0000889: LUAUI crashes immediately followed by Spring crash

View Issue Details [ Jump to Notes ]

[ Issue History ] [ Print ]

Project

Tags

No tags attached.

Checked infolog.txt for Errors

Attached Files

infolog.txt (7,969 bytes) 2008-04-09 00:31

Using script script.txt
SDL:  1.2.10
GL:   2.1.2
GL:   NVIDIA Corporation
GL:   GeForce 8800 GTS/PCI/SSE2
GLEW: 1.4.0
Section game\mapoptions missing in file buffer
Section game\modoptions missing in file buffer
Connecting to server
Connected to 82.224.187.197:5002 using number 2
Using script Commanders
Map: Tabula-v2.smf
Mod: "Balanced Annihilation V6.21" from BA621.sd7
Became player 2
Client connected on slot 2
Client connected on slot 3
Client connected on slot 5
Connecting to server .
Loading all definitions:  1.234000
Opening map file
Loading Map
Loading detail textures
Creating overhead texture
Creating ground shading
Loading tile file
Reading tiles
Reading tile map
Creating projectile texture
Number of damage types: 42
Loading weapon definitions
Loading unit definitions
Loading feature definitions
Generating trees
Parsing unit icons
Creating unit textures
Initializing map features
Couldnt find wreckage info 
Unknown map feature type 
Reading estimate path costs
Creating sky
Loading LuaCOB
Loading LuaRules
LUARULES-MAIN  (GADGETS)
LUARULES-DRAW  (GADGETS)
Loading LuaGaia
Finalizing...
Spring 0.76b1
Reloaded ctrlpanel with: LuaUI/ctrlpanel.txt
LuaUI: bound F11 to the widget selector
LuaUI: bound CTRL+F11 to tweak mode
Failed to load: unit_healthbars.lua  (duplicate name)
ahoj
Loaded widget:  MexUpg Helper       <helper.lua>
Loaded widget:  HealthBars          <unit_healthbars.lua>
Reloaded ctrlpanel with: LuaUI/Configs/ctrlpanel.txt
Loaded widget:  BA Layout           <gui_ba_layout.lua>
Loaded widget:  DGunLimit           <gui_limit_dgun.lua>
Loaded widget:  DoLine              <cmd_doline.lua>
Loaded widget:  ImmobileBuilder     <unit_immobile_buider.lua>
Loaded widget:  BuildBar            <unit_buildbar.lua>
Loaded widget:  ReclaimInfo         <gui_reclaiminfo.lua>
Loaded widget:  MetalMakers         <unit_metal_maker.lua>
Loaded widget:  XrayShader          <gui_xray_shader.lua>
Loaded widget:  Defense Range v3.4  <gui_defenserange.lua>
Loaded widget:  IceUI               <gui_IceUI.lua>
Loaded widget:  Start Point Remover  <init_start_point_remover.lua>
Loaded widget:  MiniMap Start Boxes  <minimap_startbox.lua>
Loaded widget:  Select n Center!    <gui_center_n_select.lua>
Loaded widget:  LupsManager         <gfx_lups_manager.lua>
Loaded widget:  Lups                <lups_wrapper.lua>
Loaded widget:  CustomFormations    <unit_customformations.lua>
LuaUI v0.2
Player [TITS]SirArtturi joined as 6
Player drawesome joined as 8
Player JoeNightmare joined as 10
Player [LBF]Vache joined as 0
Player [XHC]BigSteve joined as 1
Upgrade pairs registered
Player [UoY]Acidd_UK joined as 2
Player McFly joined as 4
Player [FFP]bk joined as 9
Player MetalRunner joined as 7
Player [UoY]Biscuit_Mage joined as 3
drawesome added point: Start 8
McFly added point: Start 4
Player Dachs joined as 5
[UoY]Acidd_UK added point: Start 2
Spectator JoeNightmare left
Lost connection to JoeNightmare
Lost connection to player 10 (timeout)
drawesome added point: Start 8
drawesome added point: Start 8
drawesome added point: Start 8
[LBF]Vache added point: Start 0
[UoY]Acidd_UK added point: Start 2
<drawesome> spec
[LBF]Vache added point: Start 0
drawesome added point: Start 8
[UoY]Biscuit_Mage added point: Start 3
[LBF]Vache added point: Start 0
[LBF]Vache added point: Start 0
[LBF]Vache added point: Start 0
[LBF]Vache added point: Start 0
[LBF]Vache added point: Start 0
[LBF]Vache added point: Start 0
[UoY]Acidd_UK added point: 
[LBF]Vache added point: Start 0
[LBF]Vache added point: Start 0
[UoY]Biscuit_Mage added point: Start 3
[UoY]Biscuit_Mage added point: Start 3
<McFly> Allies: someone at north
<[XHC]BigSteve> ugh i have the shits
McFly added point: 
<[LBF]Vache> Allies:  what you mean mcfly
<[XHC]BigSteve> can i pause at some point so i dont poo myself?
<[LBF]Vache> Allies:  you don't wanna be alone north ?
<[TITS]SirArtturi> go poo noq
<McFly> Allies: its more hard
<[TITS]SirArtturi> now
<[FFP]bk> now
McFly added point: Start 4
<[LBF]Vache> Allies:  ok biscuit or acidd help him ok ?
<[XHC]BigSteve> i dont need to now ><
<drawesome> acid help north
[UoY]Acidd_UK added point: its moar hard
<drawesome> Allies: acid help north i mean
<[LBF]Vache> Allies:  talk in a !
<[UoY]Acidd_UK> Allies: a hole?
[LBF]Vache added point: lol ...
GameID: 21effb47872e39180114e9874e2558ba
McFly added point: ********************************************************************************************************************************************************************************************************
[LBF]Vache added point: can i take that ?
<drawesome> Allies: ok
<[LBF]Vache> Allies:  i'll give it back if you need it
<drawesome> Allies: i should be fine
<McFly> Allies: i'm sorry for your mum dude =/
[LBF]Vache added point: 
[LBF]Vache added point: 
[UoY]Acidd_UK added point: fail player
Instigator is being attacked
Instigator is being attacked
<McFly> Allies: pls acid ...shut up -_-
<[LBF]Vache> Allies:  he isn't saying anything uh ?
Speed set to 0.8 [[XHC]BigSteve]
<[UoY]Acidd_UK> Allies: ?
Speed set to 1.0 [[XHC]BigSteve]
drawesome added point: will you take this or not?
<[LBF]Vache> Allies: yes sry
[UoY]Acidd_UK added point: ```
Instigator is being attacked
Instigator is being attacked
LuaUI::RunCallIn: error = 2, DrawScreen, [string "LuaUI/widgets.lua"]:682: attempt to call global ' ' (a nil value)
LuaUI::RunCallIn: error = 2, AddConsoleLine, [string "LuaUI/widgets.lua"]:1104: attempt to call global ' ' (a nil value)
LuaUI::RunCallIn: error = 2, Update, [string "LuaUI/widgets.lua"]:1044: attempt to call global ' ' (a nil value)
LuaUI::RunCallIn: error = 2, DrawWorldReflection, [string "LuaUI\Widgets\gui_IceUI.lua"]:817: attempt to call global ' ' (a nil value)
LuaUI::RunCallIn: error = 2, DrawWorldPreUnit, [string "LuaUI\Widgets\gui_IceUI.lua"]:817: attempt to call global ' ' (a nil value)
LuaUI::RunCallIn: error = 2, DrawWorld, [string "LuaUI\Widgets\gui_IceUI.lua"]:817: attempt to call global ' ' (a nil value)
LuaUI::RunCallIn: error = 2, IsAbove, [string "LuaUI/widgets.lua"]:1292: attempt to call global ' ' (a nil value)
LuaUI::RunCallIn: error = 2, IsAbove, [string "LuaUI/widgets.lua"]:1292: attempt to call global ' ' (a nil value)
LuaUI::RunCallIn: error = 2, DefaultCommand, [string "LuaUI\Widgets\gui_IceUI.lua"]:817: attempt to call global ' ' (a nil value)
LuaUI::RunCallIn: error = 2, DrawScreenEffects, [string "LuaUI\Widgets\gui_IceUI.lua"]:817: attempt to call global ' ' (a nil value)
LuaUI::RunCallIn: error = 2, IsAbove, [string "LuaUI/widgets.lua"]:1292: attempt to call global ' ' (a nil value)
LuaUI::RunCallIn: error = 2, IsAbove, [string "LuaUI/widgets.lua"]:1292: attempt to call global ' ' (a nil value)
LuaUI::RunCallIn: error = 2, DefaultCommand, [string "LuaUI\Widgets\gui_IceUI.lua"]:817: attempt to call global ' ' (a nil value)
LuaUI::RunCallIn: error = 2, DrawInMiniMap, [string "LuaUI\Widgets\gui_IceUI.lua"]:817: attempt to call global ' ' (a nil value)
LuaUI::RunCallIn: error = 2, IsAbove, [string "LuaUI/widgets.lua"]:1292: attempt to call global ' ' (a nil value)
LuaUI::RunCallIn: error = 2, WorldTooltip, [string "LuaUI/widgets.lua"]:1464: attempt to call global ' ' (a nil value)
LuaUI::RunCallIn: error = 2, IsAbove, [string "LuaUI/widgets.lua"]:1292: attempt to call global ' ' (a nil value)
LuaUI::RunCallIn: error = 2, IsAbove, [string "LuaUI/widgets.lua"]:1292: attempt to call global ' ' (a nil value)
LuaUI::RunCallIn: error = 2, DefaultCommand, [string "LuaUI\Widgets\gui_IceUI.lua"]:817: attempt to call global ' ' (a nil value)
LuaUI::RunCallIn: error = 2, LayoutButtons, [string "LuaUI/widgets.lua"]:1122: attempt to call global ' ' (a nil value)
LuaUI::RunCallIn: error = 2, Shutdown, [string "LuaUI/widgets.lua"]:253: attempt to call global ' ' (a nil value)

infolog.txt (7,969 bytes) 2008-04-09 00:31

080408-Tabula-v2-0.76b1.sdf (558,684 bytes) 2008-04-09 00:38
Widgets.rar (703,854 bytes) 2008-04-12 14:56
layout.lua (6,388 bytes) 2008-04-12 20:47
infolog-2.txt (9,092 bytes) 2008-04-12 22:01
infolog-2.txt (9,092 bytes) 2008-04-12 22:01
LUAUI_CRASH_Satirik_7m25.sdf (758,088 bytes) 2008-04-21 18:32

Relationships

Relationships

Notes
~0002037 acidd_uk (reporter) 2008-04-09 00:39	All the LUAUI errors are from lines in LUA scripts that use a for x,y in ipairs(abc) type construct. Unfortunately I know exactly zero about LUA :-(

~0002038 acidd_uk (reporter) 2008-04-09 00:51 Last edited: 2008-04-09 02:46	The crash occurs about 7:46. If I unload LUAUI before the crash and then reload it, the crash then does not happen...

