[0.13.4] [kovarex] Rail laying immediately segfaults

This subforum contains all the issues which we already resolved.
anmoch
Inserter
Inserter
Posts: 22
Joined: Wed Feb 04, 2015 6:11 pm
Contact:

[0.13.4] [kovarex] Rail laying immediately segfaults

Post by anmoch »

First rail in empty space (not connected to anything) is fine.

Then I click an arrow on said first rail, move the mouse a bit until it suggests laying more track; clicking then leads to a segfault at

43.269 Error CrashHandler.cpp:183: Received SIGSEGV
44.074 Warning Logger.cpp:360: Symbols.size() == 18, usedSize == 13
Factorio crashed. Generating symbolized stacktrace, please wait ...
44.939 Warning Logger.cpp:360: Symbols.size() == 17, usedSize == 12
#0 0x7d9fdb in CrashHandler::writeStackTrace() at /tmp/factorio-N1bTA9/src/Util/CrashHandler.cpp:84
#1 0x7da254 in CrashHandler::SignalHandler(int) at /tmp/factorio-N1bTA9/src/Util/CrashHandler.cpp:188
#2 0x7f73cec36990 in ?? at ??:0
#3 0x495204 in Rail::getEdgeDirection(RailDirection) const [clone .constprop.74674] at /tmp/factorio-N1bTA9/src/Entity/Rail.cpp:1719
#4 0xa6ec2b in RailPlanFinderLocation::RailPlanFinderLocation(RailPlanFinderLocation::NodeFromRail const&) at /tmp/factorio-N1bTA9/src/Rail/RailPlanFinderLocation.cpp:30
#5 0xbba2aa in buildRail at /tmp/factorio-N1bTA9/src/LatencyInputHandler.cpp:621
#6 0xbf9205 in LatencyInputHandler::update() [clone .constprop.68751] at /tmp/factorio-N1bTA9/src/LatencyInputHandler.cpp:464
#7 0xc174f7 in MainLoop::gameUpdateStep(MultiplayerManager*, Scenario*, AppManager*, MainLoop::HeavyMode) [clone .constprop.68527] at /tmp/factorio-N1bTA9/src/MainLoop.cpp:358
#8 0x7010c5 in MainLoop::updateLoop(ThreadBarrier*, boost::chrono::time_point<boost::chrono::steady_clock, boost::chrono::duration<long, boost::ratio<1l, 1000000000l> > >*, boost::chrono::time_point<boost::chrono::steady_clock, boost::chrono::duration<long, boost::ratio<1l, 1000000000l> > >*, bool*, bool, MainLoop::HeavyMode) at /tmp/factorio-N1bTA9/src/MainLoop.cpp:458
#9 0xf4529f in swap<std::_Any_data> at /usr/include/c++/5/bits/move.h:186
#10 0x7f73d0861454 in swap at /usr/include/c++/5/functional:2160
#11 0x7f73cecea3fd in std::function<void ()>::function(std::function<void ()>&&) at /usr/include/c++/5/functional:2035
44.939 Error CrashHandler.cpp:85: Map tick at moment of crash: 681558
44.939 Error Util.cpp:77: Unexpected error occurred. You can help us to solve the problem by posting the contents of the log file on the Factorio forums.
Speicherzugriffsfehler (core dumped)


It does not seem to matter whether there are any direction changes; building a stretch of straight rail also crashes. However, building more straight rail without the assistant does not crash even if connected to existing rail.

This seemed to only happen to me as the client in an MP game, on Linux 64bit. The host (Linux 64bit) and another client (Windows) didn't have any issues, though there was an odd desync (reports attached) while the Windows client experimented.
Attachments
level-init.zip
(1.17 MiB) Downloaded 164 times
log.txt
(19.48 KiB) Downloaded 148 times
reference-level.zip
(8.79 MiB) Downloaded 151 times
anmoch
Inserter
Inserter
Posts: 22
Joined: Wed Feb 04, 2015 6:11 pm
Contact:

Re: [0.13.4] Rail laying immediately segfaults

Post by anmoch »

This also happens when I'm hosting the same map, to me (as the host) but not to the others (as the clients). Weird.
kovarex
Factorio Staff
Factorio Staff
Posts: 8207
Joined: Wed Feb 06, 2013 12:00 am
Contact:

Re: [0.13.4] [kovarex] Rail laying immediately segfaults

Post by kovarex »

I checked the code and it crashes at a weird place, you might try to redownload the package to make sure there is no data curruption.
anmoch
Inserter
Inserter
Posts: 22
Joined: Wed Feb 04, 2015 6:11 pm
Contact:

Re: [0.13.4] [kovarex] Rail laying immediately segfaults

Post by anmoch »

Thanks for looking into it! Unfortunately a clean install didn't help at all. I re-downloaded 0.13.4 from the website and even used sha1sum to verify that it was, in fact, exactly the same as what I had previously.

