Skip to content

/Cataclysm-DDA

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Crash while trying to burn the refugee center #22555

Closed
l29ah opened this issue Dec 4, 2017 · 10 comments

Comments

Assignees
No one assigned
Labels
<Crash / Freeze>
Projects
  
Closed Issues in 0.D Release
Milestone
  0.D
8 participants
@l29ah @taiyu-len @Isaacssv552 @codemime @Coolthulhu @BevapDin @kevingranade @ZenZen2
@l29ah
Copy link
Contributor

commented Dec 4, 2017
edited

Game version:
0.C-25239-ge769923bc0-dirty
Operating system:
Gentoo
Tiles or curses:
curses
Mods active:
no_npc_food

Program terminated with signal SIGSEGV, Segmentation fault.
#0  __memcmp_sse4_1 () at ../sysdeps/x86_64/multiarch/memcmp-sse4.S:930
930	../sysdeps/x86_64/multiarch/memcmp-sse4.S: No such file or directory.
(gdb) bt
#0  __memcmp_sse4_1 () at ../sysdeps/x86_64/multiarch/memcmp-sse4.S:930
#1  0x00000056a6a062a1 in std::char_traits<char>::compare (__n=<optimized out>, __s2=<optimized out>, __s1=<optimized out>) at /usr/lib/gcc/x86_64-pc-linux-gnu/5.4.0/include/g++-v5/bits/char_traits.h:262
#2  std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::compare (__str=..., this=0x56a6dbdda7 <effect::disp_name[abi:cxx11]() const+23>)
    at /usr/lib/gcc/x86_64-pc-linux-gnu/5.4.0/include/g++-v5/bits/basic_string.h:2318
#3  std::operator< <char, std::char_traits<char>, std::allocator<char> > (__rhs=..., __lhs=...) at /usr/lib/gcc/x86_64-pc-linux-gnu/5.4.0/include/g++-v5/bits/basic_string.h:4989
#4  std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >::operator() (__y=..., __x=..., this=0x386548cd768)
    at /usr/lib/gcc/x86_64-pc-linux-gnu/5.4.0/include/g++-v5/bits/stl_function.h:387
#5  std::_Rb_tree<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::_Identity<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >::_M_lower_bound (this=this@entry=0x56afc777a0, __x=0x56a6dbdd87 <non-virtual thunk to effect::deserialize(JsonIn&)>, __y=0x56a8016878 <vtable for effect+64>, __y@entry=0x56afc777a8, __k=...)
    at /usr/lib/gcc/x86_64-pc-linux-gnu/5.4.0/include/g++-v5/bits/stl_tree.h:1644
#6  0x00000056a6a06353 in std::_Rb_tree<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::_Identity<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >::find (this=0x56afc777a0, __k=...) at /usr/lib/gcc/x86_64-pc-linux-gnu/5.4.0/include/g++-v5/bits/stl_tree.h:2308
#7  0x00000056a7044a33 in std::__cxx1998::set<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >::count (__x=..., this=0x56afc777a0) at /usr/lib/gcc/x86_64-pc-linux-gnu/5.4.0/include/g++-v5/bits/stl_set.h:668
#8  item::bash_resist (this=0x56afc775f0, to_self=to_self@entry=false) at src/item.cpp:3128
#9  0x00000056a704557e in item::damage_resist (this=this@entry=0x56afc775f0, dt=dt@entry=DT_BASH, to_self=to_self@entry=false) at src/item.cpp:3388
#10 0x00000056a7798cf7 in resistances::resistances (this=0x386548cd950, armor=..., to_self=false) at src/damage.cpp:149
#11 0x00000056a70103fb in item::mitigate_damage (this=this@entry=0x56afc775f0, du=...) at src/item.cpp:3367
#12 0x00000056a73c4018 in player::armor_absorb (this=this@entry=0x56afc749e0, du=..., armor=...) at src/player.cpp:10158
#13 0x00000056a73f9f9b in player::absorb_hit (this=0x56afc749e0, bp=<optimized out>, dam=...) at src/player.cpp:10326
#14 0x00000056a7a4a1bd in Creature::deal_damage (this=this@entry=0x56afc749e0, source=source@entry=0x0, bp=bp@entry=bp_hand_l, dam=...) at src/creature.cpp:673
#15 0x00000056a73c92fc in player::deal_damage (this=this@entry=0x56afc749e0, source=source@entry=0x0, bp=bp@entry=bp_hand_l, d=...) at src/player.cpp:3828
#16 0x00000056a7935835 in map::player_in_field (this=this@entry=0x56ab44d7d0, u=...) at src/field.cpp:1832
#17 0x00000056a793c456 in map::creature_in_field (this=0x56ab44d7d0, critter=...) at src/field.cpp:2091
#18 0x00000056a6d1be1f in game::monmove (this=this@entry=0x56ab44d360) at src/game.cpp:6003
#19 0x00000056a6d6123e in game::do_turn (this=0x56ab44d360) at src/game.cpp:1543
#20 0x00000056a70a2f1f in main (argc=<optimized out>, argv=<optimized out>) at src/main.cpp:522
@l29ah

