0004714: crash when starting kernel panic 4.6 mission 6: "Challenge 6 - Navigating through N X f"

View Issue Details [ Jump to Notes ]

[ Issue History ] [ Print ]

Project

Category

View Status

Date Submitted

Last Update

0004714

Spring engine

General

public

2015-03-23 17:44

2015-03-25 01:29

Reporter

abma

Assigned To

abma

Priority

normal

Severity

crash

Reproducibility

always

Status

resolved

Resolution

fixed

Product Version

98.0.1+git

Target Version

99.0

Fixed in Version

Summary

0004714: crash when starting kernel panic 4.6 mission 6: "Challenge 6 - Navigating through N X f"

Description

i get this crash when i try to start this mission:

[f=0000000] Loading Skirmish AIs
*** Error in `./spring': free(): invalid pointer: 0x000000000cd45b80 ***
[f=0000000] [CrashHandler] Error: Aborted (SIGABRT) in spring 98.0.1-428-gb47c43b develop (Debug)
[f=0000000] [CrashHandler] Error: Halted Stacktrace for Spring 98.0.1-428-gb47c43b develop (Debug) using libunwind:
[f=0000000] [CrashHandler] Error: [00] /home/abma/dev/spring/develop/rts/System/Platform/Linux/CrashHandler.cpp:833 CrashHandler::HaltedStacktrace(std::string const&, siginfo_t*, ucontext*)
[f=0000000] [CrashHandler] Error: [01] /home/abma/dev/spring/develop/rts/System/Platform/Linux/CrashHandler.cpp:939 CrashHandler::HandleSignal(int, siginfo_t*, void*)
[f=0000000] [CrashHandler] Error: [02] /lib/x86_64-linux-gnu/libpthread.so.0(+0xfc90) [0x7f77e7d5dc90] __restore_rt
[f=0000000] [CrashHandler] Error: [03] /build/buildd/glibc-2.19/signal/../nptl/sysdeps/unix/sysv/linux/raise.c:56 __GI_raise
[f=0000000] [CrashHandler] Error: [04] /build/buildd/glibc-2.19/stdlib/abort.c:91 __GI_abort
[f=0000000] [CrashHandler] Error: [05] /build/buildd/glibc-2.19/libio/../sysdeps/posix/libc_fatal.c:175 __fsetlocking
[f=0000000] [CrashHandler] Error: <06> /build/buildd/glibc-2.19/malloc/malloc.c:4996 malloc_printerr
[f=0000000] [CrashHandler] Error: [06] /build/buildd/glibc-2.19/malloc/malloc.c:3840 _int_free
[f=0000000] [CrashHandler] Error: [07] .../rts/lib/lua/include/LuaUser.cpp:187 spring_lua_alloc(void*, void*, unsigned long, unsigned long)
[f=0000000] [CrashHandler] Error: [08] .../rts/lib/lua/src/lmem.cpp:81 luaM_realloc_(lua_State*, void*, unsigned long, unsigned long)
[f=0000000] [CrashHandler] Error: [09] .../rts/lib/lua/src/ltable.cpp:378 (discriminator 1) luaH_free(lua_State*, Table*)
[f=0000000] [CrashHandler] Error: [10] .../rts/lib/lua/src/lgc.cpp:383 freeobj
[f=0000000] [CrashHandler] Error: [11] .../rts/lib/lua/src/lgc.cpp:411 sweeplist
[f=0000000] [CrashHandler] Error: [12] .../rts/lib/lua/src/lgc.cpp:488 luaC_freeall(lua_State*)
[f=0000000] [CrashHandler] Error: [13] .../rts/lib/lua/src/lstate.cpp:111 close_state
[f=0000000] [CrashHandler] Error: [14] .../rts/lib/lua/src/lstate.cpp:222 lua_close(lua_State*)
[f=0000000] [CrashHandler] Error: [15] /home/abma/dev/spring/develop/rts/lib/lua/include/LuaInclude.h:233 LUA_CLOSE
[f=0000000] [CrashHandler] Error: [16] /home/abma/dev/spring/develop/rts/Lua/LuaHandle.cpp:127 CLuaHandle::KillLua()
[f=0000000] [CrashHandler] Error: [17] /home/abma/dev/spring/develop/rts/Lua/LuaIntro.cpp:43 (discriminator 4) CLuaIntro::FreeHandler()
[f=0000000] [CrashHandler] Error: [18] /home/abma/dev/spring/develop/rts/Game/LoadScreen.cpp:160 CLoadScreen::~CLoadScreen()
[f=0000000] [CrashHandler] Error: [19] /home/abma/dev/spring/develop/rts/Game/LoadScreen.cpp:183 CLoadScreen::~CLoadScreen()
[f=0000000] [CrashHandler] Error: [20] /home/abma/dev/spring/develop/rts/Game/LoadScreen.cpp:206 CLoadScreen::DeleteInstance()
[f=0000000] [CrashHandler] Error: [21] /home/abma/dev/spring/develop/rts/Game/LoadScreen.cpp:198 CLoadScreen::CreateInstance(std::string const&, std::string const&, ILoadSaveHandler*)
[f=0000000] [CrashHandler] Error: [22] /home/abma/dev/spring/develop/rts/Game/PreGame.cpp:338 (discriminator 3) CPreGame::UpdateClientNet()
[f=0000000] [CrashHandler] Error: [23] /home/abma/dev/spring/develop/rts/Game/PreGame.cpp:174 CPreGame::Update()
[f=0000000] [CrashHandler] Error: [24] /home/abma/dev/spring/develop/rts/System/SpringApp.cpp:918 SpringApp::Update()
[f=0000000] [CrashHandler] Error: [25] /home/abma/dev/spring/develop/rts/System/SpringApp.cpp:954 SpringApp::Run()
[f=0000000] [CrashHandler] Error: [26] .../rts/System/Main.cpp:48 Run(int, char**)
[f=0000000] [CrashHandler] Error: [27] .../rts/System/Main.cpp:108 main
[f=0000000] [CrashHandler] Error: [28] /build/buildd/glibc-2.19/csu/libc-start.c:321 __libc_start_main
[f=0000000] [CrashHandler] Error: [29] ./spring() [0x5d64b9] _start

