Cataclysm-DDA
Cataclysm-DDA copied to clipboard
Published
20 hours ago •
CleverRaven
CleverRaven
Crash on quit without saving
Describe the bug
Sometimes, usually in debug worlds only, I just alt+f4 the window because no turn has passed because I just navigated around some menus to test stuff. This works well, nothing breaks, except when the game has been idling some time.
Basically a proper issue for https://github.com/CleverRaven/Cataclysm-DDA/issues/53551#issuecomment-1005776682
Steps to reproduce
- Load a save.
- Do nothing, leave the game idle a couple of hours.
2.1 This only works sometimes. If you trigger any
debugmsg, usually requires turns to pass and therefore "savescumming", the probablity of this happening increases. - alt+f4 the window (Sends SIGTERM to cataclysm-tiles, this is a graceful quit which is handled properly).
- Crash
This option is not available. Please see --help for all possible usages.
The program has crashed.
See the log file for a stack trace.
CRASH LOG FILE: @U@Ueal/.config/cataclysm-dda/crash.log
VERSION: 0.F
TYPE: Signal
MESSAGE: SIGSEGV: Segmentation faultError creating SDL message box: zenity reported error or failed to launch: 255
STACK TRACE:
cataclysm-tiles(debug_write_backtrace(std::ostream&)+0x46) [0x55ddbd26c6b6]
cataclysm-tiles(+0xa0edfc) [0x55ddbd249dfc]
cataclysm-tiles(+0xa0f085) [0x55ddbd24a085]
/usr/lib/libc.so.6(+0x3cda0) [0x7fb5f1cb0da0]
cataclysm-tiles(ui_adaptor::invalidate(rectangle<point, 0> const&, bool)+0x3b) [0x55ddbdc84863]
cataclysm-tiles(ui_adaptor::~ui_adaptor()+0x62) [0x55ddbdc84b02]
cataclysm-tiles(std::unique_ptr<ui_adaptor, std::default_delete<ui_adaptor> >::~unique_ptr()+0x16) [0x55ddbd01c038]
cataclysm-tiles(live_view::~live_view()+0x11) [0x55ddbd6664fd]
cataclysm-tiles(std::unique_ptr<live_view, std::default_delete<live_view> >::~unique_ptr()+0x16) [0x55ddbd3edaf4]
cataclysm-tiles(game::~game()+0x16d) [0x55ddbd3ab0ff]
cataclysm-tiles(std::unique_ptr<game, std::default_delete<game> >::~unique_ptr()+0x15) [0x55ddbd3f2095]
/usr/lib/libc.so.6(+0x3f4a7) [0x7fb5f1cb34a7]
/usr/lib/libc.so.6(+0x3f64e) [0x7fb5f1cb364e]
cataclysm-tiles(+0x1392792) [0x55ddbdbcd792]
cataclysm-tiles(input_manager::get_input_event(keyboard_mode)+0xcb) [0x55ddbdbcd977]
cataclysm-tiles(input_context::handle_input[abi:cxx11](int)+0x6e) [0x55ddbd4a5fea]
cataclysm-tiles(game::handle_mouseview(input_context&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&)+0x48) [0x55ddbd3a64cc]
cataclysm-tiles(game::get_player_input(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&)+0xb03) [0x55ddbd4336a9]
cataclysm-tiles(game::handle_action()+0x166) [0x55ddbd440c3a]
cataclysm-tiles(do_turn()+0x5bb) [0x55ddbd2d869d]
Attempting to repeat stack trace using debug symbols…
debug_write_backtrace(std::ostream&)
??:?
init_crash_handlers()
??:?
init_crash_handlers()
??:?
??
??:0
ui_adaptor::invalidate(rectangle<point, 0> const&, bool)
??:?
ui_adaptor::~ui_adaptor()
??:?
std::unique_ptr<ui_adaptor, std::default_delete<ui_adaptor> >::~unique_ptr()
??:?
live_view::~live_view()
??:?
std::unique_ptr<live_view, std::default_delete<live_view> >::~unique_ptr()
??:?
game::~game()
??:?
std::unique_ptr<game, std::default_delete<game> >::~unique_ptr()
??:?
??
??:0
??
??:0
save_screenshot(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&)
??:?
input_manager::get_input_event(keyboard_mode)
??:?
input_context::handle_input[abi:cxx11](int)
??:?
game::handle_mouseview(input_context&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&)
??:?
game::get_player_input(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&)
??:?
game::handle_action()
??:?
do_turn()
??:?
