Bug 5079 - Crash with "Hunk_FreeTempMemory: bad magic"
Status: RESOLVED FIXED
Alias: None
Product: ioquake3
Classification: Unclassified
Component: Misc
Version: GIT MASTER
Hardware: PC Linux
: P3 major
Assignee: Zachary J. Slater
QA Contact: ioquake3 bugzilla mailing list
URL:
Depends on:
Blocks:
 
Reported: 2011-07-14 20:20 EDT by blob
Modified: 2011-07-18 13:44:05 EDT
1 user (show)

See Also:


Description blob 2011-07-14 20:20:11 EDT 
This bug was found while testing the current HEAD (r2080) and
is present since r2077.

Compiled for x86_64 under Linux with the following options:

make USE_CURL=1 USE_OPENAL=0 USE_CODEC_VORBIS=1 USE_MUMBLE=0 USE_VOIP=0

I started the game in single player mode after a fresh install
and it worked well (on q3dm0) but crashed while loading q3dm1
and subsequent maps.

Relevant log:

Loading vm file vm/ui.qvm...
File "vm/ui.qvm" found in "./baseq3/pak8.pk3"
VM file ui compiled to 991322 bytes of code
ui loaded in 1688544 bytes on the hunk
35 arenas parsed
32 bots parsed
Loading vm file vm/cgame.qvm...
File "vm/cgame.qvm" found in "./baseq3/pak8.pk3"
VM file cgame compiled to 1247885 bytes of code
cgame loaded in 4993536 bytes on the hunk
stitched 0 LoD cracks
...loaded 1942 faces, 113 meshes, 42 trisurfs, 0 flares
^3WARNING: Failed to load sound sound/player/announce/test.wav!
^3WARNING: could not find sound/player/announce/test.wav - using default
CL_InitCGame:  0.79 seconds
182 msec to draw all images
Com_TouchMemory: 0 msec
----- Client Shutdown (Client fatal crashed: Hunk_FreeTempMemory: bad magic) --
RE_Shutdown( 1 )
Closing SDL audio device...
SDL audio device shut down.
-----------------------
----- Server Shutdown (Server fatal crashed: Hunk_FreeTempMemory: bad magic) --
==== ShutdownGame ====
AAS shutdown.
---------------------------
Hunk_FreeTempMemory: bad magic
Comment 1 Thilo Schulz 2011-07-15 07:38:46 EDT 
Thanks for reporting. I think I know what's causing it and I introduced this bug because I was going off wrong assumptions. Hunk_FreeTempMemory can only free memory in a LIFO order as someone pointed out to me on IRC. I'll fix this when I get around to this.
Comment 2 Thilo Schulz 2011-07-15 10:44:25 EDT 
ok, it should be fixed in r2081
Comment 3 blob 2011-07-15 20:18:21 EDT 
Thanks, it works better (it doesn't crash anymore), however
there are two new issues so I'm reopening the bug:

1) It doesn't compile anymore with USE_VOIP=0

2) In single player mode, q3dm1 and q3dm2 (and probably other maps)
start with the bot and player somehow "merged" at the same respawn
location, as if they shared the same slot. The player even gets the
skin and the bot's name. r2076 also didn't have this issue.
Comment 4 Thilo Schulz 2011-07-16 06:03:18 EDT 
Can you elaborate please how to reproduce this?
Comment 5 blob 2011-07-16 08:17:48 EDT 
Sure, actually it happens on any map in any mode (SP or MP) with
bots, *except* on q3dm0 which makes me think it's related to the
Hunk_FreeTempMemory problem. All you need is to start a game from
the main menu.

It also doesn't happen if you start a map with the /map command
and add bots later.

When entering a game with bots, you start stuck into a wall at
some random location. Displaying scores from that point on show
you as another player (as Phobos on q3dm2 for instance). If you
try to move, you respawn elsewhere. Until you die the first time,
controls are mixed up (going forward strafes to the right etc).
The bot you replace is invisible. Its frags are displayed instead
of yours (you still lose the game if it wins).

Restarting a map (/map_restart) solves the issue.
Comment 6 blob 2011-07-17 11:46:59 EDT 
After some extensive pla^Wtesting, I found that a few other maps
worked well or mostly:

q3dm0 - ok
q3tourney2 - ok
q3dm7 - ok
q3dm8 - depends on the first spawn point
q3dm9 - ok
q3dm10 - ok
q3tourney4 - depends on the first spawn point
q3dm13 - ok
q3dm15 - ok
q3dm17 - ok

The above maps work in r2080 every time except q3dm8 and q3tourney4,
which occasionally trigger Hunk_FreeTempMemory crashes. I never get
what I described in comment #5.

The same maps in r2081 also work well, again except for q3dm8 and
q3tourney4, which seem to act as in comment #5 depending on the
first spawn point.

On q3tourney4 in particular, where the first spawn point doesn't
change much (usually the center room), both r2080 and r2081 work
properly. When it's elsewhere, r2080 will usually crash while
r2081 acts as in comment #5.

I also reproduced this bug on a 32 bit Linux machine with Ubuntu,
although not as pronounced, most maps start with the player partly
fused to the ground, others with the exact same issues as above.

On this machine, some maps get loaded in a loop until interrupted
by an overflow message:

File "vm/cgame.qvm" found in "./baseq3/pak8.pk3"
VM file cgame compiled to 1320692 bytes of code
cgame loaded in 4593920 bytes on the hunk
stitched 0 LoD cracks
...loaded 1513 faces, 109 meshes, 22 trisurfs, 6 flares
CL_InitCGame:  1.18 seconds
4 msec to draw all images
Com_TouchMemory: 0 msec
********************
ERROR: Client command overflow
********************
----- Server Shutdown (Server crashed: Client command overflow) -----
==== ShutdownGame ====
AAS shutdown.
---------------------------
----- FS_Startup -----

When it happens, I can see bots faces displayed twice during
loading. This can be reproduced almost every time on all maps
in skirmish/FFA mode. On q3tourney4, the game actually loads
anarki twice (and it works properly with an extra bot).

Anyway, none of the above can be reproduced with r2076 which
seems to work perfectly.
Comment 7 Thilo Schulz 2011-07-18 10:24:14 EDT 
Fixed r2089
Comment 8 blob 2011-07-18 13:44:05 EDT 
Tested on my two computers, works great, thanks!