Open andefoo opened 2 years ago
@garrynewman any idea what could possibly cause this or what could be tried as a workaround? This seems to be a very rare issue but still sometimes happens, and with the same callstack as above.
The only key value pair array for filter should be empty as no AddFilter is called. Still, marshalling it sometimes crashes as if filters reference had become garbage. But I don't know why that would happen and the same pattern is used elsewhere, too. Related Facepunch code below:
public class Internet : Base
{
internal override void LaunchQuery()
{
var filters = GetFilters();
request = Internal.RequestInternetServerList( AppId.Value, ref filters, (uint)filters.Length, IntPtr.Zero );
}
}
This hadn't happened in a while and I was hoping it to have been fixed, but no, still happening here:
0x00007FF9ED30BFC3 (GameAssembly) [C:\Program Files\Unity\Hub\Editor\2021.3.16f1\Editor\Data\il2cpp\libil2cpp\vm\String.cpp:68] il2cpp::vm::String::NewWrapper
0x00007FF9ED1336F7 (GameAssembly) [C:\p\ts_build\Library\Bee\artifacts\WinPlayerBuildProgram\il2cppOutput\cpp\Facepunch.Steamworks.Win643.cpp:49185]
String.cpp:
Il2CppString* String::New(const char* str)
{
return NewLen(str, (uint32_t)strlen(str)); // This is line 68
}
Facepunch.Steamworks.Win643.cpp:
MatchMakingKeyValuePair_t6F5741A605188A958AF99938D200629244FAD16D_marshal_pinvoke_back(const MatchMakingKeyValuePair_t6F5741A605188A958AF99938D200629244FAD16D_marshaled_pinvoke& marshaled, MatchMakingKeyValuePair_t6F5741A605188A958AF99938D200629244FAD16D& unmarshaled)
{
unmarshaled.___Key_0 = il2cpp_codegen_marshal_string_result(marshaled.___Key_0);
Il2CppCodeGenWriteBarrier((void**)(&unmarshaled.___Key_0), (void*)il2cpp_codegen_marshal_string_result(marshaled.___Key_0));
unmarshaled.___Value_1 = il2cpp_codegen_marshal_string_result(marshaled.___Value_1);
Il2CppCodeGenWriteBarrier((void**)(&unmarshaled.___Value_1), (void*)il2cpp_codegen_marshal_string_result(marshaled.___Value_1)); // This is line 49185
}
Full call stack:
0x00007FF9ED30BFC3 (GameAssembly) [C:\Program Files\Unity\Hub\Editor\2021.3.16f1\Editor\Data\il2cpp\libil2cpp\vm\String.cpp:68] il2cpp::vm::String::NewWrapper
0x00007FF9ED1336F7 (GameAssembly) [C:\p\ts_build\Library\Bee\artifacts\WinPlayerBuildProgram\il2cppOutput\cpp\Facepunch.Steamworks.Win643.cpp:49185] MatchMakingKeyValuePair_t6F5741A605188A958AF99938D200629244FAD16D_marshal_pinvoke_back
0x00007FF9ED6B5F2D (GameAssembly) [C:\p\ts_build\Library\Bee\artifacts\WinPlayerBuildProgram\il2cppOutput\cpp\Facepunch.Steamworks.Win64.cpp:36037] ISteamMatchmakingServers_RequestInternetServerList_mBB536A0F87AE80529C48BBCD9C450C41B4621723
0x00007FF9ED724C69 (GameAssembly) [C:\p\ts_build\Library\Bee\artifacts\WinPlayerBuildProgram\il2cppOutput\cpp\Facepunch.Steamworks.Win643.cpp:27198] Internet_LaunchQuery_m848F6B10086353E066D2100AE8C90C4E5FE120DC
