MantisBT - Zandronum |
| View Issue Details |
|
| ID | Project | Category | View Status | Date Submitted | Last Update |
| 0002232 | Zandronum | [All Projects] Bug | public | 2015-05-16 12:24 | 2018-09-30 21:57 |
|
| Reporter | CyberMan | |
| Assigned To | Torr Samaho | |
| Priority | normal | Severity | crash | Reproducibility | always |
| Status | closed | Resolution | fixed | |
| Platform | Microsoft | OS | Windows | OS Version | XP/Vista/7 |
| Product Version | 3.0-beta | |
| Target Version | 3.0 | Fixed in Version | 3.0 | |
|
| Summary | 0002232: [b678038] Game crashed on the map start |
| Description | When i tried to load map map ENDMAP01, game crashed. |
| Steps To Reproduce | 1. Load Zandropnum wid IWAD doom2.wad and PWAD tutnt-v108.pk3
2. In console enter "map ENDMAP01"
3. Get the error |
| Additional Information | Using videocard nVidia GeFirce 7025 (built in) |
| Tags | No tags attached. |
| Relationships | | parent of | 0002934 | closed | Torr Samaho | Crash with 'map' ccmd from client while automap is open |
|
| Attached Files |  CrashReport.zip (22,290) 2015-05-16 12:24
/tracker/file_download.php?file_id=1489&type=bug
CrashReport-ticket2232.zip (24,094) 2015-08-08 19:29
/tracker/file_download.php?file_id=1604&type=bug |
|
| Issue History |
| Date Modified | Username | Field | Change |
| 2015-05-16 12:24 | CyberMan | New Issue | |
| 2015-05-16 12:24 | CyberMan | File Added: CrashReport.zip | |
| 2015-05-16 12:26 | CyberMan | Note Added: 0012280 | |
| 2015-05-16 14:14 | Dusk | Note Added: 0012286 | |
| 2015-05-16 14:14 | Dusk | Product Version | => 3.0 |
| 2015-05-16 14:19 | Dusk | Note Edited: 0012286 | bug_revision_view_page.php?bugnote_id=12286#r7096 |
| 2015-05-16 14:20 | Dusk | Summary | Game crashed on the map start => [b678038] Game crashed on the map start |
| 2015-05-16 14:44 | Torr Samaho | Note Added: 0012287 | |
| 2015-05-16 14:46 | CyberMan | Note Added: 0012288 | |
| 2015-05-16 18:30 | WaTaKiD | Note Added: 0012297 | |
| 2015-05-16 19:32 | WaTaKiD | Note Edited: 0012297 | bug_revision_view_page.php?bugnote_id=12297#r7102 |
| 2015-05-16 19:43 | Edward-san | Note Added: 0012299 | |
| 2015-05-16 20:07 | DrinkyBird | Note Added: 0012300 | |
| 2015-05-17 17:12 | Torr Samaho | Note Added: 0012319 | |
| 2015-05-24 19:39 | Dusk | Product Version | 3.0 => 3.0-beta |
| 2015-08-08 18:20 | Torr Samaho | Note Added: 0013110 | |
| 2015-08-08 18:20 | Torr Samaho | Assigned To | => Torr Samaho |
| 2015-08-08 18:20 | Torr Samaho | Status | new => feedback |
| 2015-08-08 19:29 | WaTaKiD | File Added: CrashReport-ticket2232.zip | |
| 2015-08-08 19:32 | WaTaKiD | Note Added: 0013120 | |
| 2015-08-08 20:15 | WaTaKiD | Note Edited: 0013120 | bug_revision_view_page.php?bugnote_id=13120#r7832 |
| 2015-08-08 20:33 | Torr Samaho | Note Added: 0013121 | |
| 2015-08-08 20:44 | WaTaKiD | Note Added: 0013122 | |
| 2015-08-08 20:46 | WaTaKiD | Note Edited: 0013122 | bug_revision_view_page.php?bugnote_id=13122#r7834 |
| 2015-08-08 22:21 | Edward-san | Note Added: 0013124 | |
| 2015-08-09 06:38 | Torr Samaho | Note Added: 0013125 | |
| 2015-08-09 07:34 | WaTaKiD | Note Added: 0013127 | |
| 2015-08-09 07:45 | Torr Samaho | Note Added: 0013131 | |
| 2015-08-09 07:58 | Edward-san | Note Added: 0013132 | |
| 2015-08-09 08:00 | Torr Samaho | Note Added: 0013134 | |
| 2015-08-09 08:20 | Edward-san | Note Added: 0013135 | |
| 2015-08-09 09:08 | cobalt | Status | feedback => needs testing |
| 2015-08-09 09:08 | cobalt | Target Version | => 3.0 |
| 2015-08-09 09:08 | cobalt | Steps to Reproduce Updated | bug_revision_view_page.php?rev_id=7840#r7840 |
| 2015-08-09 09:08 | cobalt | Note Added: 0013137 | |
| 2015-08-09 10:22 | Torr Samaho | Note Added: 0013142 | |
| 2015-08-09 10:22 | Torr Samaho | Status | needs testing => resolved |
| 2015-08-09 10:22 | Torr Samaho | Fixed in Version | => 3.0 |
| 2015-08-09 10:22 | Torr Samaho | Resolution | open => fixed |
| 2016-11-25 23:53 | Edward-san | Relationship added | parent of 0002934 |
| 2018-09-30 21:57 | Blzut3 | Status | resolved => closed |
|
Notes |
|
|
|
|
|
|
(0012286)
|
|
Dusk
|
2015-05-16 14:14
(edited on: 2015-05-16 14:19) |
|
[16:12:57] <@edward-san> CyberMan, which zan 3.0 binary did you use?
