search

elunna / hackem

SlashEM forked Unto Evil with a Splice of X and a dash of THEM.
Other
23 stars 8 forks source link

Found with fuzzer: Duplicate rot timer attempted #6

Closed elunna closed 1 year ago

elunna commented 2 years ago 
(gdb) bt
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1  0x00007ffff7365859 in __GI_abort () at abort.c:79
#2  0x0000555555a44c60 in NH_abort () at end.c:236
#3  0x0000555555a4ba5c in panic (str=0x55555651b6c0 "%s") at end.c:802
#4  0x0000555555f98bec in impossible (
    s=0x5555565788a0 "Attempted to start duplicate %s, aborted.") at pline.c:518
#5  0x00005555561b3f57 in start_timer (when=-779, kind=2, func_index=1, arg=0x604004f3c8f0)
    at timeout.c:2464
#6  0x000055555591bf94 in moldy_corpse (arg=0x604004f3c8f0, timeout=81623) at do.c:2491
#7  0x00005555561b3bce in run_timers () at timeout.c:2429
#8  0x00005555559111c6 in goto_level (newlevel=0x7fffffffdf60, at_stairs=0 '\000',
    falling=0 '\000', portal=0 '\000') at do.c:2003
#9  0x00005555559135c1 in deferred_goto () at do.c:2252
#10 0x00005555561989eb in level_tele () at teleport.c:1379
#11 0x00005555558361a3 in wiz_level_tele () at cmd.c:1102
#12 0x00005555558633d1 in rhack (cmd=0x55555679b640 <in_line> "\026") at cmd.c:5515
#13 0x0000555555761c00 in moveloop (resuming=0 '\000') at allmain.c:798
#14 0x00005555563b4110 in main (argc=0, argv=0x7fffffffe658) at ../sys/unix/unixmain.c:353

