ID:2348509
 
Resolved
Mutable appearances did not handle certain list read conditions properly, resulting in bad refs.
BYOND Version:512.1411
Operating System:Windows 10 Pro 64-bit
Web Browser:Firefox 58.0
Applies to:Dream Daemon
Status: Resolved (512.1412)

This issue has been resolved.
Descriptive Problem Summary:
All I did was create a new MA based on an object, then try to cut the overlays. DreamSeeker started printing messages about how that list was bad and lots of messages in the linux server:
BUG: Bad ref (f:470251) in DecRefCount(DM nsfw.dm:244)
BUG: Bad ref (f:470251) in DecRefCount(DM nsfw.dm:244)
BUG: Bad ref (f:470260) in IncRefCount(DM nsfw.dm:244)
BUG: Bad ref (f:470260) in IncRefCount(DM nsfw.dm:244)
BUG: Bad ref (f:470260) in DecRefCount(DM nsfw.dm:244)
BUG: Bad ref (f:470260) in DecRefCount(DM nsfw.dm:244)
BUG: Bad ref (f:470269) in IncRefCount(DM nsfw.dm:244)
BUG: Bad ref (f:470269) in IncRefCount(DM nsfw.dm:244)
BUG: Bad ref (f:470269) in DecRefCount(DM nsfw.dm:244)
BUG: Bad ref (f:470269) in DecRefCount(DM nsfw.dm:244)
BUG: Bad ref (f:470278) in IncRefCount(DM nsfw.dm:244)
BUG: Bad ref (f:470278) in IncRefCount(DM nsfw.dm:244)
BUG: Bad ref (f:470278) in DecRefCount(DM nsfw.dm:244)


In Windows, I attached a debugger, and got this:
(53c.33c8): C++ EH exception - code e06d7363 (first/second chance not available)
eax=005fbdd8 ebx=00002d57 ecx=00000003 edx=00000000 esi=597b6570 edi=005fbe9c
eip=752508b2 esp=005fbdd8 ebp=005fbe30 iopl=0         nv up ei pl nz ac pe nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00000216
KERNELBASE!RaiseException+0x62:
752508b2 8b4c2454        mov     ecx,dword ptr [esp+54h] ss:002b:005fbe2c=4cc3bab1
0:000> k
 # ChildEBP RetAddr
00 005fbe30 59ca9339 KERNELBASE!RaiseException+0x62
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for byondcore.dll -
01 005fbe70 595c9ecc msvcr120!_CxxThrowException+0x5b [f:\dd\vctools\crt\crtw32\eh\throw.cpp @ 152]
WARNING: Stack unwind information not available. Following frames may be wrong.
02 005fbedc 595f221c byondcore!ByondLib::operator=+0x3b1c
03 005fbee8 595fe6ea byondcore!LocalDB::HubToJS+0x388c
04 005fbef8 595d1b5c byondcore!LocalDB::HubToJS+0xfd5a
05 005fcb08 595e38eb byondcore!ByondLib::operator=+0xb7ac
06 005fcbe0 595c8dd9 byondcore!ByondLib::operator=+0x1d53b
07 005fcc2c 595c7ff6 byondcore!ByondLib::operator=+0x2a29
08 005fcc70 595d8b7e byondcore!ByondLib::operator=+0x1c46
09 005fd870 595e38eb byondcore!ByondLib::operator=+0x127ce
0a 005fd948 595c8dd9 byondcore!ByondLib::operator=+0x1d53b
0b 005fd994 595f1264 byondcore!ByondLib::operator=+0x2a29
0c 005fd9f0 595dbd5f byondcore!LocalDB::HubToJS+0x28d4
0d 005fe600 595f37d9 byondcore!ByondLib::operator=+0x159af
0e 005fe64c 596c8c80 byondcore!LocalDB::HubToJS+0x4e49
0f 005fe680 74dd8849 byondcore!TimeLib::SetSystemAlarm+0x190
10 005fe6a4 74ddaed1 user32!InternalCallWinProc+0x20
11 005fe76c 74dc8e1c user32!UserCallWinProc+0x1ad
12 005fe7d0 74dc38c0 user32!DispatchMessageWorker+0x1ec
13 005fe7d8 592e2d8c user32!DispatchMessageA+0x10
14 005fe7e8 592f7f80 mfc120!AfxInternalPumpMessage+0x3e [f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\thrdcore.cpp @ 183]
15 005fe80c 5929a745 mfc120!CWnd::RunModalLoop+0xc6 [f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\wincore.cpp @ 4644]
16 005fe824 5929a9c8 mfc120!CWnd::CreateRunDlgIndirect+0x3e [f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\dlgcore.cpp @ 474]
*** ERROR: Module load completed but symbols could not be loaded for dreamdaemon.exe
17 005fe878 00e83232 mfc120!CDialog::DoModal+0x109 [f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\dlgcore.cpp @ 633]
18 005ffe98 59306300 dreamdaemon+0x13232
19 005ffeac 00e89b8e mfc120!AfxWinMain+0x47 [f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winmain.cpp @ 37]
1a 005ffef8 76c98654 dreamdaemon+0x19b8e
1b 005fff0c 77b24a77 kernel32!BaseThreadInitThunk+0x24
1c 005fff54 77b24a47 ntdll!__RtlUserThreadStart+0x2f
1d 005fff64 00000000 ntdll!_RtlUserThreadStart+0x1b


I have the dump the above is from, if you would like to look up some of those offsets.

Numbered Steps to Reproduce Problem:
Start a server, try to cut overlays.

Code Snippet (if applicable) to Reproduce Problem:
I'm sure it's related to something else, but that line is just:
ma.overlays.Cut()


Expected Results:
Not unhandled exceptions and continued odd behavior for the rest of the time the server is up.

Actual Results:
The inverse of expected.

Does the problem occur:
Every time? Or how often? About 80% of the time.
In other games? Unsure.
In other user accounts? Yes, definitely.
On other computers? Any I test.

When does the problem NOT occur?
About 20% of the time. Don't know why.

Did the problem NOT occur in any earlier versions? If so, what was the last version that worked? Didn't occur in 1403, but 1403 had other crash issues that made me upgrade to 1411 in the hopes that image crashing was fixed, but... see my other client bug report.

Workarounds:
None that I'm aware of.
If there's a way you can generate a test project for this, it would help a lot. I really need to find out where it's going wrong before it reaches the point of producing those errors.
I can't generate a super-light test project for it, but I can provide you our normal code that, when compiled, will throw this immediately on starting DreamDaemon. It'd take a few minutes to compile, but you'd only need to do it once. Starting/stopping DD to reproduce it (with a very small map, which it still occurs on) should be fast.

Do you want a dropbox'd .zip file, or?
A zip from Dropbox should be just fine.
https://www.dropbox.com/s/0t61ck2wz0suv0z/ byond-2348506-test-case.zip?dl=0

I included the .dmb as well. It was compiled with 512.1411. Click go, wait 5 seconds, read 'bad list' complaints about cutting overlays (you may have to scroll up in the world.log output).

FYI, nsfw.dm is not actually 'nsfw' it's an acronym for a gun because I was feeling silly, so don't worry about that if that was a thing you were worried about.

EDIT: Only the linux client seems to output the RefCount errors. The Windows one does produce errors and an exception that it appears to catch itself. Both appear to have 'weird behavior' afterwards.
Lummox JR resolved issue with message:
Mutable appearances did not handle certain list read conditions properly, resulting in bad refs.