Crash when starting level 1

[pvanhoof]

GNU gdb (Ubuntu 11.1-0ubuntu2) 11.1
Copyright (C) 2021 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from d2x-rebirth...
Attaching to program: /usr/local/bin/d2x-rebirth, process 3858206
[New LWP 3858208]
[New LWP 3858209]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
0x00007f21779dba48 in __GI___clock_nanosleep (clock_id=clock_id@entry=0, flags=flags@entry=0, req=0x7ffffae075c0, rem=0x7ffffae075b0) at ../sysdeps/unix/sysv/linux/clock_nanosleep.c:78
78	../sysdeps/unix/sysv/linux/clock_nanosleep.c: No such file or directory.
(gdb) c
Continuing.

Thread 1 "d2x-rebirth" received signal SIGSEGV, Segmentation fault.
0x00007f217766869c in ?? () from /lib/x86_64-linux-gnu/libfluidsynth.so.2
(gdb) thread apply all bt

Thread 3 (Thread 0x7f215efa5640 (LWP 3858209) "d2x-reb:disk$0"):
#0  __futex_abstimed_wait_common64 (private=0, cancel=true, abstime=0x0, op=393, expected=0, futex_word=0x55978662e188) at futex-internal.c:57
#1  __futex_abstimed_wait_common (cancel=true, private=0, abstime=0x0, clockid=0, expected=0, futex_word=0x55978662e188) at futex-internal.c:87
#2  __GI___futex_abstimed_wait_cancelable64 (futex_word=futex_word@entry=0x55978662e188, expected=expected@entry=0, clockid=clockid@entry=0, abstime=abstime@entry=0x0, private=private@entry=0) at futex-internal.c:139
#3  0x00007f217798a920 in __pthread_cond_wait_common (abstime=0x0, clockid=0, mutex=0x55978662e138, cond=0x55978662e160) at pthread_cond_wait.c:504
#4  ___pthread_cond_wait (cond=0x55978662e160, mutex=0x55978662e138) at pthread_cond_wait.c:628
#5  0x00007f215f1e8deb in  () at /usr/lib/x86_64-linux-gnu/dri/i965_dri.so
#6  0x00007f215f1e882b in  () at /usr/lib/x86_64-linux-gnu/dri/i965_dri.so
#7  0x00007f217798b927 in start_thread (arg=<optimized out>) at pthread_create.c:435
#8  0x00007f2177a1b9e4 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:100

Thread 2 (Thread 0x7f217141f640 (LWP 3858208) "d2x-rebirth"):
#0  0x00007f2177a0edde in __ppoll (fds=0x5597865de6c0, nfds=3, timeout=<optimized out>, sigmask=0x0) at ../sysdeps/unix/sysv/linux/ppoll.c:43
#1  0x00007f21774a95e1 in pa_mainloop_poll () at /lib/x86_64-linux-gnu/libpulse.so.0
#2  0x00007f21774b407b in pa_mainloop_iterate () at /lib/x86_64-linux-gnu/libpulse.so.0
#3  0x00007f2177f66aa3 in  () at /lib/x86_64-linux-gnu/libSDL-1.2.so.0
#4  0x00007f2177f39573 in  () at /lib/x86_64-linux-gnu/libSDL-1.2.so.0
#5  0x00007f2177f42cbc in  () at /lib/x86_64-linux-gnu/libSDL-1.2.so.0
#6  0x00007f2177f82e5f in  () at /lib/x86_64-linux-gnu/libSDL-1.2.so.0
#7  0x00007f217798b927 in start_thread (arg=<optimized out>) at pthread_create.c:435
#8  0x00007f2177a1b9e4 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:100
  
