Crash Stack Dump

[bonkersbobcat]

From 5/31 CVS:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1024 (LWP 20817)]
0x4013cc30 in QGDictIterator::toFirst() () at eval.c:41
41 eval.c: No such file or directory.
in eval.c
Current language: auto; currently c
(gdb) bt
#0 0x4013cc30 in QGDictIterator::toFirst() () at eval.c:41
#1 0x4013c9a2 in QGDictIterator::QGDictIterator(QGDict const&) () at eval.c:41
#2 0x080f0580 in Map::paintSpawns(MapParameters&, QPainter&, QTime const&) (this=0x81fdc20, param=@0x81fdc98, p=@0xbfffe980, drawTime=@0xbfffe950) at /usr/local/qt-2.3.2/include/qintdict.h:88
#3 0x080ef855 in Map::paintMap(QPainter*) (this=0x81fdc20, p=0xbfffeae0) at map.cpp:2855
#4 0x080f2664 in Map::paintEvent(QPaintEvent*) (this=0x81fdc20, e=0xbfffed30) at map.cpp:3932
#5 0x40224cd0 in QWidget::event(QEvent*) () at eval.c:41
#6 0x401a2244 in QApplication::notify(QObject*, QEvent*) () at eval.c:41
#7 0x40199b6f in QWidget::repaint(int, int, int, int, bool) () at eval.c:41
#8 0x080ef1ce in Map::refreshMap() (this=0x81fdc20) at /usr/local/qt-2.3.2/include/qrect.h:195
#9 0x401e23c2 in QObject::activate_signal(char const*) () at eval.c:41
#10 0x402302db in QTimer::timeout() () at eval.c:41
#11 0x402153fb in QTimer::event(QEvent*) () at eval.c:41
#12 0x401a2244 in QApplication::notify(QObject*, QEvent*) () at eval.c:41
#13 0x40170d78 in qt_activate_timers() () at eval.c:41
#14 0x4016e9c0 in QApplication::processNextEvent(bool) () at eval.c:41
#15 0x401a418b in QApplication::enter_loop() () at eval.c:41
#16 0x4016e564 in QApplication::exec() () at eval.c:41
#17 0x080620d6 in main (argc=2, argv=0xbffffaf4) at main.cpp:941
#18 0x405af507 in __libc_start_main (main=0x805ee28 <main>, argc=2, ubp_av=0xbffffaf4, init=0x805aa2c <_init>, fini=0x8170cd4 <_fini>, rtld_fini=0x4000dc14 <_dl_fini>, stack_end=0xbffffaec)
at ../sysdeps/generic/libc-start.c:129
(gdb)

[bonkersbobcat]

Here is another one, this one is on the 6/4 CVS. The garbage characters below were displayed in the stack trace

