Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Crash on exit with a StyleBox configured in Godot Inspector or referenced in C# scripts #86229

Closed
Benardus opened this issue Dec 16, 2023 · 23 comments · Fixed by #93172
Closed

Crash on exit with a StyleBox configured in Godot Inspector or referenced in C# scripts #86229

Benardus opened this issue Dec 16, 2023 · 23 comments · Fixed by #93172
Labels
bug confirmed crash topic:core topic:dotnet topic:export topic:gui
Milestone
4.4

Comments

@Benardus
Copy link

Benardus commented Dec 16, 2023
edited by akien-mga
Loading

Tested versions

  • Reproducable in every godot 4.x version

System information

Godot v4.2.1.stable.mono - Windows 10.0.19044 - Vulkan (Forward+) - dedicated NVIDIA GeForce RTX 2060 (NVIDIA; 31.0.15.3623) - AMD Ryzen 5 2600X Six-Core Processor (12 Threads)

Issue description

I export the game with Godot 4.2.1 (it happens with all 4.x versions) and when I start the game it runs fine. If I immediately quit the game GetTree().Quit() has no issues. When I play the game for a little while (5 mins or so). I always get an memory access violation.

There are no errors when I launch the game via CMD with -verbose. I only get this, which is clean.
afbeelding

However Windows Event Viewer will log an error in the application logs:
afbeelding

I understand that this has to do with a memory access violation. I am using C# and I am not manually setting pointers or handling threads. I have the most detailed Exception Analysis from WinDBG but it points to Embree, a high-performance ray tracing kernel library, which is part of the call stack (STR_exe!ZN6embree13TaskScheduler12startThreadsEv). Below I will share the entire analysis:

*******************************************************************************
*                                                                             *
*                        Exception Analysis                                   *
*                                                                             *
*******************************************************************************

Failed to request MethodData, not in JIT code range

KEY_VALUES_STRING: 1

    Key  : AV.Fault
    Value: Read

    Key  : Analysis.CPU.mSec
    Value: 1358

    Key  : Analysis.Elapsed.mSec
    Value: 1755

    Key  : Analysis.IO.Other.Mb
    Value: 15

    Key  : Analysis.IO.Read.Mb
    Value: 19

    Key  : Analysis.IO.Write.Mb
    Value: 45

    Key  : Analysis.Init.CPU.mSec
    Value: 2562

    Key  : Analysis.Init.Elapsed.mSec
    Value: 1836728

    Key  : Analysis.Memory.CommitPeak.Mb
    Value: 167

    Key  : CLR.Engine
    Value: CORECLR

    Key  : CLR.Version
    Value: 6.0.1823.26907

    Key  : Failure.Bucket
    Value: INVALID_POINTER_READ_c0000005_godot.windows.template_debug.x86_64.mono.exe!Unknown

    Key  : Failure.Hash
    Value: {859a067d-44f2-ebb7-58a6-4b0d9775d1cf}

    Key  : Timeline.OS.Boot.DeltaSec
    Value: 212757

    Key  : Timeline.Process.Start.DeltaSec
    Value: 1837

    Key  : WER.OS.Branch
    Value: vb_release

    Key  : WER.OS.Version
    Value: 10.0.19041.1

    Key  : WER.Process.Version
    Value: 1.0.0.0


PROCESSES_ANALYSIS: 1


SERVICE_ANALYSIS: 1


STACKHASH_ANALYSIS: 1


ADDITIONAL_XML: 1

OS_BUILD_LAYERS: 1

TIMELINE_ANALYSIS: 1

Timeline: !analyze.Start
    Name: <blank>
    Time: 2023-12-16T09:33:12.636Z
    Diff: 363 mSec

Timeline: Dump.Current
    Name: <blank>
    Time: 2023-12-16T09:33:13.0Z
    Diff: 0 mSec

Timeline: Process.Start
    Name: <blank>
    Time: 2023-12-16T09:02:36.0Z
    Diff: 1837000 mSec

Timeline: OS.Boot
    Name: <blank>
    Time: 2023-12-13T22:27:16.0Z
    Diff: 212757000 mSec


DUMP_CLASS: 2

DUMP_QUALIFIER: 0

MODLIST_WITH_TSCHKSUM_HASH:  11a0549b88b871768ce3e285ead0143a685d5b30

MODLIST_SHA1_HASH:  2f48b3469ef4515754ecbd44722180bde4f46ca7

NTGLOBALFLAG:  70

PROCESS_BAM_CURRENT_THROTTLED: 0

PROCESS_BAM_PREVIOUS_THROTTLED: 0

APPLICATION_VERIFIER_FLAGS:  0

PRODUCT_TYPE:  1

SUITE_MASK:  272

DUMP_TYPE:  fe

FAULTING_IP: 
godot_windows_template_debug_x86_64_mono!ZN6embree13TaskScheduler12startThreadsEv+2d7c49f
00007ff7`1e4fb7ff 488b01          mov     rax,qword ptr [rcx]

EXCEPTION_RECORD:  (.exr -1)
ExceptionAddress: 00007ff71e4fb7ff (godot_windows_template_debug_x86_64_mono!ZN6embree13TaskScheduler12startThreadsEv+0x0000000002d7c49f)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 0000000000000000
   Parameter[1]: ffffffffffffffff
Attempt to read from address ffffffffffffffff

FAULTING_THREAD:  00005188

DEFAULT_BUCKET_ID:  INVALID_POINTER_READ

PROCESS_NAME:  godot.windows.template_debug.x86_64.mono.exe

FOLLOWUP_IP: 
godot_windows_template_debug_x86_64_mono!ZN6embree13TaskScheduler12startThreadsEv+264d13f
00007ff7`1ddcc49f 7eff            jle     godot_windows_template_debug_x86_64_mono!ZN6embree13TaskScheduler12startThreadsEv+0x264d140 (00007ff7`1ddcc4a0)

READ_ADDRESS:  ffffffffffffffff 

ERROR_CODE: (NTSTATUS) 0xc0000005 - De instructie op 0x%p verwijst naar geheugen op 0x%p. Het geheugen kan niet worden %s.

EXCEPTION_CODE_STR:  c0000005

EXCEPTION_PARAMETER1:  0000000000000000

EXCEPTION_PARAMETER2:  ffffffffffffffff

WATSON_BKT_PROCSTAMP:  0

WATSON_BKT_PROCVER:  1.0.0.0

PROCESS_VER_PRODUCT:  game

WATSON_BKT_MODULE:  godot.windows.template_debug.x86_64.mono.exe

WATSON_BKT_MODSTAMP:  0

WATSON_BKT_MODOFFSET:  34ab7ff

WATSON_BKT_MODVER:  1.0.0.0

MODULE_VER_PRODUCT:  game

BUILD_VERSION_STRING:  19041.1.amd64fre.vb_release.191206-1406

ANALYSIS_SESSION_HOST:  DESKTOP-OG38IEJ

ANALYSIS_SESSION_TIME:  12-16-2023 10:33:12.0636

ANALYSIS_VERSION: 10.0.25921.1001 amd64fre

MANAGED_CODE: 1

MANAGED_ENGINE_MODULE:  coreclr

MANAGED_ANALYSIS_PROVIDER:  SOS

MANAGED_THREAD_ID: 5188

THREAD_ATTRIBUTES: 

[ GLOBAL ]

    Global    D1    PID: [14600]
    Global    D1    Thread_Count: [36]
    Global    D1    PageSize: [4096]
    Global    STR   ModList_SHA1_Hash: [2f48b3469ef4515754ecbd44722180bde4f46ca7]
    Global    STR   CommandLine: [C:\Users\Benardus\Documents\GAME\GAME.exe]
    Global    STR   Desktop_Name: [WinSta0\Default]
    Global    STR   ProcessName: [godot.windows.template_debug.x86_64.mono.exe]
    Global    STR   Debugger_CPU_Architecture: [amd64]
    Global    D1    CPU_ProcessorCount: [12]
    Global    D1    CPU_MHZ: [3600]
    Global    STR   CPU_Architecture: [X64]
    Global    D1    CPU_Family: [23]
    Global    D1    CPU_Model: [8]
    Global    D1    CPU_Stepping: [2]
    Global    STR   CPU_VendorString: []
    Global          ManagedFailure
    Global    D1    LoadedModule_Count: [100]
    Global    D1    UnloadedModule_Count: [3]
    Global          ProcessBeingDebugged
    Global    D1    GFlags: [112]
    Global    D1    Application_Verifer_Flags: [0]
    Global    STR   CurrentTimeDate: [2023-12-16T09:33:13.0Z]
    Global    D1    CurrentTimeDate: [-473886080]
    Global    STR   ProcessUpTime: [0 days 0:30:37.000]
    Global    D1    ProcessUpTime: [1837]
    Global    STR   SystemUpTime: [2 days 11:05:57.000]
    Global    D1    SystemUpTime: [212757]
    Global    D1    ProductType: [1]
    Global    D1    SuiteMask: [272]
    Global          ASLR_Enabled
    Global          SafeSEH_Enabled
    Global          SafeSEH_NotApplicable

[ THREAD ]


  0 Id: 3908.5188
    Frame[00]  D1   TID: [0x5188]
    Frame[00]       Is_OriginalExceptionThread
    Frame[00]  D1   Stack_Frames_Extraction_Time_(ms): [0x10]
    Frame[00]  STR  ThreadStartAddress: [godot_windows_template_debug_x86_64_mono+0x13d0]
    Frame[00]  D1   ThreadStartAddress: [0x00007ff71b0513d0]
    Frame[00]  STR  Stack_SHA1_Hash_Mod: [441073e2af01e5c355fa2ce8b8c581fe2ba3b6f8]
    Frame[00]  D2   Stack_SHA1_Hash_Mod: [0xa]
    Frame[00]  STR  Stack_SHA1_Hash_Unique_Mod: [53f6829ecc5643a0832019b563205bb05c2b7c75]
    Frame[00]  D2   Stack_SHA1_Hash_Unique_Mod: [0xa]
    Frame[00]  STR  Stack_SHA1_Hash_Mod_Func: [4d82e87690028930adcfd1234760a7efbce4aa96]
    Frame[00]  D2   Stack_SHA1_Hash_Mod_Func: [0xa]
    Frame[00]  STR  Stack_SHA1_Hash_Mod_Func_Offset: [d799d3d7adb7b9e098d73bb1dcd295cff457f7d6]
    Frame[00]  D2   Stack_SHA1_Hash_Mod_Func_Offset: [0xa]
    Frame[00]  STR  FrameGroupHash: [8cc2e7e12b2844370aa4c03db213167b41db9283]
    Frame[00]  D2   FrameGroupHash: [0x7]
    Frame[08]  STR  FrameGroupHash: [7ea492feb1419c00d39d38bbc95ba05900031a09]
    Frame[08]  D2   FrameGroupHash: [0x8]
    Frame[09]  STR  FrameGroupHash: [0b0cefc38e6086cebb12d6063da67f39c688ae78]
    Frame[09]  D2   FrameGroupHash: [0x9]
    Frame[00]  D1   Number_of_Unique_Stack_Modules: [0x3]
    Frame[08]       CompleteStackWalk
    Frame[00]       Is_UIThread
    Frame[00]  D1   Thread_LastStatus: [0xc0000034]
    Frame[00]  D1   ThreadLocale: [0x413]
    Frame[00]  D1   BadReadAddress: [0xffffffffffffffff]
    Frame[00]  D1   MinusOne_READ: [0xffffffffffffffff]
    Frame[00]  D1   Number_of_Stack_Frames: [0xa]
    Frame[00]  D1   Bad_Frame_Count: [0x0]
    Frame[00]  D1   Ignored_Frame_Count: [0x0]
    Frame[00]  D1   Frames_not_in_stack_range: [0x0]
    Frame[00]       NotSysEnter
    Frame[00]       Is_ManagedThread
    Frame[00]       Is_SuspectHighUserTime
    Frame[00]       Is_DefiniteHighUserTime
    Frame[00]       Is_SuspectHighKernelTime
    Frame[00]  D1   Arch_AX_Register: [0x000002a4d66e7da0]
    Frame[00]  D1   Arch_BX_Register: [0xfeeefeeefeeefeee]
    Frame[00]  D1   Arch_CX_Register: [0xfeeefeeefeeefeee]
    Frame[00]  D1   LoadedModule_Arch_DX: [0x00007ff71e57d6b8]
    Frame[00]       null_Arch_SI
    Frame[00]       null_Arch_DI
    Frame[00]  D1   stackaddr_SP: [0x000000d0327ff360]
    Frame[00]  D1   LoadedModule_Arch_BP: [0x00007ff71e57d6b8]
    Frame[00]  D1   LoadedModule_Arch_IP: [0x00007ff71e4fb7ff]
    Frame[00]  D1   loadedmodule_msr_r8: [0x00007ff71e573518]
    Frame[00]       NULL_msr_r9
    Frame[00]  D1   msr_r10: [0x000002a46d2c0000]
    Frame[00]  D1   stackaddr_msr_r11: [0x000000d0327ff430]
    Frame[00]  D1   loadedmodule_msr_r12: [0x00007ff71e573518]
    Frame[00]  D1   Near_NULL_msr_r13: [0x0000000000000001]
    Frame[00]       NULL_msr_r14
    Frame[00]       NULL_msr_r15
    Frame[00]  D1   Instruction_Pointer: [0x00007ff71e4fb7ff]
    Frame[00]  D1   read_Arch_CX: [0xfeeefeeefeeefeee]
    Frame[00]       IP_Biased
    Frame[00]  D1   Stack_Attribute_Extraction_Time_(ms): [0x1f]