Thread 1 (Thread 0x7f2175aeb800 (LWP 3858206) "d2x-rebirth"):
#0  0x00007f217766869c in  () at /lib/x86_64-linux-gnu/libfluidsynth.so.2
#1  0x00007f21776864cd in delete_fluid_synth () at /lib/x86_64-linux-gnu/libfluidsynth.so.2
#2  0x00007f2177fe5b1f in fluidsynth_freesong () at /lib/x86_64-linux-gnu/libSDL_mixer-1.2.so.0
--Type <RET> for more, q to quit, c to continue without paging--     
#3  0x00007f2177fd8b67 in Mix_FreeMusic () at /lib/x86_64-linux-gnu/libSDL_mixer-1.2.so.0
#4  0x00005597852baca9 in dcx::(anonymous namespace)::Music_delete::operator() (m=<optimized out>, this=<optimized out>) at common/arch/sdl/digi_mixer_music.cpp:52
#5  std::__uniq_ptr_impl<_Mix_Music, dcx::(anonymous namespace)::Music_delete>::reset (__p=0x0, this=0x559785b55580 <dcx::current_music>) at /usr/include/c++/11/bits/unique_ptr.h:182
#6  std::unique_ptr<_Mix_Music, dcx::(anonymous namespace)::Music_delete>::reset (__p=0x0, this=0x559785b55580 <dcx::current_music>) at /usr/include/c++/11/bits/unique_ptr.h:456
#7  dcx::(anonymous namespace)::current_music_t::reset (this=0x559785b55580 <dcx::current_music>, rwops=0x0, music=0x0) at common/arch/sdl/digi_mixer_music.cpp:77
#8  dcx::mix_free_music() () at common/arch/sdl/digi_mixer_music.cpp:242
#9  0x00005597852bae7e in dcx::mix_play_file(char const*, int, void (*)()) (filename=0x559786d9a250 "briefing.hmp", loop=1, hook_finished_track=hook_finished_track@entry=0x0) at common/arch/sdl/digi_mixer_music.cpp:143
#10 0x000055978527ffde in songs_play_file(char const*, int, void (*)()) (filename=<optimized out>, repeat=<optimized out>, hook_finished_track=hook_finished_track@entry=0x0) at similar/main/songs.cpp:468
#11 0x00005597852800b9 in d2x::songs_play_song(int, int) (songnum=songnum@entry=1, repeat=repeat@entry=1) at similar/main/songs.cpp:503
#12 0x0000559785280a60 in d2x::songs_play_song(int, int) (songnum=songnum@entry=1, repeat=repeat@entry=1) at similar/main/songs.cpp:588
#13 0x000055978528e0a1 in d2x::do_briefing_screens(dcx::d_fname const&, int) (filename=<optimized out>, level_num=<optimized out>) at similar/main/titles.cpp:1686
#14 0x000055978521ca83 in d2x::(anonymous namespace)::ShowLevelIntro(int) (level_num=level_num@entry=1) at similar/main/gameseq.cpp:2121
#15 0x0000559785220b30 in d2x::StartNewLevel(int) (level_num=1) at similar/main/gameseq.cpp:2167
#16 d2x::StartNewGame(int) (start_level=start_level@entry=1) at similar/main/gameseq.cpp:1125
#17 0x0000559785237b79 in d2x::(anonymous namespace)::do_new_game_menu() () at similar/main/menu.cpp:1030
#18 0x0000559785246683 in d2x::select_mission(dcx::mission_filter_mode, dcx::menu_tagged_string<dcx::menu_title_tag>, dcx::window_event_result (*)()) (mission_filter=mission_filter@entry=dcx::mission_filter_mode::exclude_anarchy, message=..., message@entry=..., when_selected=<optimized out>, when_selected@entry=0x5597852375d0 <d2x::(anonymous namespace)::do_new_game_menu()>) at similar/main/mission.cpp:1431
#19 0x000055978523b395 in d2x::(anonymous namespace)::dispatch_menu_option (select=<optimized out>) at similar/main/menu.cpp:657
#20 d2x::(anonymous namespace)::main_menu::event_handler(dcx::d_event const&) (this=0x559786c14f90, event=...) at si--Type <RET> for more, q to quit, c to continue without paging--
milar/main/menu.cpp:803
#21 0x0000559785268247 in (anonymous namespace)::newmenu_key_command (menu=0x559786c14f90, event=<optimized out>) at similar/main/newmenu.cpp:1149
#22 dcx::newmenu::event_handler(dcx::d_event const&) (event=<optimized out>, this=0x559786c14f90) at similar/main/newmenu.cpp:1615
#23 dcx::newmenu::event_handler(dcx::d_event const&) (this=0x559786c14f90, event=<optimized out>) at similar/main/newmenu.cpp:1585
#24 0x00005597851cf6d8 in dcx::window_send_event(dcx::window&, dcx::d_event const&) (event=..., wind=...) at common/include/window.h:74
#25 dcx::event_send(dcx::d_event const&) (event=...) at common/arch/sdl/event.cpp:207
#26 0x00005597851d16c1 in dcx::key_handler(SDL_KeyboardEvent const*) (kevent=kevent@entry=0x7ffffae07710) at common/arch/sdl/key.cpp:547
#27 0x00005597851cf8f3 in dcx::(anonymous namespace)::event_poll_state::process_event_batch (events=..., this=<synthetic pointer>) at common/arch/sdl/event.cpp:126
#28 dcx::event_poll() () at common/arch/sdl/event.cpp:88
#29 0x00005597851cf9e0 in dcx::event_process() () at common/arch/sdl/event.cpp:231
#30 0x00005597851ca4ba in d2x::main (argv_gd$b32$GAXDMMBOGAWWEZLUMEZC2MJWGE4C2ZZTGI4DANBWMQYWEYJVGQzzzzzz=<optimized out>, argc_gc$328046d1ba54bed146f0bb397413e58148208480=<optimized out>) at similar/main/inferno.cpp:748
#31 main(int, char**) (argc_gc$328046d1ba54bed146f0bb397413e58148208480=<optimized out>, argv_gd$b32$GAXDMMBOGAWWEZLUMEZC2MJWGE4C2ZZTGI4DANBWMQYWEYJVGQzzzzzz=<optimized out>) at similar/main/inferno.cpp:784
(gdb) 
(gdb) 

