View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0001750Spring engineGeneralpublic2009-12-04 19:112010-01-17 16:43
ReporterSirMaverick Assigned Totvo  
PrioritynormalSeveritycrashReproducibilityalways
Status resolvedResolutionfixed 
Product Version0.80.5 
Fixed in Version0.81.0.0 
Summary0001750: segfault in LosMap
DescriptionProgram received signal SIGSEGV, Segmentation fault.
0x086fe13b in CLosMap::AddMapSquares (this=0xa542f74, squares=..., amount=-1)
    at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/Sim/Misc/LosMap.cpp:48
48 map[*lsi] += amount;
TagsNo tags attached.
Attached Files
backtraces.txt (Attachment missing)
local_20091204_051732_unnamed_0.80.5.sdf.bz2 (Attachment missing)
Checked infolog.txt for Errors

Relationships

related to 0001766 resolvedtvo SIGSEGV via FeatureHandler.cpp 
related to 0001602 resolvedtvo Segfault, with replay causing the segfault. 

Activities

SirMaverick

2009-12-04 19:11

reporter   ~0004402

(gdb) bt
#0 0x086fe13b in CLosMap::AddMapSquares (this=0xa542f74, squares=..., amount=-1)
    at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/Sim/Misc/LosMap.cpp:48
#1 0x086dfd9e in CLosHandler::CleanupInstance (this=0x9af12b8, instance=0xda68960)
    at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/Sim/Misc/LosHandler.cpp:246
#2 0x086dfe27 in CLosHandler::FreeInstance (this=0x9af12b8, instance=0xda68960)
    at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/Sim/Misc/LosHandler.cpp:194
0000003 0x086e0a9e in CLosHandler::MoveUnit (this=0x9af12b8, unit=0xd4867c8, redoCurrent=false)
    at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/Sim/Misc/LosHandler.cpp:152
0000004 0x08712028 in CAirMoveType::SlowUpdate (this=0x998bb88)
    at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/Sim/MoveTypes/AirMoveType.cpp:421
0000005 0x087f6e44 in CUnit::SlowUpdate (this=0xd4867c8)
    at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/Sim/Units/Unit.cpp:761
#6 0x08809b2f in CUnitHandler::Update (this=0x9cf9608)
    at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/Sim/Units/UnitHandler.cpp:292
#7 0x08336ff6 in CGame::SimFrame (this=0x9137bb0)
    at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/Game/Game.cpp:3505
#8 0x0833e14b in CGame::ClientReadNet (this=0x9137bb0)
    at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/Game/Game.cpp:3804
#9 0x08341d84 in CGame::Update (this=0x9137bb0)
    at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/Game/Game.cpp:2839
0000010 0x088bee09 in SpringApp::Update (this=0xbffff470)
    at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/System/SpringApp.cpp:849
#11 0x088c70d9 in SpringApp::Run (this=0xbffff470, argc=2, argv=0xbffff554)
    at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/System/SpringApp.cpp:977
0000012 0x088f4511 in Run (argc=2, argv=0xbffff554)
    at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/System/Main.cpp:111
0000013 0x088f456c in main (argc=1088, argv=0x441)
    at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/System/Main.cpp:127

tvo

2009-12-30 14:46

reporter   ~0004461

Could you attach replay and/or explain how this is reproducable, since you marked it as always reproducable?

SirMaverick

2010-01-03 16:10

reporter   ~0004467

Last edited: 2010-01-03 16:47

 Replay attached (happens at end, 1:25h in game). I run the demo several times -> different backtraces but all at the same moment. Memory corruption?

tvo

2010-01-16 13:26

reporter   ~0004497

Replay spams errors like this:

[ 18692] LuaRules::RunCallIn: error = 2, RecvFromSynced, [string "LuaRules/Gadgets/lups_nano_spray.lua"]:469: attempt to index upvalue 'Lups' (a nil value)

Is that to be expected? (i.e. known bug?)

Also input box was invisible, font errors, etc.



Anyway, replay crashed here for me, right after end of demo was reached.

Program received signal SIGSEGV, Segmentation fault.
CFeatureHandler::UpdateDraw (this=<value optimized out>) at /home/tobi/wd/spring/repo/rts/Sim/Features/FeatureHandler.cpp:529
529 UpdateDrawQuad(*i);
(gdb) bt
#0 CFeatureHandler::UpdateDraw (this=<value optimized out>) at /home/tobi/wd/spring/repo/rts/Sim/Features/FeatureHandler.cpp:529
#1 0x080dcb4c in CGame::Draw (this=<value optimized out>) at /home/tobi/wd/spring/repo/rts/Game/Game.cpp:3116
#2 0x084a41fd in SpringApp::Update (this=<value optimized out>) at /home/tobi/wd/spring/repo/rts/System/SpringApp.cpp:889
0000003 0x084a9fa5 in SpringApp::Run (this=<value optimized out>, argc=<value optimized out>, argv=<value optimized out>)
    at /home/tobi/wd/spring/repo/rts/System/SpringApp.cpp:977
0000004 0x08491cd3 in Run (argc=<value optimized out>, argv=<value optimized out>) at /home/tobi/wd/spring/repo/rts/System/Main.cpp:64
0000005 0x0849214b in main (argc=<value optimized out>, argv=<value optimized out>) at /home/tobi/wd/spring/repo/rts/System/Main.cpp:127

imbaczek

2010-01-17 10:08

reporter   ~0004499

i've seen such lua errors after lua state has been corrupted.

