Devilutionx: [Linux ppc64le] SDL malloc segfault upon exiting the game

Created on 25 Apr 2020  路  5Comments  路  Source: diasurgical/devilutionX

Describe
Seems to me SDL malloc has issues when the game exits.

To Reproduce
Steps to reproduce the behavior:

  1. Fetch master branch / commit 936b618338c02408426c2a36d34471c0ac804211
  2. Start then quit the game from the main menu

Expected behavior
Clean exit with no errors

Actual behaviour
Segmentation fault

Additional context

$ coredumpctl debug 2103612
           PID: 2103612 (devilutionx)
           UID: 1000 (tle)
           GID: 1000 (tle)
        Signal: 11 (SEGV)
     Timestamp: Sat 2020-04-25 22:24:28 AEST (3min 56s ago)
  Command Line: ./devilutionx
    Executable: /home/tle/src/devilutionX/build/release/devilutionx
 Control Group: /user.slice/user-1000.slice/[email protected]/apps.slice/apps-org.gnome.Terminal.slice/vte-spawn-d902afd2-7af0-4859-bd22-c20c1fd7c7d9.scope
          Unit: [email protected]
     User Unit: vte-spawn-d902afd2-7af0-4859-bd22-c20c1fd7c7d9.scope
         Slice: user-1000.slice
     Owner UID: 1000 (tle)
       Boot ID: 29003e772cb44e319c84ccbe6ad7a138
    Machine ID: 5632f07729a648c49d05933910ac9490
      Hostname: orion.dev
       Storage: /var/lib/systemd/coredump/core.devilutionx.1000.29003e772cb44e319c84ccbe6ad7a138.2103612.1587817468000000000000.lz4
       Message: Process 2103612 (devilutionx) of user 1000 dumped core.

                Stack trace of thread 2103612:
                #0  0x00007fff84da9ce8 __GI___libc_free (libc.so.6 + 0xa9ce8)
                #1  0x00007fff8516a26c SDL_free_REAL (libSDL2-2.0.so.0 + 0xba26c)
                #2  0x00007fff8510cc28 SDL_free (libSDL2-2.0.so.0 + 0x5cc28)
                #3  0x00007fff852ac9e8 Mix_FreeChunk (libSDL2_mixer-2.0.so.0 + 0xc9e8)
                #4  0x0000000010047c18 n/a (/home/tle/src/devilutionX/build/release/devilutionx + 0x47c18)
                #5  0x0000000010047c18 n/a (/home/tle/src/devilutionX/build/release/devilutionx + 0x47c18)
                #6  0x000000001000a3c8 n/a (/home/tle/src/devilutionX/build/release/devilutionx + 0xa3c8)
                #7  0x00007fff84d280cc generic_start_main (libc.so.6 + 0x280cc)
                #8  0x00007fffda46f829 n/a (n/a + 0x0)
                #9  0x00007fffda46f829 n/a (n/a + 0x0)
                #10 0x5f00726573753d53 n/a (n/a + 0x0)

(gdb) bt
#0  __GI___libc_free (mem=0x2f6e00000000) at malloc.c:3102
#1  0x00007fff8516a26c in SDL_free_REAL (ptr=<optimized out>) at /usr/src/debug/SDL2-2.0.12-1.fc32.ppc64le/src/stdlib/SDL_malloc.c:5431
#2  0x00007fff8510cc28 in SDL_free (a=<optimized out>) at /usr/src/debug/SDL2-2.0.12-1.fc32.ppc64le/src/dynapi/SDL_dynapi_procs.h:408
#3  0x00007fff852ac9e8 in Mix_FreeChunk () from /lib64/libSDL2_mixer-2.0.so.0
#4  0x0000000010047c18 in ?? ()
#5  0x000000001000a3c8 in ?? ()
#6  0x00007fff84d280cc in generic_start_main (main=0x10009660, argc=<optimized out>, argv=0x7fffda461328, auxvec=0x7fffda461650, init=<optimized out>, 
    rtld_fini=<optimized out>, stack_end=<optimized out>, fini=<optimized out>) at ../csu/libc-start.c:308
#7  0x00007fff84d28290 in __libc_start_main (argc=<optimized out>, argv=<optimized out>, ev=<optimized out>, auxvec=<optimized out>, rtld_fini=<optimized out>, 
    stinfo=<optimized out>, stack_on_entry=<optimized out>) at ../sysdeps/unix/sysv/linux/powerpc/libc-start.c:98
#8  0x0000000000000000 in ?? ()

Most helpful comment

I could not reproduce the bug anymore so it's seems to me the patch did address the issue

All 5 comments

better to give a hash then date and branch

better to give a hash then date and branch

Description updated

Here, on x86, it also has problem with cleanup. But to reproduce it (every time) i need more steps:

  1. start game (does not seem to matter if it's a single or multi player one)
  2. go to Griswold (blacksmith) and start conversation with him, asking about gossip
  3. as soon as he starts talking, hit ESC (cancel conversation), go to main menu and quit game

NPC does not seem to matter. I have a single player game saved, where character is right next to Adria (witch). Cleanup errors show up after i load the game, talk to her, ask about gossip and quit game.

Cancelling gossip before whole talk is finished does not seem to matter either. I waited whole thing (sound stopped, text scrolled out of window, window disappeared and i was back at the NPC menu) before quitting game and it still crashed anyway.

Thing is that from time to time, error message is different. So it can be one of:

1.

double free or corruption (out)
Aborted (core dumped)

2.

[xcb] Unknown sequence number while processing queue
[xcb] Most likely this is a multi-threaded client and XInitThreads has not been called
[xcb] Aborting, sorry about that.
devilutionx: xcb_io.c:260: poll_for_event: Assertion `!xcb_xlib_threads_sequence_lost' failed.
Aborted (core dumped)

3.

free(): double free detected in tcache 2
Aborted (core dumped)

4.

corrupted size vs. prev_size in fastbins
Aborted (core dumped)

5.

Segmentation fault (core dumped)

Sometimes, after cleanup error, game seems to forget that i already played, and repeats into video on next launch.

All errors seem to point to some memory corruption related to playing sound for NPC (but only longer sound, as the regular "hello" does not seem to matter).

I tried commenting out all content of free_game() function:
https://github.com/diasurgical/devilutionX/blob/515ac145c567990d6175768f7d677eae7c0f81b9/Source/diablo.cpp#L252
but it does not seem to change anything.
So i commented out call to PlaySFX: https://github.com/diasurgical/devilutionX/blob/9ba87895ae03ea177b6553cd67a7741d950367cc/Source/minitext.cpp#L84. That stopped errors from happening.
Later uncommented it but added call to stream_stop at various places but that did not help :(.

This should now be solved, please test and report back if it is still an issue.

I could not reproduce the bug anymore so it's seems to me the patch did address the issue

Was this page helpful?
0 / 5 - 0 ratings

Related issues

rsn8887 picture rsn8887  路  14Comments

julealgon picture julealgon  路  16Comments

liberodark picture liberodark  路  28Comments

Chance4us picture Chance4us  路  27Comments

julealgon picture julealgon  路  16Comments