[pvanhoof]

(gdb) up
#1  0x00007f21776864cd in delete_fluid_synth () from /lib/x86_64-linux-gnu/libfluidsynth.so.2
(gdb) 
#2  0x00007f2177fe5b1f in fluidsynth_freesong () from /lib/x86_64-linux-gnu/libSDL_mixer-1.2.so.0
(gdb) 
#3  0x00007f2177fd8b67 in Mix_FreeMusic () from /lib/x86_64-linux-gnu/libSDL_mixer-1.2.so.0
(gdb) 
#4  0x00005597852baca9 in dcx::(anonymous namespace)::Music_delete::operator() (m=<optimized out>, 
    this=<optimized out>) at common/arch/sdl/digi_mixer_music.cpp:52
52			Mix_FreeMusic(m);
(gdb) p m
$1 = <optimized out>
(gdb) up
#5  std::__uniq_ptr_impl<_Mix_Music, dcx::(anonymous namespace)::Music_delete>::reset (__p=0x0, 
    this=0x559785b55580 <dcx::current_music>) at /usr/include/c++/11/bits/unique_ptr.h:182
182		  _M_deleter()(__old_p);
(gdb) p __old_p
$2 = <optimized out>
(gdb) up
#6  std::unique_ptr<_Mix_Music, dcx::(anonymous namespace)::Music_delete>::reset (__p=0x0, 
    this=0x559785b55580 <dcx::current_music>) at /usr/include/c++/11/bits/unique_ptr.h:456
456		_M_t.reset(std::move(__p));
(gdb) p __p
$3 = (std::unique_ptr<_Mix_Music, dcx::(anonymous namespace)::Music_delete>::pointer) 0x0
(gdb) 

[pvanhoof]

 #7  dcx::(anonymous namespace)::current_music_t::reset (this=0x559785b55580 <dcx::current_music>, rwops=0x0, 
     music=0x0) at common/arch/sdl/digi_mixer_music.cpp:77
 77			this->music_pointer::reset(music);
 (gdb) p music
 $4 = (Mix_Music * const) 0x0
 (gdb) 

[pvanhoof]

Just commenting out this->music_pointer::reset(music) at this line 77 stops the crash. But I'm not sure if that would be the fix. Sounds like that might leak memory.

[vLKp]

Please use triple backticks when pasting multi-line program output, so that Github does not mangle the text by treating it as Markdown.

Yes, removing that would likely cause a memory leak. Also, since it is a call to a std::unique_ptr, a destructor call later might still trigger the crash.