tvo

2010-01-17 16:15

reporter   ~0004502

Confirmed lua state is corrupted:

End of demo reached
LuaRules::RunCallIn: error = 2, RecvFromSynced, [string "LuaRules/Gadgets/lups_flame_jitter.lua"]:191: attempt to compare ???kt?????kt??v?? lt ? with number

Program received signal SIGSEGV, Segmentation fault.
CFeatureHandler::Update (this=<value optimized out>) at /home/tobi/wd/spring/repo/rts/Sim/Features/FeatureHandler.cpp:463
463 CFeatureSet::iterator it = activeFeatures.find(toBeRemoved.back());
Missing separate debuginfos, use: debuginfo-install libxcb-1.5-1.fc12.i686
(gdb) bt
#0 CFeatureHandler::Update (this=<value optimized out>) at /home/tobi/wd/spring/repo/rts/Sim/Features/FeatureHandler.cpp:463
#1 0x080d7712 in CGame::SimFrame (this=<value optimized out>) at /home/tobi/wd/spring/repo/rts/Game/Game.cpp:3514
#2 0x080ec19c in CGame::ClientReadNet (this=<value optimized out>) at /home/tobi/wd/spring/repo/rts/Game/Game.cpp:3804
0000003 0x080f01fa in CGame::Update (this=<value optimized out>) at /home/tobi/wd/spring/repo/rts/Game/Game.cpp:2839
0000004 0x084b354a in SpringApp::Update (this=<value optimized out>) at /home/tobi/wd/spring/repo/rts/System/SpringApp.cpp:849
0000005 0x084b9755 in SpringApp::Run (this=<value optimized out>, argc=<value optimized out>, argv=<value optimized out>)
    at /home/tobi/wd/spring/repo/rts/System/SpringApp.cpp:977
#6 0x084a0b43 in Run (argc=<value optimized out>, argv=<value optimized out>) at /home/tobi/wd/spring/repo/rts/System/Main.cpp:64
#7 0x084a0fbb in main (argc=<value optimized out>, argv=<value optimized out>) at /home/tobi/wd/spring/repo/rts/System/Main.cpp:127
(gdb)

tvo

2010-01-17 16:42

reporter   ~0004503

A memory allocation unit was corrupt because of an overrun:
  Address (reported): 0x0d377a78
  Address (actual) : 0x0d3779f8
  Size (reported) : 0x00000FA0 ( 4,000 ( 3.91K))
  Size (actual) : 0x000010A0 ( 4,256 ( 4.16K))
  Owner : QuadField.cpp(66)::CQuadField
  Allocation type : new[]
  Allocation number : 2309714

This suggests it's this bug, so it's fixed already for next release:

http://github.com/spring/spring/commit/f0d7b0439a952b365253b351e7d8ff7bba238dcd

It tends to crash often in CFeatureHandler because CFeatureHandler is allocated right after CQuadField (see Game.cpp)

Issue History

Date Modified Username Field Change
2009-12-04 19:11 SirMaverick New Issue
2009-12-04 19:11 SirMaverick Note Added: 0004402
2009-12-30 14:46 tvo Note Added: 0004461
2009-12-30 14:47 tvo Status new => feedback
2010-01-03 16:05 SirMaverick File Added: backtraces.txt
2010-01-03 16:05 SirMaverick File Added: local_20091204_051732_unnamed_0.80.5.sdf.bz2
2010-01-03 16:10 SirMaverick Note Added: 0004467
2010-01-03 16:47 SirMaverick Note Edited: 0004467
2010-01-16 13:26 tvo Note Added: 0004497
2010-01-16 13:32 tvo Status feedback => confirmed
2010-01-17 10:08 imbaczek Note Added: 0004499
2010-01-17 16:15 tvo Note Added: 0004502
2010-01-17 16:42 tvo Note Added: 0004503
2010-01-17 16:43 tvo Status confirmed => resolved
2010-01-17 16:43 tvo Fixed in Version => 0.81.0.0
2010-01-17 16:43 tvo Resolution open => fixed
2010-01-17 16:43 tvo Assigned To => tvo
2010-01-17 16:45 tvo Relationship added related to 0001766
2010-01-17 16:46 tvo Relationship added related to 0001602