    Frame[00]  Triage Symbol: [godot_windows_template_debug_x86_64_mono!+0x2d7c49f]
    Frame[01]  Triage Symbol: [godot_windows_template_debug_x86_64_mono!+0x4e8248]
    Frame[02]  Triage Symbol: [godot_windows_template_debug_x86_64_mono!+0x21fa394]
    Frame[03]  Triage Symbol: [godot_windows_template_debug_x86_64_mono!+0x14116f2]
    Frame[04]  Triage Symbol: [godot_windows_template_debug_x86_64_mono!+0x3cabe]
    Frame[05]  Triage Symbol: [godot_windows_template_debug_x86_64_mono!+0x2d7c963]
    Frame[06]  Triage Symbol: [godot_windows_template_debug_x86_64_mono!+0x12ee]
    Frame[07]  Triage Symbol: [godot_windows_template_debug_x86_64_mono!+0x13e6]
    Frame[08]  Triage Symbol: [KERNEL32!BaseThreadInitThunk+0x14]
    Frame[09]  Triage Symbol: [ntdll!RtlUserThreadStart+0x21]

  -1 Id: 3908.ffffffff
    Frame[00]       PSEUDO_THREAD
    Frame[00]       SINGLE_INSTRUCTION_PSEUDO_THREAD

    Frame[00]  Triage Symbol: [godot_windows_template_debug_x86_64_mono!+0x2d7c49f]

  -1 Id: 3908.ffffffff
    Frame[00]       PSEUDO_THREAD


PRIMARY_PROBLEM_CLASS:  APPLICATION_FAULT

PROBLEM_CLASSES: 

    ID:     [0n329]
    Type:   [@ACCESS_VIOLATION]
    Class:  Addendum
    Scope:  BUCKET_ID
    Name:   Omit
    Data:   Omit
    PID:    [Unspecified]
    TID:    [0x5188]
    Frame:  [0] : godot_windows_template_debug_x86_64_mono

    ID:     [0n301]
    Type:   [INVALID_POINTER_READ]
    Class:  Primary
    Scope:  DEFAULT_BUCKET_ID (Failure Bucket ID prefix)
            BUCKET_ID
    Name:   Add
    Data:   Omit
    PID:    [Unspecified]
    TID:    [0x5188]
    Frame:  [0] : godot_windows_template_debug_x86_64_mono

LAST_CONTROL_TRANSFER:  from 00007ff71b538248 to 00007ff71e4fb7ff

STACK_TEXT:  
000000d0`327ff360 00007ff7`1b538248     : 000000d0`327ff680 00000000`00000000 000002a4`0284ab90 000002a4`046347a0 : godot_windows_template_debug_x86_64_mono!ZN6embree13TaskScheduler12startThreadsEv+0x2d7c49f
000000d0`327ff400 00007ff7`1d9796f4     : 000002a4`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : godot_windows_template_debug_x86_64_mono+0x4e8248
000000d0`327ff470 00007ff7`1cb90a52     : 00000000`00000000 00000000`00000000 00000000`ffffffff 000002a4`044f1280 : godot_windows_template_debug_x86_64_mono!ZN6embree13TaskScheduler12startThreadsEv+0x21fa394
000000d0`327ff4d0 00007ff7`1b08cabe     : 000000d0`327ff670 000000d0`00000000 000002a4`6d1eb4a0 000000d0`327ff680 : godot_windows_template_debug_x86_64_mono!ZN6embree13TaskScheduler12startThreadsEv+0x14116f2
000000d0`327ff570 00007ff7`1e4fbcc3     : 000002a4`00000001 000000d0`327ffa6c 00000000`00000008 000002a4`6d2c1c50 : godot_windows_template_debug_x86_64_mono+0x3cabe
000000d0`327ffa40 00007ff7`1b0512ee     : 00000000`00000000 00000000`0000002c 00007ff7`1f354ae8 00000000`00000000 : godot_windows_template_debug_x86_64_mono!ZN6embree13TaskScheduler12startThreadsEv+0x2d7c963
000000d0`327ffa90 00007ff7`1b0513e6     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : godot_windows_template_debug_x86_64_mono+0x12ee
000000d0`327ffae0 00007ffb`85e87034     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : godot_windows_template_debug_x86_64_mono+0x13e6
000000d0`327ffb10 00007ffb`87e62651     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : KERNEL32!BaseThreadInitThunk+0x14
000000d0`327ffb40 00000000`00000000     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x21


STACK_COMMAND:  ~0s ; .cxr ; kb

FAULT_INSTR_CODE:  48018b48

SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  godot_windows_template_debug_x86_64_mono+2d7c49f

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: godot_windows_template_debug_x86_64_mono

IMAGE_NAME:  godot.windows.template_debug.x86_64.mono.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  0

FAILURE_BUCKET_ID:  INVALID_POINTER_READ_c0000005_godot.windows.template_debug.x86_64.mono.exe!Unknown

BUCKET_ID:  APPLICATION_FAULT_INVALID_POINTER_READ_godot_windows_template_debug_x86_64_mono+2d7c49f

FAILURE_EXCEPTION_CODE:  c0000005

FAILURE_IMAGE_NAME:  godot.windows.template_debug.x86_64.mono.exe

BUCKET_ID_IMAGE_STR:  godot.windows.template_debug.x86_64.mono.exe

FAILURE_MODULE_NAME:  godot_windows_template_debug_x86_64_mono

BUCKET_ID_MODULE_STR:  godot_windows_template_debug_x86_64_mono

FAILURE_FUNCTION_NAME:  Unknown

BUCKET_ID_FUNCTION_STR:  Unknown

BUCKET_ID_OFFSET:  2d7c49f

BUCKET_ID_MODTIMEDATESTAMP:  0

BUCKET_ID_MODCHECKSUM:  41de9c2

BUCKET_ID_MODVER_STR:  1.0.0.0

BUCKET_ID_PREFIX_STR:  APPLICATION_FAULT_INVALID_POINTER_READ_

FAILURE_PROBLEM_CLASS:  APPLICATION_FAULT

FAILURE_SYMBOL_NAME:  godot.windows.template_debug.x86_64.mono.exe!Unknown

OS_VERSION:  10.0.19041.1

OS_MAJOR:  10

OS_MINOR:  0

OS_BUILD:  19041

OS_REVISION:  1

BUILDDATESTAMP_STR:  191206-1406

OSBUILD_TIMESTAMP:  2019-12-06T14:06:00Z

BUILDLAB_STR:  vb_release

OS_BUILD_STRING:  19041.1.amd64fre.vb_release.191206-1406

BUILDFLAVOR_STR:  Checked

TARGET_TIME:  2023-12-16T09:33:14.000Z

OSSERVICEPACK:  0

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

OSEDITION:  Windows 10 WinNt SingleUserTS

SYSINFO: 
<ANALYSIS>
        <SYSMAN></SYSMAN>
        <SYSMOD></SYSMOD>
        <SYSMRK></SYSMRK>
</ANALYSIS>

FA_ADHOC: 
<ANALYSIS>
        <EXCEPTION_PARAMETER1>0</EXCEPTION_PARAMETER1>
        <EXCEPTION_PARAMETER2>-1</EXCEPTION_PARAMETER2>
        <BUILDFLAVOR_STR>Checked</BUILDFLAVOR_STR>
        <OSPLATFORM_TYPE>x64</OSPLATFORM_TYPE>
</ANALYSIS>

IMAGE_VERSION:  1.0.0.0

ANALYSIS_SESSION_ELAPSED_TIME:  6db

ANALYSIS_SOURCE:  UM

FAILURE_ID_HASH_STRING:  um:invalid_pointer_read_c0000005_godot.windows.template_debug.x86_64.mono.exe!unknown

FAILURE_ID_HASH:  {859a067d-44f2-ebb7-58a6-4b0d9775d1cf}

Followup:     MachineOwner

Steps to reproduce

See the MRP with instructions

Minimal reproduction project (MRP)

Has been provided in a later comment in this thread: #86229 (comment)

Bugsquad edit: 20231218_MRP_StyleboxC#ReferenceCrash.zip
@Benardus
Copy link
Author

Benardus commented Dec 16, 2023
edited
Loading

I have done further analysis for the Godot specialist that will look at this issue. Everything is pointing to the fact that this is a native exception in unmanaged code.

The Access violation occurred in the topmost entry 00 godot_windows_template_debug_x86_64_mono!ZN6embree13TaskScheduler12startThreadsEv+0x2d7c49f.
It suggests an issue within the Godot engine or a related module, potentially related to thread scheduling.

#  Child-SP          RetAddr               Call Site
00 00000050`aebff2c0 00007ff6`d8638248     godot_windows_template_debug_x86_64_mono!ZN6embree13TaskScheduler12startThreadsEv+0x2d7c49f
01 00000050`aebff360 00007ff6`daa796f4     godot_windows_template_debug_x86_64_mono+0x4e8248
02 00000050`aebff3d0 00007ff6`d9c90a52     godot_windows_template_debug_x86_64_mono!ZN6embree13TaskScheduler12startThreadsEv+0x21fa394
03 00000050`aebff430 00007ff6`d818cabe     godot_windows_template_debug_x86_64_mono!ZN6embree13TaskScheduler12startThreadsEv+0x14116f2
04 00000050`aebff4d0 00007ff6`db5fbcc3     godot_windows_template_debug_x86_64_mono+0x3cabe
05 00000050`aebff9a0 00007ff6`d81512ee     godot_windows_template_debug_x86_64_mono!ZN6embree13TaskScheduler12startThreadsEv+0x2d7c963
06 00000050`aebff9f0 00007ff6`d81513e6     godot_windows_template_debug_x86_64_mono+0x12ee
07 00000050`aebffa40 00007ffb`85e87034     godot_windows_template_debug_x86_64_mono+0x13e6
08 00000050`aebffa70 00007ffb`87e62651     KERNEL32!BaseThreadInitThunk+0x14
09 00000050`aebffaa0 00000000`00000000     ntdll!RtlUserThreadStart+0x21

I disassembled the code around the faulting instruction. This might provide some insights into what the code was trying to do when it crashed.