Tags

No tags attached.

Checked infolog.txt for Errors

Attached Files

infolog.txt (76,250 bytes) 2015-03-23 17:49
infolog.txt (76,250 bytes) 2015-03-23 17:49

Relationships

has duplicate

0004708

resolved

abma

crash at exit in SMFReadMap.cpp:76

Relationships

Notes
~0014221 abma (administrator) 2015-03-24 01:35	in spring 94.1 it hangs at exit (0004708) spring 95.0 doesn't work as spring.restart seems broken. spring 98 crashes at exit: * Error in `/var/tmp/home/.spring/engine/98.0/spring': double free or corruption (!prev): 0x00007f5fac547930 * current development version crashes at start... so no really useful information expect the crash / instructions how to reproduce.

~0014226 abma (administrator) 2015-03-25 00:52	==16108== Invalid read of size 1 ==16108== at 0x830F4E: LuaSyncedCtrl::SetMapSquareTerrainType(lua_State) (in /var/tmp/home/dev/spring/develop/spring) ==16108== by 0xCC337E: luaD_precall(lua_State, lua_TValue, int) (in /var/tmp/home/dev/spring/develop/spring) ==16108== by 0xCD8E80: luaV_execute(lua_State, int) (in /var/tmp/home/dev/spring/develop/spring) ==16108== by 0xCC3650: luaD_call(lua_State, lua_TValue, int) (in /var/tmp/home/dev/spring/develop/spring) ==16108== by 0xCBAC1D: f_call(lua_State, void) (in /var/tmp/home/dev/spring/develop/spring) ==16108== by 0xCC26CB: luaD_rawrunprotected(lua_State, void ()(lua_State, void), void) (in /var/tmp/home/dev/spring/develop/spring) ==16108== by 0xCC3A9A: luaD_pcall(lua_State, void ()(lua_State, void), void, long, long) (in /var/tmp/home/dev/spring/develop/spring) ==16108== by 0xCBACE9: lua_pcall(lua_State, int, int, int) (in /var/tmp/home/dev/spring/develop/spring) ==16108== by 0x8ABCC1: LuaVFS::Include(lua_State, bool) (in /var/tmp/home/dev/spring/develop/spring) ==16108== by 0x8ABE3E: LuaVFS::SyncInclude(lua_State) (in /var/tmp/home/dev/spring/develop/spring) ==16108== by 0xCC337E: luaD_precall(lua_State, lua_TValue, int) (in /var/tmp/home/dev/spring/develop/spring) ==16108== by 0xCD8E80: luaV_execute(lua_State, int) (in /var/tmp/home/dev/spring/develop/spring) ==16108== Address 0x318b80c0 is 0 bytes after a block of size 589,824 alloc'd ==16108== at 0x4C2B100: operator new(unsigned long) (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==16108== by 0x620E85: __gnu_cxx::new_allocator<unsigned char>::allocate(unsigned long, void const) (in /var/tmp/home/dev/spring/develop/spring) ==16108== by 0x620D2B: std::allocator_traits<std::allocator<unsigned char> >::allocate(std::allocator<unsigned char>&, unsigned long) (in /var/tmp/home/dev/spring/develop/spring) ==16108== by 0x620BBD: std::_Vector_base<unsigned char, std::allocator<unsigned char> >::_M_allocate(unsigned long) (in /var/tmp/home/dev/spring/develop/spring) ==16108== by 0x62082D: std::vector<unsigned char, std::allocator<unsigned char> >::_M_default_append(unsigned long) (in /var/tmp/home/dev/spring/develop/spring) ==16108== by 0x620298: std::vector<unsigned char, std::allocator<unsigned char> >::resize(unsigned long) (in /var/tmp/home/dev/spring/develop/spring) ==16108== by 0x8D6A7F: CReadMap::LoadMap(std::string const&) (in /var/tmp/home/dev/spring/develop/spring) ==16108== by 0x608ED7: CGame::LoadMap(std::string const&) (in /var/tmp/home/dev/spring/develop/spring) ==16108== by 0x608C0F: CGame::LoadGame(std::string const&, bool) (in /var/tmp/home/dev/spring/develop/spring) ==16108== by 0x65C4B8: CLoadScreen::Init() (in /var/tmp/home/dev/spring/develop/spring) ==16108== by 0x65CAA3: CLoadScreen::CreateInstance(std::string const&, std::string const&, ILoadSaveHandler) (in /var/tmp/home/dev/spring/develop/spring) ==16108== by 0x66EBC1: CPreGame::UpdateClientNet() (in /var/tmp/home/dev/spring/develop/spring) ==16108== ==16108== Invalid write of size 1 ==16108== at 0x830FC9: LuaSyncedCtrl::SetMapSquareTerrainType(lua_State) (in /var/tmp/home/dev/spring/develop/spring) ==16108== by 0xCC337E: luaD_precall(lua_State, lua_TValue, int) (in /var/tmp/home/dev/spring/develop/spring) ==16108== by 0xCD8E80: luaV_execute(lua_State, int) (in /var/tmp/home/dev/spring/develop/spring) ==16108== by 0xCC3650: luaD_call(lua_State, lua_TValue, int) (in /var/tmp/home/dev/spring/develop/spring) ==16108== by 0xCBAC1D: f_call(lua_State, void) (in /var/tmp/home/dev/spring/develop/spring) ==16108== by 0xCC26CB: luaD_rawrunprotected(lua_State, void ()(lua_State, void), void) (in /var/tmp/home/dev/spring/develop/spring) ==16108== by 0xCC3A9A: luaD_pcall(lua_State, void ()(lua_State, void), void, long, long) (in /var/tmp/home/dev/spring/develop/spring) ==16108== by 0xCBACE9: lua_pcall(lua_State, int, int, int) (in /var/tmp/home/dev/spring/develop/spring) ==16108== by 0x8ABCC1: LuaVFS::Include(lua_State, bool) (in /var/tmp/home/dev/spring/develop/spring) ==16108== by 0x8ABE3E: LuaVFS::SyncInclude(lua_State) (in /var/tmp/home/dev/spring/develop/spring) ==16108== by 0xCC337E: luaD_precall(lua_State, lua_TValue, int) (in /var/tmp/home/dev/spring/develop/spring) ==16108== by 0xCD8E80: luaV_execute(lua_State, int) (in /var/tmp/home/dev/spring/develop/spring) ==16108== Address 0x318b80c0 is 0 bytes after a block of size 589,824 alloc'd ==16108== at 0x4C2B100: operator new(unsigned long) (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==16108== by 0x620E85: __gnu_cxx::new_allocator<unsigned char>::allocate(unsigned long, void const) (in /var/tmp/home/dev/spring/develop/spring) ==16108== by 0x620D2B: std::allocator_traits<std::allocator<unsigned char> >::allocate(std::allocator<unsigned char>&, unsigned long) (in /var/tmp/home/dev/spring/develop/spring) ==16108== by 0x620BBD: std::_Vector_base<unsigned char, std::allocator<unsigned char> >::_M_allocate(unsigned long) (in /var/tmp/home/dev/spring/develop/spring) ==16108== by 0x62082D: std::vector<unsigned char, std::allocator<unsigned char> >::_M_default_append(unsigned long) (in /var/tmp/home/dev/spring/develop/spring) ==16108== by 0x620298: std::vector<unsigned char, std::allocator<unsigned char> >::resize(unsigned long) (in /var/tmp/home/dev/spring/develop/spring) ==16108== by 0x8D6A7F: CReadMap::LoadMap(std::string const&) (in /var/tmp/home/dev/spring/develop/spring) ==16108== by 0x608ED7: CGame::LoadMap(std::string const&) (in /var/tmp/home/dev/spring/develop/spring) ==16108== by 0x608C0F: CGame::LoadGame(std::string const&, bool) (in /var/tmp/home/dev/spring/develop/spring) ==16108== by 0x65C4B8: CLoadScreen::Init() (in /var/tmp/home/dev/spring/develop/spring) ==16108== by 0x65CAA3: CLoadScreen::CreateInstance(std::string const&, std::string const&, ILoadSaveHandler) (in /var/tmp/home/dev/spring/develop/spring) ==16108== by 0x66EBC1: CPreGame::UpdateClientNet() (in /var/tmp/home/dev/spring/develop/spring) ==16108==

