Short: Illegal vector memsize
Date: Tue, 15 Jan 2002 18:43:59 -0800
From: Ben Fennema <bfennema@ix.netcom.com>
Type: Bug
State: New
Driver: 3.2.9-dev.386, 3.2.9-dev.432
------------------------------------------------------------------------------
Subject: Corrupted memory: MEMSIZE
Date: Fri, 26 Apr 2002 12:08:12 -0500 (CDT)
From: osb@lpmud.com (One Step Beyond LPMUD)
Script started on Fri Apr 26 11:54:59 2002
91:/home/osb/src/3-2-dev/src $ gdb ../../../bin/driver-3�.2.9.432 core
GNU gdb 4.18
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-unknown-freebsd"...
Core was generated by `driver-3.2.9.432'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /usr/lib/libm.so.2...done.
Reading symbols from /usr/lib/libcrypt.so.2...done.
Reading symbols from /usr/local/lib/mysql/libmysqlclient.so.10...done.
Reading symbols from /usr/lib/libz.so.2...done.
Reading symbols from /usr/lib/libc.so.4...done.
Reading symbols from /usr/libexec/ld-elf.so.1...done.
#0 0x80b9cc9 in fatal (
fmt=0x80cbd40 "Size %ld of vector %p doesn't match memsize %ld\n")
at simulate.c:589
589 *((char*)0) = 0/a;
(gdb) up
#1 0x804d85f in vec_size (vec=0x845e070) at array.c:200
200 fatal("Size %ld of vector %p doesn't match memsize %ld\n"
(gdb) list
195 ( sizeof(vector_t) - sizeof(svalue_t) ) / SIZEOF_CHAR_P
196 )
197
198 ) / (sizeof(svalue_t)/SIZEOF_CHAR_P);
199 if (vec->size != memsize)
200 fatal("Size %ld of vector %p doesn't match memsize %ld\n"
201 , vec->size, vec, memsize);
202
203 return vec->size;
204 } /* vec_size() */
(gdb) p/128xb 0x845e040
Size letters are meaningless in "print" command.
(gdb) x/128xb 0x845e040
0x845e040: 0x00 0x00 0x00 0x00 0x0f 0xd3 0x0e 0x08
0x845e048: 0x19 0x07 0x00 0x00 0xfd 0x6e 0x70 0x34
0x845e050: 0x04 0x00 0x00 0x00 0x80 0x02 0x00 0x00
0x845e058: 0x20 0xf2 0x44 0x08 0x3d 0x00 0x00 0x00
0x845e060: 0x20 0xa5 0x3e 0x08 0xcc 0xbe 0x0c 0x08
0x845e068: 0x89 0x02 0x00 0x00 0xab 0xee 0x72 0xa3
0x845e070: 0x01 0x00 0x00 0x00 0x02 0x00 0x00 0x00
0x845e078: 0x00 0x00 0x00 0x00 0xb0 0x3a 0x43 0x08
0x845e080: 0x03 0x00 0x00 0x00 0x70 0xf2 0x45 0x08
0x845e088: 0x0d 0x00 0x00 0x30 0x20 0xf2 0x44 0x08
0x845e090: 0x3d 0x00 0x00 0x00 0x20 0xa5 0x3e 0x08
0x845e098: 0xcc 0xbe 0x0c 0x08 0x89 0x02 0x00 0x00
0x845e0a0: 0xab 0xee 0x72 0xa3 0x01 0x00 0x00 0x00
0x845e0a8: 0x01 0x00 0x00 0x00 0x00 0x00 0x00 0x00
0x845e0b0: 0xb0 0x3a 0x43 0x08 0x03 0x00 0x00 0x00
0x845e0b8: 0x48 0xe3 0x45 0x08 0x17 0x00 0x00 0x30
(gdb) p (char*)0x80cbecc
$1 = 0x80cbecc "array.c::allocate_array"
(gdb) p (char*)0x80ed30f
$2 = 0x80ed30f "swap.c"
(gdb) p 0x719
$3 = 1817
(gdb) x/128xb 0x845e000
