Project

General

Profile

Bug #858069

in fill_unit_type_sprite_array() [tilespec.c::4150]: assertion 'uspr != NULL' failed, plus a SEGV (2.6.1+, civ2civ3_earth)

Added by Chippo Elder 5 months ago. Updated 5 months ago.

Status:
Closed
Priority:
Normal
Category:
Client
Target version:
Start date:
Due date:
% Done:

0%

Estimated time:

Description

I used freeciv-mp-gtk3 (2.6.1+) to install the civ2civ3_earth modpack. When starting a game with that ruleset, as you press Start, you hit this assertion and then a SEGV.

I'll test reproducibility of the assertion failure and if it's reproducible, I'll run with -F and get a backtrace of the assert failure. In this edit is the backtrace of the SEGV.

1: in fill_unit_type_sprite_array() [tilespec.c::4150]: assertion 'uspr != NULL' failed.
1: Please report this message at https://www.hostedredmine.com/projects/freeciv
--Type <RET> for more, q to quit, c to continue without paging--c

Thread 1 "freeciv-qt" received signal SIGSEGV, Segmentation fault.
0x00007ffff7547424 in QPixmap::width() const () from /usr/lib/x86_64-linux-gnu/libQt5Gui.so.5
(gdb) bt full
#0 0x00007ffff7547424 in QPixmap::width() const () at /usr/lib/x86_64-linux-gnu/libQt5Gui.so.5
#1 0x0000555555635579 in qtg_get_sprite_dimensions(sprite*, int*, int*) (sprite=0x7ffff6ab54c0, width=0x7fffffffa480, height=0x7fffffffa484) at sprite.cpp:164
#2 0x00005555556a158b in qtg_canvas_put_sprite_full(canvas*, int, int, sprite*) (pcanvas=0x55555b435470, canvas_x=0, canvas_y=0, sprite=0x7ffff6ab54c0)
at canvas.cpp:151
width = -21984
height = 32767
#3 0x00005555556653c8 in put_drawn_sprites
(pcanvas=pcanvas@entry=0x55555b435470, zoom=1, canvas_x=canvas_x@entry=0, canvas_y=canvas_y@entry=0, count=<optimized out>, pdrawn=pdrawn@entry=0x7fffffffa520, fog=false) at mapview_common.c:1302
i = <optimized out>
#4 0x00005555556654fa in put_one_element
(pcanvas=pcanvas@entry=0x55555b435470, zoom=zoom@entry=1, layer=layer@entry=LAYER_FOCUS_UNIT, ptile=ptile@entry=0x0, pedge=pedge@entry=0x0, pcorner=pcorner@entry=0x0, punit=punit@entry=0x55555ad22f20, pcity=0x0, canvas_x=0, canvas_y=0, citymode=0x0, putype=0x0) at mapview_common.c:1332
tile_sprs = {{foggable = false, sprite = 0x7ffff6ab54c0, offset_x = 0, offset_y = 0}, {foggable = false, sprite = 0x0, offset_x = 0, offset_y = 0}, {foggable = false, sprite = 0x55555b0fa550, offset_x = 0, offset_y = 0}, {foggable = 151, sprite = 0x7ffff739a988 <QCoreApplication::self>, offset_x = 0, offset_y = 0}, {foggable = true, sprite = 0x7ffff70dca9a <QCoreApplication::notifyInternal2(QObject*, QEvent*)+394>, offset_x = 0, offset_y = 0}, {foggable = 64, sprite = 0x0, offset_x = 124, offset_y = 119}, {foggable = 80, sprite = 0x7fffffffa640, offset_x = -23121, offset_y = 32767}, {foggable = false, sprite = 0x640, offset_x = 16, offset_y = 48}, {foggable = false, sprite = 0x7fffffffac10, offset_x = 1, offset_y = 0}, {foggable = 29, sprite = 0x0, offset_x = 843, offset_y = 32767}, {foggable = 63, sprite = 0x6400000034c, offset_x = -22592, offset_y = 32767}, {foggable = 64, sprite = 0x0, offset_x = 1600, offset_y = 844}, {foggable = 16, sprite = 0x0, offset_x = -262130, offset_y = 1600}, {foggable = 76, sprite = 0x7fffffffa960, offset_x = -157955616, offset_y = 32767}, {foggable = 96, sprite = 0x7ffff69cf995, offset_x = -22168, offset_y = 32767}, {foggable = false, sprite = 0x55555c33720d, offset_x = 1541866288, offset_y = 21845}, {foggable = 144, sprite = 0x7ffff62ec7c3 <_int_malloc+2947>, offset_x = 1558325760, offset_y = 21845}, {foggable = 224, sprite = 0x7, offset_x = 1437716526, offset_y = 21845}, {foggable = false, sprite = 0x555500000011, offset_x = 1437716616, offset_y = 21845}, {foggable = 48, sprite = 0x4, offset_x = 17, offset_y = 52}, {foggable = false, sprite = 0x0, offset_x = 0, offset_y = 0}, {foggable = 124, sprite = 0x5b0000006e, offset_x = 80, offset_y = 0}, {foggable = 7, sprite = 0xf, offset_x = 256, offset_y = 0}, {foggable = 128, sprite = 0x1, offset_x = -152931392, offset_y = 32767}, {foggable = 32, sprite = 0xd7c4304a2acf6500, offset_x = 8, offset_y = 0}, {foggable = 16, sprite = 0x55555b393f80, offset_x = 7, offset_y = 0}, {foggable = 80, sprite = 0x7ffff6e273c0 <QAction::staticMetaObject>, offset_x = 32, offset_y = 0}, {foggable = 176, sprite = 0x6, offset_x = 1531139232, offset_y = 21845}, {foggable = 128, sprite = 0x7ffff6e273c0 <QAction::staticMetaObject>, offset_x = 32, offset_y = 0}, {foggable = 167, sprite = 0x48, offset_x = -150052037, offset_y = 32767}, {foggable = 144, sprite = 0x55555c3b3e60, offset_x = 1467345296, offset_y = 21845}, {foggable = 18, sprite = 0x7ffff6ccecb4, offset_x = 718234880, offset_y = 6}, {foggable = 192, sprite = 0x0, offset_x = -152931392, offset_y = 32767}, {foggable = 29, sprite = 0x7ffff739cda0, offset_x = -147206584, offset_y = 32767}, {foggable = false, sprite = 0xd7c4304a2acf6500, offset_x = -22216, offset_y = 32767}, {foggable = false, sprite = 0x7fffffffab30, offset_x = -21952, offset_y = 32767}, {foggable = 48, sprite = 0x7ffff6ccecb4, offset_x = 1547386464, offset_y = 21845}, {foggable = 179, sprite = 0x7fffffffab60, offset_x = -149884561, offset_y = 32767}, {foggable = false, sprite = 0x0, offset_x = 0, offset_y = 0}, {foggable = 9, sprite = 0x8, offset_x = -151907007, offset_y = 32767}, {foggable = 8, sprite = 0x7fffffffb010, offset_x = -22104, offset_y = 32767}, {foggable = 39, sprite = 0x7fffffffa9a0, offset_x = -20464, offset_y = 32767}, {foggable = 160, sprite = 0x7ffff6fa6e32 <QString::multiArg(int, QString const**) const+1330>, offset_x = 1452841664, offset_y = 21845}, {foggable = 128, sprite = 0x7fffffffafb0, offset_x = -20464, offset_y = 32767}, {foggable = 240, sprite = 0x7fffffffb030, offset_x = 2, offset_y = 1}, {foggable = 224, sprite = 0x18, offset_x = 432504422, offset_y = 21845}, {foggable = false, sprite = 0x55555b433d10, offset_x = -149910816, offset_y = 32767}, {foggable = false, sprite = 0x200000010, offset_x = -22112, offset_y = 32767}, {foggable = true, sprite = 0x7ffff6b7aec4, offset_x = -149170560, offset_y = 32767}, {foggable = false, sprite = 0x555555b619a0, offset_x = 1438063007, offset_y = 21845}, {foggable = true, sprite = 0x555555b7199f, offset_x = 32, offset_y = 4}, {foggable = 240, sprite = 0x7fffffffafb0, offset_x = 0, offset_y = 3}, {foggable = 255, sprite = 0x7fffffffafd0, offset_x = 0, offset_y = 2}, {foggable = true, sprite = 0x7fffffffafb0, offset_x = 5, offset_y = 1}, {foggable = 255, sprite = 0x7fffffffaff0, offset_x = 0, offset_y = 2}, {foggable = 194, sprite = 0x7ffff643bbe0 <main_arena+96>, offset_x = 0, offset_y = 0}, {foggable = 7, sprite = 0x555555b1d1d0, offset_x = 3600, offset_y = 0}, {foggable = 98, sprite = 0x555555b1d710, offset_x = 3648, offset_y = 0}, {foggable = 56, sprite = 0x68000000e2, offset_x = 7, offset_y = 0}, {foggable = false, sprite = 0x0, offset_x = 124, offset_y = 119}, {foggable = 110, sprite = 0xe01, offset_x = 1437822048, offset_y = 21845}, {foggable = 224, sprite = 0xe10, offset_x = -163333248, offset_y = 32767}, {foggable = 30, sprite = 0x3, offset_x = 120, offset_y = 0}, {foggable = 73, sprite = 0x1e, offset_x = 4, offset_y = 0}, {foggable = 128, sprite = 0x7ffff750c8d0 <QImageData::create(QSize const&, QImage::Format)+320>, offset_x = 3600, offset_y = 0}, {foggable = 32, sprite = 0x7fffffffabd3, offset_x = 1439448972, offset_y = 21845}, {foggable = 24, sprite = 0x7fffffffabd4, offset_x = 1438274400, offset_y = 21845}, {foggable = false, sprite = 0x8, offset_x = -21520, offset_y = 32767}, {foggable = 208, sprite = 0xd7c4304a2acf6500, offset_x = 1530826544, offset_y = 21845}, {foggable = false, sprite = 0x55555b3e8f30, offset_x = -145692312, offset_y = 32767}, {foggable = 30, sprite = 0x55555b3e8f00, offset_x = 30, offset_y = 0}, {foggable = false, sprite = 0x55555b3e8f30, offset_x = -204--Type <RET> for more, q to quit, c to continue without paging--c
32, offset_y = 32767}, {foggable = 6, sprite = 0x55555ad22f20, offset_x = -20464, offset_y = 32767}, {foggable = 16, sprite = 0x0, offset_x = 0, offset_y = 0}, {foggable = 80, sprite = 0x0, offset_x = 1531139184, offset_y = 21845}, {foggable = false, sprite = 0x7ffffffface0, offset_x = 718234880, offset_y = -675008438}, {foggable = false, sprite = 0x55555b3e8f00, offset_x = 1530826544, offset_y = 21845}, {foggable = 48, sprite = 0x6, offset_x = 1523724064, offset_y = 21845}, {foggable = 16, sprite = 0x7ffff75501ce <QRasterPlatformPixmap::fill(QColor const&)+190>, offset_x = -20984, offset_y = 32767}, {foggable = 89, sprite = 0x1e, offset_x = 1531139184, offset_y = 21845}}
count = <optimized out>
fog = <optimized out>
#5 0x00005555556655da in put_unit (punit=punit@entry=0x55555ad22f20, pcanvas=pcanvas@entry=0x55555b435470, zoom=zoom@entry=1, canvas_x=canvas_x@entry=0, canvas_y=canvas_y@entry=0) at mapview_common.c:1344
layer = LAYER_FOCUS_UNIT
#6 0x00005555555dddab in hud_units::update_actions(unit_list*) (this=0x5555567b6760, punits=<optimized out>) at hudwidget.cpp:661
