2021-04-23 11:18 CEST

View Issue Details Jump to Notes ]
IDProjectCategoryView StatusLast Update
0001750Spring engineGeneralpublic2010-01-17 16:43
ReporterSirMaverick 
Assigned Totvo 
PrioritynormalSeveritycrashReproducibilityalways
StatusresolvedResolutionfixed 
Product Version0.80.5 
Target VersionFixed in Version0.81.0.0 
Summary0001750: segfault in LosMap
DescriptionProgram received signal SIGSEGV, Segmentation fault.
0x086fe13b in CLosMap::AddMapSquares (this=0xa542f74, squares=..., amount=-1)
    at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/Sim/Misc/LosMap.cpp:48
48 map[*lsi] += amount;
TagsNo tags attached.
Checked infolog.txt for Errors
Attached Files
  • txt file icon backtraces.txt (6,180 bytes) 2010-01-03 16:05 -
    Program received signal SIGSEGV, Segmentation fault.
    0x0837751b in CGameHelper::GetUnitErrorPos (this=0x944a260, unit=0xfabe870, 
        allyteam=1)
        at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/Game/GameHelper.cpp:880
    880                     pos += unit->posErrorVector * radarhandler->radarErrorSize[allyteam];
    
    (gdb) bt
    #0  0x0837751b in CGameHelper::GetUnitErrorPos (this=0x944a260, 
        unit=0xfabe870, allyteam=1)
        at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/Game/GameHelper.cpp:880
    #1  0x0888947a in CWeapon::AttackUnit (this=0x1298bd88, unit=0xfabe870, 
        userTarget=true)
        at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/Sim/Weapons/Weapon.cpp:491
    #2  0x088b0a89 in CBombDropper::AttackUnit (this=0x1298bd88, unit=0xfabe870, 
        userTarget=true)
        at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/Sim/Weapons/bombdropper.cpp:144
    #3  0x087f1831 in CUnit::AttackUnit (this=0x131b9cc8, unit=0xfabe870, 
        dgun=false)
        at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/Sim/Units/Unit.cpp:1428
    #4  0x0885da25 in CAirCAI::ExecuteAttack (this=0x12c30c48, c=...)
        at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/Sim/Units/CommandAI/AirCAI.cpp:507
    #5  0x088649d8 in CCommandAI::SlowUpdate (this=0x12c30c48)
        at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/Sim/Units/CommandAI/CommandAI.cpp:1221
    #6  0x0883b9c3 in CMobileCAI::Execute (this=0x12c30c48)
        at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/Sim/Units/CommandAI/MobileCAI.cpp:420
    #7  0x0885ef11 in CAirCAI::SlowUpdate (this=0x12c30c48)
        at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/Sim/Units/CommandAI/AirCAI.cpp:290
    #8  0x088654b7 in CCommandAI::GiveAllowedCommand (this=0x12c30c48, c=..., 
        fromSynced=true)
        at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/Sim/Units/CommandAI/CommandAI.cpp:724
    #9  0x0883c4f8 in CMobileCAI::GiveCommandReal (this=0x12c30c48, c=..., 
        fromSynced=false)
        at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/Sim/Units/CommandAI/MobileCAI.cpp:279
    #10 0x088655a5 in CCommandAI::GiveCommand (this=0x12c30c48, c=..., 
        fromSynced=false)
        at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/Sim/Units/CommandAI/CommandAI.cpp:474
    #11 0x082da2d5 in CSelectedUnitsAI::SelectAttack (this=0x8bb5d20, cmd=..., 
        player=2)
        at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/Game/SelectedUnitsAI.cpp:494
    #12 0x082db143 in CSelectedUnitsAI::GiveCommandNet (this=0x8bb5d20, c=..., 
        player=2)
        at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/Game/SelectedUnitsAI.cpp:107
    #13 0x0838b0ac in CSelectedUnits::NetOrder (this=0x8bb6580, c=..., playerID=2)
        at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/Game/SelectedUnits.cpp:462
    #14 0x0833e381 in CGame::ClientReadNet (this=0x943a2e8)
        at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/Game/Game.cpp:3833
    #15 0x08341d84 in CGame::Update (this=0x943a2e8)
        at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/Game/Game.cpp:2839
    #16 0x088bee09 in SpringApp::Update (this=0xbffff500)
        at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/System/SpringApp.cpp:849
    #17 0x088c70d9 in SpringApp::Run (this=0xbffff500, argc=2, argv=0xbffff5e4)
        at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/System/SpringApp.cpp:977
    #18 0x088f4511 in Run (argc=2, argv=0xbffff5e4)
        at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/System/Main.cpp:111
    #19 0x088f456c in main (argc=Cannot access memory at address 0x4)
        at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/System/Main.cpp:127
    