~0002039 imbaczek (reporter) 2008-04-11 23:14	doesn't crash for me, what widgets do you use?

~0002040 acidd_uk (reporter) 2008-04-12 14:57	I've added Widgets.rar, which is a rar of my luaui/widgets directory. Hope this helps...

~0002041 imbaczek (reporter) 2008-04-12 17:06	unfortunately still doesn't crash for me :/ what's your OS and average framerate?

~0002042 acidd_uk (reporter) 2008-04-12 17:32	I'm using XP and my framerates are very decent, 2gb ram, 8800gts, core2 3GHz. You think it's maybe a hardware issue with something?

~0002043 acidd_uk (reporter) 2008-04-12 19:07	Ok, I built a debug version of 0.76b1 and ran the replay thorough it. The first time through, LuaUI crashed, but spring didn't. LuaUI had the same errors int he infolog.txt as posted already. The second time I ran the replay through, it all workd ok and nothing crashed. So I'm guessing the issue is in unsynched code somewhere?

~0002044 acidd_uk (reporter) 2008-04-12 19:12	Ok, how's this for weird... When this originally happened, I watched the replay 3 or 4 times and spring always crashed. I just watched it again now, and only LuaUI crashed, and the replay kept playing. I really don't understand this now...

~0002045 imbaczek (reporter) 2008-04-12 19:36	I'm trying to spot some correlations. Maybe the bug is more likely to happen on nvidia hardware, or when a certain frame is rendered (so low framerates like mine on Intel 945 have a chance to simply skip over the bug.)

~0002046 acidd_uk (reporter) 2008-04-12 19:58	Seems possible. From the semi-repeatability of it, maybe some uninitialised memory or something similar?

~0002047 imbaczek (reporter) 2008-04-12 20:21	I managed to reproduce the crash on my GF6600 box (whopping 25fps!), but only with your widget set. Probably IceUI triggers something, since it's the first error in my traceback. Try to find the widget that causes the crash for you. I'll try a fix that was committed to svn some time ago first (layout crash or something.)

~0002048 acidd_uk (reporter) 2008-04-12 20:24	It's not a possible bug related to the healthbars widget is it? JK said there was some engine fix already committed to fix a wierd grey flickering the widget caused... See this thread http://spring.clan-sy.com/phpbb/viewtopic.php?f=23&t=11447&start=80

~0002050 imbaczek (reporter) 2008-04-12 20:48	hm, seems that attached layout.lua fixed it for me (r5486.) please try it.

~0002051 acidd_uk (reporter) 2008-04-12 22:03 Last edited: 2008-04-12 22:04	Didn't fix it - first time thro went ok, 2nd time LuaUI crashed at same point. But I attached the inforlog as infolog-2.txt Look at line 198. Looks very much like an uninitialised variable?

~0002052 imbaczek (reporter) 2008-04-12 22:16	ouch. passed twice without a crash for me... gotta keep trying. try to find the widget that causes it for you.

~0002054 acidd_uk (reporter) 2008-04-13 18:53	Ok it looks like it might be IceUI - when I remove that and nothing else, the game seems to work ok. I've run the replay through 3 times with no problems that way...

~0002055 imbaczek (reporter) 2008-04-14 00:16	Can IceUI be configured to not use parts of it? Maybe there's only one part that's causing the crash?

~0002078 imbaczek (reporter) 2008-04-17 21:49 Last edited: 2008-04-17 21:50	a non-debug stacktrace with gcc 4.3: warning: HEAP[spring-dbg.exe]: warning: Invalid allocation size - FEEEFEF2 (exceeded 7ffdefff) Program received signal SIGTRAP, Trace/breakpoint trap. 0x7c901231 in ntdll!DbgUiConnectToDbg () from C:\WINDOWS\system32\ntdll.dll (gdb) BT #0 0x7c901231 in ntdll!DbgUiConnectToDbg () from C:\WINDOWS\system32\ntdll.dll #1 0x7c96c943 in ntdll!RtlpNtMakeTemporaryKey () from C:\WINDOWS\system32\ntdll.dll #2 0x7c96dcbd in ntdll!RtlpNtMakeTemporaryKey () from C:\WINDOWS\system32\ntdll.dll 0000003 0x7c94c651 in ntdll!RtlInsertElementGenericTableAvl () from C:\WINDOWS\system32\ntdll.dll 0000004 0x77c1c756 in realloc () from C:\WINDOWS\system32\msvcrt.dll 0000005 0x003d0000 in ?? () #6 0x40000060 in ?? () #7 0x0acff658 in ?? () #8 0xfeeefef2 in ?? () #9 0xfeeefef2 in ?? () 0000010 0xfeeefef2 in ?? () #11 0x0aa7578c in ?? () 0000012 0x0aa75728 in ?? () 0000013 0x0022f9f8 in ?? () 0000014 0x00678d21 in lua_rawgeti () #15 0x00684333 in luaM_realloc_ () #16 0x0068ee39 in luaZ_openspace () #17 0x0068d6e2 in luaV_concat () #18 0x0068e2f4 in luaV_execute () #19 0x0067ff9b in luaD_call () 0000020 0x006789de in f_call () #21 0x0067f784 in luaD_rawrunprotected () #22 0x0067f7f5 in luaD_pcall () #23 0x00678860 in lua_pcall () 0000024 0x005ef6a4 in CLuaHandle::RunCallIn () #25 0x005f0a22 in CLuaHandle::DrawScreen () 0000026 0x005c70f0 in CLuaCallInHandler::DrawScreen () 0000027 0x006a1a43 in CGame::Draw () #28 0x0040857a in SpringApp::Update () 0000029 0x0040c5fc in SpringApp::Run () #30 0x0040c986 in Run () #31 0x0040cae1 in WinMain@16 () #32 0x0075a658 in main () (gdb) note that this crash happened on 7:44 (!), therefore corruption happens much earlier than the actual crash. btw this was on speed 0.3.

~0002081 imbaczek (reporter) 2008-04-17 21:56	0xFEEEFEF2 == 0xfeeefeee + 4, googling for this value reveals that it "is the marker that HeapFree() has already visited the spot", so it's most likely a double free.

~0002082 acidd_uk (reporter) 2008-04-17 22:32	Good work :-) Now you just need to find the code at fault and you will get a big chocolate chip cookie. With sprinkles!

~0002083 Kloot (developer) 2008-04-17 22:55	The only traces I managed to get out of this were (in both cases around the 7:46 mark): (0) c:\windows\system32\ntdll.dll [0x7BC40D8B] (1) c:\windows\system32\ntdll.dll [0x7BC40F9B] (2) c:\windows\system32\ntdll.dll(RtlFreeHeap+0x112) [0x7BC41202] (3) c:\windows\system32\msvcrt.dll(MSVCRT_free+0x26) [0x7DAC7D66] (4) spring076b1-win32\spring.exe [0x009A0CDB] (5) spring076b1-win32\spring.exe [0x0078C08E] (6) spring076b1-win32\spring.exe [0x00786E13] (7) spring076b1-win32\spring.exe [0x0071C37D] (8) spring076b1-win32\spring.exe [0x0074A873] (9) spring076b1-win32\spring.exe [0x0074637A] (10) spring076b1-win32\spring.exe [0x0070CF09] (11) spring076b1-win32\spring.exe [0x0052B1BC] (12) spring076b1-win32\spring.exe [0x00546C5A] (13) spring076b1-win32\spring.exe [0x00548B61] (14) spring076b1-win32\spring.exe [0x007F5F79] (15) spring076b1-win32\spring.exe [0x007FF1C8] (16) spring076b1-win32\spring.exe [0x007FF59E] (17) spring076b1-win32\spring.exe [0x007FF7D6] (18) spring076b1-win32\spring.exe [0x009626E9] (19) spring076b1-win32\spring.exe [0x004010A7] (20) spring076b1-win32\spring.exe [0x00401123] (21) c:\windows\system32\KERNEL32.dll [0x7B87553E] And: * glibc detected * ./spring: corrupted double-linked list: 0x0d603250 *** ======= Backtrace: ========= /lib/tls/i686/cmov/libc.so.6[0xb7885074] /lib/tls/i686/cmov/libc.so.6(__libc_malloc+0x90)[0xb7885fc0] /usr/lib/libstdc++.so.6(_Znwj+0x27)[0xb7a4e6a7] ./spring[0x833576b] ./spring[0x8335b07] ./spring[0x8326eaf] ./spring[0x8328136] ./spring[0x82f8c44] ./spring[0x8169f06] ./spring[0x8181b90] ./spring[0x8184578] ./spring[0x83d49d7] ./spring[0x83d9d05] ./spring[0x83da07a] ./spring[0x83da1d2] /lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe0)[0xb7830050] ./spring[0x8061e81] Second one points to a double-free, but the addresses don't really make sense (yours looks a lot more promising).