FULL Backtrace:
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
        set = {__val = {0, 0, 0, 0, 0, 140737337632192, 93824997411122, 335544320,
            140737341055120, 1073741824, 0, 140737342801568, 4294967295, 140737337360384,
            140737342784672, 14291042822004836608}}
        pid = <optimized out>
        tid = <optimized out>
        ret = <optimized out>
#1  0x00007ffff7365859 in __GI_abort () at abort.c:79
        save_stage = 1
        act = {__sigaction_handler = {sa_handler = 0xffffffff, sa_sigaction = 0xffffffff},
          sa_mask = {__val = {140737337360384, 140737342784672, 14291042822004836608,
              140737488342752, 140737342801568, 18446744073709547520, 140737327112192,
              140737345470680, 140737488343824, 140737488343824, 140737344339986,
              17592186042844, 140737488338944, 140737341055120, 14291042822004836608,
              140737488343152}}, sa_flags = -1149335296, sa_restorer = 0x7fffffffd230}
        sigs = {__val = {32, 0 <repeats 15 times>}}
#2  0x0000555555a44c60 in NH_abort () at end.c:236
        gdb_prio = 1
        libc_prio = 2
        aborting = 1 '\001'
#3  0x0000555555a4ba5c in panic (str=0x55555651b6c0 "%s") at end.c:802
        the_args = {{gp_offset = 16, fp_offset = 48, overflow_arg_area = 0x7fffffffd300,
            reg_save_area = 0x7fffffffd230}}
#4  0x0000555555f98bec in impossible (
    s=0x5555565788a0 "Attempted to start duplicate %s, aborted.") at pline.c:518
        pbuf = "Attempted to start duplicate rot_corpse timer, aborted.", '\000' <repeats 181 times>...
        the_args = {{gp_offset = 16, fp_offset = 48, overflow_arg_area = 0x7fffffffd9f0,
            reg_save_area = 0x7fffffffd910}}
#5  0x00005555561b3f57 in start_timer (when=-779, kind=2, func_index=1, arg=0x604004f3c8f0)
    at timeout.c:2464
        idbuf = "rot_corpse timer\000\332\377\377\377\177\000\000\061\202\215UUU\000\000\000\000\000\000\000\000\000\000\005\000\000\000I\000\000\000\240\332\377\377\377\177\000\000\036\004\217UUU\000\000x\037{Vw\000\000\000\005\000\000\000I\000\000\000\005\000\000\000\000\000\000\000I\000\000\000\000\000\000\000\020\333\377\377\377\177\000\000uz\216UUU\000\000һyVUU\000\000j\225{VUU\000"
        gnu = 0x0
        dup = 0x604004f3c890
#6  0x000055555591bf94 in moldy_corpse (arg=0x604004f3c8f0, timeout=81623) at do.c:2491
        body = 0x60c0010e5a40
        old_oname = 0x0
        oldtyp = 563
        oldquan = 1
        newpm = 0x5555565fe098 <mons+41080>
        count = 0
        already_fungus = 0 '\000'
        bad_spot = 1 '\001'
        no_eligible = 0 '\000'
        munching = 0 '\000'
#7  0x00005555561b3bce in run_timers () at timeout.c:2429
        curr = 0x604004f3c8d0
#8  0x00005555559111c6 in goto_level (newlevel=0x7fffffffdf60, at_stairs=0 '\000',
    falling=0 '\000', portal=0 '\000') at do.c:2003
        fd = 4
        l_idx = 0
        new_ledger = 2 '\002'
        cant_go_back = 0 '\000'
        great_effort = 0 '\000'
        up = 0 '\000'
        newdungeon = 0 '\000'
        was_in_W_tower = 0 '\000'
        familiar = 0 '\000'
        new = 0 '\000'
        mtmp = 0x0
        whynot = '\000' <repeats 255 times>
        annotation = 0x0
        dist = 1
        do_fall_dmg = 0 '\000'
#9  0x00005555559135c1 in deferred_goto () at do.c:2252
        dest = {dnum = 0 '\000', dlevel = 2 '\002'}
        typmask = 64
#10 0x00005555561989eb in level_tele () at teleport.c:1379
        get_there_from = "get there from %s."
        mtmp = 0x0
        newlev = 2
        newlevel = {dnum = 0 '\000', dlevel = 2 '\002'}
        escape_by_flying = 0x0
        buf = '\000' <repeats 168 times>, "\340\330T\367\377\177\000\000]\301;VUU", '\000' <repeats 73 times>
        force_dest = 0 '\000'
        ulev = 1
        vlev = 46
#11 0x00005555558361a3 in wiz_level_tele () at cmd.c:1102
No locals.
#12 0x00005555558633d1 in rhack (cmd=0x55555679b640 <in_line> "\026") at cmd.c:5515
        tlist = 0x55555665cc70 <extcmdlist+5136>
        res = -7232
        func = 0x555555836154 <wiz_level_tele>
        spkey = 0
        prefix_seen = 0 '\000'
        bad_command = 3 '\003'
        firsttime = 1 '\001'
#13 0x0000555555761c00 in moveloop (resuming=0 '\000') at allmain.c:798
        moveamt = 12
        wtcap = 0
        change = 0
        monscanmove = 0 '\000'
        timeout_start = 31718
        past_clock = 50683
        elf_regen = 1 '\001'
        orc_regen = 1 '\001'
        vamp_regen = 1 '\001'
#14 0x00005555563b4110 in main (argc=0, argv=0x7fffffffe658) at ../sys/unix/unixmain.c:353
        fd = -1
        dir = 0x0
        exact_username = 0 '\000'
        resuming = 0 '\000'
        plsel_once = 1 '\001'
elunna commented 1 year ago

The first example has a level teleport at the beginning, but this issue is also popping up without any level teleport.

Starting program: /home/lunatunez/games/hackemdir/hackem -D -u wizard 2>err.log
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".

Program received signal SIGINT, Interrupt.
0x00007ffff7450fd2 in __GI___libc_read (fd=0, buf=0x619000000a80, nbytes=1024)
    at ../sysdeps/unix/sysv/linux/read.c:26
26  ../sysdeps/unix/sysv/linux/read.c: No such file or directory.
Continuing.