The "This option is not available line" (this is from the stdout) is something related to lines I get on other crashes:
/usr/include/c++/11.1.0/bits/regex_executor.tcc:537: void std::__detail::_Executor< <template-parameter-1-1>, <template-parameter-1-2>, <template-parameter-1-3>, <anonymous> >::_M_dfs(std::__detail::_Executor< <template-parameter-1-1>, <template-parameter-1-2>, <template-parameter-1-3>, <anonymous> >::_Match_mode, std::__detail::_StateIdT) [with _BiIter = const char*; _Alloc = std::allocator<std::__cxx11::sub_match<const char*> >; _TraitsT = std::__cxx11::regex_traits<char>;bool __dfs_mode = true; std::__detail::_StateIdT = long int]: Assertion 'false' failed.
This option is not available. Please see --help for all possible usages.
/usr/include/c++/11.1.0/bits/regex_executor.tcc:537: void std::__detail::_Executor< <template-parameter-1-1>, <template-parameter-1-2>, <template-parameter-1-3>, <anonymous> >::_M_dfs(std::__detail::_Executor< <template-parameter-1-1>, <template-parameter-1-2>, <template-parameter-1-3>, <anonymous> >::_Match_mode, std::__detail::_StateIdT) [with _BiIter = const char*; _Alloc = std::allocator<std::__cxx11::sub_match<const char*> >; _TraitsT = std::__cxx11::regex_traits<char>;bool __dfs_mode = true; std::__detail::_StateIdT = long int]: Assertion 'false' failed.
Expected behavior
Here is the freaky thing: It only happens sometimes and, for whatever reasons, the crash log file name is corrupted and leaves garbage file names containing the same crash log I got on my stdout (see above) in the current working directory.
-rw-r--r-- 1 username username 3110 Jan 15 22:49 ''$'\320''('$'\227'')'$'\310''U'
-rw-r--r-- 1 username username 3110 Jan 26 05:27 '@'$'\217\374\353\312''U'
-rw-r--r-- 1 username username 3110 Jan 28 16:08 '@'$'\257\222\276\335''U'
-rw-r--r-- 1 username username 3110 Jan 25 20:05 '@'$'\337\363\224''`U'
-rw-r--r-- 1 username username 3110 Jan 27 06:55 '@'$'\257'';('$'\202''U'
-rw-r--r-- 1 username username 3110 Jan 13 19:14 ''$'\320\370\005''?'$'\v''V'
-rw-r--r-- 1 username username 3110 Jan 22 15:31 '@'$'\037\270''`'$'\005''V'
This did not happen in 0.F-stable but persisted through every experimental I tried so far.
Contrary to what the stack trace said, I did exactly nothing. I did not attempt to save any screenshot.
Screenshots
No response
Versions and configuration
- OS: Linux
- OS Version: LSB Version: 1.4; Distributor ID: Arch; Description: Arch Linux; Release: rolling; Codename: n/a;
- Game Version: 0.F [64-bit]
- Graphics Version: Tiles
- Game Language: System language []
- Mods loaded: [ Dark Days Ahead [dda], Disable NPC Needs [no_npc_food], No Fungal Growth [no_fungal_growth], Bionic Professions [package_bionic_professions] ]
This is on Xorg/X11
Additional context
No response
I FINALLY GOT A TRACE: gdb.txt
Sorry for caps but I am excited I can finally provide a new lead because this crash is just so damn inconsistent and annoying.
Looking at the trace, it looks like the culprit might be somewhere around:
padding = "\000\177\000\000Q\315\004", '\000' <repeats 48 times>}
This looks almost exactly like the corruption I got in the crash log filenames.
Not sure if exactly whats causing the corruption but asan got this trace when I tried repro'ing.
