Beta builds crashing
#1
Several different times, and seemingly randomly, the windows builds crashed with a runtime error. (I'm sorry I can't be more specific...the other guys couldn't remember what the error said...it wasn't terribly helpful, just a runtime error).

The linux build crashed once with this:

terminate called after throwing an instance of 'valbaseptridxutil_t<segment, short>::null_pointer_exception'
  what():  NULL pointer used
Aborted (core dumped)
Reply
#2
Please post steps to reproduce the abort or a gdb backtrace of the core file.
Reply
#3
How do I do a gdb backtrace of the core file?
Reply
#4
gdb -batch -ex 'bt full' -ex q /path/to/d2x-rebirth /path/to/core
Reply
#5
Code:
Program terminated with signal SIGABRT, Aborted.
#0  0x00007fa1aace94b7 in raise () from /usr/lib/libc.so.6
#0  0x00007fa1aace94b7 in raise () from /usr/lib/libc.so.6
No symbol table info available.
#1  0x00007fa1aacea88a in abort () from /usr/lib/libc.so.6
No symbol table info available.
#2  0x00007fa1ab5d4fcd in __gnu_cxx::__verbose_terminate_handler() () from /usr/lib/libstdc++.so.6
No symbol table info available.
#3  0x00007fa1ab5d2e56 in __cxxabiv1::__terminate(void (*)()) () from /usr/lib/libstdc++.so.6
No symbol table info available.
#4  0x00007fa1ab5d2ea1 in std::terminate() () from /usr/lib/libstdc++.so.6
No symbol table info available.
#5  0x00007fa1ab5d30b8 in __cxa_throw () from /usr/lib/libstdc++.so.6
No symbol table info available.
#6  0x0000000000452eec in extract_quaternionpos(vobjptridx_t, quaternionpos*, int) ()
No symbol table info available.
#7  0x00000000004c4695 in net_udp_process_packet(unsigned char*, _sockaddr const&, int) ()
No symbol table info available.
#8  0x00000000004c487d in net_udp_listen() ()
No symbol table info available.
#9  0x00000000004c6100 in net_udp_do_frame(int, int) ()
No symbol table info available.
#10 0x00000000004790cd in multi_do_frame() ()
No symbol table info available.
#11 0x0000000000448875 in game_handler(window*, d_event const&, unused_window_userdata_t const*) ()
No symbol table info available.
#12 0x0000000000412220 in window_send_event(window&, d_event const&) ()
No symbol table info available.
#13 0x0000000000423933 in event_process() ()
No symbol table info available.
#14 0x000000000040af60 in main ()
No symbol table info available.

This was with a non-debug build. If I can get people to test, I can try to get you one from a debug build if you need it.
Reply
#6
That is enough to get a general idea.  It would be better if release builds were still built with full symbols, which would improve the backtrace.  I modified the build script to do this.

This backtrace shows that a player object was about to link into an invalid segment.  Did this happen right as someone joined or died?

If I had to guess, I would blame Removed short packets and added segment number to quaternion structure.  It came after 0.58.1, added the line that reads the segment number from untrusted input, and the only validation is a debug-mode assertion.  The invalid segment is probably -1.  You can check this by reading the quaternion member segment.  Unfortunately, without symbols, finding it would require searching the stack by hand.  If you can reproduce the crash, even intermittently, it may be faster to rebuild with debug symbols, then reproduce the crash and get the segment number from the new core.

The client which sent that quaternion should not have sent it, but the client that received it needs to validate it anyway.
Reply
#7
I'll try to do some testing tomorrow for this. Is it likely that the crash is the same on Windows and Linux? As I said, it only crashed once for me, while it crashed 3 or 4 times for the two other testers (both of them on Windows, and me hosting).
Reply
#8
The faulting function is present in the Windows build and would be triggered under the same conditions, so it is possible.  The crash depends on a remote player sending an ill-formed position update.
Reply
#9
Here you go:

Code:
[john@john-pc ~]$ gdb -batch -ex 'bt full' -ex q /usr/bin/d1x-debug ./*dump*
[New LWP 8953]
[New LWP 8956]
[New LWP 8955]

warning: Could not load shared library symbols for linux-vdso.so.1.
Do you need "set solib-search-path" or "set sysroot"?
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/usr/lib/libthread_db.so.1".
Core was generated by `d1x-debug'.
Program terminated with signal SIGABRT, Aborted.
#0  0x00007f77576be4b7 in raise () from /usr/lib/libc.so.6
#0  0x00007f77576be4b7 in raise () from /usr/lib/libc.so.6
No symbol table info available.
#1  0x00007f77576bf88a in abort () from /usr/lib/libc.so.6
No symbol table info available.
#2  0x00007f77576b741d in __assert_fail_base () from /usr/lib/libc.so.6
No symbol table info available.
#3  0x00007f77576b74d2 in __assert_fail () from /usr/lib/libc.so.6
No symbol table info available.
#4  0x000000000045372d in get_verts_for_normal (va=<optimized out>, vb=<optimized out>, vc=<optimized out>, vd=<optimized out>, v0=v0@entry=0x7fffc139e538, v1=v1@entry=0x7fffc139e53c, v2=0x7fffc139e540, v3=0x7fffc139e544, negate_flag=0x7fffc139e548) at similar/main/gameseg.cpp:1289
        v = {_M_elems = {49, 336, 336, 337}}
        w = {_M_elems = {2, 1, 0, 3}}
        __PRETTY_FUNCTION__ = "void get_verts_for_normal(int, int, int, int, int*, int*, int*, int*, int*)"
#5  0x0000000000454d3a in create_walls_on_side (sp=..., sidenum=0) at similar/main/gameseg.cpp:1391
        vm1 = 330
        dist_to_plane = <optimized out>
        v0 = <optimized out>
        v3 = <optimized out>
        __PRETTY_FUNCTION__ = "void create_walls_on_side(vsegptridx_t, int)"
        vm2 = 335
        v1 = <optimized out>
        vm0 = 329
        vm3 = 336
        negate_flag = 1
        v2 = <optimized out>
        vn = {x = 0, y = 0, z = 65536}
#6  0x00000000004555dd in validate_segment_side (sp=..., sidenum=sidenum@entry=0) at similar/main/gameseg.cpp:1457
No locals.
#7  0x000000000045594b in validate_segment (sp=...) at similar/main/gameseg.cpp:1482
        side = 0
#8  0x00000000004563f0 in validate_segment_all () at similar/main/gameseg.cpp:1497
No locals.
#9  0x000000000044eafc in load_mine_data_compiled (LoadFile=0x2487b30) at similar/main/gamemine.cpp:1023
        bit_mask = <optimized out>
        __func__ = "load_mine_data_compiled"
        __PRETTY_FUNCTION__ = "int load_mine_data_compiled(PHYSFS_File*)"
        temp_ushort = <optimized out>
#10 0x00000000004511a1 in load_level (filename_passed=filename_passed@entry=0x2396db0 "logic.rdl") at similar/main/gamesave.cpp:1313
        LoadFile = {<std::unique_ptr<PHYSFS_File, PHYSFS_File_deleter>> = std::unique_ptr<PHYSFS_File> containing 0x2487b30, <No data fields>}
        __func__ = "load_level"
        __PRETTY_FUNCTION__ = "int load_level(const char*)"
        filename = "logic.rdl\000\060\002\000\000\000\000\t\000\000\000\000\000\000\000\255\036`\000\000\000\000\000\001\000\000\000\000\000\000\000\244\201\000\000\350\003\000\000\350\003", '\000' <repeats 23 times>, "\020\000\000\000\000\000\000\b\000\000\000\000\000\000\000X\232\061U\000\000\000\000\004\242f\017\000\000\000\000\300\006\061R\000\000\000\000\370 q\000\000\000\000\000Xq1\002\000\000\000\000\000\000\000\000fringe", '\000' <repeats 22 times>, "\001\000\000\000\000\000\000\000\361\201G", '\000' <repeats 13 times>, "m\254G\000\000\000\000\000 .0\002\000\000\000\000"...
        mine_err = <optimized out>
#11 0x0000000000457928 in LoadLevel (level_num=1, page_in_textures=1) at similar/main/gameseq.cpp:679