0x00007FF9ED7377A7 (GameAssembly) [C:\p\ts_build\Library\Bee\artifacts\WinPlayerBuildProgram\il2cppOutput\cpp\Facepunch.Steamworks.Win643.cpp:26761] U3CRunQueryAsyncU3Ed__15_MoveNext_m2CFAF729919431B335B5A89F64E374E565884F5A
0x00007FF9ED7531C4 (GameAssembly) [C:\p\ts_build\Library\Bee\artifacts\WinPlayerBuildProgram\il2cppOutput\cpp\GenericMethods.cpp:28409] AsyncTaskMethodBuilder_1_Start_TisU3CRunQueryAsyncU3Ed__15_tB5C649B48401671D7114B2292072DFBE4F3F4F88_m61933FB9BF4F6D865989EC4A98D1C0E2B9B3DD50_gshared
0x00007FF9ED71CB35 (GameAssembly) [C:\p\ts_build\Library\Bee\artifacts\WinPlayerBuildProgram\il2cppOutput\cpp\Facepunch.Steamworks.Win643.cpp:26224] Base_RunQueryAsync_m128987642D6496C3296C7ED34681BE42AEF362F4
0x00007FF9EEC73073 (GameAssembly) [C:\p\ts_build\Library\Bee\artifacts\WinPlayerBuildProgram\il2cppOutput\cpp\TS53.cpp:24466] U3CGetDedicatedServersAsyncU3Ed__6_MoveNext_m0994133333BA06FBCB7921FEE42D365C53AA9046
0x00007FF9ED74FA44 (GameAssembly) [C:\p\ts_build\Library\Bee\artifacts\WinPlayerBuildProgram\il2cppOutput\cpp\GenericMethods.cpp:28905] AsyncTaskMethodBuilder_1_Start_TisU3CGetDedicatedServersAsyncU3Ed__6_tBFBA1C438A6E734AB9479ABE9D1B947FFB25C495_m011D93298A4A86284BEA9D63DA66FAC2F9F35FEF_gshared
0x00007FF9EEC61815 (GameAssembly) [C:\p\ts_build\Library\Bee\artifacts\WinPlayerBuildProgram\il2cppOutput\cpp\TS53.cpp:23449] GetHostsRequest_GetDedicatedServersAsync_m22BCBDA7FBA5C05E318925F343A7AB5F4BB2F74E
0x00007FF9EEC74DD3 (GameAssembly) [C:\p\ts_build\Library\Bee\artifacts\WinPlayerBuildProgram\il2cppOutput\cpp\TS53.cpp:23761] U3CPerformAsyncU3Ed__4_MoveNext_mB8EB1CBDBCA47587426EB54B0E7F0FCD82858CA4
0x00007FF9EE197536 (GameAssembly) [C:\p\ts_build\Library\Bee\artifacts\WinPlayerBuildProgram\il2cppOutput\cpp\mscorlib8.cpp:30239] ExecutionContext_RunInternal_mC37E85D6FC972DF219A00FE1EE34329D1D63CC94
0x00007FF9EE029EB8 (GameAssembly) [C:\p\ts_build\Library\Bee\artifacts\WinPlayerBuildProgram\il2cppOutput\cpp\mscorlib17.cpp:22706] MoveNextRunner_Run_m86395F123FB453F2B5FF89CE1E98532F7426F9DE
0x00007FF9EE1A7599 (GameAssembly) [C:\p\ts_build\Library\Bee\artifacts\WinPlayerBuildProgram\il2cppOutput\cpp\mscorlib9.cpp:27341] AwaitTaskContinuation_RunCallback_m37C4A227BA403A3D28CC94369A8770F1C16AE4E5
0x00007FF9EE1AE83B (GameAssembly) [C:\p\ts_build\Library\Bee\artifacts\WinPlayerBuildProgram\il2cppOutput\cpp\mscorlib9.cpp:26619] SynchronizationContextAwaitTaskContinuation_Run_mE56D2F76E570D6E0DA92816F6121B3F478219B7D
0x00007FF9EE1B444D (GameAssembly) [C:\p\ts_build\Library\Bee\artifacts\WinPlayerBuildProgram\il2cppOutput\cpp\mscorlib9.cpp:23804] Task_FinishContinuations_m21B540B556CDABD76F5985DF83079F7F30C78174