~0002084 tvo (reporter) 2008-04-17 22:56	I manually checked the stack down from CLuaHandle::RunCallIn(). It seems perfectly reasonable until: 0000015 0x00684333 in luaM_realloc_ () I can not explain the entry one level deeper: 0000014 0x00678d21 in lua_rawgeti () since luaM_realloc_ looks like (removed asserts for clarity): void luaM_realloc_ (lua_State L, void block, size_t osize, size_t nsize) { // G(L) expands to L->l_G, so no function call involved here global_State g = G(L); block = (*g->frealloc)(g->ud, block, osize, nsize); if (block == NULL && nsize > 0) luaD_throw(L, LUA_ERRMEM); g->totalbytes = (g->totalbytes - osize) + nsize; return block; } AFAICS Spring nevers changes the default alloc function, so it should have called l_alloc in lauxlib.cpp, and NOT lua_rawgeti. So it seems that either the lua_State L or the global_State G(L) got overwritten, causing the C-style vtable call to execute random memory contents.

~0002085 imbaczek (reporter) 2008-04-18 10:11	kloot: if it crashed on linux, valgrind should catch it - which is good.

~0002086 imbaczek (reporter) 2008-04-18 11:18 Last edited: 2008-04-18 11:31	adding this to l_alloc: if (nsize > 0x7fffffff) { logOutput.Print("l_alloc received bogus request: osize=%u nsize=%u ptr=%p\n", osize, nsize, ptr); abort(); } resulted in this: debug=yes optimize=yes #0 SpringApp::SigAbrtHandler (unused=22) at rts\System\Main.cpp:208 #1 0x77c252da in raise () from C:\WINDOWS\system32\msvcrt.dll #2 0x00000016 in ?? () 0000003 0x77c26bc1 in msvcrt!abort () from C:\WINDOWS\system32\msvcrt.dll 0000004 0x00000016 in ?? () -- I've modified luaM_realloc too, the line matched g->frealloc call 0000005 0x00688c47 in luaM_realloc_ (L=0xed016d0, block=0xf0728f0, osize=106, nsize=2009405584) at rts\lib\lua\src\lmem.cpp:88 #6 0x00693a11 in luaZ_openspace (L=0xed016d0, buff=0xed01768, n=4277075698) at rts\lib\lua\src\lzio.cpp:77 #7 0x006922ba in luaV_concat (L=0xed016d0, total=2, last=10) at rts\lib\lua\src\lvm.cpp:300 #8 0x00692ecc in luaV_execute (L=0xed016d0, nexeccalls=3) at rts\lib\lua\src\lvm.cpp:535 #9 0x0068481f in luaD_call (L=0xed016d0, func=0x13850010, nResults=0) at rts\lib\lua\src\ldo.cpp:377 0000010 0x0067d0ee in f_call (L=0xed016d0, ud=0x22fc54) at rts\lib\lua\src\lapi.cpp:817 #11 0x00684008 in luaD_rawrunprotected (L=0xed016d0, f=0x67d0d8 <f_call>, ud=0x22fc54) at rts\lib\lua\src\ldo.cpp:116 0000012 0x00684079 in luaD_pcall (L=0xed016d0, func=0x67d0d8 <f_call>, u=0x22fc54, old_top=8, ef=0) at rts\lib\lua\src\ldo.cpp:461 0000013 0x0067cf70 in lua_pcall (L=0xed016d0, nargs=-3, nresults=0, errfunc=0) at rts\lib\lua\src\lapi.cpp:838 0000014 0x005f3825 in CLuaHandle::RunCallIn (this=0xed015c8, hs=@0xb20600, inArgs=2, outArgs=0) at rts\Lua\LuaHandle.cpp:175 #15 0x005f9bdc in CLuaHandle::DrawScreen (this=0xed015c8) at rts\Lua\LuaHandle.cpp:954 #16 0x005cafc0 in CLuaCallInHandler::DrawScreen (this=0xb1fec0) at rts\Lua\LuaCallInHandler.cpp:334 #17 0x006a6759 in CGame::Draw (this=0x676fcf0) at rts\Game\Game.cpp:2201 #18 0x0040872e in SpringApp::Update (this=0x22fea4) at rts\System\Main.cpp:872 #19 0x0040c888 in SpringApp::Run (this=0x22fea4, argc=2, argv=0x3d44f0) at rts\System\Main.cpp:1055 0000020 0x0040cc12 in Run (argc=2, argv=0x3d44f0) at rts\System\Main.cpp:1115 #21 0x0040cd6d in WinMain@16 (hInstanceIn=0x400000, hPrevInstance=0x0, lpCmdLine=0x241efd "889.sdf", nCmdShow=10) at rts\System\Main.cpp:1177 #22 0x00760760 in main () EDIT: I think lvm.cpp:295 for loop is partially responsible... EDIT2: could this be a widget bug...?

~0002087 Kloot (developer) 2008-04-18 14:13	Doubt it, I generated those traces with all widgets disabled (mod- and non-mod). PS. yes, if I could only get valgrind to work for me ;)

~0002091 imbaczek (reporter) 2008-04-19 11:58 Last edited: 2008-04-19 11:59	EDIT: time: 7:39 getting better: warning: Heap corruption detected at 137FAC98 ^^^^^^^^^^^^^^^^^^^^^^^^ ouch Program received signal SIGSEGV, Segmentation fault. 0x7c91b3fb in wcsncat () from C:\WINDOWS\system32\ntdll.dll (gdb) bt #0 0x7c91b3fb in wcsncat () from C:\WINDOWS\system32\ntdll.dll #1 0x7c96d6aa in ntdll!RtlpNtMakeTemporaryKey () from C:\WINDOWS\system32\ntdll.dll #2 0x7c949d18 in ntdll!RtlInsertElementGenericTableAvl () from C:\WINDOWS\system32\ntdll.dll 0000003 0x7c91b298 in wcsncat () from C:\WINDOWS\system32\ntdll.dll 0000004 0x77c1c3c9 in msvcrt!free () from C:\WINDOWS\system32\msvcrt.dll 0000005 0x003d0000 in ?? () #6 0x40000060 in ?? () #7 0x0000000c in ?? () #8 0x77c1c3e7 in msvcrt!free () from C:\WINDOWS\system32\msvcrt.dll #9 0x0000000c in ?? () 0000010 0x77c1c42e in msvcrt!malloc () from C:\WINDOWS\system32\msvcrt.dll #11 0x00787050 in operator new () 0000012 0x004ba1b2 in CCobInstance::AddAnim (this=0x13477b90, type=CCobInstance::ATurn, piece=4, axis=0, speed=3172, dest=989, accel= interpolated=true) at c:/mingw/bin/../lib/gcc/i386-pc-mingw32/4.3.0/include/c++/ext/new_al or.h:92 0000013 0x004ba387 in CCobInstance::Turn (this=0x13477b90, piece=4, axis=0, speed=3172, destination=989, interpolated=<value optimized out>) at rts\Sim\Units\COB\CobInstance.cpp:573 0000014 0x004bdcc6 in CCobThread::CommitAnims (this=0x13be7dc0, deltaTime=33) at rts\Sim\Units\COB\CobThread.cpp:867 #15 0x004b1fb3 in CCobEngine::Tick (this=0x9b2580, deltaTime=33) at rts\Sim\Units\COB\CobEngine.cpp:150 #16 0x006a23b4 in CGame::SimFrame (this=0x66cfcf0) at rts\Game\Game.cpp:252 #17 0x006b07c4 in CGame::ClientReadNet (this=0x66cfcf0) at rts\Game\Game.cpp:2933 #18 0x006b151d in CGame::Update (this=0x66cfcf0) at rts\Game\Game.cpp:1887 #19 0x004086e2 in SpringApp::Update (this=0x22fea4) at rts\System\Main.cpp: 0000020 0x0040c888 in SpringApp::Run (this=0x22fea4, argc=2, argv=0x3d4528) at rts\System\Main.cpp:1055 #21 0x0040cc12 in Run (argc=2, argv=0x3d4528) at rts\System\Main.cpp:1115 #22 0x0040cd6d in WinMain@16 (hInstanceIn=0x400000, hPrevInstance=0x0, lpCmdLine=0x241efd "889.sdf", nCmdShow=10) at rts\System\Main.cpp:1177 #23 0x007607b8 in main () frame 19: (gdb) p gs->frameNum $1 = 13772

~0002092 tvo (reporter) 2008-04-19 12:31	Tested with MSVC 2005 (VC8) in debug mode, no crash happens (before 10:00 at least; didn't run it till end since it's quite slow in debug mode). Tried without any widget enabled and with the random set that I happened to have enabled: no crash either way. Almost suggests it may be a GCC miscompilation (again?), or the replay was too much out of sync in MSVC (though it seemed to be reasonably OK -- no big groups of units sitting around labs etc.)