        save_player = {<prohibit_void_ptr<player>> = {<No data fields>}, callsign = {static array_length = 9, a = {_M_elems = "james\000\000\000"}}, connected = 1 '\001', objnum = 74, flags = 14, energy = 6488064, shields = 6553600, lives = 3 '\003', level = 1 '\001', laser_level = 0 '\000', starting_level = 0 '\000', killer_objnum = -1, primary_weapon_flags = 1 '\001', secondary_weapon_flags = 1 '\001', vulcan_ammo = 0, secondary_ammo = {_M_elems = {3, 0, 0, 0, 0}}, last_score = 0, score = 0, time_level = 0, time_total = 0, cloak_time = 0, invulnerable_time = 0, KillGoalCount = 0, net_killed_total = 0, net_kills_total = 0, num_kills_level = 0, num_kills_total = 0, num_robots_level = 0, num_robots_total = 0, hostages_rescued_total = 0, hostages_total = 0, hostages_on_board = 0 '\000', hostages_level = 0 '\000', homing_object_dist = -65536, hours_level = 0 '\000', hours_total = 0 '\000'}
        __PRETTY_FUNCTION__ = "void LoadLevel(int, int)"
        level_name = @0x2396db0: {<ntstring<12ul>> = {<prohibit_void_ptr<ntstring<12ul> >> = {<No data fields>}, <std::array<char, 13ul>> = {_M_elems = "logic.rdl\000\000\000"}, <No data fields>}, <No data fields>}
#12 0x000000000048c842 in newdemo_read_frame_information (rewrite=0) at similar/main/newdemo.cpp:3027
        new_level = 1 '\001'
        old_level = 1 '\001'
        loaded_level = -7 '\371'
        done = -1053164352
        angle = 0
        volume = 0
        c = 28 '\034'
        __PRETTY_FUNCTION__ = "int newdemo_read_frame_information(int)"
        side = 0
        soundno = 0
#13 0x00000000004908ce in newdemo_playback_one_frame () at similar/main/newdemo.cpp:3578
        frames_back = <optimized out>
        level = <optimized out>
        base_interpol_time = 0
        d_recorded = 0
#14 0x0000000000490e95 in newdemo_start_playback (filename=filename@entry=0x0) at similar/main/newdemo.cpp:3922
        rnd_demo = PURPOSE_RANDOM_PLAY
        filename2 = "demos/dcl_neg_afp_logic_obs.dem", '\000' <repeats 4077 times>
#15 0x000000000047742d in main_menu_handler (menu=<optimized out>, event=..., menu_choice=0x20d4bb0) at similar/main/menu.cpp:481
        items = <optimized out>
#16 0x0000000000494bdd in newmenu_handler (wind=0x20dcae0, event=..., menu=0x20c7bf0) at similar/main/newmenu.cpp:1474
        rval = <optimized out>
#17 0x0000000000412bb0 in window_send_event (wind=..., event=...) at common/arch/sdl/window.cpp:206
        r = <optimized out>
#18 0x000000000042480b in event_send (event=...) at similar/arch/sdl/event.cpp:128
        wind = 0x20dcae0
        handled = window_event_result::ignored
#19 0x0000000000424a17 in event_poll () at similar/arch/sdl/event.cpp:84
        ievent = {type = EVENT_IDLE}
        event = {type = 0 '\000', active = {type = 0 '\000', gain = 0 '\000', state = 0 '\000'}, key = {type = 0 '\000', which = 0 '\000', state = 0 '\000', keysym = {scancode = 0 '\000', sym = SDLK_UNKNOWN, mod = KMOD_NONE, unicode = 0}}, motion = {type = 0 '\000', which = 0 '\000', state = 0 '\000', x = 0, y = 0, xrel = 0, yrel = 0}, button = {type = 0 '\000', which = 0 '\000', button = 0 '\000', state = 0 '\000', x = 0, y = 0}, jaxis = {type = 0 '\000', which = 0 '\000', axis = 0 '\000', value = 0}, jball = {type = 0 '\000', which = 0 '\000', ball = 0 '\000', xrel = 0, yrel = 0}, jhat = {type = 0 '\000', which = 0 '\000', hat = 0 '\000', value = 0 '\000'}, jbutton = {type = 0 '\000', which = 0 '\000', button = 0 '\000', state = 0 '\000'}, resize = {type = 0 '\000', w = 0, h = 0}, expose = {type = 0 '\000'}, quit = {type = 0 '\000'}, user = {type = 0 '\000', code = 0, data1 = 0x0, data2 = 0x0}, syswm = {type = 0 '\000', msg = 0x0}}
        clean_uniframe = 1
        wind = 0x20dcae0
        idle = 1
#20 0x0000000000424a48 in event_process () at similar/arch/sdl/event.cpp:150
        event = {type = EVENT_WINDOW_DRAW}
        wind = 0x20dcae0
#21 0x000000000040b725 in main (argc=<optimized out>, argv=<optimized out>) at similar/main/inferno.cpp:556
        __func__ = "main"
Reply
#10
That's all in D1, this happened in D2:

Code:
[New LWP 9913]
[New LWP 9915]
[New LWP 9916]

warning: Could not load shared library symbols for linux-vdso.so.1.
Do you need "set solib-search-path" or "set sysroot"?
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/usr/lib/libthread_db.so.1".
Core was generated by `d2x-debug'.
Program terminated with signal SIGABRT, Aborted.
#0  0x00007fbf7bfd64b7 in raise () from /usr/lib/libc.so.6
#0  0x00007fbf7bfd64b7 in raise () from /usr/lib/libc.so.6
No symbol table info available.
#1  0x00007fbf7bfd788a in abort () from /usr/lib/libc.so.6
No symbol table info available.
#2  0x00007fbf7c8c1fcd in __gnu_cxx::__verbose_terminate_handler() () from /usr/lib/libstdc++.so.6
No symbol table info available.
#3  0x00007fbf7c8bfe56 in __cxxabiv1::__terminate(void (*)()) () from /usr/lib/libstdc++.so.6
No symbol table info available.
#4  0x00007fbf7c8bfea1 in std::terminate() () from /usr/lib/libstdc++.so.6
No symbol table info available.
#5  0x00007fbf7c8c00b8 in __cxa_throw () from /usr/lib/libstdc++.so.6
No symbol table info available.
#6  0x00000000004afab7 in check_index_range<object_array_t> (s=<optimized out>, a=...) at common/include/valptridx.h:80
No locals.
#7  vvalptr_t<object_array_t> (i=<optimized out>, a=..., this=<optimized out>) at common/include/valptridx.h:444
No locals.
#8  valptridx_template_t (s=<optimized out>, this=<optimized out>) at common/include/valptridx.h:377
No locals.
#9  vobjptridx_t (this=<optimized out>) at common/main/object.h:426
No locals.
#10 multi_robot_request_change (robot=<error reading variable: Cannot access memory at address 0x26b9>, player_num=9913) at similar/main/multibot.cpp:1203
        dummy = -1 '\377'
#11 0x00000000004459f5 in collide_robot_and_weapon (robot=..., weapon=..., collision_point=...) at similar/main/collide.cpp:1706
        expl_obj = <optimized out>
        damage_flag = 1
        boss_invul_flag = <optimized out>
#12 0x0000000000446e8e in collide_two_objects (A=..., B=..., collision_point=...) at similar/main/collide.cpp:2530
        at = <optimized out>
        bt = <optimized out>
        collision_type = <optimized out>
#13 0x00000000004c7e47 in do_physics_sim (obj=...) at similar/main/physics.cpp:680
        size0 = <optimized out>
        hit = {<prohibit_void_ptr<vobjptridx_t>> = {<No data fields>}, <valptridx_template_t<true, object, short, object_magic_constant_t, object>> = {<vvalptr_t<object, short>> = {<valptr_t<object, short>> = {<valbaseptridxutil_t<object, short>> = {<No data fields>}, p = 0x103f170 <Objects+23600>}, <No data fields>}, <vvalidx_t<object, short, object_magic_constant_t>> = {<validx_t<object, short, object_magic_constant_t>> = {<valbaseptridxutil_t<object, short>> = {<No data fields>}, i = <optimized out>}, <No data fields>}, <No data fields>}, <No data fields>}
        ppos1 = <optimized out>
        size1 = <optimized out>
        ppos0 = @0x103f180: {x = 939033, y = -834891, z = 10472350}
        pos_hit = {x = 941427, y = -848263, z = 10483667}
        old_vel = {x = -456389, y = 295038, z = -1636555}
        frame_vec = {x = -15515, y = 10030, z = -55637}
        new_pos = {x = 964920, y = -1056103, z = 10612418}
        iseg = <optimized out>
        save_seg = <optimized out>
        fate = 2
        WallHitSeg = <optimized out>
        drag = <optimized out>
        obj_stopped = 0
        __PRETTY_FUNCTION__ = "void do_physics_sim(vobjptridx_t)"
        sim_time = 2228
        moved_time = <optimized out>
