5686 – memory corruption at level change

Bug 5686 - memory corruption at level change

Status:	REOPENED

Alias:	None

Product:	Psychonauts
Classification:	Unclassified
Component:	everything
Version:	unspecified
Hardware:	PC Linux

Importance:	P1 critical
Assignee:	Ryan C. Gordon
QA Contact:	Ryan C. Gordon

URL:

Depends on:
Blocks:

Reported:	2012-06-21 17:19 EDT by seb
Modified:	2012-07-05 09:46:57 EDT
CC List:	1 user (show)

See Also:

Attachments
Save game which causes a segfault (60.00 KB, application/octet-stream) 2012-06-25 14:28 EDT, flamingmo

Description seb 2012-06-21 17:19:07 EDT

with the latest version i hit a lot of memory management errors...
i am running ubuntu 12.04 x86_64.
1 out of 4 times (estimated) the game dies when changing levels, i saw
double free(), no errors in the bt, or mem corruptions, i paste some larger bt
below... most of the time the bt indicates nothing or the game just hangs at
level change,

======================
*** glibc detected *** ./Psychonauts: free(): corrupted unsorted chunks: 0x0ca26c18 ***
======= Backtrace: =========
/lib/i386-linux-gnu/libc.so.6(+0x73e42)[0xf7439e42]
./Psychonauts(_ZN10EArrayBase7ReallocEjj+0xcf)[0x81c9e39]
./Psychonauts(_ZN10EArrayBase5EmptyEi+0x20)[0x81c9d68]
./Psychonauts(_ZN6EArrayIP5EMeshE5EmptyEv+0x38)[0x82e2bc4]
./Psychonauts(_ZN7EUIMenu12LevelCleanupEv+0x79)[0x8395b77]
./Psychonauts(_ZN7GameApp11unloadLevelEv+0x282)[0x82db2de]
./Psychonauts(_ZN7GameApp9loadLevelEv+0x86)[0x82d9c32]
./Psychonauts(_ZN7GameApp18ProcessGlobalInputER5Input+0x420)[0x82d4c08]
./Psychonauts(_ZN7GameApp9InitFrameEv+0x7b2)[0x82d62ee]
./Psychonauts(_ZN9PCGameApp9InitFrameEv+0x11)[0x83161af]
./Psychonauts(main+0x298)[0x8522ac2]
/lib/i386-linux-gnu/libc.so.6(__libc_start_main+0xf3)[0xf73df4d3]
./Psychonauts[0x810fd41]
======= Memory map: ========
08048000-08685000 r-xp 00000000 00:14 16909375                           /home/seb/psychonauts/Psychonauts
08685000-08686000 r-xp 0063c000 00:14 16909375                           /home/seb/psychonauts/Psychonauts
08686000-0869a000 rwxp 0063d000 00:14 16909375                           /home/seb/psychonauts/Psychonauts
0869a000-086ba000 rwxp 00000000 00:00 0 
08bc0000-101e6000 rwxp 00000000 00:00 0                                  [heap]
e9f18000-ea118000 rwxs 0c065000 00:05 10269                              /dev/ati/card0
ea118000-ea318000 rwxs 0c064000 00:05 10269                              /dev/ati/card0
ea318000-ea518000 rwxs 0c063000 00:05 10269                              /dev/ati/card0
ea518000-ea718000 rwxs 0c062000 00:05 10269                              /dev/ati/card0
ea718000-ea918000 rwxs 0c061000 00:05 10269                              /dev/ati/card0
ea918000-eaa18000 rwxs 0be4b000 00:05 10269                              /dev/ati/card0
eaa18000-eaa19000 ---p 00000000 00:00 0 
eaa19000-eb219000 rwxp 00000000 00:00 0 
eb219000-eb21a000 ---p 00000000 00:00 0 
eb21a000-eba1a000 rwxp 00000000 00:00 0 
eba1a000-eba1b000 ---p 00000000 00:00 0 
eba1b000-ec21b000 rwxp 00000000 00:00 0 
ec21b000-ec21c000 ---p 00000000 00:00 0 
ec21c000-eca1c000 rwxp 00000000 00:00 0 
ecaa4000-ecba5000 rwxp 00000000 00:00 0 
eccfe000-ecdff000 rwxp 00000000 00:00 0 
ecdff000-ece00000 ---p 00000000 00:00 0 
ece00000-ed600000 rwxp 00000000 00:00 0 
ed600000-ed6b8000 rwxp 00000000 00:00 0 
ed6b8000-ed700000 ---p 00000000 00:00 0 
