OSDN -- Develop and Download Open Source Software

Ticket #48797
Ticket List Submit New Ticket RSS

Client crash S3_1 gtk3.22

Open Date: 2023-10-03 20:38 Last Update: 2023-10-06 06:33

Reporter:
mortmann
Owner:
cazfi
Type:
Bugs
Status:
Closed
Component:
Gtk3.22-client
MileStone:
3.0.9 (closed)
Priority:
5 - Medium
Severity:
5 - Medium
Resolution:
Fixed
File:
1

Details

Version S3_1 commit 7803ef3e17e3e24f53dd1397f9f8cbec6d9e200c Client gtk3.22 under wayland 

[michael@zen ~]$ corrupted size vs. prev_size
[michael@zen ~]$ opt/freeciv-3.1-20231002/bin/freeciv-gtk3.22 &
[2] 1057951
[1]   Aborted                 (core dumped) opt/freeciv-3.1-20231002/bin/freeciv-gtk3.22

{{{
(gdb) bt full
#0  __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44
        tid = <optimized out>
        ret = 0
        pd = <optimized out>
        old_mask = {__val = {0}}
        ret = <optimized out>
#1  0x00007f02104768a3 in __pthread_kill_internal (signo=6, threadid=<optimized out>) at pthread_kill.c:78
#2  0x00007f0210426668 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
        ret = <optimized out>
#3  0x00007f021040e4b8 in __GI_abort () at abort.c:79
        save_stage = 1
        act = {__sigaction_handler = {sa_handler = 0x20, sa_sigaction = 0x20}, sa_mask = {__val = {139646841571091, 94308746586704, 139646841675403, 60, 82, 140723990445968, 3615965802649469952, 0, 94308579495200, 0, 140723990446000, 139646842925328, 140723990446368, 66, 139646842739831, 140723990446768}}, sa_flags = -613006736, sa_restorer = 0x55c5ed0a6c80}
#4  0x00007f021040f390 in __libc_message (fmt=fmt@entry=0x7f021058655d "%s\n") at ../sysdeps/posix/libc_fatal.c:150
        ap = {{gp_offset = 16, fp_offset = 0, overflow_arg_area = 0x7ffcdb7640c0, reg_save_area = 0x7ffcdb764050}}
        fd = 2
        list = <optimized out>
        nlist = <optimized out>
        cp = <optimized out>
#5  0x00007f02104807b7 in malloc_printerr (str=str@entry=0x7f0210583fc5 "corrupted size vs. prev_size") at malloc.c:5765
#6  0x00007f021048130e in unlink_chunk (p=<optimized out>, av=<optimized out>) at malloc.c:1610
        fd = <optimized out>
        bk = <optimized out>
#7  0x00007f0210481480 in malloc_consolidate (av=av@entry=0x7f02105c0ac0 <main_arena>) at malloc.c:4869
        fb = 0x7f02105c0af0 <main_arena+48>
        maxfb = 0x7f02105c0b18 <main_arena+88>
        p = 0x55c5f7da1eb0
        nextp = 0x55c5f68d0720
        unsorted_bin = 0x7f02105c0b20 <main_arena+96>
        first_unsorted = <optimized out>
        nextchunk = <optimized out>
        size = 262400
        nextsize = <optimized out>
        prevsize = <optimized out>
        nextinuse = <optimized out>
#8  0x00007f0210483a38 in _int_malloc (av=av@entry=0x7f02105c0ac0 <main_arena>, bytes=bytes@entry=1368) at malloc.c:4034
        nb = <optimized out>
        idx = 69
        bin = <optimized out>
        victim = <optimized out>
        size = <optimized out>
        victim_index = <optimized out>
        remainder = <optimized out>
        remainder_size = <optimized out>
        block = <optimized out>
        bit = <optimized out>
        map = <optimized out>
        fwd = <optimized out>
        bck = <optimized out>
        tcache_unsorted_count = <optimized out>
        tcache_nb = <optimized out>
        tc_idx = <optimized out>
        return_cached = <optimized out>
        __PRETTY_FUNCTION__ = "_int_malloc"
#9  0x00007f0210485d08 in __libc_calloc (n=n@entry=1, elem_size=elem_size@entry=1368) at malloc.c:3747
        av = <optimized out>
        oldtop = 0x55c5f8052450
        sz = 1368
        oldtopsize = 7289776
        mem = <optimized out>
        clearsize = <optimized out>
        nclears = <optimized out>
        d = <optimized out>
        bytes = 1368
        __PRETTY_FUNCTION__ = "__libc_calloc"
        p = <optimized out>
        csz = <optimized out>
#10 0x00007f021062e26b in g_malloc0 (n_bytes=n_bytes@entry=1368) at ../glib/glib/gmem.c:163
        mem = <optimized out>
#11 0x00007f0210d40252 in _gtk_css_lookup_new (relevant=0x0) at ../gtk/gtk/gtkcsslookup.c:28
        lookup = <optimized out>
        result = <optimized out>
        lookup = <optimized out>
        change = 4294967295
#12 gtk_css_static_style_new_compute (provider=0x55c5ecfab690, matcher=0x7ffcdb764310, parent=0x55c5f1ed4610) at ../gtk/gtk/gtkcssstaticstyle.c:183