This comment has been minimized.

Sign in to view
Copy link
Contributor Author

commented Dec 4, 2017

At another (not exactly identical) try the backtrace is a bit different:

#0  __memcmp_sse4_1 () at ../sysdeps/x86_64/multiarch/memcmp-sse4.S:878
#1  0x00000029beb342a1 in std::char_traits<char>::compare (__n=<optimized out>, __s2=<optimized out>, __s1=<optimized out>) at /usr/lib/gcc/x86_64-pc-linux-gnu/5.4.0/include/g++-v5/bits/char_traits.h:262
#2  std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::compare (__str=..., this=0x29c6ba74b0) at /usr/lib/gcc/x86_64-pc-linux-gnu/5.4.0/include/g++-v5/bits/basic_string.h:2318
#3  std::operator< <char, std::char_traits<char>, std::allocator<char> > (__rhs=..., __lhs=...) at /usr/lib/gcc/x86_64-pc-linux-gnu/5.4.0/include/g++-v5/bits/basic_string.h:4989
#4  std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >::operator() (__y=..., __x=..., this=0x3adb1250cf8)
    at /usr/lib/gcc/x86_64-pc-linux-gnu/5.4.0/include/g++-v5/bits/stl_function.h:387
#5  std::_Rb_tree<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::_Identity<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >::_M_lower_bound (this=this@entry=0x29c6ba7920, __x=0x29c6ba7490, __y=__y@entry=0x29c6ba7928, __k=...) at /usr/lib/gcc/x86_64-pc-linux-gnu/5.4.0/include/g++-v5/bits/stl_tree.h:1644
#6  0x00000029beb34353 in std::_Rb_tree<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::_Identity<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >::find (this=0x29c6ba7920, __k=...) at /usr/lib/gcc/x86_64-pc-linux-gnu/5.4.0/include/g++-v5/bits/stl_tree.h:2308
#7  0x00000029bf16306c in std::__cxx1998::set<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >::count (__x=..., this=0x29c6ba7920) at /usr/lib/gcc/x86_64-pc-linux-gnu/5.4.0/include/g++-v5/bits/stl_set.h:668
#8  item::has_flag (this=this@entry=0x29c6ba7770, f=...) at src/item.cpp:2725
#9  0x00000029bf49249f in player_morale::set_worn (this=0x29c6ba3900, it=..., worn=worn@entry=false) at src/morale.cpp:548
#10 0x00000029bf493007 in player_morale::on_item_takeoff (this=<optimized out>, it=...) at src/morale.cpp:532
#11 0x00000029bf4bfb0f in player::on_item_takeoff (this=<optimized out>, it=...) at src/player.cpp:11552
#12 0x00000029bf165ba8 in item::on_takeoff (this=this@entry=0x29c6ba7770, p=...) at src/item.cpp:2082
#13 0x00000029bf52811f in player::absorb_hit (this=0x29c6b9e420, bp=<optimized out>, dam=...) at src/player.cpp:10336
#14 0x00000029bfb781bd in Creature::deal_damage (this=this@entry=0x29c6b9e420, source=source@entry=0x0, bp=bp@entry=bp_leg_r, dam=...) at src/creature.cpp:673
#15 0x00000029bf4f72fc in player::deal_damage (this=this@entry=0x29c6b9e420, source=source@entry=0x0, bp=bp@entry=bp_leg_r, d=...) at src/player.cpp:3828
#16 0x00000029bfa63835 in map::player_in_field (this=this@entry=0x29c2383bc0, u=...) at src/field.cpp:1832
#17 0x00000029bfa6a456 in map::creature_in_field (this=0x29c2383bc0, critter=...) at src/field.cpp:2091
#18 0x00000029bee49e1f in game::monmove (this=this@entry=0x29c2383750) at src/game.cpp:6003
#19 0x00000029bee8f23e in game::do_turn (this=0x29c2383750) at src/game.cpp:1543
#20 0x00000029bf1d0f1f in main (argc=<optimized out>, argv=<optimized out>) at src/main.cpp:522