~0014227 abma (administrator) 2015-03-25 01:01 Last edited: 2015-03-25 01:01 View 2 revisions	-> SetMapSquareTerrainType is called with invalid (out of range) parameters, not sure how to catch this error engine side.

~0014228 abma (administrator) 2015-03-25 01:29	Fix 3f927dafdcc4a0bf827d2ed3a94d60695c7950a1 committed to develop branch: fix 0004714: invalid range check for SetMapSquareTerrainType(), repo: spring changeset id: 4752

Notes

Date Modified	Username	Field	Change
Issue History
2015-03-23 17:44	abma	New Issue
2015-03-23 17:45	abma	Relationship added	has duplicate 0004708
2015-03-23 17:49	abma	File Added: infolog.txt
2015-03-24 01:35	abma	Note Added: 0014221
2015-03-25 00:52	abma	Note Added: 0014226
2015-03-25 01:01	abma	Note Added: 0014227
2015-03-25 01:01	abma	Note Edited: 0014227	View Revisions
2015-03-25 01:29	abma	Changeset attached	=> spring develop 3f927daf
2015-03-25 01:29	abma	Note Added: 0014228
2015-03-25 01:29	abma	Assigned To	=> abma
2015-03-25 01:29	abma	Status	new => resolved
2015-03-25 01:29	abma	Resolution	open => fixed

Issue History