0002186: Spring hangs often when playing S44

View Issue Details [ Jump to Notes ]

[ Issue History ] [ Print ]

Project

Category

View Status

Date Submitted

Last Update

0002186

Spring engine

Linux

public

2010-10-22 22:43

2011-07-07 02:56

Reporter

tvo

Assigned To

abma

Priority

normal

Severity

crash

Reproducibility

have not tried

Status

resolved

Resolution

unable to reproduce

Product Version

0.82.6.1

Target Version

Fixed in Version

Summary

0002186: Spring hangs often when playing S44

Description

When it hangs it uses no CPU.

It hangs with stacktraces like this:

(gdb) thread apply all bt

Thread 4 (Thread 0xb73c6b70 (LWP 17511)):
#0 0x00110416 in __kernel_vsyscall ()
#1 0x009e4bd6 in nanosleep () from /lib/libpthread.so.0
#2 0x004dc377 in SDL_Delay () from /usr/lib/libSDL-1.2.so.0
0000003 0x004dc3c4 in ?? () from /usr/lib/libSDL-1.2.so.0
0000004 0x0048dacf in ?? () from /usr/lib/libSDL-1.2.so.0
0000005 0x004d9a0e in ?? () from /usr/lib/libSDL-1.2.so.0
#6 0x009dd919 in start_thread () from /lib/libpthread.so.0
#7 0x008f3cce in clone () from /lib/libc.so.6

Thread 3 (Thread 0xb64f2b70 (LWP 17512)):
#0 0x00110416 in __kernel_vsyscall ()
#1 0x009e15d4 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/libpthread.so.0
#2 0x0052b7c6 in boost::this_thread::sleep(boost::posix_time::ptime const&) () from /usr/lib/libboost_thread-mt.so.1.41.0
0000003 0x085bf132 in void boost::this_thread::sleep<boost::date_time::subsecond_duration<boost::posix_time::time_duration, 1000ll> >(boost::date_time::subsecond_duration<boost::posix_time::time_duration, 1000ll> const&) ()
0000004 0x085b932e in CSound::StartThread (this=0x8c777e0, maxSounds=96) at /home/tobi/wd/spring/repo-dev/rts/System/Sound/Sound.cpp:371
0000005 0x085bbd52 in operator() (this=0x8c6f778) at /usr/include/boost/bind/mem_fn_template.hpp:162
#6 operator()<boost::_mfi::mf1<void, CSound, int>, boost::_bi::list0> (this=0x8c6f778) at /usr/include/boost/bind/bind.hpp:306
#7 operator() (this=0x8c6f778) at /usr/include/boost/bind/bind_template.hpp:20
#8 boost::detail::thread_data<boost::_bi::bind_t<void, boost::_mfi::mf1<void, CSound, int>, boost::_bi::list2<boost::_bi::value<CSound*>, boost::_bi::value<int> > > >::run (this=0x8c6f778)
at /usr/include/boost/thread/detail/thread.hpp:56
#9 0x0052a0a6 in thread_proxy () from /usr/lib/libboost_thread-mt.so.1.41.0
0000010 0x009dd919 in start_thread () from /lib/libpthread.so.0
#11 0x008f3cce in clone () from /lib/libc.so.6

Thread 2 (Thread 0xb58ffb70 (LWP 17516)):
#0 0x00110416 in __kernel_vsyscall ()
#1 0x008e8df6 in poll () from /lib/libc.so.6
#2 0x07739b66 in ?? () from /lib/libasound.so.2
0000003 0x07739d3b in snd_pcm_wait () from /lib/libasound.so.2
0000004 0x0447c019 in ?? () from /usr/lib/libopenal.so.1
0000005 0x04479ec3 in ?? () from /usr/lib/libopenal.so.1
#6 0x009dd919 in start_thread () from /lib/libpthread.so.0
#7 0x008f3cce in clone () from /lib/libc.so.6

