[Freeciv-Dev] [bug #22047] Crash in gtk_text_layout_get_cursor_locations() on Connect to network game
Follow-up Comment #3, bug #22047 (project freeciv):
New, slightly different symptom with trunk r24941.
Main thread is as before, but in this case metaserver thread is busy doing
something Gtk-y too.
I guess it might just be a coincidence and not evidence of threading trouble;
normally the double free or corruption message from the main thread is
followed by an abort (signal 6), but here it looks like the metaserver thread
segfaulted; I guess that the metaserver thread happened to blunder into an
unsafe pointer before the main thread could finish aborting (it didn't produce
the usual backtrace/memory map dump either). Only seen once.
Main thread:
#0 __libc_message (do_abort=2,
fmt=0x7f919b094748 *** glibc detected *** %s: %s: 0x%s ***\n)
at ../sysdeps/unix/sysv/linux/libc_fatal.c:135
iov = 0x7fff31007e00
total = 104
cnt = optimised out
ap = {{gp_offset = 40, fp_offset = 48,
overflow_arg_area = 0x7fff31008710,
reg_save_area = 0x7fff31008620}}
ap_copy = {{gp_offset = 16, fp_offset = 48,
overflow_arg_area = 0x7fff31008710,
reg_save_area = 0x7fff31008620}}
fd = 11
on_2 = optimised out
list = optimised out
nlist = 7
cp = optimised out
written = false
#1 0x7f919af94b96 in malloc_printerr (action=3,
str=0x7f919b094938 double free or corruption (fasttop),
ptr=optimised out) at malloc.c:5039
buf = 04b7beb0
cp = optimised out
#2 0x7f919be25176 in gtk_text_layout_get_cursor_locations ()
from /usr/lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0
No symbol table info available.
#3 0x7f919be30d40 in ?? ()
from /usr/lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0
No symbol table info available.
#4 0x7f919be30d77 in ?? ()
from /usr/lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0
No symbol table info available.
#5 0x7f919be30dd3 in ?? ()
from /usr/lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0
No symbol table info available.
#6 0x7f919b9abd56 in ?? ()
from /usr/lib/x86_64-linux-gnu/libgdk-x11-2.0.so.0
No symbol table info available.
#7 0x7f919c905d13 in g_main_context_dispatch ()
from /lib/x86_64-linux-gnu/libglib-2.0.so.0
No symbol table info available.
#8 0x7f919c906060 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
No symbol table info available.
#9 0x7f919c90645a in g_main_loop_run ()
from /lib/x86_64-linux-gnu/libglib-2.0.so.0
No symbol table info available.
#10 0x7f919bd74397 in gtk_main ()
from /usr/lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0
No symbol table info available.
#11 0x0044d1e9 in ui_main (argc=1, argv=0x7fff31008de8)
at gui_main.c:1677
home = optimised out
sig = optimised out
__FUNCTION__ = ui_main
#12 0x00477018 in client_main (argc=1, argv=0x7fff31008de8)
at client_main.c:620
i = 1
loglevel = LOG_NORMAL
ui_options = optimised out
ui_separator = optimised out
option = optimised out
user_tileset = optimised out
fatal_assertions = -1
aii = optimised out
__FUNCTION__ = client_main
#13 0x7f919af3776d in __libc_start_main (main=0x449f40 main, argc=1,
ubp_av=0x7fff31008de8, init=optimised out, fini=optimised out,
rtld_fini=optimised out, stack_end=0x7fff31008dd8) at libc-start.c:226
result = optimised out
unwind_buf = {cancel_jmp_buf = {{jmp_buf = {0, 5145131187861646703,
4497224, 140734015507936, 0, 0, -5144993622665007761,
-5168979633985098385}, mask_was_saved = 0}}, priv = {pad = {
0x0, 0x0, 0x647330, 0x7fff31008de8}, data = {prev = 0x0,
cleanup = 0x0, canceltype = 6583088}}}
not_first_call = optimised out
#14 0x00449f71 in _start ()
No symbol table info available.
Metaserver thread:
Program terminated with signal 11, Segmentation fault.
#0 0x7f919c91ee0a in g_slice_alloc ()
from /lib/x86_64-linux-gnu/libglib-2.0.so.0
No symbol table info available.
#1 0x7f919c91f1b6 in g_slice_alloc0 ()
from /lib/x86_64-linux-gnu/libglib-2.0.so.0
No symbol table info available.
#2 0x7f919b30688a in g_type_create_instance ()
from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
No symbol table info available.
#3 0x7f919b2eb0b9 in ?? ()
from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
No symbol table info available.
#4 0x7f919b2ecc02 in g_object_newv ()
from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
No symbol table info available.
#5 0x7f919b2ed1ec in g_object_new ()
from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
No symbol table info available.
#6 0x7f919b5435e7 in pango_layout_new ()
from /usr/lib/x86_64-linux-gnu/libpango-1.0.so.0
No symbol table info available.
#7 0x7f919be21849 in ?? ()
from /usr/lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0
No symbol table info available.
#8
[Freeciv-Dev] [bug #22047] Crash in gtk_text_layout_get_cursor_locations() on Connect to network game
Update of bug #22047 (project freeciv): Planned Release: 2.6.0 = 2.5.0, 2.6.0 ___ Follow-up Comment #2: Also seen with S2_5 r24899 (at least the first symptom). Not reproduced any trouble with S2_4. ___ Reply to this item at: http://gna.org/bugs/?22047 ___ Message sent via/by Gna! http://gna.org/ ___ Freeciv-dev mailing list Freeciv-dev@gna.org https://mail.gna.org/listinfo/freeciv-dev
[Freeciv-Dev] [bug #22047] Crash in gtk_text_layout_get_cursor_locations() on Connect to network game
URL:
http://gna.org/bugs/?22047
Summary: Crash in gtk_text_layout_get_cursor_locations() on
Connect to network game
Project: Freeciv
Submitted by: jtn
Submitted on: Sun 18 May 2014 12:58:01 BST
Category: client-gtk-2.0
Severity: 3 - Normal
Priority: 5 - Normal
Status: None
Assigned to: None
Originator Email:
Open/Closed: Open
Release: trunk r24892
Discussion Lock: Any
Operating System: GNU/Linux
Planned Release: 2.6.0
___
Details:
(Found while verifying fix for bug #21896.)
