HostedRedmine.com has moved to the Planio platform. All logins and passwords remained the same. All users will be able to login and use Redmine just as before. "Read more...":https://support.plan.io/news/187
Actions
Bug #863815
closed
SEGV on unknown address in player_has_real_embassy (S3_0)
Start date:
Due date:
% Done:
0%
Estimated time:
Description
I was running a separate server and client (qt) and I quit the server with a 'quit' command and got the following dump in the client:
chippo@chippo-Aspire-V3-731:~/Downloads/git_clones/freeciv/freeciv-30$ ASAN_OPTIONS="abort_on_error=1:disable_coredump=0:unmap_shadow_on_exit=1:detect_leaks=0" ./fcgui --gui qt
Running ./client/freeciv-qt
2: Loading tileset "hexemplio".
AddressSanitizer:DEADLYSIGNAL
=================================================================
==1931591==ERROR: AddressSanitizer: SEGV on unknown address 0x0000000000e1 (pc 0x000000916834 bp 0x7fffbab81c80 sp 0x7fffbab81c60 T0)
==1931591==The signal is caused by a READ memory access.
==1931591==Hint: address points to the zero page.
#0 0x916833 in player_has_real_embassy /home/chippo/Downloads/git_clones/freeciv/freeciv-30/common/player.c:214:10
#1 0x9167cc in player_has_embassy /home/chippo/Downloads/git_clones/freeciv/freeciv-30/common/player.c:203:14
#2 0x729b8f in plr_widget::nation_selected(QItemSelection const&, QItemSelection const&) /home/chippo/Downloads/git_clones/freeciv/freeciv-30/client/gui-qt/plrdlg.cpp:454:11
#3 0x7962f4 in plr_widget::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) /home/chippo/Downloads/git_clones/freeciv/freeciv-30/client/gui-qt/meta_plrdlg.cpp:313:21
#4 0x7fb3f5a753f7 in QMetaObject::activate(QObject*, int, int, void**) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2b13f7)
#5 0x7fb3f5a050c3 in QItemSelectionModel::selectionChanged(QItemSelection const&, QItemSelection const&) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2410c3)
#6 0x7fb3f5a0a501 in QItemSelectionModel::emitSelectionChanged(QItemSelection const&, QItemSelection const&) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x246501)
#7 0x7fb3f5a0d0d6 in QItemSelectionModel::select(QItemSelection const&, QFlags<QItemSelectionModel::SelectionFlag>) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2490d6)
#8 0x7fb3f5a07300 in QItemSelectionModel::select(QModelIndex const&, QFlags<QItemSelectionModel::SelectionFlag>) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x243300)
#9 0x7fb3f5a07531 in QItemSelectionModel::setCurrentIndex(QModelIndex const&, QFlags<QItemSelectionModel::SelectionFlag>) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x243531)
#10 0x7fb3f54fca2c in QAbstractItemView::setCurrentIndex(QModelIndex const&) (/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x3d1a2c)
#11 0x72d5f0 in plr_report::update_report(bool) /home/chippo/Downloads/git_clones/freeciv/freeciv-30/client/gui-qt/plrdlg.cpp:822:16
#12 0x730700 in real_players_dialog_update /home/chippo/Downloads/git_clones/freeciv/freeciv-30/client/gui-qt/plrdlg.cpp:911:11
#13 0x5d332c in update_unqueue /home/chippo/Downloads/git_clones/freeciv/freeciv-30/client/update_queue.c:320:5
#14 0x6ad86d in mr_idle::idling() /home/chippo/Downloads/git_clones/freeciv/freeciv-30/client/gui-qt/mapview.cpp:175:5
