0001750: segfault in LosMap

View Issue Details [ Jump to Notes ]

[ Issue History ] [ Print ]

Project

Tags

No tags attached.

Checked infolog.txt for Errors

Attached Files

backtraces.txt (6,180 bytes) 2010-01-03 16:05

Program received signal SIGSEGV, Segmentation fault.
0x0837751b in CGameHelper::GetUnitErrorPos (this=0x944a260, unit=0xfabe870, 
    allyteam=1)
    at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/Game/GameHelper.cpp:880
880                     pos += unit->posErrorVector * radarhandler->radarErrorSize[allyteam];

(gdb) bt
#0  0x0837751b in CGameHelper::GetUnitErrorPos (this=0x944a260, 
    unit=0xfabe870, allyteam=1)
    at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/Game/GameHelper.cpp:880
#1  0x0888947a in CWeapon::AttackUnit (this=0x1298bd88, unit=0xfabe870, 
    userTarget=true)
    at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/Sim/Weapons/Weapon.cpp:491
#2  0x088b0a89 in CBombDropper::AttackUnit (this=0x1298bd88, unit=0xfabe870, 
    userTarget=true)
    at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/Sim/Weapons/bombdropper.cpp:144
#3  0x087f1831 in CUnit::AttackUnit (this=0x131b9cc8, unit=0xfabe870, 
    dgun=false)
    at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/Sim/Units/Unit.cpp:1428
#4  0x0885da25 in CAirCAI::ExecuteAttack (this=0x12c30c48, c=...)
    at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/Sim/Units/CommandAI/AirCAI.cpp:507
#5  0x088649d8 in CCommandAI::SlowUpdate (this=0x12c30c48)
    at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/Sim/Units/CommandAI/CommandAI.cpp:1221
#6  0x0883b9c3 in CMobileCAI::Execute (this=0x12c30c48)
    at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/Sim/Units/CommandAI/MobileCAI.cpp:420
#7  0x0885ef11 in CAirCAI::SlowUpdate (this=0x12c30c48)
    at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/Sim/Units/CommandAI/AirCAI.cpp:290
#8  0x088654b7 in CCommandAI::GiveAllowedCommand (this=0x12c30c48, c=..., 
    fromSynced=true)
    at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/Sim/Units/CommandAI/CommandAI.cpp:724
#9  0x0883c4f8 in CMobileCAI::GiveCommandReal (this=0x12c30c48, c=..., 
    fromSynced=false)
    at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/Sim/Units/CommandAI/MobileCAI.cpp:279
#10 0x088655a5 in CCommandAI::GiveCommand (this=0x12c30c48, c=..., 
    fromSynced=false)
    at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/Sim/Units/CommandAI/CommandAI.cpp:474
#11 0x082da2d5 in CSelectedUnitsAI::SelectAttack (this=0x8bb5d20, cmd=..., 
    player=2)
    at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/Game/SelectedUnitsAI.cpp:494
#12 0x082db143 in CSelectedUnitsAI::GiveCommandNet (this=0x8bb5d20, c=..., 
    player=2)
    at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/Game/SelectedUnitsAI.cpp:107
#13 0x0838b0ac in CSelectedUnits::NetOrder (this=0x8bb6580, c=..., playerID=2)
    at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/Game/SelectedUnits.cpp:462
#14 0x0833e381 in CGame::ClientReadNet (this=0x943a2e8)
    at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/Game/Game.cpp:3833
#15 0x08341d84 in CGame::Update (this=0x943a2e8)
    at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/Game/Game.cpp:2839
#16 0x088bee09 in SpringApp::Update (this=0xbffff500)
    at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/System/SpringApp.cpp:849
#17 0x088c70d9 in SpringApp::Run (this=0xbffff500, argc=2, argv=0xbffff5e4)
    at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/System/SpringApp.cpp:977
#18 0x088f4511 in Run (argc=2, argv=0xbffff5e4)
    at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/System/Main.cpp:111
#19 0x088f456c in main (argc=Cannot access memory at address 0x4)
    at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/System/Main.cpp:127