ed7fe000-ed7ff000 ---p 00000000 00:00 0 
ed7ff000-edfff000 rwxp 00000000 00:00 0 
edfff000-f2000000 rwxs 00000000 00:12 343399                             /run/shm/pulse-shm-2568449701
f2000000-f202c000 rwxp 00000000 00:00 0 
f202c000-f2100000 ---p 00000000 00:00 0 
f212d000-f2200000 rwxp 00000000 00:00 0 
f2200000-f2226000 rwxp 00000000 00:00 0 
f2226000-f2300000 ---p 00000000 00:00 0 
f2339000-f233a000 ---p 00000000 00:00 0 
f233a000-f253a000 rwxp 00000000 00:00 0 
f253a000-f253b000 ---p 00000000 00:00 0 
f253b000-f254b000 rwxp 00000000 00:00 0 
f254b000-f274b000 rwxs 0bca9000 00:05 10269                              /dev/ati/card0
f2805000-f2905000 rwxs 0cf56000 00:05 10269                              /dev/ati/card0
f2905000-f2b05000 rwxs 0be99000 00:05 10269                              /dev/ati/card0
f2b05000-f2d05000 rwxs 0be98000 00:05 10269                              /dev/ati/card0
f2df7000-f2df8000 rwxs 0e7e2000 00:05 10269                              /dev/ati/card0
f2df8000-f2df9000 rwxs 0e7e1000 00:05 10269                              /dev/ati/card0
f2df9000-f2dfa000 rwxs 0e7de000 00:05 10269                              /dev/ati/card0
f2dfa000-f2dfb000 rwxs 0e7dd000 00:05 10269                              /dev/ati/card0
f2dfb000-f2dfc000 rwxs 0e7ca000 00:05 10269                              /dev/ati/card0
f2dfc000-f2dfd000 rwxs 0e7c9000 00:05 10269                              /dev/ati/card0
f2dfd000-f2dfe000 rwxs 0e7c8000 00:05 10269                              /dev/ati/card0
f2dfe000-f2dff000 rwxs 0e7c7000 00:05 10269                              /dev/ati/card0
f2dff000-f2e00000 rwxs 0e7c6000 00:05 10269                              /dev/ati/card0
f2e00000-f2e01000 rwxs 0e7c5000 00:05 10269                              /dev/ati/card0
f2e01000-f2e06000 rwxp 00000000 00:00 0 
f2e06000-f2e46000 rwxs 00028000 00:05 10269                              /dev/ati/card0
f2e46000-f3546000 rwxs 00006000 00:05 10269                              /dev/ati/card0
f3546000-f58be000 r-xp 00000000 08:01 4981566                            /usr/lib32/fglrx/dri/fglrx_dri.so
f58be000-f59af000 rwxp 02378000 08:01 4981566                            /usr/lib32/fglrx/dri/fglrx_dri.so
f59af000-f5a7d000 rwxp 00000000 00:00 0 
f5a7d000-f5b49000 r-xp 00000000 08:01 4981575                            /usr/lib32/fglrx/libGL.so.1.2
f5b49000-f5b55000 rwxp 000cb000 08:01 4981575                            /usr/lib32/fglrx/libGL.so.1.2
f5b55000-f5ba4000 rwxp 00000000 00:00 0 
f5bac000-f5baf000 r-xp 00000000 08:01 1712183                            /usr/lib/i386-linux-gnu/libpulse-simple.so.0.0.3
f5baf000-f5bb0000 r-xp 00002000 08:01 1712183                            /usr/lib/i386-linux-gnu/libpulse-simple.so.0.0.3
f5bb0000-f5bb1000 rwxp 00003000 08:01 1712183                            /usr/lib/i386-linux-gnu/libpulse-simple.so.0.0.3
f5bb1000-f5bec000 r-xp 00000000 08:01 4981562                            /usr/lib32/fglrx/libatiadlxx.so
f5bec000-f5bee000 rwxp 0003b000 08:01 4981562                            /usr/lib32/fglrx/libatiadlxx.so
f5bee000-f5bfe000 rwxp 00000000 00:00 0 
f5c0a000-f5c0b000 rwxp 00000000 00:00 0 
f5c0b000-f5c0c000 rwxs 0cc26000 00:05 10269                              /dev/ati/card0
f5c0c000-f5c0d000 rwxs 0cc25000 00:05 10269                              /dev/ati/card0
