Opened 3 months ago

Closed 3 months ago

#5932 closed defect (fixed)

Simultaneous segfault of both players

Reported by: Imarok Owned by: wraitii
Priority: Release Blocker Milestone: Alpha 24
Component: Core engine Keywords:
Cc: Patch: Phab:D3410, Phab:D3411

Description (last modified by Imarok)

We got a simultaneous segfault while playing together. Seems to be reproducible when replaying on Windows and on Linux.

Attachments (1)

commands.txt (783.7 KB ) - added by Imarok 3 months ago.

Download all attachments as: .zip

Change History (8)

by Imarok, 3 months ago

Attachment: commands.txt added

comment:1 by Imarok, 3 months ago

The replay is for r24670. It also works in non-visual replay.

Last edited 3 months ago by Imarok (previous) (diff)

comment:2 by Imarok, 3 months ago

Description: modified (diff)

comment:3 by Imarok, 3 months ago

bt on Linux:



Thread 1 "main" received signal SIGSEGV, Segmentation fault.
0x0000555555687d93 in ScriptInterface::call<IComponent*, int, int, &CComponentManager::Script_QueryInterface> (cx=0x555555ed8f00, argc=2, vp=0x7fffff7ff068)
    at ../../../source/scriptinterface/NativeWrapperDefns.h:124
124	BOOST_PP_REPEAT(SCRIPT_INTERFACE_MAX_ARGS, OVERLOADS, ~)
(gdb) bt
#0  0x0000555555687d93 in ScriptInterface::call<IComponent*, int, int, &CComponentManager::Script_QueryInterface> (cx=0x555555ed8f00, argc=2, vp=0x7fffff7ff068)
    at ../../../source/scriptinterface/NativeWrapperDefns.h:124
#1  0x00000055b1a4ca7e in ?? ()
#2  0x0000000000000000 in ?? ()

comment:4 by Imarok, 3 months ago

Milestone: BacklogAlpha 24

comment:5 by stanislas69, 3 months ago

Replaying this in Non Visual I get a segfault at Turn 7528 Phab:rP24669

>	15570088()	Inconnu
 	[Les frames ci-dessous sont peut-être incorrects et/ou manquants]	Inconnu
 	[Code externe]	
 	mozjs78-ps-release.dll!js::jit::MaybeEnterJit(JSContext * cx, js::RunState & state) Ligne 196	C++
 	mozjs78-ps-release.dll!js::RunScript(JSContext * cx, js::RunState & state) Ligne 450	C++
 	mozjs78-ps-release.dll!js::InternalCallOrConstruct(JSContext * cx, const JS::CallArgs & args, js::MaybeConstruct construct, js::CallReason reason) Ligne 620	C++
 	mozjs78-ps-release.dll!InternalCall(JSContext * cx, const js::AnyInvokeArgs & args, js::CallReason reason) Ligne 648	C++
 	mozjs78-ps-release.dll!js::Call(JSContext * cx, JS::Handle<JS::Value> fval, JS::Handle<JS::Value> thisv, const js::AnyInvokeArgs & args, JS::MutableHandle<JS::Value> rval, js::CallReason reason) Ligne 665	C++
 	mozjs78-ps-release.dll!js::fun_call(JSContext * cx, unsigned int argc, JS::Value * vp) Ligne 1132	C++
 	mozjs78-ps-release.dll!js::fun_apply(JSContext * cx, unsigned int argc, JS::Value * vp) Ligne 1152	C++
 	[Code externe]	

I also get a segfault Replaying this in Non Visual I get a segfault at Turn 7528 Phab:rP24669

Unhandled Exception à 0x003C91D2 dans pyrogenesis.exe : 0xC00000FD: Stack overflow (paramètres : 0x00000001, 0x01002FDC).

>	pyrogenesis.exe!ScriptInterface::ToJSVal<IComponent *>(const ScriptRequest & rq, JS::MutableHandle<JS::Value> ret, IComponent * const & val) Ligne 38	C++
 	[Cadre en ligne] pyrogenesis.exe!ScriptInterface::AssignOrToJSVal(const ScriptRequest &) Ligne 505	C++
 	[Cadre en ligne] pyrogenesis.exe!ScriptInterface::AssignOrToJSValUnrooted(const ScriptRequest &) Ligne 421	C++
 	[Cadre en ligne] pyrogenesis.exe!ScriptInterface_NativeWrapper<IComponent *>::call(const ScriptRequest &) Ligne 74	C++
 	pyrogenesis.exe!ScriptInterface::call<IComponent *,int,int,&CComponentManager::Script_QueryInterface>(JSContext * cx, unsigned int argc, JS::Value * vp) Ligne 124	C++
 	[Code externe]	
 	[Les frames ci-dessous sont peut-être incorrects et/ou manquants]	Inconnu
 	mozjs78-ps-release.dll!js::jit::MaybeEnterJit(JSContext * cx, js::RunState & state) Ligne 196	C++
 	mozjs78-ps-release.dll!js::RunScript(JSContext * cx, js::RunState & state) Ligne 450	C++
 	mozjs78-ps-release.dll!js::InternalCallOrConstruct(JSContext * cx, const JS::CallArgs & args, js::MaybeConstruct construct, js::CallReason reason) Ligne 620	C++
 	mozjs78-ps-release.dll!InternalCall(JSContext * cx, const js::AnyInvokeArgs & args, js::CallReason reason) Ligne 648	C++
 	mozjs78-ps-release.dll!js::Call(JSContext * cx, JS::Handle<JS::Value> fval, JS::Handle<JS::Value> thisv, const js::AnyInvokeArgs & args, JS::MutableHandle<JS::Value> rval, js::CallReason reason) Ligne 665	C++
 	mozjs78-ps-release.dll!js::fun_call(JSContext * cx, unsigned int argc, JS::Value * vp) Ligne 1132	C++
 	mozjs78-ps-release.dll!js::fun_apply(JSContext * cx, unsigned int argc, JS::Value * vp) Ligne 1152	C++
 	[Code externe]	

comment:6 by wraitii, 3 months ago

Owner: set to wraitii
Patch: Phab:D3410, Phab:D3411

comment:7 by wraitii, 3 months ago

Resolution: fixed
Status: newclosed

In 24688:

Fix segfault from a formation infinite loop.

#5932 reported a segfault. The direct cause is an infinite loop in Order.Repair in a formation controller.
There are multiple issues at play here, but the core problem is that the controller has been marked for destruction, but remains alive over the turn and UnitAI timers can fire. This leads to an unexpected state that triggers an infinite loop.

To avoid this problem, immediately switch the formation controller to a clean state when it's being disbanded.

Fixes #5932

Differential Revision: https://code.wildfiregames.com/D3410

Note: See TracTickets for help on using tickets.