Thread 1 (Thread 0xb7fd16f0 (LWP 17510)):
#0 0x00110416 in __kernel_vsyscall ()
#1 0x00903d73 in __lll_lock_wait_private () from /lib/libc.so.6
#2 0x0088b0d1 in _L_lock_9434 () from /lib/libc.so.6
0000003 0x00888e94 in malloc () from /lib/libc.so.6
0000004 0x0087eb3f in __libc_message () from /lib/libc.so.6
0000005 0x00884fe1 in malloc_printerr () from /lib/libc.so.6
#6 0x0088776e in _int_free () from /lib/libc.so.6
#7 0x0568d990 in ?? () from /usr/lib/nvidia/tls/libnvidia-tls.so.256.53
#8 0x085d23f0 in luaM_realloc_ (L=0x12a27700, block=0x1584feb8, osize=80, nsize=0) at /home/tobi/wd/spring/repo-dev/rts/lib/lua/src/lmem.cpp:82
#9 0x085d9ab0 in luaH_free (L=0x12a27700, t=0x191c5e48) at /home/tobi/wd/spring/repo-dev/rts/lib/lua/src/ltable.cpp:377
0000010 0x085cf70a in freeobj (L=0x12a27700, p=0x1ca366d0, count=<value optimized out>) at /home/tobi/wd/spring/repo-dev/rts/lib/lua/src/lgc.cpp:383
#11 sweeplist (L=0x12a27700, p=0x1ca366d0, count=<value optimized out>) at /home/tobi/wd/spring/repo-dev/rts/lib/lua/src/lgc.cpp:424
0000012 0x085cf997 in singlestep (L=0x12a27700) at /home/tobi/wd/spring/repo-dev/rts/lib/lua/src/lgc.cpp:583
---Type <return> to continue, or q <return> to quit---
0000013 0x085cfe50 in luaC_step (L=0x12a27700) at /home/tobi/wd/spring/repo-dev/rts/lib/lua/src/lgc.cpp:617
0000014 0x085c69a2 in lua_createtable (L=0x12a27700, narray=0, nrec=0) at /home/tobi/wd/spring/repo-dev/rts/lib/lua/src/lapi.cpp:601
#15 0x08241dd8 in WeaponsTable (L=0x12a27700, data=0xd6ca1f4) at /home/tobi/wd/spring/repo-dev/rts/Lua/LuaUnitDefs.cpp:408
#16 0x0823fe5d in UnitDefIndex (L=0x12a27700) at /home/tobi/wd/spring/repo-dev/rts/Lua/LuaUnitDefs.cpp:193
#17 0x085cde7c in luaD_precall (L=0x12a27700, func=0x18b29968, nresults=1) at /home/tobi/wd/spring/repo-dev/rts/lib/lua/src/ldo.cpp:319
#18 0x085ce1c4 in luaD_call (L=0x12a27700, func=0x18b29968, nResults=1) at /home/tobi/wd/spring/repo-dev/rts/lib/lua/src/ldo.cpp:376
#19 0x085dbff2 in callTMres (L=0x12a27700, res=0x18b29908, f=0x12a49a9c, p1=0x18b29908, p2=0x12b14a60) at /home/tobi/wd/spring/repo-dev/rts/lib/lua/src/lvm.cpp:110
0000020 0x085dd696 in luaV_execute (L=0x12a27700, nexeccalls=3) at /home/tobi/wd/spring/repo-dev/rts/lib/lua/src/lvm.cpp:459
#21 0x085ce210 in luaD_call (L=0x12a27700, func=0x18b29858, nResults=0) at /home/tobi/wd/spring/repo-dev/rts/lib/lua/src/ldo.cpp:377
#22 0x085c6621 in f_call (L=0x12a27700, ud=0xbfffe428) at /home/tobi/wd/spring/repo-dev/rts/lib/lua/src/lapi.cpp:821
#23 0x085cd993 in luaD_rawrunprotected (L=0x12a27700, f=0x85c6600 <f_call(lua_State*, void*)>, ud=0xbfffe428) at /home/tobi/wd/spring/repo-dev/rts/lib/lua/src/ldo.cpp:116
0000024 0x085cd9f5 in luaD_pcall (L=0x12a27700, func=0x85c6600 <f_call(lua_State*, void*)>, u=0xbfffe428, old_top=16, ef=8) at /home/tobi/wd/spring/repo-dev/rts/lib/lua/src/ldo.cpp:463
#25 0x085c645e in lua_pcall (L=0x12a27700, nargs=1, nresults=0, errfunc=1) at /home/tobi/wd/spring/repo-dev/rts/lib/lua/src/lapi.cpp:842
0000026 0x081bd0d4 in CLuaHandle::RunCallInTraceback (this=0x12a3b5e0, inArgs=1, outArgs=0, errfuncIndex=1, traceback="") at /home/tobi/wd/spring/repo-dev/rts/Lua/LuaHandle.cpp:225
0000027 0x081bdba6 in CLuaHandle::RunCallInTraceback (this=0x12a3b5e0, hs=..., inArgs=1, outArgs=0, errfuncIndex=1) at /home/tobi/wd/spring/repo-dev/rts/Lua/LuaHandle.cpp:253
#28 0x0820edb2 in CLuaHandleSynced::GameFrame (this=0x12a3b5e0, frameNumber=33420) at /home/tobi/wd/spring/repo-dev/rts/Lua/LuaHandleSynced.cpp:719
0000029 0x080de443 in CGame::SimFrame (this=0x8eb5418) at /home/tobi/wd/spring/repo-dev/rts/Game/Game.cpp:3580
#30 0x080f3295 in CGame::ClientReadNet (this=0x8eb5418) at /home/tobi/wd/spring/repo-dev/rts/Game/Game.cpp:3976
#31 0x080f9341 in CGame::Update (this=0x8eb5418) at /home/tobi/wd/spring/repo-dev/rts/Game/Game.cpp:2830
#32 0x0851951b in SpringApp::Update (this=0xbfffebfc) at /home/tobi/wd/spring/repo-dev/rts/System/SpringApp.cpp:1051
#33 0x085209bd in SpringApp::Run (this=0xbfffebfc, argc=3, argv=0xbfffed24) at /home/tobi/wd/spring/repo-dev/rts/System/SpringApp.cpp:1182
0000034 0x0850b893 in Run (argc=3, argv=0xbfffed24) at /home/tobi/wd/spring/repo-dev/rts/System/Main.cpp:55
0000035 0x0850be1b in main (argc=3, argv=0xbfffed24) at /home/tobi/wd/spring/repo-dev/rts/System/Main.cpp:90

I'll add more when it hangs again, maybe there is some pattern.

Hoijui had me test one time with NoSound=1, that (single) game I got no crash. Might have been luck of course...

Tags

No tags attached.

Checked infolog.txt for Errors

Attached Files

Relationships

Relationships

Notes
~0005783 tvo (reporter) 2010-10-22 23:25	Here's another trace: Thread 4 (Thread 0xb73c6b70 (LWP 17689)): #0 0x00110416 in __kernel_vsyscall () #1 0x009e4bd6 in nanosleep () from /lib/libpthread.so.0 #2 0x004dc377 in SDL_Delay () from /usr/lib/libSDL-1.2.so.0 0000003 0x004dc3c4 in ?? () from /usr/lib/libSDL-1.2.so.0 0000004 0x0048dacf in ?? () from /usr/lib/libSDL-1.2.so.0 0000005 0x004d9a0e in ?? () from /usr/lib/libSDL-1.2.so.0 #6 0x009dd919 in start_thread () from /lib/libpthread.so.0 #7 0x008f3cce in clone () from /lib/libc.so.6 Thread 3 (Thread 0xb64f2b70 (LWP 17690)): #0 0x00110416 in __kernel_vsyscall () #1 0x009e15d4 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/libpthread.so.0 #2 0x0052b7c6 in boost::this_thread::sleep(boost::posix_time::ptime const&) () from /usr/lib/libboost_thread-mt.so.1.41.0 0000003 0x085bf132 in void boost::this_thread::sleep<boost::date_time::subsecond_duration<boost::posix_time::time_duration, 1000ll> >(boost::date_time::subsecond_duration<boost::posix_time::time_duration, 1000ll> const&) () 0000004 0x085b932e in CSound::StartThread (this=0x8c6f540, maxSounds=96) at /home/tobi/wd/spring/repo-dev/rts/System/Sound/Sound.cpp:371 0000005 0x085bbd52 in operator() (this=0x8c6f410) at /usr/include/boost/bind/mem_fn_template.hpp:162 #6 operator()<boost::_mfi::mf1<void, CSound, int>, boost::_bi::list0> (this=0x8c6f410) at /usr/include/boost/bind/bind.hpp:306 #7 operator() (this=0x8c6f410) at /usr/include/boost/bind/bind_template.hpp:20 #8 boost::detail::thread_data<boost::_bi::bind_t<void, boost::_mfi::mf1<void, CSound, int>, boost::_bi::list2<boost::_bi::value<CSound*>, boost::_bi::value<int> > > >::run (this=0x8c6f410) at /usr/include/boost/thread/detail/thread.hpp:56 #9 0x0052a0a6 in thread_proxy () from /usr/lib/libboost_thread-mt.so.1.41.0 0000010 0x009dd919 in start_thread () from /lib/libpthread.so.0 #11 0x008f3cce in clone () from /lib/libc.so.6 Thread 2 (Thread 0xb58ffb70 (LWP 17694)): #0 0x00110416 in __kernel_vsyscall () #1 0x008e8df6 in poll () from /lib/libc.so.6 #2 0x07739b66 in ?? () from /lib/libasound.so.2 0000003 0x07739d3b in snd_pcm_wait () from /lib/libasound.so.2 0000004 0x0447c019 in ?? () from /usr/lib/libopenal.so.1 0000005 0x04479ec3 in ?? () from /usr/lib/libopenal.so.1 #6 0x009dd919 in start_thread () from /lib/libpthread.so.0 #7 0x008f3cce in clone () from /lib/libc.so.6 Thread 1 (Thread 0xb7fd16f0 (LWP 17688)): #0 0x00110416 in __kernel_vsyscall () #1 0x00903d73 in __lll_lock_wait_private () from /lib/libc.so.6 #2 0x0088b0d1 in _L_lock_9434 () from /lib/libc.so.6 0000003 0x00888e94 in malloc () from /lib/libc.so.6 0000004 0x0087eb3f in __libc_message () from /lib/libc.so.6 0000005 0x00884fe1 in malloc_printerr () from /lib/libc.so.6 #6 0x00885216 in malloc_consolidate () from /lib/libc.so.6 #7 0x00887c25 in _int_malloc () from /lib/libc.so.6 #8 0x00888e9e in malloc () from /lib/libc.so.6 #9 0x06e1c010 in ?? () from /usr/lib/nvidia/libGL.so.1 Backtrace stopped: previous frame inner to this frame (corrupt stack?)

~0005784 tvo (reporter) 2010-10-22 23:48 Last edited: 2010-10-22 23:50	Hmm, in both cases the hang happens inside malloc_printerr, which seems to be called by libc only if internal data structures of the allocator are corrupt. Dug into it a little bit. It's memory corruption: (Before this snippet I went to the __libc_message stack frame and made that return.) (gdb) p $esp $52 = (void ) 0xbfffdcbc (gdb) p (const char)($esp+4) $53 = 0x9645ac "* glibc detected * %s: %s: 0x%s \n" (gdb) p (const char*)($esp+8) $54 = 0xbfffef54 "/opt/spring/bin/spring" (gdb) p (const char*)($esp+12) $55 = 0x962524 "corrupted double-linked list" (gdb) p (const char)($esp+16) $56 = 0xbfffdcd7 "185e23e0" So it wanted to print this, but hangs right before it can get that to the screen/console: * glibc detected * /opt/spring/bin/spring: corrupted double-linked list: 0x185e23e0 * --- To clarify, I think we have 2 bugs: 1) memory corruption 2) a deadlock whenever glibc detects there is memory corruption

~0006632 abma (administrator) 2011-05-09 19:42	is this still present in 0.82.7.1 / or spring-master?

~0006951 abma (administrator) 2011-07-07 02:56	no feedback...

Notes

Date Modified	Username	Field	Change
Issue History
2010-10-22 22:43	tvo	New Issue
2010-10-22 23:25	tvo	Note Added: 0005783
2010-10-22 23:48	tvo	Note Added: 0005784
2010-10-22 23:48	tvo	Note Edited: 0005784
2010-10-22 23:50	tvo	Note Edited: 0005784
2011-05-09 19:41	abma	Severity	minor => crash
2011-05-09 19:42	abma	Note Added: 0006632
2011-05-09 19:42	abma	Status	new => feedback
2011-07-07 02:56	abma	Note Added: 0006951
2011-07-07 02:56	abma	Status	feedback => resolved
2011-07-07 02:56	abma	Resolution	open => unable to reproduce
2011-07-07 02:56	abma	Assigned To	=> abma

Issue History