game.merge_forces null pointer deref

slippycheeze · Post by **slippycheeze** » Tue Jun 02, 2020 11:22 pm

G'day. In cleaning up (manually) after trying out the "biter factions" mod I used `/c game.merge_factions("biter_facter_5", "enemy")` to merge the factions the mod added ("biter_faction_1" through "biter_faction_5") back into the normal enemies.

This pretty reliably caused a null ptr deref for me if done just after loading the save. A couple times the second merge caused the null ptr issue. My guess is that there are a bunch of biters fighting each other, and something (pathfinder, entity updates, and particle updates all very active at this time) is not coping with the related force going away.

crashdump and log at https://drive.google.com/file/d/1dejlW9 ... sp=sharing

update: if I changed my actions to kill all units first, no crash:

Code: Select all

game.factions["biter_faction_5".kill_all_units()   -- omit me, and witness the null ptr deref
game.merge_factions("biter_faction_5", "enemy")
game.factions["biter_faction_4".kill_all_units()   -- omit me, and witness the null ptr deref
game.merge_factions("biter_faction_4", "enemy")
game.factions["biter_faction_3".kill_all_units()   -- omit me, and witness the null ptr deref
game.merge_factions("biter_faction_3", "enemy")
game.factions["biter_faction_2".kill_all_units()   -- omit me, and witness the null ptr deref
game.merge_factions("biter_faction_2", "enemy")
game.factions["biter_faction_1".kill_all_units()   -- omit me, and witness the null ptr deref
game.merge_factions("biter_faction_1", "enemy")

