Post your crash reports here!

Status
Not open for further replies.

Spazzo

Member
Did your game crash with a segment violation? Post it here!

Please tell us what you were doing at the time of the crash. In addition, please check the bottom listing of errorlog.txt and post the values of the registers (especially the value of EIP) and the first twenty or so lines of the stack dump at the time of the crash; this is invaluable for fixing such errors.

Here is an example of where you will find the necessary information:

Code:
Registers:
EAX=00001fb4 CS=001b[B] EIP=1002d121[/B] EFLGS=00210206
EBX=00000000 SS=0023 ESP=0012fe50 EBP=005ca1b0
ECX=10047aa0 DS=0023 ESI=05fb5418 FS=003b
EDX=00001000 ES=0023 EDI=004453c0 GS=0000

...

Stack dump:
0022de4c: 0ac5dd8e ffde4d69 7fffffff 0022de98 00499554 20202020 20202020 20202020
0022de6c: 006738c8 ffffffff 0000041a 0022de98 00000001 00000000 00001162 00000065
0022de8c: 006738c8 002a21e7 0003a1a0 0022fce8 0049bff3 0ac5dd8e 00000065 01755eb4
0022deac: 20202020 20202020 20202020 20202020 0000019f 20202020 017bb238 0000068f
...
Please only post crashes from official releases. Adding wads is okay, though.

Discussion is allowed in the topic, but posts will be pruned from time to time to make the developers' lives easier, so please don't be upset if your witty remark disappears.

Thanks!

Moderator Notice:
Modified this post a bit. I'm going to merge posts in this topic and annotate them when they're ticketed and/or fixed. ~Oogaland
 
Last edited by a moderator:
00447fce

At Lime Forest, while in a netgame.

AlamGBC said:
src/p_inter.c:2830
Code:
if (source && source->player && (source->player->ctfteam == target->target->player->ctfteam))
  447fc8:       8b 80 a4 00 00 00       mov    0xa4(%eax),%eax
  447fce:       8b 80 60 01 00 00       mov    0x160(%eax),%eax
  447fd4:       39 82 60 01 00 00       cmp    %eax,0x160(%edx)
  447fda:       0f 84 de 0d 00 00       je     448dbe <_P_DamageMobj+0xfdc>
I think someone forget to add a NULL check for target and target->player

Moderator Notice:
Fixed at some point.
 
Last edited by a moderator:
00489355

I tried to replicate this bug while I was bored: http://mb.srb2.org/showthread.php?t=33697
I tested it in ERZ2, by repeatedly walking into the death pit on the right path, and when I got a game over the game sigsegv'd a few seconds after.

AlamGBC said:
src/r_draw8.c:507
Code:
*dest = dc_colormap[dc_translation[dc_source[frac>>FRACBITS]]];
  489355:       0f b6 14 11             movzbl (%ecx,%edx,1),%edx
  489359:       8b 0d f0 ec 9f 00       mov    0x9fecf0,%ecx
  48935f:       0f b6 14 11             movzbl (%ecx,%edx,1),%edx
  489363:       8b 0d 50 48 a1 00       mov    0xa14850,%ecx
  489369:       8a 14 11                mov    (%ecx,%edx,1),%dl
  48936c:       88 13                   mov    %dl,(%ebx)
Spherallic, if you could download this nonstrip version of srb2win.exe (save it as srb2win.exe, yes, as srb2win.exe, it is same EXE, just with all the debugger data still intact) and http://alam.srb2.org/home/exchndl.dll, it should make a srb2win.RPT, it is a log showing what leads up the to crash

Moderator Notice:
Ticket #1135
 
Last edited by a moderator:
EIP=00488d07

Sigsegv explained in this thread.