num = <optimized out>
wwidth = <optimized out>
font_width = <optimized out>
expanded_unit_width = <optimized out>
font = {static staticMetaObject = {d = {superdata = 0x0, stringdata = 0x7ffff78d5640, data = 0x7ffff78d5380, static_metacall = 0x0, relatedMetaObjects = 0x0, extradata = 0x0}}, d = {d = 0x555558c3bd80}, resolve_mask = 4991}
fm = <optimized out>
cropped_img = <incomplete type>
img = <incomplete type>
p = {static staticMetaObject = {d = {superdata = 0x0, stringdata = 0x7ffff78da880, data = 0x7ffff78da7a0, static_metacall = 0x0, relatedMetaObjects = 0x0, extradata = 0x0}}, d_ptr = {d = 0x555558998500}}
pix = <incomplete type>
pix2 = <incomplete type>
crop = {x1 = 0, y1 = 0, x2 = -1, y2 = -1}
bounding_rect = {x1 = 0, y1 = 0, x2 = -1, y2 = -1}
mp = {static null = {<No data fields>}, d = 0x55555b395c50}
snum = {static null = {<No data fields>}, d = 0x55555ce22bc0}
fraction1 = {static null = {<No data fields>}, d = 0x7ffff71bd680 <QArrayData::shared_null>}
fraction2 = {static null = {<No data fields>}, d = 0x7ffff71bd680 <QArrayData::shared_null>}
text_str = {static null = {<No data fields>}, d = 0x55555b395d80}
move_pt_text = {static null = {<No data fields>}, d = 0x7ffff71bd680 <QArrayData::shared_null>}
tile_pixmap = <optimized out>
unit_pixmap = 0x55555b435470
pcity = <optimized out>
owner = <optimized out>
tmp = 0x55555e4c7a90
punit = 0x55555ad22f20
#7 0x000055555569dc72 in update_unqueue (data=<optimized out>) at update_queue.c:319
callback = 0x55555569dcb0 <menus_update_callback>
uq_data = <optimized out>
MY_mem_MY_iter = 0x7fffffffb090 "@\n\200UUU"
MY_it_MY_iter = 0x7fffffffb090
MY_iter = 0x7fffffffb090
hash = 0x555558f49dd0
#8 0x00005555555e5917 in mr_idle::idling() (this=0x555555fcee88) at mapview.cpp:175
cb = 0x55555e94c3e0
#9 0x00007ffff71085c8 in QMetaObject::activate(QObject*, int, int, void**) () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#10 0x00007ffff711566b in QTimer::timeout(QTimer::QPrivateSignal) () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#11 0x00007ffff7108e55 in QObject::event(QEvent*) () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#12 0x00007ffff6928a86 in QApplicationPrivate::notify_helper(QObject*, QEvent*) () at /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
#13 0x00007ffff6931e00 in QApplication::notify(QObject*, QEvent*) () at /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
#14 0x00007ffff70dca9a in QCoreApplication::notifyInternal2(QObject*, QEvent*) () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#15 0x00007ffff7133a00 in QTimerInfoList::activateTimers() () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#16 0x00007ffff71342dc in () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#17 0x00007ffff476584d in g_main_context_dispatch () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#18 0x00007ffff4765ad0 in () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#19 0x00007ffff4765b73 in g_main_context_iteration () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#20 0x00007ffff71346a5 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#21 0x00007ffff70db63b in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#22 0x00007ffff70e33a6 in QCoreApplication::exec() () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#23 0x00005555556e8f11 in fc_client::fc_main(QApplication*) (this=0x555555fcec70, qapp=0x555555baf3e0) at fc_client.cpp:257
#24 0x00005555555c56d3 in qtg_ui_main(int, char**) (argc=<optimized out>, argv=<optimized out>) at gui_main.cpp:191
qpm = <optimized out>
app_icon = {d = 0x555555efdf90}
#25 0x0000555555639ffe in client_main (argc=1, argv=0x7fffffffbbf8) at client_main.c:685
i = 1
loglevel = LOG_NORMAL
ui_options = <optimized out>
ui_separator = <optimized out>
option = <optimized out>
fatal_assertions = -1
aii = 1
FUNCTION = "client_main"
#26 0x00007ffff62781e3 in __libc_start_main (main=0x5555555c3460 <main(int, char**)>, argc=1, argv=0x7fffffffbbf8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffbbe8) at ../csu/libc-start.c:308
result = <optimized out>
unwind_buf = {cancel_jmp_buf = {{jmp_buf = {0, 34096560958761711, 93824992692096, 140737488337904, 0, 0, 6137410544809962223, 6137392473419049711}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x7fffffffbc08, 0x7ffff7ffe190}, data = {prev = 0x0, cleanup = 0x0, canceltype = -17400}}}
not_first_call = <optimized out>
#27 0x00005555555c47ae in _start () at gui_main.cpp:114