Code:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1024 (LWP 29706)]
0x4013b6ac in QGDict::look_int(long, void*, int) () at eval.c:41
41	eval.c: No such file or directory.
	in eval.c
Current language:  auto; currently c
(gdb) bt
#0  0x4013b6ac in QGDict::look_int(long, void*, int) () at eval.c:41
#1  0x0806d3eb in SpawnShell::newSpawn(spawnStruct const&) (this=0x82715e0, s=@0xbffee666) at /usr/local/qt-2.3.2/include/qintdict.h:58
#2  0x0806d29c in SpawnShell::newSpawn(newSpawnStruct const*) (this=0x8271678, spawn=0xbffee660) at spawnshell.cpp:498
#3  0x0808f496 in EQPacket::newSpawn(newSpawnStruct const*, unsigned, unsigned char) (this=0x82d8ed0, t0=0xbffee660, t1=226, t2=2 '\002') at m_packet.cpp:2261
#4  0x080892d8 in EQPacket::dispatchZoneData(unsigned, unsigned char*, unsigned char) (this=0x82d8ed0, len=226, 
    data=0xbfffe842 "I!{\036ºAx\232ù\231\t\207©\003\233_¿\031\202Ý\017ÚiC\020ÚP©\020Ú7\017\021Ú\036u\021Ú\005Û\021Úì@\022ÚÓ¦\022Úº\f\023Ú¡r\031Ú'S\204DfÀi\003À,,", dir=2 '\002') at packet.cpp:1766
#5  0x0808795c in EQPacket::decodePacket(int, unsigned char*) (this=0x82d8ed0, size=266, buffer=0xbfffe81e "E") at packet.h:401
#6  0x08086ec4 in EQPacket::processPackets() (this=0x82d8ed0) at packet.cpp:751
#7  0x401e23c2 in QObject::activate_signal(char const*) () at eval.c:41
#8  0x402302db in QTimer::timeout() () at eval.c:41
#9  0x402153fb in QTimer::event(QEvent*) () at eval.c:41
#10 0x401a2244 in QApplication::notify(QObject*, QEvent*) () at eval.c:41
#11 0x40170d78 in qt_activate_timers() () at eval.c:41
#12 0x4016e9c0 in QApplication::processNextEvent(bool) () at eval.c:41
#13 0x401a418b in QApplication::enter_loop() () at eval.c:41
#14 0x4016e564 in QApplication::exec() () at eval.c:41
#15 0x080620d6 in main (argc=2, argv=0xbffffaf4) at main.cpp:941
#16 0x405af507 in __libc_start_main (main=0x805ee28 <main>, argc=2, ubp_av=0xbffffaf4, init=0x805aa2c <_init>, fini=0x8170cd4 <_fini>, rtld_fini=0x4000dc14 <_dl_fini>, stack_end=0xbffffaec)
    at ../sysdeps/generic/libc-start.c:129
(gdb)

[bonkersbobcat]

Here is another one. 6/8 CVS.

Code:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1024 (LWP 3298)]
0x4013cd13 in QGDictIterator::operator++() () at eval.c:41
41	eval.c: No such file or directory.
	in eval.c
(gdb) bt
#0  0x4013cd13 in QGDictIterator::operator++() () at eval.c:41
#1  0x080f3f40 in Map::paintSpawns(MapParameters&, QPainter&, QTime const&) (this=0x82002b8, param=@0x8200330, p=@0xbfffe970, drawTime=@0xbfffe940) at /usr/local/qt-2.3.2/include/qintdict.h:97
#2  0x080f307d in Map::paintMap(QPainter*) (this=0x82002b8, p=0xbfffead0) at map.cpp:2871
#3  0x080f5e8c in Map::paintEvent(QPaintEvent*) (this=0x82002b8, e=0xbfffed20) at map.cpp:3948
#4  0x40224cd0 in QWidget::event(QEvent*) () at eval.c:41
#5  0x401a2244 in QApplication::notify(QObject*, QEvent*) () at eval.c:41
#6  0x40199b6f in QWidget::repaint(int, int, int, int, bool) () at eval.c:41
#7  0x080f29f6 in Map::refreshMap() (this=0x82002b8) at /usr/local/qt-2.3.2/include/qrect.h:195
#8  0x401e23c2 in QObject::activate_signal(char const*) () at eval.c:41
#9  0x402302db in QTimer::timeout() () at eval.c:41
#10 0x402153fb in QTimer::event(QEvent*) () at eval.c:41
#11 0x401a2244 in QApplication::notify(QObject*, QEvent*) () at eval.c:41
#12 0x40170d78 in qt_activate_timers() () at eval.c:41
#13 0x4016e9c0 in QApplication::processNextEvent(bool) () at eval.c:41
#14 0x401a418b in QApplication::enter_loop() () at eval.c:41
#15 0x4016e564 in QApplication::exec() () at eval.c:41
#16 0x08061f75 in main (argc=2, argv=0xbffffaf4) at main.cpp:927
#17 0x405af507 in __libc_start_main (main=0x805edd8 <main>, argc=2, ubp_av=0xbffffaf4, init=0x805a9f8 <_init>, fini=0x816c300 <_fini>, rtld_fini=0x4000dc14 <_dl_fini>, stack_end=0xbffffaec)
    at ../sysdeps/generic/libc-start.c:129
(gdb)

[bonkersbobcat]

More of the same. This one is from the 6/12 CVS.

