Segfault during demo #371
Description
Information
- OS: Gentoo Linux (clang + glibc)
- Taisei version: 1.4
How to reproduce
- Page in the intro
- Let it idle for the demo to run
- Fight happens
- Transitions to white
- Crash
Backtraces
First coredump:
(lldb) bt
* thread #1, name = 'taisei', stop reason = signal SIGSEGV
* frame #0: 0x00005603b8174d5f taisei`process_projectiles(projlist=0x00005603b8391650, collision=true) at projectile.c:553:18
frame #1: 0x00005603b8178cf2 taisei`COTASKTHUNK_stage_comain [inlined] COTASK_stage_comain(_cotask_args=<unavailable>) at stage.c:1034:3
frame #2: 0x00005603b8178a0f taisei`COTASKTHUNK_stage_comain(arg=<unavailable>, arg_size=<unavailable>) at stage.c:1014:1
frame #3: 0x00005603b818ae50 taisei`cotask_entry(varg=0x00007ffd32b71920) at cotask.c:371:9
frame #4: 0x00005603b828842b taisei`koishi_entry(co=0x00005603bae8dde0) at fiber.h:68:17
frame #5: 0x00005603b8288413 taisei`co_entry(tf=<unavailable>) at fcontext.c:50:2
frame #6: 0x00005603b82884df taisei`make_fcontext at make_x86_64_sysv_elf_gas.S:71
(lldb) v -A
(ProjectileList *) projlist = 0x00005603b8391650
(bool) collision = true
(ProjCollisionResult) col = {
type = PCOL_NONE
fatal = false
location = 0 + 0.0078125i
damage = (amount = -0.00300286338, type = 0xb8387140)
entity = NULL
}
(bool) stage_cleared = <no location, value may have been optimized out>
(Projectile *) proj = 0xc024000000000000
(Projectile *) next = <variable not available>
(bool) destroy = <variable not available>
From launching it in lldb:
Process 22653 stopped
* thread #1, name = 'taisei', stop reason = signal SIGSEGV: invalid address (fault address: 0x0)
frame #0: 0x00007ffff72a45ce libc.so.6`__libc_free + 30
libc.so.6`__libc_free:
-> 0x7ffff72a45ce <+30>: movq -0x8(%rdi), %rax
0x7ffff72a45d2 <+34>: movl %fs:(%rbx), %ebp
0x7ffff72a45d5 <+37>: testb $0x2, %al
0x7ffff72a45d7 <+39>: jne 0x7ffff72a4630 ; <+128>
(lldb) bt
* thread #1, name = 'taisei', stop reason = signal SIGSEGV: invalid address (fault address: 0x0)
* frame #0: 0x00007ffff72a45ce libc.so.6`__libc_free + 30
frame #1: 0x000055555557883c taisei`_dynarray_free_data(sizeof_element=16, darr=0x00005555564f8098) at dynarray.c:24:2
frame #2: 0x00005555555b095f taisei`coevent_cancel(evt=<unavailable>) at coevent.c:130:3 [artificial]
frame #3: 0x00005555555b0995 taisei`_coevent_array_action(num=3, events=0x00005555564f8080, func=(taisei`coevent_cancel at coevent.c:111)) at coevent.c:138:3
frame #4: 0x000055555559ad31 taisei`process_projectiles [inlined] delete_projectile(projlist=0x00005555557b7650, p=0x00005555564f7f60, col=0x0000000000000000) at projectile.c:315:2
frame #5: 0x000055555559acef taisei`process_projectiles(projlist=0x00005555557b7650, collision=true) at projectile.c:554:4
frame #6: 0x000055555559ecf2 taisei`COTASKTHUNK_stage_comain [inlined] COTASK_stage_comain(_cotask_args=<unavailable>) at stage.c:1034:3
frame #7: 0x000055555559ea0f taisei`COTASKTHUNK_stage_comain(arg=<unavailable>, arg_size=<unavailable>) at stage.c:1014:1