Program received signal SIGABRT, Aborted.
__GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
50  ../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1  0x00007ffff7365859 in __GI_abort () at abort.c:79
#2  0x0000555555a4217c in NH_abort () at end.c:236
#3  0x0000555555a48f78 in panic (str=0x55555651a8c0 "%s") at end.c:802
#4  0x0000555555f95bbc in impossible (s=0x5555564b9660 "ucastm: invalid magic spell (%d)")
    at pline.c:518
#5  0x0000555555baf19e in ucast_wizard_spell (mattk=0x611000683980, mtmp=0x611000688700, 
    dmg=21, spellnum=17) at mcastu.c:2315
#6  0x0000555555b9bda9 in castmm (mtmp=0x611000683980, mdef=0x7fffffffcde0, 
    mattk=0x555556604344 <mons+70436>) at mcastu.c:1795
#7  0x0000555555be55b0 in mattackm (magr=0x611000683980, mdef=0x7fffffffcde0) at mhitm.c:799
#8  0x0000555555e50682 in m_move_aggress (mtmp=0x611000683980, x=74 'J', y=12 '\f')
    at monmove.c:2056
#9  0x0000555555e424c1 in m_move (mtmp=0x611000683980, after=0) at monmove.c:1690
#10 0x0000555555e34dcb in dochug (mtmp=0x611000683980) at monmove.c:912
#11 0x0000555555e20d5b in dochugw (mtmp=0x611000683980) at monmove.c:122
#12 0x0000555555d90564 in movemon () at mon.c:1514
#13 0x000055555575c28a in moveloop (resuming=0 '\000') at allmain.c:244
#14 0x00005555563b3008 in main (argc=0, argv=0x7fffffffe658) at ../sys/unix/unixmain.c:353
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
        set = {__val = {0, 0, 0, 0, 0, 140737337632192, 93824997400142, 335544320, 
            140737341055120, 1073741824, 0, 140737342801568, 4294967295, 140737337360384, 
            140737342784672, 3322192584551084800}}
        pid = <optimized out>
        tid = <optimized out>
        ret = <optimized out>
#1  0x00007ffff7365859 in __GI_abort () at abort.c:79
        save_stage = 1
        act = {__sigaction_handler = {sa_handler = 0xffffffff, sa_sigaction = 0xffffffff}, 
          sa_mask = {__val = {140737337360384, 140737342784672, 3322192584551084800, 
              140737488342752, 140737342801568, 18446744073709547520, 140737327112192, 
              140737345470680, 140737488343824, 140737488343824, 140737344339986, 
              17592186042844, 140737488338944, 140737341055120, 3322192584551084800, 
              140737488343152}}, sa_flags = -845499648, sa_restorer = 0x7fffffffd230}
        sigs = {__val = {32, 0 <repeats 15 times>}}
#2  0x0000555555a4217c in NH_abort () at end.c:236
        gdb_prio = 1
        libc_prio = 2
        aborting = 1 '\001'
#3  0x0000555555a48f78 in panic (str=0x55555651a8c0 "%s") at end.c:802
        the_args = {{gp_offset = 16, fp_offset = 48, overflow_arg_area = 0x7fffffffd300, 
            reg_save_area = 0x7fffffffd230}}
#4  0x0000555555f95bbc in impossible (s=0x5555564b9660 "ucastm: invalid magic spell (%d)")
    at pline.c:518
        pbuf = "ucastm: invalid magic spell (17)\000\323\377\377\377\177\000\000ð;VUU\000\000\000\000\000\000\000\000\000\000\020\001\000\000\320`\000\000\340\323\377\377\377\177\000\000B\357;VUU\000\000#\000\000\000\000\000\000\000\340\324\377\377\377\177\000\000\300\324\377\377\377\177\000\000\340\324\377\377\377\177\000\000\020\324\377\377\377\177\000\000\212\371;VUU\000\000@\324\377\377\377\377\377\377\020\001\000\000\320`\000\000\020\001\000\000\320`\000\000\300\324\377\377\377\177\000\000`\324\377\377\377\177\000\000\365'=VUU\000\000\340\324\377\377\377\177\000\000\000\000\000\000\001\000\000\000P\324\377\377\000\000\000\000\025"...
