#48797: Client crash S3_1 gtk3.22
Open Date: 2023-10-03 14:38
Last Update: 2023-10-03 20:04
URL for this Ticket:
https://osdn.net//projects/freeciv/ticket/48797
RSS feed for this Ticket:
https://osdn.net/ticket/ticket_rss.php?group_id=12505&tid=48797
---------------------------------------------------------------------
Last Changes/Comment on this Ticket:
2023-10-03 20:04 Updated by: cazfi
Comment:
Reproduced something a bit similar. There seems to be another ( in addition to #48787 and #48788) move animation virtual unit memory problem. Namely that no virtual unit is created at all! Instead pointer of the actual unit is being used. If the unit gets wiped before animation has run completely -> memory corruption.
---------------------------------------------------------------------
Ticket Status:
Reporter: mortmann
Owner: (None)
Type: Bugs
Status: Open
Priority: 5 - Medium
MileStone: (None)
Component: Gtk3.22-client
Severity: 5 - Medium
Resolution: None
---------------------------------------------------------------------
Ticket details:
Version S3_1 commit 7803ef3e17e3e24f53dd1397f9f8cbec6d9e200c
Client gtk3.22 under wayland
[michael at zen ~]$ corrupted size vs. prev_size
[michael at zen ~]$ opt/freeciv-3.1-20231002/bin/freeciv-gtk3.22 &
[2] 1057951
[1] Aborted (core dumped) opt/freeciv-3.1-20231002/bin/freeciv-gtk3.22
{{{
(gdb) bt full
#0 __pthread_kill_implementation (threadid=<optimized out>, signo=signo at entry=6, no_tid=no_tid at entry=0) at pthread_kill.c:44
tid = <optimized out>
ret = 0
pd = <optimized out>
old_mask = {__val = {0}}
ret = <optimized out>
#1 0x00007f02104768a3 in __pthread_kill_internal (signo=6, threadid=<optimized out>) at pthread_kill.c:78
#2 0x00007f0210426668 in __GI_raise (sig=sig at entry=6) at ../sysdeps/posix/raise.c:26
ret = <optimized out>
#3 0x00007f021040e4b8 in __GI_abort () at abort.c:79
save_stage = 1
act = {__sigaction_handler = {sa_handler = 0x20, sa_sigaction = 0x20}, sa_mask = {__val = {139646841571091, 94308746586704, 139646841675403, 60, 82, 140723990445968, 3615965802649469952, 0, 94308579495200, 0, 140723990446000, 139646842925328, 140723990446368, 66, 139646842739831, 140723990446768}}, sa_flags = -613006736, sa_restorer = 0x55c5ed0a6c80}
#4 0x00007f021040f390 in __libc_message (fmt=fmt at entry=0x7f021058655d "%s\n") at ../sysdeps/posix/libc_fatal.c:150
ap = {{gp_offset = 16, fp_offset = 0, overflow_arg_area = 0x7ffcdb7640c0, reg_save_area = 0x7ffcdb764050}}
fd = 2
list = <optimized out>
nlist = <optimized out>
cp = <optimized out>
#5 0x00007f02104807b7 in malloc_printerr (str=str at entry=0x7f0210583fc5 "corrupted size vs. prev_size") at malloc.c:5765
#6 0x00007f021048130e in unlink_chunk (p=<optimized out>, av=<optimized out>) at malloc.c:1610
fd = <optimized out>
bk = <optimized out>
#7 0x00007f0210481480 in malloc_consolidate (av=av at entry=0x7f02105c0ac0 <main_arena>) at malloc.c:4869
fb = 0x7f02105c0af0 <main_arena+48>
maxfb = 0x7f02105c0b18 <main_arena+88>
p = 0x55c5f7da1eb0
nextp = 0x55c5f68d0720
