-
Notifications
You must be signed in to change notification settings - Fork 102
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
bogus pointer (double free?) during the bossfight in the third stage #378
Comments
I don't have OpenBSD installed and I couldn't reproduce this on Linux so far. Is the crash consistent and does it always happen at the same part of the fight? Please test v1.4.0 too if possible, though I'm fairy sure it's probably affected as well. |
It happens exactly at the same time every time. It's right at the start of the "Moonlight Rocket" spell (difficulty easy fwiw), so I managed to reproduce it also in the "spell practice". It doesn't seem to depend on the character used nor on the exact moves I do. this is exactly where it crashes if it helps. |
I forgot to include some data from the backtrace; here's the evt struct at the moment it crashes:
(edit: the addresses are different from the OP since it's a different core file. It always crashes here though) OpenBSD' malloc (Otto' malloc) tends to be quite strict and often unveils use-after-free, double-frees, writes out-of-bounds and other invalid usages that other allocators don't find. That said, it's not infallible and there is a chance that there's an invalid usage somewhere else and this free is only unveiling it somehow. I'll try to bisect this and will update the issue with my findings. It could take a bit though. |
Could you also try building with |
I learned a few things doing the bisect. First, this issue only exists with LTO builds, with Secondly, it was introduced after 1.3 and before 1.4.0. Lastly, assuming my I can't use
|
We've had some LTO-related miscompilations in windows builds in the past (though in library code, not taisei itself)… those resolved themselves with a toolchain update, IIRC. That said, it's hard to tell whether the compiler or the code is at fault, could very well be either. This kind of thing is always a giant pain in the ass to debug. What version of LLVM are you on? 17.0.6 works fine for me on Linux.
The bisect seems correct. If you were to bisect the squashed commits, it would probably lead you to the one that ported that specific spell to the coroutine system. The "problem" function is this since it's the only thing that hosts events on a coroutine stack there, which is where it goes bad according to the stack trace. I suspect that line 100 or line 119 might be the trigger. Try replacing them with something like Another thing to try: compile with:
This will write a lot of debug output to the log, which may or may not help me make sense of what's going on. |
The default clang version on OpenBSD is 16.0.6, but I tried with clang 17.0.6 with the same outcome. Truth to be told, I'm not sure if clang-17 from packages is using ld.lld-17 or base' ld (which is clang lld 16) and I don't know how to check. I tried to replace the Here's the output of taisei running with the debug output (it's very big though, ~12M). |
Hi, sorry for the super late update. I've tried to debug this in an OpenBSD VM a couple months ago but got absolutely nowhere. I managed to segfault gdb itself, and got some wonderful stack traces such as this one that I saved:
For reference, this is the definition of INLINE void libc_free(void *ptr) { free(ptr); } So, yeah, I gave up. I might try it again later, but this one may just be beyond me. The only thing I'm pretty sure of now is that this is not just a memory management error; this is either a miscompilation or a very nasty case of UB. In the meanwhile, can you please try building with the latest LLVM to see if maybe that magically fixes the problem? |
@Akaricchi thank you for trying! I've heard that we're close to update to llvm18 in base so once that lands I'll try and report back! (p.s. gdb on OpenBSD is a bit old, it's one of the last non-GPLv3 versions. You may install the |
On OpenBSD, taisei 1.4.1 crashes during the bossfight in the third stage. it's probably a double free, although I can't say for sure.
Here's the logs. In this case I jumped to the third stage via "Stage Practice" in the main menu, but it crashes also if reached "normally".
The backtrace is:
I'm not sure if it crashed in 1.4.0 too. Before updating the package last time I only played the first few stages (lack of time and skill :p) I'm sure that with previous versions it didn't crash, since I have available up until the fifth sage in the stage practice.
The text was updated successfully, but these errors were encountered: