KoBeWi
commented
11 months ago I managed to reproduce it only once 🤔
Closed novhack closed 10 months ago
KoBeWi
commented
11 months ago I managed to reproduce it only once 🤔
YuriSizov
commented
11 months ago Can't reproduce it at all (on Windows, but this shouldn't matter).
@novhack How reliably can you reproduce it? Are there any steps that you can think of which you didn't mention, like creating and attaching a script? How do you create a scene specifically? Do you have other scene tabs open?
Are you able to compile the engine with debug symbols and try to catch the trace when the crash happens?
LD2Studio
commented
11 months ago I have the same crash. The message in console is :
handle_crash: Program crashed with signal 11
Engine version: Godot Engine v4.3.dev1.official (9d1cbab1c432b6f1d66ec939445bec68b6af519e)
Dumping the backtrace. Please include this when reporting the bug to the project developer.
[1] /lib/x86_64-linux-gnu/libc.so.6(+0x42520) [0x7f52d6042520] (??:0)
[2] /home/laurent/Applications/Godot 4.3/Godot_v4.3-dev1_linux.x86_64() [0x42857f2] (??:0)
[3] /home/laurent/Applications/Godot 4.3/Godot_v4.3-dev1_linux.x86_64() [0x1d7d8f8] (??:0)
[4] /home/laurent/Applications/Godot 4.3/Godot_v4.3-dev1_linux.x86_64() [0x4068c2d] (??:0)
[5] /home/laurent/Applications/Godot 4.3/Godot_v4.3-dev1_linux.x86_64() [0x3ba27fc] (??:0)
[6] /home/laurent/Applications/Godot 4.3/Godot_v4.3-dev1_linux.x86_64() [0x208180f] (??:0)
[7] /home/laurent/Applications/Godot 4.3/Godot_v4.3-dev1_linux.x86_64() [0x4f9a2d] (??:0)
[8] /home/laurent/Applications/Godot 4.3/Godot_v4.3-dev1_linux.x86_64() [0x41eff0] (??:0)
[9] /lib/x86_64-linux-gnu/libc.so.6(+0x29d90) [0x7f52d6029d90] (??:0)
[10] /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0x80) [0x7f52d6029e40] (??:0)
[11] /home/laurent/Applications/Godot 4.3/Godot_v4.3-dev1_linux.x86_64() [0x42af5a] (??:0)
-- END OF BACKTRACE --My computer : Kubuntu 22.04 - NVIDIA RTX3050
rsubtil
commented
11 months ago Can you try this in a debug build of Godot? That way the stack trace indicates exactly where it crashed. You can follow this compilation guide.
EDIT: Turns out CI editor build artifacts don't have debugging symbols.
tdaven
commented
11 months ago I've also been seeing this. I bisected it to https://github.com/godotengine/godot/pull/60965.
Its crashing during a call_deferred call which is performing a dynamic_cast. Since it segfaults inside dynamic cast I suspect its got garbage or memory corruption.
I've included bt full from gdb. bt-full.txt
tdaven
commented
11 months ago Forgot to include I'm on linux, fedora 39. I've tried both llvm and gcc and they both behave the same for me.
I can upload a project if needed but its been trivial to reproduce. I just create a new project, create and save a new scene with just a Node3d as root. Repeat for another scene. Then open both and try to close both. Occasionally it succeeds. Usually closing one causes it to crash.
tdaven
commented
11 months ago I think what is happening is when a node is removed, a deferred call is queued up which references the node. See: https://github.com/godotengine/godot/blob/master/editor/groups_editor.cpp#L806
But, by the time the deferred call get run, the node has been deleted. This results in the attempts to check the type and cast to the appropriate object finds something incompatible so the dynamic cast just blows up.
testman42
commented
10 months ago Managed to reproduce it as well.
Using Linux, Manjaro 23.1.1 XFCE.
apparently 0x42857f2 corresponds to a tab with 3D scene open while 0x428581f is for 2D scene.
The address for libc is different each time, but the rest of the stack trace is always the same for each of those two types.
Also, I seem to have more luck closing tabs with Ctrl+Shift+W than I do with clicking on the X next to tab name.