unsorted_bin = 0x7f02105c0b20 <main_arena+96>
first_unsorted = <optimized out>
nextchunk = <optimized out>
size = 262400
nextsize = <optimized out>
prevsize = <optimized out>
nextinuse = <optimized out>
#8 0x00007f0210483a38 in _int_malloc (av=av at entry=0x7f02105c0ac0 <main_arena>, bytes=bytes at entry=1368) at malloc.c:4034
nb = <optimized out>
idx = 69
bin = <optimized out>
victim = <optimized out>
size = <optimized out>
victim_index = <optimized out>
remainder = <optimized out>
remainder_size = <optimized out>
block = <optimized out>
bit = <optimized out>
map = <optimized out>
fwd = <optimized out>
bck = <optimized out>
tcache_unsorted_count = <optimized out>
tcache_nb = <optimized out>
tc_idx = <optimized out>
return_cached = <optimized out>
__PRETTY_FUNCTION__ = "_int_malloc"
#9 0x00007f0210485d08 in __libc_calloc (n=n at entry=1, elem_size=elem_size at entry=1368) at malloc.c:3747
av = <optimized out>
oldtop = 0x55c5f8052450
sz = 1368
oldtopsize = 7289776
mem = <optimized out>
clearsize = <optimized out>
nclears = <optimized out>
d = <optimized out>
bytes = 1368
__PRETTY_FUNCTION__ = "__libc_calloc"
p = <optimized out>
csz = <optimized out>
#10 0x00007f021062e26b in g_malloc0 (n_bytes=n_bytes at entry=1368) at ../glib/glib/gmem.c:163
mem = <optimized out>
#11 0x00007f0210d40252 in _gtk_css_lookup_new (relevant=0x0) at ../gtk/gtk/gtkcsslookup.c:28
lookup = <optimized out>
result = <optimized out>
lookup = <optimized out>
change = 4294967295
#12 gtk_css_static_style_new_compute (provider=0x55c5ecfab690, matcher=0x7ffcdb764310, parent=0x55c5f1ed4610) at ../gtk/gtk/gtkcssstaticstyle.c:183
result = <optimized out>
--Type <RET> for more, q to quit, c to continue without paging--c
lookup = <optimized out>
change = 4294967295
#13 0x00007f0210d20796 in gtk_css_node_create_style (cssnode=0x55c5ed615a20) at ../gtk/gtk/gtkcssnode.c:371
decl = 0x55c5f8007580
matcher = {klass = 0x7f02113c6220 <GTK_CSS_MATCHER_NODE>, path = {klass = 0x7f02113c6220 <GTK_CSS_MATCHER_NODE>, decl = 0x55c5ed615a20, path = 0xffffffffffffff88, index = 11, sibling_index = 0}, node = {klass = 0x7f02113c6220 <GTK_CSS_MATCHER_NODE>, node = 0x55c5ed615a20}, superset = {klass = 0x7f02113c6220 <GTK_CSS_MATCHER_NODE>, subset = 0x55c5ed615a20, relevant = 18446744073709551496}}
parent = <optimized out>
style = <optimized out>
static_style = <optimized out>
new_static_style = <optimized out>
new_style = <optimized out>
#14 gtk_css_node_real_update_style (cssnode=0x55c5ed615a20, change=27925676160, timestamp=343457837235, style=0x55c5f079a250) at ../gtk/gtk/gtkcssnode.c:425
static_style = <optimized out>
new_static_style = <optimized out>
new_style = <optimized out>
#15 0x00007f0210d26017 in gtk_css_node_ensure_style (cssnode=cssnode at entry=0x55c5ed615a20, current_time=current_time at entry=343457837235) at ../gtk/gtk/gtkcssnode.c:1007
new_style = <optimized out>
style_changed = <optimized out>
#16 0x00007f0210d262a7 in gtk_css_node_ensure_style (current_time=current_time at entry=343457837235, cssnode=cssnode at entry=0x55c5ed615a20) at ../gtk/gtk/gtkcssnode.c:992
