| View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||
| ID | Project | Category | View Status | Date Submitted | Last Update | ||||
|---|---|---|---|---|---|---|---|---|---|
| 0001900 | Spring engine | General | public | 2010-04-24 15:57 | 2010-05-02 01:13 | ||||
| Reporter | Kloot | ||||||||
| Assigned To | zerver | ||||||||
| Priority | high | Severity | crash | Reproducibility | sometimes | ||||
| Status | resolved | Resolution | fixed | ||||||
| Product Version | 0.81.0.0+git | ||||||||
| Target Version | Fixed in Version | 0.81.2+git | |||||||
| Summary | 0001900: SEGV in ~LuaParser on exit (37cb7783c20e1ee1c3058e82ceffc2c84c4061b4) | ||||||||
| Description | gdb stacktrace: (gdb) bt #0 0xb7652217 in std::basic_string<char, std::char_traits<char>, std::allocator<char> >::~basic_string () from /usr/lib/libstdc++.so.6 #1 0x084e08fb in ~LuaParser (this=0xa5d64f8) at rts/Lua/LuaParser.cpp:103 // lua_close(L)? #2 0x085a68af in ~MapParser (this=0xa498428) at rts/Map/MapParser.cpp:62 // delete (LuaParser*) parser; 0000003 0x085a41b9 in ~CMapInfo (this=0xa5eeca0) at rts/Map/MapInfo.cpp:59 // delete (MapParser*) parser; 0000004 0x0832f0f0 in ~CGame (this=0xa59fab8) at rts/Game/Game.cpp:423 // delete const_cast<CMapInfo*>(mapInfo); 0000005 0x0895853d in SpringApp::Shutdown (this=0xbf800bf0) at rts/System/SpringApp.cpp:1119 // delete game; #6 0x08960723 in SpringApp::Run (this=0xbf800bf0, argc=2, argv=0xbf800cd4) at rts/System/SpringApp.cpp:1003 // ShutDown(); occasionally, Spring's own backtracer comes up with: rts/lib/lua/src/lauxlib.cpp:632 rts/lib/lua/src/lmem.cpp:81 rts/lib/lua/src/lfunc.cpp:156 rts/lib/lua/src/lgc.cpp:381 rts/lib/lua/src/lgc.cpp:411 rts/lib/lua/src/lgc.cpp:488 rts/lib/lua/src/lstate.cpp:111 rts/lib/lua/src/lstate.cpp:222 rts/Lua/LuaParser.cpp:93 rts/Map/MapParser.cpp:62 rts/Map/MapInfo.cpp:59 rts/Game/Game.cpp:423 rts/System/SpringApp.cpp:1120 rts/System/SpringApp.cpp:1004 rts/System/Main.cpp:110 rts/System/Main.cpp:127 but usually it ends in LuaParser. | ||||||||
| Additional Information | May also be related to http://springrts.com/mantis/view.php?id=1901. After fc27e407666f435d72e02080369abf74b7a0fd39, stacktrace now often looks like this as well: rts/System/FileSystem/VFSHandler.cpp:124 rts/System/Util.h:81 rts/Game/Game.cpp:411 rts/System/SpringApp.cpp:1121 rts/System/SpringApp.cpp:1005 rts/System/Main.cpp:110 rts/System/Main.cpp:127 | ||||||||
| Tags | No tags attached. | ||||||||
| Checked infolog.txt for Errors | |||||||||
| Attached Files |
| ||||||||
 Relationships |
 Notes |
|
|
zerver (reporter) 2010-04-26 17:35 |
I have had the same crash, but I don't think it is related to 0001901. |
|
zerver (reporter) 2010-04-30 18:46 |
http://github.com/spring/spring/commit/505ea6d8fbc9c2a27b0175d598c2ccfc8d6a240c This seems to eliminate the problem for me, only tried 5 times though. If it really helps, it would be good if someone could figure out why :) |
|
hoijui (reporter) 2010-04-30 21:10 |
did not help here: (gdb) bt #0 0x00007ffff4568315 in raise () from /lib/libc.so.6 #1 0x00007ffff4569811 in abort () from /lib/libc.so.6 #2 0x00007ffff45a4158 in ?? () from /lib/libc.so.6 0000003 0x00007ffff45a9808 in ?? () from /lib/libc.so.6 0000004 0x00007ffff45ae24c in free () from /lib/libc.so.6 0000005 0x00007ffff7ec0a3b in ?? () from //usr/lib64/opengl/nvidia/lib/libnvidia-tls.so.1 #6 0x0000000000ea66b0 in l_alloc (ud=0x0, ptr=0x1cb5f20, osize=57, nsize=0) at rts/lib/lua/src/lauxlib.cpp:631 #7 0x0000000000ea7d37 in luaM_realloc_ (L=0x18ea220, block=0x1cb5f20, osize=57, nsize=0) at rts/lib/lua/src/lmem.cpp:81 #8 0x0000000000eb44c5 in freeobj (L=0x18ea220, o=0x1cb5f20) at rts/lib/lua/src/lgc.cpp:391 #9 0x0000000000eb45be in sweeplist (L=0x18ea220, p=0x2510dc8, count=18446744073709551612) at rts/lib/lua/src/lgc.cpp:424 0000010 0x0000000000eb4665 in luaC_freeall (L=0x18ea220) at rts/lib/lua/src/lgc.cpp:489 #11 0x0000000000e9c73c in close_state (L=0x18ea220) at rts/lib/lua/src/lstate.cpp:108 0000012 0x0000000000e9c890 in lua_close (L=0x18ea220) at rts/lib/lua/src/lstate.cpp:221 0000013 0x00000000009798ee in ~LuaParser (this=0x1cb2220, __in_chrg=<value optimized out>) at rts/Lua/LuaParser.cpp:101 0000014 0x00000000009b4b35 in ~MapParser (this=0x1b81a70, __in_chrg=<value optimized out>) at rts/Map/MapParser.cpp:62 #15 0x00000000009ab34a in ~CMapInfo (this=0x24fe120, __in_chrg=<value optimized out>) at rts/Map/MapInfo.cpp:60 #16 0x0000000000722158 in ~CGame (this=0x7fffe82c84c0, __in_chrg=<value optimized out>) at rts/Game/Game.cpp:425 #17 0x0000000000d72b8b in SpringApp::Shutdown (this=0x7fffffffda80) at rts/System/SpringApp.cpp:1120 #18 0x0000000000d7b18f in SpringApp::Run (this=0x7fffffffda80, argc=1, argv=0x7fffffffdbb8) at rts/System/SpringApp.cpp:1004 #19 0x0000000000db6069 in Run (argc=1, argv=0x7fffffffdbb8) at rts/System/Main.cpp:110 0000020 0x0000000000db60be in main (argc=1, argv=0x7fffffffdbb8) at rts/System/Main.cpp:126 |