History

#1 Updated by Chippo Elder 5 months ago

I got a backtrace for the assertion failure (see below). To trigger it, I need to play at least one turn of Ancients (another ruleset), leave game and then try to start a civ2civ3_earth game. If you just charge straight into a civ2civ3_earth game, everything goes correctly.

So far, both backtraces have come from the qt client, but I didn't put it into the Subject yet, 'cos at least one of them might be a server-side problem. After a bit more research and some tests with the gtk client, an admin can help me break this ticket into as many separate tickets as is appropriate.

0: in fill_unit_type_sprite_array() [tilespec.c::4150]: assertion 'uspr != NULL' failed.
0: Please report this message at https://www.hostedredmine.com/projects/freeciv
--Type <RET> for more, q to quit, c to continue without paging--

Thread 1 "freeciv-qt" received signal SIGABRT, Aborted.
raise (sig=<optimized out>) at ../sysdeps/unix/sysv/linux/raise.c:50
50 ../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb)
(gdb) bt full
#0 raise (sig=<optimized out>) at ../sysdeps/unix/sysv/linux/raise.c:50
set = {__val = {0, 140737323244704, 38654705673, 140737488330512, 140737488339156, 93824998401792, 7, 2627193856, 0, 9054131099450985472, 93824998403360, 0, 21474836480, 140737488330544, 140733193388032, 93824998403168}}
pid = <optimized out>
tid = <optimized out>
#1 0x00005555558051ee in fc_assert_fail
(file=file@entry=0x555555845791 "tilespec.c", function=function@entry=0x555555848a40 <__FUNCTION__.31875> "fill_unit_type_sprite_array", line=line@entry=4150, assertion=assertion@entry=0x5555558461e7 "uspr != NULL", message=0x5555558770b2 "nologmsg:%s") at log.c:523
level = LOG_FATAL
#2 0x00005555556957eb in fill_unit_type_sprite_array
(t=t@entry=0x555555bd66f0, sprs=sprs@entry=0x7fffffffa528, putype=putype@entry=0x555555ad1838 <unit_types+75896>, facing=<optimized out>) at tilespec.c:4154
uspr = 0x0
FUNCTION = "fill_unit_type_sprite_array"
#3 0x0000555555697239 in fill_unit_sprite_array (backdrop=<optimized out>, stack=false, punit=0x55555cec8e40, sprs=0x7fffffffa528, t=0x555555bd66f0)
at tilespec.c:4180
save_sprs = 0x7fffffffa510
ihp = <optimized out>
ptype = 0x555555ad1838 <unit_types+75896>
FUNCTION = "fill_unit_sprite_array"
stacked = <optimized out>
backdrop = <optimized out>
tileno = <optimized out>
dir = <optimized out>
textras_near = {{vec = "\000\000\000\000\000\000\000"}, {vec = "\371w\225\366\377\177\000"}, {vec = "\000\000\000\000\000\000\000"}, {vec = "?\006\000\000K\003\000"}, {vec = "\000\000\000\000\000\000\000"}, {vec = "?\006\000\000\203\003\000"}, {vec = "\000\000\000\000\341\377\377\377"}, {vec = "?\006\000\000d\003\000"}}
textras = {vec = "\000\000\000\000\000\000\000"}
tterrain_near = {0x7ffff69223c0 <QAction::triggered(bool)>, 0x7da6bc439c97cc00, 0x5555555e7620 <mr_menu::slot_show_new_turn_text()>, 0x7ffff643d1a0 <_IO_strn_jumps>, 0x7fffffffaa10, 0x7fffffffaa30, 0x55555585f697, 0x7fffffffabe0}
pterrain = <optimized out>
save_sprs = 0x7fffffffa510
owner = 0x0
do_draw_unit = <optimized out>
solid_bg = <optimized out>
FUNCTION = "fill_sprite_array"
#4 fill_sprite_array (t=<optimized out>, sprs=sprs@entry=0x7fffffffa510, layer=layer@entry=LAYER_FOCUS_UNIT, ptile=<optimized out>,
ptile@entry=0x0, pedge=pedge@entry=0x0, pcorner=pcorner@entry=0x0, punit=0x55555cec8e40, pcity=0x0, citymode=0x0, putype=0x0) at tilespec.c:5711
stacked = <optimized out>
backdrop = <optimized out>
tileno = <optimized out>
dir = <optimized out>
textras_near = {{vec = "\000\000\000\000\000\000\000"}, {vec = "\371w\225\366\377\177\000"}, {vec = "\000\000\000\000\000\000\000"}, {vec = "?\006\000\000K\003\000"}, {vec = "\000\000\000\000\000\000\000"}, {vec = "?\006\000\000\203\003\000"}, {vec = "\000\000\000\000\341\377\377\377"}, {vec = "?\006\000\000d\003\000"}}
textras = {vec = "\000\000\000\000\000\000\000"}
tterrain_near = {0x7ffff69223c0 <QAction::triggered(bool)>, 0x7da6bc439c97cc00, 0x5555555e7620 <mr_menu::slot_show_new_turn_text()>, 0x7ffff643d1a0 <_IO_strn_jumps>, 0--Type <RET> for more, q to quit, c to continue without paging--c
x7fffffffaa10, 0x7fffffffaa30, 0x55555585f697, 0x7fffffffabe0}
pterrain = <optimized out>
save_sprs = 0x7fffffffa510
owner = 0x0
do_draw_unit = <optimized out>
solid_bg = <optimized out>
FUNCTION = "fill_sprite_array"
#5 0x00005555556654c4 in put_one_element (pcanvas=pcanvas@entry=0x55555ce36860, zoom=zoom@entry=1, layer=layer@entry=LAYER_FOCUS_UNIT, ptile=ptile@entry=0x0, pedge=pedge@entry=0x0, pcorner=pcorner@entry=0x0, punit=punit@entry=0x55555cec8e40, pcity=0x0, canvas_x=0, canvas_y=0, citymode=0x0, putype=0x0) at mapview_common.c:1325