@ZenZen2 ZenZen2 added the <Crash / Freeze> label Dec 6, 2017

@taiyu-len

This comment has been minimized.

Sign in to view
Copy link
Contributor

commented Dec 13, 2017

reproducing while running it under valgrind would be very helpful.
cant try to do it myself for a while, but maybe someone else can.
@Isaacssv552

This comment has been minimized.

Sign in to view
Copy link
Contributor

commented Dec 20, 2017
edited

I think it may be related to NPCs. I had a similar result with the slave cabin from a mod. I lit a room containing a friendly slave fighter on fire. When the fire killed the slave fighter the game crashed. This was repeatable with all friendly slave fighters.

I didn't report the issue because it involved an unofficial mod.

@kevingranade kevingranade added this to the 0.D milestone Jan 3, 2018

@codemime

This comment has been minimized.

Sign in to view
Copy link
Member

commented Feb 24, 2018

Looks like std::set<std::string> (which is item::flags) tries to operate on a deleted object, so that essentially is UB. My best guess is something related to this line.
@Coolthulhu

This comment has been minimized.

Sign in to view
Copy link
Contributor

commented Mar 11, 2018

My best guess is something related to this line.

Why is iter-- being called there? If iter points at the last item (rbegin), decrementing it should put it at end. eraseing the end doesn't sound right.
@BevapDin

This comment has been minimized.

Sign in to view
Copy link
Contributor

commented Mar 12, 2018

@Coolthulhu you're probably right, it should probably be --(iter.base()), -- has an annoyingly high precedence.
@l29ah

This comment has been minimized.

Sign in to view
Copy link
Contributor Author

commented Apr 16, 2018

It crashes with this change as well:

#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1  0x0000037c300ece95 in __GI_abort () at abort.c:90
#2  0x0000037c30ad9ae3 in __gnu_debug::_Error_formatter::_M_error (this=0x3d2d30b26f0)
    at /var/tmp/paludis/sys-devel-gcc-7.3.0-r1/work/gcc-7.3.0/libstdc++-v3/src/c++11/debug.cc:1069
#3  0x00000047630f615c in __gnu_debug::_Safe_iterator<std::__cxx1998::_List_iterator<item>, std::__debug::list<item, std::allocator<item> > >::operator-- (this=0x3d2d30b1e00)
    at /usr/lib/gcc/x86_64-pc-linux-gnu/5.4.0/include/g++-v5/debug/safe_iterator.h:359
#4  std::reverse_iterator<__gnu_debug::_Safe_iterator<std::__cxx1998::_List_iterator<item>, std::__debug::list<item, std::allocator<item> > > >::operator++ (this=0x3d2d30b1e00)
    at /usr/lib/gcc/x86_64-pc-linux-gnu/5.4.0/include/g++-v5/bits/stl_iterator.h:184
#5  player::absorb_hit (this=0x476d56a1a0, bp=<optimized out>, dam=...) at src/player.cpp:9957
#6  0x00000047638d9d3b in Creature::deal_damage (this=this@entry=0x476d56a1a0, source=source@entry=0x0, 
    bp=bp@entry=bp_leg_r, dam=...) at src/creature.cpp:656
#7  0x000000476312656e in player::deal_damage (this=this@entry=0x476d56a1a0, source=source@entry=0x0, 
    bp=bp@entry=bp_leg_r, d=...) at src/player.cpp:3326
#8  0x00000047637b8c03 in map::player_in_field (this=this@entry=0x47681c2740, u=...) at src/field.cpp:1841
#9  0x00000047637bf61e in map::creature_in_field (this=0x47681c2740, critter=...) at src/field.cpp:2100
#10 0x0000004762b1b14d in game::monmove (this=this@entry=0x47681ca100) at src/game.cpp:5570
#11 0x0000004762b50787 in game::do_turn (this=0x47681ca100) at src/game.cpp:1514
#12 0x0000004762dbce93 in main (argc=<optimized out>, argv=<optimized out>) at src/main.cpp:523