~0002094 imbaczek (reporter) 2008-04-19 17:27 Last edited: 2008-04-19 17:36	after 4h of loading, here's what's left of mpatrol run: (gdb) bt #0 0x0079482d in __mp_getaddrs () #1 0x00797e66 in __mp_getmemory () #2 0x0078c2b1 in __mp_alloc () 0000003 0x00786826 in operator new[] () 0000004 0x0042afa1 in RawPacket (this=0xf7881f0, tdata=0x8fd3cb8 "#\037?é?áPlayer no name joined as 11", newLength=192662592) at rts\System\Net\RawPacket.cpp:13 NOTE: this newLength is probably optimized out 0000005 0x004287ab in netcode::CLocalConnection::SendData (this=0x5c1cfe8, data=0x8fd3cb8 "#\037?é?áPlayer no name joined as 11", length=31) at rts\System\Net\LocalConnection.cpp:39 #6 0x0042a4f9 in netcode::CNet::SendData (this=0x8e10308, data=0x8fd3cb8 "#\037?é?áPlayer no name joined as 11", length=31) at rts\System\Net\Net.cpp:186 #7 0x00402c2f in CBaseNetProtocol::SendSystemMessage (this=0x8e10308, myPlayerNum=255 '?é?á', message=@0xb495ff8) at rts/System//Net/Net.h:314 #8 0x006ba5d9 in CGameServer::SendSystemMsg (this=0x8e0ffd8, fmt=0x98bd6e "Player %s joined as %i") at rts\Game\GameServer.cpp:938 #9 0x006bd722 in CGameServer::ServerReadNet (this=0x8e0ffd8) at rts\Game\GameServer.cpp:443 0000010 0x006bdc8c in CGameServer::Update (this=0x8e0ffd8) at rts\Game\GameServer.cpp:322 #11 0x006be02a in CGameServer::UpdateLoop (this=0x8e0ffd8) at rts\Game\GameServer.cpp:862 0000012 0x6e141fd6 in boost_thread-mgw43-mt-1_35!_ZN5boost6thread21thread_start_func tionEPv@4 () from E:\gry\Spring-svn\boost_thread-mgw43-mt-1_35.dll 0000013 0x77c2a3b0 in msvcrt!_endthreadex () from C:\WINDOWS\system32\msvcrt.dll 0000014 0x7c80b683 in KERNEL32!GetModuleFileNameA () from C:\WINDOWS\system32\kernel32.dll #15 0x00000000 in ?? () not too helpful :(

~0002095 imbaczek (reporter) 2008-04-19 17:52 Last edited: 2008-04-19 17:54	got some more progress, this time with mmgr build: warning: HEAP[spring.exe]: warning: HEAP: Free Heap block 1ac37cb8 modified at 1ac37d40 after it was freed Program received signal SIGTRAP, Trace/breakpoint trap. 0x7c901231 in ntdll!DbgUiConnectToDbg () from C:\WINDOWS\system32\ntdll.dll (gdb) bt #0 0x7c901231 in ntdll!DbgUiConnectToDbg () from C:\WINDOWS\system32\ntdll.dll #1 0x7c96c943 in ntdll!RtlpNtMakeTemporaryKey () from C:\WINDOWS\system32\ntdll.dll #2 0x7c949eb9 in ntdll!RtlInsertElementGenericTableAvl () from C:\WINDOWS\system32\ntdll.dll 0000003 0x7c96d6aa in ntdll!RtlpNtMakeTemporaryKey () from C:\WINDOWS\system32\ntdll.dll 0000004 0x7c949d18 in ntdll!RtlInsertElementGenericTableAvl () from C:\WINDOWS\system32\ntdll.dll 0000005 0x7c91b298 in wcsncat () from C:\WINDOWS\system32\ntdll.dll #6 0x77c1c3c9 in msvcrt!free () from C:\WINDOWS\system32\msvcrt.dll #7 0x003d0000 in ?? () #8 0x40000060 in ?? () #9 0x00000900 in ?? () 0000010 0x77c1c3e7 in msvcrt!free () from C:\WINDOWS\system32\msvcrt.dll #11 0x00000900 in ?? () 0000012 0x77c1c42e in msvcrt!malloc () from C:\WINDOWS\system32\msvcrt.dll 0000013 0x0041002c in m_allocator (sourceFile=0x8f87af "??", sourceLine=0, sourceFunc=0x8f87af "??", allocationType=1, reportedSize=2048) at rts\System\mmgr.cpp:1046 0000014 0x004105de in operator new (reportedSize=2048) at rts\System\mmgr.cpp:699 #15 0x00876876 in std::vector<CUnit, std::allocator<CUnit> >::_M_insert_aux (this=0x22fc8c, __position={_M_current = 0x19ed0350}, __x=@0x22fcb8) at c:/mingw/bin/../lib/gcc/i386-pc-mingw32/4.3.0/include/c++/bits/vector.tcc :308 #16 0x00556ead in CUnitDrawer::Draw (this=0x10de3e50, drawReflection=false, drawRefraction=false) at c:/mingw/bin/../lib/gcc/i386-pc-mingw32/4.3.0/include/c++/bits/stl_vector .h:694 #17 0x006a7f0c in CGame::DrawWorld (this=0x7159228) at rts\Game\Game.cpp:1940 #18 0x006af6dc in CGame::Draw (this=0x7159228) at rts\Game\Game.cpp:2142 #19 0x004088ea in SpringApp::Update (this=0x22fea4) at rts\System\Main.cpp:872 0000020 0x0040cb90 in SpringApp::Run (this=0x22fea4, argc=2, argv=0x3d45c0) at rts\System\Main.cpp:1055 #21 0x0040cf1a in Run (argc=2, argv=0x3d45c0) at rts\System\Main.cpp:1115 #22 0x0040d075 in WinMain@16 (hInstanceIn=0x400000, hPrevInstance=0x0, lpCmdLine=0x241efd "889.sdf", nCmdShow=10) at rts\System\Main.cpp:1177 #23 0x0076b0f8 in main () (gdb) p gs->frameNum $1 = 13777 (gdb) call m_validateAllAllocUnits() $2 = false

~0002096 imbaczek (reporter) 2008-04-19 18:32	getting it earlier and earlier... (gdb) p gs->frameNum $1 = 13760 (gdb) bt #0 0x7c901231 in ntdll!DbgUiConnectToDbg () from C:\WINDOWS\system32\ntdll.dll #1 0x7c96c943 in ntdll!RtlpNtMakeTemporaryKey () from C:\WINDOWS\system32\ntdll.dll #2 0x7c949eb9 in ntdll!RtlInsertElementGenericTableAvl () from C:\WINDOWS\system32\ntdll.dll 0000003 0x7c96d6aa in ntdll!RtlpNtMakeTemporaryKey () from C:\WINDOWS\system32\ntdll.dll 0000004 0x7c949d18 in ntdll!RtlInsertElementGenericTableAvl () from C:\WINDOWS\system32\ntdll.dll 0000005 0x7c91b298 in wcsncat () from C:\WINDOWS\system32\ntdll.dll #6 0x77c1c3c9 in msvcrt!free () from C:\WINDOWS\system32\msvcrt.dll #7 0x003d0000 in ?? () #8 0x40000060 in ?? () #9 0x0000010c in ?? () 0000010 0x77c1c3e7 in msvcrt!free () from C:\WINDOWS\system32\msvcrt.dll #11 0x0000010c in ?? () 0000012 0x77c1c42e in msvcrt!malloc () from C:\WINDOWS\system32\msvcrt.dll 0000013 0x0041002c in m_allocator (sourceFile=0x8f87af "??", sourceLine=0, sourceFunc=0x8f87af "??", allocationType=1, reportedSize=12) at rts\System\mmgr.cpp:1046 0000014 0x004105de in operator new (reportedSize=12) at rts\System\mmgr.cpp:699 #15 0x004be019 in CCobInstance::AddAnim (this=0x18b7b668, type=CCobInstance::ATurn, piece=1, axis=0, speed=17691, dest=4567, accel=0, interpolated=true) at c:/mingw/bin/../lib/gcc/i386-pc-mingw32/4.3.0/include/c++/ext/new_allocat or.h:92 #16 0x004be1ef in CCobInstance::Turn (this=0x18b7b668, piece=1, axis=0, speed=17691, destination=4567, interpolated=<value optimized out>) at rts\Sim\Units\COB\CobInstance.cpp:573 #17 0x004c1d0e in CCobThread::CommitAnims (this=0x19b9b528, deltaTime=33) at rts\Sim\Units\COB\CobThread.cpp:867 #18 0x004b5a6f in CCobEngine::Tick (this=0xa04f60, deltaTime=33) at rts\Sim\Units\COB\CobEngine.cpp:150 #19 0x006aa95a in CGame::SimFrame (this=0x7159228) at rts\Game\Game.cpp:2531 0000020 0x006ba284 in CGame::ClientReadNet (this=0x7159228) at rts\Game\Game.cpp:2936 #21 0x006baff9 in CGame::Update (this=0x7159228) at rts\Game\Game.cpp:1890 #22 0x0040889e in SpringApp::Update (this=0x22fea4) at rts\System\Main.cpp:869 #23 0x0040cb90 in SpringApp::Run (this=0x22fea4, argc=2, argv=0x3d45c0) at rts\System\Main.cpp:1055 0000024 0x0040cf1a in Run (argc=2, argv=0x3d45c0) at rts\System\Main.cpp:1115 #25 0x0040d075 in WinMain@16 (hInstanceIn=0x400000, hPrevInstance=0x0, lpCmdLine=0x241efd "889.sdf", nCmdShow=10) at rts\System\Main.cpp:1177 0000026 0x0076b2ac in main () (gdb)