        result = <optimized out>
--Type <RET> for more, q to quit, c to continue without paging--c
        lookup = <optimized out>
        change = 4294967295
#13 0x00007f0210d20796 in gtk_css_node_create_style (cssnode=0x55c5ed615a20) at ../gtk/gtk/gtkcssnode.c:371
        decl = 0x55c5f8007580
        matcher = {klass = 0x7f02113c6220 <GTK_CSS_MATCHER_NODE>, path = {klass = 0x7f02113c6220 <GTK_CSS_MATCHER_NODE>, decl = 0x55c5ed615a20, path = 0xffffffffffffff88, index = 11, sibling_index = 0}, node = {klass = 0x7f02113c6220 <GTK_CSS_MATCHER_NODE>, node = 0x55c5ed615a20}, superset = {klass = 0x7f02113c6220 <GTK_CSS_MATCHER_NODE>, subset = 0x55c5ed615a20, relevant = 18446744073709551496}}
        parent = <optimized out>
        style = <optimized out>
        static_style = <optimized out>
        new_static_style = <optimized out>
        new_style = <optimized out>
#14 gtk_css_node_real_update_style (cssnode=0x55c5ed615a20, change=27925676160, timestamp=343457837235, style=0x55c5f079a250) at ../gtk/gtk/gtkcssnode.c:425
        static_style = <optimized out>
        new_static_style = <optimized out>
        new_style = <optimized out>
#15 0x00007f0210d26017 in gtk_css_node_ensure_style (cssnode=cssnode@entry=0x55c5ed615a20, current_time=current_time@entry=343457837235) at ../gtk/gtk/gtkcssnode.c:1007
        new_style = <optimized out>
        style_changed = <optimized out>
#16 0x00007f0210d262a7 in gtk_css_node_ensure_style (current_time=current_time@entry=343457837235, cssnode=cssnode@entry=0x55c5ed615a20) at ../gtk/gtk/gtkcssnode.c:992
        child = <optimized out>
#17 gtk_css_node_validate_internal (cssnode=cssnode@entry=0x55c5ed615a20, timestamp=timestamp@entry=343457837235) at ../gtk/gtk/gtkcssnode.c:1384
        child = <optimized out>
#18 0x00007f0210d26303 in gtk_css_node_validate_internal (timestamp=<optimized out>, cssnode=0x55c5ed615a20) at ../gtk/gtk/gtkcssnode.c:1400
        child = 0x55c5ed615a20
#19 gtk_css_node_validate_internal (cssnode=cssnode@entry=0x55c5ed614d60, timestamp=timestamp@entry=343457837235) at ../gtk/gtk/gtkcssnode.c:1398
        child = 0x55c5ed615a20
#20 0x00007f0210d26303 in gtk_css_node_validate_internal (timestamp=<optimized out>, cssnode=0x55c5ed614d60) at ../gtk/gtk/gtkcssnode.c:1400
        child = 0x55c5ed614d60
#21 gtk_css_node_validate_internal (cssnode=cssnode@entry=0x55c5ed611640, timestamp=timestamp@entry=343457837235) at ../gtk/gtk/gtkcssnode.c:1398
        child = 0x55c5ed614d60
#22 0x00007f0210d26303 in gtk_css_node_validate_internal (timestamp=<optimized out>, cssnode=0x55c5ed611640) at ../gtk/gtk/gtkcssnode.c:1400
        child = 0x55c5ed611640
#23 gtk_css_node_validate_internal (cssnode=cssnode@entry=0x55c5ed601cc0, timestamp=timestamp@entry=343457837235) at ../gtk/gtk/gtkcssnode.c:1398
        child = 0x55c5ed611640
#24 0x00007f0210d26303 in gtk_css_node_validate_internal (timestamp=<optimized out>, cssnode=0x55c5ed601cc0) at ../gtk/gtk/gtkcssnode.c:1400
        child = 0x55c5ed601cc0
#25 gtk_css_node_validate_internal (cssnode=cssnode@entry=0x55c5ee86f650, timestamp=timestamp@entry=343457837235) at ../gtk/gtk/gtkcssnode.c:1398
        child = 0x55c5ed601cc0
#26 0x00007f0210d26303 in gtk_css_node_validate_internal (timestamp=<optimized out>, cssnode=0x55c5ee86f650) at ../gtk/gtk/gtkcssnode.c:1400
        child = 0x55c5ee86f650
#27 gtk_css_node_validate_internal (cssnode=cssnode@entry=0x55c5edd6dd20, timestamp=timestamp@entry=343457837235) at ../gtk/gtk/gtkcssnode.c:1398
        child = 0x55c5ee86f650
#28 0x00007f0210d26303 in gtk_css_node_validate_internal (timestamp=<optimized out>, cssnode=0x55c5edd6dd20) at ../gtk/gtk/gtkcssnode.c:1400
        child = 0x55c5edd6dd20
#29 gtk_css_node_validate_internal (cssnode=cssnode@entry=0x55c5ed0a6bb0, timestamp=timestamp@entry=343457837235) at ../gtk/gtk/gtkcssnode.c:1398
        child = 0x55c5edd6dd20
#30 0x00007f0210d26303 in gtk_css_node_validate_internal (timestamp=<optimized out>, cssnode=0x55c5ed0a6bb0) at ../gtk/gtk/gtkcssnode.c:1400
        child = 0x55c5ed0a6bb0
#31 gtk_css_node_validate_internal (cssnode=<optimized out>, timestamp=343457837235) at ../gtk/gtk/gtkcssnode.c:1398
        child = 0x55c5ed0a6bb0
Python Exception <class 'gdb.error'>: value has been optimized out
(gdb)

