View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0001906Spring engineGeneralpublic2010-04-29 23:212010-06-19 23:04
Reporterhoijui Assigned ToKloot  
PriorityhighSeveritycrashReproducibilityalways
Status resolvedResolutionfixed 
Product Version0.81.2+git 
Fixed in Version0.80.0.0+git 
Summary0001906: double free or corruption
DescriptionWhen exiting the game, but only if already being in-game/having seeing the map, the game crashes & freezes, and has to be killed with `kill -9`.
Additional Informationmost interesting parts from the session:

Program received signal SIGABRT, Aborted.
[Thread 0x7fffee783910 (LWP 13914) exited]
*** glibc detected *** /home/userX/Projects/spring/installs/cmake/master/linux64/debug/spring: double free or corruption (out): 0x00007fffe80016c0 ***

(gdb) bt
#0 0x00007ffff4568315 in raise () from /lib/libc.so.6
#1 0x00007ffff4569811 in abort () from /lib/libc.so.6
#2 0x00007ffff45a4158 in ?? () from /lib/libc.so.6
0000003 0x00007ffff45a9808 in ?? () from /lib/libc.so.6
0000004 0x00007ffff45ae24c in free () from /lib/libc.so.6
0000005 0x0000000000795d0d in __gnu_cxx::new_allocator<float3>::deallocate (this=0x7fffe82b6f00, __p=0x7fffe80016c0) at /usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include/g++-v4/ext/new_allocator.h:98
#6 0x0000000000795d3f in std::_Vector_base<float3, std::allocator<float3> >::_M_deallocate (this=0x7fffe82b6f00, __p=0x7fffe80016c0, __n=4) at /usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include/g++-v4/bits/stl_vector.h:150
#7 0x0000000000795d91 in ~_Vector_base (this=0x7fffe82b6f00, __in_chrg=<value optimized out>) at /usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include/g++-v4/bits/stl_vector.h:136
#8 0x0000000000795fd1 in ~vector (this=0x7fffe82b6f00, __in_chrg=<value optimized out>) at /usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include/g++-v4/bits/stl_vector.h:300
#9 0x0000000000b34f9e in ~S3DOPrimitive (this=0x7fffe82b6ee8, __in_chrg=<value optimized out>) at /home/userX/Projects/spring/repos/master/rts/Rendering/Models/3DOParser.h:24
0000010 0x0000000000b34fbe in std::_Destroy<S3DOPrimitive> (__pointer=0x7fffe82b6ee8) at /usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include/g++-v4/bits/stl_construct.h:88
#11 0x0000000000b34fdb in std::_Destroy<S3DOPrimitive*> (__first=0x7fffe82b6ee8, __last=0x7fffe82b7008) at /usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include/g++-v4/bits/stl_construct.h:103
0000012 0x0000000000b3500d in std::_Destroy<S3DOPrimitive*, S3DOPrimitive> (__first=0x7fffe82b6a20, __last=0x7fffe82b7008) at /usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include/g++-v4/bits/stl_construct.h:128
0000013 0x0000000000b351b2 in ~vector (this=0x2e04150, __in_chrg=<value optimized out>) at /usr/lib/gcc/x86_64-pc-linux-gnu/4.3.4/include/g++-v4/bits/stl_vector.h:300
0000014 0x0000000000b35335 in ~S3DOPiece (this=0x2e040c0, __in_chrg=<value optimized out>) at /home/userX/Projects/spring/repos/master/rts/Rendering/Models/3DOParser.h:32
#15 0x0000000000b1cd86 in C3DModelLoader::DeleteChilds (this=0x3489980, o=0xcd04dd0) at /home/userX/Projects/spring/repos/master/rts/Rendering/Models/IModelParser.cpp:127
#16 0x0000000000b1d6aa in ~C3DModelLoader (this=0x3489980, __in_chrg=<value optimized out>) at /home/userX/Projects/spring/repos/master/rts/Rendering/Models/IModelParser.cpp:44
#17 0x0000000000735c94 in SafeDelete<C3DModelLoader*> (a=@0x13d1170) at /home/userX/Projects/spring/repos/master/rts/System/Util.h:81
#18 0x00000000007220a5 in ~CGame (this=0x7fffe82b7e00, __in_chrg=<value optimized out>) at /home/userX/Projects/spring/repos/master/rts/Game/Game.cpp:412
#19 0x0000000000d7217b in SpringApp::Shutdown (this=0x7fffffffda80) at /home/userX/Projects/spring/repos/master/rts/System/SpringApp.cpp:1120
0000020 0x0000000000d7a77f in SpringApp::Run (this=0x7fffffffda80, argc=1, argv=0x7fffffffdbb8) at /home/userX/Projects/spring/repos/master/rts/System/SpringApp.cpp:1004
#21 0x0000000000db5659 in Run (argc=1, argv=0x7fffffffdbb8) at /home/userX/Projects/spring/repos/master/rts/System/Main.cpp:110
#22 0x0000000000db56ae in main (argc=1, argv=0x7fffffffdbb8) at /home/userX/Projects/spring/repos/master/rts/System/Main.cpp:126
TagsNo tags attached.
Attached Files
gdb_session_plus_stacktrace.txt (Attachment missing)
Checked infolog.txt for Errors

Relationships

related to 0001900 resolvedzerver SEGV in ~LuaParser on exit (37cb7783c20e1ee1c3058e82ceffc2c84c4061b4) 

Activities

hoijui

2010-04-30 08:00

reporter   ~0004863

now with: 0.81.0-699-g6022e40
includes commit: properly delete models from C3DModelLoader


Program received signal SIGSEGV, Segmentation fault.
0x00007ffff45a9993 in ?? () from /lib/libc.so.6
(gdb) bt
#0 0x00007ffff45a9993 in ?? () from /lib/libc.so.6
#1 0x00007ffff45ab078 in ?? () from /lib/libc.so.6
#2 0x00007ffff45ae24c in free () from /lib/libc.so.6
0000003 0x00007ffff3370ff0 in ?? () from //usr/lib64/opengl/nvidia/lib/libGLcore.so.1
0000004 0x00007ffff331a0c4 in ?? () from //usr/lib64/opengl/nvidia/lib/libGLcore.so.1
0000005 0x00007ffff335c864 in ?? () from //usr/lib64/opengl/nvidia/lib/libGLcore.so.1
#6 0x0000000000c8733e in UnitDefImage::Free (this=0x7fffe82f2380) at rts/Sim/Units/UnitDefImage.h:15
#7 0x0000000000c84d3f in ~CUnitDefHandler (this=0x538b8a0, __in_chrg=<value optimized out>) at rts/Sim/Units/UnitDefHandler.cpp:136
#8 0x0000000000735b4d in SafeDelete<CUnitDefHandler*> (a=@0x13d6038) at rts/System/Util.h:81
#9 0x0000000000722085 in ~CGame (this=0x7fffe82b8250, __in_chrg=<value optimized out>) at rts/Game/Game.cpp:407
0000010 0x0000000000d72c27 in SpringApp::Shutdown (this=0x7fffffffda80) at rts/System/SpringApp.cpp:1120
#11 0x0000000000d7b22b in SpringApp::Run (this=0x7fffffffda80, argc=1, argv=0x7fffffffdbb8) at rts/System/SpringApp.cpp:1004
0000012 0x0000000000db6105 in Run (argc=1, argv=0x7fffffffdbb8) at rts/System/Main.cpp:110
0000013 0x0000000000db615a in main (argc=1, argv=0x7fffffffdbb8) at rts/System/Main.cpp:126

hoijui

2010-04-30 15:30

reporter   ~0004865

:/
looks like the first thing is not fixed either, got it again:

*** glibc detected *** /home/robin/Projects/spring/installs/cmake/master/linux64/debug/spring: double free or corruption (out): 0x00000000018ea700 ***

(gdb) bt
#0 0x00007ffff4568315 in raise () from /lib/libc.so.6
#1 0x00007ffff4569811 in abort () from /lib/libc.so.6
#2 0x00007ffff45a4158 in ?? () from /lib/libc.so.6
0000003 0x00007ffff45a9808 in ?? () from /lib/libc.so.6
0000004 0x00007ffff45ae24c in free () from /lib/libc.so.6
0000005 0x00007ffff7ec0a3b in ?? () from //usr/lib64/opengl/nvidia/lib/libnvidia-tls.so.1
#6 0x0000000000ea674c in l_alloc (ud=0x0, ptr=0x18ea700, osize=8589934619, nsize=0) at rts/lib/lua/src/lauxlib.cpp:631
#7 0x0000000000ea7dd3 in luaM_realloc_ (L=0x18ea1c0, block=0x18ea700, osize=8589934619, nsize=0) at rts/lib/lua/src/lmem.cpp:81
#8 0x0000000000eb4561 in freeobj (L=0x18ea1c0, o=0x18ea700) at rts/lib/lua/src/lgc.cpp:391
#9 0x0000000000eb465a in sweeplist (L=0x18ea1c0, p=0x2560d38, count=18446744073709551611) at rts/lib/lua/src/lgc.cpp:424
0000010 0x0000000000eb4701 in luaC_freeall (L=0x18ea1c0) at rts/lib/lua/src/lgc.cpp:489
#11 0x0000000000e9c7d8 in close_state (L=0x18ea1c0) at rts/lib/lua/src/lstate.cpp:108
0000012 0x0000000000e9c92c in lua_close (L=0x18ea1c0) at rts/lib/lua/src/lstate.cpp:221
0000013 0x000000000097986c in ~LuaParser (this=0x2531160, __in_chrg=<value optimized out>) at rts/Lua/LuaParser.cpp:93
0000014 0x00000000009b4b35 in ~MapParser (this=0x2531f40, __in_chrg=<value optimized out>) at rts/Map/MapParser.cpp:62
#15 0x00000000009ab34a in ~CMapInfo (this=0x254c960, __in_chrg=<value optimized out>) at rts/Map/MapInfo.cpp:60
#16 0x0000000000722158 in ~CGame (this=0x27e5e50, __in_chrg=<value optimized out>) at rts/Game/Game.cpp:425
#17 0x0000000000d72c27 in SpringApp::Shutdown (this=0x7fffffffda80) at rts/System/SpringApp.cpp:1120
#18 0x0000000000d7b22b in SpringApp::Run (this=0x7fffffffda80, argc=1, argv=0x7fffffffdbb8) at rts/System/SpringApp.cpp:1004
#19 0x0000000000db6105 in Run (argc=1, argv=0x7fffffffdbb8) at rts/System/Main.cpp:110
0000020 0x0000000000db615a in main (argc=1, argv=0x7fffffffdbb8) at rts/System/Main.cpp:126

Kloot

2010-06-19 23:04

developer   ~0004992

This was the dangling-pointer-in-CTeam issue, same as 0001900.

Issue History

Date Modified Username Field Change
2010-04-29 23:21 hoijui New Issue
2010-04-29 23:21 hoijui File Added: gdb_session_plus_stacktrace.txt
2010-04-30 08:00 hoijui Note Added: 0004863
2010-04-30 15:30 hoijui Note Added: 0004865
2010-04-30 16:52 Kloot Relationship added related to 0001900
2010-06-19 23:04 Kloot Note Added: 0004992
2010-06-19 23:04 Kloot Status new => resolved
2010-06-19 23:04 Kloot Fixed in Version => 0.80.0.0+git
2010-06-19 23:04 Kloot Resolution open => fixed
2010-06-19 23:04 Kloot Assigned To => Kloot