AlamGBC said:
r_draw8.c:174
Code:
*dest = colormap[source[(frac>>FRACBITS) & heightmask]];
  488ceb:       8b 55 e8                mov    0xffffffe8(%ebp),%edx
  488cee:       8b 45 e4                mov    0xffffffe4(%ebp),%eax
  488cf1:       0f ac d0 10             shrd   $0x10,%edx,%eax
  488cf5:       21 f0                   and    %esi,%eax
  488cf7:       8b 55 dc                mov    0xffffffdc(%ebp),%edx
  488cfa:       8b 4d d8                mov    0xffffffd8(%ebp),%ecx
  488cfd:       8b 5d ec                mov    0xffffffec(%ebp),%ebx
  488d00:       0f b6 04 02             movzbl (%edx,%eax,1),%eax
  488d04:       8a 04 01                mov    (%ecx,%eax,1),%al
  488d07:       88 03                   mov    %al,(%ebx)

Moderator Notice:
Ticket #1136
 
Last edited by a moderator:
EIP=004890cd

Match on MAP93, Thunder Citadel Zone.

AlamGBC said:
r_draw8.c:383
Code:
*dest = colormap[*(transmap + ((source[(frac>>FRACBITS)&heightmask]<<8)) + (*dest))];
  4890c3:       89 ca                   mov    %ecx,%edx
  4890c5:       8b 45 ec                mov    0xffffffec(%ebp),%eax
  4890c8:       c1 fa 10                sar    $0x10,%edx
  4890cb:       21 f2                   and    %esi,%edx
  4890cd:       0f b6 14 10             movzbl (%eax,%edx,1),%edx
  4890d1:       0f b6 03                movzbl (%ebx),%eax
  4890d4:       c1 e2 08                shl    $0x8,%edx
  4890d7:       03 45 e8                add    0xffffffe8(%ebp),%eax
  4890da:       0f b6 04 10             movzbl (%eax,%edx,1),%eax
  4890de:       8b 55 e4                mov    0xffffffe4(%ebp),%edx
  4890e1:       8a 04 02                mov    (%edx,%eax,1),%al
  4890e4:       88 03                   mov    %al,(%ebx)

Moderator Notice:
Ticket #1137
 
Last edited by a moderator:
00488cb2

Explained in this post: http://mb.srb2.org/showpost.php?p=675318&postcount=306

AlamGBC said:
src/r_draw8.c:164
Code:
*dest = colormap[source[frac>>FRACBITS]];
  488c98:       8b 55 e8                mov    0xffffffe8(%ebp),%edx
  488c9b:       8b 45 e4                mov    0xffffffe4(%ebp),%eax
  488c9e:       0f ac d0 10             shrd   $0x10,%edx,%eax
  488ca2:       8b 5d dc                mov    0xffffffdc(%ebp),%ebx
  488ca5:       8b 55 d8                mov    0xffffffd8(%ebp),%edx
  488ca8:       8b 4d ec                mov    0xffffffec(%ebp),%ecx
  488cab:       0f b6 04 03             movzbl (%ebx,%eax,1),%eax
  488caf:       8a 04 02                mov    (%edx,%eax,1),%al
  488cb2:       88 01                   mov    %al,(%ecx)

Moderator Notice:
Ticket #1138
 
Last edited by a moderator:
EIP=00488b29 on Arid Canyon 1, Race. I fell into a pit, miraculously hit some enemy that was down there, but the game crashed.

AlamGBC said:
src/r_draw8.c:95
Code:
*dest = colormap[source[(frac>>FRACBITS) & heightmask]];
  488b14:       8b 55 e8                mov    0xffffffe8(%ebp),%edx
  488b17:       8b 45 e4                mov    0xffffffe4(%ebp),%eax
  488b1a:       0f ac d0 10             shrd   $0x10,%edx,%eax
  488b1e:       21 f0                   and    %esi,%eax
  488b20:       8b 55 dc                mov    0xffffffdc(%ebp),%edx
  488b23:       8b 4d d8                mov    0xffffffd8(%ebp),%ecx
  488b26:       8b 5d ec                mov    0xffffffec(%ebp),%ebx
  488b29:       0f b6 04 02             movzbl (%edx,%eax,1),%eax
  488b2d:       8a 04 01                mov    (%ecx,%eax,1),%al
  488b30:       88 03                   mov    %al,(%ebx)

Moderator Notice:
See comment on ticket #1137
 
Last edited by a moderator:
EIP=00488d00 on Arid Canyon 1 race, while F12ing to a player on a polyobject

