Game crashes before first launch

[pemensik]

Just tried the game and tried to remember what game dynamics were. And got crash. Fortunately, ABRT catched it, because I have also unsigned packages checked. So here comes the backtrace:

It comes from recent master with few my changes to linking.

#0  MissionSetup (plr=plr@entry=1 '\001', mis=mis@entry=0 '\000')
    at /usr/src/debug/raceintospace-1.1.0-1.20190719gitbf6c86a.fc29.x86_64/src/game/mc2.cpp:783
        i = 5 '\005'
        t = <optimized out>
#1  0x000055d2df9c62f9 in Launch (plr=<optimized out>, mis=<optimized out>)
    at /usr/src/debug/raceintospace-1.1.0-1.20190719gitbf6c86a.fc29.x86_64/src/game/mc.cpp:154
        i = <optimized out>
        j = <optimized out>
        t = <optimized out>
        k = <optimized out>
        mcode = <optimized out>
        avg = <optimized out>
        temp = <optimized out>
        total = <optimized out>
#2  0x000055d2df9b776d in MainLoop () at /usr/src/debug/raceintospace-1.1.0-1.20190719gitbf6c86a.fc29.x86_64/src/game/game_main.cpp:612
        i = 0
        j = <optimized out>
        t1 = <optimized out>
        t2 = <optimized out>
        t3 = <optimized out>
        prest = <optimized out>
        sign = <optimized out>
        turn = <optimized out>
        kik = 1
        newTurn = <optimized out>
        __PRETTY_FUNCTION__ = "void MainLoop()"
#3  0x000055d2df9b8317 in game_main_impl (argc=<optimized out>, argv=<optimized out>)
    at /usr/src/debug/raceintospace-1.1.0-1.20190719gitbf6c86a.fc29.x86_64/src/game/game_main.cpp:298
        fin = 0x55d2e17d7810
        see_readme = 0x55d2dfa12238 "look for further instructions in the README file"
        ex = 0 '\000'
        __func__ = "game_main_impl"
#4  0x000055d2df9b885a in game_main (argc=<optimized out>, argv=<optimized out>)
    at /usr/src/debug/raceintospace-1.1.0-1.20190719gitbf6c86a.fc29.x86_64/src/game/game_main.cpp:347
No locals.
#5  0x00007fb5d679e413 in __libc_start_main () from /lib64/libc.so.6
No symbol table info available.
#6  0x000055d2df97892e in _start () at /usr/include/c++/8/bits/char_traits.h:287
No symbol table info available.

[pemensik]

Not sure I understand what went wrong. gdb is confusing me.

Core was generated by `/usr/bin/raceintospace'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  MissionSetup (plr=plr@entry=1 '\001', mis=mis@entry=0 '\000')
    at /usr/src/debug/raceintospace-1.1.0-1.20190719gitbf6c86a.fc29.x86_64/src/game/mc2.cpp:783
783	                    MH[j][i]->SMods += MH[j][i]->Damage;    //Damaged Equipment, Nikakd, 10/8/10

...

(gdb) p MH[j][i]
$1 = (Equipment *) 0x55d2e1861a8a
(gdb) p *MH[j][i]
$2 = {
  Name = "EVA SUITS\000\000\000\000\000\000\000\000\000\000", 
  ID = "M3", 
  Safety = 30, 
  MisSaf = 30, 
  MSF = 91, 
  Base = 30 '\036', 
  InitCost = 18, 
  UnitCost = 0 '\000', 
  UnitWeight = 0, 
  MaxPay = 0, 
  RDCost = 1 '\001', 
  Code = 0 '\000', 
  Num = -1 '\377', 
  Spok = 0 '\000', 
  Seas = 2 '\002', 
  Used = 0 '\000', 
  unused_IDX = "M3", 
  Steps = 0, 
  Failures = 0, 
  MaxRD = 91 '[', 
  MaxSafety = 94 '^', 
  SMods = 0 '\000', 
  SaveCard = 0 '\000', 
  Delay = 0 '\000', 
  Duration = 0 '\000', 
  Damage = 0 '\000', 
  DCost = 0 '\000', 
  MisSucc = 0 '\000', 
  MisFail = 0 '\000'
}
(gdb) p MH[j][i]->SMods
$3 = 0 '\000'
(gdb) p MH[j][i]->Damage
$4 = 0 '\000'
(gdb) p MH[j][i]->SMods+MH[j][i]->Damage 
$5 = 0

[pemensik]

Autosave that is before it. It often crashes on next turn.