I start level 1 fairly often, and have not encountered a crash. What configuration is required to trigger this crash? What is the value of the pointer that it is attempting to free?

[pvanhoof]

As you can see in the later comments it's 0x0. But I tried an if (music) { this->music_pointer::reset(music); } and that still crashed. So perhaps the value was optimized out by gdb/compiler flags.

My configuration is a standard Ubuntu 21.10 upgraded to today. I tried both dxx-rebirth_20211125-src.tar.xz and master. I did scons && scons install

The .so files that seem relevant are at these ABI versions on Ubuntu (stack frames above these are in dcx:: namespace, so part of dxx-rebirth):

/lib/x86_64-linux-gnu/libSDL_mixer-1.2.so.0 -> libSDL_mixer-1.2.so.0.12.0
/lib/x86_64-linux-gnu/libfluidsynth.so.2 -> libfluidsynth.so.2.3.7

 #7  dcx::(anonymous namespace)::current_music_t::reset (this=0x559785b55580 <dcx::current_music>, rwops=0x0, 
     music=0x0) at common/arch/sdl/digi_mixer_music.cpp:77
 77			this->music_pointer::reset(music);
 (gdb) p music
 $4 = (Mix_Music * const) 0x0
 (gdb) 

pvanhoof@lars:~/repos/dxx-rebirth$ dpkg -s libsdl-mixer1.2
Package: libsdl-mixer1.2
Status: install ok installed
Priority: optional
Section: libs
Installed-Size: 217
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
Architecture: amd64
Multi-Arch: same
Source: sdl-mixer1.2
Version: 1.2.12-16build1
Depends: libc6 (>= 2.29), libflac8 (>= 1.3.0), libfluidsynth2 (>= 2.0.5), libmad0 (>= 0.15.1b-3), libmikmod3 (>= 3.3.3), libsdl1.2debian (>= 1.2.11), libvorbisfile3 (>= 1.2.0)
Recommends: timgm6mb-soundfont (>= 1.3-3~) | sf3-soundfont-gm
Breaks: libfluidsynth1 (<< 1.1.7~)
Description: Mixer library for Simple DirectMedia Layer 1.2, libraries
 SDL_mixer is a sample multi-channel audio mixer library.  It supports any
 number of simultaneously playing channels of 16 bit stereo audio, plus a single
 channel of music, mixed by the popular FLAC, MikMod MOD, Timidity MIDI, Ogg
 Vorbis, and SMPEG MP3 libraries.
 .
 This package contains the shared library.
Original-Maintainer: Debian SDL packages maintainers <pkg-sdl-maintainers@lists.alioth.debian.org>
Homepage: https://www.libsdl.org/projects/SDL_mixer/
pvanhoof@lars:~/repos/dxx-rebirth$ 

pvanhoof@lars:~/repos/dxx-rebirth$ dpkg -s libfluidsynth2
Package: libfluidsynth2
Status: install ok installed
Priority: optional
Section: libs
Installed-Size: 519
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
Architecture: amd64
Multi-Arch: same
Source: fluidsynth
Version: 2.1.7-1.1
Depends: libasound2 (>= 1.0.16), libc6 (>= 2.33), libdbus-1-3 (>= 1.9.14), libglib2.0-0 (>= 2.31.8), libinstpatch-1.0-2 (>= 1.1.2), libjack-jackd2-0 (>= 1.9.10+20150825) | libjack-0.125, libpulse0 (>= 0.99.1), libreadline8 (>= 6.0), libsdl2-2.0-0 (>= 2.0.12), libsndfile1 (>= 1.0.20), timgm6mb-soundfont (>= 1.3-3~) | sf3-soundfont-gm
Breaks: fluidr3mono-gm-soundfont (<< 2.315-6~), musescore-general-soundfont (<< 0.1.7-2~), musescore-general-soundfont-lossless (<< 0.1.7-2~), musescore-general-soundfont-small (<< 0.1.6-2~)
Description: Real-time MIDI software synthesizer (runtime library)
 Fluidsynth is a real-time midi synthesizer based on the soundfont (sf2 and sf3)
 specifications. It can be used to render MIDI input or MIDI files to audio.
 The MIDI events are read from a MIDI device. The sound is rendered in
 real-time to the sound output device.
 .
 This package contains the runtime library.
Original-Maintainer: Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>
Homepage: https://github.com/Fluidsynth/fluidsynth
pvanhoof@lars:~/repos/dxx-rebirth$ 

[vLKp]

As you can see in the later comments it's 0x0.