        the_args = {{gp_offset = 16, fp_offset = 48, overflow_arg_area = 0x7fffffffd9f0, 
            reg_save_area = 0x7fffffffd910}}
#5  0x0000555555baf19e in ucast_wizard_spell (mattk=0x611000683980, mtmp=0x611000688700, 
    dmg=21, spellnum=17) at mcastu.c:2315
        resisted = 0 '\000'
        yours = 0 '\000'
#6  0x0000555555b9bda9 in castmm (mtmp=0x611000683980, mdef=0x7fffffffcde0, 
    mattk=0x555556604344 <mons+70436>) at mcastu.c:1795
        dmg = 21
        ml = 14
        ret = 1
        spellnum = 17
#7  0x0000555555be55b0 in mattackm (magr=0x611000683980, mdef=0x7fffffffcde0) at mhitm.c:799
        i = 3
        tmp = 23
        strike = 1
        attk = 1
        struck = 1
        res = {1, 1, 1, 0, 1102416563, 0}
        k = 0
        dieroll = 4
        saved_mhp = 14
        mattk = 0x555556604344 <mons+70436>
        alt_attk = {aatyp = 128 '\200', adtyp = 57 '9', damn = 104 'h', damd = 0 '\000'}
        mwep = 0x0
        marmf = 0x0
        pa = 0x555556604328 <mons+70408>
#8  0x0000555555e50682 in m_move_aggress (mtmp=0x611000683980, x=74 'J', y=12 '\f')
    at monmove.c:2056
        mtmp2 = 0x611000688700
        mstatus = 24848
#9  0x0000555555e424c1 in m_move (mtmp=0x611000683980, after=0) at monmove.c:1690
        appr = <optimized out>
        gx = 75 'K'
        gy = 11 '\v'
        nix = 74 'J'
        niy = 12 '\f'
        chcnt = 0 '\000'
        i = 1
        j = 0
        chi = 0
        likegold = 0 '\000'
        likegems = 0 '\000'
        likeobjs = 0 '\000'
        likemagic = 1 '\001'
        conceals = 0 '\000'
        likerock = 0 '\000'
        can_tunnel = 0 '\000'
        can_open = 1 '\001'
        can_unlock = 0 '\000'
        doorbuster = 0 '\000'
        uses_items = 1 '\001'
        setlikes = 1 '\001'
        avoid = 0 '\000'
        better_with_displacing = 0 '\000'
        sawmon = 0 '\000'
        ptr = 0x555556604328 <mons+70408>
        mtoo = 0x61100064c980
        mmoved = 1 '\001'
        info = {2621440, 0, -1, 4294967296, 326417514508, 93825010922384, 140737488347392, 
          93825003986827, 38654705676}
        flag = 4456448
        omx = 74
        omy = 11
        offer = 32767
#10 0x0000555555e34dcb in dochug (mtmp=0x611000683980) at monmove.c:912
        mdat = 0x555556604328 <mons+70408>
        tmp = <optimized out>
        mdummy = 0x0
        inrange = 1
        nearby = 0
        scared = 0
        oldx = 0
        oldy = 0
        mwalk_sewage = 0 '\000'
#11 0x0000555555e20d5b in dochugw (mtmp=0x611000683980) at monmove.c:122
        x = 74
        y = 11
        already_saw_mon = 0 '\000'
        rd = 300
#12 0x0000555555d90564 in movemon () at mon.c:1514
        mtmp = 0x611000683980
        nmtmp = 0x6110006312c0
        somebody_can_move = 1 '\001'
#13 0x000055555575c28a in moveloop (resuming=0 '\000') at allmain.c:244
        moveamt = 10
        wtcap = 0
        change = 0
        monscanmove = 0 '\000'
        timeout_start = 31629
        past_clock = 32225
        elf_regen = 1 '\001'
        orc_regen = 1 '\001'
        vamp_regen = 1 '\001'
#14 0x00005555563b3008 in main (argc=0, argv=0x7fffffffe658) at ../sys/unix/unixmain.c:353
        fd = -1
        dir = 0x0
        exact_username = 0 '\000'
        resuming = 0 '\000'
        plsel_once = 1 '\001'
Please answer y or n.
Starting program: /home/lunatunez/games/hackemdir/hackem -D -u wizard 2>err.log
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".