f5c0d000-f5c0e000 rwxs 0cc22000 00:05 10269                              /dev/ati/card0
f5c0e000-f5c0f000 rwxs 0cc21000 00:05 10269                              /dev/ati/card0
f5c0f000-f5c12000 rwxp 00000000 00:00 0 
f5c12000-f5c13000 rwxs 00005000 00:05 10269                              /dev/ati/card0
f5c13000-f5c23000 rwxs fdde0000 00:05 10269                              /dev/ati/card0
f5c23000-f5e23000 r-xp 00000000 08:01 1579258                            /usr/lib/locale/locale-archive
f5e23000-f5e33000 r-xp 00000000 08:01 1712142                            /usr/lib/i386-linux-gnu/libXext.so.6.4.0
f5e33000-f5e34000 r-xp 0000f000 08:01 1712142                            /usr/lib/i386-linux-gnu/libXext.so.6.4.0
f5e34000-f5e35000 rwxp 00010000 08:01 1712142                            /usr/lib/i386-linux-gnu/libXext.so.6.4.0
f5e35000-f5f65000 r-xp 00000000 08:01 1712140                            /usr/lib/i386-linux-gnu/libX11.so.6.3.0
f5f65000-f5f66000 r-xp 0012f000 08:01 1712140                            /usr/lib/i386-linux-gnu/libX11.so.6.3.0
f5f66000-f5f68000 rwxp 00130000 08:01 1712140                            /usr/lib/i386-linux-gnu/libX11.so.6.3.0
f5f68000-f5f69000 rwxp 00000000 00:00 0 
f5f69000-f5f6a000 ---p 00000000 00:00 0 
f5f6a000-f6ec9000 rwxp 00000000 00:00 0 
f6ec9000-f6edc000 r-xp 00000000 08:01 26218592                           /lib/i386-linux-gnu/libresolv-2.15.so
f6edc000-f6edd000 ---p 00013000 08:01 26218592                           /lib/i386-linux-gnu/libresolv-2.15.so
f6edd000-f6ede000 r-xp 00013000 08:01 26218592                           /lib/i386-linux-gnu/libresolv-2.15.so
f6ede000-f6edf000 rwxp 00014000 08:01 26218592                           /lib/i386-linux-gnu/libresolv-2.15.so
f6edf000-f6ee1000 rwxp 00000000 00:00 0 
f6ee1000-f6ee7000 r-xp 00000000 08:01 1712168                            /usr/lib/i386-linux-gnu/libogg.so.0.7.1
f6ee7000-f6ee8000 r-xp 00005000 08:01 1712168                            /usr/lib/i386-linux-gnu/libogg.so.0.7.1
f6ee8000-f6ee9000 rwxp 00006000 08:01 1712168                            /usr/lib/i386-linux-gnu/libogg.so.0.7.1
f6ee9000-f6f12000 r-xp 00000000 08:01 1712175                            /usr/lib/i386-linux-gnu/libvorbis.so.0.4.5
f6f12000-f6f13000 r-xp 00028000 08:01 1712175                            /usr/lib/i386-linux-gnu/libvorbis.so.0.4.5
f6f13000-f6f14000 rwxp 00029000 08:01 1712175                            /usr/lib/i386-linux-gnu/libvorbis.so.0.4.5
f6f14000-f707a000 r-xp 00000000 08:01 1712177                            /usr/lib/i386-linux-gnu/libvorbisenc.so.2.0.8
f707a000-f708b000 r-xp 00165000 08:01 1712177                            /usr/lib/i386-linux-gnu/libvorbisenc.so.2.0.8
f708b000-f708c000 rwxp 00176000 08:01 1712177                            /usr/lib/i386-linux-gnu/libvorbisenc.so.2.0.8
f708c000-f70d8000 r-xp 00000000 08:01 1712170                            /usr/lib/i386-linux-gnu/libFLAC.so.8.2.0
f70d8000-f70d9000 r-xp 0004b000 08:01 1712170                            /usr/lib/i386-linux-gnu/libFLAC.so.8.2.0
f70d9000-f70da000 rwxp 0004c000 08:01 1712170                            /usr/lib/i386-linux-gnu/libFLAC.so.8.2.0
f70da000-f70f0000 r-xp 00000000 08:01 26218583                           /lib/i386-linux-gnu/libnsl-2.15.so
f70f0000-f70f1000 r-xp 00015000 08:01 26218583                           /lib/i386-linux-gnu/libnsl-2.15.so