i guess i was moving a unit when the crash happened.

Ticket History (3/8 Histories)

2023-10-03 20:38 Updated by: mortmann
  • New Ticket "Client crash S3_1 gtk3.22" created
2023-10-03 20:57 Updated by: mortmann
  • Component Update from (None) to Gtk3.22-client
2023-10-03 22:00 Updated by: cazfi
Comment

As there seems to be theming related calls in the backtrace, and recent theming change made theming to apply entire display; do you happen to have multiple displays on your computer?

2023-10-04 02:04 Updated by: cazfi
Comment

Reproduced something a bit similar. There seems to be another ( in addition to #48787 and #48788) move animation virtual unit memory problem. Namely that no virtual unit is created at all! Instead pointer of the actual unit is being used. If the unit gets wiped before animation has run completely -> memory corruption.

2023-10-04 02:22 Updated by: cazfi
  • Owner Update from (None) to cazfi
  • Resolution Update from None to Accepted
  • Milestone Update from (None) to 3.0.9 (closed)
Comment

Patch meant for S2_6 too.

2023-10-04 02:51 Updated by: mortmann
Comment

Reply To cazfi

As there seems to be theming related calls in the backtrace, and recent theming change made theming to apply entire display; do you happen to have multiple displays on your computer?

nope, single monitor here

2023-10-06 06:33 Updated by: cazfi
  • Status Update from Open to Closed
  • Resolution Update from Accepted to Fixed

Edit

Please login to add comment to this ticket » Login