Can I provide any other info on these?

Code:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1024 (LWP 14096)]
0x4013cc30 in QGDictIterator::toFirst() () at eval.c:41
41	eval.c: No such file or directory.
	in eval.c
Current language:  auto; currently c
(gdb) bt
#0  0x4013cc30 in QGDictIterator::toFirst() () at eval.c:41
#1  0x4013c9a2 in QGDictIterator::QGDictIterator(QGDict const&) () at eval.c:41
#2  0x080f4c48 in Map::paintSpawns(MapParameters&, QPainter&, QTime const&) (this=0x8203018, param=@0x8203090, p=@0xbfffe970, drawTime=@0xbfffe940) at /usr/local/qt-2.3.2/include/qintdict.h:88
#3  0x080f3f1d in Map::paintMap(QPainter*) (this=0x8203018, p=0xbfffead0) at map.cpp:2871
#4  0x080f6d2c in Map::paintEvent(QPaintEvent*) (this=0x8203018, e=0xbfffed20) at map.cpp:3948
#5  0x40224cd0 in QWidget::event(QEvent*) () at eval.c:41
#6  0x401a2244 in QApplication::notify(QObject*, QEvent*) () at eval.c:41
#7  0x40199b6f in QWidget::repaint(int, int, int, int, bool) () at eval.c:41
#8  0x080f3896 in Map::refreshMap() (this=0x8203018) at /usr/local/qt-2.3.2/include/qrect.h:195
#9  0x401e23c2 in QObject::activate_signal(char const*) () at eval.c:41
#10 0x402302db in QTimer::timeout() () at eval.c:41
#11 0x402153fb in QTimer::event(QEvent*) () at eval.c:41
#12 0x401a2244 in QApplication::notify(QObject*, QEvent*) () at eval.c:41
#13 0x40170d78 in qt_activate_timers() () at eval.c:41
#14 0x4016e9c0 in QApplication::processNextEvent(bool) () at eval.c:41
#15 0x401a418b in QApplication::enter_loop() () at eval.c:41
#16 0x4016e564 in QApplication::exec() () at eval.c:41
#17 0x08061fb5 in main (argc=2, argv=0xbffffaf4) at main.cpp:927
#18 0x405af507 in __libc_start_main (main=0x805ee18 <main>, argc=2, ubp_av=0xbffffaf4, init=0x805aa20 <_init>, fini=0x816e9e0 <_fini>, rtld_fini=0x4000dc14 <_dl_fini>, stack_end=0xbffffaec)
    at ../sysdeps/generic/libc-start.c:129
(gdb)

[Zaphod]

This is bug has haunted us for a long time through many, many, many versions. The problem is the crashes aren't occuring where the bug is. The problem stems from someplace else in the code overwriting memory that doesn't belong to it and thus corrupting other structures. It appears to be triggered by some unknown packets, assorted solutions and even the occasional punt/guess solutions have been tried.

The problem is that to diagnose it requires a recorded session that reproduces the problem. This is something which we will never ask you for and you should never give us because it can contain not only your character and server names but also potentially your password information.

Another problem arises from the fact that the memory profilers/debuggers under Linux generally suck. Gods how I wish Rational would make Purify available for x86 Linux or hell even x86 Solaris. How I miss that wondrous product... I'd even pay for it (if any Rational folks happen to be reading... ).

Enjoy,
Zaphod (dohpaZ)

[bonkersbobcat]

How much processing time would it take to generate a list of checksums for a handfull (all of?) the critical structures within SEQ?

If this time is not significant, what about running a bunch of memory checksums before and after each inbound packet is processed?

If the problem is indeed packet processing related, this would at least indicate the packet type that is causing the corruption.

The checksum checker would, of course, have to know what structures were suposed to be modified by various packet types, and not complain for correct behaivor.

[LordFeshlak]

Is this the same bug that occasionally shows itself as a core dump with a "Soandso has already been removed from the zone before we processed it"? I'm getting that message every so often, and would love help find a way to smack it.