~0002100 imbaczek (reporter) 2008-04-20 09:44	the crash also happens with LuaUI disabled in the settings: warning: HEAP[spring.exe]: warning: HEAP: Free Heap block 16b21be8 modified at 16b21c70 after it was freed Program received signal SIGTRAP, Trace/breakpoint trap. 0x7c901231 in ntdll!DbgUiConnectToDbg () from C:\WINDOWS\system32\ntdll.dll (gdb) bt #0 0x7c901231 in ntdll!DbgUiConnectToDbg () from C:\WINDOWS\system32\ntdll.dll #1 0x7c96c943 in ntdll!RtlpNtMakeTemporaryKey () from C:\WINDOWS\system32\ntdll.dll #2 0x7c949eb9 in ntdll!RtlInsertElementGenericTableAvl () from C:\WINDOWS\system32\ntdll.dll 0000003 0x7c96d6aa in ntdll!RtlpNtMakeTemporaryKey () from C:\WINDOWS\system32\ntdll.dll 0000004 0x7c949d18 in ntdll!RtlInsertElementGenericTableAvl () from C:\WINDOWS\system32\ntdll.dll 0000005 0x7c91b298 in wcsncat () from C:\WINDOWS\system32\ntdll.dll #6 0x77c1c3c9 in msvcrt!free () from C:\WINDOWS\system32\msvcrt.dll #7 0x003d0000 in ?? () #8 0x40000060 in ?? () #9 0x00000114 in ?? () 0000010 0x77c1c3e7 in msvcrt!free () from C:\WINDOWS\system32\msvcrt.dll #11 0x00000114 in ?? () 0000012 0x77c1c42e in msvcrt!malloc () from C:\WINDOWS\system32\msvcrt.dll 0000013 0x0041002c in m_allocator (sourceFile=0x8f87af "??", sourceLine=0, sourceFunc=0x8f87af "??", allocationType=1, reportedSize=20) at rts\System\mmgr.cpp:1046 0000014 0x004105de in operator new (reportedSize=20) at rts\System\mmgr.cpp:699 #15 0x005014ac in CPathEstimator::MapChanged (this=0x11769fb8, x1=66, z1=800, x2=78, z2=812) at c:/mingw/bin/../lib/gcc/i386-pc-mingw32/4.3.0/include/c++/ext/new_allocat or.h:92 #16 0x005067a6 in CPathManager::TerrainChange (this=0x11ae49d8, x1=66, z1=800, x2=78, z2=812) at rts\Sim\Path\PathManager.cpp:384 #17 0x005a235b in CReadMap::RemoveGroundBlockingObject (this=0x87d05d0, object=0x1622c680) at rts\Map\ReadMap.cpp:434 #18 0x00509023 in CSolidObject::UnBlock (this=0x16b21be8) at rts\Sim\Objects\SolidObject.cpp:145 #19 0x0050915f in ~CSolidObject (this=0x1622c680) at rts\Sim\Objects\SolidObject.cpp:77 0000020 0x0046a7ae in ~CUnit (this=0x1622c680) at rts\Sim\Units\Unit.cpp:288 #21 0x00488cf1 in ~CBuilding (this=0x1622c680) at rts\Sim\Units\UnitTypes\Building.cpp:68 #22 0x00489f6e in ~CFactory (this=0x1622c680) at rts\Sim\Units\UnitTypes\Factory.cpp:66 #23 0x0048108b in CUnitHandler::Update (this=0x11678f30) at rts\Sim\Units\UnitHandler.cpp:231 0000024 0x006aa91f in CGame::SimFrame (this=0x7159228) at rts\Game\Game.cpp:2522 #25 0x006ba2b0 in CGame::ClientReadNet (this=0x7159228) at rts\Game\Game.cpp:2936 0000026 0x006bb025 in CGame::Update (this=0x7159228) at rts\Game\Game.cpp:1890 0000027 0x0040889e in SpringApp::Update (this=0x22fea4) at rts\System\Main.cpp:869 #28 0x0040cb90 in SpringApp::Run (this=0x22fea4, argc=2, argv=0x3d45c0) at rts\System\Main.cpp:1055 0000029 0x0040cf1a in Run (argc=2, argv=0x3d45c0) at rts\System\Main.cpp:1115 #30 0x0040d075 in WinMain@16 (hInstanceIn=0x400000, hPrevInstance=0x0, lpCmdLine=0x241efd "889.sdf", nCmdShow=10) at rts\System\Main.cpp:1177 #31 0x0076b2d8 in main () (gdb) p gs->frameNum $1 = 13760 (gdb)

~0002102 imbaczek (reporter) 2008-04-20 13:50	free heap block warnings all have an offset of 0x88 (136 dec), which points to a dangling pointer issue.

~0002106 tvo (reporter) 2008-04-20 15:57	Got a trace in MSVC 2005 from the demo. 0.76b1 code + assert(_CrtCheckMemory()); at start of CGame::Update(). Lua UI manually disabled at start of game using /luaui disable. Before I did that, IceUI was running, all other widgets were off. This trace didn't happen when I ran Spring on background/minimized, so indeed it's definitely in some drawing code. I was scrolling over the map when the breakpoint was triggered. Stacktrace: ntdll.dll!DbgBreakPoint() [Frames below may be incorrect and/or missing, no symbols loaded for ntdll.dll] ntdll.dll!RtlpNtMakeTemporaryKey() + 0x6737 bytes ntdll.dll!RtlInitializeSListHead() + 0x10b69 bytes ntdll.dll!iswdigit() + 0x224 bytes ntdll.dll!RtlpNtMakeTemporaryKey() + 0x7e56 bytes ntdll.dll!RtlInitializeSListHead() + 0x115c0 bytes ntdll.dll!iswdigit() + 0x128 bytes msvcr80d.dll!_free_base() + 0x193 bytes msvcr80d.dll!_free_dbg() + 0x526 bytes msvcr80d.dll!_free_dbg() + 0x4e bytes msvcr80d.dll!operator delete() + 0xb7 bytes msvcp80d.dll!std::allocator<char>::deallocate() + 0x10 bytes msvcp80d.dll!std::basic_string<char,std::char_traits<char>,std::allocator<char> >::_Tidy() + 0x5d bytes msvcp80d.dll!std::basic_string<char,std::char_traits<char>,std::allocator<char> >::~basic_string<char,std::char_traits<char>,std::allocator<char> >() + 0x39 bytes > debug.exe!CommandDescription::~CommandDescription() + 0x58 bytes C++ debug.exe!CommandDescription::`scalar deleting destructor'() + 0x16 bytes C++ debug.exe!std::_Destroy<CommandDescription>(CommandDescription * _Ptr=0x19f7aa48) Line 61 C++ debug.exe!std::allocator<CommandDescription>::destroy(CommandDescription * _Ptr=0x19f7aa48) Line 161 + 0x9 bytes C++ debug.exe!std::_Destroy_range<CommandDescription,std::allocator<CommandDescription> >(CommandDescription * _First=0x19f7aa48, CommandDescription * _Last=0x19f7c568, std::allocator<CommandDescription> & _Al={...}, std::_Nonscalar_ptr_iterator_tag __formal={...}) Line 235 + 0xc bytes C++ debug.exe!std::_Destroy_range<CommandDescription,std::allocator<CommandDescription> >(CommandDescription * _First=0x19f7a888, CommandDescription * _Last=0x19f7c568, std::allocator<CommandDescription> & _Al={...}) Line 226 + 0x28 bytes C++ debug.exe!std::vector<CommandDescription,std::allocator<CommandDescription> >::_Destroy(CommandDescription * _First=0x19f7a888, CommandDescription * _Last=0x19f7c568) Line 1083 + 0x14 bytes C++ debug.exe!std::vector<CommandDescription,std::allocator<CommandDescription> >::_Tidy() Line 1096 C++ debug.exe!std::vector<CommandDescription,std::allocator<CommandDescription> >::~vector<CommandDescription,std::allocator<CommandDescription> >() Line 547 C++ debug.exe!CCommandAI::~CCommandAI() Line 327 + 0x2d bytes C++ debug.exe!CFactoryCAI::~CFactoryCAI() Line 139 + 0x2f bytes C++ debug.exe!CFactoryCAI::`scalar deleting destructor'() + 0x16 bytes C++ debug.exe!CUnit::~CUnit() Line 267 + 0x29 bytes C++ debug.exe!CBuilding::~CBuilding() Line 68 + 0xf bytes C++ debug.exe!CFactory::~CFactory() Line 66 + 0x2b bytes C++ debug.exe!CFactory::`scalar deleting destructor'() + 0x16 bytes C++ debug.exe!CUnitHandler::Update() Line 231 + 0x35 bytes C++ debug.exe!CGame::SimFrame() Line 2523 C++ debug.exe!CGame::ClientReadNet() Line 2941 C++ debug.exe!CGame::Update() Line 1889 + 0x8 bytes C++ debug.exe!SpringApp::Update() Line 869 + 0x14 bytes C++ debug.exe!SpringApp::Run(int argc=2, char * * argv=0x03ee62e0) Line 1055 + 0x8 bytes C++ debug.exe!Run(int argc=2, char * * argv=0x03ee62e0) Line 1150 + 0x13 bytes C++ debug.exe!WinMain(HINSTANCE__ * hInstanceIn=0x00400000, HINSTANCE__ * hPrevInstance=0x00000000, char * lpCmdLine=0x00151eff, int nCmdShow=1) Line 1177 + 0x16 bytes C++ debug.exe!__tmainCRTStartup() Line 589 + 0x35 bytes C debug.exe!WinMainCRTStartup() Line 414 C kernel32.dll!RegisterWaitForInputIdle() + 0x49 bytes gs->frameNum is 13760 here, so must be same issue. The breakpoint hit in this piece of code in xmemory header: // TEMPLATE FUNCTION _Destroy template<class _Ty> inline void _Destroy(_Ty _FARQ *_Ptr) { // destroy object at _Ptr _DESTRUCTOR(_Ty, _Ptr); } From the stacktrace it seems to have hit while destructing a std::string in the CCommandDescription.

