Bug #1326

Firing weapon on map "dfwc03-2" crashes game with signal 11

Added by S1lencer almost 2 years ago. Updated 11 months ago.

Status:FeedbackStart date:09/29/2012
Priority:NormalDue date:
Assignee:divVerent% Done:

0%

Category:Engine
Target version:0.8

Description

Bug reported by lucky1, I just filed it here.


version used: xonotic 0.6.0 ("MQC Build information: xonotic-v0.6.0")
executable used: xonotic-linux64-glx (Also confirmed to happen with "xonotic-linux64-sdl". however in that case xonotic reports errors as "Segmentation fault", rather than signal 11.)

Video resolution used in all cfg is 1680x1050 windowed.
Map used was "dfwc03-2". as far as i know, all of these bugs are specific to only this map.

--Part one--

1.cfg (all graphic effect settings as low as possible except soft shadows + what is needed to enable it.)
1.mpeg (A video showin this bug. 1920x1200 but still extremely low quality. Lower resolution/higher quality can be provided upon request)

map loads fine but when a weapon is shot, game crashes.

Error (as reported by xonotic):
Received signal 11, exiting...

Error (as reported by gdb):
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff636a280 in ?? () from /lib/x86_64-linux-gnu/libc.so.6

--Part two--

2.cfg ("Normal" graphic effect quality preset. "High" and "Ultra" should also cause this behavior.)
2.mpeg (A video showin this bug. 1920x1200 but still extremely low quality. Lower resolution/higher quality can be provided upon request)

game crashes as soon as game tries to render the world.

Error (as reported by xonotic):
Received signal 11, exiting...

Error (as reported by gdb):
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff636a280 in ?? () from /lib/x86_64-linux-gnu/libc.so.6

--Part three--

3.cfg (A working configuration. The expected behavior. No problems to report. "Medium" quality preset. "Low" should also work.)

Further information available upon request.
-Lucky1

dfwc03-2.pk3 - MD5 sum: ab4365dbcbc9d2b8fa9b5f1fadeb51df (3.99 MB) S1lencer, 09/29/2012 03:35 am

1.cfg - MD5 sum: 8c405b89984113e8eb1f6b62dd533985 (3.83 KB) S1lencer, 09/29/2012 03:35 am

2.cfg - MD5 sum: aadb984a74e8bcbb942a1863ec31108d (3.35 KB) S1lencer, 09/29/2012 03:35 am

2.mpeg - MD5 sum: 3cd4df6fafe56aebc815d6b4f68db316 (4.93 MB) S1lencer, 09/29/2012 03:35 am

3.cfg - MD5 sum: 12a099671b21650bcd01d3e38abd8dbe (3.51 KB) S1lencer, 09/29/2012 03:35 am

xonotic20120929123941-00.jpg - Screenshot using 3.cfg (184 KB) MrBougo, 09/29/2012 12:43 pm

xonotic20130713131334-00.jpg (81.7 KB) MrBougo, 07/13/2013 01:16 pm

444
629

History

#1 Updated by MrBougo almost 2 years ago

I'm testing this using vanilla settings in a git build made 20 minutes ago. I'm also using SDL.

Here's the backtrace with vanilla settings:

Program received signal SIGSEGV, Segmentation fault.
0xb7cb3a3a in __memcpy_ssse3 () from /usr/lib/libc.so.6
(gdb) bt
#0  0xb7cb3a3a in __memcpy_ssse3 () from /usr/lib/libc.so.6
#1  0xb7cb1c75 in __memcpy_ssse3 () from /usr/lib/libc.so.6
#2  0x08160326 in RSurf_PrepareVerticesForBatch (batchneed=12416, texturenumsurfaces=1, texturesurfacelist=0xa5187a0) at gl_rmain.c:9316
#3  0x08164f21 in R_DrawTextureSurfaceList_DepthOnly (texturenumsurfaces=1, texturesurfacelist=0xa5187a0) at gl_rmain.c:10521
#4  0x08165009 in R_ProcessWorldTextureSurfaceList (texturenumsurfaces=1, texturesurfacelist=0xa5187a0, writedepth=false, depthonly=true, prepass=false) at gl_rmain.c:10533
#5  0x081653b3 in R_QueueWorldSurfaceList (numsurfaces=6, surfacelist=0xa5187a0, flagsmask=64, writedepth=false, depthonly=true, prepass=false) at gl_rmain.c:10602
#6  0x08169bf1 in R_DrawWorldSurfaces (skysurfaces=false, writedepth=false, depthonly=true, debug=false, prepass=false) at gl_rmain.c:11709
#7  0x0816c43a in R_Q1BSP_DrawDepth (ent=0xf495634) at gl_rsurf.c:650
#8  0x08156ce3 in R_RenderScene (fbo=0, depthtexture=0x0, colortexture=0x0) at gl_rmain.c:7082
#9  0x0815687a in R_RenderView () at gl_rmain.c:6971
#10 0x080be67c in VM_CL_R_RenderScene (prog=0x932f150 <prvm_prog_list+236688>) at clvm_cmds.c:3270
#11 0x0824bd85 in CLVM_ExecuteProgram (prog=0x932f150 <prvm_prog_list+236688>, fnum=721, errormessage=0x83249d4 "QC function CSQC_UpdateView is missing") at prvm_execprogram.h:353
#12 0x080def86 in CL_VM_UpdateView () at csprogs.c:489
#13 0x080a567d in SCR_DrawScreen () at cl_screen.c:1744
#14 0x080a7874 in CL_UpdateScreen () at cl_screen.c:2477
#15 0x0817c8bc in Host_Main () at host.c:1012
#16 0x0804b191 in main (argc=7, argv=0xbffff7c4) at sys_sdl.c:201