I don't see that. I want the values of $1 (currently <optimized out> instead of a real value) or $2 (same). I don't have /usr/include/c++/11/bits/unique_ptr.h, but based on the shown context, I think $3 is showing the value being reset to (nullptr), not the value being reset from. The latter is what will be freed, and what caused the crash.

But I tried an if (music) { this->music_pointer::reset(music); } and that still crashed.

That should have deferred the reset until later, and thus deferred the crash until later. It's possible that it did defer it, but not by enough for you to tell the difference without comparing stack traces.

My configuration is a standard Ubuntu 21.10 upgraded to today.

That was not what I meant. If the problem is a bug in the game's code, it should be reproducible if I configure my game as you have configured yours. If the problem is in a supporting library, then matching your game configuration while using a different distribution might not reproduce it.

So far, I have not been able to reproduce the crash on my system.

Does Valgrind's memcheck show anything useful? A crash due to a mismatched free, or a free of an uninitialized variable, will usually be diagnosed by Valgrind. Game performance under Valgrind is slow, but for a crash this easily reached, that should not be a problem.

[pvanhoof]

Here are the valgrind logs. The screen gets flooded by a repeat of the same things: valgrind-out.txt

From that valgrind output, when I do this, it also doesn't crash anymore. Maybe that Mix_Music is uninitialized when Mix_FreeMusic(m) is first called?:

diff --git a/common/arch/sdl/digi_mixer_music.cpp b/common/arch/sdl/digi_mixer_music.cpp
index 84135f421..83c082d5c 100644
--- a/common/arch/sdl/digi_mixer_music.cpp
+++ b/common/arch/sdl/digi_mixer_music.cpp
@@ -47,9 +47,9 @@ namespace {
 
 struct Music_delete
 {
-       void operator()(Mix_Music *m) const
+       void operator()(Mix_Music *) const
        {
-               Mix_FreeMusic(m);
+               //Mix_FreeMusic(m);
        }
 };
 
