Bugs and complaints on current master

**kandrc** · December 28, 2016, 18:29

And a similar one here:

Code:

angband: effects.c:2694: effect_handler_TELEPORT: Assertion `context->origin.what == SRC_MONSTER' failed.

Program received signal SIGABRT, Aborted.
0x00007ffff6d7f979 in raise () from /lib64/libc.so.6
(gdb) bt
#0  0x00007ffff6d7f979 in raise () from /lib64/libc.so.6
#1  0x00007ffff6d81088 in abort () from /lib64/libc.so.6
#2  0x00007ffff6d78966 in __assert_fail_base () from /lib64/libc.so.6
#3  0x00007ffff6d78a12 in __assert_fail () from /lib64/libc.so.6
#4  0x00000000004164bc in effect_handler_TELEPORT (context=0x7fffffffd880)
    at effects.c:2694
#5  0x0000000000419e54 in effect_do (effect=0x87c048, origin=..., obj=0x0, 
    ident=0x7fffffffd94f, aware=false, dir=0, beam=0, boost=0)
    at effects.c:4486
#6  0x00000000004a10df in hit_trap (y=13, x=122) at trap.c:433
#7  0x000000000040c083 in do_cmd_disarm_aux (y=13, x=122) at cmd-cave.c:750
#8  0x000000000040c53b in do_cmd_alter_aux (dir=6) at cmd-cave.c:878
#9  0x000000000040c739 in move_player (dir=6, disarm=true) at cmd-cave.c:933
#10 0x000000000040cf7c in do_cmd_walk (cmd=0x74bcb0 <cmd_queue+880>)
    at cmd-cave.c:1125
#11 0x000000000040d9b5 in process_command (ctx=CMD_GAME, 
    cmd=0x74bcb0 <cmd_queue+880>) at cmd-core.c:222
#12 0x000000000040daae in cmdq_pop (c=CMD_GAME) at cmd-core.c:250
#13 0x000000000041bd86 in process_player () at game-world.c:666
#14 0x000000000041c3ab in run_game_loop () at game-world.c:860
#15 0x00000000004ae2d3 in play_game (new_game=false) at ui-game.c:433
#16 0x00000000004e662d in main (argc=1, argv=0x7fffffffdc48) at main.c:524
(gdb)

**kandrc** · December 28, 2016, 19:17

Code:

*** Error in `/home/someuser/angband/src/angband': corrupted double-linked list: 0x0000000000d88600 ***
bt
^C
Program received signal SIGINT, Interrupt.
0x00007ffff6e5138b in __lll_lock_wait_private () from /lib64/libc.so.6
(gdb) b5
Undefined command: "b5".  Try "help".
(gdb) bt
#0  0x00007ffff6e5138b in __lll_lock_wait_private () from /lib64/libc.so.6
#1  0x00007ffff6dce24a in _L_lock_12669 () from /lib64/libc.so.6
#2  0x00007ffff6dcb975 in malloc () from /lib64/libc.so.6
#3  0x00007ffff7ddf2b6 in open_path () from /lib64/ld-linux-x86-64.so.2
#4  0x00007ffff7de1905 in _dl_map_object () from /lib64/ld-linux-x86-64.so.2
#5  0x00007ffff7ded387 in dl_open_worker () from /lib64/ld-linux-x86-64.so.2
#6  0x00007ffff7de8924 in _dl_catch_error () from /lib64/ld-linux-x86-64.so.2
#7  0x00007ffff7decc7b in _dl_open () from /lib64/ld-linux-x86-64.so.2
#8  0x00007ffff6e7e752 in do_dlopen () from /lib64/libc.so.6
#9  0x00007ffff7de8924 in _dl_catch_error () from /lib64/ld-linux-x86-64.so.2
#10 0x00007ffff6e7e812 in __libc_dlopen_mode () from /lib64/libc.so.6
#11 0x00007ffff6e57981 in backtrace () from /lib64/libc.so.6
#12 0x00007ffff6dc12a4 in __libc_message () from /lib64/libc.so.6
#13 0x00007ffff6dc7e85 in malloc_consolidate () from /lib64/libc.so.6
#14 0x00007ffff6dc8836 in _int_free () from /lib64/libc.so.6
#15 0x00000000004e5a8a in mem_free (p=0xc63f58) at z-virt.c:65
#16 0x000000000046f8a3 in object_free (obj=0xc63f58) at obj-pile.c:216
#17 0x000000000046fb72 in object_delete (obj_address=0x7fffffffd990)
    at obj-pile.c:268
#18 0x000000000046fbad in object_pile_free (obj=0xc63f58) at obj-pile.c:281
#19 0x0000000000403e10 in cave_free (c=0xc9cba8) at cave.c:171
#20 0x000000000041e03c in cave_clear (c=0xc9cba8, p=0x9bd0a8) at generate.c:827
#21 0x000000000041e6b1 in cave_generate (c=0x74b900 <cave>, p=0x9bd0a8)
---Type <return> to continue, or q <return> to quit---
    at generate.c:951
#22 0x000000000041c312 in run_game_loop () at game-world.c:840
#23 0x00000000004ae2d3 in play_game (new_game=false) at ui-game.c:433
#24 0x00000000004e662d in main (argc=1, argv=0x7fffffffdc48) at main.c:524
(gdb) up
#1  0x00007ffff6dce24a in _L_lock_12669 () from /lib64/libc.so.6
(gdb) 
#2  0x00007ffff6dcb975 in malloc () from /lib64/libc.so.6
(gdb) 
#3  0x00007ffff7ddf2b6 in open_path () from /lib64/ld-linux-x86-64.so.2
(gdb) 
#4  0x00007ffff7de1905 in _dl_map_object () from /lib64/ld-linux-x86-64.so.2
(gdb) 
#5  0x00007ffff7ded387 in dl_open_worker () from /lib64/ld-linux-x86-64.so.2
(gdb) 
#6  0x00007ffff7de8924 in _dl_catch_error () from /lib64/ld-linux-x86-64.so.2
(gdb) 
#7  0x00007ffff7decc7b in _dl_open () from /lib64/ld-linux-x86-64.so.2
(gdb) 
#8  0x00007ffff6e7e752 in do_dlopen () from /lib64/libc.so.6
(gdb) 
#9  0x00007ffff7de8924 in _dl_catch_error () from /lib64/ld-linux-x86-64.so.2
(gdb) 
#10 0x00007ffff6e7e812 in __libc_dlopen_mode () from /lib64/libc.so.6
(gdb) 
#11 0x00007ffff6e57981 in backtrace () from /lib64/libc.so.6
(gdb) 
#12 0x00007ffff6dc12a4 in __libc_message () from /lib64/libc.so.6
(gdb) 
#13 0x00007ffff6dc7e85 in malloc_consolidate () from /lib64/libc.so.6
(gdb) 
#14 0x00007ffff6dc8836 in _int_free () from /lib64/libc.so.6
(gdb) 
#15 0x00000000004e5a8a in mem_free (p=0xc63f58) at z-virt.c:65
65              free((char *)p - sizeof(size_t));
(gdb) 
#16 0x000000000046f8a3 in object_free (obj=0xc63f58) at obj-pile.c:216
216             mem_free(obj);
(gdb) 
#17 0x000000000046fb72 in object_delete (obj_address=0x7fffffffd990)
    at obj-pile.c:268
268             object_free(obj);
(gdb) print obj
$4 = (struct object *) 0xc63f58
(gdb) print *obj
$5 = {kind = 0xd97bb0, ego = 0x0, artifact = 0x0, prev = 0x0, next = 0x0, 