tile_sprs = {{foggable = false, sprite = 0x55555a10d900, offset_x = 0, offset_y = 0}, {foggable = true, sprite = 0x555500000001, offset_x = 0, offset_y = 0}, {foggable = 160, sprite = 0xd68, offset_x = 2, offset_y = 0}, {foggable = 151, sprite = 0x7ffff739a988 <QCoreApplication::self>, offset_x = 0, offset_y = 0}, {foggable = true, sprite = 0x7ffff70dca9a <QCoreApplication::notifyInternal2(QObject*, QEvent*)+394>, offset_x = 0, offset_y = 0}, {foggable = 48, sprite = 0x0, offset_x = 124, offset_y = 119}, {foggable = 240, sprite = 0x7fffffffa630, offset_x = -23137, offset_y = 32767}, {foggable = false, sprite = 0x640, offset_x = 16, offset_y = 48}, {foggable = 240, sprite = 0x7fffffffac00, offset_x = 1, offset_y = 0}, {foggable = 29, sprite = 0x0, offset_x = 843, offset_y = 21845}, {foggable = 63, sprite = 0x6400000034c, offset_x = 1457619744, offset_y = 21845}, {foggable = 64, sprite = 0x0, offset_x = 1600, offset_y = 844}, {foggable = 16, sprite = 0x0, offset_x = -262130, offset_y = 1600}, {foggable = 76, sprite = 0x7fffffffa950, offset_x = -157955616, offset_y = 32767}, {foggable = 80, sprite = 0x7ffff69cf995, offset_x = -22184, offset_y = 32767}, {foggable = false, sprite = 0x55555ab611cd, offset_x = 1558884208, offset_y = 21845}, {foggable = 16, sprite = 0x7ffff62ec7c3 <_int_malloc+2947>, offset_x = 0, offset_y = 0}, {foggable = 16, sprite = 0x7, offset_x = 1437716526, offset_y = 21845}, {foggable = false, sprite = 0x555500000011, offset_x = 1437716616, offset_y = 21845}, {foggable = 48, sprite = 0x4, offset_x = 17, offset_y = 52}, {foggable = false, sprite = 0x0, offset_x = 0, offset_y = 0}, {foggable = 124, sprite = 0x5b0000006e, offset_x = 80, offset_y = 0}, {foggable = 7, sprite = 0xf, offset_x = 256, offset_y = 0}, {foggable = 128, sprite = 0x1, offset_x = -152931392, offset_y = 32767}, {foggable = 32, sprite = 0x7da6bc439c97cc00, offset_x = 8, offset_y = 0}, {foggable = false, sprite = 0x55555ce36a80, offset_x = 7, offset_y = 0}, {foggable = 80, sprite = 0x7ffff6e273c0 <QAction::staticMetaObject>, offset_x = 32, offset_y = 0}, {foggable = 176, sprite = 0x6, offset_x = 1558407312, offset_y = 21845}, {foggable = 128, sprite = 0x7ffff6e273c0 <QAction::staticMetaObject>, offset_x = 32, offset_y = 0}, {foggable = 167, sprite = 0x48, offset_x = -150052037, offset_y = 32767}, {foggable = 208, sprite = 0x555556ec8ef0, offset_x = 1482200016, offset_y = 21845}, {foggable = 18, sprite = 0x7ffff6ccecb4, offset_x = -1667773440, offset_y = 6}, {foggable = 192, sprite = 0x0, offset_x = -152931392, offset_y = 32767}, {foggable = 29, sprite = 0x7ffff739cc38, offset_x = -147206384, offset_y = 32767}, {foggable = false, sprite = 0x7da6bc439c97cc00, offset_x = -22232, offset_y = 32767}, {foggable = false, sprite = 0x7fffffffab20, offset_x = -21968, offset_y = 32767}, {foggable = 32, sprite = 0x7ffff6ccecb4, offset_x = 1458343664, offset_y = 21845}, {foggable = 179, sprite = 0x7fffffffab50, offset_x = -149884561, offset_y = 32767}, {foggable = false, sprite = 0x0, offset_x = 0, offset_y = 0}, {foggable = 9, sprite = 0x8, offset_x = -151907007, offset_y = 32767}, {foggable = 8, sprite = 0x7fffffffb000, offset_x = -22120, offset_y = 32767}, {foggable = 39, sprite = 0x7fffffffa990, offset_x = -20480, offset_y = 32767}, {foggable = 144, sprite = 0x7ffff6fa6e32 <QString::multiArg(int, QString const**) const+1330>, offset_x = 1444376784, offset_y = 21845}, {foggable = 128, sprite = 0x7fffffffafa0, offset_x = -20480, offset_y = 32767}, {foggable = 224, sprite = 0x7fffffffb020, offset_x = 2, offset_y = 1}, {foggable = 208, sprite = 0x18, offset_x = 231318885, offset_y = 21845}, {foggable = false, sprite = 0x55555d08c190, offset_x = -149910816, offset_y = 32767}, {foggable = false, sprite = 0x200000010, offset_x = -22128, offset_y = 32767}, {foggable = true, sprite = 0x7ffff6b7aec4, offset_x = -149170560, offset_y = 32767}, {foggable = false, sprite = 0x555555b619f0, offset_x = 1438063087, offset_y = 21845}, {foggable = true, sprite = 0x555555b719ef, offset_x = 32, offset_y = 4}, {foggable = 224, sprite = 0x7fffffffafa0, offset_x = 0, offset_y = 3}, {foggable = 255, sprite = 0x7fffffffafc0, offset_x = 0, offset_y = 2}, {foggable = true, sprite = 0x7fffffffafa0, offset_x = 5, offset_y = 1}, {foggable = 255, sprite = 0x7fffffffafe0, offset_x = 0, offset_y = 2}, {foggable = 195, sprite = 0x55555708ddd0, offset_x = -163333152, offset_y = 32767}, {foggable = 7, sprite = 0x555555b1d1d0, offset_x = 3600, offset_y = 0}, {foggable = 98, sprite = 0x555555b1d710, offset_x = 3648, offset_y = 0}, {foggable = 56, sprite = 0x68000000e2, offset_x = 7, offset_y = 0}, {foggable = false, sprite = 0x0, offset_x = 124, offset_y = 119}, {foggable = 110, sprite = 0x7fffffffabe0, offset_x = 1437822048, offset_y = 21845}, {foggable = 224, sprite = 0xe10, offset_x = -163333248, offset_y = 32767}, {foggable = 30, sprite = 0x3, offset_x = 120, offset_y = 0}, {foggable = 73, sprite = 0x1e, offset_x = 4, offset_y = 0}, {foggable = 192, sprite = 0x7ffff750c8d0 <QImageData::create(QSize const&, QImage::Format)+320>, offset_x = 3600, offset_y = 0}, {foggable = 32, sprite = 0x7fffffffabc3, offset_x = 1438270508, offset_y = 21845}, {foggable = 24, sprite = 0x7fffffffabc4, offset_x = 1438274000, offset_y = 21845}, {foggable = false, sprite = 0x8, offset_x = -21536, offset_y = 32767}, {foggable = 192, sprite = 0x7da6bc439c97cc00, offset_x = 1530754032, offset_y = 21845}, {foggable = 192, sprite = 0x55555b3d73f0, offset_x = -145692312, offset_y = 32767}, {foggable = 30, sprite = 0x55555b3d73c0, offset_x = 30, offset_y = 0}, {foggable = 192, sprite = 0x55555b3d73f0, offset_x = -20448, offset_y = 32767}, {foggable = 6, sprite = 0x55555cec8e40, offset_x = -20480, offset_y = 32767}, {foggable = 16, sprite = 0x0, offset_x = 0, offset_y = 0}, {foggable = 80, sprite = 0x0, offset_x = 1558407264, offset_y = 21845}, {foggable = false, sprite = 0x7fffffffacd0, offset_x = -1667773440, offset_y = 2108079171}, {foggable = 192, sprite = 0x55555b3d73c0, offset_x = 1530754032, offset_y = 21845}, {foggable = 32, sprite = 0x6, offset_x = 1559006784, offset_y = 21845}, {foggable = false, sprite = 0x7ffff75501ce <QRasterPlatformPixmap::fill(QColor const&)+190>, offset_x = -21000, offset_y = 32767}, {foggable = 89, sprite = 0x1e, offset_x = 1558407264, offset_y = 21845}}