child = <optimized out>
#17 gtk_css_node_validate_internal (cssnode=cssnode at entry=0x55c5ed615a20, timestamp=timestamp at entry=343457837235) at ../gtk/gtk/gtkcssnode.c:1384
child = <optimized out>
#18 0x00007f0210d26303 in gtk_css_node_validate_internal (timestamp=<optimized out>, cssnode=0x55c5ed615a20) at ../gtk/gtk/gtkcssnode.c:1400
child = 0x55c5ed615a20
#19 gtk_css_node_validate_internal (cssnode=cssnode at entry=0x55c5ed614d60, timestamp=timestamp at entry=343457837235) at ../gtk/gtk/gtkcssnode.c:1398
child = 0x55c5ed615a20
#20 0x00007f0210d26303 in gtk_css_node_validate_internal (timestamp=<optimized out>, cssnode=0x55c5ed614d60) at ../gtk/gtk/gtkcssnode.c:1400
child = 0x55c5ed614d60
#21 gtk_css_node_validate_internal (cssnode=cssnode at entry=0x55c5ed611640, timestamp=timestamp at entry=343457837235) at ../gtk/gtk/gtkcssnode.c:1398
child = 0x55c5ed614d60
#22 0x00007f0210d26303 in gtk_css_node_validate_internal (timestamp=<optimized out>, cssnode=0x55c5ed611640) at ../gtk/gtk/gtkcssnode.c:1400
child = 0x55c5ed611640
#23 gtk_css_node_validate_internal (cssnode=cssnode at entry=0x55c5ed601cc0, timestamp=timestamp at entry=343457837235) at ../gtk/gtk/gtkcssnode.c:1398
child = 0x55c5ed611640
#24 0x00007f0210d26303 in gtk_css_node_validate_internal (timestamp=<optimized out>, cssnode=0x55c5ed601cc0) at ../gtk/gtk/gtkcssnode.c:1400
child = 0x55c5ed601cc0
#25 gtk_css_node_validate_internal (cssnode=cssnode at entry=0x55c5ee86f650, timestamp=timestamp at entry=343457837235) at ../gtk/gtk/gtkcssnode.c:1398
child = 0x55c5ed601cc0
#26 0x00007f0210d26303 in gtk_css_node_validate_internal (timestamp=<optimized out>, cssnode=0x55c5ee86f650) at ../gtk/gtk/gtkcssnode.c:1400
child = 0x55c5ee86f650
#27 gtk_css_node_validate_internal (cssnode=cssnode at entry=0x55c5edd6dd20, timestamp=timestamp at entry=343457837235) at ../gtk/gtk/gtkcssnode.c:1398
child = 0x55c5ee86f650
#28 0x00007f0210d26303 in gtk_css_node_validate_internal (timestamp=<optimized out>, cssnode=0x55c5edd6dd20) at ../gtk/gtk/gtkcssnode.c:1400
child = 0x55c5edd6dd20
#29 gtk_css_node_validate_internal (cssnode=cssnode at entry=0x55c5ed0a6bb0, timestamp=timestamp at entry=343457837235) at ../gtk/gtk/gtkcssnode.c:1398
child = 0x55c5edd6dd20
#30 0x00007f0210d26303 in gtk_css_node_validate_internal (timestamp=<optimized out>, cssnode=0x55c5ed0a6bb0) at ../gtk/gtk/gtkcssnode.c:1400
child = 0x55c5ed0a6bb0
#31 gtk_css_node_validate_internal (cssnode=<optimized out>, timestamp=343457837235) at ../gtk/gtk/gtkcssnode.c:1398
child = 0x55c5ed0a6bb0
Python Exception <class 'gdb.error'>: value has been optimized out
(gdb)
i guess i was moving a unit when the crash happened.
--
Ticket information of Freeciv project
Freeciv Project is hosted on OSDN
Project URL: https://osdn.net/projects/freeciv/
OSDN: https://osdn.net
URL for this Ticket:
https://osdn.net/projects/freeciv/ticket/48797
RSS feed for this Ticket:
https://osdn.net/ticket/ticket_rss.php?group_id=12505&tid=48797