pvanhoof@lars:~/repos/dxx-rebirth$ 

pvanhoof@lars:~/repos/dxx-rebirth$ cd /home/pvanhoof/.d2x-rebirth/
pvanhoof@lars:~/.d2x-rebirth$ ls
descent.cfg  gamelog.txt  player.plr  player.plx
pvanhoof@lars:~/.d2x-rebirth$ cat gamelog.txt 
05:08:46.400868 D2X-Rebirth v0.61 0.60.0-beta2-1618-g328046d1ba54*  Dec  8 2021 05:08:29
05:08:46.400954 This is a MODIFIED version of Descent 2, based on Full Version v1.2.
05:08:46.400981 Copyright (C) 1994, 1995 Parallax Software Corporation
05:08:46.401006 DESCENT is a trademark of Interplay Productions, Inc.
05:08:46.401030 Copyright (C) 1999 Peter Hawkins, 2002 Bradley Bell, 2005-2013 Christian Beckhaeuser, 2013-2017 Kp
05:08:46.415047 Using SDL_mixer library v1.2.12
05:08:46.423287 sdl-joystick: 0 joysticks
05:08:47.029577 DXX-Rebirth: OpenGL: disabling automatic GL sync since VSync is turned off
05:08:47.036422 Failed to open movielib <intro-h.mvl>: not found
05:08:47.036586 Failed to open movielib <intro-l.mvl>: not found
05:08:47.036796 Failed to open movielib <other-h.mvl>: not found
05:08:47.037158 Failed to open movielib <other-l.mvl>: not found
05:08:47.037856 Failed to open movielib <robots-h.mvl>: not found
05:08:47.038592 Failed to open movielib <robots-l.mvl>: not found
05:08:47.039117 Failed to open movie <intro.mve>: not found
05:08:47.039262 Failed to open movie <titles.mve>: not found
pvanhoof@lars:~/.d2x-rebirth$ cat descent.cfg 
DigiVolume=8
MusicVolume=8
ReverseStereo=0
OrigTrackOrder=0
MusicType=1
CMLevelMusicPlayOrder=0
CMLevelMusicTrack0=-1
CMLevelMusicTrack1=-1
CMLevelMusicPath=
CMMiscMusic0=
CMMiscMusic1=
CMMiscMusic2=
CMMiscMusic3=
CMMiscMusic4=
GammaLevel=0
LastPlayer=player
LastMission=
ResolutionX=1024
ResolutionY=768
AspectX=3
AspectY=4
WindowMode=0
TexFilt=0
TexAnisotropy=0
MovieTexFilt=0
MovieSubtitles=0
VSync=0
Multisample=0
FPSIndicator=0
GrabInput=1
pvanhoof@lars:~/.d2x-rebirth$ cat player.pl
player.plr  player.plx  
pvanhoof@lars:~/.d2x-rebirth$ cat player.ple
cat: player.ple: No such file or directory
pvanhoof@lars:~/.d2x-rebirth$ cat player.plr 
RLPDd2demoWhy can't we all just get along?Hey, I got a present for yaI got a hankerin' for a spankerin'This one's headed for Uranus�H�P�K�M8�O Q.J-N��GI�9�!���0���������*�3�4�#������������������������������������������������������000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000���������������������������������������������000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000            ��GUIDE-BOTDOS joystickpvanhoof@lars:~/.d2x-rebirth$ cat player.plx
[D2X OPTIONS]
[keyboard]
sensitivity0=16
sensitivity1=16
sensitivity2=16
sensitivity3=16
sensitivity4=16
[end]
[joystick]
sensitivity0=8
sensitivity1=8
sensitivity2=8
sensitivity3=8
sensitivity4=8
sensitivity5=8
linearity0=0
linearity1=0
linearity2=0
linearity3=0
linearity4=0
linearity5=0
speed0=16
speed1=16
speed2=16
speed3=16
speed4=16
speed5=16
deadzone0=0
deadzone1=0
deadzone2=0
deadzone3=0
deadzone4=0
deadzone5=0
[end]
[mouse]
flightsim=0
sensitivity0=8
sensitivity1=8
sensitivity2=8
sensitivity3=8
sensitivity4=8
sensitivity5=8
overrun0=0
overrun1=0
overrun2=0
overrun3=0
overrun4=0
overrun5=0
fsdead=0
fsindi=1
[end]
[weapon keys v2]
1=0x2,0xff,0xff
2=0x3,0xff,0xff
3=0x4,0xff,0xff
4=0x5,0xff,0xff
5=0x6,0xff,0xff
6=0x7,0xff,0xff
7=0x8,0xff,0xff
8=0x9,0xff,0xff
9=0xa,0xff,0xff
0=0xb,0xff,0xff
[end]
[cockpit]
hud=0
rettype=0
retrgba=0,32,0,0
retsize=0
[end]
[toggles]
escorthotkeys=1
thiefabsent=0
thiefnoenergyweapons=0
autosaveinterval=0
persistentdebris=0
prshot=0
noredundancy=0
multimessages=0
multipinghud=0
norankings=0
automapfreeflight=0
nofireautoselect=0
cycleautoselectonly=0
cloakinvultimer=0
respawnkey=0
mouselook=0
[end]
[graphics]
alphaeffects=0
dynlightcolor=0
[end]
[plx version]
plx version=0.61.0
[end]
[end]
pvanhoof@lars:~/.d2x-rebirth$ 

[vLKp]

Your valgrind logs appear to be missing the early lines. It starts in the middle of a stack trace. However, there is enough to research this.