count = <optimized out>
fog = <optimized out>
#6 0x00005555556655da in put_unit (punit=punit@entry=0x55555cec8e40, pcanvas=pcanvas@entry=0x55555ce36860, zoom=zoom@entry=1, canvas_x=canvas_x@entry=0, canvas_y=canvas_y@entry=0) at mapview_common.c:1344
layer = LAYER_FOCUS_UNIT
#7 0x00005555555dddab in hud_units::update_actions(unit_list*) (this=0x5555567a6880, punits=<optimized out>) at hudwidget.cpp:661
num = <optimized out>
wwidth = <optimized out>
font_width = <optimized out>
expanded_unit_width = <optimized out>
font = {static staticMetaObject = {d = {superdata = 0x0, stringdata = 0x7ffff78d5640, data = 0x7ffff78d5380, static_metacall = 0x0, relatedMetaObjects = 0x0, extradata = 0x0}}, d = {d = 0x55555af8ffa0}, resolve_mask = 4991}
fm = <optimized out>
cropped_img = <incomplete type>
img = <incomplete type>
p = {static staticMetaObject = {d = {superdata = 0x0, stringdata = 0x7ffff78da880, data = 0x7ffff78da7a0, static_metacall = 0x0, relatedMetaObjects = 0x0, extradata = 0x0}}, d_ptr = {d = 0x55555ce74560}}
pix = <incomplete type>
pix2 = <incomplete type>
crop = {x1 = 0, y1 = 0, x2 = -1, y2 = -1}
bounding_rect = {x1 = 0, y1 = 0, x2 = -1, y2 = -1}
mp = {static null = {<No data fields>}, d = 0x55555708dc20}
snum = {static null = {<No data fields>}, d = 0x55555ce36cb0}
fraction1 = {static null = {<No data fields>}, d = 0x7ffff71bd680 <QArrayData::shared_null>}
fraction2 = {static null = {<No data fields>}, d = 0x7ffff71bd680 <QArrayData::shared_null>}
text_str = {static null = {<No data fields>}, d = 0x55555708dd50}
move_pt_text = {static null = {<No data fields>}, d = 0x7ffff71bd680 <QArrayData::shared_null>}
tile_pixmap = <optimized out>
unit_pixmap = 0x55555ce36860
pcity = <optimized out>
owner = <optimized out>
tmp = 0x5555588cb8d0
punit = 0x55555cec8e40
#8 0x000055555569dc72 in update_unqueue (data=<optimized out>) at update_queue.c:319
callback = 0x55555569dcb0 <menus_update_callback>
uq_data = <optimized out>
MY_mem_MY_iter = 0x7fffffffb080 "@\n\200UUU"
MY_it_MY_iter = 0x7fffffffb080
MY_iter = 0x7fffffffb080
hash = 0x55555b3c7330
#9 0x00005555555e5917 in mr_idle::idling() (this=0x555555fc13a8) at mapview.cpp:175
cb = 0x555558a314a0
#10 0x00007ffff71085c8 in QMetaObject::activate(QObject*, int, int, void**) () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#11 0x00007ffff711566b in QTimer::timeout(QTimer::QPrivateSignal) () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#12 0x00007ffff7108e55 in QObject::event(QEvent*) () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#13 0x00007ffff6928a86 in QApplicationPrivate::notify_helper(QObject*, QEvent*) () at /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
#14 0x00007ffff6931e00 in QApplication::notify(QObject*, QEvent*) () at /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
#15 0x00007ffff70dca9a in QCoreApplication::notifyInternal2(QObject*, QEvent*) () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#16 0x00007ffff7133a00 in QTimerInfoList::activateTimers() () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#17 0x00007ffff71342dc in () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#18 0x00007ffff476584d in g_main_context_dispatch () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#19 0x00007ffff4765ad0 in () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#20 0x00007ffff4765b73 in g_main_context_iteration () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#21 0x00007ffff71346a5 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#22 0x00007ffff70db63b in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#23 0x00007ffff70e33a6 in QCoreApplication::exec() () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#24 0x00005555556e8f11 in fc_client::fc_main(QApplication*) (this=0x555555fc1190, qapp=0x555555cc9240) at fc_client.cpp:257
#25 0x00005555555c56d3 in qtg_ui_main(int, char**) (argc=<optimized out>, argv=<optimized out>) at gui_main.cpp:191
qpm = <optimized out>
app_icon = {d = 0x555555eef500}
#26 0x0000555555639ffe in client_main (argc=1, argv=0x7fffffffbbe8) at client_main.c:685
i = 2
loglevel = LOG_NORMAL
ui_options = <optimized out>
ui_separator = <optimized out>
option = <optimized out>
fatal_assertions = 6
aii = 1
FUNCTION = "client_main"
#27 0x00007ffff62781e3 in __libc_start_main (main=0x5555555c3460 <main(int, char**)>, argc=2, argv=0x7fffffffbbe8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffbbd8) at ../csu/libc-start.c:308
result = <optimized out>
unwind_buf = {cancel_jmp_buf = {{jmp_buf = {0, 1038061198591670179, 93824992692096, 140737488337888, 0, 0, 6571521320082487203, 6571499948509116323}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x7fffffffbc00, 0x7ffff7ffe190}, data = {prev = 0x0, cleanup = 0x0, canceltype = -17408}}}
not_first_call = <optimized out>
#28 0x00005555555c47ae in _start () at gui_main.cpp:114

