[http://sourceforge.net/p/ufoai/bugs/2175 Item 2175] imported from sourceforge.net tracker on 2013-01-28 19:22:20

revision 26177

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xa804eb90 (LWP 3615)]
0xb48f63c7 in G_ClientMove (player=0x1c12507c, visTeam=0, num=5, to=0xa804e218 "\205\226", stopOnVisStop=qfalse,
quiet=qtrue) at src/game/g_move.c:279
279 (*stepAmount)++;
(gdb) bt full
#0 0xb48f63c7 in G_ClientMove (player=0x1c12507c, visTeam=0, num=5, to=0xa804e218 "\205\226", stopOnVisStop=qfalse,
quiet=qtrue) at src/game/g_move.c:279
crouchFlag = 0
ent = (edict_t *) 0xb3d04a74
status = 0
initTU = 32
dvtab = "0", &#039;\b&#039; <repeats 12 times>, "”¦\000”¦\000\001\032\001\221D\000\000\000\000\032\001\221D"
dv = 8
dir = 1
numdv = 12 &#039;\f&#039;
length = 27 &#039;\033&#039;
pos = "\222\225"
div = 2
truediv = 2
tu = 2
contentFlags = 0
pointTrace = {560, 688, 24}
stepAmount = (byte *) 0x0
triggers = qfalse
clientAction = (edict_t *) 0x1f
oldState = 0
autoCrouchRequired = qfalse
crouchingState = 0 &#039;\0&#039;
#1 0xb48e4952 in AI_PrepBestAction (player=0x1c12507c, ent=0xb3d04a74) at src/game/g_ai.c:742
aia = {to = "\000\000", stop = "\000\000", mode = 0 &#039;\0&#039;, shots = 0 &#039;\0&#039;, target = 0x0, fd = 0x0, z_align = 0}
bestAia = {to = "\205\226", stop = "\205\226", mode = 0 &#039;\0&#039;, shots = 0 &#039;\0&#039;, target = 0x0, fd = 0x0, z_align = 0}
oldPos = "\222\225"
to = "°³\b"
oldOrigin = {592, 688, 48}
xl = 116
yl = 119
xh = 176
yh = 179
bestActionPoints = -10000
best = 77.1209564
crouchingState = 0 &#039;\0&#039;
#2 0xb48e4e87 in AI_ActorThink (player=0x1c12507c, ent=0xb3d04a74) at src/game/g_ai.c:826
bestAia = {to = "L\220\005", stop = "\000\005", mode = 0 &#039;\0&#039;, shots = 0 &#039;\0&#039;, target = 0xb48daf80,
fd = 0xb4931d24, z_align = 35682947}
#3 0xb48e51b2 in AI_Run () at src/game/g_ai.c:900
player = (player_t *) 0x1c12507c
ent = (edict_t *) 0xb3d04a74
i = 1
j = 5
#4 0xb48f4f05 in G_RunFrame () at src/game/g_main.c:667
No locals.
#5 0x08154842 in SV_RunGameFrame () at src/server/sv_game.c:418
No locals.
#6 0x08154822 in SV_RunGameFrameThread (data=0x0) at src/server/sv_game.c:404
No locals.
#7 0xb7b1183b in ?? () from /usr/lib/libSDL-1.2.so.0
No symbol table info available.
#8 0x00000000 in ?? ()
No symbol table info available.

===== Comments Ported from Sourceforge =====

====== aduke1 (2009-10-31 21:56:23) ======

If it crashes in G_ClientMove(), it was probably a pathfinding issue.
There have been quite some fixes to PF since r26177 :)

Do you have a way to reproduce it ?
Did it happen again recently ?
====== richlv (2009-10-31 22:50:28) ======

haven&#039;t played much recently, and thus it has not happened ;)
trace also seems to touch ai somewhat, maybe connected ?
if backtrace is of no help, feel free to close the report.
====== richlv (2009-10-31 22:58:37) ======

er, wait. just happened again, twice, with revision 26859.

i just load a map and move.
i possibly see enemies (and they see me) on the way, and after a short while it crashes.
====== aduke1 (2009-11-01 23:25:20) ======

richlv,
start skirmish village.map, select soldier 3, walk towards the hospital. He will see several civs and usually an enemy (I did that a hundred times in the past months *g*). Never crashed here.
Does that crash for you ? If not, what&#039;s the difference to the scenario where you got the crash ?

tlh2000,
the above trace shows that stepAmount is NULL. A glance at G_ClientMove() showed that the setting of stepAmount can be skipped by the if-statement around line 250, which is really *bad*. There should be an &#039;else&#039; for 250 with either break, continue or return. No clue which.
I only understand parts of the code and comments, but it smells like it might be event-related.
So I&#039;m assigning this item to you in the hope that you can make more sense out of it.

====== aduke1 (2009-11-02 23:01:10) ======

richlv,
I saw tlh2000 applied &#039;half a fix&#039; to this in r26890. It prevents the segfault, but merely prints a debug message. Instead of crashing, the actor will stop walking for no obvious reason and you&#039;ll see the message.

So it&#039;s rather important that you try the test I suggested so we can figure out why this happens.
====== richlv (2009-11-03 02:09:24) ======

actually, perfectly reproducible in rev 26891 - and it still crashes, not outputs a message or something. backtrace seems a bit longer, so i&#039;m including it again below.

i can reproduce it by proceeding as instructed. what i am doing which _might_ have any connection to this - using long actor orders, longer than their current free tus; possibly issuing additional movement orders while aliens react (by shooting at me).