00007ff6`db5fb7ff 488b01          mov     rax,qword ptr [rcx]
00007ff6`db5fb802 488b50f0        mov     rdx,qword ptr [rax-10h]
00007ff6`db5fb806 488d3411        lea     rsi,[rcx+rdx]
00007ff6`db5fb80a 488b48f8        mov     rcx,qword ptr [rax-8]
00007ff6`db5fb80e 48b80000000010000000 mov rax,1000000000h
00007ff6`db5fb818 48c744245000000000 mov   qword ptr [rsp+50h],0
00007ff6`db5fb821 4889442460      mov     qword ptr [rsp+60h],rax
00007ff6`db5fb826 488b06          mov     rax,qword ptr [rsi]

This was the register to which rcx was pointing:

rax=0000017b3f6e3730 rbx=feeefeeefeeefeee rcx=feeefeeefeeefeee
rdx=00007ff6db67d6b8 rsi=0000000000000000 rdi=0000000000000000
rip=00007ff6db5fb7ff rsp=00000050aebff2c0 rbp=00007ff6db67d6b8
 r8=00007ff6db673518  r9=0000000000000000 r10=0000017b03650000
r11=00000050aebff390 r12=00007ff6db673518 r13=0000000000000001
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei ng nz na po nc
cs=0033  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00010286
godot_windows_template_debug_x86_64_mono!ZN6embree13TaskScheduler12startThreadsEv+0x2d7c49f:
00007ff6`db5fb7ff 488b01          mov     rax,qword ptr [rcx] ds:feeefeee`feeefeee=????????????????

Memory inspection confirms use-after-free issue
0:000> dd rcx

feeefeee`feeefeee  ???????? ???????? ???????? ????????
feeefeee`feeefefe  ???????? ???????? ???????? ????????
feeefeee`feeeff0e  ???????? ???????? ???????? ????????
feeefeee`feeeff1e  ???????? ???????? ???????? ????????
feeefeee`feeeff2e  ???????? ???????? ???????? ????????
feeefeee`feeeff3e  ???????? ???????? ???????? ????????
feeefeee`feeeff4e  ???????? ???????? ???????? ????????
feeefeee`feeeff5e  ???????? ???????? ???????? ????????

0:000> dq rcx

feeefeee`feeefeee  ????????`???????? ????????`????????
feeefeee`feeefefe  ????????`???????? ????????`????????
feeefeee`feeeff0e  ????????`???????? ????????`????????
feeefeee`feeeff1e  ????????`???????? ????????`????????
feeefeee`feeeff2e  ????????`???????? ????????`????????
feeefeee`feeeff3e  ????????`???????? ????????`????????
feeefeee`feeeff4e  ????????`???????? ????????`????????
feeefeee`feeeff5e  ????????`???????? ????????`????????

No managed exception is present on the thread, which aligns with the native nature of the crash.

From this analysis, it seems the issue is a bug in the native code of the Godot engine or a related library, possibly Embree. This is caused due to improper memory management, as I have evidenced above, where we can clearly see memory being accessed after it has been freed. To further investigate, the Godot team might consider looking into the Godot engine's use of Embree, especially around thread management.

This is most definitely a crash, please add that label to this issue

@rsubtil
Copy link
Contributor

rsubtil commented Dec 17, 2023

Can you try compiling an export template with debug symbols to help in understanding where exactly the issue occurs?

You can follow this guide up to the Compilling section, and then instead follow these commands to compile in .NET/C# support.

@Benardus
Copy link
Author

Benardus commented Dec 17, 2023
edited
Loading

Am I to understand correctly that I need to create new export templates with C++ debug logging enabled and replicate the error and give you the WinDbg errors hopefully with more information such as which variables/C++ lines were part of the faulty operation?

@rsubtil
Copy link
Contributor

rsubtil commented Dec 18, 2023

Am I to understand correctly that I need to create new export templates with C++ debug logging enabled and replicate the error and give you the WinDbg errors hopefully with more information such as which variables/C++ lines were part of the faulty operation?

Yeah, since there's no debugging information, the exact file/line where that issue is happening is unknown. The reason it even says that it's ocurring on startThreads AFAIK is because it's an exported function (dllexport). The source-code for that function is very small, so the issue is likely somewhere later in one of the function calls:

godot/thirdparty/embree/common/tasking/taskschedulerinternal.cpp

Lines 145 to 149 in 2d0ee20

dll_export void TaskScheduler::ThreadPool::startThreads()
{
if (running) return;
setNumThreads(numThreads,true);
}

@Benardus
Copy link
Author

Benardus commented Dec 18, 2023
edited
Loading

I understand. I have been trying to generate the export templates for Godot 4.2.1 with C++ symbols (.PDB file) following the guide you provided, sadly with no success. It exports the following files

afbeelding

scons p=windows target=editor module_mono_enabled=yes
scons p=windows target=template_debug module_mono_enabled=yes
godot.windows.editor.x86_64.mono.exe --headless --generate-mono-glue modules\mono\glue
build_assemblies.py --godot-output-dir=.\bin --godot-platform=windows
godot.windows.editor.x86_64.mono.exe --headless --generate-mono-glue C:\Users\Benardus\Documents\Builds\godot\modules\mono\glue
build_assemblies.py --godot-output-dir=C:\Users\Benardus\Documents\Builds\godot\bin --godot-platform=windows

The .PDB file containing the C++ symbols is missing so the .exe is useless. There don't seem to be any parameters I can set to force it to give me the .PDB and corresponding .EXE i need. I encounter no errors when running the commands I stated.

Is there a way you could provide the templates with the corresponding .PDB file, then I could immediately explore additional details for the error.

@YuriSizov
Copy link
Contributor

To build Godot with debug symbols you need to pass dev_build=yes or debug_symbols=yes to the compilation command.

@Benardus
Copy link
Author

To build Godot with debug symbols you need to pass dev_build=yes or debug_symbols=yes to the compilation command.

Thanks, that worked, I am going to try and use it with WinDbg and see what I can uncover with the extra symbols for C++

@Benardus
Copy link
Author

Benardus commented Dec 18, 2023
edited by YuriSizov
Loading

Exception CallStack:

 # Child-SP          RetAddr               Call Site
00 (Inline Function) --------`--------     godot_windows_template_debug_x86_64_mono!GetCompleteObjectLocatorFromObject [D:\a\_work\1\s\src\vctools\crt\vcruntime\src\eh\rtti.cpp @ 102] 
01 (Inline Function) --------`--------     godot_windows_template_debug_x86_64_mono!FindCompleteObject [D:\a\_work\1\s\src\vctools\crt\vcruntime\src\eh\rtti.cpp @ 308] 
02 00000020`1e5ff530 00007ff7`d9bcde7e     godot_windows_template_debug_x86_64_mono!__RTDynamicCast+0x46 [D:\a\_work\1\s\src\vctools\crt\vcruntime\src\eh\rtti.cpp @ 223] 
03 (Inline Function) --------`--------     godot_windows_template_debug_x86_64_mono!Object::cast_to+0x1d [C:\Users\Benardus\Documents\Builds\godot\core\object\object.h @ 792] 
04 00000020`1e5ff5b0 00007ff7`dbe90d26     godot_windows_template_debug_x86_64_mono!CSharpLanguage::_instance_binding_reference_callback+0x6e [C:\Users\Benardus\Documents\Builds\godot\modules\mono\csharp_script.cpp @ 1376] 
05 (Inline Function) --------`--------     godot_windows_template_debug_x86_64_mono!Object::_instance_binding_reference+0x77 [C:\Users\Benardus\Documents\Builds\godot\core\object\object.h @ 678] 
06 00000020`1e5ff5f0 00007ff7`da3b7da6     godot_windows_template_debug_x86_64_mono!RefCounted::unreference+0xe6 [C:\Users\Benardus\Documents\Builds\godot\core\object\ref_counted.cpp @ 89] 
07 00000020`1e5ff630 00007ff7`da490964     godot_windows_template_debug_x86_64_mono!Ref<StyleBox>::unref+0x16 [C:\Users\Benardus\Documents\Builds\godot\core\object\ref_counted.h @ 209] 
08 (Inline Function) --------`--------     godot_windows_template_debug_x86_64_mono!ThemeDB::{dtor}+0x56 [C:\Users\Benardus\Documents\Builds\godot\scene\theme\theme_db.cpp @ 452] 
09 00000020`1e5ff660 00007ff7`d9707793     godot_windows_template_debug_x86_64_mono!ThemeDB::`scalar deleting destructor'+0x74
0a (Inline Function) --------`--------     godot_windows_template_debug_x86_64_mono!memdelete+0x1a [C:\Users\Benardus\Documents\Builds\godot\core\os\memory.h @ 109] 
0b (Inline Function) --------`--------     godot_windows_template_debug_x86_64_mono!finalize_theme_db+0x21 [C:\Users\Benardus\Documents\Builds\godot\main\main.cpp @ 372] 
0c 00000020`1e5ff6a0 00007ff7`d96c65c3     godot_windows_template_debug_x86_64_mono!Main::cleanup+0x2a3 [C:\Users\Benardus\Documents\Builds\godot\main\main.cpp @ 3811] 
0d 00000020`1e5ff710 00007ff7`d96c63e7     godot_windows_template_debug_x86_64_mono!widechar_main+0x1c3 [C:\Users\Benardus\Documents\Builds\godot\platform\windows\godot_windows.cpp @ 184] 
0e 00000020`1e5ffa90 00007ff7`d96c6639     godot_windows_template_debug_x86_64_mono!_main+0x47 [C:\Users\Benardus\Documents\Builds\godot\platform\windows\godot_windows.cpp @ 206] 
0f 00000020`1e5ffac0 00007ff7`dc5ff686     godot_windows_template_debug_x86_64_mono!main+0x9 [C:\Users\Benardus\Documents\Builds\godot\platform\windows\godot_windows.cpp @ 218] 
10 (Inline Function) --------`--------     godot_windows_template_debug_x86_64_mono!invoke_main+0x21 [D:\a\_work\1\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl @ 102] 
11 00000020`1e5ffaf0 00007ffb`85e87034     godot_windows_template_debug_x86_64_mono!__scrt_common_main_seh+0x106 [D:\a\_work\1\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl @ 288] 
12 00000020`1e5ffb30 00007ffb`87e62651     KERNEL32!BaseThreadInitThunk+0x14
13 00000020`1e5ffb60 00000000`00000000     ntdll!RtlUserThreadStart+0x21

dissamble command around faulting stack:

godot_windows_template_debug_x86_64_mono!GetCompleteObjectLocatorFromObject [D:\a\_work\1\s\src\vctools\crt\vcruntime\src\eh\rtti.cpp @ 223] [inlined in godot_windows_template_debug_x86_64_mono!__RTDynamicCast+0x46 [D:\a\_work\1\s\src\vctools\crt\vcruntime\src\eh\rtti.cpp @ 223]]:
00007ff7`dc600986 488b01          mov     rax,qword ptr [rcx]
00007ff7`dc600989 488b70f8        mov     rsi,qword ptr [rax-8]
00007ff7`dc60098d 8b4604          mov     eax,dword ptr [rsi+4]
00007ff7`dc600990 4c8bf7          mov     r14,rdi
00007ff7`dc600993 4c2bf0          sub     r14,rax
00007ff7`dc600996 8b5608          mov     edx,dword ptr [rsi+8]
00007ff7`dc600999 482bca          sub     rcx,rdx
00007ff7`dc60099c f7da            neg     edx

Registrar state:

rax=00000200245823c0 rbx=0000000000000000 rcx=feeefeeefeeefeee
rdx=0000000000000000 rsi=0000000000000001 rdi=feeefeeefeeefeee
rip=00007ff7dc600986 rsp=000000201e5ff530 rbp=0000000000000000
 r8=00007ff7dd3c0f00  r9=00007ff7dd3c0f20 r10=000001ffa83b0000
r11=000000201e5ff590 r12=00007ff7dd3c0f00 r13=0000000000000000
r14=0000000000000000 r15=00007ff7dd3c0f20
iopl=0         nv up ei ng nz na po nc
cs=0033  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00010286
godot_windows_template_debug_x86_64_mono!GetCompleteObjectLocatorFromObject [inlined in godot_windows_template_debug_x86_64_mono!__RTDynamicCast+0x46]:
00007ff7`dc600986 488b01          mov     rax,qword ptr [rcx] ds:feeefeee`feeefeee=????????????????