0x845e000: 0xc2 0x49 0x0d 0x08 0x1c 0x05 0x00 0x00
0x845e008: 0x30 0x58 0x2a 0xfc 0x45 0x6c 0x6f 0x72
0x845e010: 0x69 0x61 0x00 0x00 0x08 0x00 0x00 0x30
0x845e018: 0x20 0xf2 0x44 0x08 0x3d 0x00 0x00 0x00
0x845e020: 0x20 0xa5 0x3e 0x08 0x6c 0xbf 0x0c 0x08
0x845e028: 0x9a 0x02 0x00 0x00 0xfd 0x6e 0x70 0x34
0x845e030: 0x2a 0x00 0x00 0x00 0x08 0x00 0x00 0x30
0x845e038: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
0x845e040: 0x00 0x00 0x00 0x00 0x0f 0xd3 0x0e 0x08
0x845e048: 0x19 0x07 0x00 0x00 0xfd 0x6e 0x70 0x34
0x845e050: 0x04 0x00 0x00 0x00 0x80 0x02 0x00 0x00
0x845e058: 0x20 0xf2 0x44 0x08 0x3d 0x00 0x00 0x00
0x845e060: 0x20 0xa5 0x3e 0x08 0xcc 0xbe 0x0c 0x08
0x845e068: 0x89 0x02 0x00 0x00 0xab 0xee 0x72 0xa3
0x845e070: 0x01 0x00 0x00 0x00 0x02 0x00 0x00 0x00
0x845e078: 0x00 0x00 0x00 0x00 0xb0 0x3a 0x43 0x08
(gdb) p *(object*)0x844f220
No symbol "object" in current context.
(gdb) p *(object_t*)0x844f220
$4 = {flags = 512, ref = 15, total_light = 0, time_reset = 1019811627,
time_of_ref = 1019811350, load_time = 1019637777, load_id = 57,
extra_ref = 13, prog = 0x83ea1a0, name = 0x844937c "p/daemons/inetd",
load_name = 0x834fdc0 "/p/daemons/inetd", next_all = 0x844ebb8,
prev_all = 0x8475244, next_hash = 0x0, next_inv = 0x0, contains = 0x0,
super = 0x0, sent = 0x0, user = 0x8433ab0, eff_user = 0x8433ab0,
extra_num_variables = 6, variables = 0x844ed04, ticks = 4484171,
gigaticks = 0}
(gdb) p *(programn_5t� �� �� �� �_t)� �*)0x� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �� �x/128xb 0x0x845e048
Invalid number "0x0x845e048".
(gdb) x/128xb 0x0x845e048���������[1P��[1P
0x845e048: 0x19 0x07 0x00 0x00 0xfd 0x6e 0x70 0x34
0x845e050: 0x04 0x00 0x00 0x00 0x80 0x02 0x00 0x00
0x845e058: 0x20 0xf2 0x44 0x08 0x3d 0x00 0x00 0x00
0x845e060: 0x20 0xa5 0x3e 0x08 0xcc 0xbe 0x0c 0x08
0x845e068: 0x89 0x02 0x00 0x00 0xab 0xee 0x72 0xa3
0x845e070: 0x01 0x00 0x00 0x00 0x02 0x00 0x00 0x00
0x845e078: 0x00 0x00 0x00 0x00 0xb0 0x3a 0x43 0x08
0x845e080: 0x03 0x00 0x00 0x00 0x70 0xf2 0x45 0x08
0x845e088: 0x0d 0x00 0x00 0x30 0x20 0xf2 0x44 0x08
0x845e090: 0x3d 0x00 0x00 0x00 0x20 0xa5 0x3e 0x08
0x845e098: 0xcc 0xbe 0x0c 0x08 0x89 0x02 0x00 0x00
0x845e0a0: 0xab 0xee 0x72 0xa3 0x01 0x00 0x00 0x00
0x845e0a8: 0x01 0x00 0x00 0x00 0x00 0x00 0x00 0x00
0x845e0b0: 0xb0 0x3a 0x43 0x08 0x03 0x00 0x00 0x00
0x845e0b8: 0x48 0xe3 0x45 0x08 0x17 0x00 0x00 0x30
0x845e0c0: 0x20 0xf2 0x44 0x08 0x3d 0x00 0x00 0x00
(gdb) quit
92:/home/osb/src/3-2-dev/src $ exit
exit
Script done on Fri Apr 26 12:07:43 2002
------------------------------------------------------------------------------
Just had a crash that I don't think I've seen before.
