Question Crash bug - need assistance with GDB

Also - do you know if anyone is intentionally crashing the game?

I would start out by logging somewhat more in interpreter.c: This would of course be a temporary measure.

With this logging you could tell if crashes occurred due to a specific command or a specific player.

Oh I already know who and what. It is normal on JediMUD for the mages to teleport around. IT gives them quick entrance to a zone and they can set up a portal. They are not doing it to crash the game. I also am not opposed to doing a team viewer share.


#0 0x00000000004a3bf8 in valid_dg_target (ch=ch@entry=0x2ea59b0, bitvector=bitvector@entry=1) at dg_misc.c:289
289 else if (!WIZ_FLAGGED(ch, WIZ_NOHASSLE))
(gdb) info local
No locals.
(gdb) print *ch
$6 = {pfilepos = 0, nr = 0, in_room = 0, was_in_room = 41824, motion_timer = 0, wait = 20226944, version = 0 '\000', player = {
passwd = "\240\243\064\001\000\000\000\000У4\001", '\000' <repeats 12 times>, "\001\000\000\004\000\000",
passwd2 = "\000o\244]Z\000\000\000\000o\244]Z", '\000' <repeats 12 times>, "\310\306\000\000\000",
name = 0x640b0b0b0b0b000b <error: Cannot access memory at address 0x640b0b0b0b0b000b>,
short_descr = 0x640b0b0b0b0b000b <error: Cannot access memory at address 0x640b0b0b0b0b000b>,
long_descr = 0x350035000a000a <error: Cannot access memory at address 0x350035000a000a>,
description = 0x320032 <error: Cannot access memory at address 0x320032>, title = 0x0, sex = 100 'd', chclass = 0 '\000',
race = 0 '\000', level = 0 '\000', admlevel = 100 'd', time = {birth = 25769803876, logon = 150, played = 700},
weight = 0 '\000', height = 0 '\000', last_age = 0}, real_abils = {str = 0 '\000', str_add = 0 '\000', intel = 0 '\000',
wis = 0 '\000', dex = 0 '\000', con = 0 '\000', cha = 0 '\000', ess = 0 '\000'}, aff_abils = {str = 0 '\000',
str_add = 0 '\000', intel = 0 '\000', wis = 0 '\000', dex = 0 '\000', con = 0 '\000', cha = 0 '\000', ess = 0 '\000'}, points = {
mana = 0, max_mana = 0, hit = 0, max_hit = 0, move = 0, max_move = 0, hit_regen = 0, mana_regen = 0, move_regen = 0,
regen_factor = {0, 0, 0}, armor = 0, gold = 0, bank_gold = 0, exp = 0, hitroll = 0 '\000', damroll = 0 '\000', remort_count = 0,
deaths = 0, deaths_this_level = 0, reroll_count = 0, pc_steals = 0, xp_bonus = 0, align_bonus = 0, oldcha = 0, oldstr = 8,
oldstradd = 0, oldint = 0, oldwis = 0, oldcon = 0, olddex = 0, oldclass = 0, oldhit_regen = 0, oldmana_regen = 0,
oldmove_regen = 0, oldremort_total = 0, exploss = 4194504, dt_day = 0, dt_room = 0, dt_count = 0}, char_specials = {
fighting = 0x0, hunting = 0x1a001a001a001a, position = 26 '\032', carry_weight = 0, carry_items = 0 '\000', timer = 0,
numplus = -8128, succesful_hunt = -109 '\223', saved = {alignment = 0, idnum = 134285312, act = {2, 0, 0, 0}, affected_by = {0,
0, 0, 0}, apply_saving_throw = {0, 0, 0, 0, 0}, kills = 0, monthly_kills = 0}}, player_specials = 0x0, mob_specials = {
memory = 0x0, attack_type = 0 '\000', default_pos = 0 '\000', damnodice = 0 '\000', damsizedice = 0 '\000',
mob_race_special = 0, last_direction = 0 '\000', func = 0x0}, affected = 0x0, equipment = {0x0 <repeats 13 times>, 0x1bbe0, 0x0,
0x0, 0x0, 0x2ac2e00, 0x1d4b690, 0x0, 0x0}, carrying = 0x0, desc = 0x0, id = 0, proto_script = 0x0, script = 0x31,
memory = 0x100020004003b, next_in_room = 0x0, next = 0x0, next_fighting = 0x4d05cf <list_char_to_char+1855>,
followers = 0x2f345a0, master = 0x21, pref = 31093567915781717, events = 0x2e676d0}
(gdb) print ch
$7 = (struct char_data *) 0x2ea59b0
(gdb)


#1 0x000000000050eebe in get_char_in_room (room=<optimized out>, name=name@entry=0x2e55b30 "}1365") at dg_scripts.c:408
408 if (ch && valid_dg_target(ch, DG_ALLOW_GODS))