0x00007FF9EDE1C332 (GameAssembly) [C:\p\ts_build\Library\Bee\artifacts\WinPlayerBuildProgram\il2cppOutput\cpp\Generics78.cpp:23887] Task_1_TrySetResult_m7D96FFF8B6137018F187CB09D8E3E2B9F85DAC53_gshared
0x00007FF9EDEF38CE (GameAssembly) [C:\p\ts_build\Library\Bee\artifacts\WinPlayerBuildProgram\il2cppOutput\cpp\Generics9.cpp:10358] AsyncTaskMethodBuilder_1_SetResult_mF21C48FC9CEC24F4E9C5975C54F87BE9CA179046_gshared
0x00007FF9EEC73824 (GameAssembly) [C:\p\ts_build\Library\Bee\artifacts\WinPlayerBuildProgram\il2cppOutput\cpp\TS53.cpp:24317] U3CGetLobbiesAsyncU3Ed__5_MoveNext_m65EF7A0F26851594125A0696C8D7168242FA6938
0x00007FF9EE197536 (GameAssembly) [C:\p\ts_build\Library\Bee\artifacts\WinPlayerBuildProgram\il2cppOutput\cpp\mscorlib8.cpp:30239] ExecutionContext_RunInternal_mC37E85D6FC972DF219A00FE1EE34329D1D63CC94
0x00007FF9EE029EB8 (GameAssembly) [C:\p\ts_build\Library\Bee\artifacts\WinPlayerBuildProgram\il2cppOutput\cpp\mscorlib17.cpp:22706] MoveNextRunner_Run_m86395F123FB453F2B5FF89CE1E98532F7426F9DE
0x00007FF9EE1A7599 (GameAssembly) [C:\p\ts_build\Library\Bee\artifacts\WinPlayerBuildProgram\il2cppOutput\cpp\mscorlib9.cpp:27341] AwaitTaskContinuation_RunCallback_m37C4A227BA403A3D28CC94369A8770F1C16AE4E5
0x00007FF9EE1AE83B (GameAssembly) [C:\p\ts_build\Library\Bee\artifacts\WinPlayerBuildProgram\il2cppOutput\cpp\mscorlib9.cpp:26619] SynchronizationContextAwaitTaskContinuation_Run_mE56D2F76E570D6E0DA92816F6121B3F478219B7D
0x00007FF9EE1B444D (GameAssembly) [C:\p\ts_build\Library\Bee\artifacts\WinPlayerBuildProgram\il2cppOutput\cpp\mscorlib9.cpp:23804] Task_FinishContinuations_m21B540B556CDABD76F5985DF83079F7F30C78174
0x00007FF9EDE1BC2F (GameAssembly) [C:\p\ts_build\Library\Bee\artifacts\WinPlayerBuildProgram\il2cppOutput\cpp\Generics78.cpp:26975] Task_1_TrySetResult_m2EE766FD3F76F4824990F4A93ED1F7253ECE014C_gshared
0x00007FF9EDEF187D (GameAssembly) [C:\p\ts_build\Library\Bee\artifacts\WinPlayerBuildProgram\il2cppOutput\cpp\Generics9.cpp:14116] AsyncTaskMethodBuilder_1_SetResult_m0D83195F995F9825D7A6DCDC3835D6917C43B5A6_gshared
0x00007FF9ED745247 (GameAssembly) [C:\p\ts_build\Library\Bee\artifacts\WinPlayerBuildProgram\il2cppOutput\cpp\Facepunch.Steamworks.Win644.cpp:17194] U3CRequestAsyncU3Ed__19_MoveNext_m03AA839765DF8412A0CC5256023D27B3CC85F765
0x00007FF9EE197536 (GameAssembly) [C:\p\ts_build\Library\Bee\artifacts\WinPlayerBuildProgram\il2cppOutput\cpp\mscorlib8.cpp:30239] ExecutionContext_RunInternal_mC37E85D6FC972DF219A00FE1EE34329D1D63CC94
0x00007FF9EE029EB8 (GameAssembly) [C:\p\ts_build\Library\Bee\artifacts\WinPlayerBuildProgram\il2cppOutput\cpp\mscorlib17.cpp:22706] MoveNextRunner_Run_m86395F123FB453F2B5FF89CE1E98532F7426F9DE
0x00007FF9ED69276D (GameAssembly) [C:\p\ts_build\Library\Bee\artifacts\WinPlayerBuildProgram\il2cppOutput\cpp\Facepunch.Steamworks.Win64.cpp:13323] Dispatch_ProcessCallback_mADD5C771D9678A60B3760EE6EFE8BA8287BD632A
0x00007FF9ED691EBF (GameAssembly) [C:\p\ts_build\Library\Bee\artifacts\WinPlayerBuildProgram\il2cppOutput\cpp\Facepunch.Steamworks.Win64.cpp:13162] Dispatch_Frame_mAEB48A70CF634EB0BD3FC42A1FB7F79A767F32D1
0x00007FF9EE9F6878 (GameAssembly) [C:\p\ts_build\Library\Bee\artifacts\WinPlayerBuildProgram\il2cppOutput\cpp\TS31.cpp:18245] ApplicationManager_Update_m501EBD2AE6A0AD79A886EC5C9C7F01A91994B324
0x00007FF9ED332216 (GameAssembly) [C:\Program Files\Unity\Hub\Editor\2021.3.16f1\Editor\Data\il2cpp\libil2cpp\vm\Runtime.cpp:568] il2cpp::vm::Runtime::InvokeWithThrow
0x00007FF9ED331CC9 (GameAssembly) [C:\Program Files\Unity\Hub\Editor\2021.3.16f1\Editor\Data\il2cpp\libil2cpp\vm\Runtime.cpp:553] il2cpp::vm::Runtime::Invoke
I opened the dump with VS and managed to get some extra info.
When MatchMakingKeyValuePair_t6F5741A605188A958AF99938D200629244FAD16D_marshal_pinvoke_back is called, its parameter "marshalled" is already non-null garbage.
Could it be this is some IL2CPP or marshalling bug related to marshalling empty arrays of structs?
When this is called, ___1_ppchFilters is a non-null pointer (can't see the length but assuming it is 0):
// Steamworks.Data.HServerListRequest Steamworks.ISteamMatchmakingServers::RequestInternetServerList(Steamworks.AppId,Steamworks.Data.MatchMakingKeyValuePair[]&,System.UInt32,System.IntPtr)
IL2CPP_EXTERN_C IL2CPP_METHOD_ATTR HServerListRequest_t9E49778C7935F697113920E97DD0DE7DC3CA2F51 ISteamMatchmakingServers_RequestInternetServerList_mBB536A0F87AE80529C48BBCD9C450C41B4621723 (ISteamMatchmakingServers_tEBD49134A036D782F07303D6B403D47F655D3D6D* __this, AppId_tBB9174ED68D7F074002CF2803CA358603C6E6101 ___0_iApp, MatchMakingKeyValuePairU5BU5D_t26C117096D31B62DBB9E07C303A000445C028A90** ___1_ppchFilters, uint32_t ___2_nFilters, intptr_t ___3_pRequestServersResponse, const RuntimeMethod* method)
{
{
// var returnValue = _RequestInternetServerList( Self, iApp, ref ppchFilters, nFilters, pRequestServersResponse );
intptr_t L_0 = ((SteamInterface_tD1E595D0A00371EA21179642B0137AA043827838*)__this)->___Self_0;
AppId_tBB9174ED68D7F074002CF2803CA358603C6E6101 L_1 = ___0_iApp;
MatchMakingKeyValuePairU5BU5D_t26C117096D31B62DBB9E07C303A000445C028A90** L_2 = ___1_ppchFilters;
uint32_t L_3 = ___2_nFilters;
intptr_t L_4 = ___3_pRequestServersResponse;
HServerListRequest_t9E49778C7935F697113920E97DD0DE7DC3CA2F51 L_5;
L_5 = ISteamMatchmakingServers__RequestInternetServerList_m884D03C2576B8E9B4D88DD18247D0E89EA5E6352(L_0, L_1, L_2, L_3, L_4, NULL);
// return returnValue;
return L_5;
}
}
The next function is quite unreadable, but something goes wrong and it thinks the length of the array is more than 0 since it calls MatchMakingKeyValuePair_t6F5741A605188A958AF99938D200629244FAD16D_marshal_pinvoke_back in the end and crashes.
// Steamworks.Data.HServerListRequest Steamworks.ISteamMatchmakingServers::_RequestInternetServerList(System.IntPtr,Steamworks.AppId,Steamworks.Data.MatchMakingKeyValuePair[]&,System.UInt32,System.IntPtr)
IL2CPP_EXTERN_C IL2CPP_METHOD_ATTR HServerListRequest_t9E49778C7935F697113920E97DD0DE7DC3CA2F51 ISteamMatchmakingServers__RequestInternetServerList_m884D03C2576B8E9B4D88DD18247D0E89EA5E6352 (intptr_t ___0_self, AppId_tBB9174ED68D7F074002CF2803CA358603C6E6101 ___1_iApp, MatchMakingKeyValuePairU5BU5D_t26C117096D31B62DBB9E07C303A000445C028A90** ___2_ppchFilters, uint32_t ___3_nFilters, intptr_t ___4_pRequestServersResponse, const RuntimeMethod* method)
{
static bool s_Il2CppMethodInitialized;
if (!s_Il2CppMethodInitialized)
{
il2cpp_codegen_initialize_runtime_metadata((uintptr_t*)&MatchMakingKeyValuePairU5BU5D_t26C117096D31B62DBB9E07C303A000445C028A90_il2cpp_TypeInfo_var);
s_Il2CppMethodInitialized = true;
}
typedef HServerListRequest_t9E49778C7935F697113920E97DD0DE7DC3CA2F51 (CDECL *PInvokeFunc) (intptr_t, AppId_tBB9174ED68D7F074002CF2803CA358603C6E6101, MatchMakingKeyValuePair_t6F5741A605188A958AF99938D200629244FAD16D_marshaled_pinvoke**, uint32_t, intptr_t);
#if !FORCE_PINVOKE_INTERNAL && !FORCE_PINVOKE_steam_api64_INTERNAL
static PInvokeFunc il2cppPInvokeFunc;
if (il2cppPInvokeFunc == NULL)
{
int parameterSize = sizeof(intptr_t) + sizeof(AppId_tBB9174ED68D7F074002CF2803CA358603C6E6101) + sizeof(MatchMakingKeyValuePair_t6F5741A605188A958AF99938D200629244FAD16D_marshaled_pinvoke**) + sizeof(uint32_t) + sizeof(intptr_t);
il2cppPInvokeFunc = il2cpp_codegen_resolve_pinvoke<PInvokeFunc>(IL2CPP_NATIVE_STRING("steam_api64"), "SteamAPI_ISteamMatchmakingServers_RequestInternetServerList", IL2CPP_CALL_C, CHARSET_NOT_SPECIFIED, parameterSize, false);
IL2CPP_ASSERT(il2cppPInvokeFunc != NULL);
}
#endif
// Marshaling of parameter '___2_ppchFilters' to native representation
MatchMakingKeyValuePair_t6F5741A605188A958AF99938D200629244FAD16D_marshaled_pinvoke** ____2_ppchFilters_marshaled = NULL;
MatchMakingKeyValuePair_t6F5741A605188A958AF99938D200629244FAD16D_marshaled_pinvoke* ____2_ppchFilters_marshaled_dereferenced = NULL;
if (*___2_ppchFilters != NULL)
{
il2cpp_array_size_t ____2_ppchFilters_Length = (*___2_ppchFilters)->max_length;
____2_ppchFilters_marshaled_dereferenced = il2cpp_codegen_marshal_allocate_array<MatchMakingKeyValuePair_t6F5741A605188A958AF99938D200629244FAD16D_marshaled_pinvoke>(____2_ppchFilters_Length);
for (int32_t i = 0; i < ARRAY_LENGTH_AS_INT32(____2_ppchFilters_Length); i++)
{
MatchMakingKeyValuePair_t6F5741A605188A958AF99938D200629244FAD16D_marshal_pinvoke((*___2_ppchFilters)->GetAtUnchecked(static_cast<il2cpp_array_size_t>(i)), (____2_ppchFilters_marshaled_dereferenced)[i]);
}
}
else
{
____2_ppchFilters_marshaled_dereferenced = NULL;
}
____2_ppchFilters_marshaled = &____2_ppchFilters_marshaled_dereferenced;
// Native function invocation
#if FORCE_PINVOKE_INTERNAL || FORCE_PINVOKE_steam_api64_INTERNAL