--------------------

Program received signal SIGSEGV, Segmentation fault.
0x0837e3ae in CLosMap::At (this=0xa14dc68, x=41, y=62)
    at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/Sim/Misc/LosMap.h:31
31                      return map[y * size.x + x];
(gdb) bt
#0  0x0837e3ae in CLosMap::At (this=0xa14dc68, x=41, y=62)
    at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/Sim/Misc/LosMap.h:31
#1  0x087fc07e in CLosHandler::InLos (this=0x9d0fbe8, unit=0xfb955f8, 
    allyTeam=0)
    at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/Sim/Misc/LosHandler.h:89
#2  0x087ef9c3 in CUnit::CalcLosStatus (this=0xfb955f8, at=0)
    at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/Sim/Units/Unit.cpp:646
#3  0x08806a44 in CUnit::UpdateLosStatus (this=0xfb955f8, at=0)
    at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/Sim/Units/Unit.cpp:675
#4  0x087f69df in CUnit::SlowUpdate (this=0xfb955f8)
    at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/Sim/Units/Unit.cpp:693
#5  0x08809b2f in CUnitHandler::Update (this=0xa15f440)
    at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/Sim/Units/UnitHandler.cpp:292
#6  0x08336ff6 in CGame::SimFrame (this=0x91dbd78)
    at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/Game/Game.cpp:3505
#7  0x0833e14b in CGame::ClientReadNet (this=0x91dbd78)
    at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/Game/Game.cpp:3804
#8  0x08341d84 in CGame::Update (this=0x91dbd78)
    at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/Game/Game.cpp:2839
#9  0x088bee09 in SpringApp::Update (this=0xbffff500)
    at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/System/SpringApp.cpp:849
#10 0x088c70d9 in SpringApp::Run (this=0xbffff500, argc=2, argv=0xbffff5e4)
    at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/System/SpringApp.cpp:977
#11 0x088f4511 in Run (argc=2, argv=0xbffff5e4)
    at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/System/Main.cpp:111
#12 0x088f456c in main (argc=1088, argv=0x441)
    at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/System/Main.cpp:127

backtraces.txt (6,180 bytes) 2010-01-03 16:05

local_20091204_051732_unnamed_0.80.5.sdf.bz2 (1,717,961 bytes) 2010-01-03 16:05

Relationships

related to	0001766	resolved	tvo	SIGSEGV via FeatureHandler.cpp
related to	0001602	resolved	tvo	Segfault, with replay causing the segfault.

Relationships

Notes
~0004402 SirMaverick (reporter) 2009-12-04 19:11	(gdb) bt #0 0x086fe13b in CLosMap::AddMapSquares (this=0xa542f74, squares=..., amount=-1) at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/Sim/Misc/LosMap.cpp:48 #1 0x086dfd9e in CLosHandler::CleanupInstance (this=0x9af12b8, instance=0xda68960) at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/Sim/Misc/LosHandler.cpp:246 #2 0x086dfe27 in CLosHandler::FreeInstance (this=0x9af12b8, instance=0xda68960) at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/Sim/Misc/LosHandler.cpp:194 0000003 0x086e0a9e in CLosHandler::MoveUnit (this=0x9af12b8, unit=0xd4867c8, redoCurrent=false) at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/Sim/Misc/LosHandler.cpp:152 0000004 0x08712028 in CAirMoveType::SlowUpdate (this=0x998bb88) at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/Sim/MoveTypes/AirMoveType.cpp:421 0000005 0x087f6e44 in CUnit::SlowUpdate (this=0xd4867c8) at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/Sim/Units/Unit.cpp:761 #6 0x08809b2f in CUnitHandler::Update (this=0x9cf9608) at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/Sim/Units/UnitHandler.cpp:292 #7 0x08336ff6 in CGame::SimFrame (this=0x9137bb0) at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/Game/Game.cpp:3505 #8 0x0833e14b in CGame::ClientReadNet (this=0x9137bb0) at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/Game/Game.cpp:3804 #9 0x08341d84 in CGame::Update (this=0x9137bb0) at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/Game/Game.cpp:2839 0000010 0x088bee09 in SpringApp::Update (this=0xbffff470) at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/System/SpringApp.cpp:849 #11 0x088c70d9 in SpringApp::Run (this=0xbffff470, argc=2, argv=0xbffff554) at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/System/SpringApp.cpp:977 0000012 0x088f4511 in Run (argc=2, argv=0xbffff554) at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/System/Main.cpp:111 0000013 0x088f456c in main (argc=1088, argv=0x441) at spring_0.80.5-branch/cb5d5b506d2f1f2101cb7f1b8349d4b4d83c4864/rts/System/Main.cpp:127

~0004461 tvo (reporter) 2009-12-30 14:46	Could you attach replay and/or explain how this is reproducable, since you marked it as always reproducable?

~0004467 SirMaverick (reporter) 2010-01-03 16:10 Last edited: 2010-01-03 16:47	Replay attached (happens at end, 1:25h in game). I run the demo several times -> different backtraces but all at the same moment. Memory corruption?

~0004497 tvo (reporter) 2010-01-16 13:26	Replay spams errors like this: [ 18692] LuaRules::RunCallIn: error = 2, RecvFromSynced, [string "LuaRules/Gadgets/lups_nano_spray.lua"]:469: attempt to index upvalue 'Lups' (a nil value) Is that to be expected? (i.e. known bug?) Also input box was invisible, font errors, etc. Anyway, replay crashed here for me, right after end of demo was reached. Program received signal SIGSEGV, Segmentation fault. CFeatureHandler::UpdateDraw (this=<value optimized out>) at /home/tobi/wd/spring/repo/rts/Sim/Features/FeatureHandler.cpp:529 529 UpdateDrawQuad(*i); (gdb) bt #0 CFeatureHandler::UpdateDraw (this=<value optimized out>) at /home/tobi/wd/spring/repo/rts/Sim/Features/FeatureHandler.cpp:529 #1 0x080dcb4c in CGame::Draw (this=<value optimized out>) at /home/tobi/wd/spring/repo/rts/Game/Game.cpp:3116 #2 0x084a41fd in SpringApp::Update (this=<value optimized out>) at /home/tobi/wd/spring/repo/rts/System/SpringApp.cpp:889 0000003 0x084a9fa5 in SpringApp::Run (this=<value optimized out>, argc=<value optimized out>, argv=<value optimized out>) at /home/tobi/wd/spring/repo/rts/System/SpringApp.cpp:977 0000004 0x08491cd3 in Run (argc=<value optimized out>, argv=<value optimized out>) at /home/tobi/wd/spring/repo/rts/System/Main.cpp:64 0000005 0x0849214b in main (argc=<value optimized out>, argv=<value optimized out>) at /home/tobi/wd/spring/repo/rts/System/Main.cpp:127