=================================================================
==7857==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60300031a3b8 at pc 0x00000569c777 bp 0x7ffcba33d290 sp 0x7ffcba33d288
READ of size 8 at 0x60300031a3b8 thread T0
#0 0x569c776 in get /usr/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/refwrap.h:338:17
#1 0x569c776 in ui_adaptor::~ui_adaptor() /home/akrieger/Cataclysm-DDA/src/ui_manager.cpp:90:18
#2 0x1fe63ba in operator() /usr/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/unique_ptr.h:85:2
#3 0x1fe63ba in std::unique_ptr<ui_adaptor, std::default_delete<ui_adaptor> >::~unique_ptr() /usr/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/unique_ptr.h:361:4
#4 0x395695f in live_view::~live_view() /home/akrieger/Cataclysm-DDA/src/live_view.cpp:28:23
#5 0x305f3e6 in operator() /usr/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/unique_ptr.h:85:2
#6 0x305f3e6 in std::unique_ptr<live_view, std::default_delete<live_view> >::~unique_ptr() /usr/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/unique_ptr.h:361:4
#7 0x2f2754a in game::~game() /home/akrieger/Cataclysm-DDA/src/game.cpp:481:13
#8 0x305d4ce in operator() /usr/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/unique_ptr.h:85:2
#9 0x305d4ce in std::unique_ptr<game, std::default_delete<game> >::~unique_ptr() /usr/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/unique_ptr.h:361:4
#10 0x7f3f3916b494 in __run_exit_handlers stdlib/./stdlib/exit.c:113:8
#11 0x7f3f3916b60f in exit stdlib/./stdlib/exit.c:143:3
#12 0x51bad59 in CheckMessages() /home/akrieger/Cataclysm-DDA/src/sdltiles.cpp:3519:9
#13 0x51bd782 in input_manager::get_input_event(keyboard_mode) /home/akrieger/Cataclysm-DDA/src/sdltiles.cpp:3856:13
#14 0x32ec060 in input_context::handle_input[abi:cxx11](int) /home/akrieger/Cataclysm-DDA/src/input_context.cpp:442:32
#15 0x2f4f86e in game::handle_mouseview(input_context&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&) /home/akrieger/Cataclysm-DDA/src/game.cpp:2385:23
#16 0x313cef3 in game::get_player_input(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&) /home/akrieger/Cataclysm-DDA/src/handle_action.cpp:428:18
#17 0x317407c in game::handle_action() /home/akrieger/Cataclysm-DDA/src/handle_action.cpp:3012:16
#18 0x2b8ee7f in do_turn() /home/akrieger/Cataclysm-DDA/src/do_turn.cpp:579:24
#19 0x3a6576c in main /home/akrieger/Cataclysm-DDA/src/main.cpp:873:17
#20 0x7f3f3914fd8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
#21 0x7f3f3914fe3f in __libc_start_main csu/../csu/libc-start.c:392:3
#22 0x1c240f4 in _start (/home/akrieger/Cataclysm-DDA/cataclysm-tiles+0x1c240f4)
0x60300031a3b8 is located 24 bytes to the right of 32-byte region [0x60300031a380,0x60300031a3a0)
freed by thread T0 here:
#0 0x1cd08ed in operator delete(void*) (/home/akrieger/Cataclysm-DDA/cataclysm-tiles+0x1cd08ed)
#1 0x34bd4aa in deallocate /usr/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/ext/new_allocator.h:145:2
#2 0x34bd4aa in deallocate /usr/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/alloc_traits.h:496:13
#3 0x34bd4aa in _M_deallocate /usr/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/stl_vector.h:354:4
#4 0x34bd4aa in ~_Vector_base /usr/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/stl_vector.h:335:2
#5 0x34bd4aa in ~vector /usr/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/stl_vector.h:683:7
#6 0x34bd4aa in ~armor_portion_data /home/akrieger/Cataclysm-DDA/src/itype.h:277:8
#7 0x34bd4aa in _Destroy<armor_portion_data> /usr/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/stl_construct.h:151:19
#8 0x34bd4aa in __destroy<armor_portion_data *> /usr/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/stl_construct.h:163:6
#9 0x34bd4aa in _Destroy<armor_portion_data *> /usr/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/stl_construct.h:195:7
#10 0x34bd4aa in _Destroy<armor_portion_data *, armor_portion_data> /usr/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/alloc_traits.h:848:7
#11 0x34bd4aa in std::vector<armor_portion_data, std::allocator<armor_portion_data> >::~vector() /usr/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/stl_vector.h:680:2
#12 0x34bcaaf in ~islot_armor /home/akrieger/Cataclysm-DDA/src/itype.h:379:8
#13 0x34bcaaf in operator() /usr/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/unique_ptr.h:85:2
#14 0x34bcaaf in std::unique_ptr<islot_armor, std::default_delete<islot_armor> >::~unique_ptr() /usr/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/unique_ptr.h:361:4
#15 0x34bc317 in itype::~itype() /home/akrieger/Cataclysm-DDA/src/itype.h:1562:34
#16 0x36145c0 in ~pair /usr/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/stl_iterator.h:2488:12
#17 0x36145c0 in destroy<std::pair<const string_id<itype>, itype> > /usr/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/ext/new_allocator.h:168:10