#2 Updated by Jacob Nevins 5 months ago

I can't reproduce with Qt "load ancients then civ2civ3_earth". But it smells to me like it might be a random failure after changing tileset. Both those rulesets want custom tilesets, so probably the tileset changed. Perhaps building with ASan or running under valgrind or something would catch it.

Quick look:

Both backtraces contain hud_units::update_actions().

Looking at the second backtrace (assertion failure):

Looks like get_unittype_sprite() returned NULL for some reason.

The referenced unit type is "unit_types+75896". Guessing at which one that is:
  • On my system, a unit_type member is 1440 bytes. (gdb ptype /o unit_type)
  • factor 75896 gives 2 2 2 53 179. From those I'm guessing Chippo's client had unit_type size be 1432 bytes, and this was unit_types[53]. (Assuming that putype pointer is valid, which it might not be.)
  • In my copy of civ2civ3_earth, that is Explorer, which is plausible.
  • ...don't think that tells me anything.

#3 Updated by Chippo Elder 5 months ago

Jacob Nevins wrote:

Perhaps building with ASan or running under valgrind or something would catch it.

Wilco! I've been looking for a justifiable excuse to compile with the llvm toolchain and you've given it to me. But I saw that a Debian maintainer had some llvm-freeciv complaints and that's another excuse to give clang+freeciv a whirl.

#4 Updated by Chippo Elder 5 months ago

I rebuild with ASAN and followed the steps that mostly hits that assert, but before the point where it would normally print the assert message, the program exited and printed out a lot of stuff. It looks unrelated to the other two BTs.

chippo@chippo-Aspire-V3-731:~$ freeciv-qt-26 -F
2: Loading tileset "amplio2".
2: Loading tileset "delta2".
2: Loading tileset "trident".
QSocketNotifier: Invalid socket 41 and type 'Read', disabling...
2: Loading tileset "amplio2".
2: Loading tileset "delta2".
2: Loading tileset "amplio2".
2: Loading tileset "amplio_earth".
libpng warning: iCCP: known incorrect sRGB profile
libpng warning: iCCP: known incorrect sRGB profile
libpng warning: iCCP: known incorrect sRGB profile
libpng warning: iCCP: known incorrect sRGB profile =================================================================
722231ERROR: AddressSanitizer: heap-use-after-free on address 0x603000a16de8 at pc 0x00000099c5e4 bp 0x7ffe867b5730 sp 0x7ffe867b5728
READ of size 1 at 0x603000a16de8 thread T0
#0 0x99c5e3 in skip_intl_qualifier_prefix /home/chippo/Downloads/git_clones/freeciv/utility/fcintl.c:48:7
#1 0x845c3c in nation_set_by_rule_name /home/chippo/Downloads/git_clones/freeciv/common/nation.c:766:23
#2 0x726c40 in races_dialog::nationset_changed(int) /home/chippo/Downloads/git_clones/freeciv/client/gui-qt/dialogs.cpp:984:10
#3 0x5924f0 in races_dialog::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) /home/chippo/Downloads/git_clones/freeciv/client/gui-qt/meta_dialogs.cpp:369:21
#4 0x7f7c1bf5a467 in QMetaObject::activate(QObject*, int, int, void**) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2b1467)
#5 0x7f7c1b880c74 in QComboBox::currentIndexChanged(int) (/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x270c74)
#6 0x7f7c1b883075 (/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x273075)
#7 0x7f7c1b88589c (/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x27589c)
#8 0x7f7c1b8859bc (/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x2759bc)
#9 0x7f7c1b88b524 (/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x27b524)
#10 0x7f7c1bf5a467 in QMetaObject::activate(QObject*, int, int, void**) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2b1467)
#11 0x7f7c1b880de5 in QComboBoxPrivateContainer::itemSelected(QModelIndex const&) (/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x270de5)
#12 0x7f7c1b8814f9 in QComboBoxPrivateContainer::eventFilter(QObject*, QEvent*) (/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x2714f9)
#13 0x7f7c1bf2e7aa in QCoreApplicationPrivate::sendThroughObjectEventFilters(QObject*, QEvent*) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2857aa)
#14 0x7f7c1b77aa74 in QApplicationPrivate::notify_helper(QObject*, QEvent*) (/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x16aa74)
#15 0x7f7c1b784052 in QApplication::notify(QObject*, QEvent*) (/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x174052)
#16 0x7f7c1bf2ea99 in QCoreApplication::notifyInternal2(QObject*, QEvent*) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x285a99)
#17 0x7f7c1b783156 in QApplicationPrivate::sendMouseEvent(QWidget*, QMouseEvent*, QWidget*, QWidget*, QWidget**, QPointer<QWidget>&, bool, bool) (/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x173156)
#18 0x7f7c1b7d9ad3 (/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x1c9ad3)
#19 0x7f7c1b7dbfdb (/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x1cbfdb)
#20 0x7f7c1b77aa85 in QApplicationPrivate::notify_helper(QObject*, QEvent*) (/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x16aa85)
#21 0x7f7c1b783dff in QApplication::notify(QObject*, QEvent*) (/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x173dff)
#22 0x7f7c1bf2ea99 in QCoreApplication::notifyInternal2(QObject*, QEvent*) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x285a99)
#23 0x7f7c1c316d72 in QGuiApplicationPrivate::processMouseEvent(QWindowSystemInterfacePrivate::MouseEvent*) (/usr/lib/x86_64-linux-gnu/libQt5Gui.so.5+0x126d72)
#24 0x7f7c1c3185fa in QGuiApplicationPrivate::processWindowSystemEvent(QWindowSystemInterfacePrivate::WindowSystemEvent*) (/usr/lib/x86_64-linux-gnu/libQt5Gui.so.5+0x1285fa)
#25 0x7f7c1c2f226a in QWindowSystemInterface::sendWindowSystemEvents(QFlags<QEventLoop::ProcessEventsFlag>) (/usr/lib/x86_64-linux-gnu/libQt5Gui.so.5+0x10226a)
#26 0x7f7c028fa28d (/usr/lib/x86_64-linux-gnu/libQt5XcbQpa.so.5+0x7928d)
#27 0x7f7c19a0184c in g_main_context_dispatch (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x5184c)
#28 0x7f7c19a01acf (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x51acf)
#29 0x7f7c19a01b72 in g_main_context_iteration (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x51b72)
#30 0x7f7c1bf866a4 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2dd6a4)
#31 0x7f7c1bf2d63a in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x28463a)
#32 0x7f7c1bf353a5 in QCoreApplication::exec() (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x28c3a5)
#33 0x74fe90 in fc_client::fc_main(QApplication*) /home/chippo/Downloads/git_clones/freeciv/client/gui-qt/fc_client.cpp:257:3
#34 0x50daa7 in qtg_ui_main(int, char**) /home/chippo/Downloads/git_clones/freeciv/client/gui-qt/gui_main.cpp:191:17
#35 0x50d369 in ui_main /home/chippo/Downloads/git_clones/freeciv/client/gui_interface.c:59:3
#36 0x5f96dd in client_main /home/chippo/Downloads/git_clones/freeciv/client/client_main.c:685:3
#37 0x50d87a in main /home/chippo/Downloads/git_clones/freeciv/client/gui-qt/gui_main.cpp:114:10
#38 0x7f7c1b2081e2 in __libc_start_main /build/glibc-4WA41p/glibc-2.30/csu/../csu/libc-start.c:308:16
#39 0x46341d in _start (/usr/local/bin/freeciv-qt-26+0x46341d)