RibalGZ
commented
10 months ago I can reproduce it in 4.3-dev1 on my Alpine Linux with Wayland, but is working well on master.
tdaven
commented
10 months ago I was curious that some people seem to be having a hard time reproducing this issue. For me, on Fedora 39 (on both Intel and AMD machines, GCC and LLVM), I see it crash reliably all the time. The only time it didn't was when I did a debug build with ASAN and UBSAN but I don't have a good explanation for that other then memory layout was different.
I even confirmed by modifying memdelete to set a poison value when it deletes memory and can see the poison value in the debugger on two of my machines and on windows 11 (compiled with mingw). Windows 11 did not crash without the poison value which perhaps explains why some systems aren't reliably crashing. Perhaps the default compile flags are such that Fedora 39 doesn't allow the use after free so the segfault is encountered instead.
With the poison value, all machines crash reliably.
donn-xx
commented
10 months ago I can confirm the OP. Crashes no matter what tab you close. I did a compile etc. Text dump:
v4.3.dev.custom_build [13a0d6e9b] Godot v4.3.dev (13a0d6e9b) - Ubuntu 22.04.3 LTS 22.04 - X11 - Vulkan (Forward+) - dedicated NVIDIA GeForce RTX 2060 (nvidia; 535.129.03) - Intel(R) Core(TM) i5-9400F CPU @ 2.90GHz (6 Threads)
'godc' is my symlink to compiled master
(main) $ godc project.godot
Godot Engine v4.3.dev.custom_build.13a0d6e9b - https://godotengine.org
Vulkan API 1.3.242 - Forward+ - Using Vulkan Device #0: NVIDIA - NVIDIA GeForce RTX 2060
WARNING: Blend file import is enabled in the project settings, but no Blender path is configured in the editor settings. Blend files will not be imported.
at: _editor_init (modules/gltf/register_types.cpp:63)
================================================================
handle_crash: Program crashed with signal 11
Engine version: Godot Engine v4.3.dev.custom_build (13a0d6e9b253654f5cc2a44f3d0b3cae10440443)
Dumping the backtrace. Please include this when reporting the bug to the project developer.
[1] /lib/x86_64-linux-gnu/libc.so.6(+0x42520) [0x7f26c5642520] (??:0)
[2] godc(__dynamic_cast+0x2d) [0x55fe813c14fd] (??:?)
[3] Node* Object::cast_to<Node>(Object*) (/home/donn/bin/godot/src/godot/./core/object/object.h:792 (discriminator 1))
[4] VariantObjectClassChecker<Node*>::check(Variant const&) (/home/donn/bin/godot/src/godot/./core/variant/binder_common.h:230)
[5] VariantCasterAndValidate<Node*>::cast(Variant const**, unsigned int, Callable::CallError&) (/home/donn/bin/godot/src/godot/./core/variant/binder_common.h:256 (discriminator 2))
[6] void call_with_variant_args_helper<GroupsEditor, Node*, 0ul>(GroupsEditor*, void (GroupsEditor::*)(Node*), Variant const**, Callable::CallError&, IndexSequence<0ul>) (/home/donn/bin/godot/src/godot/./core/variant/binder_common.h:303 (discriminator 4))
[7] void call_with_variant_args<GroupsEditor, Node*>(GroupsEditor*, void (GroupsEditor::*)(Node*), Variant const**, int, Callable::CallError&) (/home/donn/bin/godot/src/godot/./core/variant/binder_common.h:418)
[8] CallableCustomMethodPointer<GroupsEditor, Node*>::call(Variant const**, int, Variant&, Callable::CallError&) const (/home/donn/bin/godot/src/godot/./core/object/callable_method_pointer.h:99)
[9] Callable::callp(Variant const**, int, Variant&, Callable::CallError&) const (/home/donn/bin/godot/src/godot/core/variant/callable.cpp:57)
[10] CallQueue::_call_function(Callable const&, Variant const*, int, bool) (/home/donn/bin/godot/src/godot/core/object/message_queue.cpp:222)
[11] CallQueue::flush() (/home/donn/bin/godot/src/godot/core/object/message_queue.cpp:328)
[12] SceneTree::physics_process(double) (/home/donn/bin/godot/src/godot/scene/main/scene_tree.cpp:473)
[13] Main::iteration() (/home/donn/bin/godot/src/godot/main/main.cpp:3750)
[14] OS_LinuxBSD::run() (/home/donn/bin/godot/src/godot/platform/linuxbsd/os_linuxbsd.cpp:933)
[15] godc(main+0x19f) [0x55fe7c7422a8] (/home/donn/bin/godot/src/godot/platform/linuxbsd/godot_linuxbsd.cpp:76)
[16] /lib/x86_64-linux-gnu/libc.so.6(+0x29d90) [0x7f26c5629d90] (??:0)
[17] /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0x80) [0x7f26c5629e40] (??:0)
[18] godc(_start+0x25) [0x55fe7c742045] (??:?)