    --------------------
    
    Program received signal SIGSEGV, Segmentation fault.
    0x0837e3ae in CLosMap::At (this=0xa14dc68, x=41, y=62)
        at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/Sim/Misc/LosMap.h:31
    31                      return map[y * size.x + x];
    (gdb) bt
    #0  0x0837e3ae in CLosMap::At (this=0xa14dc68, x=41, y=62)
        at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/Sim/Misc/LosMap.h:31
    #1  0x087fc07e in CLosHandler::InLos (this=0x9d0fbe8, unit=0xfb955f8, 
        allyTeam=0)
        at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/Sim/Misc/LosHandler.h:89
    #2  0x087ef9c3 in CUnit::CalcLosStatus (this=0xfb955f8, at=0)
        at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/Sim/Units/Unit.cpp:646
    #3  0x08806a44 in CUnit::UpdateLosStatus (this=0xfb955f8, at=0)
        at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/Sim/Units/Unit.cpp:675
    #4  0x087f69df in CUnit::SlowUpdate (this=0xfb955f8)
        at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/Sim/Units/Unit.cpp:693
    #5  0x08809b2f in CUnitHandler::Update (this=0xa15f440)
        at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/Sim/Units/UnitHandler.cpp:292
    #6  0x08336ff6 in CGame::SimFrame (this=0x91dbd78)
        at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/Game/Game.cpp:3505
    #7  0x0833e14b in CGame::ClientReadNet (this=0x91dbd78)
        at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/Game/Game.cpp:3804
    #8  0x08341d84 in CGame::Update (this=0x91dbd78)
        at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/Game/Game.cpp:2839
    #9  0x088bee09 in SpringApp::Update (this=0xbffff500)
        at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/System/SpringApp.cpp:849
    #10 0x088c70d9 in SpringApp::Run (this=0xbffff500, argc=2, argv=0xbffff5e4)
        at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/System/SpringApp.cpp:977
    #11 0x088f4511 in Run (argc=2, argv=0xbffff5e4)
        at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/System/Main.cpp:111
    #12 0x088f456c in main (argc=1088, argv=0x441)
        at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/System/Main.cpp:127
    
    
    txt file icon backtraces.txt (6,180 bytes) 2010-01-03 16:05 +
  • bz2 file icon local_20091204_051732_unnamed_0.80.5.sdf.bz2 (1,717,961 bytes) 2010-01-03 16:05

-Relationships
related to 0001766resolvedtvo SIGSEGV via FeatureHandler.cpp 
related to 0001602resolvedtvo Segfault, with replay causing the segfault. 
+Relationships

-Notes

~0004402

SirMaverick (reporter)

