MantisBT - Zandronum |
| View Issue Details |
|
| ID | Project | Category | View Status | Date Submitted | Last Update |
| 0003976 | Zandronum | [All Projects] Bug | public | 2022-02-17 10:51 | 2025-03-25 02:21 |
|
| Reporter | Goat-Avenger | |
| Assigned To | DrinkyBird | |
| Priority | high | Severity | crash | Reproducibility | always |
| Status | resolved | Resolution | fixed | |
| Platform | Linux | OS | Ubuntu | OS Version | 10.04 x86-64 |
| Product Version | 3.1 | |
| Target Version | 3.2 | Fixed in Version | 3.2 | |
|
| Summary | 0003976: Possible Problems With Dehacked Lumps in Vanilla Wads |
| Description | error message is as follows
---
zandornum-server: malloc.c:2379: sysmalloc: Assertion '(old_top == initial_top (av) && old_size == 0) || ((unsigned long) (old_size) >= MINSIZE && prev_inuse (old_top) && ((unsigned long) old_end & (pagesize -1)) == 0)' failed.
---
I have seen this happen enough times for it not to be a fluke; I know that much.
I am working with the 3.1 Release Linux Compatible server version.
Any wad that I have hosted, so far, that contains a DEHACKED lump, as in, an oldschool vanilla wad, crashes the server. I'm not sure if something specific does it; but, I have seen it happen on a player death and subsequent attempt of the server, in survival mode, to try and restart the level for another try, once everyone is dead. I can't be sure what exactly is causing it; but, I know the one common thread that always leads to it, is a vanilla type wad with a DEHACKED lump; haven't seen this problem in other situations.
INFO: zandornum-server: malloc.c:2379: sysmalloc: Assertion '(old_top == initial_top (av) && old_size == 0) || ((unsigned long) (old_size) >= MINSIZE && prev_inuse (old_top) && ((unsigned long) old_end & (pagesize -1)) == 0)' failed.
|
| Steps To Reproduce | ?run a linux server hosting a vanilla wad with a dehacked lump? |
| Additional Information | I can't really provide any better information than all of that, at this time; all I can say is, my current 3.1 linux compat servers simply can't host certain wads without definitely crashing very quickly, and my best guess is it has to do with dehacked lumps, since only servers hosting those types of wads have been crashing. My apologies for not trying to reproduce on the testing releases, will proceed to that, if it's necessary; as for the mercurial head, I'd have to track down fmod headers, which seems difficult to do... |
| Tags | No tags attached. |
| Relationships | | related to | 0004206 | confirmed | | Dropping DeHackEd-modded weapons when dying with SV_WeaponDrop crashes a Linux server |
|
| Attached Files |  gdbspam.txt (20,603) 2022-02-18 05:06
https://zandronum.com/tracker/file_download.php?file_id=2719&type=bug
asanspew.txt (6,422) 2022-02-18 05:21
https://zandronum.com/tracker/file_download.php?file_id=2720&type=bug |
|
| Issue History |
| Date Modified | Username | Field | Change |
| 2022-02-17 10:51 | Goat-Avenger | New Issue | |
| 2022-02-17 11:29 | DrinkyBird | Note Added: 0022128 | |
| 2022-02-17 12:50 | Goat-Avenger | Note Added: 0022129 | |
| 2022-02-17 14:52 | WaTaKiD | Note Added: 0022130 | |
| 2022-02-18 02:09 | Goat-Avenger | Note Added: 0022131 | |
| 2022-02-18 02:11 | Goat-Avenger | Note Edited: 0022131 | bug_revision_view_page.php?bugnote_id=22131#r13563 |
| 2022-02-18 02:20 | Goat-Avenger | Note Edited: 0022131 | bug_revision_view_page.php?bugnote_id=22131#r13564 |