AUTOSAVE.SAV.gz

[pemensik]

Retry with Valgrind:

==17156== Invalid read of size 1
==17156==    at 0x177628: MissionSetup(char, char) (mc2.cpp:783)
==17156==    by 0x1752F8: Launch(char, char) (mc.cpp:154)
==17156==    by 0x16676C: MainLoop() (game_main.cpp:612)
==17156==    by 0x1677DD: game_main_impl(int, char**) (game_main.cpp:311)
==17156==    by 0x167859: game_main (game_main.cpp:347)
==17156==    by 0x50D7412: (below main) (in /usr/lib64/libc-2.28.so)
==17156==  Address 0x36 is not stack'd, malloc'd or (recently) free'd
==17156== 
==17156== 
==17156== Process terminating with default action of signal 11 (SIGSEGV): dumping core
==17156==    at 0x4938EED: raise (in /usr/lib64/libpthread-2.28.so)
==17156==    by 0x493906F: ??? (in /usr/lib64/libpthread-2.28.so)
==17156==    by 0x177627: MissionSetup(char, char) (mc2.cpp:782)
==17156==    by 0x1752F8: Launch(char, char) (mc.cpp:154)
==17156==    by 0x16676C: MainLoop() (game_main.cpp:612)
==17156==    by 0x1677DD: game_main_impl(int, char**) (game_main.cpp:311)
==17156==    by 0x167859: game_main (game_main.cpp:347)
==17156==    by 0x50D7412: (below main) (in /usr/lib64/libc-2.28.so)
==17156== 

[rnyoakum]

I'll take a look at this and see what I can figure out. I tried reproducing the error using the autosave you provided, but it didn't trigger a segmentation fault for me. If you can reliably reproduce the crash I may ask you if you could provide some additional details.

Also, while I doubt it has any impact on the crash, I do want to make sure I understood you right - the version you're playing includes the changes you've submitted, correct?

[pemensik]

@rnyoakum Correct. I can reproduce it on Fedora 29. It is built from my tag v1_1_0_shared-libs I used to build a package.

Found interesting thing. It only crashes in optimized version it seems. Debug build passed just fine. Exact way to crash is not yet known. Used GCC is gcc-8.3.1-2.fc29.x86_64. Happens almost always at the end of turn.

[pemensik]

It seems to be it could be something wrong with a compiler or just specific to my CPU. Or just strange thing with compilation? I tried to compile it with Clang. It required one modification, but did not crashed the same way as GCC. Maybe we hit some compiler bug?

It seems crashed on place where it should not. Dissassemble in gdb helped a bit.

