View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0006227The Dark ModCodingpublic11.01.2023 06:0322.11.2023 18:27
Reporternbohr1more Assigned Tostgatilov  
PriorityhighSeveritycrashReproducibilityrandom
Status resolvedResolutionfixed 
PlatformLinuxOSLinux MintOS Version19.3
Product VersionSVN 
Target VersionTDM 2.11Fixed in VersionTDM 2.11 
Summary0006227: Dictionary \ Hash crash in mission CoS: Pearls and Swine ( Linux )
DescriptionSometime after rev 10071, the mission "CoS: Pearls and Swine" began experiencing frequent random crashing

Appears to be a SEGFAULT happening when a hash is being created for the variable "pre_pickup_origin" ?

There is another code function that checks for pickup_* , I wonder if the two are colliding? ( probably not )

See thread:

https://forums.thedarkmod.com/index.php?/topic/21679-beta-testing-211/&do=findComment&comment=481956
Steps To Reproduce1) Launch TDM 2.11 dev build 10107 or newer
2) Noclip around the map until the crash is encountered
Additional InformationThis variable is anim_blends.cpp . The only notable changes there were a fix for BSD compile and changes
to Blackjack behavior. None the associated commits look problematic.

This bug may be due to an older issue with the card playing animation.
None of the other missions with card players exhibit this issue thus far?
TagsNo tags attached.
Attached Files
pearlsandswine_bt.txt (4,664 bytes)    
Color read from main ambient light 'ambient_world': 0.1 0.1 0.1

Changed location from '' to 'sewers1'.
The ambient 'snd_sewer' (darknessfalls_z) for location 'sewers1' is now playing.
]noclip
noclip ON
]notarget
notarget ON
--Type <RET> for more, q to quit, c to continue without paging--RET