~0002107 tvo (reporter) 2008-04-20 16:00	Oh, and the output window showed this: [XHC]BigSteve added point: com [XHC]BigSteve added point: hlt Warning: Sync checking disabled! Switching to Overview style camera Switching to Overhead (TA) style camera HEAP[debug.exe]: HEAP: Free Heap block 17df7808 modified at 17df7830 after it was freed Windows has triggered a breakpoint in debug.exe. This may be due to a corruption of the heap, and indicates a bug in debug.exe or any of the DLLs it has loaded. The output window may have more diagnostic information

~0002108 Kloot (developer) 2008-04-20 16:15 Last edited: 2008-04-20 16:17	Indeed the corruption also occurs with LuaUI disabled, but the trace I just got seems unrelated to any rendering code: __gnu_cxx::new_allocator<CPathEstimator::SingleBlock>::construct(CPathEstimator::SingleBlock, CPathEstimator::SingleBlock const&) /usr/include/c++/4.1.3/ext/new_allocator.h:104 CPathManager::TerrainChange(unsigned int, unsigned int, unsigned int, unsigned int) springdev/src076b1/rts/Sim/Path/PathManager.cpp:385 CReadMap::RemoveGroundBlockingObject(CSolidObject) springdev/src076b1/rts/Map/ReadMap.cpp:435 CSolidObject::UnBlock() springdev/src076b1/rts/Sim/Objects/SolidObject.cpp:147 ~CSolidObject springdev/src076b1/rts/Sim/Objects/SolidObject.cpp:80 ~CUnit springdev/src076b1/rts/Sim/Units/Unit.cpp:288 ~CFactory springdev/src076b1/rts/Sim/Units/UnitTypes/Factory.cpp:66 std::list<CUnit, std::allocator<CUnit> >::begin() /usr/include/c++/4.1.3/bits/stl_list.h:580 CGame::SimFrame() springdev/src076b1/rts/Game/Game.cpp:2521 CGame::ClientReadNet() springdev/src076b1/rts/Game/Game.cpp:2935 CGame::Update() springdev/src076b1/rts/Game/Game.cpp:1887 SpringApp::Update() springdev/src076b1/rts/System/Main.cpp:869 SpringApp::Run(int, char) springdev/src076b1/rts/System/Main.cpp:1055 Run(int, char) springdev/src076b1/rts/System/Main.cpp:1115 main springdev/src076b1/rts/System/Main.cpp:1169

~0002109 imbaczek (reporter) 2008-04-20 17:10	Kloot: I had something involved with pathing too, I guess that's because the heap is already corrupted and malloc/new/sbrk/whatever gets confused. IOW, we need to look in the past, those crashes are just fallout.

~0002110 Kloot (developer) 2008-04-20 18:07 Last edited: 2008-04-20 18:14	Yeah, the crash on operator new was a bit of a give-away. These two traces look a lot more like they might pinpoint the source of this thing: Program received signal SIGSEGV, Segmentation fault. [Switching to Thread -1233238304 (LWP 6323)] 0xb778aa8b in ?? () from /lib/tls/i686/cmov/libc.so.6 (gdb) bt #0 0xb778aa8b in ?? () from /lib/tls/i686/cmov/libc.so.6 #1 0xb7868148 in ?? () from /lib/tls/i686/cmov/libc.so.6 #2 0xb7866ff4 in ?? () from /lib/tls/i686/cmov/libc.so.6 0000003 0xb7868140 in ?? () from /lib/tls/i686/cmov/libc.so.6 0000004 0x0d832c60 in ?? () 0000005 0xbfe8a018 in ?? () #6 0xb778e800 in free () from /lib/tls/i686/cmov/libc.so.6 #7 0xb778e800 in free () from /lib/tls/i686/cmov/libc.so.6 #8 0xb7953d81 in operator delete () from /usr/lib/libstdc++.so.6 #9 0x0833b318 in ~CCobInstance (this=0xe357320) at rts/Sim/Units/COB/CobInstance.cpp:188 0000010 0x083086d3 in ~CUnit (this=0xdd6c978) at rts/Sim/Units/Unit.cpp:286 #11 0x08329487 in ~CFactory (this=0xdd6c978) at rts/Sim/Units/UnitTypes/Factory.cpp:66 0000012 0x082f8f81 in CUnitHandler::Update (this=0xbfd9458) at rts/Sim/Units/UnitHandler.cpp:231 0000013 0x08169f66 in CGame::SimFrame (this=0x8ba0da0) at rts/Game/Game.cpp:2519 0000014 0x08181f10 in CGame::ClientReadNet (this=0x8ba0da0) at rts/Game/Game.cpp:2933 #15 0x08184908 in CGame::Update (this=0x8ba0da0) at rts/Game/Game.cpp:1887 #16 0x083d4db7 in SpringApp::Update (this=0xbfe8b594) at rts/System/Main.cpp:869 #17 0x083da035 in SpringApp::Run (this=0xbfe8b594, argc=2, argv=0xbfe8b684) at rts/System/Main.cpp:1055 #18 0x083da3aa in Run (argc=2, argv=0xbfe8b684) at rts/System/Main.cpp:1115 #19 0x083da502 in main (argc=238384020, argv=0x61, envp=0x0) at rts/System/Main.cpp:1168 (gdb) frame 10 0000010 0x083086d3 in ~CUnit (this=0xdd6c978) at rts/Sim/Units/Unit.cpp:286 (gdb) print unitDef $1 = (const class UnitDef ) 0xa055e20 (gdb) print unitDef->name $2 = {static npos = 4294967295, _M_dataplus = {<std::allocator<char>> = {<__gnu_cxx::new_allocator<char>> = {<No data fields>}, <No data fields>}, _M_p = 0x9ab6284 "armalab"}} (gdb) print id $3 = 501 (gdb) print gs->frameNum $4 = 13760 ******************************************* Program received signal SIGSEGV, Segmentation fault. [Switching to Thread -1233004832 (LWP 9081)] 0xb77c3a8b in ?? () from /lib/tls/i686/cmov/libc.so.6 (gdb) bt #0 0xb77c3a8b in ?? () from /lib/tls/i686/cmov/libc.so.6 #1 0xb78a114c in ?? () from /lib/tls/i686/cmov/libc.so.6 #2 0x08e26ca0 in ?? () 0000003 0xb788617c in ?? () from /lib/tls/i686/cmov/libc.so.6 0000004 0x0dc93198 in ?? () 0000005 0x0c37864c in ?? () #6 0xb789fff4 in ?? () from /lib/tls/i686/cmov/libc.so.6 #7 0xb78a1140 in ?? () from /lib/tls/i686/cmov/libc.so.6 #8 0x0e0de0f8 in ?? () #9 0xbf9cb338 in ?? () 0000010 0x00000168 in ?? () #11 0xb77c7800 in free () from /lib/tls/i686/cmov/libc.so.6 0000012 0xb798cd81 in operator delete () from /usr/lib/libstdc++.so.6 0000013 0x083673ed in ~CCommandAI (this=0xe678410) at /usr/include/c++/4.1.3/ext/new_allocator.h:94 0000014 0x083609c1 in ~CFactoryCAI (this=0xe678410) at rts/Sim/Units/CommandAI/FactoryCAI.cpp:139 #15 0x083085cf in ~CUnit (this=0xd702df0) at rts/Sim/Units/Unit.cpp:267 #16 0x083295e7 in ~CFactory (this=0xd702df0) at rts/Sim/Units/UnitTypes/Factory.cpp:66 #17 0x082f8f81 in CUnitHandler::Update (this=0xbf361c0) at rts/Sim/Units/UnitHandler.cpp:231 #18 0x08169f66 in CGame::SimFrame (this=0x8ba1090) at rts/Game/Game.cpp:2519 #19 0x08181f10 in CGame::ClientReadNet (this=0x8ba1090) at rts/Game/Game.cpp:2933 0000020 0x08184908 in CGame::Update (this=0x8ba1090) at rts/Game/Game.cpp:1887 #21 0x083d5047 in SpringApp::Update (this=0xbf9cc8d4) at rts/System/Main.cpp:869 #22 0x083da2c5 in SpringApp::Run (this=0xbf9cc8d4, argc=2, argv=0xbf9cc9c4) at rts/System/Main.cpp:1055 #23 0x083da63a in Run (argc=2, argv=0xbf9cc9c4) at rts/System/Main.cpp:1115 0000024 0x083da792 in main (argc=1052979320, argv=0x169, envp=0x0) at rts/System/Main.cpp:1168 (gdb) frame 15 #15 0x083085cf in ~CUnit (this=0xd702df0) at rts/Sim/Units/Unit.cpp:267 267 delete commandAI; commandAI = 0; (gdb) print unitDef->name $1 = {static npos = 4294967295, _M_dataplus = {<std::allocator<char>> = {<__gnu_cxx::new_allocator<char>> = {<No data fields>}, <No data fields>}, _M_p = 0x947afec "armalab"}} (gdb) print gs->frameNum $2 = 13760 (gdb) print id $3 = 501 Only one player in the demo (BigSteve, bottom-right dude) built an "armalab" (advanced kbot lab), and was reclaiming his level 1 lab to finance it. The crash happens at the exact moment (7:38, frame 13760) the reclaim command finishes, at which point his T1 lab was still building a unit. (I can't reproduce it in a local test scenario though.)

~0002111 imbaczek (reporter) 2008-04-20 18:22	kloot: very good catch, my mingw build crashes in the exact same place, but without the backtrace. come on #sy, maybe we could coordinate efforts.