f70f1000-f70f2000 rwxp 00016000 08:01 26218583                           /lib/i386-linux-gnu/libnsl-2.15.so
f70f2000-f70f4000 rwxp 00000000 00:00 0 
f70f4000-f70f9000 r-xp 00000000 08:01 1712136                            /usr/lib/i386-linux-gnu/libXdmcp.so.6.0.0
f70f9000-f70fa000 r-xp 00004000 08:01 1712136                            /usr/lib/i386-linux-gnu/libXdmcp.so.6.0.0
f70fa000-f70fb000 rwxp 00005000 08:01 1712136                            /usr/lib/i386-linux-gnu/libXdmcp.so.6.0.0
f70fb000-f70fd000 r-xp 00000000 08:01 1712134                            /usr/lib/i386-linux-gnu/libXau.so.6.0.0
f70fd000-f70fe000 r-xp 00001000 08:01 1712134                            /usr/lib/i386-linux-gnu/libXau.so.6.0.0
f70fe000-f70ff000 rwxp 00002000 08:01 1712134                            /usr/lib/i386-linux-gnu/libXau.so.6.0.0
f70ff000-f7104000 r-xp 00000000 08:01 1712151                            /usr/lib/i386-linux-gnu/libasyncns.so.0.3.1
f7104000-f7105000 r-xp 00004000 08:01 1712151                            /usr/lib/i386-linux-gnu/libasyncns.so.0.3.1
f7105000-f7106000 rwxp 00005000 08:01 1712151                            /usr/lib/i386-linux-gnu/libasyncns.so.0.3.1
f7106000-f7172000 r-xp 00000000 08:01 1712179                            /usr/lib/i386-linux-gnu/libsndfile.so.1.0.25
f7172000-f7173000 r-xp 0006c000 08:01 1712179                            /usr/lib/i386-linux-gnu/libsndfile.so.1.0.25
f7173000-f7174000 rwxp 0006d000 08:01 1712179                            /usr/lib/i386-linux-gnu/libsndfile.so.1.0.25
f7174000-f7178000 rwxp 00000000 00:00 0 
f7178000-f7180000 r-xp 00000000 08:01 26218629                           /lib/i386-linux-gnu/libwrap.so.0.7.6
f7180000-f7181000 r-xp 00007000 08:01 26218629                           /lib/i386-linux-gnu/libwrap.so.0.7.6
f7181000-f7182000 rwxp 00008000 08:01 26218629                           /lib/i386-linux-gnu/libwrap.so.0.7.6
f7182000-f71a1000 r-xp 00000000 08:01 1712138                            /usr/lib/i386-linux-gnu/libxcb.so.1.1.0
f71a1000-f71a2000 r-xp 0001f000 08:01 1712138                            /usr/lib/i386-linux-gnu/libxcb.so.1.1.0
f71a2000-f71a3000 rwxp 00020000 08:01 1712138                            /usr/lib/i386-linux-gnu/libxcb.so.1.1.0
f71a3000-f71ea000 r-xp 00000000 08:01 26217973                           /lib/i386-linux-gnu/libdbus-1.so.3.5.8
f71ea000-f71eb000 r-xp 00046000 08:01 26217973                           /lib/i386-linux-gnu/libdbus-1.so.3.5.8
f71eb000-f71ec000 rwxp 00047000 08:01 26217973                           /lib/i386-linux-gnu/libdbus-1.so.3.5.8
f71ec000-f724f000 r-xp 00000000 08:01 1712182                            /usr/lib/i386-linux-gnu/libpulsecommon-1.1.so
f724f000-f7250000 r-xp 00062000 08:01 1712182                            /usr/lib/i386-linux-gnu/libpulsecommon-1.1.so
f7250000-f7251000 rwxp 00063000 08:01 1712182                            /usr/lib/i386-linux-gnu/libpulsecommon-1.1.so
f7251000-f7257000 r-xp 00000000 08:01 1712173                            /usr/lib/i386-linux-gnu/libjson.so.0.0.1
f7257000-f7258000 r-xp 00005000 08:01 1712173                            /usr/lib/i386-linux-gnu/libjson.so.0.0.1
f7258000-f7259000 rwxp 00006000 08:01 1712173                            /usr/lib/i386-linux-gnu/libjson.so.0.0.1
f7259000-f72a5000 r-xp 00000000 08:01 1712181                            /usr/lib/i386-linux-gnu/libpulse.so.0.13.5