Program received signal SIGINT, Interrupt.
0x00007ffff7450fd2 in __GI___libc_read (fd=0, buf=0x619000000a80, nbytes=1024)
    at ../sysdeps/unix/sysv/linux/read.c:26
26  ../sysdeps/unix/sysv/linux/read.c: No such file or directory.
Continuing.

Program received signal SIGABRT, Aborted.
__GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
50  ../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1  0x00007ffff7365859 in __GI_abort () at abort.c:79
#2  0x0000555555a4217c in NH_abort () at end.c:236
#3  0x0000555555a48f78 in panic (str=0x5555564d6080 "relmon: mon not in list.") at end.c:802
#4  0x0000555555da5afd in relmon (mon=0x6110017e0c00, 
    monst_list=0x5555567bb760 <migrating_mons>) at mon.c:3056
#5  0x000055555596c5de in migrate_to_level (mtmp=0x6110017e0c00, tolev=4 '\004', 
    xyloc=1 '\001', cc=0x0) at dog.c:867
#6  0x000055555596c34c in migrate_to_level (mtmp=0x6110017e1ec0, tolev=4 '\004', 
    xyloc=1 '\001', cc=0x0) at dog.c:840
#7  0x0000555555ddba89 in migrate_mon (mtmp=0x6110017e1ec0, target_lev=4 '\004', 
    xyloc=1 '\001') at mon.c:4519
#8  0x0000555555ddba39 in m_into_limbo (mtmp=0x6110017e1ec0) at mon.c:4509
#9  0x00005555559688c2 in mon_arrive (mtmp=0x6110017e1ec0, with_you=0 '\000') at dog.c:555
#10 0x0000555555967302 in losedogs () at dog.c:390
#11 0x000055555590e622 in goto_level (newlevel=0x7fffffffdf60, at_stairs=0 '\000', 
    falling=0 '\000', portal=0 '\000') at do.c:1996
#12 0x0000555555910a27 in deferred_goto () at do.c:2252
#13 0x00005555561981b6 in level_tele () at teleport.c:1380
#14 0x00005555558335ad in wiz_level_tele () at cmd.c:1102
#15 0x00005555558607db in rhack (cmd=0x55555679bac0 <in_line> "\026") at cmd.c:5515
#16 0x0000555555762c00 in moveloop (resuming=0 '\000') at allmain.c:798
Quit
Starting program: /home/lunatunez/games/hackemdir/hackem -D -u wizard 2>err.log
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".

Program received signal SIGINT, Interrupt.
0x00007ffff7450fd2 in __GI___libc_read (fd=0, buf=0x619000000a80, nbytes=1024)
    at ../sysdeps/unix/sysv/linux/read.c:26
26  ../sysdeps/unix/sysv/linux/read.c: No such file or directory.
Continuing.

Program received signal SIGINT, Interrupt.
hitmsg (mtmp=0x555556728410 <rnglist+16>, mattk=0x6110004d23c0) at mhitu.c:52
52  {
Starting program: /home/lunatunez/games/hackemdir/hackem -D -u wizard 2>err.log
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".

Program received signal SIGINT, Interrupt.
0x00007ffff7450fd2 in __GI___libc_read (fd=0, buf=0x619000000a80, nbytes=1024)
    at ../sysdeps/unix/sysv/linux/read.c:26
26  ../sysdeps/unix/sysv/linux/read.c: No such file or directory.
Continuing.