#15 0x6b88c6 in QtPrivate::FunctorCall<QtPrivate::IndexesList<>, QtPrivate::List<>, void, void (mr_idle::*)()>::call(void (mr_idle::*)(), mr_idle*, void**) /usr/include/x86_64-linux-gnu/qt5/QtCore/qobjectdefs_impl.h:152:13
#16 0x6b87e8 in void QtPrivate::FunctionPointer<void (mr_idle::*)()>::call<QtPrivate::List<>, void>(void (mr_idle::*)(), mr_idle*, void**) /usr/include/x86_64-linux-gnu/qt5/QtCore/qobjectdefs_impl.h:185:13
#17 0x6b8707 in QtPrivate::QSlotObject<void (mr_idle::*)(), QtPrivate::List<>, void>::impl(int, QtPrivate::QSlotObjectBase*, QObject*, void**, bool*) /usr/include/x86_64-linux-gnu/qt5/QtCore/qobjectdefs_impl.h:414:17
#18 0x7fb3f5a75557 in QMetaObject::activate(QObject*, int, int, void**) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2b1557)
#19 0x7fb3f5a825fa in QTimer::timeout(QTimer::QPrivateSignal) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2be5fa)
#20 0x7fb3f5a75de4 in QObject::event(QEvent*) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2b1de4)
#21 0x7fb3f5295a85 in QApplicationPrivate::notify_helper(QObject*, QEvent*) (/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x16aa85)
#22 0x7fb3f529edff in QApplication::notify(QObject*, QEvent*) (/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x173dff)
#23 0x7fb3f5a49a29 in QCoreApplication::notifyInternal2(QObject*, QEvent*) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x285a29)
#24 0x7fb3f5aa098f in QTimerInfoList::activateTimers() (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2dc98f)
#25 0x7fb3f5aa12b3 (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2dd2b3)
#26 0x7fb3f2e9f84c in g_main_context_dispatch (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x5184c)
#27 0x7fb3f2e9facf (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x51acf)
#28 0x7fb3f2e9fb72 in g_main_context_iteration (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x51b72)
#29 0x7fb3f5aa1634 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2dd634)
#30 0x7fb3f5a485ca in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2845ca)
#31 0x7fb3f5a50335 in QCoreApplication::exec() (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x28c335)
#32 0x667210 in fc_client::fc_main(QApplication*) /home/chippo/Downloads/git_clones/freeciv/freeciv-30/client/gui-qt/fc_client.cpp:257:3
#33 0x50f125 in qtg_ui_main(int, char**) /home/chippo/Downloads/git_clones/freeciv/freeciv-30/client/gui-qt/gui_main.cpp:183:17
#34 0x50e9c9 in ui_main /home/chippo/Downloads/git_clones/freeciv/freeciv-30/client/gui_interface.c:59:3
#35 0x5135ed in client_main /home/chippo/Downloads/git_clones/freeciv/freeciv-30/client/client_main.c:685:3
#36 0x50eeaa in main /home/chippo/Downloads/git_clones/freeciv/freeciv-30/client/gui-qt/gui_main.cpp:104:10
#37 0x7fb3f4c441e2 in __libc_start_main /build/glibc-t7JzpG/glibc-2.30/csu/../csu/libc-start.c:308:16
#38 0x464a6d in _start (/home/chippo/Downloads/git_clones/freeciv/freeciv-30/client/freeciv-qt+0x464a6d)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/chippo/Downloads/git_clones/freeciv/freeciv-30/common/player.c:214:10 in player_has_real_embassy
==1931591==ABORTING
Aborted (core dumped)
BT:
Core was generated by `./client/freeciv-qt'.
Program terminated with signal SIGABRT, Aborted.