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb6ef16e0 (LWP 6042)]
0xb3c3c042 in G_ClientMove (player=0x1be22e44, visTeam=1, num=22, to=0xbfbca7d9 "\210f", stopOnVisStop=qtrue, quiet=qfalse)
at src/game/g_move.c:180
180 while ((dv = gi.MoveNext(gi.routingMap, ent->fieldSize, gi.pathingMap, pos, crouchingState))
(gdb) bt full
#0 0xb3c3c042 in G_ClientMove (player=0x1be22e44, visTeam=1, num=22, to=0xbfbca7d9 "\210f", stopOnVisStop=qtrue,
quiet=qfalse) at src/game/g_move.c:180
ent = (edict_t *) 0x8000800
status = -1078155448
initTU = 11
dvtab = "\020\02000000\b\b\b\000\b\000\b\000\b\000\b\000\b\000\b\000\b\000\b\000\b\000\b\000\b"
dv = 8
dir = -1078155303
numdv = 36 &#039;$&#039;
length = 22 &#039;\026&#039;
pos = "\220_"
div = 2.80259693e-45
truediv = 9.80908925e-44
tu = 0
contentFlags = -1078155416
pointTrace = {0, -912, 12}
stepAmount = (byte *) 0x0
triggers = qfalse
clientAction = (edict_t *) 0xb3c77d24
oldState = 0
autoCrouchRequired = qfalse
crouchingState = 0 &#039;\0&#039;
#1 0xb3c2f453 in G_ClientAction (player=0x1be22e44) at src/game/g_client.c:614
action = PA_MOVE
num = 22
pos = "\210f"
i = 499403176
firemode = -1078155209
from = 135550895
fx = -1078155256
fy = 134635072
to = 135816112
tx = 173515780
ty = 499170688
hand = 499170696
fdIdx = -1212800704
objIdx = -1213767450
resType = -1078155320
resState = 499170696
resValue = -1212800704
ent = (edict_t *) 0x0
#2 0x0815bdda in SV_ExecuteClientMessage (cl=0x1bd7071c, cmd=4, msg=0x1dbed014) at src/server/sv_user.c:344
s = 0x4000007 <Address 0x4000007 out of bounds>
#3 0x081578cb in SV_ReadPacket (s=0x1bfb35e4) at src/server/sv_main.c:449
cmd = 4
cl = (client_t *) 0x1bd7071c
msg = (struct dbuffer *) 0x1dbed014
#4 0x081424c0 in NET_Wait (timeout=0) at src/common/net.c:457
s = (struct net_stream *) 0x1bfb35e4
tv = {tv_sec = 0, tv_usec = 0}
ready = 0
i = 0
read_fds_out = {fds_bits = {0 <repeats 32 times>}}
write_fds_out = {fds_bits = {0 <repeats 32 times>}}
#5 0x08138629 in Qcommon_Frame () at src/common/common.c:1155
s = 0x0
time_to_next = 0
event = (struct event *) 0x1dbed014
#6 0x08184dc3 in main (argc=1, argv=0xbfbcbbb4) at src/ports/linux/linux_main.c:53
No locals.

====== aduke1 (2009-11-03 21:27:50) ======

Although it still crashes in G_ClientMove(), it&#039;s a completely different crash this time.
And I still can&#039;t reproduce it, even with long actor orders.
Are you using debug or release exe ?
Does it crash for you everytime you repeat ?
Always in the first turn ?
====== richlv (2009-11-03 23:03:44) ======

"Are you using debug or release exe ?"

self compiled, so probably debug mode :)

"Does it crash for you everytime you repeat ?"

pretty much, yes. if i take a very careful path composed of short moves, it does not crash

"Always in the first turn ?"

this actually made me realise that a possibly important bit of information has not been mentioned - i set g_notu to 1 (i&#039;m testing pathfinding, after all)...
then i just proceed to move to the opposite corner of the map, and soon game crashes
====== aduke1 (2009-11-04 00:49:20) ======

Richlv:
Couldn&#039;t get it to crash here with g_notu 1 and debug exe :(
Plz make *sure* which version you are using. Because a debug exe initializes variables differently, realease and debug exe can behave *very* differently....

tlh2000:
In the 2nd stacktrace, ent seems to be corrupted. There aren&#039;t too many ways to corrupt it in that crashing while loop.
numdv is 36, which is above MAX_DVTAB = 32. But as dvtab is of type &#039;byte&#039;, we shouldn&#039;t have reached ent yet. initTu looks reasonable, &#039;status&#039; looks uninitialized, but ok.
No clue yet :(
====== tlh2000 (2009-11-04 06:19:43) ======

numdv is 36 - stange. don&#039;t we have that 32 steps limit anymore? if so, we have to fix MAX_DVTAB to the new value. if the memory got corrupted in any stage i won&#039;t be surprised by any side effects.
====== tlh2000 (2009-11-04 06:23:40) ======

a small safety check was introduced in r26912
====== richlv (2009-11-04 11:25:37) ======

duke, i&#039;m not passing --enable-release to configure, so it has to be debug mode :)

it seems that it isn&#039;t crashing in trunk rev 26912 anymore, but i get the following logged in the console :

Event 15 activate and no stepAmount pointer set

this seems to happen (just like crash did) when aliens return fire while soldier was moving
====== tlh2000 (2010-01-06 19:13:51) ======

i can&#039;t reproduce this here
====== tlh2000 (2010-01-06 19:15:06) ======

... half comment....

i can&#039;t reproduce this here - and i no other information on how to reproduce it follows i will close this report soon - as it&#039;s not really helping us and the initial report (the sigsegv) is fixed already
====== sf-robot (2010-02-01 02:20:21) ======

This Tracker item was closed automatically by the system. It was
previously set to a Pending status, and the original submitter
did not respond within 14 days (the time period specified by
the administrator of this Tracker).