Attached is the crash dump and the core file backtrace.
Ben
2002.01.15 18:16:29 Size 304 of vector 0x8b63caf doesn't match memsize
897
2002.01.15 18:16:29 Current object was obj/player#8410
obj/player#7617 obj/player.c line 1038
83419fc: 37 (void)= (2: 3) line
1038
83419fd: 88 37 push_identifier_lvalue (0: 1) line
1039
83419ff: 28 ++ (1: 2)
8341a00: 5 37 identifier (0: 1) line
1040
8341a02: 11 600 number (1: 2)
8341a07: 14 2 clit (2: 3)
8341a09: 41 / (3: 4)
8341a0a: 42 % (2: 3)
8341a0b: 12 const0 (1: 2)
8341a0c: 47 == (2: 3)
8341a0d: 82 branch_when_zero (1: 2)
8341a14: 5 37 identifier (0: 1) line
1041
8341a16: 14 24 clit (1: 2)
8341a18: 14 2 clit (2: 3)
8341a1a: 41 / (3: 4)
8341a1b: 42 % (2: 3)
8341a1c: 12 const0 (1: 2)
8341a1d: 47 == (2: 3)
8341a1e: 82 branch_when_zero (1: 2)
8341a25: 5 37 identifier (0: 1) line
1042
8341a27: 14 18 clit (1: 2)
8341a29: 14 2 clit (2: 3)
8341a2b: 41 / (3: 4)
8341a2c: 42 % (2: 3)
8341a2d: 12 const0 (1: 2)
8341a2e: 47 == (2: 3)
8341a2f: 82 branch_when_zero (1: 2)
8341a36: 5 37 identifier (0: 1) line
1043
8341a38: 14 16 clit (1: 2)
8341a3a: 14 2 clit (2: 3)
8341a3c: 41 / (3: 4)
8341a3d: 42 % (2: 3)
8341a3e: 12 const0 (1: 2)
8341a3f: 47 == (2: 3)
8341a40: 82 branch_when_zero (1: 2)
8341a47: 5 3 identifier (0: 1) line
1044
8341a49: 212 sizeof (1: 2)
8341a4a: 34 && (1: 2)
8341a4e: 82 branch_when_zero (1: 2)
8341a5e: 5 3 identifier (0: 1) line
1048
8341a60: 212 sizeof (1: 2)
8341a61: 82 branch_when_zero (1: 2)
8341ab7: 20 return0 (0: 1) line
1067
obj/player#8410 obj/player.c line 955
83418a3: 77 512 clear_locals (0: 1) line 955
83418a6: 5 33 identifier (0: 1) line 958
83418a8: 212 sizeof (1: 2)
83418a9: 82 branch_when_zero (1: 2)
83418af: 87 call_explicit_inherited (0: 1) line 961
obj/player#8410 obj/living.c line 2509
82faa8f: 77 256 clear_locals (0: 3) line
2509
82faa92: 12 const0 (0: 3) line
2511
82faa93: 93 0 push_local_variable_lvalue (1: 4)
82faa95: 37 (void)= (2: 5)
82faa96: 81 branch (0: 3)
82faac2: 25 0 local (0: 3)
82faac4: 5 4 identifier (1: 4)
82faac6: 212 sizeof (2: 5)
82faac7: 45 < (2: 5)
82faac8: 85 49 bbranch_when_non_zero (1: 4)
82faaca: 12 const0 (0: 3) line
2521
82faacb: 93 0 push_local_variable_lvalue (1: 4)
82faacd: 37 (void)= (2: 5)
82faace: 81 branch (0: 3)
82faafa: 25 0 local (0: 3)
82faafc: 5 5 identifier (1: 4)
82faafe: 212 sizeof (2: 5)
82faaff: 45 < (2: 5)
82fab00: 85 49 bbranch_when_non_zero (1: 4)
82fab02: 5 33 identifier (0: 3) line
2531
82fab04: 12 const0 (1: 4)
82fab05: 98 index (2: 5)
82fab06: 82 branch_when_zero (1: 4)
82fabf4: 144 0 environment (0: 3) line
2574