-- END OF BACKTRACE --
================================================================
Aborted (core dumped) (main) $ gdb godc
GNU gdb (Ubuntu 12.1-0ubuntu1~22.04) 12.1
Copyright (C) 2022 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from godc...
(gdb) r project.godot
Starting program: /home/donn/bin/godc project.godot
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[Detaching after vfork from child process 18421]
[New Thread 0x7ffff738d640 (LWP 18423)]
[New Thread 0x7ffff6b8c640 (LWP 18424)]
[New Thread 0x7ffff638b640 (LWP 18425)]
[New Thread 0x7ffff5b8a640 (LWP 18426)]
[New Thread 0x7ffff5389640 (LWP 18427)]
[New Thread 0x7ffff4b88640 (LWP 18428)]
[New Thread 0x7ffff4387640 (LWP 18429)]
Godot Engine v4.3.dev.custom_build.13a0d6e9b - https://godotengine.org
[New Thread 0x7ffff3b40640 (LWP 18430)]
[New Thread 0x7ffff333f640 (LWP 18431)]
Vulkan API 1.3.242 - Forward+ - Using Vulkan Device #0: NVIDIA - NVIDIA GeForce RTX 2060
[New Thread 0x7fffdc3ba640 (LWP 18432)]
[New Thread 0x7fffdbbb9640 (LWP 18433)]
[New Thread 0x7fffdb3b8640 (LWP 18434)]
[New Thread 0x7fffda9b7640 (LWP 18435)]
[New Thread 0x7fffcbbfe640 (LWP 18436)]
[New Thread 0x7fffcb1f8640 (LWP 18437)]
[New Thread 0x7fffc9362640 (LWP 18438)]
[New Thread 0x7fffc8b59640 (LWP 18439)]
[New Thread 0x7fffa6ffe640 (LWP 18443)]
[New Thread 0x7fffa67fd640 (LWP 18444)]
[New Thread 0x7fffa5ffc640 (LWP 18445)]
WARNING: Blend file import is enabled in the project settings, but no Blender path is configured in the editor settings. Blend files will not be imported.
at: _editor_init (modules/gltf/register_types.cpp:63)
[New Thread 0x7fffa57fb640 (LWP 18446)]
[Thread 0x7fffa57fb640 (LWP 18446) exited]
[New Thread 0x7fffa57fb640 (LWP 18449)]
[Thread 0x7fffa57fb640 (LWP 18449) exited]
[New Thread 0x7fffa57fb640 (LWP 18450)]
[New Thread 0x7fffa4dfa640 (LWP 18451)]
[Thread 0x7fffa4dfa640 (LWP 18451) exited]
[New Thread 0x7fffa4dfa640 (LWP 18452)]
[Thread 0x7fffa4dfa640 (LWP 18452) exited]
Thread 1 "godc" received signal SIGSEGV, Segmentation fault.