Steps to reproduce:
1. Play -> Multiplayer -> Load game, the attached save. Set "Hidden" I guess but it doesn't matter.
2. Place 1 straight rail.
3. Click one of the arrows to enter rail-laying mode.
4. Click a bit further, attempting to lay a few more rails.

Steps that don't reproduce:
- The same, but using singleplayer (Play -> Load game).
- The same, but with multiplayer latency hiding disabled in the options.

Given the latter it seems another latency hiding bug?
anmoch
Inserter
Inserter
Posts: 22
Joined: Wed Feb 04, 2015 6:11 pm
Contact:

Re: [0.13.4] [kovarex] Rail laying immediately segfaults

Post by anmoch »

And here's actually the savegame.
Attachments
railcrash.zip
(9.42 MiB) Downloaded 156 times
kovarex
Factorio Staff
Factorio Staff
Posts: 8207
Joined: Wed Feb 06, 2013 12:00 am
Contact:

Re: [0.13.4] [kovarex] Rail laying immediately segfaults

Post by kovarex »

And the stack trace is still the same?
anmoch
Inserter
Inserter
Posts: 22
Joined: Wed Feb 04, 2015 6:11 pm
Contact:

Re: [0.13.4] [kovarex] Rail laying immediately segfaults

Post by anmoch »

Yes, still looks the same. Here's what was in my scrollback from my experiments:

Factorio crashed. Generating symbolized stacktrace, please wait ...
37.010 Warning Logger.cpp:360: Symbols.size() == 17, usedSize == 12
#0 0x7d9fdb in CrashHandler::writeStackTrace() at /tmp/factorio-N1bTA9/src/Util/CrashHandler.cpp:84
#1 0x7da254 in CrashHandler::SignalHandler(int) at /tmp/factorio-N1bTA9/src/Util/CrashHandler.cpp:188
#2 0x7f5eac2949f0 in ?? at ??:0
#3 0x495204 in Rail::getEdgeDirection(RailDirection) const [clone .constprop.74674] at /tmp/factorio-N1bTA9/src/Entity/Rail.cpp:1719
#4 0xa6ec2b in RailPlanFinderLocation::RailPlanFinderLocation(RailPlanFinderLocation::NodeFromRail const&) at /tmp/factorio-N1bTA9/src/Rail/RailPlanFinderLocation.cpp:30
#5 0xbba2aa in buildRail at /tmp/factorio-N1bTA9/src/LatencyInputHandler.cpp:621
#6 0xbf9205 in LatencyInputHandler::update() [clone .constprop.68751] at /tmp/factorio-N1bTA9/src/LatencyInputHandler.cpp:464
#7 0xc174f7 in MainLoop::gameUpdateStep(MultiplayerManager*, Scenario*, AppManager*, MainLoop::HeavyMode) [clone .constprop.68527] at /tmp/factorio-N1bTA9/src/MainLoop.cpp:358
#8 0x7010c5 in MainLoop::updateLoop(ThreadBarrier*, boost::chrono::time_point<boost::chrono::steady_clock, boost::chrono::duration<long, boost::ratio<1l, 1000000000l> > >*, boost::chrono::time_point<boost::chrono::steady_clock, boost::chrono::duration<long, boost::ratio<1l, 1000000000l> > >*, bool*, bool, MainLoop::HeavyMode) at /tmp/factorio-N1bTA9/src/MainLoop.cpp:458
#9 0xf4529f in swap<std::_Any_data> at /usr/include/c++/5/bits/move.h:186
#10 0x7f5eadec4474 in swap at /usr/include/c++/5/functional:2160
#11 0x7f5eac3483ed in std::function<void ()>::function(std::function<void ()>&&) at /usr/include/c++/5/functional:2035
37.010 Error CrashHandler.cpp:85: Map tick at moment of crash: 666972
37.010 Error Util.cpp:77: Unexpected error occurred. You can help us to solve the problem by posting the contents of the log file on the Factorio forums.
Speicherzugriffsfehler (core dumped)
anmoch
Inserter
Inserter
Posts: 22
Joined: Wed Feb 04, 2015 6:11 pm
Contact:

Re: [0.13.4] [kovarex] Rail laying immediately segfaults

Post by anmoch »

Tested again with 0.13.6, still persists, still the same backtrace:

[edited - had the wrong backtrace from scrollback...]
95.573 Error CrashHandler.cpp:183: Received SIGSEGV
96.366 Warning Logger.cpp:360: Symbols.size() == 18, usedSize == 13
Factorio crashed. Generating symbolized stacktrace, please wait ...
97.108 Warning Logger.cpp:360: Symbols.size() == 17, usedSize == 12
#0 0x7ce13b in CrashHandler::writeStackTrace() at /tmp/factorio-EAM95S/src/Util/CrashHandler.cpp:84
#1 0x7ce3b4 in CrashHandler::SignalHandler(int) at /tmp/factorio-EAM95S/src/Util/CrashHandler.cpp:188
#2 0x7f9b440049f0 in ?? at ??:0
#3 0x493994 in Rail::getEdgeDirection(RailDirection) const [clone .constprop.74603] at /tmp/factorio-EAM95S/src/Entity/Rail.cpp:1744
#4 0xa6d39b in RailPlanFinderLocation::RailPlanFinderLocation(RailPlanFinderLocation::NodeFromRail const&) at /tmp/factorio-EAM95S/src/Rail/RailPlanFinderLocation.cpp:30
#5 0xbbafca in buildRail at /tmp/factorio-EAM95S/src/LatencyInputHandler.cpp:622
#6 0xbfa0a5 in LatencyInputHandler::update() [clone .constprop.68722] at /tmp/factorio-EAM95S/src/LatencyInputHandler.cpp:465
#7 0xc18227 in MainLoop::gameUpdateStep(MultiplayerManager*, Scenario*, AppManager*, MainLoop::HeavyMode) [clone .constprop.68502] at /tmp/factorio-EAM95S/src/MainLoop.cpp:358
#8 0x6fd515 in MainLoop::updateLoop(ThreadBarrier*, boost::chrono::time_point<boost::chrono::steady_clock, boost::chrono::duration<long, boost::ratio<1l, 1000000000l> > >*, boost::chrono::time_point<boost::chrono::steady_clock, boost::chrono::duration<long, boost::ratio<1l, 1000000000l> > >*, bool*, bool, MainLoop::HeavyMode) at /tmp/factorio-EAM95S/src/MainLoop.cpp:458
#9 0xf4619f in swap<std::_Any_data> at /usr/include/c++/5/bits/move.h:186
#10 0x7f9b45c34474 in swap at /usr/include/c++/5/functional:2160
#11 0x7f9b440b83ed in std::function<void ()>::function(std::function<void ()>&&) at /usr/include/c++/5/functional:2035
97.108 Error CrashHandler.cpp:85: Map tick at moment of crash: 666944
97.108 Error Util.cpp:77: Unexpected error occurred. You can help us to solve the problem by posting the contents of the log file on the Factorio forums.
Speicherzugriffsfehler (core dumped)

Let me know if I can help debugging this in any way!
anmoch
Inserter
Inserter
Posts: 22
Joined: Wed Feb 04, 2015 6:11 pm
Contact:

Re: [0.13.4] [kovarex] Rail laying immediately segfaults

Post by anmoch »

Actually, here's something that might help. At the point of the segfault in 0.13.6:

(gdb) disassemble
Dump of assembler code for function getEdgeDirection():
0x0000000000493990 <+0>: mov 0x48(%rdi),%rax
=> 0x0000000000493994 <+4>: mov 0x3a8(%rax),%eax
0x000000000049399a <+10>: test %eax,%eax
0x000000000049399c <+12>: jne 0x4939c0 <getEdgeDirection()+48>
0x000000000049399e <+14>: movzbl 0x9c(%rdi),%eax
0x00000000004939a5 <+21>: mov %eax,%edx
0x00000000004939a7 <+23>: and $0xfffffff9,%edx
0x00000000004939aa <+26>: cmp $0x1,%dl
...
(gdb) info registers
rax 0x808080808080808 578721382704613384
rbx 0x7fff91d31e50 140735639920208
rcx 0x1c1f58d0 471816400
rdx 0x7fff94000078 140735676416120
rsi 0x7fffa23fbfdf 140735915474911
rdi 0x7fff91d31e50 140735639920208
rbp 0x7fffa23fc260 0x7fffa23fc260
rsp 0x7fffa23fbf98 0x7fffa23fbf98
r8 0xffffffda 4294967258
r9 0xfffffffb 4294967291
r10 0xfffffb02 4294966018
r11 0x7fff91d31e50 140735639920208
r12 0x7fff82199840 140735376103488
r13 0x7fffa23fc160 140735915475296
r14 0x7fff94174730 140735677941552
r15 0xa2d53 666963
rip 0x493994 0x493994 <getEdgeDirection()+4>
eflags 0x10282 [ SF IF RF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0