82fabf6: 34 11 && (1: 4)
82fabf8: 144 0 environment (0: 3)
82fabfa: 7 52 cstring0 (1: 4)
82fabfc: 11 1048576 number (2: 5)
82fac01: 126 call_other (3: 6)
players/hawkwind/town/pub room/room.c line 346
83074c3: 77 257 clear_locals (0: 7) line 346
83074c6: 25 0 local (0: 7) line 348
83074c8: 83 5121 branch_when_non_zero (1: 8)
83074cb: 25 0 local (0: 7) line 351
83074cd: 163 intp (1: 8)
83074ce: 82 10 branch_when_zero (1: 8)
83074d0: 86 call_function_by_address (0: 7) line 352
830746b: 77 768 clear_locals (0: 10) line 327
830746e: 5 8 identifier (0: 10) line 331
8307470: 172 m_indices (1: 11)
8307471: 93 1 push_local_variable_lvalue (1: 11)
8307473: 37 (void)= (2: 12)
8307474: 12 const0 (0: 10) line 333
8307475: 93 2 push_local_variable_lvalue (1: 11)
8307477: 37 (void)= (2: 12)
8307478: 12 const0 (0: 10)
8307479: 93 0 push_local_variable_lvalue (1: 11)
830747b: 37 (void)= (2: 12)
830747c: 81 branch (0: 10)
83074ad: 25 2 local (0: 10)
83074af: 25 1 local (1: 11)
83074b1: 212 sizeof (2: 12)
83074b2: 45 < (2: 12)
83074b3: 85 bbranch_when_non_zero (1: 11)
830747e: 25 1 local (0: 10) line 335
8307480: 25 2 local (1: 11)
8307482: 98 index (2: 12)
8307483: 12 const0 (1: 11)
8307484: 47 == (2: 12)
8307485: 35 10 || (1: 11)
8307487: 5 8 identifier (0: 10)
8307489: 25 1 local (1: 11)
830748b: 25 2 local (2: 12)
830748d: 98 index (3: 13)
830748e: 98 index (2: 12)
830748f: 12 const0 (1: 11)
8307490: 47 == (2: 12)
8307491: 82 branch_when_zero (1: 11)
830749e: 5 8 identifier (0: 10) line 338
83074a0: 25 1 local (1: 11)
83074a2: 25 2 local (2: 12)
83074a4: 98 index (3: 13)
83074a5: 98 index (2: 12)
83074a6: 93 0 push_local_variable_lvalue (1: 11)
83074a8: 70 |= (2: 12)
83074a9: 75 pop_value (1: 11)
83074aa: 93 2 push_local_variable_lvalue (0: 10) line 333
83074ac: 28 ++ (1: 11)
83074ad: 25 2 local (0: 10)
83074af: 25 1 local (1: 11)
83074b1: 212 sizeof (2: 12)
83074b2: 45 < (2: 12)
83074b3: 85 54 bbranch_when_non_zero (1: 11)
83074b5: 25 0 local (0: 10) line 341
83074b7: 19 return (1: 11)
83074d4: 25 0 local (1: 8) line 352
83074d6: 50 & (2: 9)
83074d7: 19 return (1: 8)
obj/player#8410 obj/living.c line 2574
82fac03: 82 branch_when_zero (1: 4) line
2574
82fac42: 5 84 identifier (0: 3) line
2590
82fac44: 14 120 clit (1: 4)
82fac46: 45 < (2: 5)
82fac47: 82 branch_when_zero (1: 4)
82fac6b: 20 return0 (0: 3) line
2603
obj/player#8410 obj/player.c line 961
83418b5: 75 pop_value (1: 2) line 961
83418b6: 226 this_player (0: 1) line 963
83418b7: 302 46 query_ip_number (1: 2)
83418b9: 56 ! (1: 2)
83418ba: 34 948765955 && (1: 2)
83418bf: 34 948831491 && (1: 2)