[16:13:24] < CyberMan> 0748
[16:13:28] < CyberMan> latest
"0748" is b678038c51ff
|
|
|
|
|
|
Doesn't crash for me. Or do I have to wait for a while? I only checked the first few seconds of the credits. |
|
|
|
|
|
|
|
(0012297)
|
|
WaTaKiD
|
2015-05-16 18:30
(edited on: 2015-05-16 19:32) |
|
i also dont crash, but heres the build/pdb/backtrace from his report
'https://www.dropbox.com/s/kyx314jhh1764oa/zandronum-3.0-r150516-0748-b678038-windows.zip?dl=0 [^]'
'https://www.dropbox.com/s/ghuq8phsx0blxte/pdb-b678038.zip?dl=0 [^]'
> zandronum.exe!D3DFB::AllocPackedTexture(int w=400, int h=4200, bool wrapping=true, _D3DFORMAT format=D3DFMT_A8R8G8B8) Line 1993 C++
zandronum.exe!D3DTex::Create(D3DFB * fb=0x020d1ec8, bool wrapping=false) Line 2421 C++
zandronum.exe!D3DTex::D3DTex(FTexture * tex=0x025b7798, D3DFB * fb=0x020d1ec8, bool wrapping=false) Line 2355 C++
zandronum.exe!D3DFB::CreateTexture(FTexture * gametex=0x025b7798, bool wrapping=false) Line 2728 + 0x2c bytes C++
zandronum.exe!FTexture::GetNative(bool wrapping=false) Line 456 + 0x12 bytes C++
zandronum.exe!D3DFB::DrawTextureV(FTexture * img=0x025b7798, double x=120.00000000000000, double y=549.00000000000000, unsigned int tags_first=1073746829, char * tags=0x0012f2ac) Line 2956 + 0x9 bytes C++
zandronum.exe!DCanvas::DrawTextV(FFont * font=0x00000000, int normalcolor=1079902208, int x=0, int y=1082206208, const char * string=0x4000138d, char * taglist=0x0012f2ac) Line 266 + 0x37 bytes C++
zandronum.exe!DCanvas::DrawTextA(FFont * font=0x09e8def8, int normalcolor=11, int x=120, int y=549, const char * string=0x08391bf4, ...) Line 280 C++
zandronum.exe!DHUDMessage::DoDraw(int linenum=0, int x=120, int y=549, bool clean=false, int hudheight=480) Line 555 + 0x6f bytes C++
zandronum.exe!DHUDMessage::Draw(int bottom=480, int visibility=120) Line 482 C++
zandronum.exe!DBaseStatusBar::DrawMessages(int layer=0, int bottom=480) Line 1262 + 0x7 bytes C++
zandronum.exe!DBaseStatusBar::DrawTopStuff(EHudState state=HUD_Fullscreen) Line 1616 C++
zandronum.exe!D_Display() Line 1010 C++
zandronum.exe!D_DoomLoop() Line 1359 C++
EDIT: after reading the log.rtf in his report, i was able to reproduce the crash with this method:
start server with tutnt-v108.pk3 on map tntle
connect
disconnect in console
map endmap01
crash (sometimes)
|
|
|
|
|
Mmm, I believe this can be reproduced without hosting. Can you try this:
- run offline with tutnt-v108.pk3;
- open for example tntle;
- 'endgame' in console;
- 'map endmap01'
? |
|
|
|
|
|
edward-san's method has not crashed on me so far. |
|
|
|
|
Quote from Edward-san
Mmm, I believe this can be reproduced without hosting
What makes you think so? Does it crash for you if you try it like this?