AlamGBC said:
src/r_draw8.c:174
Code:
*dest = colormap[source[(frac>>FRACBITS) & heightmask]];
  488ceb:       8b 55 e8                mov    0xffffffe8(%ebp),%edx
  488cee:       8b 45 e4                mov    0xffffffe4(%ebp),%eax
  488cf1:       0f ac d0 10             shrd   $0x10,%edx,%eax
  488cf5:       21 f0                   and    %esi,%eax
  488cf7:       8b 55 dc                mov    0xffffffdc(%ebp),%edx
  488cfa:       8b 4d d8                mov    0xffffffd8(%ebp),%ecx
  488cfd:       8b 5d ec                mov    0xffffffec(%ebp),%ebx
  488d00:       0f b6 04 02             movzbl (%edx,%eax,1),%eax
  488d04:       8a 04 01                mov    (%ecx,%eax,1),%al
  488d07:       88 03                   mov    %al,(%ebx)

Moderator Notice:
See comment on ticket #1137
 
Last edited by a moderator:
I'm not sure if it fits here but, I have one for Vista users, and I know how to solve it. If for some reason SRB2 sigsegv's without adding anything or anything is modded, it could be possible Vista is afraid of SRB2 (which it usually is) and activates Data Execution Prevention (DEP). It believes SRB2 is harmful and therefore cancels the program in self-defense, although there is no potential threat. Compatibility mode will not fix this.

Control Panel>System>Advanced System Settings (sidebar)>Advanced (Tab)>Performance Settings>Data Execution Prevention (Tab)>Add...

Browse for SRB2.exe and hit OK, OK the advance settings, then try running SRB2 again, should work now.

EIP=005ac9ac

AlamGBC said:
http://trac.srb2.org/browser/SRB2/tags/SRB2v2.0.6/src/tmap.nas#L82
ASM_PatchRowBytes();

oh no, I forget to add debug options to NASM compiled object files....

this is odd, VirtualProtect() should had disabled DEP on the ASM routines

Moderator Notice:
Ticket #1140
 
Last edited by a moderator:
EIP=00488d3d when F12ing a player immediately after dying in ERZ3, coop

AlamGBC said:
src/r_draw8.c:177
Code:
*dest = colormap[source[(frac>>FRACBITS) & heightmask]];
  488d21:       8b 45 e4                mov    0xffffffe4(%ebp),%eax
  488d24:       8b 55 e8                mov    0xffffffe8(%ebp),%edx
  488d27:       0f ac d0 10             shrd   $0x10,%edx,%eax
  488d2b:       21 f0                   and    %esi,%eax
  488d2d:       8b 55 dc                mov    0xffffffdc(%ebp),%edx
  488d30:       0f b6 04 02             movzbl (%edx,%eax,1),%eax
  488d34:       8b 55 d8                mov    0xffffffd8(%ebp),%edx
  488d37:       8a 04 02                mov    (%edx,%eax,1),%al
  488d3a:       8b 55 ec                mov    0xffffffec(%ebp),%edx
  488d3d:       88 02                   mov    %al,(%edx)

Moderator Notice:
See comment on ticket #1136
 
Last edited by a moderator:
EIP=00488ed5

When two polyobject crushers crushed against each other.

AlamGBC said:
src/r_draw8.c:259
Code:
*dest = colormap[val];
  488ec9:       8b 55 e0                mov    0xffffffe0(%ebp),%edx
  488ecc:       0f b6 c0                movzbl %al,%eax
  488ecf:       8a 04 02                mov    (%edx,%eax,1),%al
  488ed2:       8b 55 ec                mov    0xffffffec(%ebp),%edx
  488ed5:       88 02                   mov    %al,(%edx)

Moderator Notice:
See comment on ticket #1136
 
Last edited by a moderator:
EIP=00488d07
I was looking for Knux's emblem in Tortured Planet's SAZ1, when I climbed one of the walls in the Armageddon Sheild room. I climbed high enough, and the game crashed.