f72a5000-f72a6000 r-xp 0004b000 08:01 1712181                            /usr/lib/i386-linux-gnu/libpulse.so.0.13.5
f72a6000-f72a7000 rwxp 0004c000 08:01 1712181                            /usr/lib/i386-linux-gnu/libpulse.so.0.13.5
f72a7000-f7394000 r-xp 00000000 08:01 1712149                            /usr/lib/i386-linux-gnu/libasound.so.2.0.0
f7394000-f7398000 r-xp 000ec000 08:01 1712149                            /usr/lib/i386-linux-gnu/libasound.so.2.0.0
f7398000-f7399000 rwxp 000f0000 08:01 1712149                            /usr/lib/i386-linux-gnu/libasound.so.2.0.0
f7399000-f739c000 rwxp 00000000 00:00 0 
f739c000-f73a3000 r-xp 00000000 08:01 26218593                           /lib/i386-linux-gnu/librt-2.15.so
f73a3000-f73a4000 r-xp 00006000 08:01 26218593                           /lib/i386-linux-gnu/librt-2.15.so
f73a4000-f73a5000 rwxp 00007000 08:01 26218593                           /lib/i386-linux-gnu/librt-2.15.so
f73a5000-f73a8000 r-xp 00000000 08:01 26218580                           /lib/i386-linux-gnu/libdl-2.15.so
f73a8000-f73a9000 r-xp 00002000 08:01 26218580                           /lib/i386-linux-gnu/libdl-2.15.so
f73a9000-f73aa000 rwxp 00003000 08:01 26218580                           /lib/i386-linux-gnu/libdl-2.15.so
f73aa000-f73ab000 rwxp 00000000 00:00 0 
f73ab000-f73c2000 r-xp 00000000 08:01 26218591                           /lib/i386-linux-gnu/libpthread-2.15.so
f73c2000-f73c3000 r-xp 00016000 08:01 26218591                           /lib/i386-linux-gnu/libpthread-2.15.so
f73c3000-f73c4000 rwxp 00017000 08:01 26218591                           /lib/i386-linux-gnu/libpthread-2.15.so
f73c4000-f73c6000 rwxp 00000000 00:00 0 
f73c6000-f7565000 r-xp 00000000 08:01 26218577                           /lib/i386-linux-gnu/libc-2.15.so
f7565000-f7567000 r-xp 0019f000 08:01 26218577                           /lib/i386-linux-gnu/libc-2.15.so
f7567000-f7568000 rwxp 001a1000 08:01 26218577                           /lib/i386-linux-gnu/libc-2.15.so
f7568000-f756b000 rwxp 00000000 00:00 0 
f756b000-f7587000 r-xp 00000000 08:01 26217988                           /lib/i386-linux-gnu/libgcc_s.so.1
f7587000-f7588000 r-xp 0001b000 08:01 26217988                           /lib/i386-linux-gnu/libgcc_s.so.1
f7588000-f7589000 rwxp 0001c000 08:01 26217988                           /lib/i386-linux-gnu/libgcc_s.so.1
f7589000-f75b3000 r-xp 00000000 08:01 26218581                           /lib/i386-linux-gnu/libm-2.15.so
f75b3000-f75b4000 r-xp 00029000 08:01 26218581                           /lib/i386-linux-gnu/libm-2.15.so
f75b4000-f75b5000 rwxp 0002a000 08:01 26218581                           /lib/i386-linux-gnu/libm-2.15.so
f75b5000-f768d000 r-xp 00000000 08:01 1712124                            /usr/lib/i386-linux-gnu/libstdc++.so.6.0.16
f768d000-f768e000 ---p 000d8000 08:01 1712124                            /usr/lib/i386-linux-gnu/libstdc++.so.6.0.16
f768e000-f7692000 r-xp 000d8000 08:01 1712124                            /usr/lib/i386-linux-gnu/libstdc++.so.6.0.16
f7692000-f7693000 rwxp 000dc000 08:01 1712124                            /usr/lib/i386-linux-gnu/libstdc++.so.6.0.16
f7693000-f769c000 rwxp 00000000 00:00 0 
f769c000-f769d000 rwxp 00000000 00:00 0 
f769d000-f769f000 rwxs 00002000 00:05 10269                              /dev/ati/card0Aborted (core dumped)