Can somebody try GZDoom 1.8.0? |
|
|
|
|
|
WaTaKiD, can you still reproduce this in the latest 3.0 build? |
|
|
|
(0013120)
|
|
WaTaKiD
|
2015-08-08 19:32
(edited on: 2015-08-08 20:15) |
|
|
|
|
|
|
Can you also reproduce the crash offline, i.e. without ever connecting to the server? For instance using 0002232:0012299? |
|
|
|
(0013122)
|
|
WaTaKiD
|
2015-08-08 20:44
(edited on: 2015-08-08 20:46) |
|
i gave the offline steps 25 tries (going by how many more log files ive got now) and not a single crash, whereas the online steps usually crash within a dozen or so
edit: if this is insufficient, lemme know and ill keep trying
|
|
|
|
|
In linux, I could not reproduce this at all, until I compile zandronum with address sanitizer enabled:
=================================================================
==11783==ERROR: AddressSanitizer: heap-use-after-free on address 0x7fffd4c61414 at pc 0x000000a3d45b bp 0x7fffffffbad0 sp 0x7fffffffbac8
READ of size 4 at 0x7fffd4c61414 thread T0
#0 0xa3d45a in R_AddLine(seg_t*) /home/edward-san/zdoom/zandronum/sandbox/src/r_bsp.cpp:836
#1 0xa42dc9 in R_Subsector(subsector_t*) /home/edward-san/zdoom/zandronum/sandbox/src/r_bsp.cpp:1350
0000002 0xa43080 in R_RenderBSPNode(void*) /home/edward-san/zdoom/zandronum/sandbox/src/r_bsp.cpp:1390
0000003 0xa42ff1 in R_RenderBSPNode(void*) /home/edward-san/zdoom/zandronum/sandbox/src/r_bsp.cpp:1381
0000004 0xa42ff1 in R_RenderBSPNode(void*) /home/edward-san/zdoom/zandronum/sandbox/src/r_bsp.cpp:1381
0000005 0xa42ff1 in R_RenderBSPNode(void*) /home/edward-san/zdoom/zandronum/sandbox/src/r_bsp.cpp:1381
0000006 0xa42ff1 in R_RenderBSPNode(void*) /home/edward-san/zdoom/zandronum/sandbox/src/r_bsp.cpp:1381
0000007 0xa42ff1 in R_RenderBSPNode(void*) /home/edward-san/zdoom/zandronum/sandbox/src/r_bsp.cpp:1381
0000008 0xa42ff1 in R_RenderBSPNode(void*) /home/edward-san/zdoom/zandronum/sandbox/src/r_bsp.cpp:1381
0000009 0xa42ff1 in R_RenderBSPNode(void*) /home/edward-san/zdoom/zandronum/sandbox/src/r_bsp.cpp:1381
0000010 0xa42ff1 in R_RenderBSPNode(void*) /home/edward-san/zdoom/zandronum/sandbox/src/r_bsp.cpp:1381
0000011 0xa42ff1 in R_RenderBSPNode(void*) /home/edward-san/zdoom/zandronum/sandbox/src/r_bsp.cpp:1381
0000012 0xa42ff1 in R_RenderBSPNode(void*) /home/edward-san/zdoom/zandronum/sandbox/src/r_bsp.cpp:1381
0000013 0xa5da15 in R_RenderActorView(AActor*, bool) /home/edward-san/zdoom/zandronum/sandbox/src/r_main.cpp:846
0000014 0xa3047a in FSoftwareRenderer::RenderView(player_t*) /home/edward-san/zdoom/zandronum/sandbox/src/r_swrenderer.cpp:117
0000015 0x6c25f9 in D_Display() /home/edward-san/zdoom/zandronum/sandbox/src/d_main.cpp:961
0000016 0x6c50de in D_DoomLoop() /home/edward-san/zdoom/zandronum/sandbox/src/d_main.cpp:1358
0000017 0x6cc36c in D_DoomMain() /home/edward-san/zdoom/zandronum/sandbox/src/d_main.cpp:3219
0000018 0x5cd8e8 in main /home/edward-san/zdoom/zandronum/sandbox/src/sdl/i_main.cpp:371
0000019 0x7ffff129dec4 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21ec4)
0000020 0x5c2f65 (/home/edward-san/zdoom/zandronum/sandbox/debug/gcc5/zandronum+0x5c2f65)
0x7fffd4c61414 is located 990228 bytes inside of 1472848-byte region [0x7fffd4b6f800,0x7fffd4cd7150)
freed by thread T0 here:
#0 0x7ffff6f048ea in operator delete[](void*) (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x958ea)
#1 0x988172 in P_FreeLevelData() /home/edward-san/zdoom/zandronum/sandbox/src/p_setup.cpp:3783
0000002 0x644e6a in C_FullConsole() /home/edward-san/zdoom/zandronum/sandbox/src/c_console.cpp:1522
0000003 0x721310 in G_Ticker() /home/edward-san/zdoom/zandronum/sandbox/src/g_game.cpp:1423
0000004 0x6d73bd in TryRunTics() /home/edward-san/zdoom/zandronum/sandbox/src/d_net.cpp:1903
