()
#40 0x00000000004947ad in statement ()
#41 0x0000000000494e77 in statlist ()
#42 0x000000000049618e in luaY_parser ()
#43 0x000000000048ee53 in f_parser ()
#44 0x000000000048ef4b in luaD_rawrunprotected ()
#45 0x000000000048fb25 in luaD_pcall ()
#46 0x000000000048fc1a in luaD_protectedparser ()
#47 0x000000000048d847 in lua_load ()
#48 0x000000000049c71a in luaL_loadbufferx ()
#49 0x0000000000428a05 in load_lua_coroutine (target=target@entry=LUA_DIALOG,
code=0x6e78e00 "\n\tbranch_to_pendragon = false\n\tshow(90)\n\tif
(Koan_murdered) then\n\t\tnpc_says(_\"You just killed
him!\")\n\t\tnpc_says(_\"How could you?\")\n\t\tnpc_says(_\"You
murderer!\")\n\t\tnpc_faction(\"crazy\", _\"Tania - Avengin"...) at lua.c:1381
#50 0x000000000045aeeb in run_chat () at chat.c:883
#51 ChatWithFriendlyDroid (ChatDroid=<optimized out>) at chat.c:966
#52 0x000000000043ed9c in check_for_droids_to_attack_or_talk_with () at influ.c:1556
#53 0x000000000043f5fb in AnalyzePlayersMouseClick () at influ.c:1647
#54 move_tux () at influ.c:743
#55 0x000000000044d41f in Game () at main.c:106
#56 0x000000000041642a in main (argc=1, argv=<optimized out>) at main.c:182
Author: matthiaskrgr Date: 2013-03-08   16h52
Still reproducible with  be6aedfe516e066c841da0978512fd2d20f0816b
Author: matthiaskrgr Date: 2013-03-08   20h05
This could be related to loading(/freeing?) npc animations.
Author: ahuillet Date: 2013-03-30   22h32
Can you please try to reproduce the issue when running inside valgrind?
Alternatively and when GCC 4.8 lands in your distribution, you may want to try
the new address sanitizer tool.
Author: matthiaskrgr Date: 2013-03-31   07h17
With my new (faster) laptop I'm not sure if I can still reproduce the issue.
Perhaps the bug was somehow fixed in between? 

2ea8f087a3e308ebea8274885616389e34c9c416

Valgrind log attached.

Attached valgrind.tar.gz.
Author: matthiaskrgr Date: 2013-08-29   15h30
Should be fixed by now. Please reopen if not. :)
History
Date User Action Args
2013-08-29 15:30:00matthiaskrgrsetstatus: open -> resolved
messages: + msg2538
2013-03-31 07:17:14matthiaskrgrsetfiles: + valgrind.tar.gz
messages: + msg2473
2013-03-30 22:32:40ahuilletsetmessages: + msg2466
2013-03-08 20:05:58matthiaskrgrsetmessages: + msg2463
2013-03-08 16:52:29matthiaskrgrsetmessages: + msg2459
2013-02-09 15:55:16tomreynsetmessages: + msg2437
2013-02-09 15:48:41matthiaskrgrsetmessages: + msg2436
2013-02-09 15:42:42matthiaskrgrcreate