(gdb) disassemble
   0x0000000000464680 <+0>:	push   %r15
   0x0000000000464682 <+2>:	movsbq %dil,%r15
   0x0000000000464686 <+6>:	push   %r14
   0x0000000000464688 <+8>:	push   %r13
   0x000000000046468a <+10>:	push   %r12
   0x000000000046468c <+12>:	movsbq %sil,%r12
   0x0000000000464690 <+16>:	push   %rbp
   0x0000000000464691 <+17>:	imul   $0x3ca0,%r15,%rbp
   0x0000000000464698 <+24>:	lea    (%r12,%r12,4),%rax
   0x000000000046469c <+28>:	push   %rbx
   0x000000000046469d <+29>:	lea    (%r12,%rax,4),%rax
   0x00000000004646a1 <+33>:	movsbq %sil,%rbx
   0x00000000004646a5 <+37>:	lea    (%r12,%rax,2),%rax
   0x00000000004646a9 <+41>:	lea    (%rax,%rbp,1),%r13
   0x00000000004646ad <+45>:	sub    $0x28,%rsp
   0x00000000004646b1 <+49>:	mov    0x62b90(%rip),%rax        # 0x4c7248 <Data>
   0x00000000004646b8 <+56>:	movb   $0x0,0x62bc3(%rip)        # 0x4c7282 <DMFake>
   0x00000000004646bf <+63>:	mov    %dil,(%rsp)
   0x00000000004646c3 <+67>:	add    %r13,%rax
   0x00000000004646c6 <+70>:	movsbl 0x1add(%rax),%edi
   0x00000000004646cd <+77>:	callq  0x455af0 <GetMisType(char)>
   0x00000000004646d2 <+82>:	mov    0x62b6f(%rip),%rdi        # 0x4c7248 <Data>
   0x00000000004646d9 <+89>:	lea    (%rdi,%r13,1),%rax
   0x00000000004646dd <+93>:	cmpb   $0x0,0x1ae6(%rax)
   0x00000000004646e4 <+100>:	js     0x464b07 <MissionSetup(char, char)+1159>
   0x00000000004646ea <+106>:	movsbq (%rsp),%r8
   0x00000000004646ef <+111>:	movzbl 0x62b8b(%rip),%r14d        # 0x4c7282 <DMFake>
   0x00000000004646f7 <+119>:	imul   $0x3ca0,%r8,%r8
   0x00000000004646fe <+126>:	lea    0x83a(%rdi,%r8,1),%rsi
   0x0000000000464706 <+134>:	mov    %rsi,0x8(%rsp)
   0x000000000046470b <+139>:	lea    0x548(%rdi,%r8,1),%rsi
   0x0000000000464713 <+147>:	mov    %rsi,0x18(%rsp)
   0x0000000000464718 <+152>:	lea    0x874(%rdi,%r8,1),%rsi
   0x0000000000464720 <+160>:	mov    %rsi,0x10(%rsp)
   0x0000000000464725 <+165>:	testb  $0x10,0x62fce(%rip)        # 0x4c76fa <Mis+218>
   0x000000000046472c <+172>:	jne    0x4649d0 <MissionSetup(char, char)+848>
   0x0000000000464732 <+178>:	nopw   0x0(%rax,%rax,1)
   0x0000000000464738 <+184>:	imul   $0x3ca0,%r15,%rdx
   0x000000000046473f <+191>:	lea    (%r12,%r12,4),%rax
   0x0000000000464743 <+195>:	lea    (%r12,%rax,4),%rax
   0x0000000000464747 <+199>:	lea    (%r12,%rax,2),%rax
   0x000000000046474b <+203>:	add    %rdx,%rax
   0x000000000046474e <+206>:	add    %rdi,%rax
   0x0000000000464751 <+209>:	cmpb   $0x2,0x1ae0(%rax)
   0x0000000000464758 <+216>:	je     0x464ae8 <MissionSetup(char, char)+1128>
   0x000000000046475e <+222>:	imul   $0x3ca0,%r15,%rdx
   0x0000000000464765 <+229>:	lea    (%r12,%r12,4),%rax
   0x0000000000464769 <+233>:	lea    (%r12,%rax,4),%rax
   0x000000000046476d <+237>:	lea    (%r12,%rax,2),%rax
   0x0000000000464771 <+241>:	add    %rdx,%rax
   0x0000000000464774 <+244>:	add    %rdi,%rax
   0x0000000000464777 <+247>:	cmpb   $0x39,0x1add(%rax)
   0x000000000046477e <+254>:	jne    0x46478d <MissionSetup(char, char)+269>
   0x0000000000464780 <+256>:	movb   $0x4,0x1ae3(%rax)