Exception analysis report:

Failed to request MethodData, not in JIT code range

KEY_VALUES_STRING: 1

Key  : AV.Fault
Value: Read

Key  : Analysis.CPU.mSec
Value: 4389

Key  : Analysis.Elapsed.mSec
Value: 4463

Key  : Analysis.IO.Other.Mb
Value: 0

Key  : Analysis.IO.Read.Mb
Value: 312

Key  : Analysis.IO.Write.Mb
Value: 311

Key  : Analysis.Init.CPU.mSec
Value: 6499

Key  : Analysis.Init.Elapsed.mSec
Value: 568520

Key  : Analysis.Memory.CommitPeak.Mb
Value: 636

Key  : CLR.Engine
Value: CORECLR

Key  : CLR.Version
Value: 6.0.2523.51912

Key  : Failure.Bucket
Value: INVALID_POINTER_READ_c0000005_godot.windows.template_debug.x86_64.mono.exe!__RTDynamicCast

Key  : Failure.Hash
Value: {d8196158-cea0-ee0f-f03f-920a1415fe09}

Key  : Timeline.OS.Boot.DeltaSec
Value: 402033

Key  : Timeline.Process.Start.DeltaSec
Value: 568

Key  : WER.OS.Branch
Value: vb_release

Key  : WER.OS.Version
Value: 10.0.19041.1

Key  : WER.Process.Version
Value: 1.0.0.0

PROCESSES_ANALYSIS: 1

SERVICE_ANALYSIS: 1

STACKHASH_ANALYSIS: 1

ADDITIONAL_XML: 1

OS_BUILD_LAYERS: 1

TIMELINE_ANALYSIS: 1

Timeline: !analyze.Start
Name:
Time: 2023-12-18T14:07:49.545Z
Diff: 454 mSec

Timeline: Dump.Current
Name:
Time: 2023-12-18T14:07:50.0Z
Diff: 0 mSec

Timeline: Process.Start
Name:
Time: 2023-12-18T13:58:22.0Z
Diff: 568000 mSec

Timeline: OS.Boot
Name:
Time: 2023-12-13T22:27:17.0Z
Diff: 402033000 mSec

DUMP_CLASS: 2

DUMP_QUALIFIER: 0

MODLIST_WITH_TSCHKSUM_HASH: 6497984623e0415487c795b58f65a93dd03636b4

MODLIST_SHA1_HASH: cdf2c1e2258931701fb07864f4430eb3058bc64c

NTGLOBALFLAG: 70

PROCESS_BAM_CURRENT_THROTTLED: 0

PROCESS_BAM_PREVIOUS_THROTTLED: 0

APPLICATION_VERIFIER_FLAGS: 0

PRODUCT_TYPE: 1

SUITE_MASK: 272

DUMP_TYPE: fe

FAULTING_IP:
godot_windows_template_debug_x86_64_mono!__RTDynamicCast+46 [D:\a_work\1\s\src\vctools\crt\vcruntime\src\eh\rtti.cpp @ 223]
00007ff7`dc600986 488b01 mov rax,qword ptr [rcx]

EXCEPTION_RECORD: (.exr -1)
ExceptionAddress: 00007ff7dc600986 (godot_windows_template_debug_x86_64_mono!GetCompleteObjectLocatorFromObject)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: ffffffffffffffff
Attempt to read from address ffffffffffffffff

FAULTING_THREAD: 000016c4

DEFAULT_BUCKET_ID: INVALID_POINTER_READ

PROCESS_NAME: godot.windows.template_debug.x86_64.mono.exe

FOLLOWUP_IP:
godot_windows_template_debug_x86_64_mono!__RTDynamicCast+46 [D:\a_work\1\s\src\vctools\crt\vcruntime\src\eh\rtti.cpp @ 223]
00007ff7`dc600986 488b01 mov rax,qword ptr [rcx]

READ_ADDRESS: ffffffffffffffff

ERROR_CODE: (NTSTATUS) 0xc0000005 - De instructie op 0x%p verwijst naar geheugen op 0x%p. Het geheugen kan niet worden %s.

EXCEPTION_CODE_STR: c0000005

EXCEPTION_PARAMETER1: 0000000000000000

EXCEPTION_PARAMETER2: ffffffffffffffff

WATSON_BKT_PROCSTAMP: 65804e7e

WATSON_BKT_PROCVER: 1.0.0.0

PROCESS_VER_PRODUCT:

WATSON_BKT_MODULE: godot.windows.template_debug.x86_64.mono.exe

WATSON_BKT_MODSTAMP: 65804e7e

WATSON_BKT_MODOFFSET: 2f40986

WATSON_BKT_MODVER: 1.0.0.0

MODULE_VER_PRODUCT:

BUILD_VERSION_STRING: 19041.1.amd64fre.vb_release.191206-1406

ANALYSIS_SESSION_HOST: DESKTOP-OG38IEJ

ANALYSIS_SESSION_TIME: 12-18-2023 15:07:49.0545

ANALYSIS_VERSION: 10.0.25921.1001 amd64fre

MANAGED_CODE: 1

MANAGED_ENGINE_MODULE: coreclr

MANAGED_ANALYSIS_PROVIDER: SOS

MANAGED_THREAD_ID: 16c4

THREAD_ATTRIBUTES:

[ GLOBAL ]

Global    D1    PID: [1372]
Global    D1    Thread_Count: [37]
Global    D1    PageSize: [4096]
Global    STR   ModList_SHA1_Hash: [cdf2c1e2258931701fb07864f4430eb3058bc64c]
Global    STR   CommandLine: [C:\Users\Benardus\Documents\STRGAME\Special\STR.exe]
Global    STR   Desktop_Name: [WinSta0\Default]
Global    STR   ProcessName: [godot.windows.template_debug.x86_64.mono.exe]
Global    STR   Debugger_CPU_Architecture: [amd64]
Global    D1    CPU_ProcessorCount: [12]
Global    D1    CPU_MHZ: [3600]
Global    STR   CPU_Architecture: [X64]
Global    D1    CPU_Family: [23]
Global    D1    CPU_Model: [8]
Global    D1    CPU_Stepping: [2]
Global    STR   CPU_VendorString: []
Global          ManagedFailure
Global    D1    LoadedModule_Count: [100]
Global    D1    UnloadedModule_Count: [3]
Global          ProcessBeingDebugged
Global    D1    GFlags: [112]
Global    D1    Application_Verifer_Flags: [0]
Global    STR   CurrentTimeDate: [2023-12-18T14:07:50.0Z]
Global    D1    CurrentTimeDate: [-1784463616]
Global    STR   ProcessUpTime: [0 days 0:09:28.000]
Global    D1    ProcessUpTime: [568]
Global    STR   SystemUpTime: [4 days 15:40:33.000]
Global    D1    SystemUpTime: [402033]
Global    D1    ProductType: [1]
Global    D1    SuiteMask: [272]
Global          ASLR_Enabled
Global          SafeSEH_Enabled
Global          SafeSEH_NotApplicable

[ THREAD ]

0 Id: 55c.16c4
Frame[00] D1 TID: [0x16c4]
Frame[00] Is_OriginalExceptionThread
Frame[00] D1 Stack_Frames_Extraction_Time_(ms): [0x0]
Frame[00] STR ThreadStartAddress: [godot_windows_template_debug_x86_64_mono!WinMainCRTStartup]
Frame[00] D1 ThreadStartAddress: [0x00007ff7dc5ff6f4]
Frame[00] STR Stack_SHA1_Hash_Mod: [e673e9374bb772af743c36984b49d98f0117f88d]
Frame[00] D2 Stack_SHA1_Hash_Mod: [0xc]
Frame[00] STR Stack_SHA1_Hash_Unique_Mod: [53f6829ecc5643a0832019b563205bb05c2b7c75]
Frame[00] D2 Stack_SHA1_Hash_Unique_Mod: [0xc]
Frame[00] STR Stack_SHA1_Hash_Mod_Func: [36b9810b5a47d35353c8a9162d9837c7eaa0cce9]
Frame[00] D2 Stack_SHA1_Hash_Mod_Func: [0xc]
Frame[00] STR Stack_SHA1_Hash_Mod_Func_Offset: [017ac7bc3713bf3daa58b6c77993d92bd97bca22]
Frame[00] D2 Stack_SHA1_Hash_Mod_Func_Offset: [0xc]
Frame[00] STR FrameGroupHash: [05722e3f86d53818588d17be58f28543a2638116]
Frame[00] D2 FrameGroupHash: [0x9]
Frame[0a] STR FrameGroupHash: [7ea492feb1419c00d39d38bbc95ba05900031a09]
Frame[0a] D2 FrameGroupHash: [0xa]
Frame[0b] STR FrameGroupHash: [0b0cefc38e6086cebb12d6063da67f39c688ae78]
Frame[0b] D2 FrameGroupHash: [0xb]
Frame[00] D1 Number_of_Unique_Stack_Modules: [0x3]
Frame[0a] CompleteStackWalk
Frame[00] Is_UIThread
Frame[00] D1 Thread_LastStatus: [0xc0000034]
Frame[00] D1 ThreadLocale: [0x413]
Frame[00] D1 BadReadAddress: [0xffffffffffffffff]
Frame[00] D1 MinusOne_READ: [0xffffffffffffffff]
Frame[00] D1 Number_of_Stack_Frames: [0xc]
Frame[00] D1 Bad_Frame_Count: [0x0]
Frame[00] D1 Ignored_Frame_Count: [0x0]
Frame[00] D1 Frames_not_in_stack_range: [0x0]
Frame[00] NotSysEnter
Frame[00] Is_ManagedThread
Frame[00] Is_SuspectHighUserTime
Frame[00] Is_DefiniteHighUserTime
Frame[00] Is_SuspectHighKernelTime
Frame[00] D1 Arch_AX_Register: [0x00000200245823c0]
Frame[00] null_Arch_BX
Frame[00] D1 Arch_CX_Register: [0xfeeefeeefeeefeee]
Frame[00] null_Arch_DX
Frame[00] D1 near_null_Arch_SI: [0x0000000000000001]
Frame[00] D1 Arch_DI_Register: [0xfeeefeeefeeefeee]
Frame[00] D1 stackaddr_SP: [0x000000201e5ff530]
Frame[00] null_Arch_BP
Frame[00] D1 LoadedModule_Arch_IP: [0x00007ff7dc600986]
Frame[00] D1 loadedmodule_msr_r8: [0x00007ff7dd3c0f00]
Frame[00] D1 loadedmodule_msr_r9: [0x00007ff7dd3c0f20]
Frame[00] D1 msr_r10: [0x000001ffa83b0000]
Frame[00] NOP_msr_r11
Frame[00] D1 loadedmodule_msr_r12: [0x00007ff7dd3c0f00]
Frame[00] NULL_msr_r13
Frame[00] NULL_msr_r14
Frame[00] D1 loadedmodule_msr_r15: [0x00007ff7dd3c0f20]
Frame[00] D1 Instruction_Pointer: [0x00007ff7dc600986]
Frame[00] D1 read_Arch_CX: [0xfeeefeeefeeefeee]
Frame[00] D1 Stack_Attribute_Extraction_Time_(ms): [0x2f]