  known = 0x0, oidx = 56, iy = 9 '\t', ix = 132 '\204', tval = 32 ' ', 
  sval = 3 '\003', pval = 435, weight = 0, dd = 0 '\000', ds = 0 '\000', 
  ac = 0, to_a = 0, to_h = 0, to_d = 0, flags = "\000\000\000\000", 
  modifiers = {0 <repeats 13 times>}, el_info = {{res_level = 0, 
      flags = 0 '\000'} <repeats 25 times>}, brands = 0x0, slays = 0x0, 
  curses = 0x0, effect = 0x0, effect_msg = 0x0, activation = 0x0, time = {
    base = 0, dice = 0, sides = 0, m_bonus = 0}, timeout = 0, 
  number = 1 '\001', notice = 0 '\000', held_m_idx = 0, mimicking_m_idx = 0, 
  origin = 1 '\001', origin_depth = 34 '"', origin_race = 0x0, note = 0}
(gdb) print *obj->kind
$6 = {name = 0x0, text = 0x10a1 <Address 0x10a1 out of bounds>, 
  base = 0xc63f40, next = 0xca1d30, kidx = 0, tval = 0, sval = 0, pval = {
    base = 0, dice = 12992320, sides = 0, m_bonus = -149895240}, to_h = {
    base = 32767, dice = 0, sides = 0, m_bonus = 0}, to_d = {base = 0, 
    dice = 12992320, sides = 0, m_bonus = -149895240}, to_a = {base = 32767, 
    dice = 0, sides = 0, m_bonus = 0}, ac = 0, dd = 12992320, ds = 0, 
  weight = -149895240, cost = 32767, flags = "\000\000\000\000", 
  kind_flags = "\000", modifiers = {{base = 0, dice = 0, sides = 12992320, 
      m_bonus = 0}, {base = -149895240, dice = 32767, sides = 0, m_bonus = 0}, 
    {base = 0, dice = 0, sides = 12992320, m_bonus = 0}, {base = -149895240, 
      dice = 32767, sides = 0, m_bonus = 0}, {base = 0, dice = 0, 
      sides = 12992320, m_bonus = 0}, {base = -149895240, dice = 32767, 
      sides = 0, m_bonus = 0}, {base = 0, dice = 0, sides = 12992320, 
      m_bonus = 0}, {base = -149895240, dice = 32767, sides = 0, m_bonus = 0}, 
    {base = 0, dice = 0, sides = 12992320, m_bonus = 0}, {base = -149895240, 
      dice = 32767, sides = 0, m_bonus = 0}, {base = 0, dice = 0, 
      sides = 12992320, m_bonus = 0}, {base = -149895240, dice = 32767, 
      sides = 0, m_bonus = 0}, {base = 0, dice = 0, sides = 12992320, 
      m_bonus = 0}}, el_info = {{res_level = -14408, flags = 16 '\020'}, {
      res_level = 32767, flags = 0 '\000'}, {res_level = 0, flags = 0 '\000'}, 
    {res_level = 0, flags = 0 '\000'}, {res_level = 0, flags = 0 '\000'}, {
      res_level = 0, flags = 0 '\000'}, {res_level = 16192, 
      flags = 198 '\306'}, {res_level = 0, flags = 0 '\000'}, {
---Type <return> to continue, or q <return> to quit---
      res_level = -14408, flags = 16 '\020'}, {res_level = 32767, 
      flags = 0 '\000'}, {res_level = 0, flags = 0 '\000'}, {res_level = 0, 
      flags = 0 '\000'}, {res_level = 0, flags = 0 '\000'}, {res_level = 0, 
      flags = 0 '\000'}, {res_level = 16192, flags = 198 '\306'}, {
      res_level = 0, flags = 0 '\000'}, {res_level = -14408, 
      flags = 16 '\020'}, {res_level = 32767, flags = 0 '\000'}, {
      res_level = 0, flags = 0 '\000'}, {res_level = 0, flags = 0 '\000'}, {
      res_level = 0, flags = 0 '\000'}, {res_level = 0, flags = 0 '\000'}, {
      res_level = 16192, flags = 198 '\306'}, {res_level = 0, 
      flags = 0 '\000'}, {res_level = -14408, flags = 16 '\020'}}, 
  brands = 0x0, slays = 0x0, curses = 0xc63f40, d_attr = 184 '\270', 
  d_char = 32767 L'ç&#191;&#191;', alloc_prob = 0, alloc_min = 0, alloc_max = 0, 
  level = 0, effect = 0xc63f40, power = -149895240, effect_msg = 0x0, time = {
    base = 0, dice = 0, sides = 12992320, m_bonus = 0}, charge = {
    base = -149895240, dice = 32767, sides = 0, m_bonus = 0}, 
  gen_mult_prob = 0, stack_size = {base = 0, dice = 12992320, sides = 0, 
    m_bonus = -149895240}, flavor = 0x0, note_aware = 0, 
  note_unaware = 12992320, aware = 184, tried = 199, ignore = 16 '\020', 
  everseen = 247}
(gdb)