   0x0000000000464787 <+263>:	mov    $0x1,%r14d
   0x000000000046478d <+269>:	imul   $0x3ca0,%r15,%rdx
   0x0000000000464794 <+276>:	lea    (%r12,%r12,4),%rax
   0x0000000000464798 <+280>:	lea    (%r12,%rax,4),%rax
   0x000000000046479c <+284>:	lea    (%r12,%rax,2),%rax
   0x00000000004647a0 <+288>:	add    %rdx,%rax
   0x00000000004647a3 <+291>:	add    %rdi,%rax
   0x00000000004647a6 <+294>:	cmpb   $0x2,0x1ae0(%rax)
   0x00000000004647ad <+301>:	jne    0x4647bc <MissionSetup(char, char)+316>
   0x00000000004647af <+303>:	movb   $0x4,0x1ae3(%rax)
   0x00000000004647b6 <+310>:	mov    $0x1,%r14d
   0x00000000004647bc <+316>:	lea    (%rbx,%rbx,4),%rax
   0x00000000004647c0 <+320>:	lea    0x78c(%r8),%r11
   0x00000000004647c7 <+327>:	xor    %edx,%edx
   0x00000000004647c9 <+329>:	mov    $0x4c80e0,%ecx
   0x00000000004647ce <+334>:	lea    (%rbx,%rax,4),%rax
   0x00000000004647d2 <+338>:	lea    0x2ca(%r8),%r13
   0x00000000004647d9 <+345>:	lea    (%rbx,%rax,2),%rsi
   0x00000000004647dd <+349>:	lea    0x460(%r8),%rbp
   0x00000000004647e4 <+356>:	add    %r8,%rsi
   0x00000000004647e7 <+359>:	lea    0x5f6(%r8),%rbx
   0x00000000004647ee <+366>:	lea    (%r12,%r12,4),%rax
   0x00000000004647f2 <+370>:	imul   $0x3ca0,%r15,%r8
   0x00000000004647f9 <+377>:	lea    (%r12,%rax,4),%rax
   0x00000000004647fd <+381>:	add    %rdi,%rsi
   0x0000000000464800 <+384>:	lea    (%r12,%rax,2),%rax
   0x0000000000464804 <+388>:	add    %r8,%rax
   0x0000000000464807 <+391>:	lea    (%rdi,%r8,1),%r15
   0x000000000046480b <+395>:	add    %rdi,%rax
   0x000000000046480e <+398>:	mov    %rax,(%rsp)
   0x0000000000464812 <+402>:	nopw   0x0(%rax,%rax,1)
   0x0000000000464818 <+408>:	movsbq 0x1ae0(%rsi,%rdx,1),%rax
   0x0000000000464821 <+417>:	movzbl %dl,%r9d
   0x0000000000464825 <+421>:	movq   $0x0,(%rcx)
   0x000000000046482c <+428>:	test   %al,%al
   0x000000000046482e <+430>:	js     0x4648d0 <MissionSetup(char, char)+592>
   0x0000000000464834 <+436>:	cmp    $0x5,%dl
   0x0000000000464837 <+439>:	ja     0x464990 <MissionSetup(char, char)+784>
   0x000000000046483d <+445>:	jmpq   *0x4aa2a0(,%r9,8)
   0x0000000000464845 <+453>:	nopl   (%rax)
   0x0000000000464848 <+456>:	sub    $0x1,%eax
   0x000000000046484b <+459>:	movsbq %al,%r9
   0x000000000046484f <+463>:	cmp    $0x3,%al
   0x0000000000464851 <+465>:	jg     0x464a38 <MissionSetup(char, char)+952>
   0x0000000000464857 <+471>:	imul   $0x3a,%r9,%r9
   0x000000000046485b <+475>:	movsbq %al,%rax
   0x000000000046485f <+479>:	imul   $0x3a,%rax,%rax
   0x0000000000464863 <+483>:	add    %r8,%r9
   0x0000000000464866 <+486>:	add    %rdi,%r9
   0x0000000000464869 <+489>:	add    %rbp,%rax
   0x000000000046486c <+492>:	movzbl 0x486(%r9),%r10d
   0x0000000000464874 <+500>:	add    %rdi,%rax
   0x0000000000464877 <+503>:	mov    %rax,0x63882(%rip)        # 0x4c8100 <MH+32>
   0x000000000046487e <+510>:	test   %r10b,%r10b
   0x0000000000464881 <+513>:	jle    0x46488e <MissionSetup(char, char)+526>
   0x0000000000464883 <+515>:	sub    $0x1,%r10d
   0x0000000000464887 <+519>:	mov    %r10b,0x486(%r9)
   0x000000000046488e <+526>:	addb   $0x1,0x29(%rax)
   0x0000000000464892 <+530>:	nopw   0x0(%rax,%rax,1)
   0x0000000000464898 <+536>:	mov    (%rcx),%rax
   0x000000000046489b <+539>:	test   %rax,%rax
   0x000000000046489e <+542>:	je     0x4648d0 <MissionSetup(char, char)+592>
=> 0x00000000004648a0 <+544>:	movzbl 0x36(%rax),%r9d
   0x00000000004648a5 <+549>:	add    %r9b,0x32(%rax)
   0x00000000004648a9 <+553>:	mov    (%rcx),%rax
   0x00000000004648ac <+556>:	movsbw 0x32(%rax),%r9w
   0x00000000004648b2 <+562>:	add    0x16(%rax),%r9w
   0x00000000004648b7 <+567>:	mov    %r9w,0x18(%rax)
   0x00000000004648bc <+572>:	mov    (%rcx),%rax
   0x00000000004648bf <+575>:	cmpb   $0x34,0x15(%rax)
   0x00000000004648c3 <+579>:	jle    0x4648d0 <MissionSetup(char, char)+592>
   0x00000000004648c5 <+581>:	cmp    $0x2,%dl
   0x00000000004648c8 <+584>:	je     0x4649f0 <MissionSetup(char, char)+880>
   0x00000000004648ce <+590>:	xchg   %ax,%ax
   0x00000000004648d0 <+592>:	add    $0x1,%rdx
   0x00000000004648d4 <+596>:	add    $0x8,%rcx
   0x00000000004648d8 <+600>:	jmpq   0x464818 <MissionSetup(char, char)+408>
   0x00000000004648dd <+605>:	nopl   (%rax)
   0x00000000004648e0 <+608>:	cmp    $0x4,%al
   0x00000000004648e2 <+610>:	je     0x464aa8 <MissionSetup(char, char)+1064>
   0x00000000004648e8 <+616>:	movsbq %al,%r9
   0x00000000004648ec <+620>:	imul   $0x3a,%rax,%rax
   0x00000000004648f0 <+624>:	imul   $0x3a,%r9,%r9
   0x00000000004648f4 <+628>:	add    %r8,%rax
   0x00000000004648f7 <+631>:	add    %r13,%r9
   0x00000000004648fa <+634>:	add    %rdi,%rax
   0x00000000004648fd <+637>:	add    %rdi,%r9
   0x0000000000464900 <+640>:	addb   $0x1,0x2f3(%rax)
   0x0000000000464907 <+647>:	mov    %r9,0x637ea(%rip)        # 0x4c80f8 <MH+24>
   0x000000000046490e <+654>:	movzbl 0x2f0(%rax),%r9d
   0x0000000000464916 <+662>:	test   %r9b,%r9b
   0x0000000000464919 <+665>:	jle    0x464898 <MissionSetup(char, char)+536>
   0x000000000046491f <+671>:	sub    $0x1,%r9d
   0x0000000000464923 <+675>:	mov    %r9b,0x2f0(%rax)
   0x000000000046492a <+682>:	jmpq   0x464898 <MissionSetup(char, char)+536>
   0x000000000046492f <+687>:	nop
   0x0000000000464930 <+688>:	movsbq %al,%r9
   0x0000000000464934 <+692>:	imul   $0x3a,%rax,%rax
   0x0000000000464938 <+696>:	imul   $0x3a,%r9,%r9
   0x000000000046493c <+700>:	add    %r8,%rax
   0x000000000046493f <+703>:	add    %rdi,%rax
   0x0000000000464942 <+706>:	add    %r11,%r9
   0x0000000000464945 <+709>:	movzbl 0x7b2(%rax),%r10d
   0x000000000046494d <+717>:	add    %rdi,%r9
   0x0000000000464950 <+720>:	mov    %r9,0x63791(%rip)        # 0x4c80e8 <MH+8>
   0x0000000000464957 <+727>:	test   %r10b,%r10b
   0x000000000046495a <+730>:	je     0x464967 <MissionSetup(char, char)+743>
   0x000000000046495c <+732>:	sub    $0x1,%r10d
   0x0000000000464960 <+736>:	mov    %r10b,0x7b2(%rax)
   0x0000000000464967 <+743>:	addb   $0x1,0x29(%r9)
   0x000000000046496c <+748>:	jmpq   0x464898 <MissionSetup(char, char)+536>
   0x0000000000464971 <+753>:	nopl   0x0(%rax)
   0x0000000000464978 <+760>:	mov    0x8(%rsp),%rax