Frame[00]  Triage Symbol: [godot_windows_template_debug_x86_64_mono!__RTDynamicCast+0x46]
Frame[01]  Triage Symbol: [godot_windows_template_debug_x86_64_mono!CSharpLanguage::_instance_binding_reference_callback+0x6e]
Frame[02]  Triage Symbol: [godot_windows_template_debug_x86_64_mono!RefCounted::unreference+0xe6]
Frame[03]  Triage Symbol: [godot_windows_template_debug_x86_64_mono!Ref<StyleBox>::unref+0x16]
Frame[04]  Triage Symbol: [godot_windows_template_debug_x86_64_mono!ThemeDB::`scalar deleting destructor'+0x74]
Frame[05]  Triage Symbol: [godot_windows_template_debug_x86_64_mono!Main::cleanup+0x2a3]
Frame[06]  Triage Symbol: [godot_windows_template_debug_x86_64_mono!widechar_main+0x1c3]
Frame[07]  Triage Symbol: [godot_windows_template_debug_x86_64_mono!_main+0x47]
Frame[08]  Triage Symbol: [godot_windows_template_debug_x86_64_mono!main+0x9]
Frame[09]  Triage Symbol: [godot_windows_template_debug_x86_64_mono!__scrt_common_main_seh+0x106]
Frame[0a]  Triage Symbol: [KERNEL32!BaseThreadInitThunk+0x14]
Frame[0b]  Triage Symbol: [ntdll!RtlUserThreadStart+0x21]

-1 Id: 55c.ffffffff
Frame[00] PSEUDO_THREAD
Frame[00] SINGLE_INSTRUCTION_PSEUDO_THREAD

Frame[00]  Triage Symbol: [godot_windows_template_debug_x86_64_mono!__RTDynamicCast+0x46]

-1 Id: 55c.ffffffff
Frame[00] PSEUDO_THREAD

PRIMARY_PROBLEM_CLASS: APPLICATION_FAULT

PROBLEM_CLASSES:

ID:     [0n329]
Type:   [@ACCESS_VIOLATION]
Class:  Addendum
Scope:  BUCKET_ID
Name:   Omit
Data:   Omit
PID:    [Unspecified]
TID:    [0x16c4]
Frame:  [0] : godot_windows_template_debug_x86_64_mono!__RTDynamicCast

ID:     [0n301]
Type:   [INVALID_POINTER_READ]
Class:  Primary
Scope:  DEFAULT_BUCKET_ID (Failure Bucket ID prefix)
        BUCKET_ID
Name:   Add
Data:   Omit
PID:    [Unspecified]
TID:    [0x16c4]
Frame:  [0] : godot_windows_template_debug_x86_64_mono!__RTDynamicCast

LAST_CONTROL_TRANSFER: from 00007ff7d9bcde7e to 00007ff7dc600986

STACK_TEXT:
000000201e5ff530 00007ff7d9bcde7e : 000001ffc1af9c50 0000000000000000 0000000000000001 000001ffa83b0000 : godot_windows_template_debug_x86_64_mono!__RTDynamicCast+0x46
000000201e5ff5b0 00007ff7dbe90d26 : 000001ffc1d3e060 000001ffc1d3e060 00000000ffffff01 0000000000000001 : godot_windows_template_debug_x86_64_mono!CSharpLanguage::_instance_binding_reference_callback+0x6e
000000201e5ff5f0 00007ff7da3b7da6 : 0000000000000000 000001ffbb7aa710 00000000ffffffff 0000000000000000 : godot_windows_template_debug_x86_64_mono!RefCounted::unreference+0xe6
000000201e5ff630 00007ff7da490964 : 0000000000000002 00007ff7dbe0c5e1 000001ffbb7aa580 000001ff00000000 : godot_windows_template_debug_x86_64_mono!Ref::unref+0x16
000000201e5ff660 00007ff7d9707793 : 000001ffbb7aa580 00000000ffffffff 0000000000000000 0000000000000002 : godot_windows_template_debug_x86_64_mono!ThemeDB::scalar deleting destructor'+0x74 000000201e5ff6a0 00007ff7d96c65c3 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : godot_windows_template_debug_x86_64_mono!Main::cleanup+0x2a3 000000201e5ff710 00007ff7d96c63e7 : 000001ff00000001 000000201e5ffac0 0000000000000000 000001ffa8418c80 : godot_windows_template_debug_x86_64_mono!widechar_main+0x1c3 000000201e5ffa90 00007ff7d96c6639 : 000001ff00000001 000000000000000a 0000000000000000 00007ff7dc661450 : godot_windows_template_debug_x86_64_mono!_main+0x47 000000201e5ffac0 00007ff7dc5ff686 : 000000000000000a 00007ff7dc5ff6fd 0000000000000000 0000000000000000 : godot_windows_template_debug_x86_64_mono!main+0x9 000000201e5ffaf0 00007ffb85e87034 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : godot_windows_template_debug_x86_64_mono!__scrt_common_main_seh+0x106 000000201e5ffb30 00007ffb87e62651 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : KERNEL32!BaseThreadInitThunk+0x14 000000201e5ffb60 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x21

STACK_COMMAND: ~0s ; .cxr ; kb

FAULT_INSTR_CODE: 48018b48

FAULTING_SOURCE_LINE: D:\a_work\1\s\src\vctools\crt\vcruntime\src\eh\rtti.cpp

FAULTING_SOURCE_FILE: D:\a_work\1\s\src\vctools\crt\vcruntime\src\eh\rtti.cpp

FAULTING_SOURCE_LINE_NUMBER: 223

FAULTING_SOURCE_CODE:
No source found for 'D:\a_work\1\s\src\vctools\crt\vcruntime\src\eh\rtti.cpp'

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: godot_windows_template_debug_x86_64_mono!__RTDynamicCast+46

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: godot_windows_template_debug_x86_64_mono

IMAGE_NAME: godot.windows.template_debug.x86_64.mono.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 65804e7e

FAILURE_BUCKET_ID: INVALID_POINTER_READ_c0000005_godot.windows.template_debug.x86_64.mono.exe!__RTDynamicCast

BUCKET_ID: APPLICATION_FAULT_INVALID_POINTER_READ_godot_windows_template_debug_x86_64_mono!__RTDynamicCast+46

FAILURE_EXCEPTION_CODE: c0000005

FAILURE_IMAGE_NAME: godot.windows.template_debug.x86_64.mono.exe

BUCKET_ID_IMAGE_STR: godot.windows.template_debug.x86_64.mono.exe

FAILURE_MODULE_NAME: godot_windows_template_debug_x86_64_mono

BUCKET_ID_MODULE_STR: godot_windows_template_debug_x86_64_mono

FAILURE_FUNCTION_NAME: __RTDynamicCast

BUCKET_ID_FUNCTION_STR: __RTDynamicCast

BUCKET_ID_OFFSET: 46

BUCKET_ID_MODTIMEDATESTAMP: 65804e7e

BUCKET_ID_MODCHECKSUM: 0

BUCKET_ID_MODVER_STR: 1.0.0.0

BUCKET_ID_PREFIX_STR: APPLICATION_FAULT_INVALID_POINTER_READ_

FAILURE_PROBLEM_CLASS: APPLICATION_FAULT

FAILURE_SYMBOL_NAME: godot.windows.template_debug.x86_64.mono.exe!__RTDynamicCast

OS_VERSION: 10.0.19041.1

OS_MAJOR: 10

OS_MINOR: 0

OS_BUILD: 19041

OS_REVISION: 1

BUILDDATESTAMP_STR: 191206-1406

OSBUILD_TIMESTAMP: 2019-12-06T14:06:00Z

BUILDLAB_STR: vb_release

OS_BUILD_STRING: 19041.1.amd64fre.vb_release.191206-1406

BUILDFLAVOR_STR: Checked

TARGET_TIME: 2023-12-18T14:07:53.000Z

OSSERVICEPACK: 0

OSPLATFORM_TYPE: x64

OSNAME: Windows 10

OSEDITION: Windows 10 WinNt SingleUserTS

SYSINFO:




FA_ADHOC:

<EXCEPTION_PARAMETER1>0</EXCEPTION_PARAMETER1>
<EXCEPTION_PARAMETER2>-1</EXCEPTION_PARAMETER2>
<BUILDFLAVOR_STR>Checked</BUILDFLAVOR_STR>
<OSPLATFORM_TYPE>x64</OSPLATFORM_TYPE>
<FAULTING_SOURCE_LINE>D:\a_work\1\s\src\vctools\crt\vcruntime\src\eh\rtti.cpp</FAULTING_SOURCE_LINE>
<FAULTING_SOURCE_FILE>D:\a_work\1\s\src\vctools\crt\vcruntime\src\eh\rtti.cpp</FAULTING_SOURCE_FILE>
<FAULTING_SOURCE_LINE_NUMBER>223</FAULTING_SOURCE_LINE_NUMBER>

IMAGE_VERSION: 1.0.0.0

ANALYSIS_SESSION_ELAPSED_TIME: 116f

ANALYSIS_SOURCE: UM

FAILURE_ID_HASH_STRING: um:invalid_pointer_read_c0000005_godot.windows.template_debug.x86_64.mono.exe!__rtdynamiccast

FAILURE_ID_HASH: {d8196158-cea0-ee0f-f03f-920a1415fe09}

Followup: MachineOwner

@YuriSizov
Copy link
Contributor

YuriSizov commented Dec 18, 2023
edited
Loading

Do you have a custom stylebox scripted in C#?

Edit: I took a liberty to collapse your logs to make this discussion a bit more readable.

@YuriSizov YuriSizov changed the title Crash on GetTree().Quit() memory violation (WinDBG analysis included) Crash on exit with a StyleBox scripted in C# Dec 18, 2023
@Benardus
Copy link
Author

Benardus commented Dec 18, 2023
edited
Loading

The only C# code doing anything with a stylebox is the following code:

public void SetHeroHPBarColor(bool isBlue)
{
    // Get the StyleBoxFlat for the foreground
    StyleBoxFlat fgStyle = heroHpBar.GetThemeStylebox("fg") as StyleBoxFlat;

    // Check if the StyleBoxFlat is not null
    if (fgStyle != null)
    {
        if (isBlue)
        {
            // Set the color to blue
            fgStyle.BgColor = new Color(0, 0, 1, 1); // Blue
        }
        else
        {
            // Set the color back to red
            fgStyle.BgColor = new Color(140f / 255f, 0, 0, 1); // Red
        }

        // Apply the changed StyleBoxFlat back to the ProgressBar
        heroHpBar.Set("custom_styles/fg", fgStyle);
    }
    else
    {
        // Log error if the StyleBoxFlat couldn't be retrieved or casted
        GD.Print("Failed to retrieve or cast the StyleBox.");
    }
}

I also use StyleBoxTexture and StyleBoxFlat on panels in the Godot Editor, I assign that in the inspector.

@YuriSizov YuriSizov changed the title Crash on exit with a StyleBox scripted in C# Crash on exit with a StyleBox references in C# scripts Dec 18, 2023
@YuriSizov YuriSizov changed the title Crash on exit with a StyleBox references in C# scripts Crash on exit with a StyleBox referenced in C# scripts Dec 18, 2023
@YuriSizov
Copy link
Contributor

YuriSizov commented Dec 18, 2023
edited
Loading

Okay, so the C# script holds a reference to some styleboxes and that's what causes the crash on exit. We destroy the theme and all its contents before the scripts are finalized, it seems.

Seems like it should be possible to create an MRP right now, if you could?

@Benardus
Copy link
Author

I have created a MRP and the exact same issue happens, your suggestion seems to be the root cause of the issue..
20231218_MRP_StyleboxC#ReferenceCrash.zip

Steps to reproduce:

  1. Export project to .exe
  2. start .exe
  3. Click button [ENTER MAP]
  4. Click button [Change StyleBoxFlat bg color] (I clicked 2-3 times)
  5. Click button [Return To Title]
  6. Click button [QUIT]
    Profit: Get served a memory violation in windows event viewer.