(gdb) bt
#0 0x086fe13b in CLosMap::AddMapSquares (this=0xa542f74, squares=..., amount=-1)
    at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/Sim/Misc/LosMap.cpp:48
#1 0x086dfd9e in CLosHandler::CleanupInstance (this=0x9af12b8, instance=0xda68960)
    at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/Sim/Misc/LosHandler.cpp:246
#2 0x086dfe27 in CLosHandler::FreeInstance (this=0x9af12b8, instance=0xda68960)
    at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/Sim/Misc/LosHandler.cpp:194
0000003 0x086e0a9e in CLosHandler::MoveUnit (this=0x9af12b8, unit=0xd4867c8, redoCurrent=false)
    at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/Sim/Misc/LosHandler.cpp:152
0000004 0x08712028 in CAirMoveType::SlowUpdate (this=0x998bb88)
    at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/Sim/MoveTypes/AirMoveType.cpp:421
0000005 0x087f6e44 in CUnit::SlowUpdate (this=0xd4867c8)
    at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/Sim/Units/Unit.cpp:761
#6 0x08809b2f in CUnitHandler::Update (this=0x9cf9608)
    at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/Sim/Units/UnitHandler.cpp:292
#7 0x08336ff6 in CGame::SimFrame (this=0x9137bb0)
    at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/Game/Game.cpp:3505
#8 0x0833e14b in CGame::ClientReadNet (this=0x9137bb0)
    at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/Game/Game.cpp:3804
#9 0x08341d84 in CGame::Update (this=0x9137bb0)
    at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/Game/Game.cpp:2839
0000010 0x088bee09 in SpringApp::Update (this=0xbffff470)
    at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/System/SpringApp.cpp:849
#11 0x088c70d9 in SpringApp::Run (this=0xbffff470, argc=2, argv=0xbffff554)
    at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/System/SpringApp.cpp:977
0000012 0x088f4511 in Run (argc=2, argv=0xbffff554)
    at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/System/Main.cpp:111
0000013 0x088f456c in main (argc=1088, argv=0x441)
    at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/System/Main.cpp:127

~0004461

tvo (reporter)

Could you attach replay and/or explain how this is reproducable, since you marked it as always reproducable?

~0004467

SirMaverick (reporter)

Last edited: 2010-01-03 16:47

Replay attached (happens at end, 1:25h in game). I run the demo several times -> different backtraces but all at the same moment. Memory corruption?

~0004497

tvo (reporter)

Replay spams errors like this:

[ 18692] LuaRules::RunCallIn: error = 2, RecvFromSynced, [string "LuaRules/Gadgets/lups_nano_spray.lua"]:469: attempt to index upvalue 'Lups' (a nil value)

Is that to be expected? (i.e. known bug?)

Also input box was invisible, font errors, etc.



Anyway, replay crashed here for me, right after end of demo was reached.

Program received signal SIGSEGV, Segmentation fault.
CFeatureHandler::UpdateDraw (this=<value optimized out>) at /home/tobi/wd/spring/repo/rts/Sim/Features/FeatureHandler.cpp:529
529 UpdateDrawQuad(*i);
(gdb) bt
#0 CFeatureHandler::UpdateDraw (this=<value optimized out>) at /home/tobi/wd/spring/repo/rts/Sim/Features/FeatureHandler.cpp:529
#1 0x080dcb4c in CGame::Draw (this=<value optimized out>) at /home/tobi/wd/spring/repo/rts/Game/Game.cpp:3116
#2 0x084a41fd in SpringApp::Update (this=<value optimized out>) at /home/tobi/wd/spring/repo/rts/System/SpringApp.cpp:889
0000003 0x084a9fa5 in SpringApp::Run (this=<value optimized out>, argc=<value optimized out>, argv=<value optimized out>)
    at /home/tobi/wd/spring/repo/rts/System/SpringApp.cpp:977
0000004 0x08491cd3 in Run (argc=<value optimized out>, argv=<value optimized out>) at /home/tobi/wd/spring/repo/rts/System/Main.cpp:64
0000005 0x0849214b in main (argc=<value optimized out>, argv=<value optimized out>) at /home/tobi/wd/spring/repo/rts/System/Main.cpp:127

~0004499

imbaczek (reporter)

i've seen such lua errors after lua state has been corrupted.