   0x000000000046497d <+765>:	mov    %rax,0x63784(%rip)        # 0x4c8108 <MH+40>
   0x0000000000464984 <+772>:	mov    (%rcx),%rax
   0x0000000000464987 <+775>:	jmpq   0x4648a0 <MissionSetup(char, char)+544>
   0x000000000046498c <+780>:	nopl   0x0(%rax)
   0x0000000000464990 <+784>:	movsbq %al,%r9
   0x0000000000464994 <+788>:	movsbq %al,%r10
   0x0000000000464998 <+792>:	imul   $0x3a,%r9,%r9
   0x000000000046499c <+796>:	imul   $0x3a,%r10,%r10
   0x00000000004649a0 <+800>:	add    %rbx,%r9
   0x00000000004649a3 <+803>:	add    %r8,%r10
   0x00000000004649a6 <+806>:	add    %rdi,%r9
   0x00000000004649a9 <+809>:	add    %rdi,%r10
   0x00000000004649ac <+812>:	mov    %r9,(%rcx)
   0x00000000004649af <+815>:	movzbl 0x61c(%r10),%r12d
   0x00000000004649b7 <+823>:	cmp    $0x3,%al
   0x00000000004649b9 <+825>:	je     0x464967 <MissionSetup(char, char)+743>
   0x00000000004649bb <+827>:	test   %r12b,%r12b
   0x00000000004649be <+830>:	je     0x464967 <MissionSetup(char, char)+743>
   0x00000000004649c0 <+832>:	sub    $0x1,%r12d
   0x00000000004649c4 <+836>:	mov    %r12b,0x61c(%r10)
   0x00000000004649cb <+843>:	mov    (%rcx),%r9
   0x00000000004649ce <+846>:	jmp    0x464967 <MissionSetup(char, char)+743>
   0x00000000004649d0 <+848>:	cmpb   $0x0,0x924(%rdi,%rbp,1)
   0x00000000004649d8 <+856>:	jle    0x464738 <MissionSetup(char, char)+184>
   0x00000000004649de <+862>:	movb   $0x4,0x1ae3(%rax)
   0x00000000004649e5 <+869>:	mov    $0x1,%r14d
   0x00000000004649eb <+875>:	jmpq   0x464738 <MissionSetup(char, char)+184>
   0x00000000004649f0 <+880>:	mov    (%rsp),%r10
   0x00000000004649f4 <+884>:	cmpb   $0x34,0x1add(%r10)
   0x00000000004649fc <+892>:	jle    0x4648d0 <MissionSetup(char, char)+592>
   0x0000000000464a02 <+898>:	movzbl 0x2c9(%r15),%r9d
   0x0000000000464a0a <+906>:	cmp    $0x1,%r9b
   0x0000000000464a0e <+910>:	je     0x464b53 <MissionSetup(char, char)+1235>
   0x0000000000464a14 <+916>:	cmp    $0x2,%r9b
   0x0000000000464a18 <+920>:	je     0x464b49 <MissionSetup(char, char)+1225>
   0x0000000000464a1e <+926>:	test   %r9b,%r9b
   0x0000000000464a21 <+929>:	jne    0x4648d0 <MissionSetup(char, char)+592>
   0x0000000000464a27 <+935>:	subw   $0x9,0x18(%rax)
   0x0000000000464a2c <+940>:	jmpq   0x4648d0 <MissionSetup(char, char)+592>
   0x0000000000464a31 <+945>:	nopl   0x0(%rax)
   0x0000000000464a38 <+952>:	lea    -0x4(%r9),%eax
   0x0000000000464a3c <+956>:	mov    0x18(%rsp),%r10
   0x0000000000464a41 <+961>:	cltq   
   0x0000000000464a43 <+963>:	imul   $0x3a,%rax,%rax
   0x0000000000464a47 <+967>:	mov    %r10,0x636ca(%rip)        # 0x4c8118 <MH+56>
   0x0000000000464a4e <+974>:	add    %rbp,%rax
   0x0000000000464a51 <+977>:	add    %rdi,%rax
   0x0000000000464a54 <+980>:	mov    %rax,0x636a5(%rip)        # 0x4c8100 <MH+32>
   0x0000000000464a5b <+987>:	addb   $0x1,0x29(%rax)
   0x0000000000464a5f <+991>:	mov    0x636b2(%rip),%rax        # 0x4c8118 <MH+56>
   0x0000000000464a66 <+998>:	addb   $0x1,0x29(%rax)
   0x0000000000464a6a <+1002>:	mov    0x6368f(%rip),%r9        # 0x4c8100 <MH+32>