(gdb) print *ch
value has been optimized out
(gdb) info local
room = <optimized out>
name = 0x2e55b30 "}1365"
ch = <optimized out>

#2 0x00000000005586da in find_replacement (go=go@entry=0x196f7d0, sc=sc@entry=0x196fb10, trig=trig@entry=0x196fb50,
type=type@entry=0, var=var@entry=0x7ffdd9422911 "actor", field=field@entry=0x7ffdd9422917 "is_pc", subfield=0x7ffdd9422f10 "",
str=0x7ffdd9422b10 "", slen=512) at dg_variables.c:366
366 else if (ch->in_room != NOWHERE && (c = get_char_in_room(&world[ch->in_room], name)));
(gdb) print *ch
$2 = {pfilepos = -1, nr = 504, in_room = 1132, was_in_room = 65535, motion_timer = 0, wait = 0, version = 0 '\000', player = {
passwd = '\000' <repeats 30 times>, passwd2 = '\000' <repeats 30 times>, name = 0x125a2c0 "Patrick paladin guild shopkeeper",
short_descr = 0x125a2f0 "Patrick the paladin guild shopkeeper", long_descr = 0x125a320 "Patrick the paladin of Skara Brae\r\n",
description = 0x125a350 "Patrick the paladin of Skara Brae was badly wounded while\r\ndefending the city. He is here trying to serv as best he\r\ncan with his ruined knees. He is still a powerful\r\nswordsman but simply can not g"..., title = 0x0,
sex = 1 '\001', chclass = 0 '\000', race = 0 '\000', level = 20 '\024', admlevel = 0 '\000', time = {birth = 1516034773,
logon = 1516034773, played = 0}, weight = 200 '\310', height = 198 '\306', last_age = 0}, real_abils = {str = 11 '\v',
str_add = 0 '\000', intel = 11 '\v', wis = 11 '\v', dex = 11 '\v', con = 11 '\v', cha = 11 '\v', ess = 100 'd'}, aff_abils = {
str = 11 '\v', str_add = 0 '\000', intel = 11 '\v', wis = 11 '\v', dex = 11 '\v', con = 11 '\v', cha = 11 '\v', ess = 100 'd'},
points = {mana = 10, max_mana = 10, hit = 174, max_hit = 174, move = 50, max_move = 50, hit_regen = 0, mana_regen = 0,
move_regen = 0, regen_factor = {100, 100, 100}, armor = -5, gold = 20000, bank_gold = 0, exp = 8000, hitroll = 0 '\000',
damroll = 20 '\024', remort_count = 0, deaths = 0, deaths_this_level = 0, reroll_count = 0, pc_steals = 0, xp_bonus = 0,
align_bonus = 0, oldcha = 0, oldstr = 0, oldstradd = 0, oldint = 0, oldwis = 0, oldcon = 0, olddex = 0, oldclass = 0,
oldhit_regen = 0, oldmana_regen = 0, oldmove_regen = 0, oldremort_total = 0, exploss = 0, dt_day = 0, dt_room = 0,
dt_count = 0}, char_specials = {fighting = 0x0, hunting = 0x0, position = 8 '\b', carry_weight = 31, carry_items = 5 '\005',
timer = 0, numplus = 0, succesful_hunt = 0 '\000', saved = {alignment = 1000, idnum = 0, act = {11083, 0, 0, 0}, affected_by = {
272, 0, 0, 0}, apply_saving_throw = {10, 10, 10, 10, 10}, kills = 0, monthly_kills = 0}},
player_specials = 0x93e040 <dummy_mob>, mob_specials = {memory = 0x0, attack_type = 0 '\000', default_pos = 8 '\b',
damnodice = 8 '\b', damsizedice = 3 '\003', mob_race_special = 0, last_direction = 0 '\000', func = 0x125a520}, affected = 0x0,
equipment = {0x0 <repeats 21 times>}, carrying = 0x19701e0, desc = 0x0, id = 101024, proto_script = 0x196faf0, script = 0x196fb10,
memory = 0x0, next_in_room = 0x0, next = 0x196e2b0, next_fighting = 0x0, followers = 0x0, master = 0x0, pref = 0, events = 0x0}
(gdb) print ch->in_room
$3 = 1132
(gdb) print world[ch->in_room]
$4 = {number = 2113, zone = 18, sector_type = 0, name = 0xc13930 "The Full Armor of God",
description = 0xc13950 "You enter a holy shop, dedicated to equipping a paladin to stand against \r\nevil. Along the west wall you see a counter and window, behind which \r\nthey are selling some equipment to help paladins in th"..., ex_description = 0xc13d80,
dir_option = {0x0, 0x0, 0x0, 0x0, 0x0, 0xc13b60, 0x0, 0x0, 0x0, 0x0}, motion_info = 0x0, room_flags = {1053708, 0, 0, 0},
light = 0 '\000', func = 0xc13fe0, proto_script = 0x0, script = 0x0, contents = 0x0, people = 0x1dc2b50, timed = -1, events = 0x0}
(gdb) print name
$5 = 0x2e55b30 "}1365"
(gdb) info local
vd = 0x2a22dc0
ch = 0x196f7d0
c = 0x0
rndm = <optimized out>
obj = <optimized out>
o = 0x0
room = <optimized out>
r = 0x0
name = 0x2e55b30 "}1365"
count = <optimized out>
i = <optimized out>
doors = <optimized out>
send_cmd = {0x5e7889 "msend ", 0x57672e "osend ", 0x5ab5e4 "wsend "}
echo_cmd = {0x5e7890 "mecho ", 0x5766fb "oecho ", 0x5ab5b1 "wecho "}
echoaround_cmd = {0x5e7897 "mechoaround ", 0x576702 "oechoaround ", 0x5ab5b8 "wechoaround "}
door = {0x5e78a4 "mdoor ", 0x5766eb "odoor ", 0x5ab5aa "wdoor "}
force = {0x5e78ab "mforce ", 0x57670f "oforce ", 0x5ab5c5 "wforce "}
load = {0x5e78b3 "mload ", 0x576717 "oload ", 0x5ab5cd "wload "}
purge = {0x5e78ba "mpurge ", 0x57671e "opurge ", 0x5ab5d4 "wpurge "}
teleport = {0x5e78c2 "mteleport ", 0x57673e "oteleport ", 0x5ab5eb "wteleport "}
xdamage = {0x5e78cd "mdamage ", 0x5766f2 "odamage ", 0x5ab601 "wdamage "}
zoneecho = {0x5e78d6 "mzoneecho ", 0x57675d "ozoneecho ", 0x5ab5f6 "wzoneecho "}
asound = {0x5e78e1 "masound ", 0x5766dd "oasound ", 0x5ab5a1 "wasound "}
at = {0x5e78ea "mat ", 0x5766e6 "oat ", 0x5ab60a "wat "}
transform = {0x5e78ef "mtransform ", 0x576751 "otransform ", 0x5ab5b1 "wecho "}
recho = {0x5e78fb "mrecho ", 0x576726 "orecho ", 0x5ab5dc "wrecho "}
omove = {0x5e7890 "mecho ", 0x576768 "omove ", 0x5ab60f "wmove "}