Comment 1 Ryan C. Gordon 2012-06-21 17:38:00 EDT

(In reply to comment #0)
> with the latest version

The latest being 0.3, released yesterday, right?

  http://treefort.icculus.org/psychonauts/psychonauts-linux-0.3-patch.tar.bz2

--ryan.

Comment 2 Ryan C. Gordon 2012-06-21 22:10:59 EDT

Bumping priority of crashbug.

--ryan.

Comment 3 Ryan C. Gordon 2012-06-25 01:46:28 EDT

Assuming this is a pre-0.3 build. Please reopen the bug if this is still crashing after that version.

Thanks,
--ryan.

*** This bug has been marked as a duplicate of bug 5683 ***

Comment 4 flamingmo 2012-06-25 02:17:39 EDT

I'm reopening this bug, since I can confirm a similar behavior on 0.3.

Using the smelling salts makes the game crash reproducibly on my machine (read: every time). I have not yet experienced crashes on other level changes yet, but that does not have to mean anything, since I have just started a new game.

Comment 5 flamingmo 2012-06-25 02:36:32 EDT

Um, ok, now I cannot even load the corresponding saved game anymore without getting a segmentation fault.

Comment 6 Ryan C. Gordon 2012-06-25 09:31:50 EDT

(In reply to comment #5)
> Um, ok, now I cannot even load the corresponding saved game anymore without
> getting a segmentation fault.

Can you attach the save game to this bug?

--ryan.

Comment 7 flamingmo 2012-06-25 14:28:18 EDT

Created attachment 3241 [details]
Save game which causes a segfault

Comment 8 flamingmo 2012-07-05 09:46:57 EDT

Is there anything I can do to help you fix this bug?

Top of page