AlamGBC said:
src/r_draw8.c:174
Code:
*dest = colormap[source[(frac>>FRACBITS) & heightmask]];
  488ceb:       8b 55 e8                mov    0xffffffe8(%ebp),%edx
  488cee:       8b 45 e4                mov    0xffffffe4(%ebp),%eax
  488cf1:       0f ac d0 10             shrd   $0x10,%edx,%eax
  488cf5:       21 f0                   and    %esi,%eax
  488cf7:       8b 55 dc                mov    0xffffffdc(%ebp),%edx
  488cfa:       8b 4d d8                mov    0xffffffd8(%ebp),%ecx
  488cfd:       8b 5d ec                mov    0xffffffec(%ebp),%ebx
  488d00:       0f b6 04 02             movzbl (%edx,%eax,1),%eax
  488d04:       8a 04 01                mov    (%ecx,%eax,1),%al
  488d07:       88 03                   mov    %al,(%ebx)

Moderator Notice:
See comment on ticket #1136
 
Last edited by a moderator:
EIP=0049b185
Happened while I was trying to join a server I c-failed from.

AlamGBC said:
src/mserv.c:911
Code:
while(*address && *address != ':') *inip++ = *address++;
  49b185:       8a 19                   mov    (%ecx),%bl
  49b187:       84 db                   test   %bl,%bl
  49b189:       0f 95 c2                setne  %dl
  49b18c:       31 c0                   xor    %eax,%eax
  49b18e:       80 fb 3a                cmp    $0x3a,%bl
  49b191:       0f 95 c0                setne  %al
  49b194:       85 c2                   test   %eax,%edx
  49b196:       74 06                   je     49b19e <_SendAskInfoViaMS+0x35>
  49b198:       88 1e                   mov    %bl,(%esi)
  49b19a:       41                      inc    %ecx
  49b19b:       46                      inc    %esi
  49b19c:       eb e7                   jmp    49b185 <_SendAskInfoViaMS+0x1c>
hmm, src/mserv.c:907 address = I_GetNodeAddress(node); returned NULL....

Moderator Notice:
Ticket #1144
 
Last edited by a moderator:
How do you guys input the EIP and find where the sigsegv happened?

that is easy, first, keep a copy of the debug file for the release, for me I keep the copy of the Win32 2.0.6-Final release here

get out your friendly compiler toolset, the binutils installs this binary called 'objdump' that can dumps the source line/file, #IP: opcodes from a debug file, with the options '-S -l', like so

objdump -S -l srb2win.exe.debug
Code:
srb2win.exe.debug:     file format efi-app-ia32

Disassembly of section .text:

0000000000401000 <__gnu_exception_handler@4>:
_gnu_exception_handler():
/home/speedblue/cross/mingw/3.4.5/mingw32-3.4.5/runtime/BUILD/../crt1.c:102
  401000:       55                      push   %ebp
  401001:       89 e5                   mov    %esp,%ebp
  401003:       56                      push   %esi
  401004:       53                      push   %ebx
/home/speedblue/cross/mingw/3.4.5/mingw32-3.4.5/runtime/BUILD/../crt1.c:105
  401005:       31 f6                   xor    %esi,%esi
/home/speedblue/cross/mingw/3.4.5/mingw32-3.4.5/runtime/BUILD/../crt1.c:107
  401007:       8b 45 08                mov    0x8(%ebp),%eax
/home/speedblue/cross/mingw/3.4.5/mingw32-3.4.5/runtime/BUILD/../crt1.c:104
  40100a:       31 db                   xor    %ebx,%ebx
now if anyone asking: how do I make a debug file...
use the Makefile system if you are using the 2.0.6 release
any mods based on 2.0.6 trunk had been updated so Code::Blocks and WxDev-C++ project also output a debug file
 
004166fc

When warping to the next race map in Circuit.

