[Multiplayer]: Level 6 in Fury, Paranoia, crashes on load

0xFADDAD commented 2 weeks ago

Build Version

https://github.com/DescentDevelopers/Descent3/commit/ad42279af2e047172b064301a24207f9085e594e

Operating System Environment

[ ] Microsoft Windows (32-bit)
[ ] Microsoft Windows (64-bit)
[ ] Mac OS X
[X] Linux (specify distribution and version below)

CPU Environment

[ ] x86 (32-bit Intel/AMD)
[X] x86_64 (64-bit Intel/AMD)
[ ] ARM (32-bit)
[ ] ARM64 (64-bit; sometimes called AArch64)
[ ] Other (RISC V, PPC...)

Game Modes Affected

[ ] Single player
[X] Anarchy
[ ] Hyper-Anarchy
[ ] Robo-Anarchy
[ ] Team Anarchy
[ ] Capture the Flag
[ ] Bounty
[ ] Entropy
[ ] Hoard
[ ] Monsterball
[ ] Cooperative

Game Environment

Level 6 in Fury.mn3 AKA Paranoia

Description

Level 5, Taurus ends, loads Level 6 to 100 percent, then terminates with SIG11

Regression Status

No response

Steps to Reproduce

Start multiplayer game, (TCP/IP and PXO) in-game or dedicated server, load level 6 of Fury.mn3. Log file attached d3.log

notimaginative commented 2 weeks ago

Adding some additional context from a quick debug (macOS, arm64):

Inside of FindPlayerStarts() (Player.cpp:1232) there is this line which sets the start room to -2147473471: Players[Objects[i].id].start_roomnum = Objects[i].roomnum; (i in this case was 59)

And later in PlayerGetRandomStartPosition() (Player.cpp:1347) it tries to access an array with this bogus value: objnum = Terrain_seg[Players[num].start_roomnum].objects; (num in this case was 13)

Backtrace of crash:

* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0xfffffff700a085d0)
  * frame #0: 0x00000001001aa5a4 Descent3`PlayerGetRandomStartPosition(slot=0) at Player.cpp:1347:58
    frame #1: 0x000000010014da64 Descent3`MultiDoServerFrame() at multi_server.cpp:2564:39
    frame #2: 0x000000010010e8ac Descent3`MultiDoFrame() at multi.cpp:2246:5
    frame #3: 0x00000001000aa13c Descent3`GameFrame() at GameLoop.cpp:3076:3
    frame #4: 0x00000001000b24a0 Descent3`GameFrameUI() at gamesequence.cpp:2024:3
    frame #5: 0x00000001135cc610 Anarchy.d3m`WaitForPlayersCallback() at dmfcui.cpp:758:5
    frame #6: 0x000000010015c47c Descent3`DoUIFrame() at newui_core.cpp:618:7
    frame #7: 0x00000001001424e8 Descent3`PollUI() at multi_dll_mgr.cpp:815:3
    frame #8: 0x00000001135cccc8 Anarchy.d3m`DMFCBase::DoDMFCUIWaitForPlayers(this=0x000000014ff36800, clients_wait=true) at dmfcui.cpp:836:11
    frame #9: 0x00000001135b1ecc Anarchy.d3m`DMFCBase::OnClientShowUI(this=0x000000014ff36800, id=61153, user_data=0x0000000000000000) at dmfcclient.cpp:1009:5
    frame #10: 0x00000001135cf0b8 Anarchy.d3m`DMFCBase::CallOnClientShowUI(this=0x000000014ff36800, id=61153, user_data=0x0000000000000000) at dmfcvirtual.cpp:687:5
    frame #11: 0x00000001135cfc94 Anarchy.d3m`DMFCBase::TranslateEvent(this=0x000000014ff36800, eventnum=1561, data=0x00000001003e4270) at dmfcvirtual.cpp:956:7
    frame #12: 0x0000000113594954 Anarchy.d3m`DLLGameCall(eventnum=1561, data=0x00000001003e4270) at Anarchy.h:99:13
    frame #13: 0x000000010009914c Descent3`CallGameDLL(eventnum=1561, data=0x00000001003e4270) at Game2DLL.cpp:735:5
    frame #14: 0x00000001000afbf0 Descent3`RunGameMenu() at gamesequence.cpp:2154:7
    frame #15: 0x00000001000aecdc Descent3`GameSequencer() at gamesequence.cpp:1219:9
    frame #16: 0x0000000100083db8 Descent3`PlayGame() at game.cpp:834:5
    frame #17: 0x0000000100071cfc Descent3`MainLoop() at descent.cpp:558:7
    frame #18: 0x00000001000717ac Descent3`Descent3() at descent.cpp:513:5
    frame #19: 0x0000000100232168 Descent3`oeD3LnxApp::run(this=0x000000016fdfebf0) at lnxmain.cpp:229:16
    frame #20: 0x00000001002320a0 Descent3`main(argc=9, argv=0x000000016fdfeec0) at lnxmain.cpp:625:10
    frame #21: 0x0000000181cb20e0 dyld`start + 2360

Backtrace of watchpoint (Players[13].start_roomnum):

* thread #1, queue = 'com.apple.main-thread', stop reason = watchpoint 2
  * frame #0: 0x00000001001a9ac0 Descent3`FindPlayerStarts() at Player.cpp:1233:53
    frame #1: 0x00000001000f1020 Descent3`LoadLevel(filename="Paranoia.d3l", cb_fn=0x0000000000000000) at LoadLevel.cpp:4064:3
    frame #2: 0x00000001001062b8 Descent3`LoadMissionLevel(level=6) at Mission.cpp:1286:8
    frame #3: 0x00000001000af5ec Descent3`LoadAndStartCurrentLevel() at gamesequence.cpp:1674:8
    frame #4: 0x00000001000aec34 Descent3`GameSequencer() at gamesequence.cpp:1198:33
    frame #5: 0x0000000100083db8 Descent3`PlayGame() at game.cpp:834:5
    frame #6: 0x0000000100071cfc Descent3`MainLoop() at descent.cpp:558:7
    frame #7: 0x00000001000717ac Descent3`Descent3() at descent.cpp:513:5
    frame #8: 0x0000000100232168 Descent3`oeD3LnxApp::run(this=0x000000016fdfebf0) at lnxmain.cpp:229:16
    frame #9: 0x00000001002320a0 Descent3`main(argc=9, argv=0x000000016fdfeec0) at lnxmain.cpp:625:10
    frame #10: 0x0000000181cb20e0 dyld`start + 2360

0xFADDAD commented 2 weeks ago

This also happens when running a CTF game on the Bedlam.mn3 level set. Level 2, Plutonium, the red team first player spawn will trigger the crash. If you start the match on level 1, change team to any other three, end the level and load in level 2, you can spawn successfully. Now, if you switch teams to red team, you will attempt to spawn at the first red team position and crash the server.

DescentDevelopers / Descent3