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
50 ../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
[Current thread is 1 (Thread 0x7fb3f18a7b80 (LWP 1931591))]
(gdb) bt full
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
set =
{__val = {0, 5112187, 140410958843328, 140410958843328, 140410958843328, 5201184, 206158430216, 140410958843968, 140410958843776, 5198849, 0, 13535464, 140736326017024, 23545844, 206158430216, 140410958843968}}
pid = <optimized out>
tid = <optimized out>
#1 0x00007fb3f4c42899 in __GI_abort () at abort.c:79
save_stage = 1
act =
{__sigaction_handler = {sa_handler = 0x7fb3f94ef000, sa_sigaction = 0x7fb3f94ef000}, sa_mask = {__val = {4096, 1024, 5193334, 14134600, 140410958843680, 2, 0, 0, 0, 0, 0, 0, 0, 140737488355327, 5193334, 80}}, sa_flags = 5199443, sa_restorer = 0xce88e8 <__asan::error_message_buf_mutex>}
sigs = {__val = {32, 0 <repeats 15 times>}}
#2 0x00000000004fa427 in ()
#3 0x00000000004f8e01 in ()
#4 0x00000000004e0989 in ()
#5 0x00000000004e0613 in __asan::ReportDeadlySignal(__sanitizer::SignalContext const&) ()
#6 0x00000000004dffc3 in __asan::AsanOnDeadlySignal(int, void*, void*) ()
#7 0x00007fb3f511d540 in <signal handler called> () at /lib/x86_64-linux-gnu/libpthread.so.0
#8 0x0000000000916834 in player_has_real_embassy (pplayer=0x0, pplayer2=0x61e000020480) at player.c:214
#9 0x00000000009167cd in player_has_embassy (pplayer=0x0, pplayer2=0x61e000020480) at player.c:203
#10 0x0000000000729b90 in plr_widget::nation_selected(QItemSelection const&, QItemSelection const&)
(this=<optimized out>, sl=..., ds=...) at plrdlg.cpp:454
tbuf = "\000\036\270\272\377\177\000\000\220\357O\000\320`\000\000\060<\270\272\377\177\000\000\263\303r\000\000\000\000\000\016\066\340E\000\000\000\000=Ĥ\000\000\000\000\000\200\224r\000\000\000\000\000\017\000\000\000\000\000\000\000\377\377\377\377\377\377\377\377", '\000' <repeats 24 times>, " \000\000\000\000\000\000\000\000\300Q\371\263\177\000\000\220\fn", '\000' <repeats 24 times>, "\200\377\177\000\000\200\204\030\000p`\000\000\000\060\270\272\377\177\000\000`Dz\365\263\177\000\000n\311M\000\000\000\000\000\021\000\000\000\377\177\000\000ۅG\000\000\000\000\000\300g9\000\060`\000\000ۅG\000\000\000\000\000"...
index = {r = 539352, c = 24992, i = 8460121226083921741, m = 0x72}
qvar =
{d = {data = {c = -128 '\200', uc = 128 '\200', s = 1152, sc = -128 '\200', us = 1152, i = 132224, u = 132224, l = 107614700700800, ul = 107614700700800, b = 128, d = 5.3168726603753199e-310, f = 1.85285288e-40, real = 5.3168726603753199e-310, ll = 107614700700800, ull = 107614700700800, o = 0x61e000020480, ptr = 0x61e000020480, sh--Type <RET> for more, q to quit, c to continue without paging--c
ared = 0x61e000020480}, type = 31, is_shared = 0, is_null = 0}}
indexes = {<QListSpecialMethods<QModelIndex>> = {<No data fields>}, {p = {static shared_null = {ref = {atomic = {_q_value = {<std::__atomic_base<int>> = {static _S_alignment = 4, _M_i = -1}, <No data fields>}}}, alloc = 0, begin = 0, end = 0, array = {0x0}}, d = 0x6110006c2900}, d = 0x6110006c2900}}
res = {static null = {<No data fields>}, d = 0x7fb3f5b2a680 <QArrayData::shared_null>}
sp = {static null = {<No data fields>}, d = 0x6030000d00f0}
etax = {static null = {<No data fields>}, d = 0x7fb3f5b2a680 <QArrayData::shared_null>}
esci = {static null = {<No data fields>}, d = 0x7fb3f5b2a680 <QArrayData::shared_null>}
elux = {static null = {<No data fields>}, d = 0x7fb3f5b2a680 <QArrayData::shared_null>}
egold = {static null = {<No data fields>}, d = 0x7fb3f5b2a680 <QArrayData::shared_null>}
egov = <optimized out>
cult = <optimized out>
nl = <optimized out>
sorted_list_a = {<QList<QString>> = {<QListSpecialMethods<QString>> = {<No data fields>}, {p = {static shared_null = {ref = {atomic = {_q_value = {<std::__atomic_base<int>> = {static _S_alignment = 4, _M_i = -1}, <No data fields>}}}, alloc = 0, begin = 0, end = 0, array = {0x0}}, d = 0x7fb3f5b2c760 <QListData::shared_null>}, d = 0x7fb3f5b2c760 <QListData::shared_null>}}, <No data fields>}