frame #8: 0x00005555555b0e50 taisei`cotask_entry(varg=0x00007fffffffd0b0) at cotask.c:371:9
frame #9: 0x00005555556ae42b taisei`koishi_entry(co=0x000055555630cc40) at fiber.h:68:17
frame #10: 0x00005555556ae413 taisei`co_entry(tf=<unavailable>) at fcontext.c:50:2
frame #11: 0x00005555556ae4df taisei`make_fcontext at make_x86_64_sysv_elf_gas.S:71
Second coredump got while recording display to get more context
(lldb) bt
* thread #1, name = 'taisei', stop reason = signal SIGSEGV
* frame #0: 0x00007f4860ae95ce libc.so.6`__libc_free + 30
frame #1: 0x000055c11eaa883c taisei`_dynarray_free_data(sizeof_element=16, darr=0x000055c120d8b6a8) at dynarray.c:24:2
frame #2: 0x000055c11eae095f taisei`coevent_cancel(evt=<unavailable>) at coevent.c:130:3 [artificial]
frame #3: 0x000055c11eae0995 taisei`_coevent_array_action(num=3, events=0x000055c120d8b690, func=(taisei`coevent_cancel at coevent.c:111)) at coevent.c:138:3
frame #4: 0x000055c11eacad31 taisei`process_projectiles [inlined] delete_projectile(projlist=0x000055c11ece7650, p=0x000055c120d8b570, col=0x0000000000000000) at projectile.c:315:2
frame #5: 0x000055c11eacacef taisei`process_projectiles(projlist=0x000055c11ece7650, collision=true) at projectile.c:554:4
frame #6: 0x000055c11eacecf2 taisei`COTASKTHUNK_stage_comain [inlined] COTASK_stage_comain(_cotask_args=<unavailable>) at stage.c:1034:3
frame #7: 0x000055c11eacea0f taisei`COTASKTHUNK_stage_comain(arg=<unavailable>, arg_size=<unavailable>) at stage.c:1014:1
frame #8: 0x000055c11eae0e50 taisei`cotask_entry(varg=0x00007ffd6a640670) at cotask.c:371:9
frame #9: 0x000055c11ebde42b taisei`koishi_entry(co=0x000055c120a39430) at fiber.h:68:17
frame #10: 0x000055c11ebde413 taisei`co_entry(tf=<unavailable>) at fcontext.c:50:2
frame #11: 0x000055c11ebde4df taisei`make_fcontext at make_x86_64_sysv_elf_gas.S:71
(lldb) v -A
(lldb) f 4
frame #4: 0x000055c11eacad31 taisei`process_projectiles [inlined] delete_projectile(projlist=0x000055c11ece7650, p=0x000055c120d8b570, col=0x0000000000000000) at projectile.c:315:2
(lldb) v -A
(ProjectileList *) projlist = 0x000055c11ece7650
(Projectile *) p = 0x000055c120d8b570
(ProjCollisionResult *) col = NULL
(lldb) f 5
frame #5: 0x000055c11eacacef taisei`process_projectiles(projlist=0x000055c11ece7650, collision=true) at projectile.c:554:4
(lldb) v -A
(ProjectileList *) projlist = 0x000055c11ece7650
(bool) collision = true
(ProjCollisionResult) col = {
type = PCOL_NONE
fatal = false
location = 212.382 + 271.824i
damage = (amount = 0, type = DMG_ENEMY_SHOT)
entity = NULL
}
(bool) stage_cleared = <no location, value may have been optimized out>
(Projectile *) proj = 0x000055c120d8b570
(Projectile *) next = 0xc024000000000000
(bool) destroy = <variable not available>
Building taisei with LLVM/clang scan-build utility also reports 42 bugs found, including some memory errors and logic errors (majority of bugs found being unused code due to dead assignments).