**kandrc** · December 28, 2016, 20:58

And another (this one when recalling from town back down):

Code:

Program received signal SIGSEGV, Segmentation fault.
0x000000000049a955 in wr_string (
    str=0x7ffff7000000 <Address 0x7ffff7000000 out of bounds>)
    at savefile.c:252
252             while (*str)
(gdb) bt
#0  0x000000000049a955 in wr_string (
    str=0x7ffff7000000 <Address 0x7ffff7000000 out of bounds>)
    at savefile.c:252
#1  0x0000000000498cc6 in wr_messages () at save.c:317
#2  0x000000000049ab84 in try_save (file=0xdea988) at savefile.c:336
#3  0x000000000049af76 in savefile_save (
    path=0x76d7c0 <savefile> "/home/someuser//.angband/Angband/save/Sheaffer")
    at savefile.c:404
#4  0x00000000004ae435 in save_game () at ui-game.c:499
#5  0x00000000004ac22c in new_level_display_update (
    type=EVENT_NEW_LEVEL_DISPLAY, data=0x0, user=0x0) at ui-display.c:2183
#6  0x0000000000419fe3 in game_event_dispatch (type=EVENT_NEW_LEVEL_DISPLAY, 
    data=0x0) at game-event.c:43
#7  0x000000000041a29c in event_signal (type=EVENT_NEW_LEVEL_DISPLAY)
    at game-event.c:142
#8  0x000000000041bec5 in on_new_level () at game-world.c:710
#9  0x000000000041c317 in run_game_loop () at game-world.c:841
#10 0x00000000004ae2d3 in play_game (new_game=false) at ui-game.c:433
#11 0x00000000004e662d in main (argc=1, argv=0x7fffffffdc48) at main.c:524
(gdb)

**Nick** · December 28, 2016, 21:10

Right, that's ... comprehensive

I'll report back when there are fixes up.

**Nick** · December 28, 2016, 23:07

OK, nightlies page has a new build, which fixes at least two of those five problems (the ones that happened on failed trap disarms). The others all look likely to be memory corruption; I've run with sanitize on for a while and found nothing so far.

Note that this latest version also breaks savefiles (but not monster lore) again, and it won't be the last time.

**Pete Mack** · December 29, 2016, 03:42

Nick--
Please don't do this. It's a pain when adding new monsters--messes up save files and lore in mysterious ways.

Originally posted by Nick

Yes, sorry, I meant to post about that one (I was waiting for it to build, and got distracted).

36ded51 breaks savefiles, and also doesn't load previous lore.txt files any more. The trick of copying monster.txt to lore.txt for full monster memory still works, or if you want to use your previous lore.txt you can go through and replace every line like this

Code:

name:22:large brown snake

with this

Code:

name:large brown snake

- so remove the numbers from the name: lines.

EDIT: I should say, too, that there will be a bit of savefile breaking in the next few builds. I'm going through and removing the numbers from the name: lines in all the other text files (object.txt, artifact.txt, terrain.txt, etc) as well.

**Nick** · December 29, 2016, 06:28

Originally posted by Pete Mack

Nick--
Please don't do this. It's a pain when adding new monsters--messes up save files and lore in mysterious ways.

Sorry, already done

In the brave new world, monsters in both savefiles and lore will be completely identified by their names; I'm hoping this will actually make adding new monsters easier and safer (in fact, that's why I did it).

**Nick** · December 29, 2016, 10:51

Another build up, and that should be the last of the savefile-breaking ones. Probably. And I wouldn't be surprised if there's the odd bug.

**kandrc** · December 29, 2016, 17:25

Here's a new one with your recent commits (4.0.3-590-g68835d3):

Code:

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff6e7fd1a in __strcmp_sse42 () from /lib64/libc.so.6
(gdb) bt
#0  0x00007ffff6e7fd1a in __strcmp_sse42 () from /lib64/libc.so.6
#1  0x0000000000426c2f in lookup_pit_profile (name=0x4f3968 "Moria dwellers")
    at gen-monster.c:53
#2  0x000000000042707c in mon_restrict (
    monster_type=0x4f3968 "Moria dwellers", depth=18, unique_ok=true)
    at gen-monster.c:166
#3  0x000000000042407a in moria_gen (p=0x9b97a8) at gen-cave.c:2053
#4  0x000000000041e2cd in cave_generate (c=0x74be20 <cave>, p=0x9b97a8)
    at generate.c:864
#5  0x000000000041c456 in run_game_loop () at game-world.c:840
#6  0x00000000004ae6d7 in play_game (new_game=false) at ui-game.c:433
#7  0x00000000004e6a55 in main (argc=1, argv=0x7fffffffdc48) at main.c:524
(gdb) up
#1  0x0000000000426c2f in lookup_pit_profile (name=0x4f3968 "Moria dwellers")
    at gen-monster.c:53
53                      if (streq(name, profile->name))
(gdb) print name
$1 = 0x4f3968 "Moria dwellers"
(gdb) print prof
prof_info              profil_counter         profil_counter_ushort  profile_max            
profil                 profil_counter_uint    profile                profile_parser         
(gdb) print profile
$2 = (struct pit_profile *) 0x98aa88
(gdb) print *profile
$3 = {next = 0x0, pit_idx = 0, name = 0x0, room_type = 0, ave = 0, rarity = 0, 
  obj_rarity = 0, flags = "\000\000\000\000\000\000\000\000\000", 
  forbidden_flags = "\000\000\000\000\000\000\000\000\000", 
  spell_flags = "\000\000\000\000\000\000\000\000\000\000", 
  forbidden_spell_flags = "\000\000\000\000\000\000\000\000\000\000", 
  bases = 0x0, colors = 0x0, forbidden_monsters = 0x0}
(gdb)

**Nick** · December 29, 2016, 23:14

Originally posted by kandrc

Here's a new one with your recent commits (4.0.3-590-g68835d3)

Excellent, thanks.

**AnonymousHero** · December 29, 2016, 23:27

Just FTR, I'm still getting the heap-overflow sanitizer error whenever I dump randarts. (I think I already posted a stack trace, hopefully it's still reasonably applicable post-refactor. Let me know if you need a new stack trace.)

**Nick** · December 30, 2016, 02:15

Originally posted by AnonymousHero

Just FTR, I'm still getting the heap-overflow sanitizer error whenever I dump randarts. (I think I already posted a stack trace, hopefully it's still reasonably applicable post-refactor. Let me know if you need a new stack trace.)

I can replicate the behaviour, but am completely mystified as to the cause. My best guess currently is that it's something to do with vstrnfmt not liking textblocks, possibly to do with text being written at the edge of a resizing of textblocks.

Any help on this would be most welcome. Clues include the fact that the error occurs in this bit of vstrnfmt:

Code:

					/* XXX There is a big bug here: if one
					 * passes "%.0s" to strnfmt, then really we
					 * should not dereference the arg at all.
					 * But it does.  See bug #666.
					 */

					/* Get the next argument */
					arg = va_arg(vp, const wchar_t *);

					/* Hack -- convert NULL to EMPTY */
					if (!arg) arg = L"";

					/* Prevent buffer overflows and convert string to char */
					/* this really should use a wcstombs type function */
					len = wcslen(arg);
					if (len >= 768) {
						len = 767;
					}
					for (i = 0; i < len; ++i) {
						arg2[i] = (char)arg[i];
					}
					arg2[len] = '\0';

which was changed in this commit and references this bug.

**spara** · December 30, 2016, 13:01

This has never happened to me before. I descended into an empty room with no other exit than the stairs I used to get down. Layout makes me assume that there should be a door in the end of the corridor. None to be found though.

Save: dead_end.zip

**Nick** · December 30, 2016, 14:08

New build up on the nightlies page with the most recent crash bug fixed, and savefiles broken really thoroughly, even by my standards.

This latest round of savefile breakages has been due to updates in the way the text files in lib/gamedata work. There may be a bit more of this still to happen, but the aim is to get as much info into the text files as possible, and then make savefiles as robust as possible against new records (monster, objects, etc) being added to the text files.

Originally posted by spara

This has never happened to me before. I descended into an empty room with no other exit than the stairs I used to get down. Layout makes me assume that there should be a door in the end of the corridor. None to be found though.

Yeah - there's a template room at the end of the corridor, and it looks like the dungeon code has failed to tunnel into it. This may be due to one of the new dungeon generation algorithms in use; in any case, I've filed it as a bug.

**Azuria** · December 31, 2016, 06:09

b11b07a is crashing on load again for Yosemite

Bugs and complaints on current master

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment