View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0002651Spring engineAIpublic2011-09-15 01:052011-10-02 15:31
Reporterabma Assigned Tohoijui  
PrioritynormalSeveritycrashReproducibilitysometimes
Status resolvedResolutionfixed 
Fixed in Version83.0 
Summary0002651: (master) crash in rai
Description[f=0141571] Error: Segmentation fault (SIGSEGV) in spring 0.82+.4.0 (Debug)
[f=0141571] Error: Stacktrace:
[f=0141571] Error: This stack trace indicates a problem with a Skirmish AI library.
[f=0141571] Error: <0> /lib/x86_64-linux-gnu/libc.so.6(+0x33d80) [0x7ff874097d80]
[f=0141571] Error: <1> /home/abma/local/spring/master/share/games/spring/AI/Skirmish/RAI/0.601/libSkirmishAI.so(+0xa683b) [0x7ff854d3a83b]
[f=0141571] Error: <2> /home/abma/local/spring/master/share/games/spring/AI/Skirmish/RAI/0.601/libSkirmishAI.so(+0xfd992) [0x7ff854d91992]
[f=0141571] Error: <3> /home/abma/local/spring/master/share/games/spring/AI/Skirmish/RAI/0.601/libSkirmishAI.so(+0xfc9ea) [0x7ff854d909ea]
[f=0141571] Error: <4> /home/abma/local/spring/master/share/games/spring/AI/Skirmish/RAI/0.601/libSkirmishAI.so(handleEvent+0x65) [0x7ff854d8919a]
[f=0141571] Error: <5> /home/abma/dev/spring/master/rts/ExternalAI/SkirmishAILibrary.cpp:95
[f=0141571] Error: <6> /home/abma/dev/spring/master/rts/ExternalAI/SkirmishAI.cpp:57
[f=0141571] Error: <7> /home/abma/dev/spring/master/rts/ExternalAI/SkirmishAIWrapper.cpp:312
[f=0141571] Error: <8> /home/abma/dev/spring/master/rts/ExternalAI/EngineOutHandler.cpp:419
[f=0141571] Error: <9> /home/abma/dev/spring/master/rts/Sim/Units/Unit.cpp:1218
Additional Informationhappened in a very long game... and looks like stack-corruption. gdb didn't give any useful.
TagsNo tags attached.
Attached Files
infolog.txt (Attachment missing)
Checked infolog.txt for Errors

Activities

hoijui

2011-09-15 20:12

reporter   ~0007373

hmm ok :/
well yeah.. cant really do anything with that of course.
except maybe running with RAI in valgrind.

abma

2011-09-16 11:02

administrator   ~0007378

not the same, but a crash at shutdown:

http://springrts.com:7778/builders/validationtests/builds/218/steps/validationtests_2/logs/stdio

(the same for later, don't know if buildbot keeps log files forever...)
http://pastebin.com/7tf1peL5

hoijui

2011-09-17 09:26

reporter   ~0007381

for this later bug, the only thing i could image would be, if the callback was deleted before the AI. this is not the case (i just tested again, and i know that i made sure it is not the case before).
i can not reproduce this. RAI writes the resource file just fine for me (before the callback is deleted).
i even tried with the same mod and map.

jK

2011-09-19 18:28

developer   ~0007386

Last edited: 2011-09-19 18:29

 @cRAI::LocateFile SIGSEGV
buffer overflow in STRCPYS? -> for GCC it is: #define STRCPYS(dst, dstSize, src) strcpy(dst, src)

It's used a lot in the AI interface, better use STRNCPY.

hoijui

2011-09-22 11:39

reporter   ~0007392

looks like it was not STRCPYS, or my fix fails :/
could it have to do with the way/moment the game is ended?

abma

2011-09-29 02:43

administrator   ~0007434

Last edited: 2011-09-29 04:09

 the crash doesn't happen every time. (see validationtests on buildbot)

looks like the callback is already deinitialized?

[f=0000100] Tests run long enough, quitting...
[f=0000100] User exited
[f=0000162] Speed set to 31.0 [TestMonkey]
...crash

related part of valgrind.log:

==13639== Invalid read of size 8
==13639== at 0x4108B75: cRAI::LocateFile(springLegacyAI::IAICallback*, std::string const&, std::string&, bool) (RAI.cpp:1105)
==13639== by 0x4137A70: GlobalResourceMap::~GlobalResourceMap() (GResourceMap.cpp:745)
==13639== by 0x4100ABC: cRAI::~cRAI() (RAI.cpp:128)
==13639== by 0x4100DBB: cRAI::~cRAI() (RAI.cpp:138)
==13639== by 0x415A99F: springLegacyAI::CAIAI::~CAIAI() (AIAI.cpp:15)
==13639== by 0x415AA15: springLegacyAI::CAIAI::~CAIAI() (AIAI.cpp:20)
==13639== by 0x41535A1: release (AIExport.cpp:82)
==13639== by 0x11608A1: CSkirmishAILibrary::Release(int) const (SkirmishAILibrary.cpp:77)
==13639== by 0x1153BC3: CSkirmishAI::~CSkirmishAI() (SkirmishAI.cpp:36)
==13639== by 0x1163B03: CSkirmishAIWrapper::~CSkirmishAIWrapper() (SkirmishAIWrapper.cpp:98)
==13639== by 0x1163C1F: CSkirmishAIWrapper::~CSkirmishAIWrapper() (SkirmishAIWrapper.cpp:110)
==13639== by 0x112D0AF: CEngineOutHandler::~CEngineOutHandler() (EngineOutHandler.cpp:121)
==13639== Address 0x134c5d00 is 0 bytes inside a block of size 112 free'd
==13639== at 0x4C27FFF: operator delete(void*) (vg_replace_malloc.c:387)
==13639== by 0x415ED55: springLegacyAI::CAIAICallback::~CAIAICallback() (AIAICallback.cpp:160)
==13639== by 0x415D54E: springLegacyAI::CAIGlobalAICallback::~CAIGlobalAICallback() (AIGlobalAICallback.cpp:18)
==13639== by 0x415D5DB: springLegacyAI::CAIGlobalAICallback::~CAIGlobalAICallback() (AIGlobalAICallback.cpp:20)
==13639== by 0x415A9D7: springLegacyAI::CAIAI::~CAIAI() (AIAI.cpp:18)
==13639== by 0x415AA15: springLegacyAI::CAIAI::~CAIAI() (AIAI.cpp:20)
==13639== by 0x41535A1: release (AIExport.cpp:82)
==13639== by 0x11608A1: CSkirmishAILibrary::Release(int) const (SkirmishAILibrary.cpp:77)
==13639== by 0x1153BC3: CSkirmishAI::~CSkirmishAI() (SkirmishAI.cpp:36)
==13639== by 0x1163B03: CSkirmishAIWrapper::~CSkirmishAIWrapper() (SkirmishAIWrapper.cpp:98)
==13639== by 0x1163C1F: CSkirmishAIWrapper::~CSkirmishAIWrapper() (SkirmishAIWrapper.cpp:110)
==13639== by 0x112D0AF: CEngineOutHandler::~CEngineOutHandler() (EngineOutHandler.cpp:121)
==13639==
==13639==
==13639== Process terminating with default action of signal 11 (SIGSEGV)
==13639== General Protection Fault
==13639== at 0x6B2CC7F: sprintf (sprintf.c:29)
==13639== by 0x118453D: luaV_tostring(lua_State*, lua_TValue*) (lvm.cpp:59)
==13639== by 0x116917C: lua_tolstring(lua_State*, int, unsigned long*) (lapi.cpp:348)
==13639== by 0x116DC46: luaB_tostring(lua_State*) (lbaselib.cpp:402)
==13639== by 0x117285E: luaD_precall(lua_State*, lua_TValue*, int) (ldo.cpp:319)
==13639== by 0x1187481: luaV_execute(lua_State*, int) (lvm.cpp:612)
==13639== by 0x1172B30: luaD_call(lua_State*, lua_TValue*, int) (ldo.cpp:377)
==13639== by 0x116A3BA: f_call(lua_State*, void*) (lapi.cpp:812)
==13639== by 0x1171B9D: luaD_rawrunprotected(lua_State*, void (*)(lua_State*, void*), void*) (ldo.cpp:116)
==13639== by 0x1172F44: luaD_pcall(lua_State*, void (*)(lua_State*, void*), void*, long, long) (ldo.cpp:463)
==13639== by 0x116A464: lua_pcall(lua_State*, int, int, int) (lapi.cpp:833)
==13639== by 0xBFB427: CLuaHandle::RunCallInTraceback(int, int, int, std::string&) (LuaHandle.cpp:440)

abma

2011-10-02 13:23

administrator   ~0007447

did a bit more testing:

crash only happens in RAI vs RAI games, RAI vs KAIK works fine!

hoijui

2011-10-02 15:31

reporter   ~0007449

thanks abma, that helped a lot!

fixed by:
https://github.com/spring/spring/commit/09b3a5281e3b8711192ae6423674ced645664102

Issue History

Date Modified Username Field Change
2011-09-15 01:05 abma New Issue
2011-09-15 01:05 abma File Added: infolog.txt
2011-09-15 01:06 abma Additional Information Updated
2011-09-15 01:09 abma Additional Information Updated
2011-09-15 20:12 hoijui Note Added: 0007373
2011-09-16 11:02 abma Note Added: 0007378
2011-09-17 09:26 hoijui Note Added: 0007381
2011-09-19 18:28 jK Note Added: 0007386
2011-09-19 18:29 jK Note Edited: 0007386
2011-09-19 18:29 jK Note Edited: 0007386
2011-09-20 09:24 hoijui Status new => assigned
2011-09-20 09:24 hoijui Assigned To => hoijui
2011-09-22 11:39 hoijui Note Added: 0007392
2011-09-29 02:43 abma Note Added: 0007434
2011-09-29 03:55 abma Note Edited: 0007434
2011-09-29 03:56 abma Note Edited: 0007434
2011-09-29 04:06 abma Note Edited: 0007434
2011-09-29 04:09 abma Note Edited: 0007434
2011-10-02 13:23 abma Note Added: 0007447
2011-10-02 15:31 hoijui Note Added: 0007449
2011-10-02 15:31 hoijui Status assigned => resolved
2011-10-02 15:31 hoijui Fixed in Version => 0.83.0
2011-10-02 15:31 hoijui Resolution open => fixed