@Leland Leland referenced this issue Apr 25, 2018

Closed

Burning NPCs to death throws Read Access Violation #23598

@Coolthulhu

This comment has been minimized.

Sign in to view
Copy link
Contributor

commented May 4, 2018

Apparently casting forward iterator to reverse iterator is not kosher halal vegan because reverse iterators actually point one element ahead of their bases (ie. *index.rbegin() == *(index.rbegin()+1).base()).
So when we destroy the last item on the list we get:

iter = (reverse_iterator)(list.erase(list.begin())); // erase on begin will return new begin
iter = (reverse_iterator)(list.begin()); // reverse_iterator points to element before the one used in constructor so that reverse(end()) is valid
*iter == *(list.begin() - 1);

https://stackoverflow.com/questions/2037867/can-i-convert-a-reverse-iterator-to-a-forward-iterator

So we'll probably need to fix up the return value of erase before (or after) casting it to the reverse iterator.
@l29ah

This comment has been minimized.

Sign in to view
Copy link
Contributor Author

commented May 10, 2018

Not sure if relevant: i've rammed my modded Humvee into a mall and set it on fire, after a few minutes it crashed:

#0  0x0000039a5e36894d in std::type_info::name (this=0x7550fe69d8) at /var/tmp/paludis/sys-devel-gcc-7.3.0-r1/work/gcc-7.3.0/libstdc++-v3/libsupc++/typeinfo:100
#1  (anonymous namespace)::print_type<15> (ctx=..., info=0x7550fe69d8, unknown_name=...) at /var/tmp/paludis/sys-devel-gcc-7.3.0-r1/work/gcc-7.3.0/libstdc++-v3/src/c++11/debug.cc:641
#2  0x0000039a5e368a87 in (anonymous namespace)::print_description (ctx=..., inst=...) at /var/tmp/paludis/sys-devel-gcc-7.3.0-r1/work/gcc-7.3.0/libstdc++-v3/src/c++11/debug.cc:817
#3  0x0000039a5e36a9fa in (anonymous namespace)::print_description (param=..., ctx=...) at /var/tmp/paludis/sys-devel-gcc-7.3.0-r1/work/gcc-7.3.0/libstdc++-v3/src/c++11/debug.cc:835
#4  __gnu_debug::_Error_formatter::_M_error (this=0x3e9f6ba1900) at /var/tmp/paludis/sys-devel-gcc-7.3.0-r1/work/gcc-7.3.0/libstdc++-v3/src/c++11/debug.cc:1061
#5  0x000000754362a7ca in __gnu_debug::_Safe_iterator<std::__cxx1998::_List_iterator<item>, std::__debug::list<item, std::allocator<item> > >::_Safe_iterator (__x=..., this=0x7550fe69d8)
    at /usr/lib/gcc/x86_64-pc-linux-gnu/5.4.0/include/g++-v5/debug/safe_iterator.h:178
#6  item_reference::item_reference (this=0x7550fe69d0) at src/active_item_cache.h:13
#7  std::__cxx1998::_List_node<item_reference>::_List_node<item_reference const&> (this=0x7550fe69c0) at /usr/lib/gcc/x86_64-pc-linux-gnu/5.4.0/include/g++-v5/bits/stl_list.h:114
#8  __gnu_cxx::new_allocator<std::__cxx1998::_List_node<item_reference> >::construct<std::__cxx1998::_List_node<item_reference>, item_reference const&> (__p=0x7550fe69c0, this=<optimized out>)
    at /usr/lib/gcc/x86_64-pc-linux-gnu/5.4.0/include/g++-v5/ext/new_allocator.h:120
#9  std::__cxx1998::__cxx11::list<item_reference, std::allocator<item_reference> >::_M_create_node<item_reference const&> (this=0x3e9f6ba1e28) at /usr/lib/gcc/x86_64-pc-linux-gnu/5.4.0/include/g++-v5/bits/stl_list.h:574