Thread 1 "thedarkmod.x64" received signal SIGSEGV, Segmentation fault.
0x00000000004455d0 in idHashIndex::GenerateKey (this=0x98, 
    string=0x137f8cc "pre_pickup_origin", caseSensitive=false)
    at /home/user/tdm_src/new/darkmod_src/idlib/../idlib/containers/HashIndex.h:370
370			return ( idStr::IHash( string ) & hashMask );
(gdb) step
missed 551 sound updates
[ALSOFT] (EE) available update failed: Broken pipe
sig_handler (signum=840154931, info=0x402d33083f3c164d, 
    context=0x3f2da9ff3a169f5e)
    at /home/user/tdm_src/new/darkmod_src/sys/posix/posix_signal.cpp:82
82	static void sig_handler( int signum, siginfo_t *info, void *context ) {
(gdb) bt
#0  sig_handler (signum=840154931, info=0x402d33083f3c164d, 
    context=0x3f2da9ff3a169f5e)
    at /home/user/tdm_src/new/darkmod_src/sys/posix/posix_signal.cpp:82
#1  <signal handler called>
#2  0x00000000004455d0 in idHashIndex::GenerateKey (this=0x98, 
    string=0x137f8cc "pre_pickup_origin", caseSensitive=false)
    at /home/user/tdm_src/new/darkmod_src/idlib/../idlib/containers/HashIndex.h:370
#3  0x00000000006ee64f in idDict::FindKey (this=0x80, 
    key=0x137f8cc "pre_pickup_origin")
    at /home/user/tdm_src/new/darkmod_src/idlib/Dict.cpp:461
#4  0x0000000000445637 in idDict::GetString (this=0x80, 
    key=0x137f8cc "pre_pickup_origin", defaultString=0x137f8c6 "0 0 0", 
    out=0x7fffffffcee0)
    at /home/user/tdm_src/new/darkmod_src/idlib/../idlib/Dict.h:212
#5  0x00000000006ee217 in idDict::GetVector (this=0x80, 
    key=0x137f8cc "pre_pickup_origin", defaultString=0x137f8c6 "0 0 0", 
    out=...) at /home/user/tdm_src/new/darkmod_src/idlib/Dict.cpp:372
#6  0x00000000004e0636 in idDict::GetVector (this=0x80, 
    key=0x137f8cc "pre_pickup_origin", defaultString=0x137f8c6 "0 0 0")
    at /home/user/tdm_src/new/darkmod_src/idlib/../idlib/Dict.h:253
#7  0x0000000000a45298 in idAnim::CallFrameCommands (this=0x1a66b6e0, ent=
    0x1a6d8874, from=78, to=79, caller=0x1a6d929c)
--Type <RET> for more, q to quit, c to continue without paging--RET
    at /home/user/tdm_src/new/darkmod_src/game/anim/Anim_Blend.cpp:1404
#8  0x0000000000a482a1 in idAnimBlend::CallFrameCommands (this=0x1a6d929c, 
    ent=0x1a6d8874, fromtime=20939, totime=20947)
    at /home/user/tdm_src/new/darkmod_src/game/anim/Anim_Blend.cpp:2661
#9  0x0000000000a50879 in idAnimator::ServiceAnims (this=0x1a6d919c, 
    fromtime=20939, totime=20947)
    at /home/user/tdm_src/new/darkmod_src/game/anim/Anim_Blend.cpp:5107
#10 0x000000000054877f in idAnimatedEntity::UpdateAnimation (this=0x1a6d8874)
    at /home/user/tdm_src/new/darkmod_src/game/Entity.cpp:8235
#11 0x000000000094a7e1 in idAI::Think (this=0x1a6d8874)
    at /home/user/tdm_src/new/darkmod_src/game/ai/AI.cpp:2702
#12 0x00000000005a2ff7 in idGameLocal::RunFrame (this=0x1967500 <gameLocal>, 
    clientCmds=0x7fffffffd900, timestepMs=8, minorTic=false)
    at /home/user/tdm_src/new/darkmod_src/game/Game_local.cpp:3365
#13 0x00000000004ba026 in idSessionLocal::RunGameTic (
    this=0x19b50e0 <sessLocal>, timestepMs=8, minorTic=false)
    at /home/user/tdm_src/new/darkmod_src/framework/Session.cpp:3060
#14 0x00000000004ba411 in idSessionLocal::RunGameTics (
    this=0x19b50e0 <sessLocal>)
    at /home/user/tdm_src/new/darkmod_src/framework/Session.cpp:3106
#15 0x00000000004ba7d1 in idSessionLocal::ActivateFrontend (
    this=0x19b50e0 <sessLocal>)
    at /home/user/tdm_src/new/darkmod_src/framework/Session.cpp:3197
--Type <RET> for more, q to quit, c to continue without paging--RET
#16 0x00000000007b4f3c in idRenderSystemLocal::EndFrame (this=0x2269cc0 <tr>, 
    frontEndMsec=0x0, backEndMsec=0x0)
    at /home/user/tdm_src/new/darkmod_src/renderer/RenderSystem.cpp:644
#17 0x00000000004b9021 in idSessionLocal::UpdateScreen (
    this=0x19b50e0 <sessLocal>, outOfSequence=false)
    at /home/user/tdm_src/new/darkmod_src/framework/Session.cpp:2779
#18 0x0000000000465b8e in idCommonLocal::Frame (this=0x19900c0 <commonLocal>)
    at /home/user/tdm_src/new/darkmod_src/framework/Common.cpp:2540
#19 0x0000000000d3e923 in main (argc=1, argv=0x7fffffffe018)
    at /home/user/tdm_src/new/darkmod_src/sys/posix/platform_linux.cpp:489
(gdb) RET
Undefined command: "RET".  Try "help".
(gdb) quit
A debugging session is active.

	Inferior 1 [process 28503] will be killed.

Quit anyway? (y or n) y
user@user-DX4870:~/211darkmod/trunk2$
pearlsandswine_bt.txt (4,664 bytes)   

Activities

nbohr1more

nbohr1more

12.01.2023 03:57

developer   ~0015760

Rev 16730

Revert changes to tdm_prop_items.def in Rev 16603
stgatilov

stgatilov

12.01.2023 08:29

administrator   ~0015761

I can't believe this change is the cause of the problem.
Also, hash collision does not cause a crash.

It is some kind of "use after delete" problem.
Or some idDict is used from non-game thread: that can break access to any idDict, since they all store their strings in global pool.
stgatilov

stgatilov

12.01.2023 08:32

administrator   ~0015762

You can try to set "com_smp 0" and "r_useParallelAddModels 0".
Most probably the issue will go away --- that means idDict is used from wrong thread.

I don't think the problem is not fixed, it probably just stopped happening based of luck, or moved to a different place.
stgatilov

stgatilov

12.01.2023 08:35

administrator   ~0015763

Oh, the commit 16603 by Dragofer actually changes something.
It replaces "replace_anim_idle_sit_tap01" animation from "idle_sit_drink" (which is last, so probably took effect?) to "bottle_putdown".
Maybe the new animation was causing the problem?
Maybe Dragofer can clarify what was done in the original commit?...
stgatilov

stgatilov

12.01.2023 08:41

administrator   ~0015764

Yeah, in idDeclEntityDef::Parse I see:

  while (1) {
        ...
        if ( dict.FindKey( token ) ) {
            src.Warning( "'%s' already defined", token.c_str() );
        }
        dict.Set( token, token2 );
  }

So if entityDef describes some spawnarg twice, the last value should take effect.