| 2022-02-18 02:20 | Goat-Avenger | Note Edited: 0022131 | bug_revision_view_page.php?bugnote_id=22131#r13565 |
| 2022-02-18 02:23 | Goat-Avenger | Note Edited: 0022131 | bug_revision_view_page.php?bugnote_id=22131#r13566 |
| 2022-02-18 03:12 | WaTaKiD | Note Added: 0022132 | |
| 2022-02-18 03:16 | WaTaKiD | Note Edited: 0022132 | bug_revision_view_page.php?bugnote_id=22132#r13568 |
| 2022-02-18 04:17 | Goat-Avenger | Note Added: 0022133 | |
| 2022-02-18 04:40 | WaTaKiD | Note Added: 0022134 | |
| 2022-02-18 04:41 | Goat-Avenger | Note Added: 0022135 | |
| 2022-02-18 05:06 | DrinkyBird | File Added: gdbspam.txt | |
| 2022-02-18 05:06 | DrinkyBird | Note Added: 0022136 | |
| 2022-02-18 05:08 | DrinkyBird | Note Edited: 0022136 | bug_revision_view_page.php?bugnote_id=22136#r13570 |
| 2022-02-18 05:21 | DrinkyBird | File Added: asanspew.txt | |
| 2022-02-18 05:22 | DrinkyBird | Note Edited: 0022136 | bug_revision_view_page.php?bugnote_id=22136#r13571 |
| 2022-02-18 06:01 | DrinkyBird | Note Edited: 0022136 | bug_revision_view_page.php?bugnote_id=22136#r13572 |
| 2022-02-19 06:57 | DrinkyBird | Status | new => confirmed |
| 2022-02-20 05:36 | Kaminsky | Product Version | => 3.1 |
| 2022-02-20 05:36 | Kaminsky | Target Version | => 3.2 |
| 2022-08-31 17:56 | WaTaKiD | Note Added: 0022330 | |
| 2024-03-11 08:30 | Kaminsky | Relationship added | related to 0004206 |
| 2025-03-06 03:08 | DrinkyBird | Note Added: 0024234 | |
| 2025-03-06 03:08 | DrinkyBird | Note Edited: 0024234 | bug_revision_view_page.php?bugnote_id=24234#r14470 |
| 2025-03-06 11:54 | DrinkyBird | Note Added: 0024237 | |
| 2025-03-06 11:54 | DrinkyBird | Assigned To | => DrinkyBird |
| 2025-03-06 11:54 | DrinkyBird | Status | confirmed => needs review |
| 2025-03-09 20:29 | DrinkyBird | Status | needs review => needs testing |
| 2025-03-25 02:17 | Combinebobnt | Note Added: 0024319 | |
| 2025-03-25 02:18 | Combinebobnt | Note Edited: 0024319 | bug_revision_view_page.php?bugnote_id=24319#r14514 |
| 2025-03-25 02:21 | Ru5tK1ng | Status | needs testing => resolved |
| 2025-03-25 02:21 | Ru5tK1ng | Resolution | open => fixed |
| 2025-03-25 02:21 | Ru5tK1ng | Fixed in Version | => 3.2 |
|
Notes |
|
|
|
Is there a full crash log? Usually a file named zandronum-crash-xxxxxxx.log is dumped to the working directory.
Quote
I'd have to track down fmod headers, which seems difficult to do...
'https://zandronum.com/essentials/fmod/ [^]' |
|
|
|
|
The log didn't provide anything of use, that I could discern, except the following...
Adding dehacked patch somewad.wad:DEHACKED
[05:43:56] Script error, "zandronum.pk3:dehsupp.txt" line 291:
[05:43:56] Invalid state range in 'CacodemonBall'
[05:43:56]
[05:43:56] Could not load DEH support data
[05:43:56] Adding dehacked patch somewad.wad:DEHACKED
[05:43:56] Script error, "zandronum.pk3:dehsupp.txt" line 291:
[05:43:56] Invalid state range in 'CacodemonBall' |
|
|
|
|
|
please provide an example wad that can reproduce the crash |
|
|
|
(0022131)
|
|
Goat-Avenger
|
2022-02-18 02:09
(edited on: 2022-02-18 02:23) |
|
rudy2.wad produces a crash; same with mohawks2.wad
error message: malloc(): invalid size (unsorted)
to reproduce I hosted the wad in the latest testing linux server with 1 life survival and just got killed by the first shotgunner and imp in the first map. For mohawks2.wad, I just let the first few enemies take me out, and crash upon death.