~0002112 imbaczek (reporter) 2008-04-20 18:24 Last edited: 2008-04-20 18:26	mantis bugged out :/ current findings: another crash in free(), stacktrace was truncated, but mmgr allocation logging shows this: http://pastebin.ca/990942

~0002114 imbaczek (reporter) 2008-04-20 22:41 Last edited: 2008-04-20 22:49	hit an assert in mmgr: Program received signal SIGTRAP, Trace/breakpoint trap. 0x0040fb1b in m_validateAllocUnit (allocUnit=0x18a99ab8) at rts\System\mmgr.cpp:1498 1498 rts\System\mmgr.cpp: No such file or directory. in rts\System\mmgr.cpp (gdb) bt #0 0x0040fb1b in m_validateAllocUnit (allocUnit=0x18a99ab8) at rts\System\mmgr.cpp:1498 #1 0x0040fbe6 in m_validateAllAllocUnits () at rts\System\mmgr.cpp:1522 #2 0x006ac6d6 in CGame::SimFrame (this=0x706d088) at rts\Game\Game.cpp:2471 0000003 0x006bba7c in CGame::ClientReadNet (this=0x706d088) at rts\Game\Game.cpp:2975 0000004 0x006bc7d5 in CGame::Update (this=0x706d088) at rts\Game\Game.cpp:1897 0000005 0x00408a5a in SpringApp::Update (this=0x22fe94) at rts\System\Main.cpp:870 #6 0x0040cd4c in SpringApp::Run (this=0x22fe94, argc=2, argv=0x3d45a8) at rts\System\Main.cpp:1056 #7 0x0040d0d6 in Run (argc=2, argv=0x3d45a8) at rts\System\Main.cpp:1116 #8 0x0040d254 in WinMain@16 (hInstanceIn=0x400000, hPrevInstance=0x0, lpCmdLine=0x241efe "889.sdf", nCmdShow=10) at rts\System\Main.cpp:1180 #9 0x0076d1f8 in main () (gdb) p gs->frameNum $9 = 13760 (gdb) call heapchk() $10 = -2 edit: this is fine - _HEAPOK (gdb) it's the one that indicates overrun (postfix pattern different than expected.) edit: (gdb) p *allocUnit $12 = {actualSize = 261, reportedSize = 5, actualAddress = 0x154b5360, reportedAddress = 0x154b53e0, sourceFile = "RawPacket.cpp", '\0' <repeats 26 times>, sourceFunc = "RawPacket", '\0' <repeats 30 times>, sourceLine = 14, allocationType = 2, breakOnDealloc = false, breakOnRealloc = false, allocationNumber = 16290118, next = 0x1752abe8, prev = 0x0} edit2: fun stuff: (gdb) x/x post+1 0x154b53e9: 0xdeadc0de (gdb) x/x post 0x154b53e5: 0xde000000 (gdb) x/x post-1 0x154b53e1: 0x00000000

~0002116 acidd_uk (reporter) 2008-04-20 23:20	0x154b53e9: 0xdeadc0de "deadcode" That's pretty spooky! Also, great job working on this guys! Looks like you're making good progress.

~0002118 imbaczek (reporter) 2008-04-21 00:17	yeah, could use more replays like this one, the earlier the crash, the better. i'm not sure if fixing this one will remedy all lua crashes, unfortunately.

~0002119 acidd_uk (reporter) 2008-04-21 00:49	Every bit helps tho :-)

~0002121 imbaczek (reporter) 2008-04-21 03:06	turning off ground decals seems to fix the crash, as would be expected from some of the alloc logs. root cause still not found.

~0002122 Kloot (developer) 2008-04-21 13:24 Last edited: 2008-04-21 13:26	It still has to be something specific to this demo IMHO, buildings are obviously reclaimed and/or destroyed all the time without causing SIG***'s normally (and the corruption also happens in mods where buildings don't have groundplate decals). I have some XTA replays that might show similar symptoms with LuaUI disabled, I'll rummage through those for a pattern.

~0002124 imbaczek (reporter) 2008-04-21 16:33 Last edited: 2008-04-21 16:33	turns out I can access stacktraces just fine, Windows does something weird with the stack in it's interrupts. just do 'next' until you see our code. I littered ~CUnit with _heapchk() calls, turns out that memory is corrupted before any memory inside ~CUnit is freed. ~CUnit (this=0x2d6983a0) at rts\Sim\Units\Unit.cpp:270 270 delete commandAI; commandAI = 0; ^^^ this line didn't execute (gdb) bt #0 ~CUnit (this=0x2d6983a0) at rts\Sim\Units\Unit.cpp:270 #1 0x00489c99 in ~CBuilding (this=0x2d6983a0) at rts\Sim\Units\UnitTypes\Building.cpp:68 #2 0x0048af16 in ~CFactory (this=0x2d6983a0) at rts\Sim\Units\UnitTypes\Factory.cpp:66 0000003 0x00481c83 in CUnitHandler::Update (this=0x27537640) at rts\Sim\Units\UnitHandler.cpp:231 0000004 0x006ac2b3 in CGame::SimFrame (this=0xf119f68) at rts\Game\Game.cpp:2553 0000005 0x006bbc44 in CGame::ClientReadNet (this=0xf119f68) at rts\Game\Game.cpp:2977 #6 0x006bc99d in CGame::Update (this=0xf119f68) at rts\Game\Game.cpp:1897 #7 0x00408a5a in SpringApp::Update (this=0x23fe94) at rts\System\Main.cpp:870 #8 0x0040cd4c in SpringApp::Run (this=0x23fe94, argc=2, argv=0x345b8) at rts\System\Main.cpp:1056 #9 0x0040d0d6 in Run (argc=2, argv=0x345b8) at rts\System\Main.cpp:1116 0000010 0x0040d254 in WinMain@16 (hInstanceIn=0x400000, hPrevInstance=0x0, lpCmdLine=0x251f36 "889.sdf", nCmdShow=10) at rts\System\Main.cpp:1180 #11 0x0076d3c4 in main () (gdb) p unitDef->name $2 = {static npos = 4294967295, _M_dataplus = {<std::allocator<char>> = {<__gnu_cxx::new_allocator<char>> = {< No data fields>}, <No data fields>}, _M_p = 0x2090e51c "armalab"}} (gdb)

~0002125 Kloot (developer) 2008-04-21 17:15	Yep, noticed that too. The weird part here is that ~CUnit gets called for the armalab being built instead of for the T1 factory that actually gets reclaimed, so something has to be amiss when the command finishes.

~0002126 imbaczek (reporter) 2008-04-21 17:36	isolated the heap corruption (if only _heapchk doesn't lie to me) to this piece of ~CUnit: if (gs->frameNum >= 13760) _heapchk(); // this is fine if(delayedWreckLevel>=0){ featureHandler->CreateWreckage(pos,wreckName, heading, buildFacing, delayedWreckLevel,team,-1,true,unitDef->name); } if (gs->frameNum >= 13760) _heapchk(); // this triggers a SIGTRAP

~0002127 imbaczek (reporter) 2008-04-21 17:42	Kloot: it's not instead - the crash happens when an armalab gets to -1 health; if the rendering frame skips this moment, no crash for me.

~0002128 imbaczek (reporter) 2008-04-21 17:49 Last edited: 2008-04-21 17:53	damn, it lied... now it tells me that corruption happened before createwreckage :/ time to instrument other destructors.

~0002130 imbaczek (reporter) 2008-04-21 18:24 Last edited: 2008-04-21 18:25	like I said, it's the ground decals: warning: HEAP[spring.exe]: warning: Free Heap block 2DB57B78 modified at 2DB57BF8 after it was freed (gdb) list 663 decal->owner=0; 664 decal->gbOwner=gb; 665 building->buildingDecal=0; 666 667 _heapchk(); 668 } 669 670 int CGroundDecalHandler::GetBuildingDecalType(std::string name) 671 { 672 if(decalLevel==0) (gdb) p decal $1 = (BuildingGroundDecal *) 0x2db57c00 some logging of GroundDecalHandler: deleted decal 2DB57C00 processing decal 286D6200 processing decal 29C87380 processing decal 2A85CDC0 processing decal 2AAD4DB8 processing decal 28177548 processing decal 29EC0E28 processing decal 2A043488 processing decal 2A104FD8 processing decal 2A919920 processing decal 2AE9E8F0 processing decal 2BDC28E8 processing decal 286D6200 processing decal 29C87380 processing decal 2A85CDC0 processing decal 2AAD4DB8 removing decal 2DB57C00 ^^^^^^^^^^^^^^^^^^^^^^^ freed memory

~0002131 satirik (reporter) 2008-04-21 18:34	add a replay where luaui crash at 7h25 i had another crash later in the game

~0002132 imbaczek (reporter) 2008-04-21 19:19	satirik's replay is the same bug.

~0002133 Kloot (developer) 2008-04-21 19:24 Last edited: 2008-04-21 19:29	imbaczek: the point is that the "armalab" (advanced bot factory) should not get to -1 health at all since it's under construction, only the "armlab" (T1 plant) is being reclaimed. My own printf-debugging reveals this little gem: ~CBuilding(), frame: 13760, name: armalab <<== UH OH ~CBuilding(), calling groundDecals->RemoveBuilding() on this = 0xe514438 CGroundDecalHandler::RemoveBuilding(), frame: 13760, decal: 0xe7f5ca0, building: 0xe514438, ghostBuilding: (nil) ~CUnit called for unit with ID 501 and name armalab and health -0.560133 ~CBuilding(), frame: 13761, name: armlab ~CBuilding(), calling groundDecals->RemoveBuilding() on this = 0xddd7330 CGroundDecalHandler::RemoveBuilding(), frame: 13761, decal: 0xdd8c918, building: 0xddd7330, ghostBuilding: (nil) ~CUnit called for unit with ID 50 and name armlab and health -0.456653 So there's a bogus unit destruction taking place.