It must be a faillure in my understanding. The scene in my game that sets that stylebox is destroyed and with that I believe the reference should die as well. I do not set this reference static or in a singleton. So I am surprised it holds on to that, again I must be misunderstanding something.

Thanks for your assistance.

@Benardus
Copy link
Author

Benardus commented Dec 18, 2023
edited by YuriSizov
Loading

I have removed the function from my game. But I still get this error. Now I do NOT have any more C# stylebox references. Can you look into what else is happening. These are the logs

(290c.5688): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
*** WARNING: Unable to verify checksum for godot.windows.template_debug.x86_64.mono.exe
godot_windows_template_debug_x86_64_mono!GetCompleteObjectLocatorFromObject [inlined in godot_windows_template_debug_x86_64_mono!__RTDynamicCast+0x46]:
00007ff6a3c10986 488b01 mov rax,qword ptr [rcx] ds:feeefeeefeeefeee=????????????????

Stack error

# Child-SP          RetAddr               Call Site
00 (Inline Function) --------`--------     godot_windows_template_debug_x86_64_mono!GetCompleteObjectLocatorFromObject [D:\a\_work\1\s\src\vctools\crt\vcruntime\src\eh\rtti.cpp @ 102] 
01 (Inline Function) --------`--------     godot_windows_template_debug_x86_64_mono!FindCompleteObject [D:\a\_work\1\s\src\vctools\crt\vcruntime\src\eh\rtti.cpp @ 308] 
02 0000002b`fa5ff8f0 00007ff6`a11dde7e     godot_windows_template_debug_x86_64_mono!__RTDynamicCast+0x46 [D:\a\_work\1\s\src\vctools\crt\vcruntime\src\eh\rtti.cpp @ 223] 
03 (Inline Function) --------`--------     godot_windows_template_debug_x86_64_mono!Object::cast_to+0x1d [C:\Users\Benardus\Documents\Builds\godot\core\object\object.h @ 792] 
04 0000002b`fa5ff970 00007ff6`a34a0d26     godot_windows_template_debug_x86_64_mono!CSharpLanguage::_instance_binding_reference_callback+0x6e [C:\Users\Benardus\Documents\Builds\godot\modules\mono\csharp_script.cpp @ 1376] 
05 (Inline Function) --------`--------     godot_windows_template_debug_x86_64_mono!Object::_instance_binding_reference+0x77 [C:\Users\Benardus\Documents\Builds\godot\core\object\object.h @ 678] 
06 0000002b`fa5ff9b0 00007ff6`a19c7da6     godot_windows_template_debug_x86_64_mono!RefCounted::unreference+0xe6 [C:\Users\Benardus\Documents\Builds\godot\core\object\ref_counted.cpp @ 89] 
07 0000002b`fa5ff9f0 00007ff6`a1aa0964     godot_windows_template_debug_x86_64_mono!Ref<StyleBox>::unref+0x16 [C:\Users\Benardus\Documents\Builds\godot\core\object\ref_counted.h @ 209] 
08 (Inline Function) --------`--------     godot_windows_template_debug_x86_64_mono!ThemeDB::{dtor}+0x56 [C:\Users\Benardus\Documents\Builds\godot\scene\theme\theme_db.cpp @ 452] 
09 0000002b`fa5ffa20 00007ff6`a0d17793     godot_windows_template_debug_x86_64_mono!ThemeDB::`scalar deleting destructor'+0x74
0a (Inline Function) --------`--------     godot_windows_template_debug_x86_64_mono!memdelete+0x1a [C:\Users\Benardus\Documents\Builds\godot\core\os\memory.h @ 109] 
0b (Inline Function) --------`--------     godot_windows_template_debug_x86_64_mono!finalize_theme_db+0x21 [C:\Users\Benardus\Documents\Builds\godot\main\main.cpp @ 372] 
0c 0000002b`fa5ffa60 00007ff6`a0cd65c3     godot_windows_template_debug_x86_64_mono!Main::cleanup+0x2a3 [C:\Users\Benardus\Documents\Builds\godot\main\main.cpp @ 3811] 
0d 0000002b`fa5ffad0 00007ff6`a0cd63e7     godot_windows_template_debug_x86_64_mono!widechar_main+0x1c3 [C:\Users\Benardus\Documents\Builds\godot\platform\windows\godot_windows.cpp @ 184] 
0e 0000002b`fa5ffe50 00007ff6`a0cd6639     godot_windows_template_debug_x86_64_mono!_main+0x47 [C:\Users\Benardus\Documents\Builds\godot\platform\windows\godot_windows.cpp @ 206] 
0f 0000002b`fa5ffe80 00007ff6`a3c0f686     godot_windows_template_debug_x86_64_mono!main+0x9 [C:\Users\Benardus\Documents\Builds\godot\platform\windows\godot_windows.cpp @ 218] 
10 (Inline Function) --------`--------     godot_windows_template_debug_x86_64_mono!invoke_main+0x21 [D:\a\_work\1\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl @ 102] 
11 0000002b`fa5ffeb0 00007ffb`85e87034     godot_windows_template_debug_x86_64_mono!__scrt_common_main_seh+0x106 [D:\a\_work\1\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl @ 288] 
12 0000002b`fa5ffef0 00007ffb`87e62651     KERNEL32!BaseThreadInitThunk+0x14
13 0000002b`fa5fff20 00000000`00000000     ntdll!RtlUserThreadStart+0x21

registrar state

rax=000001b4c0c14080 rbx=0000000000000000 rcx=feeefeeefeeefeee
rdx=0000000000000000 rsi=0000000000000001 rdi=feeefeeefeeefeee
rip=00007ff6a3c10986 rsp=0000002bfa5ff8f0 rbp=0000000000000000
 r8=00007ff6a49d0f00  r9=00007ff6a49d0f20 r10=000001b4ce710000
r11=0000002bfa5ff950 r12=00007ff6a49d0f00 r13=0000000000000000
r14=0000000000000000 r15=00007ff6a49d0f20
iopl=0         nv up ei ng nz na po nc
cs=0033  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00010286
godot_windows_template_debug_x86_64_mono!GetCompleteObjectLocatorFromObject [inlined in godot_windows_template_debug_x86_64_mono!__RTDynamicCast+0x46]:
00007ff6`a3c10986 488b01          mov     rax,qword ptr [rcx] ds:feeefeee`feeefeee=????????????????

unassembled code around error

godot_windows_template_debug_x86_64_mono!GetCompleteObjectLocatorFromObject [D:\a\_work\1\s\src\vctools\crt\vcruntime\src\eh\rtti.cpp @ 223] [inlined in godot_windows_template_debug_x86_64_mono!__RTDynamicCast+0x46 [D:\a\_work\1\s\src\vctools\crt\vcruntime\src\eh\rtti.cpp @ 223]]:
00007ff6`a3c10986 488b01          mov     rax,qword ptr [rcx]
00007ff6`a3c10989 488b70f8        mov     rsi,qword ptr [rax-8]
00007ff6`a3c1098d 8b4604          mov     eax,dword ptr [rsi+4]
00007ff6`a3c10990 4c8bf7          mov     r14,rdi
00007ff6`a3c10993 4c2bf0          sub     r14,rax
00007ff6`a3c10996 8b5608          mov     edx,dword ptr [rsi+8]
00007ff6`a3c10999 482bca          sub     rcx,rdx
00007ff6`a3c1099c f7da            neg     edx

Analysis report

Failed to request MethodData, not in JIT code range

KEY_VALUES_STRING: 1

Key  : AV.Fault
Value: Read

Key  : Analysis.CPU.mSec
Value: 4406

Key  : Analysis.Elapsed.mSec
Value: 4441

Key  : Analysis.IO.Other.Mb
Value: 0

Key  : Analysis.IO.Read.Mb
Value: 1

Key  : Analysis.IO.Write.Mb
Value: 0

Key  : Analysis.Init.CPU.mSec
Value: 6030

Key  : Analysis.Init.Elapsed.mSec
Value: 304553

Key  : Analysis.Memory.CommitPeak.Mb
Value: 635

Key  : CLR.Engine
Value: CORECLR

Key  : CLR.Version
Value: 6.0.2523.51912

Key  : Failure.Bucket
Value: INVALID_POINTER_READ_c0000005_godot.windows.template_debug.x86_64.mono.exe!__RTDynamicCast

Key  : Failure.Hash
Value: {d8196158-cea0-ee0f-f03f-920a1415fe09}

Key  : Timeline.OS.Boot.DeltaSec
Value: 407062

Key  : Timeline.Process.Start.DeltaSec
Value: 305

Key  : WER.OS.Branch
Value: vb_release

Key  : WER.OS.Version
Value: 10.0.19041.1

Key  : WER.Process.Version
Value: 1.0.0.0

PROCESSES_ANALYSIS: 1

SERVICE_ANALYSIS: 1

STACKHASH_ANALYSIS: 1

ADDITIONAL_XML: 1

OS_BUILD_LAYERS: 1

TIMELINE_ANALYSIS: 1

Timeline: !analyze.Start
Name:
Time: 2023-12-18T15:31:39.447Z
Diff: 552 mSec

Timeline: Dump.Current
Name:
Time: 2023-12-18T15:31:40.0Z
Diff: 0 mSec

Timeline: Process.Start
Name:
Time: 2023-12-18T15:26:35.0Z
Diff: 305000 mSec

Timeline: OS.Boot
Name:
Time: 2023-12-13T22:27:18.0Z
Diff: 407062000 mSec

DUMP_CLASS: 2

DUMP_QUALIFIER: 0

MODLIST_WITH_TSCHKSUM_HASH: 28b8f4c061c9141da93652665af98fa416650ef9

MODLIST_SHA1_HASH: 066d6a20f66f61c4c576f35e8331b06b36c225dd

NTGLOBALFLAG: 70

PROCESS_BAM_CURRENT_THROTTLED: 0

PROCESS_BAM_PREVIOUS_THROTTLED: 0

APPLICATION_VERIFIER_FLAGS: 0

PRODUCT_TYPE: 1

SUITE_MASK: 272

DUMP_TYPE: fe

FAULTING_IP:
godot_windows_template_debug_x86_64_mono!__RTDynamicCast+46 [D:\a_work\1\s\src\vctools\crt\vcruntime\src\eh\rtti.cpp @ 223]
00007ff6`a3c10986 488b01 mov rax,qword ptr [rcx]

EXCEPTION_RECORD: (.exr -1)
ExceptionAddress: 00007ff6a3c10986 (godot_windows_template_debug_x86_64_mono!GetCompleteObjectLocatorFromObject)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: ffffffffffffffff
Attempt to read from address ffffffffffffffff

FAULTING_THREAD: 00005688

DEFAULT_BUCKET_ID: INVALID_POINTER_READ

PROCESS_NAME: godot.windows.template_debug.x86_64.mono.exe

FOLLOWUP_IP:
godot_windows_template_debug_x86_64_mono!__RTDynamicCast+46 [D:\a_work\1\s\src\vctools\crt\vcruntime\src\eh\rtti.cpp @ 223]
00007ff6`a3c10986 488b01 mov rax,qword ptr [rcx]

READ_ADDRESS: ffffffffffffffff

ERROR_CODE: (NTSTATUS) 0xc0000005 - De instructie op 0x%p verwijst naar geheugen op 0x%p. Het geheugen kan niet worden %s.