Program received signal SIGABRT, Aborted.
__GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
50  ../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1  0x00007ffff7365859 in __GI_abort () at abort.c:79
#2  0x0000555555a4217c in NH_abort () at end.c:236
#3  0x0000555555a48f78 in panic (str=0x5555564d6080 "relmon: mon not in list.") at end.c:802
#4  0x0000555555da5afd in relmon (mon=0x61100167b400, 
    monst_list=0x5555567bb760 <migrating_mons>) at mon.c:3056
#5  0x000055555596c5de in migrate_to_level (mtmp=0x61100167b400, tolev=3 '\003', 
    xyloc=1 '\001', cc=0x0) at dog.c:867
#6  0x000055555596c34c in migrate_to_level (mtmp=0x611001679240, tolev=3 '\003', 
    xyloc=1 '\001', cc=0x0) at dog.c:840
#7  0x0000555555ddba89 in migrate_mon (mtmp=0x611001679240, target_lev=3 '\003', 
    xyloc=1 '\001') at mon.c:4519
#8  0x0000555555ddba39 in m_into_limbo (mtmp=0x611001679240) at mon.c:4509
#9  0x00005555559688c2 in mon_arrive (mtmp=0x611001679240, with_you=0 '\000') at dog.c:555
#10 0x0000555555967302 in losedogs () at dog.c:390
#11 0x000055555590e622 in goto_level (newlevel=0x7fffffffdf60, at_stairs=0 '\000', 
    falling=0 '\000', portal=0 '\000') at do.c:1996
#12 0x0000555555910a27 in deferred_goto () at do.c:2252
#13 0x000055555619809c in level_tele () at teleport.c:1380
#14 0x00005555558335ad in wiz_level_tele () at cmd.c:1102
#15 0x00005555558607db in rhack (cmd=0x55555679bac0 <in_line> "\026") at cmd.c:5515
#16 0x0000555555762c00 in moveloop (resuming=0 '\000') at allmain.c:798
#17 0x00005555563b3f15 in main (argc=0, argv=0x7fffffffe658) at ../sys/unix/unixmain.c:353
Starting program: /home/lunatunez/games/hackemdir/hackem -D -u wizard 2>err.log
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".

Program received signal SIGINT, Interrupt.
0x00007ffff7450fd2 in __GI___libc_read (fd=0, buf=0x619000000a80, nbytes=1024)
    at ../sysdeps/unix/sysv/linux/read.c:26
26  ../sysdeps/unix/sysv/linux/read.c: No such file or directory.
Continuing.