Code: Select all

   90.118 Time travel logging:
  58.924 Popped blueprint record (player-index: 0, ID: 179) from book (player-index: 0, ID: 102)
  58.924 Popped blueprint record (player-index: 0, ID: 190) from book (player-index: 0, ID: 102)
  58.924 Popped blueprint record (player-index: 0, ID: 203) from book (player-index: 0, ID: 102)
  58.924 Popped blueprint record (player-index: 0, ID: 181) from book (player-index: 0, ID: 102)
  58.924 Popped blueprint record (player-index: 0, ID: 188) from book (player-index: 0, ID: 102)
  58.924 Popped blueprint record (player-index: 0, ID: 178) from book (player-index: 0, ID: 102)
  58.924 Popped blueprint record (player-index: 0, ID: 225) from book (player-index: 0, ID: 216)
  65.998 Popped blueprint record (player-index: 0, ID: 102)
  77.881 Player 0 ran command: game.print(game.forces[8].name)
  90.014 Player 0 ran command: game.merge_forces("biter_faction_5", "enemy")
  90.118 Error CrashHandler.cpp:481: Exception Code: c0000005, Address: 0x00007ff64a7c1555
ModuleBase: 0x00007ff64a760000, ImageSize: 01b22000, RelativeAddress: 00061555
  90.118 Error CrashHandler.cpp:487: Access Violation: Read at address 0000000000000028
  90.118 Error CrashHandler.cpp:501: Exception Context:
rax=0000000000000000, rbx=000001c6afe6e3a0, rcx=000001c6afe6e3a0,
rdx=0000000000000006, rsi=0000000000000000, rdi=0000000000000028,
rip=00007ff64a7c1555, rsp=00000028602fdf10, rbp=00007ff64bac47d0,
 r8=0000000000000009,  r9=0000000000000009, r10=0000000000000009,
r11=00000028602fdfd0, r12=000001c6b62deab0, r13=000001c6ad86b180,
r14=000001c6cc603340, r15=000001c6c83ce010
  90.118 Crashed in C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\Factorio.exe (0x00007ff64a760000 - 0x00007ff64c282000)
Factorio crashed. Generating symbolized stacktrace, please wait ...
c:\cygwin64\tmp\factorio-build-txufz1\libraries\stackwalker\stackwalker.cpp (924): StackWalker::ShowCallstack
c:\cygwin64\tmp\factorio-build-txufz1\src\util\logger.cpp (542): Logger::writeStacktrace
c:\cygwin64\tmp\factorio-build-txufz1\src\util\logger.cpp (549): Logger::logStacktrace
c:\cygwin64\tmp\factorio-build-txufz1\src\util\crashhandler.cpp (185): CrashHandler::writeStackTrace
c:\cygwin64\tmp\factorio-build-txufz1\src\util\crashhandler.cpp (530): CrashHandler::SehHandler
ERROR: SymGetLineFromAddr64, GetLastError: 487 (Address: 00007FFBDB5AFEEA)
00007FFBDB5AFEEA (KERNELBASE): (filename not available): UnhandledExceptionFilter
ERROR: SymGetLineFromAddr64, GetLastError: 487 (Address: 00007FFBDE4C4AB2)
00007FFBDE4C4AB2 (ntdll): (filename not available): memset
ERROR: SymGetLineFromAddr64, GetLastError: 487 (Address: 00007FFBDE4AC656)
00007FFBDE4AC656 (ntdll): (filename not available): _C_specific_handler
ERROR: SymGetLineFromAddr64, GetLastError: 487 (Address: 00007FFBDE4C11CF)
00007FFBDE4C11CF (ntdll): (filename not available): _chkstk
ERROR: SymGetLineFromAddr64, GetLastError: 487 (Address: 00007FFBDE48A209)
00007FFBDE48A209 (ntdll): (filename not available): RtlRaiseException
ERROR: SymGetLineFromAddr64, GetLastError: 487 (Address: 00007FFBDE4BFE3E)
00007FFBDE4BFE3E (ntdll): (filename not available): KiUserExceptionDispatcher
c:\cygwin64\tmp\factorio-build-txufz1\src\ai\pathfinder.cpp (504): PathFinder::releasePath
ERROR: SymGetLineFromAddr64, GetLastError: 487 (Address: 00007FF64A7ACE73)
00007FF64A7ACE73 (Factorio): (filename not available): GotoBehavior::~GotoBehavior
ERROR: SymGetLineFromAddr64, GetLastError: 487 (Address: 00007FF64A79D275)
00007FF64A79D275 (Factorio): (filename not available): BuildBaseBehavior::`scalar deleting destructor'
c:\cygwin64\tmp\factorio-build-txufz1\src\ai\commandable.cpp (421): Commandable::clear
c:\cygwin64\tmp\factorio-build-txufz1\src\ai\unitgroup.cpp (115): UnitGroup::~UnitGroup
ERROR: SymGetLineFromAddr64, GetLastError: 487 (Address: 00007FF64B0AABCF)
00007FF64B0AABCF (Factorio): (filename not available): Commander::`scalar deleting destructor'
c:\cygwin64\tmp\factorio-build-txufz1\src\force\forcemanager.cpp (154): ForceManager::deleteForce
c:\cygwin64\tmp\factorio-build-txufz1\src\force\forcemanager.cpp (366): ForceManager::processForceDeleteRequests
c:\cygwin64\tmp\factorio-build-txufz1\src\map\map.cpp (1819): Map::postUpdate
c:\cygwin64\tmp\factorio-build-txufz1\src\scenario\scenario.cpp (1126): Scenario::postUpdate
c:\cygwin64\tmp\factorio-build-txufz1\src\mainloop.cpp (1174): MainLoop::gameUpdateStep
c:\cygwin64\tmp\factorio-build-txufz1\src\mainloop.cpp (1040): MainLoop::gameUpdateLoop
c:\cygwin64\tmp\factorio-build-txufz1\src\util\workerthread.cpp (49): WorkerThread::loop
c:\program files (x86)\microsoft visual studio\2017\buildtools\vc\tools\msvc\14.15.26726\include\thr\xthread (230): std::_LaunchPad<std::unique_ptr<std::tuple<void (__cdecl RazerChromaController::*)(void),RazerChromaController *>,std::default_delete<std::tuple<void (__cdecl RazerChromaController::*)(void),RazerChromaController *> > > >::_Go
c:\program files (x86)\microsoft visual studio\2017\buildtools\vc\tools\msvc\14.15.26726\include\thr\xthread (209): std::_Pad::_Call_func
minkernel\crts\ucrt\src\appcrt\startup\thread.cpp (115): thread_start<unsigned int (__cdecl*)(void * __ptr64)>
ERROR: SymGetLineFromAddr64, GetLastError: 487 (Address: 00007FFBDD6D7BD4)
00007FFBDD6D7BD4 (KERNEL32): (filename not available): BaseThreadInitThunk
ERROR: SymGetLineFromAddr64, GetLastError: 487 (Address: 00007FFBDE48CE51)
00007FFBDE48CE51 (ntdll): (filename not available): RtlUserThreadStart
Stack trace logging done
  92.022 Error CrashHandler.cpp:190: Map tick at moment of crash: 10182096
  92.022 Error Util.cpp:97: Unexpected error occurred. If you're running the latest version of the game you can help us solve the problem by posting the contents of the log file on the Factorio forums.
Please also include the save file(s), any mods you may be using, and any steps you know of to reproduce the crash.
 102.483 Uploading log file
 102.497 Error CrashHandler.cpp:259: Heap validation: success.
 102.498 Creating crash dump.
 102.738 CrashDump success

Post by **posila** » Wed Jun 03, 2020 11:21 am

Hello, can you please also upload your save file that I could use to easily reproduce this?

slippycheeze · Post by **slippycheeze** » Wed Jun 03, 2020 10:31 pm

posila wrote: ↑Wed Jun 03, 2020 11:21 am Hello, can you please also upload your save file that I could use to easily reproduce this?