   0x0000000000464a71 <+1009>:	movzbl 0x26(%r9),%eax
   0x0000000000464a76 <+1014>:	test   %al,%al
   0x0000000000464a78 <+1016>:	jle    0x464b30 <MissionSetup(char, char)+1200>
   0x0000000000464a7e <+1022>:	sub    $0x1,%eax
   0x0000000000464a81 <+1025>:	mov    %al,0x26(%r9)
   0x0000000000464a85 <+1029>:	mov    0x6368c(%rip),%r9        # 0x4c8118 <MH+56>
   0x0000000000464a8c <+1036>:	movzbl 0x26(%r9),%eax
   0x0000000000464a91 <+1041>:	test   %al,%al
   0x0000000000464a93 <+1043>:	jle    0x464898 <MissionSetup(char, char)+536>
   0x0000000000464a99 <+1049>:	sub    $0x1,%eax
   0x0000000000464a9c <+1052>:	mov    %al,0x26(%r9)
   0x0000000000464aa0 <+1056>:	jmpq   0x464898 <MissionSetup(char, char)+536>
   0x0000000000464aa5 <+1061>:	nopl   (%rax)
   0x0000000000464aa8 <+1064>:	mov    0x10(%rsp),%rax
   0x0000000000464aad <+1069>:	mov    %rax,0x63644(%rip)        # 0x4c80f8 <MH+24>
   0x0000000000464ab4 <+1076>:	test   %r14b,%r14b
   0x0000000000464ab7 <+1079>:	jne    0x464984 <MissionSetup(char, char)+772>
   0x0000000000464abd <+1085>:	movzbl 0x89a(%r15),%eax
   0x0000000000464ac5 <+1093>:	test   %al,%al
   0x0000000000464ac7 <+1095>:	jle    0x464ad3 <MissionSetup(char, char)+1107>
   0x0000000000464ac9 <+1097>:	sub    $0x1,%eax
   0x0000000000464acc <+1100>:	mov    %al,0x89a(%r15)
   0x0000000000464ad3 <+1107>:	mov    0x10(%rsp),%rax
   0x0000000000464ad8 <+1112>:	addb   $0x1,0x29(%rax)
   0x0000000000464adc <+1116>:	jmpq   0x464898 <MissionSetup(char, char)+536>
   0x0000000000464ae1 <+1121>:	nopl   0x0(%rax)
   0x0000000000464ae8 <+1128>:	cmpb   $0x0,0x1ae2(%rax)
   0x0000000000464aef <+1135>:	js     0x46475e <MissionSetup(char, char)+222>
   0x0000000000464af5 <+1141>:	movb   $0x4,0x1ae3(%rax)
   0x0000000000464afc <+1148>:	mov    $0x1,%r14d
   0x0000000000464b02 <+1154>:	jmpq   0x46475e <MissionSetup(char, char)+222>
   0x0000000000464b07 <+1159>:	cmpb   $0x1,0x62774(%rip)        # 0x4c7282 <DMFake>
   0x0000000000464b0e <+1166>:	jne    0x464b17 <MissionSetup(char, char)+1175>
   0x0000000000464b10 <+1168>:	movb   $0xff,0x1ae3(%rax)
   0x0000000000464b17 <+1175>:	add    $0x28,%rsp
   0x0000000000464b1b <+1179>:	pop    %rbx
   0x0000000000464b1c <+1180>:	pop    %rbp
   0x0000000000464b1d <+1181>:	pop    %r12
   0x0000000000464b1f <+1183>:	pop    %r13
   0x0000000000464b21 <+1185>:	pop    %r14
   0x0000000000464b23 <+1187>:	pop    %r15
   0x0000000000464b25 <+1189>:	retq   
   0x0000000000464b26 <+1190>:	nopw   %cs:0x0(%rax,%rax,1)
   0x0000000000464b30 <+1200>:	mov    0x635e1(%rip),%r9        # 0x4c8118 <MH+56>
   0x0000000000464b37 <+1207>:	movzbl 0x26(%r9),%eax
   0x0000000000464b3c <+1212>:	test   %al,%al
   0x0000000000464b3e <+1214>:	jg     0x464a99 <MissionSetup(char, char)+1049>
   0x0000000000464b44 <+1220>:	jmpq   0x464984 <MissionSetup(char, char)+772>
   0x0000000000464b49 <+1225>:	subw   $0x3,0x18(%rax)
   0x0000000000464b4e <+1230>:	jmpq   0x4648d0 <MissionSetup(char, char)+592>
   0x0000000000464b53 <+1235>:	subw   $0x6,0x18(%rax)
   0x0000000000464b58 <+1240>:	jmpq   0x4648d0 <MissionSetup(char, char)+592>