|
|
|
|
(0022132)
|
|
WaTaKiD
|
2022-02-18 03:12
(edited on: 2022-02-18 03:16) |
|
|
|
|
|
I was able to reproduce on TSPG
Version:Stable: Zandronum 3.1 [TSPG-v26]
wad:rudy2.wad
Steps to reproduce: host rudy2.wad and get killed by first monsters in sight.
DMFlags 1600192516
DMFlags2 8390982
ZADMFlags 1024
CompatFlags 4
sv_nokill false
teamdamage 0.50
Game Mode: cooperative
Skill Level or Skill Number: hard
Lives: 1
connections: 8
players: 4 |
|
|
|
|
ok using that setup i was able to crash a tspg server, i joined, used a kill bind during the countdown, and the server went down with the log showing:
malloc(): memory corruption
however there doesnt seem to be a crash report, and this method still doesnt crash a windows local server |
|
|
|
|
|
Thnx for confirming. If there is any other info I can provide I will try to. I wasn't able to produce a crash report either. |
|
|
|
(0022136)
|
|
DrinkyBird
|
2022-02-18 05:06
(edited on: 2022-02-18 06:01) |
|
I managed to reproduce the crash with (official 3.1 Linux x86_64 build)
gdb --args ./zandronum-server -iwad ../doom2.wad -file ../rudy2.wad +dmflags 1600192516 +dmflags2 8390982 +zadmflags 1024 +compatflags 4 +sv_nokill false +teamdamage 0.50 +cooperative 1 +skill 3 +sv_maxlives 1 +sv_maxclients 8 +sv_maxplayers 4
Interestingly I originally mistyped dmflags2 as dmflags, and the crash didn't occur.
Zandronum didn't generate a crash report, but I ran through the same commands in gdb myself, output attached.
EDIT: I compiled with ASAN which reveals the source of the memory corruption. Attached.
EDIT 2: Seems likely that item is an ADehackedPickup being improperly casted to AWeapon?
DrinkyBird was burned by an imp.
--Type <RET> for more, q to quit, c to continue without paging--c
Thread 1 "zandronum-serve" hit Breakpoint 1, APlayerPawn::Die (this=0x555557fb5020, source=<optimized out>, inflictor=<optimized out>, dmgflags=0) at /home/zbuild/zandronum_build/zandronum/src/p_user.cpp:2013
2013 /home/zbuild/zandronum_build/zandronum/src/p_user.cpp: No such file or directory.
(gdb) f
#0 APlayerPawn::Die (this=0x555557fb5020, source=<optimized out>, inflictor=<optimized out>, dmgflags=0) at /home/zbuild/zandronum_build/zandronum/src/p_user.cpp:2013
2013 in /home/zbuild/zandronum_build/zandronum/src/p_user.cpp
(gdb) p item
$1 = (AInventory *) 0x55555807d760
(gdb) p item->StaticType()
[New Thread 0x7ffff5e13700 (LWP 40333)]
$3 = (PClass *) 0x55555712aea0 <ADehackedPickup::_StaticType>
|
|
|
|
|
|
this crash also seems to be reproducible with uprising.wad and can even crash windows servers, but only 64 bit (which as of writing doesnt give crash reports, but thatll be fixed in 3.2) |
|
|
|
|
|
|
|
|
|
|
|
(0024319)
|
|
Combinebobnt
|
2025-03-25 02:17
(edited on: 2025-03-25 02:18) |
|
I was able to produce a crash (by suiciding) in 3.1 on linux.
```
combinebobnt is toast!
Fatal glibc error: malloc assertion failure in _int_malloc: (unsigned long) (size) >= (unsigned long) (nb)
Aborted
```
I wasn't able to get a crash in v3.2-alpha-250323-2124 by suiciding in coop or survival+restart.
|
|