So the original commit was actually changing the value of "replace_anim_idle_sit_tap01" from "idle_sit_drink" to "bottle_putdown".
Was it intended?
nbohr1more

nbohr1more

12.01.2023 12:26

developer   ~0015765

Disabling com_smp and r_useParallelAddModels does not cure the crash, nor does changing to other defaults like hard stencil shadows (etc).

Yes, I believe that the original replacement design is broken \ mistaken.

Dragofer fixed the broken definition but in doing so, uncovered a bug in the way that the "pre_pickup_origin" is tracked.

Reverting the def, prevents the bug from presenting itself in this mission.
stgatilov

stgatilov

12.01.2023 19:45

administrator   ~0015768

I removed duplicate spawnarg in svn rev 16732.
It should give no warning again, but this time the effective spawnarg value should be as it was before rev 16603.
nbohr1more

nbohr1more

13.01.2023 00:39

developer   ~0015769

Last edited: 13.01.2023 00:39

 Thank you!

No crashes with the latest def version even with com_smp (etc) enabled.
Dragofer

Dragofer

22.11.2023 18:23

developer   ~0016182

Last edited: 22.11.2023 18:26

 It doesn't look like my change was fully intended. Before rev 16603 we had these spawnargs in this order:
    "replace_anim_idle_sit_tap01" "bottle_putdown"
    "replace_anim_idle_sit_tap01" "idle_sit_drink"

I guess the double definition or something else about this caused a warning in my mod-wide bug hunt, so I commented one out:
    "replace_anim_idle_sit_tap01" "bottle_putdown"
    //"replace_anim_idle_sit_tap01" "idle_sit_drink"

In fact "bottle_putdown" should've been the one that got commented out. Then this spawnarg would've been consistent with the other idle sit anim replacements:
    "replace_anim_idle_sit_shift1" "idle_sit_drink"
    "replace_anim_idle_sit_cough01" "idle_sit_drink"
    "replace_anim_idle_sit_armdrop01" "idle_sit_drink"

Rev 16732 now appears to be the correct fix to the original issue with the def.

Issue History

Date Modified Username Field Change
11.01.2023 06:03 nbohr1more New Issue
11.01.2023 06:03 nbohr1more Status new => assigned
11.01.2023 06:03 nbohr1more Assigned To => stgatilov
11.01.2023 06:03 nbohr1more File Added: pearlsandswine_bt.txt
12.01.2023 03:57 nbohr1more Note Added: 0015760
12.01.2023 03:58 nbohr1more Assigned To stgatilov => nbohr1more
12.01.2023 03:58 nbohr1more Status assigned => resolved
12.01.2023 03:58 nbohr1more Resolution open => fixed
12.01.2023 03:58 nbohr1more Fixed in Version => TDM 2.11
12.01.2023 04:12 nbohr1more Steps to Reproduce Updated
12.01.2023 08:29 stgatilov Note Added: 0015761
12.01.2023 08:29 stgatilov Status resolved => feedback
12.01.2023 08:29 stgatilov Resolution fixed => reopened
12.01.2023 08:32 stgatilov Note Added: 0015762
12.01.2023 08:35 stgatilov Note Added: 0015763
12.01.2023 08:41 stgatilov Note Added: 0015764
12.01.2023 12:26 nbohr1more Note Added: 0015765
12.01.2023 14:12 nbohr1more Summary Hashmap crash in mission CoS: Pearls and Swine ( Linux ) => Dictionary \ Hash crash in mission CoS: Pearls and Swine ( Linux )
12.01.2023 19:45 stgatilov Note Added: 0015768
13.01.2023 00:39 nbohr1more Note Added: 0015769
13.01.2023 00:39 nbohr1more Note Edited: 0015769
13.01.2023 00:40 nbohr1more Assigned To nbohr1more => stgatilov
13.01.2023 00:40 nbohr1more Status feedback => resolved
13.01.2023 00:40 nbohr1more Resolution reopened => fixed
22.11.2023 18:23 Dragofer Note Added: 0016182
22.11.2023 18:24 Dragofer Note Edited: 0016182
22.11.2023 18:24 Dragofer Note Edited: 0016182
22.11.2023 18:26 Dragofer Note Edited: 0016182