83418c4: 82 branch_when_zero (1: 2)
834194f: 5 141 identifier (0: 1) line 997
8341951: 34 && (1: 2)
8341958: 82 branch_when_zero (1: 2)
83419db: 5 142 identifier (0: 1) line
1029
83419dd: 82 branch_when_zero (1: 2)
83419f4: 5 40 identifier (0: 1) line
1036
83419f6: 82 5121 branch_when_zero (1: 2)
83419f9: 12 const0 (0: 1) line
1038
83419fa: 88 138 push_identifier_lvalue (1: 2)
83419fc: 37 (void)= (2: 3)
83419fd: 88 37 push_identifier_lvalue (0: 1) line
1039
83419ff: 28 ++ (1: 2)
8341a00: 5 37 identifier (0: 1) line
1040
8341a02: 11 600 number (1: 2)
8341a07: 14 2 clit (2: 3)
8341a09: 41 / (3: 4)
8341a0a: 42 % (2: 3)
8341a0b: 12 const0 (1: 2)
8341a0c: 47 == (2: 3)
8341a0d: 82 branch_when_zero (1: 2)
8341a14: 5 37 identifier (0: 1) line
1041
8341a16: 14 24 clit (1: 2)
8341a18: 14 2 clit (2: 3)
8341a1a: 41 / (3: 4)
8341a1b: 42 % (2: 3)
8341a1c: 12 const0 (1: 2)
8341a1d: 47 == (2: 3)
8341a1e: 82 branch_when_zero (1: 2)
8341a25: 5 37 identifier (0: 1) line
1042
8341a27: 14 18 clit (1: 2)
8341a29: 14 2 clit (2: 3)
8341a2b: 41 / (3: 4)
8341a2c: 42 % (2: 3)
8341a2d: 12 const0 (1: 2)
8341a2e: 47 == (2: 3)
8341a2f: 82 branch_when_zero (1: 2)
8341a36: 5 37 identifier (0: 1) line
1043
8341a38: 14 16 clit (1: 2)
8341a3a: 14 2 clit (2: 3)
8341a3c: 41 / (3: 4)
8341a3d: 42 % (2: 3)
8341a3e: 12 const0 (1: 2)
8341a3f: 47 == (2: 3)
8341a40: 82 branch_when_zero (1: 2)
8341a47: 5 3 identifier (0: 1) line
1044
8341a49: 212 sizeof (1: 2)
8341a4a: 34 && (1: 2)
8341a4e: 82 branch_when_zero (1: 2)
8341a5e: 5 3 identifier (0: 1) line
1048
8341a60: 212 sizeof (1: 2)
8341a61: 82 branch_when_zero (1: 2)
8341ab7: 20 return0 (0: 1) line
1067
849f2f4: 38 7 57 38 126 3 75 25
No trace.
2002.01.15 18:16:29 LDMud aborting on fatal error.
#0 0x080b8c3d in fatal (fmt=0x80d3380 "Size %ld of vector %p doesn't
match memsize %ld\n")
at simulate.c:608
608 *((char*)0) = 0/a;
(gdb) bt
#0 0x080b8c3d in fatal (fmt=0x80d3380 "Size %ld of vector %p doesn't
match memsize %ld\n")
at simulate.c:608
#1 0x0804d760 in vec_size (vec=0x8b63caf) at array.c:200
#2 0x080c4dd2 in swap_svalues (svp=0x8a2fa74, num=11, block=0x84ff5d0)
at swap.c:864
#3 0x080c552a in swap_variables (ob=0x860e074) at swap.c:1230
#4 0x08052302 in process_objects () at backend.c:1027
#5 0x08051cce in backend () at backend.c:637
#6 0x0809aa08 in main (argc=4, argv=0xbffffae4) at main.c:428
#7 0x400e3306 in __libc_start_main (main=0x809a3c4 <main>, argc=4,
ubp_av=0xbffffae4,
init=0x8049c7c <_init>, fini=0x80c90b0 <_fini>, rtld_fini=0x4000d2dc
<_dl_fini>,
stack_end=0xbffffadc) at ../sysdeps/generic/libc-start.c:129
(gdb)