EXCEPTION_CODE_STR: c0000005

EXCEPTION_PARAMETER1: 0000000000000000

EXCEPTION_PARAMETER2: ffffffffffffffff

WATSON_BKT_PROCSTAMP: 65804e7e

WATSON_BKT_PROCVER: 1.0.0.0

PROCESS_VER_PRODUCT: Seal The Rift

WATSON_BKT_MODULE: godot.windows.template_debug.x86_64.mono.exe

WATSON_BKT_MODSTAMP: 65804e7e

WATSON_BKT_MODOFFSET: 2f40986

WATSON_BKT_MODVER: 1.0.0.0

MODULE_VER_PRODUCT: Seal The Rift

BUILD_VERSION_STRING: 19041.1.amd64fre.vb_release.191206-1406

ANALYSIS_SESSION_HOST: DESKTOP-OG38IEJ

ANALYSIS_SESSION_TIME: 12-18-2023 16:31:39.0447

ANALYSIS_VERSION: 10.0.25921.1001 amd64fre

MANAGED_CODE: 1

MANAGED_ENGINE_MODULE: coreclr

MANAGED_ANALYSIS_PROVIDER: SOS

MANAGED_THREAD_ID: 5688

THREAD_ATTRIBUTES:

[ GLOBAL ]

Global    D1    PID: [10508]
Global    D1    Thread_Count: [37]
Global    D1    PageSize: [4096]
Global    STR   ModList_SHA1_Hash: [066d6a20f66f61c4c576f35e8331b06b36c225dd]
Global    STR   CommandLine: [C:\Users\Benardus\Documents\STRGAME\STR.exe]
Global    STR   Desktop_Name: [WinSta0\Default]
Global    STR   ProcessName: [godot.windows.template_debug.x86_64.mono.exe]
Global    STR   Debugger_CPU_Architecture: [amd64]
Global    D1    CPU_ProcessorCount: [12]
Global    D1    CPU_MHZ: [3600]
Global    STR   CPU_Architecture: [X64]
Global    D1    CPU_Family: [23]
Global    D1    CPU_Model: [8]
Global    D1    CPU_Stepping: [2]
Global    STR   CPU_VendorString: []
Global          ManagedFailure
Global    D1    LoadedModule_Count: [100]
Global    D1    UnloadedModule_Count: [3]
Global          ProcessBeingDebugged
Global    D1    GFlags: [112]
Global    D1    Application_Verifer_Flags: [0]
Global    STR   CurrentTimeDate: [2023-12-18T15:31:40.0Z]
Global    D1    CurrentTimeDate: [1270896128]
Global    STR   ProcessUpTime: [0 days 0:05:05.000]
Global    D1    ProcessUpTime: [305]
Global    STR   SystemUpTime: [4 days 17:04:22.000]
Global    D1    SystemUpTime: [407062]
Global    D1    ProductType: [1]
Global    D1    SuiteMask: [272]
Global          ASLR_Enabled
Global          SafeSEH_Enabled
Global          SafeSEH_NotApplicable

[ THREAD ]

0 Id: 290c.5688
Frame[00] D1 TID: [0x5688]
Frame[00] Is_OriginalExceptionThread
Frame[00] D1 Stack_Frames_Extraction_Time_(ms): [0xf]
Frame[00] STR ThreadStartAddress: [godot_windows_template_debug_x86_64_mono!WinMainCRTStartup]
Frame[00] D1 ThreadStartAddress: [0x00007ff6a3c0f6f4]
Frame[00] STR Stack_SHA1_Hash_Mod: [e673e9374bb772af743c36984b49d98f0117f88d]
Frame[00] D2 Stack_SHA1_Hash_Mod: [0xc]
Frame[00] STR Stack_SHA1_Hash_Unique_Mod: [53f6829ecc5643a0832019b563205bb05c2b7c75]
Frame[00] D2 Stack_SHA1_Hash_Unique_Mod: [0xc]
Frame[00] STR Stack_SHA1_Hash_Mod_Func: [36b9810b5a47d35353c8a9162d9837c7eaa0cce9]
Frame[00] D2 Stack_SHA1_Hash_Mod_Func: [0xc]
Frame[00] STR Stack_SHA1_Hash_Mod_Func_Offset: [017ac7bc3713bf3daa58b6c77993d92bd97bca22]
Frame[00] D2 Stack_SHA1_Hash_Mod_Func_Offset: [0xc]
Frame[00] STR FrameGroupHash: [05722e3f86d53818588d17be58f28543a2638116]
Frame[00] D2 FrameGroupHash: [0x9]
Frame[0a] STR FrameGroupHash: [7ea492feb1419c00d39d38bbc95ba05900031a09]
Frame[0a] D2 FrameGroupHash: [0xa]
Frame[0b] STR FrameGroupHash: [0b0cefc38e6086cebb12d6063da67f39c688ae78]
Frame[0b] D2 FrameGroupHash: [0xb]
Frame[00] D1 Number_of_Unique_Stack_Modules: [0x3]
Frame[0a] CompleteStackWalk
Frame[00] Is_UIThread
Frame[00] D1 Thread_LastStatus: [0xc0000034]
Frame[00] D1 ThreadLocale: [0x413]
Frame[00] D1 BadReadAddress: [0xffffffffffffffff]
Frame[00] D1 MinusOne_READ: [0xffffffffffffffff]
Frame[00] D1 Number_of_Stack_Frames: [0xc]
Frame[00] D1 Bad_Frame_Count: [0x0]
Frame[00] D1 Ignored_Frame_Count: [0x0]
Frame[00] D1 Frames_not_in_stack_range: [0x0]
Frame[00] NotSysEnter
Frame[00] Is_ManagedThread
Frame[00] Is_SuspectHighUserTime
Frame[00] Is_DefiniteHighUserTime
Frame[00] Is_SuspectHighKernelTime
Frame[00] D1 Arch_AX_Register: [0x000001b4c0c14080]
Frame[00] null_Arch_BX
Frame[00] D1 Arch_CX_Register: [0xfeeefeeefeeefeee]
Frame[00] null_Arch_DX
Frame[00] D1 near_null_Arch_SI: [0x0000000000000001]
Frame[00] D1 Arch_DI_Register: [0xfeeefeeefeeefeee]
Frame[00] D1 stackaddr_SP: [0x0000002bfa5ff8f0]
Frame[00] null_Arch_BP
Frame[00] D1 LoadedModule_Arch_IP: [0x00007ff6a3c10986]
Frame[00] D1 loadedmodule_msr_r8: [0x00007ff6a49d0f00]
Frame[00] D1 loadedmodule_msr_r9: [0x00007ff6a49d0f20]
Frame[00] D1 msr_r10: [0x000001b4ce710000]
Frame[00] D1 stackaddr_msr_r11: [0x0000002bfa5ff950]
Frame[00] D1 loadedmodule_msr_r12: [0x00007ff6a49d0f00]
Frame[00] NULL_msr_r13
Frame[00] NULL_msr_r14
Frame[00] D1 loadedmodule_msr_r15: [0x00007ff6a49d0f20]
Frame[00] D1 Instruction_Pointer: [0x00007ff6a3c10986]
Frame[00] D1 read_Arch_CX: [0xfeeefeeefeeefeee]
Frame[00] D1 Stack_Attribute_Extraction_Time_(ms): [0x20]

Frame[00]  Triage Symbol: [godot_windows_template_debug_x86_64_mono!__RTDynamicCast+0x46]
Frame[01]  Triage Symbol: [godot_windows_template_debug_x86_64_mono!CSharpLanguage::_instance_binding_reference_callback+0x6e]
Frame[02]  Triage Symbol: [godot_windows_template_debug_x86_64_mono!RefCounted::unreference+0xe6]
Frame[03]  Triage Symbol: [godot_windows_template_debug_x86_64_mono!Ref<StyleBox>::unref+0x16]
Frame[04]  Triage Symbol: [godot_windows_template_debug_x86_64_mono!ThemeDB::`scalar deleting destructor'+0x74]
Frame[05]  Triage Symbol: [godot_windows_template_debug_x86_64_mono!Main::cleanup+0x2a3]
Frame[06]  Triage Symbol: [godot_windows_template_debug_x86_64_mono!widechar_main+0x1c3]
Frame[07]  Triage Symbol: [godot_windows_template_debug_x86_64_mono!_main+0x47]
Frame[08]  Triage Symbol: [godot_windows_template_debug_x86_64_mono!main+0x9]
Frame[09]  Triage Symbol: [godot_windows_template_debug_x86_64_mono!__scrt_common_main_seh+0x106]
Frame[0a]  Triage Symbol: [KERNEL32!BaseThreadInitThunk+0x14]
Frame[0b]  Triage Symbol: [ntdll!RtlUserThreadStart+0x21]

-1 Id: 290c.ffffffff
Frame[00] PSEUDO_THREAD
Frame[00] SINGLE_INSTRUCTION_PSEUDO_THREAD

Frame[00]  Triage Symbol: [godot_windows_template_debug_x86_64_mono!__RTDynamicCast+0x46]

-1 Id: 290c.ffffffff
Frame[00] PSEUDO_THREAD

PRIMARY_PROBLEM_CLASS: APPLICATION_FAULT

PROBLEM_CLASSES:

ID:     [0n329]
Type:   [@ACCESS_VIOLATION]
Class:  Addendum
Scope:  BUCKET_ID
Name:   Omit
Data:   Omit
PID:    [Unspecified]
TID:    [0x5688]
Frame:  [0] : godot_windows_template_debug_x86_64_mono!__RTDynamicCast

ID:     [0n301]
Type:   [INVALID_POINTER_READ]
Class:  Primary
Scope:  DEFAULT_BUCKET_ID (Failure Bucket ID prefix)
        BUCKET_ID
Name:   Add
Data:   Omit
PID:    [Unspecified]
TID:    [0x5688]
Frame:  [0] : godot_windows_template_debug_x86_64_mono!__RTDynamicCast

LAST_CONTROL_TRANSFER: from 00007ff6a11dde7e to 00007ff6a3c10986

STACK_TEXT:
0000002bfa5ff8f0 00007ff6a11dde7e : 000001b4e54a6380 0000000000000000 0000000000000001 000001b4ce710000 : godot_windows_template_debug_x86_64_mono!__RTDynamicCast+0x46
0000002bfa5ff970 00007ff6a34a0d26 : 000001b4e79dae40 000001b4e79dae40 00000000ffffff01 0000000000000001 : godot_windows_template_debug_x86_64_mono!CSharpLanguage::_instance_binding_reference_callback+0x6e
0000002bfa5ff9b0 00007ff6a19c7da6 : 0000000000000000 000001b4e39775e0 00000000ffffffff 0000000000000000 : godot_windows_template_debug_x86_64_mono!RefCounted::unreference+0xe6
0000002bfa5ff9f0 00007ff6a1aa0964 : 0000000000000002 00007ff6a341c5e1 000001b4e3977450 000001b400000000 : godot_windows_template_debug_x86_64_mono!Ref::unref+0x16
0000002bfa5ffa20 00007ff6a0d17793 : 000001b4e3977450 00000000ffffffff 0000000000000000 0000000000000002 : godot_windows_template_debug_x86_64_mono!ThemeDB::scalar deleting destructor'+0x74 0000002bfa5ffa60 00007ff6a0cd65c3 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : godot_windows_template_debug_x86_64_mono!Main::cleanup+0x2a3 0000002bfa5ffad0 00007ff6a0cd63e7 : 000001b400000001 0000002bfa5ffe80 0000000000000000 000001b4ce73b990 : godot_windows_template_debug_x86_64_mono!widechar_main+0x1c3 0000002bfa5ffe50 00007ff6a0cd6639 : 000001b400000001 000000000000000a 0000000000000000 00007ff6a3c71450 : godot_windows_template_debug_x86_64_mono!_main+0x47 0000002bfa5ffe80 00007ff6a3c0f686 : 000000000000000a 00007ff6a3c0f6fd 0000000000000000 0000000000000000 : godot_windows_template_debug_x86_64_mono!main+0x9 0000002bfa5ffeb0 00007ffb85e87034 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : godot_windows_template_debug_x86_64_mono!__scrt_common_main_seh+0x106 0000002bfa5ffef0 00007ffb87e62651 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : KERNEL32!BaseThreadInitThunk+0x14 0000002bfa5fff20 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x21