You are seeing the symptom, not the cause. The output in that last post makes it totally obvious.

This is what is happening:
A character in the character list has been free'd, but the corresponding lookup has not been removed.

This means that the lookup (here, for the char with id 1365) finds a random piece of memory and uses it as a char_data pointer.

The greet trigger is just what actually makes the lookup. This shows that you have a problem. But it's not the cause. This also explains why you don't see this bug on the build port. It obviously is triggered by some player behavior (summoning? raise dead? We don't know yet).

That was the easy part. How do we fix it?
Well, first off, find out where in your code you actually calls "free()" on a char_data pointer. I'd start by looking for "free(ch)", but we use a couple of other similar names, like free(d->character) or free(tch).
So, look for free() and remove the places where it's obvious that we're not freeing char_data structs.
For the remaining places, make sure we call "remove_from_lookup_table(GET_ID(..))" before free'ing it.

which leads me to this in free_char(), which is how it is on TBAMUD base code. I double checked to make sure I was not doing anything crazy, and i was not. I do not free anything, and the dg_scripts is 99% stock. I will try to track back in spells. I think it is the mage quits out and goes to the menu and the script tries to run. When we go to the menu i think we extract the character which does free it. Ill dig more.



/* find_char helper, when free_char is called with a blank character struct,
* ID is set to 0, and has not yet been added to the lookup table. */
if (GET_ID(ch) != 0)
remove_from_lookup_table(GET_ID(ch));

free(ch);

But here is the thing: There simply is no time for that.

The greet trigger fires before the spell is done.
So the player can't log out after the spell. Either way, this wouldn't free the char - that only happens on a disconnect.

welp, i guess i am hunting than. I checked every free_char() and they are perfect where they need to be. I only have one place where we remove the ID from the database and thats free_char()

Now I have to search every free. Now I started with char_from_room() char_to_room() and teleport to make sure i was not doing anything stupid. Good there. The Dg-scripts engine is 99% untouched except for the fact I split out mortal and immortal levels.

This is like looking for a needle in a haystack.

Though I Can trace the character up to the 3rd frame. I wonder if something happens between those steps.

Damn i hate having walking pneumonia right now, so damn hard to think clear