Lady Bug and Sinthea crash game on race start

[rafalp]

Repro:

1. download Carmageddon files from GoG.com
2. run 0.4 release with splat pack files
3. start new game
4. if one of racers will be Lady Bug, game will crash on start

Note that this behavior was also crashing the original game. So either car needs fixing/workaround for it needs to be implemented or it needs to be prevented from running in races.

https://user-images.githubusercontent.com/750553/192165524-51b1d533-6982-4b79-a063-0018afe73246.mp4

[madebr]

I cannot reproduce this on Linux, neither with the released binary neither with current master. @dethrace-labs Can you reproduce?

[rafalp]

I'll try compiling the game locally to get proper backtrace in dev build, but I don't know when I'll have time for that.

[madebr]

We build dethrace on ci with debug symbols. https://github.com/dethrace-labs/dethrace/blob/b5ccfe7dd2f7b2ccb440c2899250d511b281f1f4/.github/scripts/build-macos.sh#L8 So you should be able to get a backtrace without needing to build dethrace yourself using gdb/lldb (I verified on Linux).

On my Linux machine, you can run an executable under gdb using

DETHRACE_ROOT_DIR=/path/to/my/carmageddon/data gdb ./dethrace -ex run

When a segmentation fault happens, you can then print a full backtrace using:

set pagination off
bt full

Looking at the macos build script, it can be used without change on any Macos machine.

[rafalp]

Okay, I'll try with lldb and come back to you.

[rafalp]

Output from lldb:

* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x0)
    frame #0: 0x00000001000e3aba dethrace`ControlBoundFunkGroovePlus + 122
dethrace`ControlBoundFunkGroovePlus:
->  0x1000e3aba <+122>: addss  (%rbx), %xmm0
    0x1000e3abe <+126>: movss  0xef3fa(%rip), %xmm1      ; xmm1 = mem[0],zero,zero,zero
    0x1000e3ac6 <+134>: callq  0x1001a4216               ; symbol stub for: fmodf
    0x1000e3acb <+139>: movss  %xmm0, (%rbx)

* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x0)
  * frame #0: 0x00000001000e3aba dethrace`ControlBoundFunkGroovePlus + 122
    frame #1: 0x000000010004795b dethrace`MungeCarGraphics + 2603
    frame #2: 0x000000010008dcca dethrace`MainGameLoop + 1066
    frame #3: 0x00000001000daea6 dethrace`DoGame + 838
    frame #4: 0x00000001000db11c dethrace`DoProgram + 172
    frame #5: 0x000000010008c38d dethrace`GameMain + 189
    frame #6: 0x00000001000f44ce dethrace`original_main + 558
    frame #7: 0x0000000100003c70 dethrace`main + 32
    frame #8: 0x000000010039152e dyld`start + 462

[rafalp]

Exactly same thing happens when Sinthea starts in race.

[dethrace-labs]

I wonder why we cannot display a correct backtrace in the release build?

I also cannot repro on my mac :(

I'm using splatpack data from the GOG release, how about you @rafalp ?

[madebr]

@dethrace-labs https://github.com/dethrace-labs/dethrace/pull/177 explains why the release doesn't display correct backtraces and provides a solution.

[madebr]

@dethrace-labs Thinking about it, #177 will only fix Linux. Macos needs something similar. See this Stack Overflow question.

I'm going to create an issue to track this. See https://github.com/dethrace-labs/dethrace/issues/197

[madebr]

I can reproduce OP's problem 100% of the times with the splatpack x-mas demo game data.

Sinthea (SLED.TXT) is causing issues.

[madebr]

SLED.TXT from the xmas demo references groove/funk binding indices 1-11. But the groove section only creates bindings for indices 1 up to 10. It creates no 11.

Comparing SLED.TXT with the one from the full splat game, this is the only difference. In there, the index is -1 (=> disabled) instead of 11.

I"m wondering:

• how the xmas demo handles this
• whether the windows executable can handle SLED.TXT from the xmas demo