Closed qarmin closed 3 years ago
Godot version: 3.2.4.beta.custom_build. 185520c5b
OS/device including version: Ubuntu 20.04 GLES 2
Issue description: When trying to run 1h stress test of The worst Godot test project, then there is 50% chance that it will use freed memory:
==11635==ERROR: AddressSanitizer: heap-use-after-free on address 0x613001a71e40 at pc 0x0000029f4e5c bp 0x7ffe9536dbd0 sp 0x7ffe9536dbc0 READ of size 8 at 0x613001a71e40 thread T0 #0 0x29f4e5b in BulletPhysicsDirectBodyState::get_contact_collider_id(int) const modules/bullet/rigid_body_bullet.cpp:178 #1 0xaac7353 in RigidBody::_direct_state_changed(Object*) scene/3d/physics_body.cpp:489 #2 0x17afe4b in MethodBind1<Object*>::call(Object*, Variant const**, int, Variant::CallError&) core/method_bind.gen.inc:775 #3 0xe8d6280 in Object::call(StringName const&, Variant const**, int, Variant::CallError&) core/object.cpp:919 #4 0x2a0017b in RigidBodyBullet::dispatch_callbacks() modules/bullet/rigid_body_bullet.cpp:376 #5 0x2aacafb in SpaceBullet::flush_queries() modules/bullet/space_bullet.cpp:375 #6 0x2ab6c0c in onBulletPreTickCallback(btDynamicsWorld*, float) modules/bullet/space_bullet.cpp:566 #7 0x387c945 in btDiscreteDynamicsWorld::internalSingleStepSimulation(float) thirdparty/bullet/BulletDynamics/Dynamics/btDiscreteDynamicsWorld.cpp:458 #8 0x3a50bc1 in btSoftRigidDynamicsWorld::internalSingleStepSimulation(float) thirdparty/bullet/BulletSoftBody/btSoftRigidDynamicsWorld.cpp:88 #9 0x387bfdd in btDiscreteDynamicsWorld::stepSimulation(float, int, float) thirdparty/bullet/BulletDynamics/Dynamics/btDiscreteDynamicsWorld.cpp:434 #10 0x2aad198 in SpaceBullet::step(float) modules/bullet/space_bullet.cpp:381 #11 0x297d950 in BulletPhysicsServer::step(float) modules/bullet/bullet_physics_server.cpp:1567 #12 0x153c018 in Main::iteration() main/main.cpp:2087 #13 0x142dcd9 in OS_X11::run() platform/x11/os_x11.cpp:3608 #14 0x139ab39 in main platform/x11/godot_x11.cpp:56 #15 0x7fb5126ae0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2) #16 0x139a74d in _start (/home/runner/work/The-worst-Godot-test-project/The-worst-Godot-test-project/godot.x11.tools.64s+0x139a74d) 0x613001a71e40 is located 0 bytes inside of 344-byte region [0x613001a71e40,0x613001a71f98) freed by thread T0 here: #0 0x7fb513bd4025 in operator delete(void*, unsigned long) (/lib/x86_64-linux-gnu/libasan.so.5+0x111025) #1 0x29fc1e2 in RigidBodyBullet::~RigidBodyBullet() modules/bullet/rigid_body_bullet.cpp:309 #2 0x297b235 in BulletPhysicsServer::free(RID) modules/bullet/bullet_physics_server.cpp:1511 #3 0x2b2ca33 in CSGShape::set_use_collision(bool) modules/csg/csg_shape.cpp:55 #4 0x1eb818b in MethodBind1<bool>::call(Object*, Variant const**, int, Variant::CallError&) core/method_bind.gen.inc:775 #5 0xe8d6280 in Object::call(StringName const&, Variant const**, int, Variant::CallError&) core/object.cpp:919 #6 0xeb58bcf in Variant::call_ptr(StringName const&, Variant const**, int, Variant*, Variant::CallError&) core/variant_call.cpp:1129 #7 0x19fa38d in GDScriptFunction::call(GDScriptInstance*, Variant const**, int, Variant::CallError&, GDScriptFunction::CallState*) modules/gdscript/gdscript_function.cpp:1091 #8 0x1826e65 in GDScriptInstance::call(StringName const&, Variant const**, int, Variant::CallError&) modules/gdscript/gdscript.cpp:1238 #9 0xe8d5ded in Object::call(StringName const&, Variant const**, int, Variant::CallError&) core/object.cpp:898 #10 0xeb58bcf in Variant::call_ptr(StringName const&, Variant const**, int, Variant*, Variant::CallError&) core/variant_call.cpp:1129 #11 0x19fa38d in GDScriptFunction::call(GDScriptInstance*, Variant const**, int, Variant::CallError&, GDScriptFunction::CallState*) modules/gdscript/gdscript_function.cpp:1091 #12 0x1826e65 in GDScriptInstance::call(StringName const&, Variant const**, int, Variant::CallError&) modules/gdscript/gdscript.cpp:1238 #13 0xe8d5ded in Object::call(StringName const&, Variant const**, int, Variant::CallError&) core/object.cpp:898 #14 0xeb58bcf in Variant::call_ptr(StringName const&, Variant const**, int, Variant*, Variant::CallError&) core/variant_call.cpp:1129 #15 0x19fa38d in GDScriptFunction::call(GDScriptInstance*, Variant const**, int, Variant::CallError&, GDScriptFunction::CallState*) modules/gdscript/gdscript_function.cpp:1091 #16 0x1826e65 in GDScriptInstance::call(StringName const&, Variant const**, int, Variant::CallError&) modules/gdscript/gdscript.cpp:1238 #17 0xe8d5ded in Object::call(StringName const&, Variant const**, int, Variant::CallError&) core/object.cpp:898 #18 0xeb58bcf in Variant::call_ptr(StringName const&, Variant const**, int, Variant*, Variant::CallError&) core/variant_call.cpp:1129 #19 0x19fa38d in GDScriptFunction::call(GDScriptInstance*, Variant const**, int, Variant::CallError&, GDScriptFunction::CallState*) modules/gdscript/gdscript_function.cpp:1091 #20 0x182737b in GDScriptInstance::call_multilevel(StringName const&, Variant const**, int) modules/gdscript/gdscript.cpp:1254 #21 0x95127fa in Node::_notification(int) scene/main/node.cpp:69 #22 0x16d94eb in Node::_notificationv(int, bool) scene/main/node.h:46 #23 0x1703b47 in Spatial::_notificationv(int, bool) scene/3d/spatial.h:54 #24 0xe8d671c in Object::notification(int, bool) core/object.cpp:929 #25 0x9640adb in SceneTree::_notify_group_pause(StringName const&, int) scene/main/scene_tree.cpp:985 #26 0x962eb69 in SceneTree::iteration(float) scene/main/scene_tree.cpp:481 #27 0x153be15 in Main::iteration() main/main.cpp:2080 #28 0x142dcd9 in OS_X11::run() platform/x11/os_x11.cpp:3608 #29 0x139ab39 in main platform/x11/godot_x11.cpp:56 previously allocated by thread T0 here: #0 0x7fb513bd2947 in operator new(unsigned long) (/lib/x86_64-linux-gnu/libasan.so.5+0x10f947) #1 0x294d1e2 in BulletPhysicsServer::body_create(PhysicsServer::BodyMode, bool) modules/bullet/bullet_physics_server.cpp:454 #2 0x2b2a998 in CSGShape::set_use_collision(bool) modules/csg/csg_shape.cpp:46 #3 0x1eb818b in MethodBind1<bool>::call(Object*, Variant const**, int, Variant::CallError&) core/method_bind.gen.inc:775 #4 0xe8d6280 in Object::call(StringName const&, Variant const**, int, Variant::CallError&) core/object.cpp:919 #5 0xeb58bcf in Variant::call_ptr(StringName const&, Variant const**, int, Variant*, Variant::CallError&) core/variant_call.cpp:1129 #6 0x19fa38d in GDScriptFunction::call(GDScriptInstance*, Variant const**, int, Variant::CallError&, GDScriptFunction::CallState*) modules/gdscript/gdscript_function.cpp:1091 #7 0x1826e65 in GDScriptInstance::call(StringName const&, Variant const**, int, Variant::CallError&) modules/gdscript/gdscript.cpp:1238 #8 0xe8d5ded in Object::call(StringName const&, Variant const**, int, Variant::CallError&) core/object.cpp:898 #9 0xeb58bcf in Variant::call_ptr(StringName const&, Variant const**, int, Variant*, Variant::CallError&) core/variant_call.cpp:1129 #10 0x19fa38d in GDScriptFunction::call(GDScriptInstance*, Variant const**, int, Variant::CallError&, GDScriptFunction::CallState*) modules/gdscript/gdscript_function.cpp:1091 #11 0x1826e65 in GDScriptInstance::call(StringName const&, Variant const**, int, Variant::CallError&) modules/gdscript/gdscript.cpp:1238 #12 0xe8d5ded in Object::call(StringName const&, Variant const**, int, Variant::CallError&) core/object.cpp:898 #13 0xeb58bcf in Variant::call_ptr(StringName const&, Variant const**, int, Variant*, Variant::CallError&) core/variant_call.cpp:1129 #14 0x19fa38d in GDScriptFunction::call(GDScriptInstance*, Variant const**, int, Variant::CallError&, GDScriptFunction::CallState*) modules/gdscript/gdscript_function.cpp:1091 #15 0x1826e65 in GDScriptInstance::call(StringName const&, Variant const**, int, Variant::CallError&) modules/gdscript/gdscript.cpp:1238 #16 0xe8d5ded in Object::call(StringName const&, Variant const**, int, Variant::CallError&) core/object.cpp:898 #17 0xeb58bcf in Variant::call_ptr(StringName const&, Variant const**, int, Variant*, Variant::CallError&) core/variant_call.cpp:1129 #18 0x19fa38d in GDScriptFunction::call(GDScriptInstance*, Variant const**, int, Variant::CallError&, GDScriptFunction::CallState*) modules/gdscript/gdscript_function.cpp:1091 #19 0x182737b in GDScriptInstance::call_multilevel(StringName const&, Variant const**, int) modules/gdscript/gdscript.cpp:1254 #20 0x951220d in Node::_notification(int) scene/main/node.cpp:60 #21 0x16d94eb in Node::_notificationv(int, bool) scene/main/node.h:46 #22 0x1703b47 in Spatial::_notificationv(int, bool) scene/3d/spatial.h:54 #23 0xe8d671c in Object::notification(int, bool) core/object.cpp:929 #24 0x9640adb in SceneTree::_notify_group_pause(StringName const&, int) scene/main/scene_tree.cpp:985 #25 0x9631184 in SceneTree::idle(float) scene/main/scene_tree.cpp:525 #26 0x153d24c in Main::iteration() main/main.cpp:2103 #27 0x142dcd9 in OS_X11::run() platform/x11/os_x11.cpp:3608 #28 0x139ab39 in main platform/x11/godot_x11.cpp:56 #29 0x7fb5126ae0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2) SUMMARY: AddressSanitizer: heap-use-after-free modules/bullet/rigid_body_bullet.cpp:178 in BulletPhysicsDirectBodyState::get_contact_collider_id(int) const
https://github.com/qarmin/The-worst-Godot-test-project/runs/1498789843?check_suite_focus=true
Steps to reproduce:
CI details - https://github.com/qarmin/The-worst-Godot-test-project/blob/3.2/.github/workflows/linux_builds_1.yml
Minimal reproduction project: https://github.com/qarmin/The-worst-Godot-test-project/tree/3.2
I know that project is really big but for now I'm unable to create smaller
Can't reproduce this anymore
qarmin
commented
3 years ago qarmin
commented
3 years ago
Godot version: 3.2.4.beta.custom_build. 185520c5b
OS/device including version: Ubuntu 20.04 GLES 2
Issue description: When trying to run 1h stress test of The worst Godot test project, then there is 50% chance that it will use freed memory:
https://github.com/qarmin/The-worst-Godot-test-project/runs/1498789843?check_suite_focus=true
Steps to reproduce:
CI details - https://github.com/qarmin/The-worst-Godot-test-project/blob/3.2/.github/workflows/linux_builds_1.yml
Minimal reproduction project: https://github.com/qarmin/The-worst-Godot-test-project/tree/3.2
I know that project is really big but for now I'm unable to create smaller