~0004502

tvo (reporter)

Confirmed lua state is corrupted:

End of demo reached
LuaRules::RunCallIn: error = 2, RecvFromSynced, [string "LuaRules/Gadgets/lups_flame_jitter.lua"]:191: attempt to compare ???kt?????kt??v?? lt ? with number

Program received signal SIGSEGV, Segmentation fault.
CFeatureHandler::Update (this=<value optimized out>) at /home/tobi/wd/spring/repo/rts/Sim/Features/FeatureHandler.cpp:463
463 CFeatureSet::iterator it = activeFeatures.find(toBeRemoved.back());
Missing separate debuginfos, use: debuginfo-install libxcb-1.5-1.fc12.i686
(gdb) bt
#0 CFeatureHandler::Update (this=<value optimized out>) at /home/tobi/wd/spring/repo/rts/Sim/Features/FeatureHandler.cpp:463
#1 0x080d7712 in CGame::SimFrame (this=<value optimized out>) at /home/tobi/wd/spring/repo/rts/Game/Game.cpp:3514
#2 0x080ec19c in CGame::ClientReadNet (this=<value optimized out>) at /home/tobi/wd/spring/repo/rts/Game/Game.cpp:3804
0000003 0x080f01fa in CGame::Update (this=<value optimized out>) at /home/tobi/wd/spring/repo/rts/Game/Game.cpp:2839
0000004 0x084b354a in SpringApp::Update (this=<value optimized out>) at /home/tobi/wd/spring/repo/rts/System/SpringApp.cpp:849
0000005 0x084b9755 in SpringApp::Run (this=<value optimized out>, argc=<value optimized out>, argv=<value optimized out>)
    at /home/tobi/wd/spring/repo/rts/System/SpringApp.cpp:977
#6 0x084a0b43 in Run (argc=<value optimized out>, argv=<value optimized out>) at /home/tobi/wd/spring/repo/rts/System/Main.cpp:64
#7 0x084a0fbb in main (argc=<value optimized out>, argv=<value optimized out>) at /home/tobi/wd/spring/repo/rts/System/Main.cpp:127
(gdb)

~0004503

tvo (reporter)

A memory allocation unit was corrupt because of an overrun:
  Address (reported): 0x0d377a78
  Address (actual) : 0x0d3779f8
  Size (reported) : 0x00000FA0 ( 4,000 ( 3.91K))
  Size (actual) : 0x000010A0 ( 4,256 ( 4.16K))
  Owner : QuadField.cpp(66)::CQuadField
  Allocation type : new[]
  Allocation number : 2309714

This suggests it's this bug, so it's fixed already for next release:

http://github.com/spring/spring/commit/f0d7b0439a952b365253b351e7d8ff7bba238dcd

It tends to crash often in CFeatureHandler because CFeatureHandler is allocated right after CQuadField (see Game.cpp)
+Notes

-Issue History
Date Modified Username Field Change
2009-12-04 19:11 SirMaverick New Issue
2009-12-04 19:11 SirMaverick Note Added: 0004402
2009-12-30 14:46 tvo Note Added: 0004461
2009-12-30 14:47 tvo Status new => feedback
2010-01-03 16:05 SirMaverick File Added: backtraces.txt
2010-01-03 16:05 SirMaverick File Added: local_20091204_051732_unnamed_0.80.5.sdf.bz2
2010-01-03 16:10 SirMaverick Note Added: 0004467
2010-01-03 16:47 SirMaverick Note Edited: 0004467
2010-01-16 13:26 tvo Note Added: 0004497
2010-01-16 13:32 tvo Status feedback => confirmed
2010-01-17 10:08 imbaczek Note Added: 0004499
2010-01-17 16:15 tvo Note Added: 0004502
2010-01-17 16:42 tvo Note Added: 0004503
2010-01-17 16:43 tvo Status confirmed => resolved
2010-01-17 16:43 tvo Fixed in Version => 0.81.0.0
2010-01-17 16:43 tvo Resolution open => fixed
2010-01-17 16:43 tvo Assigned To => tvo
2010-01-17 16:45 tvo Relationship added related to 0001766
2010-01-17 16:46 tvo Relationship added related to 0001602
+Issue History