[BDS-11039] Server Crashed on Village::getBedPOICount[] Created: 07/Jan/21 Updated: 20/Jan/21 Resolved: 20/Jan/21 |
|
| Status: | Resolved |
| Project: | Bedrock Dedicated Server |
| Affects Version/s: | 1.16.201 Hotfix |
| Fix Version/s: | None |
| Type: | Bug | ||
| Reporter: | Ian Rehwinkel | Assignee: | Unassigned |
| Resolution: | Duplicate | Votes: | 5 |
| Labels: | None | ||
| Environment: |
Debian GNU/Linux 10 (buster), glibc version 2.28-10, Linux kernel 4.19.0-13-amd64 |
||
| Issue Links: |
|
||||||||
| Confirmation Status: | Unconfirmed | ||||||||
| ADO: | 457993 | ||||||||
| Description |
|
To reproduce: 2. Game Crashes. The following crash log was produced on the server: Crash [INFO] at std::__shared_count<[__gnu_cxx::_Lock_policy]2>::__shared_count[std::__weak_count<[__gnu_cxx::_Lock_policy]2> const&, std::nothrow_t] (UnknownFile:?) at std::__shared_ptr<POIInstance, [__gnu_cxx::_Lock_policy]2>::__shared_ptr[std::__weak_ptr<POIInstance, [__gnu_cxx::_Lock_policy]2> const&, std::nothrow_t] (UnknownFile:?) at std::shared_ptr<POIInstance>::shared_ptr[std::weak_ptr<POIInstance> const&, std::nothrow_t] (UnknownFile:?) at std::weak_ptr<POIInstance>::lock[] const (UnknownFile:?) at Village::getBedPOICount[] const (UnknownFile:?) at Village::tick[Tick, BlockSource&] (UnknownFile:?) at VillageManager::tickVillages[Tick const&, Vec3 const&, BlockSource&] (UnknownFile:?) at ServerPlayer::tickWorld[Tick const&] (UnknownFile:?) at std::function<bool [Player&]>::operator[][Player&] const (UnknownFile:?) at Level::forEachPlayer[std::function<bool [Player&]>] (UnknownFile:?) at Level::tick[] (UnknownFile:?) at ServerLevel::tick[] (UnknownFile:?) at GameSession::tick[] (UnknownFile:?) at Minecraft::tickSimtime[int, int] (UnknownFile:?) at Minecraft::update[] (UnknownFile:?) at ServerInstance::_update[] (UnknownFile:?) at clone (UnknownFile:?) From what I have discovered, this bug is caused by locking a weak_ptr from the POIInstance list (std::vector<std::weak_ptr<POIInstance>>). When reading from the vector using [], a null value is returned, which ultimately gets dereferenced and causes a crash. To be exact, the address+8 is dereferenced, which to my knowledge is the offset for the reference count of a smart pointer. I can also see that right after locking the weak_ptr, there is some kind of null check (not sure if its for the same pointer though, I think not). I propose the following: before locking the weak_ptr, check if it is nullptr. If not, then you can lock it. I don't know why any of the POIInstances should ever be nullpointers, but simply checking for this could solve the issue. |
| Comments |
| Comment by [Mojang] Mega_Spud (Jay Wells) [ 20/Jan/21 ] |
|
Thank you for your report! If you would like to add a vote and any extra information to the main ticket it would be appreciated. Quick Links: |
| Comment by Tom Gray [ 10/Jan/21 ] |
|
Thanks for confirming. I've put some more detail onΒ |
| Comment by Jeff [ 10/Jan/21 ] |
|
Same here - Ubuntu 20.04 [INFO] Package: com.mojang.minecraft.dedicatedserver Crash |
| Comment by Ian Rehwinkel [ 09/Jan/21 ] |
|
@Tom Gray my debian install where the crash occured is on libstdc+6.0.25. My personal computer, which has libstdc6.0.28 also crashes. I don't think this is an issue with any specific libstdc+ version. |
| Comment by Tom Gray [ 09/Jan/21 ] |
|
Added some comments in tl;dr: using the test world attached to this bug, I can reliably reproduce the crash under Ubuntu 20.04 but have not been able to reproduce under Ubuntu 18.04. I believe the difference is the version of libstdc++ (6.0.25 on Ubuntu 18.04; 6.0.28 on Ubuntu 20.04). I'm testing using a Docker container and the standard Ubuntu provided images (ubuntu:18.04 and ubuntu:20.04). Can you try this and see if it fixes the crash for you? |
| Comment by tahitech [ 08/Jan/21 ] |
|
Same problem, position [ 219 69 -688 ] [INFO] Package: com.mojang.minecraft.dedicatedserver Crash |