This appears to be FluidSynth/fluidsynth#748 (libfluidsynth 2.1.6 crashes when delete_fluid_settings() is called before delete_fluid_synth()), as shown in your output (line numbers added; irrelevant lines deleted):

    22	==932731== Invalid read of size 4
    23	==932731==    at 0x4E9E63D: __pthread_mutex_lock_full (pthread_mutex_lock.c:181)
    24	==932731==    by 0x5226ACE: delete_fluid_synth (in /usr/lib/x86_64-linux-gnu/libfluidsynth.so.2.3.7)
    25	==932731==    by 0x491CB1E: fluidsynth_freesong (in /usr/lib/x86_64-linux-gnu/libSDL_mixer-1.2.so.0.12.0)
    26	==932731==    by 0x490FB66: Mix_FreeMusic (in /usr/lib/x86_64-linux-gnu/libSDL_mixer-1.2.so.0.12.0)
    40	==932731==  Address 0x1bceb710 is 16 bytes inside a block of size 40 free'd
    41	==932731==    at 0x484621F: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
    42	==932731==    by 0x5207C45: delete_fluid_settings (in /usr/lib/x86_64-linux-gnu/libfluidsynth.so.2.3.7)
    43	==932731==    by 0x491CB14: fluidsynth_freesong (in /usr/lib/x86_64-linux-gnu/libSDL_mixer-1.2.so.0.12.0)
    44	==932731==    by 0x490FB66: Mix_FreeMusic (in /usr/lib/x86_64-linux-gnu/libSDL_mixer-1.2.so.0.12.0)

According to that issue, SDL2_Mixer deletes the fluidsynth objects in the wrong order, leading to a crash. Older versions of fluidsynth happened not to crash immediately, but as I read the discussion in the issue, the fluidsynth developers consider this an SDL2_Mixer problem. I am aware you are using SDL_Mixer. However, inspecting the source for SDL_Mixer (or your backtrace) shows that it also calls delete_fluid_settings before delete_fluid_synth, which the fluidsynth issue declares to be an invalid ordering (see comment #763466066, comment #763482483 ). Comment #765616788 states that SDL2_Mixer was sent a patch, which was accepted into Debian. It appears to have been applied upstream in SDL2_Mixer as Fixed use-after-free in music_fluidsynth.c.

I cannot fix this problem in Rebirth, because this is not a bug in Rebirth. At best, I could add a hack to lock out your ability to use music when using fluidsynth, so that there would be no need to free music. However, as a fixed version of SDL2_Mixer is available, and the fix is simple, I am inclined to close this issue and refer you to the maintainer for your SDL_Mixer package. Please file a ticket with those maintainers, citing the fluidsynth issue and optionally this ticket. They should be able to backport the patch to apply to SDL_Mixer. It does not apply as-is due to text conflicts, but the change is conceptually simple.

You may also be able to avoid the crash by using SDL2 instead of SDL1 for Rebirth, if your Ubuntu distribution has picked up the fixed version of SDL2_Mixer.

Although I was not involved in the fluidsynth or SDL_Mixer work on this, I am available to answer questions if needed.

---

From that valgrind output, when I do this, it also doesn't crash anymore.

That change causes Rebirth never to free any Mix_Music objects. By leaking the object, you avoid calling the deletion code that crashes.

[pvanhoof]

This makes sense, so it's a fluidsynth issue and I'll just play with the memory leak and/or try with sdl2 until fluidsynth's fixed release arrives in my Ubuntu distribution.

Thanks a lot for the explanation.

For the next person: apt-get install libsdl2-mixer-dev ; scons d2x=sdl2 sdl2_sdl2=1

[vLKp]

As described in that issue, it's not a fluidsynth issue. It's an SDL_mixer issue. The position of the fluidsynth project is that affected versions of SDL_mixer use fluidsynth in an invalid way. Their patch, that I linked above, changes SDL_mixer to use fluidsynth in a valid way. Since it is not a fluidsynth bug, I do not expect that a newer fluidsynth package your distribution will fix this. However, I expect that a new enough SDL_mixer or SDL2_mixer from your distribution would fix this. Even there, I wouldn't expect a newer version of SDL_mixer unless your distribution's maintainer is notified that a fix is needed.

You can simplify that scons invocation to: scons sdl2=1 d2x=1.

Since this appears to be a problem in an external library, closing without change to Rebirth. You're welcome to continue discussion here if you have further questions.

[Kodiologist]

For the next person: apt-get install libsdl2-mixer-dev ; scons d2x=sdl2 sdl2_sdl2=1

Awesome, thanks. For building DX1, I had success with cons d1x=sdl2 sdl2_sdl2=1. I also needed sudo apt install libsdl2-image-dev beforehand, I believe. This is on Ubuntu 21.10.