HServerListRequest_t9E49778C7935F697113920E97DD0DE7DC3CA2F51 returnValue = reinterpret_cast<PInvokeFunc>(SteamAPI_ISteamMatchmakingServers_RequestInternetServerList)(___0_self, ___1_iApp, ____2_ppchFilters_marshaled, ___3_nFilters, ___4_pRequestServersResponse);
#else
HServerListRequest_t9E49778C7935F697113920E97DD0DE7DC3CA2F51 returnValue = il2cppPInvokeFunc(___0_self, ___1_iApp, ____2_ppchFilters_marshaled, ___3_nFilters, ___4_pRequestServersResponse);
#endif
// Marshaling of parameter '___2_ppchFilters' back from native representation
MatchMakingKeyValuePairU5BU5D_t26C117096D31B62DBB9E07C303A000445C028A90* _____2_ppchFilters_marshaled_unmarshaled_dereferenced = NULL;
if (*____2_ppchFilters_marshaled != NULL)
{
if (_____2_ppchFilters_marshaled_unmarshaled_dereferenced == NULL)
{
_____2_ppchFilters_marshaled_unmarshaled_dereferenced = reinterpret_cast<MatchMakingKeyValuePairU5BU5D_t26C117096D31B62DBB9E07C303A000445C028A90*>((MatchMakingKeyValuePairU5BU5D_t26C117096D31B62DBB9E07C303A000445C028A90*)SZArrayNew(MatchMakingKeyValuePairU5BU5D_t26C117096D31B62DBB9E07C303A000445C028A90_il2cpp_TypeInfo_var, 1));
}
il2cpp_array_size_t _arrayLength = (_____2_ppchFilters_marshaled_unmarshaled_dereferenced)->max_length;
for (int32_t i = 0; i < ARRAY_LENGTH_AS_INT32(_arrayLength); i++)
{
MatchMakingKeyValuePair_t6F5741A605188A958AF99938D200629244FAD16D _____2_ppchFilters_marshaled_i__unmarshaled;
memset((&_____2_ppchFilters_marshaled_i__unmarshaled), 0, sizeof(_____2_ppchFilters_marshaled_i__unmarshaled));
MatchMakingKeyValuePair_t6F5741A605188A958AF99938D200629244FAD16D_marshal_pinvoke_back((*____2_ppchFilters_marshaled)[i], _____2_ppchFilters_marshaled_i__unmarshaled); // This gets called and crashes
(_____2_ppchFilters_marshaled_unmarshaled_dereferenced)->SetAtUnchecked(static_cast<il2cpp_array_size_t>(i), _____2_ppchFilters_marshaled_i__unmarshaled);
}
}
*___2_ppchFilters = _____2_ppchFilters_marshaled_unmarshaled_dereferenced;
Il2CppCodeGenWriteBarrier((void**)___2_ppchFilters, (void*)____2_ppchFilters_marshaled);
return returnValue;
}
Opened a thread on Unity forums, too:
https://forum.unity.com/threads/il2cpp-marshalling-issue-with-an-empty-arrays-of-structs.1423185/
Describe the bug
One player managed to crash the game by querying servers in the host list (having refreshed the list several times). I have not managed to reproduce it, but I got the dump file and according to it, the game crashed in il2cpp::vm::String::New when creating a MatchmakingKeyValuePair.
Not sure if this is a Unity, IL2CPP, Steam or Facepunch.Steamworks bug. Any ideas?
Crash text and relevant part of the callstack:
Unhandled exception at 0x00007FFCEE28EC13 (GameAssembly.dll) in crash.dmp: 0xC0000005: Access violation reading location 0x000002219D1AF030.
To Reproduce Query for the server list several times. There were around 9 servers in the list when this happened. Couldn't be reproduced so this is probably something rare.
Calling Code
Expected behavior No crashing ever.
Desktop (please complete the following information):