~0004499 imbaczek (reporter) 2010-01-17 10:08	i've seen such lua errors after lua state has been corrupted.

~0004502 tvo (reporter) 2010-01-17 16:15	Confirmed lua state is corrupted: End of demo reached LuaRules::RunCallIn: error = 2, RecvFromSynced, [string "LuaRules/Gadgets/lups_flame_jitter.lua"]:191: attempt to compare ???kt?????kt??v?? lt ? with number Program received signal SIGSEGV, Segmentation fault. CFeatureHandler::Update (this=<value optimized out>) at /home/tobi/wd/spring/repo/rts/Sim/Features/FeatureHandler.cpp:463 463 CFeatureSet::iterator it = activeFeatures.find(toBeRemoved.back()); Missing separate debuginfos, use: debuginfo-install libxcb-1.5-1.fc12.i686 (gdb) bt #0 CFeatureHandler::Update (this=<value optimized out>) at /home/tobi/wd/spring/repo/rts/Sim/Features/FeatureHandler.cpp:463 #1 0x080d7712 in CGame::SimFrame (this=<value optimized out>) at /home/tobi/wd/spring/repo/rts/Game/Game.cpp:3514 #2 0x080ec19c in CGame::ClientReadNet (this=<value optimized out>) at /home/tobi/wd/spring/repo/rts/Game/Game.cpp:3804 0000003 0x080f01fa in CGame::Update (this=<value optimized out>) at /home/tobi/wd/spring/repo/rts/Game/Game.cpp:2839 0000004 0x084b354a in SpringApp::Update (this=<value optimized out>) at /home/tobi/wd/spring/repo/rts/System/SpringApp.cpp:849 0000005 0x084b9755 in SpringApp::Run (this=<value optimized out>, argc=<value optimized out>, argv=<value optimized out>) at /home/tobi/wd/spring/repo/rts/System/SpringApp.cpp:977 #6 0x084a0b43 in Run (argc=<value optimized out>, argv=<value optimized out>) at /home/tobi/wd/spring/repo/rts/System/Main.cpp:64 #7 0x084a0fbb in main (argc=<value optimized out>, argv=<value optimized out>) at /home/tobi/wd/spring/repo/rts/System/Main.cpp:127 (gdb)

~0004503 tvo (reporter) 2010-01-17 16:42	A memory allocation unit was corrupt because of an overrun: Address (reported): 0x0d377a78 Address (actual) : 0x0d3779f8 Size (reported) : 0x00000FA0 ( 4,000 ( 3.91K)) Size (actual) : 0x000010A0 ( 4,256 ( 4.16K)) Owner : QuadField.cpp(66)::CQuadField Allocation type : new[] Allocation number : 2309714 This suggests it's this bug, so it's fixed already for next release: http://github.com/spring/spring/commit/f0d7b0439a952b365253b351e7d8ff7bba238dcd It tends to crash often in CFeatureHandler because CFeatureHandler is allocated right after CQuadField (see Game.cpp)

Notes

Date Modified	Username	Field	Change
Issue History
2009-12-04 19:11	SirMaverick	New Issue
2009-12-04 19:11	SirMaverick	Note Added: 0004402
2009-12-30 14:46	tvo	Note Added: 0004461
2009-12-30 14:47	tvo	Status	new => feedback
2010-01-03 16:05	SirMaverick	File Added: backtraces.txt
2010-01-03 16:05	SirMaverick	File Added: local_20091204_051732_unnamed_0.80.5.sdf.bz2
2010-01-03 16:10	SirMaverick	Note Added: 0004467
2010-01-03 16:47	SirMaverick	Note Edited: 0004467
2010-01-16 13:26	tvo	Note Added: 0004497
2010-01-16 13:32	tvo	Status	feedback => confirmed
2010-01-17 10:08	imbaczek	Note Added: 0004499
2010-01-17 16:15	tvo	Note Added: 0004502
2010-01-17 16:42	tvo	Note Added: 0004503
2010-01-17 16:43	tvo	Status	confirmed => resolved
2010-01-17 16:43	tvo	Fixed in Version	=> 0.81.0.0
2010-01-17 16:43	tvo	Resolution	open => fixed
2010-01-17 16:43	tvo	Assigned To	=> tvo
2010-01-17 16:45	tvo	Relationship added	related to 0001766
2010-01-17 16:46	tvo	Relationship added	related to 0001602

Issue History