0000005 0x6c50d4 in D_DoomLoop() /home/edward-san/zdoom/zandronum/sandbox/src/d_main.cpp:1354
0000006 0x6cc36c in D_DoomMain() /home/edward-san/zdoom/zandronum/sandbox/src/d_main.cpp:3219
0000007 0x5cd8e8 in main /home/edward-san/zdoom/zandronum/sandbox/src/sdl/i_main.cpp:371
0000008 0x7ffff129dec4 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21ec4)
previously allocated by thread T0 here:
#0 0x7ffff6f043aa in operator new[](unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x953aa)
#1 0x978a6d in LoadZNodes(FileReaderBase&, int) /home/edward-san/zdoom/zandronum/sandbox/src/p_setup.cpp:1089
0000002 0x9796c1 in P_LoadZNodes(FileReader&, unsigned int) /home/edward-san/zdoom/zandronum/sandbox/src/p_setup.cpp:1238
0000003 0x989d2e in P_SetupLevel(char*, int) /home/edward-san/zdoom/zandronum/sandbox/src/p_setup.cpp:4169
0000004 0x740e0e in G_DoLoadLevel(int, bool) /home/edward-san/zdoom/zandronum/sandbox/src/g_level.cpp:1453
0000005 0x73d040 in G_InitNew(char const*, bool) /home/edward-san/zdoom/zandronum/sandbox/src/g_level.cpp:577
0000006 0x66f505 in CLIENT_ProcessCommand(long, BYTESTREAM_s*) /home/edward-san/zdoom/zandronum/sandbox/src/cl_main.cpp:1455
0000007 0x66f127 in CLIENT_ParsePacket(BYTESTREAM_s*, bool) /home/edward-san/zdoom/zandronum/sandbox/src/cl_main.cpp:1368
0000008 0x66e5ea in CLIENT_GetPackets() /home/edward-san/zdoom/zandronum/sandbox/src/cl_main.cpp:1101
0000009 0x721572 in G_Ticker() /home/edward-san/zdoom/zandronum/sandbox/src/g_game.cpp:1472
0000010 0x6d73bd in TryRunTics() /home/edward-san/zdoom/zandronum/sandbox/src/d_net.cpp:1903
0000011 0x6c4df0 in D_DoomLoop() /home/edward-san/zdoom/zandronum/sandbox/src/d_main.cpp:1305
0000012 0x6cc36c in D_DoomMain() /home/edward-san/zdoom/zandronum/sandbox/src/d_main.cpp:3219
0000013 0x5cd8e8 in main /home/edward-san/zdoom/zandronum/sandbox/src/sdl/i_main.cpp:371
0000014 0x7ffff129dec4 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21ec4)
SUMMARY: AddressSanitizer: heap-use-after-free /home/edward-san/zdoom/zandronum/sandbox/src/r_bsp.cpp:836 R_AddLine(seg_t*)
Shadow bytes around the buggy address:
0x10007a984230: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x10007a984240: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x10007a984250: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x10007a984260: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x10007a984270: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
=>0x10007a984280: fd fd[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd
0x10007a984290: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x10007a9842a0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x10007a9842b0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x10007a9842c0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x10007a9842d0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
==11783==ABORTING
And nope, I can't reproduce this offline. Do you need more info? |
|
|
|
|
|
If the crashes only happen if Zandronum was connected to a server at some point, then this build could improve the situation. Please let me know if it still crashes. |
|
|
|
|
|
30 tries with that build and no crash, so far so good |
|
|
|
|
|
Thanks for checking! I pushed the fix to the repository. Edward-san, can you check the fix under Linux? |
|
|
|
|
|
I don't see the fix in the repository.. |
|
|
|
|
|
Sorry, forgot to push to bitbucket. Should be there now. |
|
|
|
|
|
It fixed the issue for me, too. |
|
|
|
(0013137)
|
|
cobalt
|
|
2015-08-09 09:08
|
|
|
|
|
|
|
Thanks! I consider the 'disconnect" related crash issues to be resolved then. Please open a new ticket if the new builds still crash. |
|