~0002134 Kloot (developer) 2008-04-21 19:33 Last edited: 2008-04-21 19:55	For Satirik's demo, I get the following: ~CBuilding(), frame: 13313, name: armvp ~CBuilding(), calling groundDecals->RemoveBuilding() on this = 0xd84acd8 CGroundDecalHandler::RemoveBuilding(), frame: 13313, decal: 0xe079148, building: 0xd84acd8, ghostBuilding: (nil) ~CUnit called for unit with ID 156 and name armvp and health -12.784686 at frame 13313 Yet no "armvp" (vehicle plant) was being reclaimed or attacked by anyone anywhere across the map. This seems like an entirely separate issue to be honest.

~0002135 imbaczek (reporter) 2008-04-21 19:34	committed a possible fix in r5760.

~0002136 acidd_uk (reporter) 2008-04-21 19:41	Great job!

~0002137 Kloot (developer) 2008-04-21 19:43 Last edited: 2008-04-21 19:56	I applied your fix to my 76b1 debug build and ran Satirik's demo again, result: ~CBuilding(), frame: 13313, name: armvp ~CUnit called for unit with ID 156 and name armvp and health -12.784686 at frame 13313 Similarly for Acidd's: ~CBuilding(), frame: 13760, name: armalab ~CUnit called for unit with ID 501 and name armalab and health -0.560133 at frame 13760 ~CBuilding(), frame: 13761, name: armlab ~CBuilding(), calling groundDecals->RemoveBuilding() on this = 0xcd9b320 CGroundDecalHandler::RemoveBuilding(), frame: 13761, decal: 0xc619088, building: 0xcd9b320, ghostBuilding: (nil) ~CUnit called for unit with ID 50 and name armlab and health -0.456653 at frame 13761 IMO it's starting to look more and more like the ground decal issue comes (came) as a side effect of this bug.

~0002138 imbaczek (reporter) 2008-04-21 20:06	Kloot: you can check order of memory accesses in the decal log, it's definitely a problem. I'm pretty sure it's not the _only_ problem, as you've said. I already asked satirik to post any replays that crash with decals disabled, because his demo doesn't crash for me anymore. glibc has something similar to ms' crt _heapchk -- i think it's called mcheck (in mcheck.h). you could try hunting further with this.

~0002139 Kloot (developer) 2008-04-21 20:49 Last edited: 2008-04-21 20:52	It turns out the guy in the bottom-left corner in acidd's demo also started an advanced kbot lab but reclaimed the nanoframe at the exact same moment (well, one frame earlier) that BigSteve's T1 lab was sucked up and I missed it the whole time. Likewise in Satirik's demo, one player started an armvp but left the nanoframe to decay (which it did at 7:23) so it triggered my debug traps. I think it's safe to close this one now, sorry for the paranoia. ;)

Notes

Date Modified	Username	Field	Change
Issue History
2008-04-09 00:31	acidd_uk	New Issue
2008-04-09 00:31	acidd_uk	File Added: infolog.txt
2008-04-09 00:38	acidd_uk	File Added: 080408-Tabula-v2-0.76b1.sdf
2008-04-09 00:39	acidd_uk	Note Added: 0002037
2008-04-09 00:51	acidd_uk	Note Added: 0002038
2008-04-09 02:46	acidd_uk	Note Edited: 0002038
2008-04-11 23:14	imbaczek	Note Added: 0002039
2008-04-12 14:56	acidd_uk	File Added: Widgets.rar
2008-04-12 14:57	acidd_uk	Note Added: 0002040
2008-04-12 17:06	imbaczek	Note Added: 0002041
2008-04-12 17:32	acidd_uk	Note Added: 0002042
2008-04-12 19:07	acidd_uk	Note Added: 0002043
2008-04-12 19:12	acidd_uk	Note Added: 0002044
2008-04-12 19:36	imbaczek	Note Added: 0002045
2008-04-12 19:58	acidd_uk	Note Added: 0002046
2008-04-12 20:21	imbaczek	Note Added: 0002047
2008-04-12 20:24	acidd_uk	Note Added: 0002048
2008-04-12 20:47	imbaczek	File Added: layout.lua
2008-04-12 20:48	imbaczek	Note Added: 0002050
2008-04-12 22:01	acidd_uk	File Added: infolog-2.txt
2008-04-12 22:03	acidd_uk	Note Added: 0002051
2008-04-12 22:03	acidd_uk	Note Edited: 0002051
2008-04-12 22:04	acidd_uk	Note Edited: 0002051
2008-04-12 22:16	imbaczek	Note Added: 0002052
2008-04-13 18:53	acidd_uk	Note Added: 0002054
2008-04-14 00:16	imbaczek	Note Added: 0002055
2008-04-17 21:49	imbaczek	Note Added: 0002078
2008-04-17 21:50	imbaczek	Note Edited: 0002078
2008-04-17 21:56	imbaczek	Note Added: 0002081
2008-04-17 22:32	acidd_uk	Note Added: 0002082
2008-04-17 22:55	Kloot	Note Added: 0002083
2008-04-17 22:56	tvo	Note Added: 0002084
2008-04-18 10:11	imbaczek	Note Added: 0002085
2008-04-18 11:18	imbaczek	Note Added: 0002086
2008-04-18 11:23	imbaczek	Note Edited: 0002086
2008-04-18 11:23	imbaczek	Note Edited: 0002086
2008-04-18 11:27	imbaczek	Note Edited: 0002086
2008-04-18 11:31	imbaczek	Note Edited: 0002086
2008-04-18 14:13	Kloot	Note Added: 0002087
2008-04-19 11:58	imbaczek	Note Added: 0002091
2008-04-19 11:59	imbaczek	Note Edited: 0002091
2008-04-19 12:31	tvo	Note Added: 0002092
2008-04-19 17:27	imbaczek	Note Added: 0002094
2008-04-19 17:36	imbaczek	Note Edited: 0002094
2008-04-19 17:52	imbaczek	Note Added: 0002095
2008-04-19 17:53	imbaczek	Note Edited: 0002095
2008-04-19 17:54	imbaczek	Note Edited: 0002095
2008-04-19 18:32	imbaczek	Note Added: 0002096
2008-04-20 09:44	imbaczek	Note Added: 0002100
2008-04-20 13:50	imbaczek	Note Added: 0002102
2008-04-20 15:57	tvo	Note Added: 0002106
2008-04-20 16:00	tvo	Note Added: 0002107
2008-04-20 16:15	Kloot	Note Added: 0002108
2008-04-20 16:17	Kloot	Note Edited: 0002108
2008-04-20 17:10	imbaczek	Note Added: 0002109
2008-04-20 18:07	Kloot	Note Added: 0002110
2008-04-20 18:14	Kloot	Note Edited: 0002110
2008-04-20 18:22	imbaczek	Note Added: 0002111
2008-04-20 18:24	imbaczek	Note Added: 0002112
2008-04-20 18:25	imbaczek	Note Edited: 0002112
2008-04-20 18:26	imbaczek	Note Edited: 0002112
2008-04-20 22:41	imbaczek	Note Added: 0002114
2008-04-20 22:43	imbaczek	Note Edited: 0002114
2008-04-20 22:43	imbaczek	Note Edited: 0002114
2008-04-20 22:49	imbaczek	Note Edited: 0002114
2008-04-20 23:20	acidd_uk	Note Added: 0002116
2008-04-21 00:17	imbaczek	Note Added: 0002118
2008-04-21 00:49	acidd_uk	Note Added: 0002119
2008-04-21 03:06	imbaczek	Note Added: 0002121
2008-04-21 03:07	imbaczek	Additional Information Updated
2008-04-21 13:24	Kloot	Note Added: 0002122
2008-04-21 13:25	Kloot	Note Edited: 0002122
2008-04-21 13:26	Kloot	Note Edited: 0002122
2008-04-21 16:33	imbaczek	Note Added: 0002124
2008-04-21 16:33	imbaczek	Note Edited: 0002124
2008-04-21 17:15	Kloot	Note Added: 0002125
2008-04-21 17:36	imbaczek	Note Added: 0002126
2008-04-21 17:42	imbaczek	Note Added: 0002127
2008-04-21 17:49	imbaczek	Note Added: 0002128
2008-04-21 17:53	imbaczek	Note Edited: 0002128
2008-04-21 18:24	imbaczek	Note Added: 0002130
2008-04-21 18:25	imbaczek	Note Edited: 0002130
2008-04-21 18:32	satirik	File Added: LUAUI_CRASH_Satirik_7m25.sdf
2008-04-21 18:34	satirik	Note Added: 0002131
2008-04-21 19:19	imbaczek	Note Added: 0002132
2008-04-21 19:24	Kloot	Note Added: 0002133
2008-04-21 19:29	Kloot	Note Edited: 0002133
2008-04-21 19:33	Kloot	Note Added: 0002134
2008-04-21 19:34	imbaczek	Note Added: 0002135
2008-04-21 19:35	Kloot	Note Edited: 0002134
2008-04-21 19:41	acidd_uk	Note Added: 0002136
2008-04-21 19:43	Kloot	Note Added: 0002137
2008-04-21 19:44	Kloot	Note Edited: 0002134
2008-04-21 19:52	Kloot	Note Edited: 0002137
2008-04-21 19:55	Kloot	Note Edited: 0002134
2008-04-21 19:56	Kloot	Note Edited: 0002137
2008-04-21 20:06	imbaczek	Note Added: 0002138
2008-04-21 20:49	Kloot	Note Added: 0002139
2008-04-21 20:52	Kloot	Note Edited: 0002139
2008-04-21 21:47	imbaczek	Status	new => resolved
2008-04-21 21:47	imbaczek	Additional Information Updated
2012-06-27 02:27	abma	Status	resolved => assigned
2012-06-27 02:27	abma	Assigned To	=> abma
2012-06-27 02:29	abma	Status	assigned => resolved
2012-06-27 02:29	abma	Resolution	open => fixed

Issue History