Using 1.cfg: world loads but the game segfaults when shooting (tested with shotgun):

Program received signal SIGSEGV, Segmentation fault.
0xb7cb3a3a in __memcpy_ssse3 () from /usr/lib/libc.so.6
(gdb) bt
#0  0xb7cb3a3a in __memcpy_ssse3 () from /usr/lib/libc.so.6
#1  0xb7cb1c75 in __memcpy_ssse3 () from /usr/lib/libc.so.6
#2  0x08160326 in RSurf_PrepareVerticesForBatch (batchneed=12416, texturenumsurfaces=1, texturesurfacelist=0x8941400 <batchsurfacelist>) at gl_rmain.c:9316
#3  0x0816fe08 in R_Q1BSP_DrawShadowMap (side=0, ent=0xdb6fbf4, relativelightorigin=0xdbb53b0, relativelightdirection=0x0, lightradius=167.080109, modelnumsurfaces=8, modelsurfacelist=0xa4792080, 
    surfacesides=0x106715c0 "\r\002\006\002\002\002?\035", lightmins=0xdbb5424, lightmaxs=0xdbb5430) at gl_rsurf.c:1426
#4  0x08266f1a in R_Shadow_DrawWorldShadow_ShadowMap (numsurfaces=8, surfacelist=0xa4792080, trispvs=0xa4790ec0 "", surfacesides=0x106715c0 "\r\002\006\002\002\002?\035") at r_shadow.c:3778
#5  0x082690b2 in R_Shadow_DrawLight (rtlight=0xdbb52c0) at r_shadow.c:4327
#6  0x0826a1bf in R_Shadow_DrawLights () at r_shadow.c:4674
#7  0x08156eb0 in R_RenderScene (fbo=0, depthtexture=0x0, colortexture=0x0) at gl_rmain.c:7134
#8  0x0815687a in R_RenderView () at gl_rmain.c:6971
#9  0x080be67c in VM_CL_R_RenderScene (prog=0x932f150 <prvm_prog_list+236688>) at clvm_cmds.c:3270
#10 0x0824bd85 in CLVM_ExecuteProgram (prog=0x932f150 <prvm_prog_list+236688>, fnum=721, errormessage=0x83249d4 "QC function CSQC_UpdateView is missing") at prvm_execprogram.h:353
#11 0x080def86 in CL_VM_UpdateView () at csprogs.c:489
#12 0x080a567d in SCR_DrawScreen () at cl_screen.c:1744
#13 0x080a7874 in CL_UpdateScreen () at cl_screen.c:2477
#14 0x0817c8bc in Host_Main () at host.c:1012
#15 0x0804b191 in main (argc=4, argv=0xbffff7f4) at sys_sdl.c:201

Using 2.cfg: segfault on world load:

Program received signal SIGSEGV, Segmentation fault.
0xb7cb3a3a in __memcpy_ssse3 () from /usr/lib/libc.so.6
(gdb) bt
#0  0xb7cb3a3a in __memcpy_ssse3 () from /usr/lib/libc.so.6
#1  0xb7cb1c75 in __memcpy_ssse3 () from /usr/lib/libc.so.6
#2  0x08160326 in RSurf_PrepareVerticesForBatch (batchneed=12416, texturenumsurfaces=1, texturesurfacelist=0xb458ef0) at gl_rmain.c:9316
#3  0x08164f21 in R_DrawTextureSurfaceList_DepthOnly (texturenumsurfaces=1, texturesurfacelist=0xb458ef0) at gl_rmain.c:10521
#4  0x08165009 in R_ProcessWorldTextureSurfaceList (texturenumsurfaces=1, texturesurfacelist=0xb458ef0, writedepth=false, depthonly=true, prepass=false) at gl_rmain.c:10533
#5  0x081653b3 in R_QueueWorldSurfaceList (numsurfaces=6, surfacelist=0xb458ef0, flagsmask=64, writedepth=false, depthonly=true, prepass=false) at gl_rmain.c:10602
#6  0x08169bf1 in R_DrawWorldSurfaces (skysurfaces=false, writedepth=false, depthonly=true, debug=false, prepass=false) at gl_rmain.c:11709
#7  0x0816c43a in R_Q1BSP_DrawDepth (ent=0xf809f84) at gl_rsurf.c:650
#8  0x08156ce3 in R_RenderScene (fbo=0, depthtexture=0x0, colortexture=0x0) at gl_rmain.c:7082
#9  0x0815687a in R_RenderView () at gl_rmain.c:6971
#10 0x080be67c in VM_CL_R_RenderScene (prog=0x932f150 <prvm_prog_list+236688>) at clvm_cmds.c:3270
#11 0x0824bd85 in CLVM_ExecuteProgram (prog=0x932f150 <prvm_prog_list+236688>, fnum=721, errormessage=0x83249d4 "QC function CSQC_UpdateView is missing") at prvm_execprogram.h:353
#12 0x080def86 in CL_VM_UpdateView () at csprogs.c:489
#13 0x080a567d in SCR_DrawScreen () at cl_screen.c:1744
#14 0x080a7874 in CL_UpdateScreen () at cl_screen.c:2477
#15 0x0817c8bc in Host_Main () at host.c:1012
#16 0x0804b191 in main (argc=4, argv=0xbffff7f4) at sys_sdl.c:201

Using 3.cfg: no segfault. The map looks messed up (is that a lightmap used as wall texture?). See screenshot attached.

#2 Updated by hutty over 1 year ago

unfortunately the pk3 has no .map file ...

so its not fixable through recompiling ...

do you know how this was compiled? (was it compile for ut and then just moved to xonotic)?
was this an old nexuiz map?

if you don't have the map source ... im afraid it may be a lost cuase

#3 Updated by MrBougo over 1 year ago

hutty wrote:

if you don't have the map source ... im afraid it may be a lost cuase

That's not true, hutty. No one cares that the map itself is badly made and the point of this bug report is not to fix the map -- after all it's not even an official map. What matters here is that we have a map which can segfault the engine, which means that the engine is bugged because this sort of stuff is not supposed to happen, no matter what map you feed it.

We have backtraces and binary files, we just need someone skilled to review this and see if they can spot the engine bug. A .map file could even be useless because the fault in the bsp might as well come from the compiler.

#4 Updated by Mirio about 1 year ago

  • Assignee set to divVerent
  • Target version set to 0.8

#5 Updated by divVerent about 1 year ago

  • Status changed from New to Feedback

Is the bug still reproducible? Engine has changed a lot since.

#6 Updated by MrBougo about 1 year ago

Yes, it is still reproducible in most cases.

Now configurations 3.cfg and 1.cfg work, as opposed to only 3.cfg on the previous backtraces I posted here. Textures in the spawning area look very different in 1.cfg and 3.cfg:

Here are the backtraces that I get now, using current git (darkplaces 5fb2c652, xonotic-data 62a098d8):

Vanilla:

CL_SignonReply: 4

Program received signal SIGSEGV, Segmentation fault.
0xb7ca07ca in __memcpy_ssse3 () from /usr/lib/libc.so.6
(gdb) bt
#0  0xb7ca07ca in __memcpy_ssse3 () from /usr/lib/libc.so.6
#1  0xb7c9ea05 in __memcpy_ssse3 () from /usr/lib/libc.so.6
#2  0x08163a62 in RSurf_PrepareVerticesForBatch (batchneed=73984, texturenumsurfaces=1, texturesurfacelist=0xb09c4d0) at gl_rmain.c:10024
#3  0x08168b92 in R_DrawTextureSurfaceList_DepthOnly (texturenumsurfaces=1, texturesurfacelist=0xb09c4d0) at gl_rmain.c:11290
#4  0x08168c7b in R_ProcessWorldTextureSurfaceList (texturenumsurfaces=1, texturesurfacelist=0xb09c4d0, writedepth=false, depthonly=true, prepass=false) at gl_rmain.c:11300
#5  0x08169018 in R_QueueWorldSurfaceList (numsurfaces=6, surfacelist=0xb09c4d0, flagsmask=64, writedepth=false, depthonly=true, prepass=false) at gl_rmain.c:11369
#6  0x0816d7fe in R_DrawWorldSurfaces (skysurfaces=false, writedepth=false, depthonly=true, debug=false, prepass=false) at gl_rmain.c:12476
#7  0x0816ffc5 in R_Q1BSP_DrawDepth (ent=0x10104af4) at gl_rsurf.c:649
#8  0x08158579 in R_RenderScene (fbo=0, depthtexture=0x0, colortexture=0x0) at gl_rmain.c:7331
#9  0x08158110 in R_RenderView () at gl_rmain.c:7220
#10 0x080bf057 in VM_CL_R_RenderScene (prog=0x9336808 <prvm_prog_list+236744>) at clvm_cmds.c:3266
#11 0x0824c50d in CLVM_ExecuteProgram (prog=0x9336808 <prvm_prog_list+236744>, fnum=4, errormessage=0x832bfdc "QC function CSQC_UpdateView is missing") at prvm_execprogram.h:384
#12 0x080df914 in CL_VM_UpdateView (frametime=0.13333320617675781) at csprogs.c:489
#13 0x080a63e0 in SCR_DrawScreen () at cl_screen.c:2163
#14 0x080a85c8 in CL_UpdateScreen () at cl_screen.c:2899
#15 0x081803d0 in Host_Main () at host.c:1012
#16 0x0804b182 in main (argc=8, argv=0xbffff964) at sys_sdl.c:201

1.cfg:
WORKS, did not work previously.

2.cfg:

CL_SignonReply: 4

Program received signal SIGSEGV, Segmentation fault.
0xb7ca07ca in __memcpy_ssse3 () from /usr/lib/libc.so.6
(gdb) bt
#0  0xb7ca07ca in __memcpy_ssse3 () from /usr/lib/libc.so.6
#1  0xb7c9ea05 in __memcpy_ssse3 () from /usr/lib/libc.so.6
#2  0x08163a62 in RSurf_PrepareVerticesForBatch (batchneed=73984, texturenumsurfaces=1, texturesurfacelist=0xa5249d0) at gl_rmain.c:10024
#3  0x08168b92 in R_DrawTextureSurfaceList_DepthOnly (texturenumsurfaces=1, texturesurfacelist=0xa5249d0) at gl_rmain.c:11290
#4  0x08168c7b in R_ProcessWorldTextureSurfaceList (texturenumsurfaces=1, texturesurfacelist=0xa5249d0, writedepth=false, depthonly=true, prepass=false) at gl_rmain.c:11300
#5  0x08169018 in R_QueueWorldSurfaceList (numsurfaces=6, surfacelist=0xa5249d0, flagsmask=64, writedepth=false, depthonly=true, prepass=false) at gl_rmain.c:11369
#6  0x0816d7fe in R_DrawWorldSurfaces (skysurfaces=false, writedepth=false, depthonly=true, debug=false, prepass=false) at gl_rmain.c:12476
#7  0x0816ffc5 in R_Q1BSP_DrawDepth (ent=0xb042314) at gl_rsurf.c:649
#8  0x08158579 in R_RenderScene (fbo=0, depthtexture=0x0, colortexture=0x0) at gl_rmain.c:7331
#9  0x08158110 in R_RenderView () at gl_rmain.c:7220
#10 0x080bf057 in VM_CL_R_RenderScene (prog=0x9336808 <prvm_prog_list+236744>) at clvm_cmds.c:3266
#11 0x0824c50d in CLVM_ExecuteProgram (prog=0x9336808 <prvm_prog_list+236744>, fnum=4, errormessage=0x832bfdc "QC function CSQC_UpdateView is missing") at prvm_execprogram.h:384
#12 0x080df914 in CL_VM_UpdateView (frametime=0.042666603088378885) at csprogs.c:489
#13 0x080a63e0 in SCR_DrawScreen () at cl_screen.c:2163
#14 0x080a85c8 in CL_UpdateScreen () at cl_screen.c:2899
#15 0x081803d0 in Host_Main () at host.c:1012
#16 0x0804b182 in main (argc=8, argv=0xbffff964) at sys_sdl.c:201

3.cfg:
Works, as previously.

#7 Updated by divVerent 11 months ago

For me r_depthfirst appears to be the trigger.

Also available in: Atom PDF