sorted_list_b = {<QList<QString>> = {<QListSpecialMethods<QString>> = {<No data fields>}, {p = {static shared_null = {ref = {atomic = {_q_value = {<std::__atomic_base<int>> = {static _S_alignment = 4, _M_i = -1}, <No data fields>}}}, alloc = 0, begin = 0, end = 0, array = {0x0}}, d = 0x7fb3f5b2c760 <QListData::shared_null>}, d = 0x7fb3f5b2c760 <QListData::shared_null>}}, <No data fields>}
entry_exist = false
pplayer = 0x61e000020480
me = 0x0
research = 0x16747f4 <research_array+97812>
pcity = <optimized out>
added = <optimized out>
state = <optimized out>
tech_id = <optimized out>
a = <optimized out>
b = <optimized out>
my_research = <optimized out>
#11 0x00000000007962f5 in plr_widget::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) (_o=0xe1, _c=<optimized out>, _id=<optimized out>, _a=0x1) at meta_plrdlg.cpp:313
_t = 0xe1
#12 0x00007fb3f5a753f8 in QMetaObject::activate(QObject*, int, int, void**) () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#13 0x00007fb3f5a050c4 in QItemSelectionModel::selectionChanged(QItemSelection const&, QItemSelection const&) () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#14 0x00007fb3f5a0a502 in QItemSelectionModel::emitSelectionChanged(QItemSelection const&, QItemSelection const&) () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#15 0x00007fb3f5a0d0d7 in QItemSelectionModel::select(QItemSelection const&, QFlags<QItemSelectionModel::SelectionFlag>) () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#16 0x00007fb3f5a07301 in QItemSelectionModel::select(QModelIndex const&, QFlags<QItemSelectionModel::SelectionFlag>) () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#17 0x00007fb3f5a07532 in QItemSelectionModel::setCurrentIndex(QModelIndex const&, QFlags<QItemSelectionModel::SelectionFlag>) () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#18 0x00007fb3f54fca2d in QAbstractItemView::setCurrentIndex(QModelIndex const&) () at /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
#19 0x000000000072d5f1 in plr_report::update_report(bool) (this=<optimized out>, update_selection=<optimized out>) at plrdlg.cpp:822
qmi = {r = 9, c = 0, i = 105828001898704, m = 0x6020002ad9f0}
player_count = 0
#20 0x0000000000730701 in real_players_dialog_update(void*) (unused=<optimized out>) at plrdlg.cpp:911
i = 3
pr = 0x0
w = 0x0
#21 0x00000000005d332d in update_unqueue (data=<optimized out>) at update_queue.c:320
callback = 0x7305a0 <real_players_dialog_update(void*)>
uq_data = 0x0
__vla_expr0 = <optimized out>
MY_mem_MY_iter = <optimized out>
MY_it_MY_iter = 0x7fffbab841c0
MY_iter = 0x7fffbab841c0
hash = 0x607000366f60
#22 0x00000000006ad86e in mr_idle::idling() (this=<optimized out>) at mapview.cpp:175
cb = 0x6020002790f0
#23 0x00000000006b88c7 in QtPrivate::FunctorCall<QtPrivate::IndexesList<>, QtPrivate::List<>, void, void (mr_idle::*)()>::call(void (mr_idle::*)(), mr_idle*, void**) (f=<optimized out>, o=<optimized out>, arg=<optimized out>) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qobjectdefs_impl.h:152
#24 0x00000000006b87e9 in QtPrivate::FunctionPointer<void (mr_idle::*)()>::call<QtPrivate::List<>, void>(void (mr_idle::*)(), mr_idle*, void**) (f=&virtual table offset 224, this adjustment 107614700700800, o=0xc, arg=0x1) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qobjectdefs_impl.h:185
#25 0x00000000006b8708 in QtPrivate::QSlotObject<void (mr_idle::*)(), QtPrivate::List<>, void>::impl(int, QtPrivate::QSlotObjectBase*, QObject*, void**, bool*) (which=<optimized out>, this_=0x6030000d9e40, r=0xc, a=0x1, ret=0x604000147920) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qobjectdefs_impl.h:414
#26 0x00007fb3f5a75558 in QMetaObject::activate(QObject*, int, int, void**) () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#27 0x00007fb3f5a825fb in QTimer::timeout(QTimer::QPrivateSignal) () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#28 0x00007fb3f5a75de5 in QObject::event(QEvent*) () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#29 0x00007fb3f5295a86 in QApplicationPrivate::notify_helper(QObject*, QEvent*) () at /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