0x603000a16de8 is located 24 bytes inside of 32-byte region [0x603000a16dd0,0x603000a16df0)
freed by thread T0 here:
#0 0x4db09d in free (/usr/local/bin/freeciv-qt-26+0x4db09d)
#1 0x524722 in QTypedArrayData<char>::deallocate(QArrayData*) /usr/include/x86_64-linux-gnu/qt5/QtCore/qarraydata.h:239:9
#2 0x5226b6 in QByteArray::~QByteArray() /usr/include/x86_64-linux-gnu/qt5/QtCore/qbytearray.h:476:57
#3 0x726c1b in races_dialog::nationset_changed(int) /home/chippo/Downloads/git_clones/freeciv/client/gui-qt/dialogs.cpp:982:3
#4 0x5924f0 in races_dialog::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) /home/chippo/Downloads/git_clones/freeciv/client/gui-qt/meta_dialogs.cpp:369:21
#5 0x7f7c1bf5a467 in QMetaObject::activate(QObject*, int, int, void**) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2b1467)
#6 0x7f7c1b880c74 in QComboBox::currentIndexChanged(int) (/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x270c74)

previously allocated by thread T0 here:
#0 0x4db639 in realloc (/usr/local/bin/freeciv-qt-26+0x4db639)
#1 0x7f7c1bd735df in QArrayData::reallocateUnaligned(QArrayData*, unsigned long, unsigned long, QFlags<QArrayData::AllocationOption>) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0xca5df)

SUMMARY: AddressSanitizer: heap-use-after-free /home/chippo/Downloads/git_clones/freeciv/utility/fcintl.c:48:7 in skip_intl_qualifier_prefix
Shadow bytes around the buggy address:
0x0c068013ad60: fd fd fd fd fa fa fd fd fd fd fa fa 00 00 00 00
0x0c068013ad70: fa fa fd fd fd fd fa fa fd fd fd fd fa fa fd fd
0x0c068013ad80: fd fd fa fa fd fd fd fd fa fa fd fd fd fd fa fa
0x0c068013ad90: fd fd fd fd fa fa fd fd fd fd fa fa 00 00 00 fa
0x0c068013ada0: fa fa 00 00 00 fa fa fa fd fd fd fa fa fa fd fd
=>0x0c068013adb0: fd fd fa fa 00 00 00 00 fa fa fd fd fd[fd]fa fa
0x0c068013adc0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c068013add0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c068013ade0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c068013adf0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c068013ae00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
722231ABORTING

#5 Updated by Marko Lindqvist 5 months ago

Jacob Nevins wrote:

I can't reproduce with Qt "load ancients then civ2civ3_earth". But it smells to me like it might be a random failure after changing tileset. Both those rulesets want custom tilesets, so probably the tileset changed.

The backtrace reveals that this happened when timer went off. So timing may matter (/is the key random factor) in reproducibility. Likely tileset is just changing and the state is not sane when the timer goes off, and we don't notice that but go on using the tileset like it was a legal thing to do.

#6 Updated by Marko Lindqvist 5 months ago

I assume this would help.

#7 Updated by Chippo Elder 5 months ago

Marko Lindqvist wrote:

I assume this would help.

I've got good news, and bad news, and good news.

Firstly, this patch definitely does something good. I think we should (soon) be able to close (at least) this ticket.

The bad news is administrative. With this patch applied, several bugs I ticketed recently are no longer reproducible. Or maybe I'm not trying hard enough - since you say something about timing. There's going to be a lot of admin deciding which tickets to reject, which to close and which to keep open.

The other good news is that this bug was holding me back on properly ticketing some other bugs, which I can now proceed with.

#8 Updated by Marko Lindqvist 5 months ago

Chippo Elder wrote:

The bad news is administrative. With this patch applied, several bugs I ticketed recently are no longer reproducible. Or maybe I'm not trying hard enough - since you say something about timing. There's going to be a lot of admin deciding which tickets to reject, which to close and which to keep open.

Anything that is related to a tileset changing and having update_unqueue() in the backtrace can be considered duplicates of this.

#9 Updated by Marko Lindqvist 5 months ago

  • Status changed from Resolved to Closed
  • Assignee set to Marko Lindqvist

Also available in: Atom PDF