#18 0x36145c0 in destroy<std::pair<const string_id<itype>, itype> > /usr/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/alloc_traits.h:535:8
#19 0x36145c0 in _M_deallocate_node /usr/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/hashtable_policy.h:1894:7
#20 0x36145c0 in std::__detail::_Hashtable_alloc<std::allocator<std::__detail::_Hash_node<std::pair<string_id<itype> const, itype>, false> > >::_M_deallocate_nodes(std::__detail::_Hash_node<std::pair<string_id<itype> const, itype>, false>*) /usr/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/hashtable_policy.h:1916:4
#21 0x3614524 in std::_Hashtable<string_id<itype>, std::pair<string_id<itype> const, itype>, std::allocator<std::pair<string_id<itype> const, itype> >, std::__detail::_Select1st, std::equal_to<string_id<itype> >, std::hash<string_id<itype> >, std::__detail::_Mod_range_hashing, std::__detail::_Default_ranged_hash, std::__detail::_Prime_rehash_policy, std::__detail::_Hashtable_traits<false, false, true> >::clear() /usr/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/hashtable.h:2320:13
#22 0x36144cb in std::_Hashtable<string_id<itype>, std::pair<string_id<itype> const, itype>, std::allocator<std::pair<string_id<itype> const, itype> >, std::__detail::_Select1st, std::equal_to<string_id<itype> >, std::hash<string_id<itype> >, std::__detail::_Mod_range_hashing, std::__detail::_Default_ranged_hash, std::__detail::_Prime_rehash_policy, std::__detail::_Hashtable_traits<false, false, true> >::~_Hashtable() /usr/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/hashtable.h:1532:7
#23 0x359afc8 in ~unordered_map /usr/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/unordered_map.h:102:11
#24 0x359afc8 in Item_factory::~Item_factory() /home/akrieger/Cataclysm-DDA/src/item_factory.cpp:1636:29
#25 0x35f46a8 in operator() /usr/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/unique_ptr.h:85:2
#26 0x35f46a8 in std::unique_ptr<Item_factory, std::default_delete<Item_factory> >::~unique_ptr() /usr/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/unique_ptr.h:361:4
#27 0x7f3f3916b494 in __run_exit_handlers stdlib/./stdlib/exit.c:113:8
previously allocated by thread T0 here:
#0 0x1cd008d in operator new(unsigned long) (/home/akrieger/Cataclysm-DDA/cataclysm-tiles+0x1cd008d)
#1 0x36243e0 in allocate /usr/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/alloc_traits.h:464:20
#2 0x36243e0 in _M_allocate /usr/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/stl_vector.h:346:20
#3 0x36243e0 in void std::vector<part_material, std::allocator<part_material> >::_M_realloc_insert<part_material const&>(__gnu_cxx::__normal_iterator<part_material*, std::vector<part_material, std::allocator<part_material> > >, part_material const&) /usr/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/vector.tcc:440:33
#4 0x3592ce8 in push_back /usr/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/stl_vector.h:1198:4
#5 0x3592ce8 in Item_factory::finalize_post_armor(itype&) /home/akrieger/Cataclysm-DDA/src/item_factory.cpp:876:32
#6 0x3591886 in Item_factory::finalize_post(itype&) /home/akrieger/Cataclysm-DDA/src/item_factory.cpp:752:9
#7 0x35987d1 in Item_factory::finalize() /home/akrieger/Cataclysm-DDA/src/item_factory.cpp:1400:9
#8 0x32c29dc in operator() /usr/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/std_function.h:590:9
#9 0x32c29dc in DynamicDataLoader::finalize_loaded_data(loading_ui&) /home/akrieger/Cataclysm-DDA/src/init.cpp:780:9
#10 0x2f2d5d3 in game::load_world_modfiles(loading_ui&) /home/akrieger/Cataclysm-DDA/src/game.cpp:3213:39
#11 0x2f2bd9f in game::setup() /home/akrieger/Cataclysm-DDA/src/game.cpp:793:5
#12 0x3a82992 in main_menu::new_character_tab() /home/akrieger/Cataclysm-DDA/src/main_menu.cpp:1049:16
#13 0x3a7aa15 in main_menu::opening_screen() /home/akrieger/Cataclysm-DDA/src/main_menu.cpp:940:29
#14 0x3a656f0 in main /home/akrieger/Cataclysm-DDA/src/main.cpp:867:19
#15 0x7f3f3914fd8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
SUMMARY: AddressSanitizer: heap-buffer-overflow /usr/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/refwrap.h:338:17 in get
Shadow bytes around the buggy address:
0x0c068005b420: fa fa fd fd fd fd fa fa fd fd fd fd fa fa fd fd
0x0c068005b430: fd fd fa fa fd fd fd fd fa fa fd fd fd fd fa fa
0x0c068005b440: fd fd fd fd fa fa fd fd fd fd fa fa fd fd fd fd
0x0c068005b450: fa fa fd fd fd fa fa fa fd fd fd fd fa fa fd fd
0x0c068005b460: fd fd fa fa fd fd fd fd fa fa fd fd fd fd fa fa
=>0x0c068005b470: fd fd fd fd fa fa fa[fa]fa fa fa fa fd fd fd fd
0x0c068005b480: fa fa fd fd fd fd fa fa fa fa fa fa fa fa fd fd
0x0c068005b490: fd fd fa fa fd fd fd fd fa fa fd fd fd fd fa fa
0x0c068005b4a0: fd fd fd fd fa fa fd fd fd fd fa fa fd fd fd fd
0x0c068005b4b0: fa fa fd fd fd fd fa fa fa fa fa fa fa fa fd fd
0x0c068005b4c0: fd fd fa fa fd fd fd fd fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==7857==ABORTING