#30 0x00007fb3f529ee00 in QApplication::notify(QObject*, QEvent*) () at /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
#31 0x00007fb3f5a49a2a in QCoreApplication::notifyInternal2(QObject*, QEvent*) () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#32 0x00007fb3f5aa0990 in QTimerInfoList::activateTimers() () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#33 0x00007fb3f5aa12b4 in () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#34 0x00007fb3f2e9f84d in g_main_context_dispatch () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#35 0x00007fb3f2e9fad0 in () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#36 0x00007fb3f2e9fb73 in g_main_context_iteration () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#37 0x00007fb3f5aa1635 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#38 0x00007fb3f5a485cb in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#39 0x00007fb3f5a50336 in QCoreApplication::exec() () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#40 0x0000000000667211 in fc_client::fc_main(QApplication*) (this=<optimized out>, qapp=<optimized out>) at fc_client.cpp:257
#41 0x000000000050f126 in qtg_ui_main(int, char**) (argc=<optimized out>, argv=<optimized out>) at gui_main.cpp:183
app_icon = <optimized out>
qpm = <optimized out>
#42 0x000000000050e9ca in ui_main (argc=225, argv=0x61e000020480) at gui_interface.c:59
#43 0x00000000005135ee in client_main (argc=1, argv=<optimized out>) at client_main.c:685
loglevel = <optimized out>
fatal_assertions = <optimized out>
option = <optimized out>
ui_separator = <optimized out>
ui_options = 0
aii = 1
i = <optimized out>
#44 0x000000000050eeab in main(int, char**) (argc=225, argv=0x61e000020480) at gui_main.cpp:104
I can't replicate it.
Files
Updated by Marko Lindqvist almost 3 years ago
- Tracker changed from Task to Bug
- Status changed from New to In Progress
- Sprint/Milestone set to 2.6.3
Like backtraces in several other tickets, this shows
mr_idle::idling()
after the client is supposedly left the game. It tries to execute callbacks registered while the game was still running, and which try to update widgets like it still was in a game.
Updated by Marko Lindqvist almost 3 years ago
Marko Lindqvist wrote:
... backtraces in several other tickets ...
Unfortunately there's no easy way to implement "catch all" solution. It seems we need to make necessary checks, per ticket, inside the running callbacks.
Updated by Marko Lindqvist almost 3 years ago
Did you happen to be global observer at the time? For this crash to happen client can't be attached to a player. That can happen at least when one is global observer. I'm not sure if it can happen because client is already leaving the game (if you weren't global observer, it would be the only explanation).
The crash also required player with no research selected to be selected in the player dialog. The fact that crash happens just when client is leaving the game is probably explained by removal of the other players from the player dialog. When previously selected player is removed, new one gets to be the selected one, and eventually that hits player that has no research selected.
Updated by Marko Lindqvist almost 3 years ago
- File 0009-Qt-Fix-plrdialog-crash-when-selected-player-has-no-r.patch 0009-Qt-Fix-plrdialog-crash-when-selected-player-has-no-r.patch added
- Status changed from In Progress to Resolved
Attached patch should fix at least the crash seen in the backtrace. There's no guarantees it doesn't still crash later in the codepath.
Updated by Marko Lindqvist almost 3 years ago
- Status changed from Resolved to Closed
- Assignee set to Marko Lindqvist
Updated by Marko Lindqvist over 2 years ago
- Sprint/Milestone changed from 2.6.3 to 2.6.2.1
Actions
.