Trunk code on Ubuntu 12.04 amd64: start client/freeciv-gtk2; press Alt-O for
connect to network game. Crashed immediately in 8 of 17 trials.
The crash details differ (just a segfault, double free or corruption, etc),
but the function gtk_text_layout_get_cursor_locations() is always in the
backtrace (so may be the same as bug #21575).
The metaserver thread appears quiescent (in ppoll()) in all the coredumps, so
this isn't as obviously a thread-safety issue as bug #21896 was.
Not tried branches other than trunk.
Some backtraces (main thread):
Most common symptom: seen in 7 of 8 crashes.
#0 0x7fc22a4cc425 in __GI_raise (sig=optimised out)
at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
resultvar = 0
pid = optimised out
selftid = 6789
#1 0x7fc22a4cfb8b in __GI_abort () at abort.c:91
save_stage = 2
act = {__sigaction_handler = {sa_handler = 0x4, sa_sigaction = 0x4},
sa_mask = {__val = {5, 140733887709049, 19, 140471911392743, 3,
140733887697754, 6, 140471911392747, 2, 140733887697774, 2,
140471911383746, 1, 140471911392743, 3, 140733887697748}},
sa_flags = 12, sa_restorer = 0x7fc22a6125eb}
sigs = {__val = {32, 0 repeats 15 times}}
#2 0x7fc22a50a39e in __libc_message (do_abort=2,
fmt=0x7fc22a614748 *** glibc detected *** %s: %s: 0x%s ***\n)
at ../sysdeps/unix/sysv/linux/libc_fatal.c:201
ap = {{gp_offset = 40, fp_offset = 48,
overflow_arg_area = 0x7fff29625cd0,
reg_save_area = 0x7fff29625be0}}
ap_copy = {{gp_offset = 16, fp_offset = 48,
overflow_arg_area = 0x7fff29625cd0,
reg_save_area = 0x7fff29625be0}}
fd = 11
on_2 = optimised out
list = optimised out
nlist = optimised out
cp = optimised out
written = optimised out
#3 0x7fc22a514b96 in malloc_printerr (action=3,
str=0x7fc22a614938 double free or corruption (fasttop),
ptr=optimised out) at malloc.c:5039
buf = 045228c0
cp = optimised out
#4 0x7fc22b3a5176 in gtk_text_layout_get_cursor_locations ()
from /usr/lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0
No symbol table info available.
#5 0x7fc22b3b0d40 in ?? ()
from /usr/lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0
No symbol table info available.
#6 0x7fc22b3b0d77 in ?? ()
from /usr/lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0
No symbol table info available.
#7 0x7fc22b3b0dd3 in ?? ()
from /usr/lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0
No symbol table info available.
#8 0x7fc22af2bd56 in ?? ()
from /usr/lib/x86_64-linux-gnu/libgdk-x11-2.0.so.0
No symbol table info available.
#9 0x7fc22be85d13 in g_main_context_dispatch ()
from /lib/x86_64-linux-gnu/libglib-2.0.so.0
No symbol table info available.
#10 0x7fc22be86060 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
No symbol table info available.
#11 0x7fc22be8645a in g_main_loop_run ()
from /lib/x86_64-linux-gnu/libglib-2.0.so.0
No symbol table info available.
#12 0x7fc22b2f4397 in gtk_main ()
from /usr/lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0
No symbol table info available.
#13 0x0044d1e9 in ui_main (argc=1, argv=0x7fff296263a8)
at gui_main.c:1677
home = optimised out
sig = optimised out
__FUNCTION__ = ui_main
#14 0x00476f58 in client_main (argc=1, argv=0x7fff296263a8)
at client_main.c:620
i = 1
loglevel = LOG_NORMAL
ui_options = optimised out
ui_separator = optimised out
option = optimised out
user_tileset = optimised out
fatal_assertions = -1
aii = optimised out
__FUNCTION__ = client_main
#15 0x7fc22a4b776d in __libc_start_main (main=0x449f40 main, argc=1,
ubp_av=0x7fff296263a8, init=optimised out, fini=optimised out,
rtld_fini=optimised out, stack_end=0x7fff29626398) at libc-start.c:226
result = optimised out
unwind_buf = {cancel_jmp_buf = {{jmp_buf = {0, -8850937098092952370,
4497224, 140733887701920, 0, 0, 8851109690452985038,
8840411090749211854}, mask_was_saved = 0}}, priv = {pad = {
0x0,
[Freeciv-Dev] [bug #22047] Crash in gtk_text_layout_get_cursor_locations() on Connect to network game
Follow-up Comment #1, bug #22047 (project freeciv): The metaserver thread appears quiescent Erm, what I've been assuming to be the metaserver thread -- it might be something else (there are no Freeciv symbols in the backtrace so it probably is something else, on reflection). ___ Reply to this item at: http://gna.org/bugs/?22047 ___ Message sent via/by Gna! http://gna.org/ ___ Freeciv-dev mailing list Freeciv-dev@gna.org https://mail.gna.org/listinfo/freeciv-dev