Sure. Here is a Google Drive folder where you can find the crashdump from my original report, a crashdump from my reproducing it today with that save (in Factorio 0.18.30), and the save file in original zip format. (Save is "2020-05-25 SuperLogistic 033.zip")

I had to do two faction merges to reproduce the crash. First one went OK, which is consistent: it'd sometimes work, but mostly crash. Second time it did. The failure is almost the same, but better symbolized, and I see it is handling path deletion during force => unit group destruction.

Since I found this while fixing a huge UPS drop triggered by an overworked pathfinder, because of infighting among the biter factions, that makes sense.

Also, I didn't change the mod list, but you can probably ignore all of them -- or try first with only "Rampant" -- and it should do the right thing. The key seems to be the biter factions all active and fighting, which happens on load, and nothing but maybe rampant should be needed to get all of them loaded.

Oh, and I can't be certain, but I suspect you could repro this on your own by creating a whole lotta chunks with biters, and either the "biter factions" mod installed, or just assigning them to random forces, so they all fight.

Code: Select all

346.878 Player 0 ran command: game.merge_forces("biter_faction_1", "enemy")
 346.940 Force biter_faction_1 (index 4) deleted.
 354.364 Player 0 ran command: game.merge_forces("biter_faction_5", "enemy")
 354.418 Error CrashHandler.cpp:481: Exception Code: c0000005, Address: 0x00007ff67f561555
ModuleBase: 0x00007ff67f500000, ImageSize: 01b23000, RelativeAddress: 00061555
 354.418 Error CrashHandler.cpp:487: Access Violation: Read at address 0000000000000018
 354.418 Error CrashHandler.cpp:501: Exception Context:
rax=0000000000000000, rbx=000001d0a5222db0, rcx=000001d0a5222db0,
rdx=0000000000000004, rsi=0000000000000000, rdi=0000000000000018,
rip=00007ff67f561555, rsp=00000085abafd860, rbp=00007ff68086df60,
 r8=0000000000000009,  r9=0000000000000009, r10=0000000000000009,
r11=00000085abafd920, r12=000001d0a9b5d810, r13=000001d0c0e65120,
r14=000001d0a8ad99d0, r15=000001d0a9ca5000
 354.418 Crashed in C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\Factorio.exe (0x00007ff67f500000 - 0x00007ff681023000)
Factorio crashed. Generating symbolized stacktrace, please wait ...
c:\cygwin64\tmp\factorio-build-eit15m\libraries\stackwalker\stackwalker.cpp (924): StackWalker::ShowCallstack
c:\cygwin64\tmp\factorio-build-eit15m\src\util\logger.cpp (542): Logger::writeStacktrace
c:\cygwin64\tmp\factorio-build-eit15m\src\util\logger.cpp (549): Logger::logStacktrace
c:\cygwin64\tmp\factorio-build-eit15m\src\util\crashhandler.cpp (185): CrashHandler::writeStackTrace
c:\cygwin64\tmp\factorio-build-eit15m\src\util\crashhandler.cpp (530): CrashHandler::SehHandler
ERROR: SymGetLineFromAddr64, GetLastError: 487 (Address: 00007FFBDB5AFEEA)
00007FFBDB5AFEEA (KERNELBASE): (filename not available): UnhandledExceptionFilter
ERROR: SymGetLineFromAddr64, GetLastError: 487 (Address: 00007FFBDE4C4AB2)
00007FFBDE4C4AB2 (ntdll): (filename not available): memset
ERROR: SymGetLineFromAddr64, GetLastError: 487 (Address: 00007FFBDE4AC656)
00007FFBDE4AC656 (ntdll): (filename not available): _C_specific_handler
ERROR: SymGetLineFromAddr64, GetLastError: 487 (Address: 00007FFBDE4C11CF)
00007FFBDE4C11CF (ntdll): (filename not available): _chkstk
ERROR: SymGetLineFromAddr64, GetLastError: 487 (Address: 00007FFBDE48A209)
00007FFBDE48A209 (ntdll): (filename not available): RtlRaiseException
ERROR: SymGetLineFromAddr64, GetLastError: 487 (Address: 00007FFBDE4BFE3E)
