Skip to content

Latest master (2.5) bzfs with a recording buffer crashes when bots join #272

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
blast007 opened this issue Dec 27, 2020 · 1 comment
Closed

Latest master (2.5) bzfs with a recording buffer crashes when bots join #272

blast007 opened this issue Dec 27, 2020 · 1 comment
Labels
bug
Milestone
2.6 Release

Comments

@blast007
Copy link
Member

When running bzfs from the latest master branch and using a recording buffer (the -recbuf option), joining solo bots will crash the server after a few seconds with a SIGABRT. The stack trace is as follows:

#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1  0x00007ffff691a42a in __GI_abort () at abort.c:89
#2  0x00007ffff6956c00 in __libc_message (do_abort=do_abort@entry=2, fmt=fmt@entry=0x7ffff6a4bfd0 "*** Error in `%s': %s: 0x%s ***\n") at ../sysdeps/posix/libc_fatal.c:175
#3  0x00007ffff695cfc6 in malloc_printerr (action=3, str=0x7ffff6a4c048 "double free or corruption (!prev)", ptr=<optimized out>, ar_ptr=<optimized out>) at malloc.c:5049
#4  0x00007ffff695d80e in _int_free (av=0x7ffff6c7fb00 <main_arena>, p=0x5555560c4d20, have_lock=0) at malloc.c:3905
#5  0x00005555558032ea in MessageBuffer::~MessageBuffer (this=0x5555561455e0, __in_chrg=<optimized out>) at MessageBuffers.cxx:29
#6  0x0000555555804f0e in __gnu_cxx::new_allocator<MessageBuffer>::destroy<MessageBuffer> (this=0x5555561455e0, __p=0x5555561455e0) at /usr/include/c++/6/ext/new_allocator.h:124
#7  0x0000555555804ee1 in std::allocator_traits<std::allocator<MessageBuffer> >::destroy<MessageBuffer> (__a=..., __p=0x5555561455e0) at /usr/include/c++/6/bits/alloc_traits.h:487
#8  0x0000555555804daf in std::_Sp_counted_ptr_inplace<MessageBuffer, std::allocator<MessageBuffer>, (__gnu_cxx::_Lock_policy)2>::_M_dispose (this=0x5555561455d0)
    at /usr/include/c++/6/bits/shared_ptr_base.h:529
#9  0x000055555579b05e in std::_Sp_counted_base<(__gnu_cxx::_Lock_policy)2>::_M_release (this=0x5555561455d0) at /usr/include/c++/6/bits/shared_ptr_base.h:150
#10 0x000055555579aeb9 in std::__shared_count<(__gnu_cxx::_Lock_policy)2>::~__shared_count (this=0x7fffffffc8c8, __in_chrg=<optimized out>) at /usr/include/c++/6/bits/shared_ptr_base.h:662
#11 0x00005555557ad040 in std::__shared_ptr<MessageBuffer, (__gnu_cxx::_Lock_policy)2>::~__shared_ptr (this=0x7fffffffc8c0, __in_chrg=<optimized out>) at /usr/include/c++/6/bits/shared_ptr_base.h:928
#12 0x00005555557ad05c in std::shared_ptr<MessageBuffer>::~shared_ptr (this=0x7fffffffc8c0, __in_chrg=<optimized out>) at /usr/include/c++/6/bits/shared_ptr.h:93
#13 0x0000555555811bb2 in savePlayersState () at RecordReplay.cxx:1658
#14 0x00005555558113cc in saveStates () at RecordReplay.cxx:1566
#15 0x000055555580ecd0 in Record::addPacket (code=28787, len=27, data=0x5555561b58cc, mode=0) at RecordReplay.cxx:546
#16 0x000055555587365f in relayPlayerPacket (index=3, len=27, rawbuf=0x5555561b58c8, code=28787) at bzfs.cxx:1035
#17 0x0000555555883b38 in handleCommand (t=3, rawbuf=0x5555561b58c8, udp=false) at bzfs.cxx:5642
#18 0x000055555588418a in handleTcp (netPlayer=..., i=3, e=ReadAll) at bzfs.cxx:5744
#19 0x00005555557fa492 in GameKeeper::Player::handleTcpPacket (this=0x5555561b61c0, set=0x7fffffffd040) at GameKeeper.cxx:436
#20 0x000055555588bc46 in main (argc=5, argv=0x7fffffffe058) at bzfs.cxx:7805

If I disable the solo bots or the recording buffer, I see no crash.
@blast007 blast007 added the bug label Dec 27, 2020
@blast007 blast007 added this to the 2.6 Release milestone Dec 27, 2020
@atupone
Copy link
Contributor

atupone commented Jan 1, 2021

It should be fixed in commit 6d5ff84 by adding a
bufStart->reset();
before each MsgAddPlayer record

@atupone atupone closed this as completed Jan 1, 2021
@blast007 blast007 moved this to Done in BZFlag 2.6 Nov 14, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
BZFlag 2.6
Status: Done
BZFlag 2.6 (Migrated from class projects)
Status: Done
Milestone
2.6 Release
Development

No branches or pull requests
2 participants
@blast007 @atupone