Program received signal SIGABRT, Aborted.
__GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
50  ../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
        set = {__val = {0, 0, 0, 0, 0, 140737337632192, 93824997401984, 335544320, 
            140737341055120, 1073741824, 0, 140737342801568, 4294967295, 140737337360384, 
            140737342784672, 13936182301292547584}}
        pid = <optimized out>
        tid = <optimized out>
        ret = <optimized out>
#1  0x00007ffff7365859 in __GI_abort () at abort.c:79
        save_stage = 1
        act = {__sigaction_handler = {sa_handler = 0xffffffff, sa_sigaction = 0xffffffff}, 
          sa_mask = {__val = {140737337360384, 140737342784672, 13936182301292547584, 
              140737488344912, 140737342801568, 18446744073709547520, 140737327112192, 
              140737345470680, 140737488345984, 140737488345984, 140737344339986, 
              17592186043114, 140737488338944, 140737341055120, 13936182301292547584, 
              140737488345312}}, sa_flags = 1235275264, sa_restorer = 0x7fffffffdaa0}
        sigs = {__val = {32, 0 <repeats 15 times>}}
#2  0x0000555555a428ae in NH_abort () at end.c:236
        gdb_prio = 1
        libc_prio = 2
        aborting = 1 '\001'
#3  0x0000555555a496aa in panic (str=0x55555651cb00 "%s") at end.c:802
        the_args = {{gp_offset = 16, fp_offset = 48, overflow_arg_area = 0x7fffffffdb70, 
            reg_save_area = 0x7fffffffdaa0}}
#4  0x0000555555f9763f in impossible (
    s=0x555556579d20 "Attempted to start duplicate %s, aborted.") at pline.c:518
        pbuf = "Attempted to start duplicate rot_corpse timer, aborted.", '\000' <repeats 181 times>...
        the_args = {{gp_offset = 16, fp_offset = 48, overflow_arg_area = 0x7fffffffe260, 
            reg_save_area = 0x7fffffffe180}}
#5  0x00005555561b4122 in start_timer (when=180, kind=2, func_index=1, arg=0x6040023ebd70)
    at timeout.c:2464
        idbuf = "rot_corpse timer\000\343\377\377\377\177\000\000\000\000\000\000\004\000\000\000\360\342\377\377\377\177\000\000\177\205\177UUU\000\000\204\322yVUU\000\000\n\254{VUU\000\000\060\343\377\377\377\177\000\000-Q\256UUU\000\000\325\002\000\000\000\000\000\000\350\003", '\000' <repeats 22 times>, "r\322yVUU\000\000\n\254{VUU\000"
        gnu = 0x0
        dup = 0x6040023ebcd0
#6  0x0000555555919b3a in moldy_corpse (arg=0x6040023ebd70, timeout=112349) at do.c:2491
        body = 0x60c0005d0880
        old_oname = 0x0
        oldtyp = 566
        oldquan = 1
        newpm = 0x5555565ff370 <mons+41808>
        count = 0
        already_fungus = 0 '\000'
        bad_spot = 1 '\001'
        no_eligible = 0 '\000'
        munching = 0 '\000'
#7  0x00005555561b3d99 in run_timers () at timeout.c:2429
        curr = 0x6040023ebd50
#8  0x00005555561a7bf2 in nh_timeout () at timeout.c:975
        upp = 0x5555567bb3f0 <u+2032>
        kptr = 0x1600293500
        was_flying = 0 '\000'
        sleeptime = -7072
        m_idx = 32767
        baseluck = 0
#9  0x000055555575d2b2 in moveloop (resuming=0 '\000') at allmain.c:381
        mtmp = 0x0
        moveamt = 12
        wtcap = 0
        change = 0
        monscanmove = 0 '\000'
        timeout_start = 34647
        past_clock = 77701
        elf_regen = 1 '\001'
        orc_regen = 1 '\001'
        vamp_regen = 1 '\001'
#10 0x00005555563b5128 in main (argc=0, argv=0x7fffffffe658) at ../sys/unix/unixmain.c:353
        fd = -1
        dir = 0x0
        exact_username = 0 '\000'
        resuming = 0 '\000'
        plsel_once = 1 '\001'
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1  0x00007ffff7365859 in __GI_abort () at abort.c:79
#2  0x0000555555a428ae in NH_abort () at end.c:236
#3  0x0000555555a496aa in panic (str=0x55555651cb00 "%s") at end.c:802
#4  0x0000555555f9763f in impossible (
    s=0x555556579d20 "Attempted to start duplicate %s, aborted.") at pline.c:518
#5  0x00005555561b4122 in start_timer (when=180, kind=2, func_index=1, arg=0x6040023ebd70)
    at timeout.c:2464
#6  0x0000555555919b3a in moldy_corpse (arg=0x6040023ebd70, timeout=112349) at do.c:2491
#7  0x00005555561b3d99 in run_timers () at timeout.c:2429
#8  0x00005555561a7bf2 in nh_timeout () at timeout.c:975
#9  0x000055555575d2b2 in moveloop (resuming=0 '\000') at allmain.c:381
#10 0x00005555563b5128 in main (argc=0, argv=0x7fffffffe658) at ../sys/unix/unixmain.c:353
elunna commented 1 year ago

Added a check to see if rot timer already exists in this commit: c3e7a6c83