#10 std::__cxx1998::__cxx11::list<item_reference, std::allocator<item_reference> >::_M_insert<item_reference const&> (__position=..., this=0x3e9f6ba1e28) at /usr/lib/gcc/x86_64-pc-linux-gnu/5.4.0/include/g++-v5/bits/stl_list.h:1763
#11 std::__cxx1998::__cxx11::list<item_reference, std::allocator<item_reference> >::push_back (__x=..., this=0x3e9f6ba1e28) at /usr/lib/gcc/x86_64-pc-linux-gnu/5.4.0/include/g++-v5/bits/stl_list.h:1089
#12 active_item_cache::get (this=this@entry=0x754fe183c8) at src/active_item_cache.cpp:68
#13 0x0000007544214001 in map::process_items_in_vehicle<bool (*)(item_stack&, __gnu_debug::_Safe_iterator<std::__cxx1998::_List_iterator<item>, std::__debug::list<item, std::allocator<item> > >&, tripoint const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >)> (this=this@entry=0x754786cfd0, cur_veh=..., current_submap=..., 
    processor=processor@entry=0x75441ca731 <process_map_items(item_stack&, std::__debug::list<item, std::allocator<item> >::iterator&, tripoint const&, std::__cxx11::string)>, signal=...) at src/map.cpp:4742
#14 0x000000754421626b in map::process_items_in_vehicles<bool (*)(item_stack&, __gnu_debug::_Safe_iterator<std::__cxx1998::_List_iterator<item>, std::__debug::list<item, std::allocator<item> > >&, tripoint const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >)> (this=this@entry=0x754786cfd0, current_submap=..., 
    processor=processor@entry=0x75441ca731 <process_map_items(item_stack&, std::__debug::list<item, std::allocator<item> >::iterator&, tripoint const&, std::__cxx11::string)>, signal=...) at src/map.cpp:4729
#15 0x0000007544216d67 in map::process_items<bool (*)(item_stack&, __gnu_debug::_Safe_iterator<std::__cxx1998::_List_iterator<item>, std::__debug::list<item, std::allocator<item> > >&, tripoint const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >)> (this=0x754786cfd0, active=active@entry=true, 
    processor=processor@entry=0x75441ca731 <process_map_items(item_stack&, std::__debug::list<item, std::allocator<item> >::iterator&, tripoint const&, std::__cxx11::string)>, signal=...) at src/map.cpp:4681
#16 0x00000075441dd4a5 in map::process_active_items (this=<optimized out>) at src/map.cpp:4663
#17 0x0000007543480594 in game::do_turn (this=0x75478749f0) at src/game.cpp:1503
#18 0x00000075436ede15 in main (argc=<optimized out>, argv=<optimized out>) at src/main.cpp:523

@budg3 budg3 referenced this issue May 27, 2018

Closed

Crash bug (likely a side-effect of a nearby building burning) #23770

@l29ah

This comment has been minimized.

Sign in to view
Copy link
Contributor Author

commented Jun 7, 2018

See also: #23962

@BrettDong BrettDong referenced this issue Jun 10, 2018

Merged

[CR] Fix crash when NPC or player is on fire #23983

@ZhilkinSerg ZhilkinSerg closed this in #23983 Jun 14, 2018

@kevingranade kevingranade added this to Closed Issues in 0.D Release Aug 21, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.