|
Kloot (developer) 2010-05-01 02:17 |
the ~LuaParser segfault still happens (rarely) with ~CGame stripped down to just SafeDelete(gameServer); SafeDelete(sound); SafeDelete(mapInfo); so memory is probably being corrupted even earlier. |
|
hoijui (reporter) 2010-05-01 11:44 |
am bisecting it |
|
hoijui (reporter) 2010-05-01 12:08 Last edited: 2010-05-01 12:09 |
bad: 6af54a7f98fc085b052c56a5502321e930d24a72 good: 448646c0215f35b50647d292c8a4e81373a2e155 There are 9 commits in between, which wont compile. but looking at the commits, it is pretty clear that the guilty one has to be one of the 3 right after the last good. |
|
zerver (reporter) 2010-05-01 12:58 |
Yeah, I'm getting crashes also, but less frequently and not in LuaParser. The heap corruption happens elsewhere instead. |
|
Kloot (developer) 2010-05-01 14:41 Last edited: 2010-05-01 14:48 |
I do not see how any of the commits between 448646c0215f35b50647d292c8a4e81373a2e155 and 6af54a7f98fc085b052c56a5502321e930d24a72 (with f24a9046d99211c4d488d7966afe45481928cd4b being the most likely candidate, looking into it) could have introduced this. fbfcff0c337e761e4e0cd3ee3d1fbd9fc60c5eb6 does not touch the heap in any way d59977dc3ccc5a8098cc9f6562db4ba211bfe70e just adds a Lua callout (idle code from the engine's perspective) and dereferences CTeam::currentStats (the only thing that might be suspect) 44caa57b19c982ee8993ea26b95d851cd858cb3f and 85d89c68ade21d5e6ff4f04edfae0db2d1c8ebe9 are completely irrelevant a91f7d427c794e9aa70c163ea4ad60243b93dfe3 and 6a9db155f549377c0dda4b5e3462670245371422 are also unrelated 54e22b5d7fb2a90693710677c66bb712e4177d3f cannot possibly have anything to do with it either 4592e7a1938e86f40e1a0516f4063bb9b7244197 adds another Lua callout, again idle code Are you sure that 448646c0215f35b50647d292c8a4e81373a2e155 was not a false positive during bisecting? |
|
hoijui (reporter) 2010-05-01 15:12 |
for me it happens every end of the game for bad+, and for non in good- (see my last note). maybe it is GFX related? here: Gentoo 64bit / NVIDIA GTS 220 |
|
zerver (reporter) 2010-05-01 17:11 |
My testing now points towards f24a9046d99211c4d488 being the guilty one, but I have only been able to find one possible error in this commit so far: empDecline begin calculated differently due to int/int instead of float/int. |
|
zerver (reporter) 2010-05-02 01:13 |
Dangling pointer... |
| Notes |
| Issue History |
|||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2010-04-24 15:57 | Kloot | New Issue | |
| 2010-04-26 02:17 | Kloot | Additional Information Updated | |
| 2010-04-26 17:35 | zerver | Note Added: 0004855 | |
| 2010-04-30 16:52 | Kloot | Relationship added | related to 0001906 |
| 2010-04-30 18:46 | zerver | Note Added: 0004866 | |
| 2010-04-30 21:10 | hoijui | Note Added: 0004868 | |
| 2010-05-01 02:17 | Kloot | Note Added: 0004869 | |
| 2010-05-01 11:44 | hoijui | Note Added: 0004870 | |
| 2010-05-01 12:08 | hoijui | Note Added: 0004871 | |
| 2010-05-01 12:09 | hoijui | Note Edited: 0004871 | |
| 2010-05-01 12:58 | zerver | Note Added: 0004872 | |
| 2010-05-01 14:41 | Kloot | Note Added: 0004874 | |
| 2010-05-01 14:43 | Kloot | Note Edited: 0004874 | |
| 2010-05-01 14:45 | Kloot | Note Edited: 0004874 | |
| 2010-05-01 14:48 | Kloot | Note Edited: 0004874 | |
| 2010-05-01 15:12 | hoijui | Note Added: 0004875 | |
| 2010-05-01 17:11 | zerver | Note Added: 0004876 | |
| 2010-05-01 23:08 | zerver | Status | new => assigned |
| 2010-05-01 23:08 | zerver | Assigned To | => zerver |
| 2010-05-02 01:13 | zerver | Note Added: 0004880 | |
| 2010-05-02 01:13 | zerver | Status | assigned => resolved |
| 2010-05-02 01:13 | zerver | Fixed in Version | => 0.81.2+git |
| 2010-05-02 01:13 | zerver | Resolution | open => fixed |
| Issue History |