0x000055555cc504fd in __dynamic_cast ()
(gdb) bt
#0 0x000055555cc504fd in __dynamic_cast ()
#1 0x000055555807b09d in Object::cast_to<Node> (p_object=0x55557bfae670)
at ./core/object/object.h:792
#2 0x0000555558863507 in VariantObjectClassChecker<Node*>::check (p_variant=...)
at ./core/variant/binder_common.h:230
#3 0x000055555886326f in VariantCasterAndValidate<Node*>::cast (p_args=0x7fffffffd670,
p_arg_idx=0, r_error=...) at ./core/variant/binder_common.h:256
#4 0x000055555a0af081 in call_with_variant_args_helper<GroupsEditor, Node*, 0ul> (
p_instance=0x55556b64b480,
p_method=(void (GroupsEditor::*)(GroupsEditor * const, Node *)) 0x55555a0a11f2 <GroupsEditor::_cache_scene_groups(Node*)>, p_args=0x7fffffffd670, r_error=...) at ./core/variant/binder_common.h:303
#5 0x000055555a0aeb5a in call_with_variant_args<GroupsEditor, Node*> (
p_instance=0x55556b64b480,
p_method=(void (GroupsEditor::*)(GroupsEditor * const, Node *)) 0x55555a0a11f2 <GroupsEditor::_cache_scene_groups(Node*)>, p_args=0x7fffffffd670, p_argcount=1, r_error=...)
at ./core/variant/binder_common.h:417
#6 0x000055555a0ae24e in CallableCustomMethodPointer<GroupsEditor, Node*>::call (
this=0x555577f61470, p_arguments=0x7fffffffd670, p_argcount=1, r_return_value=...,
r_call_error=...) at ./core/object/callable_method_pointer.h:98
#7 0x000055555c371624 in Callable::callp (this=0x555564aa7510, p_arguments=0x7fffffffd670,
p_argcount=1, r_return_value=..., r_call_error=...) at core/variant/callable.cpp:57
#8 0x000055555c6f9bb6 in CallQueue::_call_function (this=0x5555608e4cf0, p_callable=...,
p_args=0x555564aa7528, p_argcount=1, p_show_error=false) at core/object/message_queue.cpp:221
#9 0x000055555c6fa393 in CallQueue::flush (this=0x5555608e4cf0)
at core/object/message_queue.cpp:326
#10 0x000055555a4381e8 in SceneTree::physics_process (this=0x555564bfae20,
p_time=0.016666666666666666) at scene/main/scene_tree.cpp:471
#11 0x000055555806f280 in Main::iteration () at main/main.cpp:3750
#12 0x0000555557fd912e in OS_LinuxBSD::run (this=0x7fffffffd970)
at platform/linuxbsd/os_linuxbsd.cpp:933
#13 0x0000555557fd12a8 in main (argc=2, argv=0x7fffffffdf68)
at platform/linuxbsd/godot_linuxbsd.cpp:74
(gdb) l
30
31 #include "os_linuxbsd.h"
32
33 #include "main/main.h"
34
35 #include <limits.h>
36 #include <locale.h>
37 #include <stdlib.h>
38 #include <unistd.h>
39
(gdb) up
#1 0x000055555807b09d in Object::cast_to<Node> (p_object=0x55557bfae670)
at ./core/object/object.h:792
792 return dynamic_cast<T *>(p_object);
(gdb) l
787 void detach_from_objectdb();
788 _FORCE_INLINE_ ObjectID get_instance_id() const { return _instance_id; }
789
790 template <class T>
791 static T *cast_to(Object *p_object) {
792 return dynamic_cast<T *>(p_object);
793 }
794
795 template <class T>
796 static const T *cast_to(const Object *p_object) {
(gdb)
nikitalita
commented
10 months ago This may be fixed by #84858
Tested versions
System information
Godot v4.3.dev1.mono - Arch Linux #1 SMP PREEMPT_DYNAMIC Thu, 14 Dec 2023 03:45:42 +0000 - Wayland - Vulkan (Forward+) - dedicated AMD Radeon RX 5700 XT (RADV NAVI10) () - AMD Ryzen 5 2600 Six-Core Processor (12 Threads)
Issue description
An attempt to close an opened scene via a scene tab close button causes the whole editor to momentarily freeze and crash.
I am using KDE Plasma 5 Wayland session on Arch Linux.
Steps to reproduce
Minimal reproduction project (MRP)
N/A