00007FFBDE4BFE3E (ntdll): (filename not available): KiUserExceptionDispatcher
c:\cygwin64\tmp\factorio-build-eit15m\src\ai\pathfinder.cpp (504): PathFinder::releasePath
ERROR: SymGetLineFromAddr64, GetLastError: 487 (Address: 00007FF67F54CE73)
00007FF67F54CE73 (Factorio): (filename not available): GotoBehavior::~GotoBehavior
ERROR: SymGetLineFromAddr64, GetLastError: 487 (Address: 00007FF67F53D275)
00007FF67F53D275 (Factorio): (filename not available): BuildBaseBehavior::`scalar deleting destructor'
c:\cygwin64\tmp\factorio-build-eit15m\src\ai\commandable.cpp (421): Commandable::clear
c:\cygwin64\tmp\factorio-build-eit15m\src\ai\unitgroup.cpp (115): UnitGroup::~UnitGroup
ERROR: SymGetLineFromAddr64, GetLastError: 487 (Address: 00007FF67FE4AB0F)
00007FF67FE4AB0F (Factorio): (filename not available): Commander::`scalar deleting destructor'
c:\cygwin64\tmp\factorio-build-eit15m\src\force\forcemanager.cpp (154): ForceManager::deleteForce
c:\cygwin64\tmp\factorio-build-eit15m\src\force\forcemanager.cpp (366): ForceManager::processForceDeleteRequests
c:\cygwin64\tmp\factorio-build-eit15m\src\map\map.cpp (1819): Map::postUpdate
c:\cygwin64\tmp\factorio-build-eit15m\src\scenario\scenario.cpp (1126): Scenario::postUpdate
c:\cygwin64\tmp\factorio-build-eit15m\src\mainloop.cpp (1174): MainLoop::gameUpdateStep
c:\cygwin64\tmp\factorio-build-eit15m\src\mainloop.cpp (1040): MainLoop::gameUpdateLoop
c:\cygwin64\tmp\factorio-build-eit15m\src\util\workerthread.cpp (49): WorkerThread::loop
c:\program files (x86)\microsoft visual studio\2017\buildtools\vc\tools\msvc\14.15.26726\include\thr\xthread (230): std::_LaunchPad<std::unique_ptr<std::tuple<void (__cdecl*)(ParallelDesyncReportCreator *),ParallelDesyncReportCreator *>,std::default_delete<std::tuple<void (__cdecl*)(ParallelDesyncReportCreator *),ParallelDesyncReportCreator *> > > >::_Go
c:\program files (x86)\microsoft visual studio\2017\buildtools\vc\tools\msvc\14.15.26726\include\thr\xthread (209): std::_Pad::_Call_func
minkernel\crts\ucrt\src\appcrt\startup\thread.cpp (115): thread_start<unsigned int (__cdecl*)(void * __ptr64)>
ERROR: SymGetLineFromAddr64, GetLastError: 487 (Address: 00007FFBDD6D7BD4)
00007FFBDD6D7BD4 (KERNEL32): (filename not available): BaseThreadInitThunk
ERROR: SymGetLineFromAddr64, GetLastError: 487 (Address: 00007FFBDE48CE51)
00007FFBDE48CE51 (ntdll): (filename not available): RtlUserThreadStart
Stack trace logging done
 356.769 Error CrashHandler.cpp:190: Map tick at moment of crash: 10182828
 356.769 Error Util.cpp:97: Unexpected error occurred. If you're running the latest version of the game you can help us solve the problem by posting the contents of the log file on the Factorio forums.
Please also include the save file(s), any mods you may be using, and any steps you know of to reproduce the crash.
 370.907 Uploading log file
 370.921 Error CrashHandler.cpp:259: Heap validation: success.
 370.923 Creating crash dump.
 371.258 CrashDump success

PS: don't tell anyone I retyped those lua commands from memory, and got them wrong.

Post by **posila** » Thu Jun 04, 2020 6:30 am

Thanks for the report and for uploading the save too.
Fixed for 0.18.31

slippycheeze · Post by **slippycheeze** » Thu Jun 04, 2020 9:42 pm

posila wrote: ↑Thu Jun 04, 2020 6:30 am Thanks for the report and for uploading the save too.
Fixed for 0.18.31

No problem. I try and help, even when I break things.

Thanks for fixing it.

Factorio Forums

game.merge_forces null pointer deref

game.merge_forces null pointer deref

Re: game.merge_forces null pointer deref

Re: game.merge_forces null pointer deref

Re: game.merge_forces null pointer deref

Re: game.merge_forces null pointer deref