It's been a while since my last assembly, so take this with a grain of salt. That said, my interpretation is:

Since this is a method and %rdi gets the first argument in the calling convention, %rdi is probably 'this'. We load *(%rdi+0x48) into %rax and then dereference it again; so we're looking at a pointer-typed member of the class at offset 0x48 = 72. That comes back as garbage (I suspect you init all memory to 0x808080808080808?). But most of *this in fact seems to be uninitialized:

(gdb) x/80xb 0x7fff91d31e50
0x7fff91d31e50: 0x78 0x00 0x00 0x94 0xff 0x7f 0x00 0x00
0x7fff91d31e58: 0x78 0x00 0x00 0x94 0xff 0x7f 0x00 0x00
0x7fff91d31e60: 0x08 0x08 0x08 0x08 0x08 0x08 0x08 0x08
0x7fff91d31e68: 0x08 0x08 0x08 0x08 0x08 0x08 0x08 0x08
0x7fff91d31e70: 0x08 0x08 0x08 0x08 0x08 0x08 0x08 0x08
0x7fff91d31e78: 0x08 0x08 0x08 0x08 0x08 0x08 0x08 0x08
0x7fff91d31e80: 0x08 0x08 0x08 0x08 0x08 0x08 0x08 0x08
0x7fff91d31e88: 0x08 0x08 0x08 0x08 0x08 0x08 0x08 0x08
0x7fff91d31e90: 0x08 0x08 0x08 0x08 0x08 0x08 0x08 0x08
0x7fff91d31e98: 0x08 0x08 0x08 0x08 0x08 0x08 0x08 0x08

I tried staring at the stack frame one up from there, but my assembly-fu isn't nearly good enough to decipher where the instance comes from. Either way, you seem to be partially constructing an object and then calling a method on it (getEdgeDirection) that expects it to be fully initialized.
Rseding91
Factorio Staff
Factorio Staff
Posts: 14798
Joined: Wed Jun 11, 2014 5:23 am
Contact:

Re: [0.13.4] [kovarex] Rail laying immediately segfaults

Post by Rseding91 »

Do you think you could record a small video (gifv if you wanted) of the crash as it happens? That can often get the required information across to us better than the stack trace does.
If you want to get ahold of me I'm almost always on Discord.
anmoch
Inserter
Inserter
Posts: 22
Joined: Wed Feb 04, 2015 6:11 pm
Contact:

Re: [0.13.4] [kovarex] Rail laying immediately segfaults

Post by anmoch »

I'll try - I've never done that though :-)

But note that the fourth post already has reproduction steps. Do they not work for you?
kovarex
Factorio Staff
Factorio Staff
Posts: 8207
Joined: Wed Feb 06, 2013 12:00 am
Contact:

Re: [0.13.4] [kovarex] Rail laying immediately segfaults

Post by kovarex »

OOOKKK :)

I finally discovered the issue, it is so obvious now :)
I saved the rail in a small structure, than I deleted the rail, and then I used the structure to determine it's edge position. I have to delete the rail AFTER as the pointer is used there.

It is weird that it doesn't crash more often. Anyway this should be fixed for 0.13.6

Thank you for the patience and help to find the bug A LOT :)
Compboy
Inserter
Inserter
Posts: 37
Joined: Mon Jun 06, 2016 11:48 am
Contact:

Re: [0.13.4] [kovarex] Rail laying immediately segfaults

Post by Compboy »

0.13.6?
Loewchen
Global Moderator
Global Moderator
Posts: 9674
Joined: Wed Jan 07, 2015 5:53 pm
Contact:

Re: [0.13.4] [kovarex] Rail laying immediately segfaults

Post by Loewchen »

Compboy wrote:0.13.6?
Have you never seen him counting the FFF? He is only off by 1 don't be that fussy. :P
kovarex
Factorio Staff
Factorio Staff
Posts: 8207
Joined: Wed Feb 06, 2013 12:00 am
Contact:

Re: [0.13.4] [kovarex] Rail laying immediately segfaults

Post by kovarex »

Oh, yes 0.13.7.
anmoch
Inserter
Inserter
Posts: 22
Joined: Wed Feb 04, 2015 6:11 pm
Contact:

Re: [0.13.4] [kovarex] Rail laying immediately segfaults

Post by anmoch »

Great, thanks for the continued investigation and fix!
anmoch
Inserter
Inserter
Posts: 22
Joined: Wed Feb 04, 2015 6:11 pm
Contact:

Re: [0.13.4] [kovarex] Rail laying immediately segfaults

Post by anmoch »

Confirmed fixed in 0.13.8. Thanks again!
Post Reply

Return to “Resolved Problems and Bugs”