STACK_COMMAND: ~0s ; .cxr ; kb

FAULT_INSTR_CODE: 48018b48

FAULTING_SOURCE_LINE: D:\a_work\1\s\src\vctools\crt\vcruntime\src\eh\rtti.cpp

FAULTING_SOURCE_FILE: D:\a_work\1\s\src\vctools\crt\vcruntime\src\eh\rtti.cpp

FAULTING_SOURCE_LINE_NUMBER: 223

FAULTING_SOURCE_CODE:
No source found for 'D:\a_work\1\s\src\vctools\crt\vcruntime\src\eh\rtti.cpp'

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: godot_windows_template_debug_x86_64_mono!__RTDynamicCast+46

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: godot_windows_template_debug_x86_64_mono

IMAGE_NAME: godot.windows.template_debug.x86_64.mono.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 65804e7e

FAILURE_BUCKET_ID: INVALID_POINTER_READ_c0000005_godot.windows.template_debug.x86_64.mono.exe!__RTDynamicCast

BUCKET_ID: APPLICATION_FAULT_INVALID_POINTER_READ_godot_windows_template_debug_x86_64_mono!__RTDynamicCast+46

FAILURE_EXCEPTION_CODE: c0000005

FAILURE_IMAGE_NAME: godot.windows.template_debug.x86_64.mono.exe

BUCKET_ID_IMAGE_STR: godot.windows.template_debug.x86_64.mono.exe

FAILURE_MODULE_NAME: godot_windows_template_debug_x86_64_mono

BUCKET_ID_MODULE_STR: godot_windows_template_debug_x86_64_mono

FAILURE_FUNCTION_NAME: __RTDynamicCast

BUCKET_ID_FUNCTION_STR: __RTDynamicCast

BUCKET_ID_OFFSET: 46

BUCKET_ID_MODTIMEDATESTAMP: 65804e7e

BUCKET_ID_MODCHECKSUM: 0

BUCKET_ID_MODVER_STR: 1.0.0.0

BUCKET_ID_PREFIX_STR: APPLICATION_FAULT_INVALID_POINTER_READ_

FAILURE_PROBLEM_CLASS: APPLICATION_FAULT

FAILURE_SYMBOL_NAME: godot.windows.template_debug.x86_64.mono.exe!__RTDynamicCast

OS_VERSION: 10.0.19041.1

OS_MAJOR: 10

OS_MINOR: 0

OS_BUILD: 19041

OS_REVISION: 1

BUILDDATESTAMP_STR: 191206-1406

OSBUILD_TIMESTAMP: 2019-12-06T14:06:00Z

BUILDLAB_STR: vb_release

OS_BUILD_STRING: 19041.1.amd64fre.vb_release.191206-1406

BUILDFLAVOR_STR: Checked

TARGET_TIME: 2023-12-18T15:31:43.000Z

OSSERVICEPACK: 0

OSPLATFORM_TYPE: x64

OSNAME: Windows 10

OSEDITION: Windows 10 WinNt SingleUserTS

SYSINFO:




FA_ADHOC:

<EXCEPTION_PARAMETER1>0</EXCEPTION_PARAMETER1>
<EXCEPTION_PARAMETER2>-1</EXCEPTION_PARAMETER2>
<BUILDFLAVOR_STR>Checked</BUILDFLAVOR_STR>
<OSPLATFORM_TYPE>x64</OSPLATFORM_TYPE>
<FAULTING_SOURCE_LINE>D:\a_work\1\s\src\vctools\crt\vcruntime\src\eh\rtti.cpp</FAULTING_SOURCE_LINE>
<FAULTING_SOURCE_FILE>D:\a_work\1\s\src\vctools\crt\vcruntime\src\eh\rtti.cpp</FAULTING_SOURCE_FILE>
<FAULTING_SOURCE_LINE_NUMBER>223</FAULTING_SOURCE_LINE_NUMBER>

IMAGE_VERSION: 1.0.0.0

ANALYSIS_SESSION_ELAPSED_TIME: 1159

ANALYSIS_SOURCE: UM

FAILURE_ID_HASH_STRING: um:invalid_pointer_read_c0000005_godot.windows.template_debug.x86_64.mono.exe!__rtdynamiccast

FAILURE_ID_HASH: {d8196158-cea0-ee0f-f03f-920a1415fe09}

Followup: MachineOwner

@YuriSizov
Copy link
Contributor

I have removed the function from my game. But I still get this error. Now I do NOT have any more C# stylebox references. Can you look into what else is happening. These are the logs

It's still the same stack trace, so it's still related to C# scripts and styleboxes. I'll check the MRP and let you know what can be done.

@Benardus
Copy link
Author

Benardus commented Dec 18, 2023
edited
Loading

Thanks i'll await your results. The only other styleboxes I have are set in the inspector, like so:

afbeelding

@Benardus
Copy link
Author

Benardus commented Dec 24, 2023
edited
Loading

Update

Since removing all references in C# to styleboxes did not resolve my issue, I have taken the time to remove all styleboxes that I set in the inspector everywhere in my project. This has resolved the memory access violation. So I would suggest altering the title of this issue to something like: Crash on exit with Stylebox reference in Godot inspector AND/OR reference in C# scripts. Because it happens with either or. Hope this helps!

@Zireael07
Copy link
Contributor

This is your own issue, you can edit the title yourself ;)

@Benardus Benardus changed the title Crash on exit with a StyleBox referenced in C# scripts Crash on exit with a StyleBox configured in Godot Inspector or referenced in C# scripts Dec 24, 2023
@YuriSizov YuriSizov self-assigned this Jan 14, 2024
@jyapayne
Copy link

jyapayne commented Jan 20, 2024
edited
Loading

I have encountered this issue as well. I was able to work around the issue by either doing all stylebox-related work in GDScript, or by calling .Unreference() and .Dispose() on the stylebox object manually in the code.

@Benardus
Copy link
Author

Benardus commented Jan 20, 2024
edited
Loading

Yes I agree, it has to be managed very carefully via code, be it GDscript or C#.

The problem is twofold:

  1. Assigning styleboxes via code: Any stylebox referenced with code needs to be manually removed, this is manageable, albeit a bit unintuitive for non-memory managing languages. Especially since the Godot engine does take care of many other things itself (disconnecting signals, removing nodes etc). It would be ideal if GetTree().Quit() could manage this gracefully.

  2. Assigning styleboxes via the editor: This is the biggest danger of this bug. Users of the editor will assign many things (nodes, settings, etc). Nearly all of these do not require the user to manually remove them via code, except for this stylebox. It is also insidious as the "crash" isn't noticeable (most of the time it is a slight delay on quitting). It isn't until you start digging in error logs that you find out something is seriously wrong. This is dangerous. You allow users to set this stylebox in the editor, but they need to remove it via code of which they are not informed, errors do not tell them this and it is unintuitive when nearly all other settings via the editor do not require this extra care. This will create serious complaints.

Solutions:
A) Rewrite GetTree().Quit() to allow it to gracefully remove these references or atleast not cause a memory access violation when quitting.
B) Remove the ability to assign styleboxes in the editor, because you're going to have to manage them via code anyways. This is more of a workaround and people setting the styleboxes via code still need to go out of their way to remove the reference which almost no other setting/node/resource requires explicitely without good error logging.
C) Print an error to the OS error log that informs the user that a stylebox was not unreferenced and caused a memory access violation. Also inform them that they need to unreference all styleboxes set in either the editor or via code, through C# or GDscript.

@Benardus
Copy link
Author

I see this issue is assigned to Yuri but I believe he is not part of the Godot Team anymore? Who will be actively picking up this ticket?

@Benardus
Copy link
Author

After dedicating significant time and effort to this issue over the past three months, it has become clear that this issue seemingly isn't a priority at this time. While I understand the challenges and constraints that the Godot team has, I've decided to close this ticket to effectively focus my time on our commercial project. I would like my challenges and time constraints to be equally respected. I understand that Godot 3 would be more stable for a commercial project, but it wasn't viable for us and it doesn't change how this has been handled.

I hope that, in the future, there can be more communication about intent and priority, especially for those of us relying on this engine for commercial projects.

@akien-mga
Copy link
Member

This is still an issue that needs to be solved, so unless it's no longer reproducible, it shouldn't be closed. The need of fixing engine issues isn't scoped only to the original reporter / your project, other users might have the same issue and did not report it, or are waiting for this issue to be solved.

As for priorities, we do our best with very limited resources. It will be fixed eventually. If you absolutely need it fixed today, you can look to hire a consultant that would be able to fix it for you (and ideally contribute the fix back upstream via a PR).

@akien-mga akien-mga reopened this Feb 22, 2024
@akien-mga
Copy link
Member

akien-mga commented Feb 22, 2024
edited
Loading

I tested the MRP from #86229 (comment) and was able to reproduce the crash on Linux (Fedora 39), albeit with difficulty. It took me around 20 attempts to get it to crash following the steps to reproduce.

I confirmed the crash both with 4.2.1.stable.mono and a custom editor build from the master branch, 4.3.dev.mono (9c626b6). Compiled with scons dev_build=yes dev_mode=yes linked=mold scu_build=all module_mono_enabled=yes and dotnet-sdk-8.0 (8.0.101).

Stacktrace:

Thread 1 "godot.linuxbsd." received signal SIGSEGV, Segmentation fault.
0x00000000079210ff in __dynamic_cast ()
(gdb) bt
#0  0x00000000079210ff in __dynamic_cast ()
#1  0x00000000031d1728 in Object::cast_to<RefCounted> (p_object=0xd850100) at ./core/object/object.h:797
#2  0x0000000003a482ab in CSharpLanguage::_instance_binding_reference_callback (p_token=0xb832be0, p_binding=0xbe5c960, p_reference=0 '\000') at modules/mono/csharp_script.cpp:1338
#3  0x0000000007495fdf in Object::_instance_binding_reference (this=0xd852940, p_reference=false) at ./core/object/object.h:682
#4  0x0000000007484050 in RefCounted::unreference (this=0xd852940) at ./core/object/ref_counted.cpp:89
#5  0x000000000312275d in Ref<StyleBox>::unref (this=0xb73fba0) at ./core/object/ref_counted.h:209
#6  0x0000000006315226 in ThemeDB::~ThemeDB (this=0xb73fa00, __in_chrg=<optimized out>) at scene/theme/theme_db.cpp:469
#7  0x0000000002bd3178 in memdelete<ThemeDB> (p_class=0xb73fa00) at ./core/os/memory.h:116
#8  0x0000000002badf36 in finalize_theme_db () at main/main.cpp:377
#9  0x0000000002bcaee2 in Main::cleanup (p_force=false) at main/main.cpp:4149
#10 0x0000000002b0aa9a in main (argc=1, argv=0x7fffffffd828) at platform/linuxbsd/godot_linuxbsd.cpp:8

Which is quite similar to the WinDbg one on #86229 (comment)

It's not clear to me whether it's ThemeDB's destructor doing something wrong, or CSharpLanguage's hold on instances.

CC @godotengine/dotnet

@raulsntos raulsntos mentioned this issue Jun 14, 2024
Merged
@akien-mga akien-mga added this to the 4.4 milestone Aug 19, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug confirmed crash topic:core topic:dotnet topic:export topic:gui
Projects
None yet
Milestone
4.4
Development

Successfully merging a pull request may close this issue.

C#: Clear instance bindings callbacks on finalizing the language raulsntos/godot
8 participants
@jyapayne @Chaosus @Zireael07 @akien-mga @rsubtil @YuriSizov @AThousandShips @Benardus