(gdb) info registers
rax            0x0                 0
rbx            0x4296              17046
rcx            0x4c8908            5015816
rdx            0x105               261
rsi            0x570360            5702496
rdi            0x56c6c0            5686976
rbp            0x4100              0x4100
rsp            0x7fffffffcec0      0x7fffffffcec0
r8             0x3ca0              15520
r9             0x5                 5
r10            0x0                 0
r11            0x442c              17452
r12            0x0                 0
r13            0x3f6a              16234
r14            0x0                 0
r15            0x570360            5702496
rip            0x4648a0            0x4648a0 <MissionSetup(char, char)+544>
eflags         0x210246            [ PF ZF IF RF ID ]
cs             0x33                51
ss             0x2b                43
ds             0x0                 0
es             0x0                 0
fs             0x0                 0
gs             0x0                 0

Code generated by clang includes after je nopw and nop instruction. Just in case it might be related to CPU, attaching CPU info. Guessing it might be related to prefetching instructions?

$ cat /proc/cpuinfo 
processor	: 0
vendor_id	: GenuineIntel
cpu family	: 6
model		: 78
model name	: Intel(R) Core(TM) i7-6600U CPU @ 2.60GHz
stepping	: 3
microcode	: 0xcc
cpu MHz		: 500.004
cache size	: 4096 KB
physical id	: 0
siblings	: 4
core id		: 0
cpu cores	: 2
apicid		: 0
initial apicid	: 0
fpu		: yes
fpu_exception	: yes
cpuid level	: 22
wp		: yes
flags		: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc cpuid aperfmperf tsc_known_freq pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch cpuid_fault epb invpcid_single pti ssbd ibrs ibpb stibp tpr_shadow vnmi flexpriority ept vpid ept_ad fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm mpx rdseed adx smap clflushopt intel_pt xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp md_clear flush_l1d
bugs		: cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass l1tf mds
bogomips	: 5616.00
clflush size	: 64
cache_alignment	: 64
address sizes	: 39 bits physical, 48 bits virtual
power management:

$ uname -a
Linux menpad 5.1.11-200.fc29.x86_64 #1 SMP Mon Jun 17 19:30:44 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux

[pemensik]

Configured with cmake -DBUILD_PHYSFS=OFF -DCMAKE_BUILD_TYPE=RelWithDebInfo ..

[pemensik]

It seems to be compiler issue. I worked around this problem by using clang instead of gcc. Works nice with it. Does not fix the issue, but provides optimized version.

[peyre]

Good work, Petr! I just played a game straight through, and it did not crash at the end. Now if we can just figure out how to avoid the game crashing when you go to Astronaut History (#192).