Cinefast said:
Well, this is odd, but here I go

z_zone.c:407
Code:
if (tag >= PU_PURGELEVEL && block->user == NULL)
  4166f7:    83 fa 63                 cmp    $0x63,%edx
  4166fa:    7e 10                    jle    41670c <_Z_ChangeTag2+0x25>
  4166fc:    83 78 08 00              cmpl   $0x0,0x8(%eax)
  416700:    75 0a                    jne    41670c <_Z_ChangeTag2+0x25>

Moderator Notice:
Ticket #1145
 
Last edited by a moderator:
Moderator Notice:
I fail. This is actually TDM's post, not Alam's. ~Oogaland


Netgame CEZ1, about 14 people. 2 people joined at the same time. I had already completed the level.

EIP=00481cf8

AlamGBC said:
please pastebin the whole file, I need the backtrace to see the real clash point

http://srb2.pastebin.com/kr149Re1

I assume I only need the particular date's error?

AlamGBC said:
well, this is bad, the backtrace code is broken......
I guess Spazzo should had packed the exchndl.dll when I asked him to so I can get a real debugger output of the crash

Moderator Notice:
Ticket #1141
 
Last edited by a moderator:
EIP=00473fca
I was online, testing out a new Yoshi WAD, when one of the players started to c-fail. Somehow I SIGSEV'd.

AlamGBC said:
src/p_user.c:875
Code:
player->mo->health += num_rings;
  473fc8:       8b 01                   mov    (%ecx),%eax
  473fca:       01 90 8c 00 00 00       add    %edx,0x8c(%eax)
NULL in player->mo?

Moderator Notice:
Ticket #1142
 
Last edited by a moderator:
EIP=004969a8
I was just trying to see what the WAD "MetalRobotnik" was like, when it SIGSEV'd.

Cinefast said:
v_video.c:482
Code:
*dest = *(colormap + source[ofs>>FRACBITS]);
  49698c:    8b 5d d8                 mov    -0x28(%ebp),%ebx
  49698f:    8b 45 d0                 mov    -0x30(%ebp),%eax
  496992:    c1 fb 10                 sar    $0x10,%ebx
  496995:    89 5d bc                 mov    %ebx,-0x44(%ebp)
  496998:    0f b6 04 18              movzbl (%eax,%ebx,1),%eax
  49699c:    8b 5d e8                 mov    -0x18(%ebp),%ebx
  49699f:    89 45 bc                 mov    %eax,-0x44(%ebp)
  4969a2:    8a 1c 03                 mov    (%ebx,%eax,1),%bl
  4969a5:    8b 45 b8                 mov    -0x48(%ebp),%eax
  4969a8:    88 18                    mov    %bl,(%eax)
  4969aa:    eb 02                    jmp    4969ae <_V_DrawMappedPatch+0x2f6>

Inuyasha said:
Drawing off the top of the screen, almost certainly.

... why the hell didn't I add the "y < 0" check from XMOD to 2.0.5/6? Sure, yes, it stops it from drawing the patch but it beats crashing.

Moderator Notice:
Ticket #1143
 
Last edited by a moderator:
Are EIPs valid if reported from playsessions using custom wads?
犬夜叉;683522 said:
So long as you use the EXE we provided, yes. Custom WAD files don't hurt anything.
Except maybe trigger horrible underlying overflow issues?


Welp, here we go!

Code:
srb2win caused an Integer Overflow in module srb2win.exe at 001b:0048aa0b.
EIP=0048aa0b while playing sc_botanicserenity-v2.wad.

AlamGBC said:
src/m_fixed.h:134
Code:
  48a9fd:    89 d8                    mov    %ebx,%eax
  48a9ff:    89 c2                    mov    %eax,%edx
  48aa01:    c1 fa 1f                 sar    $0x1f,%edx
  48aa04:    0f a4 c2 10              shld   $0x10,%eax,%edx
  48aa08:    c1 e0 10                 shl    $0x10,%eax
  48aa0b:    f7 fe                    idiv   %esi
16.16 fixed point math overflow

I hope I can set off the overflow to stop this.....
FixedDiv()'s check should had caught this BIG/small and return (-/+)65536*FRACUNIT

Moderator Notice:
Ticket #1146
 
Last edited by a moderator:
Status
Not open for further replies.

Who is viewing this thread (Total: 2, Members: 0, Guests: 2)

Back
Top