        ignore_obj_list = {a = {_M_elems = {-12576, -31971, 32766, 0, -12464, -31971, 32766, 0, 718, 0, 0, 0, 13943, 65, 0, 0, 1228, -36, -1004, 14, -6599, -132, 0, 0, -24968, 259, 0, 0, 3477, 67, 0, 0, -12464, -31971, 32766, 0, 15744, 269, 0, 0, -24496, 259, 0, 0, -1552, 721, 2, 0, 4, 0, 0, 0, -23760, 259, 0, 0, 1000, 0, 0, 0, 0, 0, 3, 0, 26429, 147, 1, 0, -24496, 259, 0, 0, 40, 0, 0, 0, 15744, 269, 0, 0, 0, 0, 0, 0, -13111, 32009, 32703, 0, 0, 0, 0, 0, -1, -1, 0, 0, -1445, -1, 20365, 0}}, e = 0x7ffe831dcce0}
        count = <optimized out>
        hit_info = {<prohibit_void_ptr<fvi_info>> = {<No data fields>}, hit_type = 2, hit_pnt = {x = 980435, y = -1066133, z = 10668055}, hit_seg = 573, hit_side = -1, hit_side_seg = 718, hit_object = 50, hit_wallnorm = {x = 0, y = 0, z = 65536}, seglist = {<count_array_t<short, 100ul>> = {<base_count_array_t<unsigned int>> = {m_count = 0}, m_bytes = {_M_elems = "\212\002", '\000' <repeats 18 times>, "\320\315\035\203\376\177\000\000\001\000\000\000\000\000\000\000 \316\035\203\376\177\000\000\000\000\000\000\000\000\000\000(\242\003\001\000\000\000\000\a\000\232\000\000\000\000\000P\240\003\001\000\000\000\000\005\000F\000\000\000\000\000P\317\035\203\376\177\000\000\000\231\003\001\000\000\000\000\000\000Z\004\065\274\004\000\020\317\035\203\376\177\000\000V\005\000\000\000\000\000\000\020\004\020\000\000\000\000\000\020\276\337\001\000\000\000\000\353nYp\277\177\000\000\002\005\000\000\001\005\000\000 \005\000\000\035\005\000\000D\006\357\001\000\000\000\000\240\266\325\001\000\000\000\000\001\000\000\000\000\000\000\000\002\005\000\000\001\005\000\000 \005\000"}}, <No data fields>}}
        save_pos = {x = 980435, y = -1066133, z = 10668055}
        start_pos = {x = 980435, y = -1066133, z = 10668055}
        orig_segnum = 573
        try_again = 0
        ipos = <optimized out>
        WallHitSide = <optimized out>
        fq = {<prohibit_void_ptr<fvi_query>> = {<No data fields>}, p0 = 0x103a238 <Objects+3320>, p1 = 0x7ffe831dcae0, startseg = 573, thisobjnum = 7, rad = 429512, ignore_obj_list = {first = 0x7ffe831dcce0, second = 0x7ffe831dcce0}, flags = 1}
        bounced = 0
#14 0x00000000004c44c8 in object_move_one (obj=...) at similar/main/object.cpp:1699
        __func__ = "object_move_one"
        __PRETTY_FUNCTION__ = "void object_move_one(vobjptridx_t)"
#15 0x00000000004c4e58 in object_move_all () at similar/main/object.cpp:1828
        objp = {<prohibit_void_ptr<vobjptridx_t>> = {<No data fields>}, <valptridx_template_t<true, object, short, object_magic_constant_t, object>> = {<vvalptr_t<object, short>> = {<valptr_t<object, short>> = {<valbaseptridxutil_t<object, short>> = {<No data fields>}, p = 0x103a228 <Objects+3304>}, <No data fields>}, <vvalidx_t<object, short, object_magic_constant_t>> = {<validx_t<object, short, object_magic_constant_t>> = {<valbaseptridxutil_t<object, short>> = {<No data fields>}, i = 7}, <No data fields>}, <No data fields>}, <No data fields>}
#16 0x000000000045b38b in GameProcessFrame () at similar/main/game.cpp:1326
No locals.
#17 game_handler (event=...) at similar/main/game.cpp:1109
No locals.
#18 0x0000000000412500 in window_send_event (wind=..., event=...) at common/arch/sdl/window.cpp:206
        r = <optimized out>
#19 0x0000000000429183 in event_process () at similar/arch/sdl/event.cpp:163
        prev = 0x1f415a0
        event = {type = EVENT_WINDOW_DRAW}
        wind = 0x2b8d590
#20 0x000000000040b02a in main (argc=<optimized out>, argv=<optimized out>) at similar/main/inferno.cpp:556
        __func__ = "main"
Reply


Forum Jump:


Users browsing this thread: 2 Guest(s)